[v2] c++: ICE with template code in constexpr [PR104284]

Message ID	YjT/2vcFRIYNVWgD@redhat.com
State	New
Headers	show Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org> DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 33C0B3888C47 Date: Fri, 18 Mar 2022 17:55:38 -0400 To: Jason Merrill <jason@redhat.com> Subject: [PATCH v2] c++: ICE with template code in constexpr [PR104284] Message-ID: <YjT/2vcFRIYNVWgD@redhat.com> References: <20220310220459.91301-1-polacek@redhat.com> <edcd7956-daaa-17dc-7f82-06dfbc23e22c@redhat.com> MIME-Version: 1.0 In-Reply-To: <edcd7956-daaa-17dc-7f82-06dfbc23e22c@redhat.com> User-Agent: Mutt/2.1.5 (2021-12-30) Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: list From: Marek Polacek via Gcc-patches <gcc-patches@gcc.gnu.org> Reply-To: Marek Polacek <polacek@redhat.com> Cc: GCC Patches <gcc-patches@gcc.gnu.org> Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
Series	[v2] c++: ICE with template code in constexpr [PR104284] \| expand [v2] c++: ICE with template code in constexpr [PR104284]

Message ID

YjT/2vcFRIYNVWgD@redhat.com

State

New

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 33C0B3888C47
Date: Fri, 18 Mar 2022 17:55:38 -0400
To: Jason Merrill <jason@redhat.com>
Subject: [PATCH v2] c++: ICE with template code in constexpr [PR104284]
Message-ID: <YjT/2vcFRIYNVWgD@redhat.com>
References: <20220310220459.91301-1-polacek@redhat.com>
 <edcd7956-daaa-17dc-7f82-06dfbc23e22c@redhat.com>
MIME-Version: 1.0
In-Reply-To: <edcd7956-daaa-17dc-7f82-06dfbc23e22c@redhat.com>
User-Agent: Mutt/2.1.5 (2021-12-30)
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Precedence: list
From: Marek Polacek via Gcc-patches <gcc-patches@gcc.gnu.org>
Reply-To: Marek Polacek <polacek@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

Series

[v2] c++: ICE with template code in constexpr [PR104284] | expand

Commit Message

Marek Polacek March 18, 2022, 9:55 p.m. UTC

On Fri, Mar 11, 2022 at 06:46:42PM -0500, Jason Merrill wrote:
> On 3/10/22 18:04, Marek Polacek wrote:
> > Since r9-6073 cxx_eval_store_expression preevaluates the value to
> > be stored, and that revealed a crash where a template code (here,
> > code=IMPLICIT_CONV_EXPR) leaks into cxx_eval*.
> > 
> > It happens because we're performing build_vec_init while processing
> > a template
> 
> Hmm, that seems like the bug.  Where's that call coming from?

From build_aggr_init.  So we're handling e.g.

  template<class>
  constexpr void g () {
    constexpr S s2[]{{'a'}};
  }

cp_finish_decl (decl=s2, init={{'a'}}) sees we're in processing_template_decl,
but also that we have a constexpr var which is not dependent, nor is its
initializer:

      else if (init
               && (init_const_expr_p || DECL_DECLARED_CONSTEXPR_P (decl))
               && !TYPE_REF_P (type)
               && decl_maybe_constant_var_p (decl)
               && !(dep_init = value_dependent_init_p (init)))
        {
          /* This variable seems to be a non-dependent constant, so process
             its initializer.  If check_initializer returns non-null the
             initialization wasn't constant after all.  */
          tree init_code;
          cleanups = make_tree_vector ();
          init_code = check_initializer (decl, init, flags, &cleanups);

so we call check_initializer, where we go down this path:

  init_code = build_aggr_init_full_exprs (decl, init, flags);

build_aggr_init sees that the type of 's2' is ARRAY_TYPE, so it calls
build_vec_init.

