Hi!
In GCC15, cp_fold -ffold-simple-inlines code contained
if (INDIRECT_TYPE_P (TREE_TYPE (x))
&& INDIRECT_TYPE_P (TREE_TYPE (r)))
check around the optimization, but as std::to_underlying has been
added to the set, it got removed.
Now, the check isn't needed when using correct libstdc++-v3 headers,
because the function template types ensure the converted types are sane
(so for most of them both are some kind of REFERENCE_TYPEs, for addressof
one REFERENCE_TYPE and one POINTER_TYPE, for to_underlying one ENUMERAL_TYPE
and one INTEGRAL_TYPE_P).
But when some fuzzer or user attempts to implement one or more of those
std:: functions and does it wrong (sure, such code is invalid), we can ICE
because build_nop certainly doesn't handle all possible type conversions.
So, the following patch readds the INDIRECT_REF_P && INDIRECT_REF_P check
for everything but to_underlying, for which it checks ENUMERAL_TYPE to
INTEGRAL_TYPE_P. That way we don't ICE on bogus code.
Though, I wonder about 2 things, whether the CALL_EXPR_ARG in there
shouldn't be also guarded just in case somebody tries to compile
namespace std { int to_underlying (); }; int a = std::to_underlying ();
and also whether this to_underlying folding doesn't behave differently
from the libstdc++-v3 implementation if the enum is
enum A : bool { B, C };
I think -fno-fold-simple-inlines will compile it as != 0, while
the -ffold-simple-inlines code just as a cast. Sure, enum with underlying
bool can't contain enumerators with values other than 0 and 1, but it is
still 8-bit at least and so what happens with other values?
Bootstrapped/regtested on x86_64-linux and i686-linux, ok for trunk?
2025-11-22 Jakub Jelinek <[email protected]>
PR c++/122185
* cp-gimplify.cc (cp_fold) <case CALL_EXPR>: For -ffold-simple-inlines
restore check that both types are INDIRECT_TYPE_P, except for
"to_underlying" check that r has ENUMERAL_TYPE and x has
INTEGRAL_TYPE_P.
* g++.dg/cpp1z/pr122185.C: New test.
--- gcc/cp/cp-gimplify.cc.jj 2025-11-14 11:00:14.358583917 +0100
+++ gcc/cp/cp-gimplify.cc 2025-11-21 11:07:44.361007681 +0100
@@ -3447,8 +3447,18 @@ cp_fold (tree x, fold_flags_t flags)
|| id_equal (DECL_NAME (callee), "as_const")))
{
r = CALL_EXPR_ARG (x, 0);
- r = build_nop (TREE_TYPE (x), r);
- x = cp_fold (r, flags);
+ /* These type-checks must be performed here, because invalid
+ definitions of these functions could fail to ensure those and
+ build_nop could misbehave. See PR122185. */
+ if (id_equal (DECL_NAME (callee), "to_underlying")
+ ? TREE_CODE (TREE_TYPE (r)) == ENUMERAL_TYPE
+ && INTEGRAL_TYPE_P (TREE_TYPE (x))
+ : INDIRECT_TYPE_P (TREE_TYPE (x))
+ && INDIRECT_TYPE_P (TREE_TYPE (r)))
+ {
+ r = build_nop (TREE_TYPE (x), r);
+ x = cp_fold (r, flags);
+ }
break;
}
--- gcc/testsuite/g++.dg/cpp1z/pr122185.C.jj 2025-11-21 11:10:19.356828621
+0100
+++ gcc/testsuite/g++.dg/cpp1z/pr122185.C 2025-11-21 11:09:40.574373930
+0100
@@ -0,0 +1,49 @@
+// PR c++/122185
+// { dg-do compile { target c++17 } }
+// { dg-options "-w -O2" }
+
+namespace std {
+template <typename _Tp> struct remove_reference {
+ using type = __remove_reference(_Tp);
+};
+template <typename _Tp> _Tp forward(typename remove_reference<_Tp>::type);
+}
+template <typename T> struct static_const {
+ static constexpr T value{};
+};
+template <typename, typename> struct adl_serializer;
+template <template <typename, typename> class = adl_serializer>
+class basic_json;
+struct from_json_fn {
+ template <typename BasicJsonType, typename T>
+ void operator()(BasicJsonType, T) const;
+};
+template <typename, typename> struct adl_serializer {
+ template <typename BasicJsonType, typename TargetType>
+ static void from_json(BasicJsonType &&j, TargetType val) {
+ static_const<from_json_fn>::value(std::forward<BasicJsonType>(j), val);
+ }
+};
+struct iter_impl {
+ basic_json<> operator*();
+ void operator++();
+ bool operator!=(iter_impl);
+};
+template <template <typename, typename = void> class JSONSerializer>
+struct basic_json {
+ template <typename> using iter_impl = iter_impl;
+ using iterator = iter_impl<basic_json>;
+ template <typename> void get_impl(int) {
+ auto ret = int();
+ JSONSerializer<int>::from_json(*this, ret);
+ }
+ template <typename> void get() { get_impl<int>({}); }
+ iterator begin();
+ iterator end();
+ char type_name;
+};
+void _ValidateSignatureFile() {
+ basic_json signatures;
+ for (auto signature : signatures)
+ signature.get<int>();
+}
Jakub
