https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111351
Bug ID: 111351 Summary: constexpr std::string objects permitted to escape constant evaluation when SSO Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: foom at fuhm dot net Target Milestone: --- In C++20, libstdc++ currently allows an std::string instance to escape from constant evaluation to runtime, as long as the string fit within the SSO length. E.g., as a global variable, compiled with -std=c++20: constexpr std::string s1; // OK constexpr std::string s1 = ""; // OK constexpr std::string s1 = "0123456789abcde"; // OK constexpr std::string s2 = "0123456789abcdef"; // FAIL I believe all of the above ought to fail to compile. This will result in user code which can be built or not based on whether their string happens to fit within the SSO string length. I find that quite unfortunate, since it is supposed to be an internal implementation detail/optimization, and this makes it effectively part of the API that code will grow to depend on. As comparison, libc++ rejects all the above examples, by forcing the SSO-size to zero in constant evaluation context, so that a pointer to an external allocation is always used. This was brought to my attention from https://quuxplusone.github.io/blog/2023/09/08/constexpr-string-firewall/