c++ - 通过重新使用的非 `const` 名称修改动态分配的 -`const` 对象是否合法？

Question

考虑以下程序:

#include <iostream>

int main()
{
   int x = 0;
   const int* px = new (&x) const int(0);
   x = 1;
   std::cout << *px;  // 1?
}

它compiles under GCC 4.8 (并产生“预期的”输出)，但我怀疑它完全是 UB，因为动态对象的类型为 const int ( which remains part of the type )。但是，如果是的话，为什么编译器不阻止我违反 const-correctness？

Answer 1

tl;dr:是的，这是未定义的行为。不，编译器不会对其进行诊断。

---

一般来说，编译器不会(有时不能)诊断 UB。 const 正确性违规的更明显示例实际上是格式错误 和can be diagnosed :

#include <iostream>

int main()
{
   const int x = 0;
   x = 1;
   std::cout << x;
}

// g++-4.8 -std=c++11 -O2 -Wall -pedantic -pthread main.cpp && ./a.out
// main.cpp: In function 'int main()':
// main.cpp:6:6: error: assignment of read-only variable 'x'
//     x = 1;
//       ^

但是，除此之外，它 won't stop you from performing obvious violations of const-correctness :

#include <iostream>

int main()
{
    const int x = 0;
    *const_cast<int*>(&x) = 1;
    std::cout << x;
}

// Output: 1

因此，回到您的代码片段，我对那里的编译器诊断方式期望不高。

不过，您的代码确实调用了未定义的行为。让我们检查一下:

#include <iostream>

int main()
{
   int x = 0;
   const int* px = new (&x) const int(0);
   x = 1;
   std::cout << *px;  // 1?
}

这是发生了什么:

1. 创建一个具有自动存储持续时间的int，初始化为0。
2. 名称x 指的是这个对象。
3. const int 是用动态存储持续时间创建的，重新使用 int 的存储。
4. int 的生命周期结束于^1、2。
5. x 现在指的是 const int³。
6. 尽管名称 x 的类型为 int，但它现在指的是 const int，因此赋值未定义⁴.

这是一个有趣的漏洞，您可以用来“绕过”const 的正确性，并且只要原始的 int 不存在于只读内存中，它甚至可能不会导致崩溃。

然而，它仍然是未定义的，虽然我看不出可以执行哪些优化可能会破坏分配和后续读取，但您肯定会对各种意想不到的麻烦持开放态度，例如后花园中的自发火山或您所有辛苦赚来的代表都被转换成英镑并存入我的银行账户(谢谢!)。

---

脚注 1

[C++11: 3.8/1]: [..] The lifetime of an object of type T ends when:

• if T is a class type with a non-trivial destructor (12.4), the destructor call starts, or
• the storage which the object occupies is reused or released.

脚注 2

请注意，我不必在 int 对象上显式调用“析构函数”。这主要是因为此类对象没有析构函数，但即使我选择了一个简单的类 T 而不是 int，我也可能不需要显式的析构函数调用:

[C++11: 3.8/4]: A program may end the lifetime of any object by reusing the storage which the object occupies or by explicitly calling the destructor for an object of a class type with a non-trivial destructor. For an object of a class type with a non-trivial destructor, the program is not required to call the destructor explicitly before the storage which the object occupies is reused or released; however, if there is no explicit call to the destructor or if a delete-expression (5.3.5) is not used to release the storage, the destructor shall not be implicitly called and any program that depends on the side effects produced by the destructor has undefined behavior.

脚注 3

[C++11: 3.8/7]: If, after the lifetime of an object has ended and before the storage which the object occupied is reused or released, a new object is created at the storage location which the original object occupied, a pointer that pointed to the original object, a reference that referred to the original object, or the name of the original object will automatically refer to the new object and, once the lifetime of the new object has started, can be used to manipulate the new object, if:

• the storage for the new object exactly overlays the storage location which the original object occupied, and
• the new object is of the same type as the original object (ignoring the top-level cv-qualifiers), and
• the type of the original object is not const-qualified, and, if a class type, does not contain any non-static data member whose type is const-qualified or a reference type, and
• the original object was a most derived object (1.8) of type T and the new object is a most derived object of type T (that is, they are not base class subobjects). [..]

脚注 4

[C++11: 7.1.6.1/4]: Except that any class member declared mutable (7.1.1) can be modified, any attempt to modify a const object during its lifetime (3.8) results in undefined behavior. [..]

(后面的示例与您的代码片段相似，但不完全相同。)