[Bug c++/124347] __builtin_object_size/__builtin_dynamic_object_size doesn't work in constexpr contexts

Thu, 07 May 2026 06:51:24 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124347

--- Comment #4 from GCC Commits <cvs-commit at gcc dot gnu.org> ---
The master branch has been updated by Jakub Jelinek <[email protected]>:

https://gcc.gnu.org/g:ce93e13e31a4886ce6f16a6b0963838885c0297d

commit r17-379-gce93e13e31a4886ce6f16a6b0963838885c0297d
Author: Jakub Jelinek <[email protected]>
Date:   Thu May 7 15:50:14 2026 +0200

    c++: Constant evaluation of __builtin_{,dynamic_}object_size [PR124347]

    The following patch tries to support constexpr folding of
    __builtin_object_size and __builtin_dynamic_object_size.
    There is already folding of this builtin in builtins.cc, but it doesn't
look
    through pointer conversions in the argument, only handles the case where
    the argument is ADDR_EXPR (plus of course when inside of the objsz passes
it
    handles more through SSA_NAME tracking).

    I've tried to handle this in builtins.cc first, see
    https://gcc.gnu.org/bugzilla/show_bug.cgi?id=124347#c1 but unfortunately
    that resulted in some serious security regressions where some of __bos
    or __bdos builtins were folded prematurely, in particular e.g. for cases
    where we have __builtin_object_size (something, 1) and the whole object
    size is unknown but object size of the element is known.  With the patch
    it would just return the remaining subobject size, when it actually should
    return MIN_EXPR <object_size, remaining subobject size>.  For mode 1
    it is conservatively correct, but larger than necessary with security
    implications of not caching out of bounds accesses.

    So, this patch instead handles this in the FE, only for manifestly constant
    evaluation, by stripping the pointer casts on the first argument in that
    case.

    2026-05-07  Jakub Jelinek  <[email protected]>

            PR c++/124347
            * constexpr.cc (cxx_eval_builtin_function_call): For
            mce_true strip nops in first argument of BUILT_IN*_OBJECT_SIZE
            if the inner expression is ADDR_EXPR.

            * g++.dg/ext/builtin-object-size4.C: New test.
            * g++.dg/ext/builtin-object-size5.C: New test.
            * g++.dg/ext/builtin-object-size6.C: New test.

    Reviewed-by: Jason Merrill <[email protected]>

Reply via email to