[Bug c++/14885] New: Improper delete/free of local variables undetected

[Bug c++/14885] New: Improper delete/free of local variables undetected

[ndeb at ece dot cmu dot edu]

#include <iostream> 
using namespace std; 
int main() 
{ 
int u=3; 
cout << "u = " << u << endl; 
delete &u; 
return 0; 
} 
 
This program compiles (g++ -g file.cpp) ok without any warnings. It seg faults 
at runtime. The cause is very clear since the "delete" operation done by the 
user is followed by the delete performed by the program itself. This leads to 
a double free leading to a seg fault. 
 
Since the program is well-formed, the compiler cannot report a compilation 
error, even if it can detect the possibility of undefined behavior. One way 
out is to give a warning at compile time. 
 
Note that the same problem is there for the C compiler. Also, this problem has 
been reproduced with other g++ versions (2.95.3, 3.2.1) too.

-- 
           Summary: Improper delete/free of local variables undetected
           Product: gcc
           Version: 3.3.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P2
         Component: c++
        AssignedTo: unassigned at gcc dot gnu dot org
        ReportedBy: ndeb at ece dot cmu dot edu
                CC: gcc-bugs at gcc dot gnu dot org


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[ndeb at ece dot cmu dot edu]

------- Additional Comments From ndeb at ece dot cmu dot edu  2004-04-08 00:41 -------
As per suggestion from Giovanni Bajo, I am setting severity to "enhancement". 

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[pinskia at gcc dot gnu dot org]

------- Additional Comments From pinskia at gcc dot gnu dot org  2004-04-08 00:48 -------
Confirmed. Even ICC 6.0 does not warn.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever Confirmed|                            |1
           Keywords|                            |diagnostic
      Known to fail|                            |3.5.0
   Last reconfirmed|0000-00-00 00:00:00         |2004-04-08 00:48:06
               date|                            |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-04-08 18:43 -------
I personally think that a) this problem is so easily detected at run-time
that it does not merit much compiler hacking, and b) this is simply too
stupid a user error that we have to bother; I'm sure it doesn't happen
very often in practice.

The point being is that we could probably detect the case you present, but
then people want us to also warn for cases like

  void f(char *p) {
    char c;
    char *x;
    if (bar())
     x = &c;
    else
     x = p;
    delete x;
  }
and that's something that will be much harder to detect in all variations.

I propose we close this PR.

W.

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[gdr at integrable-solutions dot net]

------- Additional Comments From gdr at integrable-solutions dot net  2004-04-08 19:55 -------
Subject: Re:  Improper delete/free of local variables undetected

"bangerth at dealii dot org" <gcc-bugzilla@gcc.gnu.org> writes:

| I propose we close this PR.

seconded.

-- Gaby


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[ndeb at ece dot cmu dot edu]

------- Additional Comments From ndeb at ece dot cmu dot edu  2004-04-08 20:11 -------
(In reply to comment #3) 
> I personally think that a) this problem is so easily detected at run-time 
> that it does not merit much compiler hacking, and  
 
That was one of the suggestions made by Giovanni Bajo so nothing new here. 
 
> b) this is simply too 
> stupid a user error that we have to bother; I'm sure it doesn't happen 
> very often in practice. 
 
My idea of a bug report is not to post the most complicated thousand line code 
to reproduce a bug that can be reproduced with 5 lines. 
   
> The point being is that we could probably detect the case you present, but 
> then people want us to also warn for cases like 
>  
>   void f(char *p) { 
>     char c; 
>     char *x; 
>     if (bar()) 
>      x = &c; 
>     else 
>      x = p; 
>     delete x; 
>   } 
> and that's something that will be much harder to detect in all variations. 
 
Thats exactly why this bug is a real bug. 
 
> I propose we close this PR. 
 
Not sure what "PR" means but whats the logic behind sweeping it under the  
carpet ? 
 
>  
> W. 
 
 

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-04-09 19:03 -------
"PR" means "problem report", i.e. "bug report".

I don't mean to sweep it under the rug. My intention was this: we have
serious bugs where we fail to accept valid C++ code, or generate wrong code.
These bugs are way more important. If we have fixed all these, we can still
come around and invent techniques to diagnose user errors that probably
require solving the halting problem to catch all cases.

If this is of critical importance, feel free to pay one of the gcc developers
to implement this. I personally do not assign it significant importance, so
I go with Gaby's opinion to close the PR.

W.

-- 
           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[ndeb at ece dot cmu dot edu]

------- Additional Comments From ndeb at ece dot cmu dot edu  2004-04-09 23:21 -------
(In reply to comment #6)   
> "PR" means "problem report", i.e. "bug report".   
>    
> I don't mean to sweep it under the rug.    
 
You did exactly that by closing the bug as "won't fix". What harm does an open   
bug report do ?   
 
> My intention was this: we have   
> serious bugs where we fail to accept valid C++ code, or generate wrong code.   
> These bugs are way more important.    
   
It may be less important to you but there are others who feel its important   
enough to deserve a report. Closing a report because you think its unimportant   
is not very helpful.  
   
> If we have fixed all these, we can still   
> come around and invent techniques to diagnose user errors that probably   
> require solving the halting problem to catch all cases.   
>    
> If this is of critical importance, feel free to pay one of the gcc   
developers   
> to implement this. I personally do not assign it significant importance, so   
> I go with Gaby's opinion to close the PR.   
 
Nobody demanded that _you_ fix this within 24 hours so why this display of "I   
have far more important stuff to do" ? If you do not want to fix it, please   
leave it for others to look at. The purpose of the bug report is to make users  
aware of the problem.  
 
Perhaps next time, you can mark such bugs as "resolved unimportant" (assuming   
bugzilla gives such an option).  

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885

[Bug c++/14885] Improper delete/free of local variables undetected

[bangerth at dealii dot org]

------- Additional Comments From bangerth at dealii dot org  2004-04-11 02:32 -------
Open bug reports bind resources even if they just lie around -- we have 
to look at them regularly to figure out which are important for the next 
release, whether they have been fixed in the meantime, etc. For bugs 
where we are sure that this is what is going to happen for an 
undeterminate long time, we close them as "resolved unimportant", which 
(since bugzilla does not have this status) is done by closing as 
"won't fix". 
 
W. 

-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=14885