From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-bugzilla@gcc.gnu.org>
Received: by sourceware.org (Postfix, from userid 48)
 id D72073858C2C; Tue,  4 Jan 2022 22:09:12 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D72073858C2C
From: "johannes.kalmbach at googlemail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/103909] New: co_yield of aggregate-initialized temporaries
 leads to segmentation faults.
Date: Tue, 04 Jan 2022 22:09:12 +0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: new
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: c++
X-Bugzilla-Version: 12.0
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: normal
X-Bugzilla-Who: johannes.kalmbach at googlemail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status
 bug_severity priority component assigned_to reporter target_milestone
Message-ID: <bug-103909-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: gcc-bugs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-bugs mailing list <gcc-bugs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-bugs>,
 <mailto:gcc-bugs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Jan 2022 22:09:12 -0000

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D103909

            Bug ID: 103909
           Summary: co_yield of aggregate-initialized temporaries leads to
                    segmentation faults.
           Product: gcc
           Version: 12.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: johannes.kalmbach at googlemail dot com
  Target Milestone: ---

co_yield of aggregate-initialized temporaries leads to segmentation faults.

Expected behavior:
Let `generator` be a reasonably defined generator type (e.g.
cppcoro::generator). Let `T` be an arbitrary type.
The following pattern is supposed to work:

generator<T> f() {
  co_yield T{<valid-init-statement-for-T>};
}

(the lifetime of the temporary crosses the suspension point inside `co_yiel=
d`.

Actual behavior (for different types):

-  Aggregates containing arithmetic types work as expected=20
   (e.g. std::array<int, N>, or struct F{int i;};

-  Types where {}-initialization uses a initializer-list constructor lead t=
o a=20
   compilation error, but is is already reported as=20
   https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98056

-  Aggregates containing std::string (e.g. std::array<std::string, N>, or
struct=20
   F{std::string s};) compile, but lead to free(): invalid pointer,=20
   munmap_chunk(): invalid pointer, or segmentation faults.

-  Types with exactly the same layouts as these aggregates, but with an
explicit=20
   constructor which disables aggregate initialization work correctly, e.g.
   struct G {
     std::string s;
     G(std::string s_in) : s{std::move(s_in)} {}=20
   };

GCC version that show this behavior: 11.1, 11.2, trunk (via godbolt)
Compiler Flags: -fcoroutines -std=3Dc++2a -O2

minimal Example code that illustrates the bug (also printed below):
https://godbolt.org/z/nrGG5zKjq

All of the above cases compile and work as expected on clang 13.

Best regards
Johannes


Source code of minimal example (identical to godbolt link)

#include <iostream>
#include <coroutine>
#include <array>

using namespace std;

template <typename T>
struct generator {
  struct promise_type {

  generator get_return_object() noexcept {
  return generator{coroutine_handle<promise_type>::from_promise(*this)};
  }

  suspend_always initial_suspend() const noexcept { return {};}
  suspend_always final_suspend() const noexcept {return {};}

  suspend_always yield_value(T& v) noexcept {m_v =3D &v; return {};}
  suspend_always yield_value(T&& v) noexcept {m_v =3D &v; return {}; }
  void unhandled_exception() { }
  void return_void() {}

  T& value() const noexcept { return *m_v; }

 private:
  T* m_v;
};


  ~generator() {m_coroutine.destroy(); }

  void move_next() { m_coroutine.resume();}

  T& value() {return m_coroutine.promise().value();}

  generator(coroutine_handle<promise_type> coroutine) noexcept
      : m_coroutine(coroutine) {}

  std::coroutine_handle<promise_type> m_coroutine;
};


generator<std::array<std::string, 3>> arr(){
    // Compiles, but leads to segfault/ invalid free when accessed.
    co_yield {"a", "b", "c"};
}

generator<std::array<int, 3>> arrInt(){
    // Works fine
     co_yield {1, 2, 3};
}

struct F {
    std::string x;
    const std::string& operator[](size_t) const {
        return x;
    }
};

generator<F> f() {
    // leads to "munmap_chunk(): invalid pointer";
    co_yield {"abc"};
}

struct G {
    std::string s;
    G(std::string s_in) : s{std::move(s_in)} {}=20
    const std::string& operator[](size_t) const {
        return s;
    }
};

generator<G> g() {
    // Works as expected, only difference to F/f() is the manually
    // specified constructor.
    co_yield {"abc"};
}


template<typename Generator>
void outputOne(Generator g) {
    g.move_next();
    const auto& el =3D g.value();
    std::cout << el[0] << el[1] << el[2] << std::endl;
}

int main() {
    outputOne(g());
    outputOne(f());
    outputOne(arrInt());
    outputOne(arr());
}=