From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 6978B3858284; Tue, 30 Aug 2022 09:12:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6978B3858284 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1661850736; bh=Fay6YgZ5jj1H5etTRQP5il4xtE0O4i+i7AooXy4Yc2o=; h=From:To:Subject:Date:From; b=BacyBfX4oWwhsfrQc29/Qz5lazjyBArmBrf0ZqysFaorYN+hu0euOzOLaCEDZVstZ itj6amgk3C8jWwIUMPtpLVcHFyO4gdc8TQmILISp3AbdHyIgeKgwwbuNfb+ww16WH9 ioCCE3GBIRWAbBGC/Yl6GtUD6w85gyCz7WCYSCBc= From: "drfiemost at email dot it" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/106776] New: Unexpected use-after-free warning Date: Tue, 30 Aug 2022 09:12:15 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 12.2.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: drfiemost at email dot it X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status keywords bug_severity priority component assigned_to reporter target_milestone attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D106776 Bug ID: 106776 Summary: Unexpected use-after-free warning Product: gcc Version: 12.2.0 Status: UNCONFIRMED Keywords: diagnostic Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: drfiemost at email dot it Target Milestone: --- Created attachment 53520 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=3D53520&action=3Dedit test program When compiling the attached program with the -O2 and -Wuse-after-free flags= I get the following warning, which seems bogus as the pointer is not actually dereferenced in case it is deleted: $ g++ -O2 -Wuse-after-free test_ref.cpp In member function 'unsigned int counter::decrease()', inlined from 'matrix_t::~matrix_t()' at test_ref.cpp:32:38, inlined from 'matrix_t* cache(int, const char*)' at test_ref.cpp:53:1: test_ref.cpp:14:40: warning: pointer used after 'void operator delete(void*, std::size_t)' [-Wuse-after-free] 14 | unsigned int decrease() { return --c; } | ^ In destructor 'matrix_t::~matrix_t()', inlined from 'std::pair::~pair()' at C:/msys64/mingw64/include/c++/12.2.0/bits/stl_pair.h:185:12, inlined from 'matrix_t* cache(int, const char*)' at test_ref.cpp:52:40: test_ref.cpp:32:56: note: call to 'void operator delete(void*, std::size_t)' here 32 | ~matrix_t() { if (count->decrease() =3D=3D 0) { delete count; d= elete data; } } | ^~~~~ The IL dump confirms that the pointer _1 is either accessed or delet= ed : void matrix::~matrix (struct matrix * const this) { struct counter * _1; short int * _2; unsigned int _10; unsigned int _11; [local count: 1073741824]: _1 =3D this_5(D)->count; _10 =3D _1->c; _11 =3D _10 + 4294967295; if (_11 =3D=3D 0) goto ; [33.00%] else goto ; [67.00%] [local count: 719407024]: _1->c =3D _11; [local count: 884279007]: goto ; [100.00%] [local count: 354334800]: operator delete (_1, 4); _2 =3D this_5(D)->data; if (_2 !=3D 0B) goto ; [53.47%] else goto ; [46.53%] [local count: 164871983]: goto ; [100.00%] [local count: 189462817]: operator delete [] (_2); [tail call] [local count: 1073741824]: return; } The warning doesn't appear when using the -O1 flag or if the variable is decalared volatile. If I'm not missing anything obvious the warning should not be issued at all= .=