Miscompile assigning to result of comma operator?

[efriedma-quic]

Consider the following in C:

struct S;
struct C {
  int i;
  struct S *tab[1];
};
struct S { struct C c; };
void f(struct S *x) {
  ((void)1, x->c).tab[0] = 0;
}

Normally, the result of a comma operator isn't assignable, because it's an rvalue... but with array-to-pointer decay, you can assign to it. So the question is, does the assignment affect "x"? Or are we supposed to construct a temporary? Or is this just undefined behavior?

It looks like for the equivalent with an assignment operator, we do construct a temporary. Not sure if there's any other way to get a struct rvalue in C.

Ran into this trying to figure out why we allow EmitLValue on a CK_LValueToRValue in CodeGen.

[llvmbot]

@llvm/issue-subscribers-clang-codegen

Author: Eli Friedman (efriedma-quic)

Consider the following in C:

struct S;
struct C {
  int i;
  struct S *tab[1];
};
struct S { struct C c; };
void f(struct S *x) {
  ((void)1, x->c).tab[0] = 0;
}

Normally, the result of a comma operator isn't assignable, because it's an rvalue... but with array-to-pointer decay, you can assign to it. So the question is, does the assignment affect "x"? Or are we supposed to construct a temporary? Or is this just undefined behavior?

It looks like for the equivalent with an assignment operator, we do construct a temporary. Not sure if there's any other way to get a struct rvalue in C.

Ran into this trying to figure out why we allow EmitLValue on a CK_LValueToRValue in CodeGen.