Pointer to temporary object

Question

Why does this code work correctly?

struct A {
    std::string value = "test"s;
    
    A() { std::cout << "created" << std::endl; }
    ~A() { std::cout << "destroyed" << std::endl; }
};

int main() { 
    A* ptr = nullptr;
    
    {
        A a;
        ptr = &a;
    }
    
    std::cout << ptr->value << endl; // "test"
}

output:

• created
• destroyed
• test

Or this example:

struct A {
    const std::string* str = nullptr;
    
    A(const std::string& s) : str(&s) {}
};

int main()
{
    A a = std::string("hello world");
    std::cout << *a.str;

    return 0;
}

output:

• hello world

In the first case, it seemed to me that when object A was destroyed, the content would become invalid, but I was able to retrieve the string.

In the second case, I took rvalue by constant reference, but extending the life of the object should work as long as the reference is valid. I thought that after the constructor worked, the string should have been destroyed. Why is this not happening?

Answer 1

Both codes have undefined behavior.

Here:

{
    A a;
    ptr = &a;
}

std::cout << ptr->value << endl; // "test"

ptr becomes invalid once a goes out of scope and gets destroyed.

Similar in the second example, you are also dereferencing an invalid pointer because the temporary string is gone after the call to the constructor.

C++ does not define what happes when you do things that are not defined (makes sense, no? ;). Instead it is rather explicit about saying that when you do certain wrong things then the behavior of the code is undefined. Dereferencing an invalid pointer is undefined. The output of the code could be anything. A compiler is not required to diagnose undefined behavior, though there are features and tools that can help. With gcc it is -fsanitize=address that detects the issue in both your codes: https://godbolt.org/z/osc9ah1jo and https://godbolt.org/z/334qaKzb9.

Answer 2

Why is this not happening?

The program(both snippet 1 and snippet 2) have undefined behavior. In the first snippet the object a has been destroyed once it goes out of scope and so ptr becomes a dangling pointer. And dereferencing that dangling pointer(which you do by writing the expression ptr->value) is undefined behavior.

And in the second snippet, the temporary string is destroyed once the constructor call finishes. So, again a.str is a dangling pointer. And dereferencing this dangling pointer(which you did by writing the expression *a.str) is undefined behavior.

Undefined behavior means anything¹ can happen including but not limited to the program giving your expected output. But never rely(or make conclusions based) on the output of a program that has undefined behavior.

So the output that you're seeing(maybe seeing) is a result of undefined behavior. And as i said don't rely on the output of a program that has UB. The program may just crash.

For example, here the program seems to give correct output but here it gives garbage output.

So the first step to make the program correct would be to remove UB. Then and only then you can start reasoning about the output of the program.

---

^{1For a more technically accurate definition of undefined behavior see this where it is mentioned that: there are no restrictions on the behavior of the program.}