Description
Full name of submitter (unless configured in github; will be published with the issue): Tomasz Kamiński
Reference (section label): expr.ref
Link to reflector thread (if any):
Issue description:
Given the following definitions:
struct C { static int foo; };
C* c = nullptr;
The behavior of the (*c).foo
is clearly undefined, as per [expr.ref] p1:
The postfix expression before the dot or arrow is evaluated.
So we evaluate *c
which leads to dereference on the invalid pointer. However in case of the c->foo
, the same wording indicates that we always evaluted c
(expression before allow), which is well-formed. Later per [expr.ref] p2, this get transformed:
The expression E1->E2 is converted to the equivalent form (*(E1)).E2; the remainder of [expr.ref] will address only the first option (dot).
As this rewrite applies to the reminder of the section, we never indicate that we would evaluate *E1
in case of the rewrite. So the behvior of accessing static member (data or function) via invalid or null pointer.
Suggested resolution:
Move the sentence:
The postfix expression before the dot or arrow is evaluated the result of that evaluation, together with the [id-expression], determines the result of the entire postfix expression.
From the end of the p1 to p3 (after p2), so we cleary state that *E1
is evaluated for the form E1->E2
rewrite. We can also remove or arrow
part.