[Bug c++/106924] New: Nested class: virtual function returns wrong pointer of covariant type

[Bug c++/106924] New: Nested class: virtual function returns wrong pointer of covariant type

[aeiken at motortech dot de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106924

            Bug ID: 106924
           Summary: Nested class: virtual function returns wrong pointer
                    of covariant type
           Product: gcc
           Version: 10.3.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: aeiken at motortech dot de
  Target Milestone: ---

Created attachment 53570
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53570&action=edit
test.ii file generated with g++ -save-temps test.cpp

The following was found with gcc-arm-none-eabi-10.3-2021.07, tests with other
versions for linux (Ubuntu 20.04.3 LTS) did also not work (e.g. g++ 9.4.0 on
Ubuntu).

Take a look at the example code in test.cpp:
A class (ABFabNested) is nested inside a class (class DerivedAB with multiple
inheritances (class BaseA and BaseB)).
Because of the class layout, the adresses of DerivedAB and BaseB are different.
The nested class itself is derived from a Base class (FabForB) which has a
virtual function(getPtr), which return a pointer to class BaseA.
The nested class overrides this virtual function, but returns a pointer to
class DerivedAB. This is allowed, because DerivedAB and BaseB are covariants.

If you have an instance of a pointer to FabForB, which points to an instance of
ABFabNested, getPtr returns the address of DerivedAB, not BaseA.
If you implement the same class (here ABFab) outside of DerivedAB (not nested)
and repeat the step before, getPtr returns the address of BaseA, which is what
I expected.

test.cpp was compiled with the 9.4.0 version of the g++ without any parameters:

g++ a.out

Output of a.out:
TEST fab:        addr e89f6030 base e89f6040
TEST             addr e89f6040 
TEST fab nested: addr e89f6010 base e89f6020
TEST nested      addr e89f6010

g++ --version
g++ (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0
Copyright (C) 2019 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

The test was repeated with other g++ versions (also newer version) with the
same result.


test.cpp:
#include <stdio.h>
  class BaseA
  {
  public:
    virtual BaseA* getPtr(){return this;}
    virtual ~BaseA(){}
  };
  class BaseB
  {
  public:
    int i = 0;
    virtual int geti(){return i;};
    virtual ~BaseB(){}
  };
  class FabForB
  {
  public:
    virtual BaseA* getPtr()=0;
    virtual ~FabForB(){}
  };
  class DerivedAB: public BaseB, public BaseA
  {
  public:
    virtual DerivedAB* getPtr(){printf("TEST D this %x\n", this);return this;}
    virtual int geti(){return 5;};

    class ABFabNested: public FabForB
    {
    public:
      virtual DerivedAB* getPtr()
      {
        static DerivedAB staticD;
        BaseA* basePtr = &staticD;
        printf("TEST fab nested: addr %x base %x\n", &staticD, basePtr);
        return &staticD;
      }
      virtual int geti(){return 5;};
    };
  };
  class ABFab: public FabForB
  {
  public:
    virtual DerivedAB* getPtr()
    {
      static DerivedAB staticD;
      BaseA* basePtr = &staticD;
      printf("TEST fab:        addr %x base %x\n", &staticD, basePtr);
      return &staticD;
    }
    virtual int geti(){return 5;};
  };
int main()
{
  ABFab fab;
  DerivedAB::ABFabNested fabNested;

  FabForB* fabPtr = &fab;
  FabForB* fabNestedPtr = &fabNested;
  printf("TEST             addr %x \n", fabPtr->getPtr());
  printf("TEST nested      addr %x \n", fabNestedPtr->getPtr());  
  return 0;
}

[Bug c++/106924] Nested class: virtual function returns wrong pointer of covariant type

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106924

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
     Ever confirmed|0                           |1
   Last reconfirmed|                            |2022-09-14