I now recall that we've discussed build_vec_init in a template in the
past, for example in the context of c++/93676.  So I agree we ought to
make an effort to avoid calling build_vec_init in a template.  Perhaps
like this: use an INIT_EXPR.  With that, we should call build_vec_init
if needed while instantiating.  Does that make any sense?

Bootstrapped/regtested on x86_64-pc-linux-gnu, ok for trunk?

-- >8 --
Since r9-6073 cxx_eval_store_expression preevaluates the value to
be stored, and that revealed a crash where a template code (here,
code=IMPLICIT_CONV_EXPR) leaks into cxx_eval*.

It happens because we're performing build_vec_init while processing
a template, which calls get_temp_regvar which creates an INIT_EXPR.
This INIT_EXPR's RHS contains an rvalue conversion so we create an
IMPLICIT_CONV_EXPR.  Its operand is not type-dependent and the whole
INIT_EXPR is not type-dependent.  So we call build_non_dependent_expr
which, with -fchecking=2, calls fold_non_dependent_expr.  At this
point the expression still has an IMPLICIT_CONV_EXPR, which ought to
be handled in instantiate_non_dependent_expr_internal.  However,
tsubst_copy_and_build doesn't handle INIT_EXPR; it will just call
tsubst_copy which does nothing when args is null.  So we fail to
replace the IMPLICIT_CONV_EXPR and ICE.

The problem is that we call build_vec_init in a template in the
first place.  It should work to create an INIT_EXPR in a template
and only perform build_vec_init when instantiating.

	PR c++/104284

gcc/cp/ChangeLog:

	* init.cc (build_aggr_init): Don't call build_vec_init in
	a template, create an INIT_EXPR instead.

gcc/testsuite/ChangeLog:

	* g++.dg/cpp1y/constexpr-104284-1.C: New test.
	* g++.dg/cpp1y/constexpr-104284-2.C: New test.
	* g++.dg/cpp1y/constexpr-104284-3.C: New test.
	* g++.dg/cpp1y/constexpr-104284-4.C: New test.
---
 gcc/cp/init.cc                                | 11 +++---
 .../g++.dg/cpp1y/constexpr-104284-1.C         | 34 ++++++++++++++++++
 .../g++.dg/cpp1y/constexpr-104284-2.C         | 33 +++++++++++++++++
 .../g++.dg/cpp1y/constexpr-104284-3.C         | 33 +++++++++++++++++
 .../g++.dg/cpp1y/constexpr-104284-4.C         | 35 +++++++++++++++++++
 5 files changed, 142 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/g++.dg/cpp1y/constexpr-104284-1.C
 create mode 100644 gcc/testsuite/g++.dg/cpp1y/constexpr-104284-2.C
 create mode 100644 gcc/testsuite/g++.dg/cpp1y/constexpr-104284-3.C
 create mode 100644 gcc/testsuite/g++.dg/cpp1y/constexpr-104284-4.C

base-commit: 0c016888ffd569c4b70722cf7df2efcc003f397b

Comments

Jason Merrill March 24, 2022, 3:40 p.m. UTC | #1

On 3/18/22 17:55, Marek Polacek wrote:
> On Fri, Mar 11, 2022 at 06:46:42PM -0500, Jason Merrill wrote:
>> On 3/10/22 18:04, Marek Polacek wrote:
>>> Since r9-6073 cxx_eval_store_expression preevaluates the value to
>>> be stored, and that revealed a crash where a template code (here,
>>> code=IMPLICIT_CONV_EXPR) leaks into cxx_eval*.
>>>
>>> It happens because we're performing build_vec_init while processing
>>> a template
>>
>> Hmm, that seems like the bug.  Where's that call coming from?
> 
>  From build_aggr_init.  So we're handling e.g.
> 
>    template<class>
>    constexpr void g () {
>      constexpr S s2[]{{'a'}};
>    }
> 
> cp_finish_decl (decl=s2, init={{'a'}}) sees we're in processing_template_decl,
> but also that we have a constexpr var which is not dependent, nor is its
> initializer:
> 
>        else if (init
>                 && (init_const_expr_p || DECL_DECLARED_CONSTEXPR_P (decl))
>                 && !TYPE_REF_P (type)
>                 && decl_maybe_constant_var_p (decl)
>                 && !(dep_init = value_dependent_init_p (init)))
>          {
>            /* This variable seems to be a non-dependent constant, so process
>               its initializer.  If check_initializer returns non-null the
>               initialization wasn't constant after all.  */
>            tree init_code;
>            cleanups = make_tree_vector ();
>            init_code = check_initializer (decl, init, flags, &cleanups);
> 
> so we call check_initializer, where we go down this path:
> 
>    init_code = build_aggr_init_full_exprs (decl, init, flags);
> 
> build_aggr_init sees that the type of 's2' is ARRAY_TYPE, so it calls
> build_vec_init.
> 
> I now recall that we've discussed build_vec_init in a template in the
> past, for example in the context of c++/93676.  So I agree we ought to
> make an effort to avoid calling build_vec_init in a template.  Perhaps
> like this: use an INIT_EXPR.  With that, we should call build_vec_init
> if needed while instantiating.  Does that make any sense?

