search

llvm / llvm-project

The LLVM Project is a collection of modular and reusable compiler and toolchain technologies.
http://llvm.org
Other
28.25k stars 11.66k forks source link

Miscompile assigning to result of comma operator? #110617

Open efriedma-quic opened 3 hours ago

efriedma-quic commented 3 hours ago

Consider the following in C:

struct S;
struct C {
  int i;
  struct S *tab[1];
};
struct S { struct C c; };
void f(struct S *x) {
  ((void)1, x->c).tab[0] = 0;
}

Normally, the result of a comma operator isn't assignable, because it's an rvalue... but with array-to-pointer decay, you can assign to it. So the question is, does the assignment affect "x"? Or are we supposed to construct a temporary? Or is this just undefined behavior?

It looks like for the equivalent with an assignment operator, we do construct a temporary. Not sure if there's any other way to get a struct rvalue in C.

Ran into this trying to figure out why we allow EmitLValue on a CK_LValueToRValue in CodeGen.

llvmbot commented 3 hours ago

@llvm/issue-subscribers-clang-codegen

Author: Eli Friedman (efriedma-quic)

Consider the following in C: ``` struct S; struct C { int i; struct S *tab[1]; }; struct S { struct C c; }; void f(struct S *x) { ((void)1, x->c).tab[0] = 0; } ``` Normally, the result of a comma operator isn't assignable, because it's an rvalue... but with array-to-pointer decay, you can assign to it. So the question is, does the assignment affect "x"? Or are we supposed to construct a temporary? Or is this just undefined behavior? It looks like for the equivalent with an assignment operator, we do construct a temporary. Not sure if there's any other way to get a struct rvalue in C. Ran into this trying to figure out why we allow EmitLValue on a CK_LValueToRValue in CodeGen.