--- Comment #1 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Reduced to remove unnecessary virtual functions that are never used, and fix
the printf formats, and make it fail at runtime:

extern "C" int printf(const char*, ...);
extern "C" void abort();

struct BaseA
{
  virtual ~BaseA(){}
};

struct BaseB
{
  virtual ~BaseB(){}
};

struct DerivedAB;

struct FabForB
{
  virtual BaseA* getPtr()=0;
  virtual ~FabForB(){}
};

struct DerivedAB : BaseB, BaseA
{
  struct ABFabNested : FabForB
  {
    virtual DerivedAB* getPtr();
  };
};

void print(const DerivedAB* dp, const BaseA* ap, bool nested = false)
{
}

DerivedAB d;

DerivedAB* DerivedAB::ABFabNested::getPtr()
{
  DerivedAB* p = &d;
  printf("TEST fab nested: addr %p base %p\n", p, (BaseA*)p);
  return p;
}

struct ABFab : FabForB
{
  virtual DerivedAB* getPtr()
  {
    DerivedAB* p = &d;
    printf("TEST fab:        addr %p base %p\n", p, (BaseA*)p);
    return p;
  }
};

int main()
{
  ABFab fab;
  DerivedAB::ABFabNested fabNested;

  BaseA* a1 = fab.getPtr();
  BaseA* a2 = static_cast<FabForB&>(fab).getPtr();
  printf("TEST             addr %p %p\n", a1, a2);

  a1 = fabNested.getPtr();
  a2 = static_cast<FabForB&>(fabNested).getPtr();
  printf("TEST nested      addr %p %p\n", a1, a2);

  if (a1 != a2)
    abort();
}


G++ prints:

TEST fab:        addr 0x404060 base 0x404068
TEST fab:        addr 0x404060 base 0x404068
TEST             addr 0x404068 0x404068
TEST fab nested: addr 0x404060 base 0x404068
TEST fab nested: addr 0x404060 base 0x404068
TEST nested      addr 0x404068 0x404060
Aborted (core dumped)

When we call fabNested.getPtr() to get a DerivedAB* and then convert to BaseA*
at the call site, the pointer is correctly adjusted to the BaseA base
subobject.

When we call static_cast<FabForB&>(fabNested).getPtr() to get a BaseA* the
covariant return is not adjusted, and the address of the DerivedAB complete
object is returned, not its BaseA base subobejct..

[Bug c++/106924] Nested class: virtual function returns wrong pointer of covariant type

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106924

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Oops, slightly further reduce to remove the ununsed print function:

extern "C" int printf(const char*, ...);
extern "C" void abort();

struct BaseA
{
  virtual ~BaseA(){}
};

struct BaseB
{
  virtual ~BaseB(){}
};

struct DerivedAB;

struct FabForB
{
  virtual BaseA* getPtr()=0;
  virtual ~FabForB(){}
};

struct DerivedAB : BaseB, BaseA
{
  struct ABFabNested : FabForB
  {
    virtual DerivedAB* getPtr();
  };
};

DerivedAB d;

DerivedAB* DerivedAB::ABFabNested::getPtr()
{
  DerivedAB* p = &d;
  printf("TEST fab nested: addr %p base %p\n", p, (BaseA*)p);
  return p;
}

struct ABFab : FabForB
{
  virtual DerivedAB* getPtr()
  {
    DerivedAB* p = &d;
    printf("TEST fab:        addr %p base %p\n", p, (BaseA*)p);
    return p;
  }
};

int main()
{
  ABFab fab;
  DerivedAB::ABFabNested fabNested;

  BaseA* a1 = fab.getPtr();
  BaseA* a2 = static_cast<FabForB&>(fab).getPtr();
  printf("TEST             addr %p %p\n", a1, a2);

  a1 = fabNested.getPtr();
  a2 = static_cast<FabForB&>(fabNested).getPtr();
  printf("TEST nested      addr %p %p\n", a1, a2);

  if (a1 != a2)
    abort();
}

This fails at least as far back as 4.1.0, I didn't test further.