[Bug optimization/11505] New: Runtime segfault: C++ heap-allocated object loses/changes 'this' address at -O3 when calling virtual inline const function

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "dan at bti dot net" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug optimization/11505] New: Runtime segfault: C++ heap-allocated object loses/changes 'this' address at -O3 when calling virtual inline const function
Date: Fri, 11 Jul 2003 22:22:00 -0000	[thread overview]
Message-ID: <20030711222234.11505.dan@bti.net> (raw)

PLEASE REPLY TO gcc-bugzilla@gcc.gnu.org ONLY, *NOT* gcc-bugs@gcc.gnu.org.

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=11505

           Summary: Runtime segfault: C++ heap-allocated object
                    loses/changes 'this' address at -O3 when calling virtual
                    inline const function
           Product: gcc
           Version: 3.3
            Status: UNCONFIRMED
          Severity: minor
          Priority: P2
         Component: optimization
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: dan at bti dot net
                CC: gcc-bugs at gcc dot gnu dot org
 GCC build triplet: i686-pc-linux-gnu
  GCC host triplet: i686-pc-linux-gnu
GCC target triplet: i686-pc-linux-gnu

This problem occurs while compiling our company's library code with -O3; the problem is not 
present at lower optimization levels.

A complex C++ class named TTCPConnectionObj contains the following function:

virtual inline bool IsLingerSet () const
    { return (fLingerTime != kTCPLingerNone); }

This function is called (among other times) from within a Connect() method within the same object.  
At optimization -O3, the call to IsLingerSet() fails with a segfault.  Follows is a GDB (5.3) backtrace:

#0  0x400bf513 in bti::TTCPConnectionObj::IsLingerSet() const (this=0x400c23f9) at 
bti_tcp_lib.h:274
#1  0xbffff6e8 in ?? ()
#2  0x400bbdf2 in bti::TTCPConnectionObj::Connect(unsigned long, int, int, int) (this=0xbffff9b0, 
networkAddress=1074537465, 
    port=1074533544, ioBufferSize=4096, connectTimeout=1074537465) at bti_tcp_lib.cc:161
#3  0x400bc084 in bti::TTCPConnectionObj::Connect(bti::TString, int, int, int) (this=0xbffff9b0, 
host=
        {<TBuffer> = {_vptr.TBuffer = 0x804a988, fStackBufferPtr = "www.bti.net", '\0' <repeats 20 
times>, fExternalBufferPtr = 0x0, fCurrentBufferPtr = 0xbffff8f4 "www.bti.net", fCapacity = 32, 
fUsed = 11}, <No data fields>}, port=1074537465, 
    ioBufferSize=1074537465, connectTimeout=1074537465) at bti_tcp_lib.cc:224
#4  0x08048f5a in main (argc=3, argv=0x400c23f8) at blah.cc:29
#5  0x401c3ae2 in __libc_start_main (main=0x8048e60 <main>, argc=3, ubp_av=0xbffff9b0, 
init=0x8048b70 <_init>, 
    fini=0x400c14a8 <vtable for bti::TTCPConnectionObj+8>, rtld_fini=0x5000, 
stack_end=0x7c400bfe)
    at ../sysdeps/generic/libc-start.c:129

Notice that the address of 'this' changes somewhere between frames 0 and 2.  It shouldn't, and it 
apparently doesn't with less optimization.  Frame 2 (bti_tcp_lib.cc:161) points directly to the call to 
IsLingerSet().

next             reply	other threads:[~2003-07-11 22:22 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-07-11 22:22 dan at bti dot net [this message]
2003-07-11 22:49 ` [Bug optimization/11505] " bangerth at dealii dot org
2003-07-12 11:23 ` dan at bti dot net
2003-07-13 13:16 ` dan at bti dot net
2003-07-20 16:41 ` pinskia at physics dot uc dot edu
2003-07-29 21:28 ` pinskia at physics dot uc dot edu
2003-08-24 19:15 ` dhazeghi at yahoo dot com
2003-08-25 18:57 ` dan at bti dot net
2003-08-25 19:02 ` bangerth at dealii dot org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20030711222234.11505.dan@bti.net \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).