[Bug c++/103909] New: co_yield of aggregate-initialized temporaries leads to segmentation faults.

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "johannes.kalmbach at googlemail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/103909] New: co_yield of aggregate-initialized temporaries leads to segmentation faults.
Date: Tue, 04 Jan 2022 22:09:12 +0000	[thread overview]
Message-ID: <bug-103909-4@http.gcc.gnu.org/bugzilla/> (raw)

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103909

            Bug ID: 103909
           Summary: co_yield of aggregate-initialized temporaries leads to
                    segmentation faults.
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: johannes.kalmbach at googlemail dot com
  Target Milestone: ---

co_yield of aggregate-initialized temporaries leads to segmentation faults.

Expected behavior:
Let `generator` be a reasonably defined generator type (e.g.
cppcoro::generator). Let `T` be an arbitrary type.
The following pattern is supposed to work:

generator<T> f() {
  co_yield T{<valid-init-statement-for-T>};
}

(the lifetime of the temporary crosses the suspension point inside `co_yield`.

Actual behavior (for different types):

-  Aggregates containing arithmetic types work as expected 
   (e.g. std::array<int, N>, or struct F{int i;};

-  Types where {}-initialization uses a initializer-list constructor lead to a 
   compilation error, but is is already reported as 
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98056

-  Aggregates containing std::string (e.g. std::array<std::string, N>, or
struct 
   F{std::string s};) compile, but lead to free(): invalid pointer, 
   munmap_chunk(): invalid pointer, or segmentation faults.

-  Types with exactly the same layouts as these aggregates, but with an
explicit 
   constructor which disables aggregate initialization work correctly, e.g.
   struct G {
     std::string s;
     G(std::string s_in) : s{std::move(s_in)} {} 
   };

GCC version that show this behavior: 11.1, 11.2, trunk (via godbolt)
Compiler Flags: -fcoroutines -std=c++2a -O2

minimal Example code that illustrates the bug (also printed below):
https://godbolt.org/z/nrGG5zKjq

All of the above cases compile and work as expected on clang 13.

Best regards
Johannes


Source code of minimal example (identical to godbolt link)

#include <iostream>
#include <coroutine>
#include <array>

using namespace std;

template <typename T>
struct generator {
  struct promise_type {

  generator get_return_object() noexcept {
  return generator{coroutine_handle<promise_type>::from_promise(*this)};
  }

  suspend_always initial_suspend() const noexcept { return {};}
  suspend_always final_suspend() const noexcept {return {};}

  suspend_always yield_value(T& v) noexcept {m_v = &v; return {};}
  suspend_always yield_value(T&& v) noexcept {m_v = &v; return {}; }
  void unhandled_exception() { }
  void return_void() {}

  T& value() const noexcept { return *m_v; }

 private:
  T* m_v;
};


  ~generator() {m_coroutine.destroy(); }

  void move_next() { m_coroutine.resume();}

  T& value() {return m_coroutine.promise().value();}

  generator(coroutine_handle<promise_type> coroutine) noexcept
      : m_coroutine(coroutine) {}

  std::coroutine_handle<promise_type> m_coroutine;
};


generator<std::array<std::string, 3>> arr(){
    // Compiles, but leads to segfault/ invalid free when accessed.
    co_yield {"a", "b", "c"};
}

generator<std::array<int, 3>> arrInt(){
    // Works fine
     co_yield {1, 2, 3};
}

struct F {
    std::string x;
    const std::string& operator[](size_t) const {
        return x;
    }
};

generator<F> f() {
    // leads to "munmap_chunk(): invalid pointer";
    co_yield {"abc"};
}

struct G {
    std::string s;
    G(std::string s_in) : s{std::move(s_in)} {} 
    const std::string& operator[](size_t) const {
        return s;
    }
};

generator<G> g() {
    // Works as expected, only difference to F/f() is the manually
    // specified constructor.
    co_yield {"abc"};
}


template<typename Generator>
void outputOne(Generator g) {
    g.move_next();
    const auto& el = g.value();
    std::cout << el[0] << el[1] << el[2] << std::endl;
}

int main() {
    outputOne(g());
    outputOne(f());
    outputOne(arrInt());
    outputOne(arr());
}

next             reply	other threads:[~2022-01-04 22:09 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-01-04 22:09 johannes.kalmbach at googlemail dot com [this message]
2022-01-05  8:14 ` [Bug c++/103909] " iains at gcc dot gnu.org
2022-04-21  7:51 ` rguenth at gcc dot gnu.org
2023-04-22 19:39 ` [Bug c++/103909] coroutines: " StevenSun2021 at hotmail dot com
2023-05-29 10:06 ` jakub at gcc dot gnu.org
2024-05-06  6:28 ` accelerator0099 at gmail dot com

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-103909-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).