Hmm.  If we do that, then we get back to

>           if (TREE_CODE (init_code) == INIT_EXPR)

in check_initializer, and pull out the same init again, and set 
LOOKUP_ALREADY_DIGESTED.  But I think that's wrong, we haven't digested 
it yet.

Maybe we could avoid entering the below block of check_initializer at 
all in this situation?

>       if (((type_build_ctor_call (type) || CLASS_TYPE_P (type))
>            && !(flags & LOOKUP_ALREADY_DIGESTED)
>            && !(init && BRACE_ENCLOSED_INITIALIZER_P (init)
>                 && CP_AGGREGATE_TYPE_P (type)
>                 && (CLASS_TYPE_P (type)

Maybe by adding || processing_template_decl here?

>                     || !TYPE_NEEDS_CONSTRUCTING (type)
>                     || type_has_extended_temps (type))))
>           || (DECL_DECOMPOSITION_P (decl) && TREE_CODE (type) == ARRAY_TYPE))

Jason

diff --git a/gcc/cp/init.cc b/gcc/cp/init.cc
index 7575597c8fd..58e66adbfe1 100644
--- a/gcc/cp/init.cc
+++ b/gcc/cp/init.cc
@@ -2006,10 +2006,13 @@  build_aggr_init (tree exp, tree init, int flags, tsubst_flags_t complain)
 	    }
 	}
 
