public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings
@ 2021-07-07 1:30 daklishch at gmail dot com
2021-07-07 1:30 ` [Bug c++/101355] " daklishch at gmail dot com
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: daklishch at gmail dot com @ 2021-07-07 1:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
Bug ID: 101355
Summary: compiling coroutines with ubsan emits bogus
-Wmaybe-uninitialized warnings
Product: gcc
Version: 12.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: daklishch at gmail dot com
Target Milestone: ---
Created attachment 51111
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51111&action=edit
preprocessed source
Compiling the following program with UBSan emits -Wmaybe-uninitialized on
`<anonymous>' variables.
The compiler and runtime behavior is somewhat inconsistent. Normally, there is
only one warning per function and the program is not affected. However, for
example, compiling provided program with -O2 emits two identical warnings and
makes the program crash with `member call on null pointer of type 'struct a''.
$ cat testcode.cc
#include <coroutine>
struct coro {
struct promise_type {
coro get_return_object() { return {}; }
std::suspend_never initial_suspend() noexcept { return {}; }
std::suspend_never final_suspend() noexcept { return {}; }
void unhandled_exception() {}
void return_void() {}
};
bool await_ready() { return true; }
void await_resume() {}
template <typename U>
void await_suspend(U &) {}
};
struct b {
~b() {}
};
struct a {
a(b) {}
~a() {}
};
coro f(b obj) {
auto obj2 = a{obj};
co_return;
}
int main() {
f({});
}
$ ~/gcc-dev/bin/gccdev -O2 -std=c++20 -Wall -fsanitize=undefined testcode.cc
-lstdc++
testcode.cc: In function ‘void _Z1f1b.actor(f(b)::_Z1f1b.frame*)’:
testcode.cc:30:1: warning: ‘<anonymous>’ may be used uninitialized
[-Wmaybe-uninitialized]
30 | }
| ^
testcode.cc:30:1: note: ‘<anonymous>’ was declared here
30 | }
| ^
In function ‘void _Z1f1b.actor(f(b)::_Z1f1b.frame*)’,
inlined from ‘coro f(b)’ at testcode.cc:27:6:
testcode.cc:30:1: warning: ‘<anonymous>’ is used uninitialized
[-Wuninitialized]
30 | }
| ^
testcode.cc: In function ‘coro f(b)’:
testcode.cc:30:1: note: ‘<anonymous>’ was declared here
30 | }
| ^
$ ./a.out
testcode.cc:30:1: runtime error: member call on null pointer of type 'struct a'
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
@ 2021-07-07 1:30 ` daklishch at gmail dot com
2021-07-16 7:29 ` daklishch at gmail dot com
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: daklishch at gmail dot com @ 2021-07-07 1:30 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
--- Comment #1 from Dan Klishch <daklishch at gmail dot com> ---
Created attachment 51112
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=51112&action=edit
gcc with -v option output
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
2021-07-07 1:30 ` [Bug c++/101355] " daklishch at gmail dot com
@ 2021-07-16 7:29 ` daklishch at gmail dot com
2021-08-30 19:02 ` [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan iains at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: daklishch at gmail dot com @ 2021-07-16 7:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
--- Comment #2 from Dan Klishch <daklishch at gmail dot com> ---
GCC incorrectly gimplifies the program. The code that is causing the warning is
in the coroutine's actor function:
try
{
D.9829 = &frame_ptr->__p;
.UBSAN_NULL (D.9829, 4B, 0);
coro::promise_type::return_void (D.9829);
goto final.suspend;
}
finally
{
.UBSAN_NULL (D.9828, 4B, 0); // here
a::~a (D.9828);
}
Obviously, an assignment to D.9828 is missing. However, a little bit earlier a
similar destruction of `struct a' is handled correctly:
try
{
b::~b (&D.9562);
}
catch
{
D.9828 = &frame_ptr->__obj.2.3;
.UBSAN_NULL (D.9828, 4B, 0);
a::~a (D.9828);
}
I guess one of this destructor calls is a copy of another and this might be the
root of the problem. After ubsan instrumentation the call to the destructor
looks like this:
a::~a (.UBSAN_NULL (SAVE_EXPR <&frame_ptr->__obj.2.3>, 4B, 0);,
SAVE_EXPR <&frame_ptr->__obj.2.3>;);
I believe the same SAVE_EXPR is copied to the second invocation of the
destructor but the enclosed expression evaluation is placed only before the
first use of SAVE_EXPR and the control flow does not reach it before a call to
the actual (second) destructor.
