This is an unofficial snapshot of the ISO/IEC JTC1 SC22 WG21 Core Issues List revision 116a. See http://www.open-std.org/jtc1/sc22/wg21/ for the official list.

2024-12-19


2748. Accessing static data members via null pointer

Section: 7.6.1.5  [expr.ref]     Status: DRWP     Submitter: Tomasz Kamiński     Date: 2023-06-13

[Accepted as a DR at the March, 2024 meeting.]

Consider:

  struct C { static int foo; };
  C* c = nullptr;

The behavior of (*c).foo is clearly undefined per 7.6.1.5 [expr.ref] paragraph 1:

The postfix expression before the dot or arrow is evaluated ...

However, the treatment of c->foo is less clear, because the transformation to the form (*(E1)).E2 occurs later.

Proposed resolution (approved by CWG 2023-12-15):

Move a part of 7.6.1.5 [expr.ref] paragraph 1 to before paragraph 3 and edit as follows:

A postfix expression followed by a dot . or an arrow ->, optionally followed by the keyword template, and then followed by an id-expression, is a postfix expression. The postfix expression before the dot or arrow is evaluated; [ Footnote: ... ] the result of that evaluation, together with the id-expression, determines the result of the entire postfix expression. [Note 1: If the keyword template is used, the following unqualified name is considered to refer to a template (13.3 [temp.names]). If a simple-template-id results and is followed by a ::, the id-expression is a qualified-id. —end note]

For the first option (dot) the first expression shall be a glvalue. For the second option (arrow) the first expression shall be a prvalue having pointer type. The expression E1->E2 is converted to the equivalent form (*(E1)).E2; the remainder of 7.6.1.5 [expr.ref] will address only the first option (dot). [ Footnote: ... ]

The postfix expression before the dot is evaluated; [ Footnote: ... ] the result of that evaluation, together with the id-expression, determines the result of the entire postfix expression.