-      stmt_expr = build_vec_init (exp, NULL_TREE, init,
-				  /*explicit_value_init_p=*/false,
-				  from_array,
-                                  complain);
+      /* build_vec_init is not meant to be used in templates.  */
+      if (processing_template_decl)
+	stmt_expr = build2 (INIT_EXPR, itype, exp, init);
+      else
+	stmt_expr = build_vec_init (exp, NULL_TREE, init,
+				    /*explicit_value_init_p=*/false,
+				    from_array, complain);
       TREE_READONLY (exp) = was_const;
       TREE_THIS_VOLATILE (exp) = was_volatile;
       TREE_TYPE (exp) = type;
diff --git a/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-1.C b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-1.C
new file mode 100644
index 00000000000..809c26a6161
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-1.C
@@ -0,0 +1,34 @@ 
+// PR c++/104284
+// { dg-do compile { target c++14 } }
+// { dg-additional-options "-fchecking=2" }
+
+struct S {
+  char c{};
+};
+
+auto x1 = [](auto) { constexpr S s[]{{}}; };
+auto x2 = [](auto) { constexpr S s[]{{'a'}}; };
+#if __cpp_designated_initializers >= 201707L
+auto x3 = [](auto) { constexpr S s[]{{.c = 'a'}}; };
+#endif
+auto x4 = [](auto) { constexpr S s[]{'a'}; };
+auto x5 = [](auto) { constexpr S s[]{{{}}}; };
+
+template<class>
+constexpr void g ()
+{
+  constexpr S s1[]{{}};
+  static_assert(s1[0].c == '\0', "");
+  constexpr S s2[]{{'a'}};
+  static_assert(s2[0].c == 'a', "");
+#if __cpp_designated_initializers >= 201707L
+  constexpr S s3[]{{.c = 'a'}};
+  static_assert(s3[0].c == 'a', "");
+#endif
+  constexpr S s4[]{'a'};
+  static_assert(s4[0].c == 'a', "");
+  constexpr S s5[]{{{}}};
+  static_assert(s5[0].c == '\0', "");
+}
+
+static_assert ((g<int>(), true), "");
diff --git a/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-2.C b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-2.C
new file mode 100644
index 00000000000..704d37de129
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-2.C
@@ -0,0 +1,33 @@ 
+// PR c++/104284
+// { dg-do compile { target c++14 } }
+// { dg-additional-options "-fchecking=2" }
+
+struct S {
+  char a;
+  constexpr S() : a{'a'} { }
+  constexpr S(char a_) : a{a_} { }
+};
+
+auto x1 = [](auto) { constexpr S s[]{{}}; };
+auto x2 = [](auto) { constexpr S s[]{{'a'}}; };
+auto x3 = [](auto) { constexpr S s[]{'a'}; };
+auto x4 = [](auto) { constexpr S s[]{{{}}}; };
+
+template<typename>
+constexpr void g()
+{
+  constexpr S s1[]{{}};
+  static_assert(s1[0].a == 'a', "");
+  constexpr S s2[]{{'a'}};
+  static_assert(s2[0].a == 'a', "");
+  constexpr S s3[]{'a'};
+  static_assert(s3[0].a == 'a', "");
+  constexpr S s4[]{{{}}};
+  static_assert(s4[0].a == '\0', "");
+}
+
+void
+f ()
+{
+  g<int>();
+}
diff --git a/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-3.C b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-3.C
new file mode 100644
index 00000000000..6f23b255f9c
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-3.C
@@ -0,0 +1,33 @@ 
+// PR c++/104284
+// { dg-do compile { target c++14 } }
+// { dg-additional-options "-fchecking=2" }
+// Like constexpr-104284.C, but the function template is not
+// constexpr.  In that case, we were still calling build_vec_init
+// in a template, just not crashing.
+
+struct S {
+  char c{};
+};
+
+template<class>
+void g ()
+{
+  constexpr S s1[]{{}};
+  static_assert(s1[0].c == '\0', "");
+  constexpr S s2[]{{'a'}};
+  static_assert(s2[0].c == 'a', "");
+#if __cpp_designated_initializers >= 201707L
+  constexpr S s3[]{{.c = 'a'}};
+  static_assert(s3[0].c == 'a', "");
+#endif
+  constexpr S s4[]{'a'};
+  static_assert(s4[0].c == 'a', "");
+  constexpr S s5[]{{{}}};
+  static_assert(s5[0].c == '\0', "");
+}
+
+void
+f ()
+{
+  g<int>();
+}
diff --git a/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-4.C b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-4.C
new file mode 100644
index 00000000000..a99d3255a47
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp1y/constexpr-104284-4.C
@@ -0,0 +1,35 @@ 
+// PR c++/104284
+// { dg-do run { target c++14 } }
+// { dg-additional-options "-fchecking=2" }
+
+struct S {
+  char c{};
+};
+
+template<class>
+constexpr void g ()
+{
+  S s1[]{{}};
+  if (s1[0].c != '\0')
+    __builtin_abort ();
+  S s2[]{{'a'}};
+  if (s2[0].c != 'a')
+    __builtin_abort ();
+#if __cpp_designated_initializers >= 201707L
+  S s3[]{{.c = 'a'}};
+  if (s3[0].c != 'a')
+    __builtin_abort ();
+#endif
+  S s4[]{'a'};
+  if (s4[0].c != 'a')
+    __builtin_abort ();
+  S s5[]{{{}}};
+  if (s5[0].c != '\0')
+    __builtin_abort ();
+}
+
+int
+main ()
+{
+  g<int>();
+}