Full name of submitter (unless configured in github; will be published with the issue): Tomasz Kamiński

Reference (section label): expr.ref

Link to reflector thread (if any):

Issue description:
Given the following definitions:

struct C { static int foo; };
C* c = nullptr;

The behavior of the (*c).foo is clearly undefined, as per [expr.ref] p1:

The postfix expression before the dot or arrow is evaluated.

So we evaluate *c which leads to dereference on the invalid pointer. However in case of the c->foo, the same wording indicates that we always evaluted c (expression before allow), which is well-formed. Later per [expr.ref] p2, this get transformed:

The expression E1->E2 is converted to the equivalent form (*(E1)).E2; the remainder of [expr.ref] will address only the first option (dot).

As this rewrite applies to the reminder of the section, we never indicate that we would evaluate *E1 in case of the rewrite. So the behvior of accessing static member (data or function) via invalid or null pointer.

Suggested resolution:

Move the sentence:

The postfix expression before the dot or arrow is evaluated the result of that evaluation, together with the [id-expression], determines the result of the entire postfix expression.

From the end of the p1 to p3 (after p2), so we cleary state that *E1 is evaluated for the form E1->E2 rewrite. We can also remove or arrow part.