I guess this can be fixed by instrumenting the calls to the destructors using
temporary variable and not SAVE_EXPR, like this:
void *ptr = &frame_ptr->__obj.2.3;
.UBSAN_NULL (ptr, 4B, 0);
a::~a (ptr);
But I don't have a solid understanding of GCC internals, so I'm not sure if it
is right.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
2021-07-07 1:30 ` [Bug c++/101355] " daklishch at gmail dot com
2021-07-16 7:29 ` daklishch at gmail dot com
@ 2021-08-30 19:02 ` iains at gcc dot gnu.org
2021-08-30 19:04 ` iains at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: iains at gcc dot gnu.org @ 2021-08-30 19:02 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
Iain Sandoe <iains at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://gcc.gnu.org/bugzill
| |a/show_bug.cgi?id=95137
Keywords| |wrong-code
Ever confirmed|0 |1
CC| |iains at gcc dot gnu.org
Status|UNCONFIRMED |NEW
Last reconfirmed| |2021-08-30
--- Comment #3 from Iain Sandoe <iains at gcc dot gnu.org> ---
the two cases seem likely related - if not actually the same. At present, I
was not sure if this is a coroutines bug (and have not had time to look at it
in detail).
The root cause does appear to be the same - that the sanitiser is expecting the
temp (D.9828 in your case) to be valid - but there is some path through the
code where a suspension occurs so that this is not true.
Unfortunately, I'm not familiar enough with the sanitizer code to comment on
whether the proposed fix is the right one.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
` (2 preceding siblings ...)
2021-08-30 19:02 ` [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan iains at gcc dot gnu.org
@ 2021-08-30 19:04 ` iains at gcc dot gnu.org
2021-09-04 16:39 ` daklishch at gmail dot com
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: iains at gcc dot gnu.org @ 2021-08-30 19:04 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
--- Comment #4 from Iain Sandoe <iains at gcc dot gnu.org> ---
patch proposed here:
https://gcc.gnu.org/pipermail/gcc-patches/2021-August/578401.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
` (3 preceding siblings ...)
2021-08-30 19:04 ` iains at gcc dot gnu.org
@ 2021-09-04 16:39 ` daklishch at gmail dot com
2021-09-30 14:42 ` mpolacek at gcc dot gnu.org
2021-09-30 14:59 ` iains at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: daklishch at gmail dot com @ 2021-09-04 16:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
Dan Klishch <daklishch at gmail dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #5 from Dan Klishch <daklishch at gmail dot com> ---
GCC stopped instrumenting destructors in this particular case, so I guess the
bug is fixed.
https://godbolt.org/z/KGa6aGf5x
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
` (4 preceding siblings ...)
2021-09-04 16:39 ` daklishch at gmail dot com
@ 2021-09-30 14:42 ` mpolacek at gcc dot gnu.org
2021-09-30 14:59 ` iains at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: mpolacek at gcc dot gnu.org @ 2021-09-30 14:42 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
Marek Polacek <mpolacek at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mpolacek at gcc dot gnu.org
--- Comment #6 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Would it be possible to backport this to gcc 11 too?
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
` (5 preceding siblings ...)
2021-09-30 14:42 ` mpolacek at gcc dot gnu.org
@ 2021-09-30 14:59 ` iains at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: iains at gcc dot gnu.org @ 2021-09-30 14:59 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101355
Iain Sandoe <iains at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |11.3
--- Comment #7 from Iain Sandoe <iains at gcc dot gnu.org> ---
(In reply to Marek Polacek from comment #6)
> Would it be possible to backport this to gcc 11 too?
it's on my TODO to back port the correctness fixes to 11 (and where feasible
10).
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-09-30 14:59 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-07 1:30 [Bug c++/101355] New: compiling coroutines with ubsan emits bogus -Wmaybe-uninitialized warnings daklishch at gmail dot com
2021-07-07 1:30 ` [Bug c++/101355] " daklishch at gmail dot com
2021-07-16 7:29 ` daklishch at gmail dot com
2021-08-30 19:02 ` [Bug c++/101355] incorrect `this' in destructor calls when compiling coroutines with ubsan iains at gcc dot gnu.org
2021-08-30 19:04 ` iains at gcc dot gnu.org
2021-09-04 16:39 ` daklishch at gmail dot com
2021-09-30 14:42 ` mpolacek at gcc dot gnu.org
2021-09-30 14:59 ` iains at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).