[Bug c++/107555] New: Never constructed object destroyed during exception handling

[Bug c++/107555] New: Never constructed object destroyed during exception handling

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

            Bug ID: 107555
           Summary: Never constructed object destroyed during exception
                    handling
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: boris at kolpackov dot net
  Target Milestone: ---

I have a fairly complex function (nested loops, try-catch blocks, etc) that on
throwing an exceptions tries to destroy a stack object (suspected to be the
return value) that was never constructed. This feels like a mis-compilation
introduced in GCC 12 because:

1. The issue disappears if optimization is enabled.

2. The issue disappears if I get rid of the return value with otherwise minimal
changes.

3. Does not reproduce with GCC 11 or 10 in otherwise the same build.

I am not sure what's the best way to debug this. Coming up with a minimal
reproduce feels hopeless. But I can easily provide the instructions on how to
reproduce this on the actual source code. In the meantime, I will capture some
background below:

The relevant fragment of the stack trace looks like this:

#18 0x00007f7472e5d270 in std::pair<build2::file_cache::entry, bool>::~pair
(this=0x7ffdbe099e30, __in_chrg=<optimized out>) at
/usr/include/c++/12/bits/stl_pair.h:185
#19 0x00007f7472e4ab19 in build2::cc::compile_rule::extract_headers (....) at
.../compile-rule.cxx:4768

The pair object being destroyed at frame #18 was never constructed and
eventually leads to "free(): invalid pointer" and abort. The extract_headers()
function has the following overall structure (only what I believe are the
relevant parts are shown):

pair<file_cache::entry, bool> compile_rule::
extract_headers (....)
{

  ...

  if (something)
   return make_pair (file_cache::entry (), false);  // <-- one of early returns

  ...


  try
  {
    ...

    if (something)
      throw failed ();             // <-- the exception that is thrown

  }                                // <-- line 4768
  catch (const process_error& e)
  {
    ...

    throw failed ();
  }

  ...

  return make_pair (move (psrc), puse); 
}

As can be seen, the function has a bunch of early returns. Other than the
returns, it does not construct any pair<file_cache::entry, bool> instances.

The call site look like this:

pair<file_cache::entry, bool> psrc (file_cache::entry (), false);

if (something)
{
  ...
  psrc = extract_headers (....); 
}

Note that I checked and the `this` pointer from frame #18 does not point to
psrc form the call site.

I was able to work around this issue by getting rid of the return type and
instead passing the result object by reference:

void compile_rule::
extract_headers (...., pair<file_cache::entry, bool>& result)
{
    ...

  if (something)
   return;

  ...

  result.first = move (psrc);
  result.second = puse;
}

And the call site:

pair<file_cache::entry, bool> psrc (file_cache::entry (), false);
if (something)
{
  ...
  extract_headers (...., psrc);  
}

[Bug c++/107555] Never constructed object destroyed during exception handling

[rguenth at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

Richard Biener <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |WAITING
   Last reconfirmed|                            |2022-11-08
     Ever confirmed|0                           |1
           Keywords|                            |wrong-code
      Known to work|                            |10.4.0, 11.3.0

--- Comment #1 from Richard Biener <rguenth at gcc dot gnu.org> ---
It's impossible to do anything about this without a way to reproduce.

[Bug c++/107555] Never constructed object destroyed during exception handling

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #2 from Boris Kolpackov <boris at kolpackov dot net> ---
There is a way to reproduce it but it requires building the actual source code
rather than a minimal reproducer. It's not that difficult. Should I provide the
instructions?

[Bug c++/107555] Never constructed object destroyed during exception handling

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Just the preprocessed .ii file for the one translation unit compile-rule.cxx is
all that's needed.

The bug reporting instructions don't say you have to minimise it (though that's
certainly preferred) but they do say we need the preprocessed source.

[Bug c++/107555] Never constructed object destroyed during exception handling

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #4 from Boris Kolpackov <boris at kolpackov dot net> ---
Created attachment 53849
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53849&action=edit
Preprocessed translation unit

[Bug c++/107555] Never constructed object destroyed during exception handling

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #5 from Boris Kolpackov <boris at kolpackov dot net> ---
Created attachment 53850
  --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=53850&action=edit
Preprocessed translation unit with workaround

[Bug c++/107555] Never constructed object destroyed during exception handling

[boris at kolpackov dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #6 from Boris Kolpackov <boris at kolpackov dot net> ---
I was under the impression that only something runnable would be useful, but if
all that's need is a preprocessed translation unit, then that's no problem at
all. I've also attached the translation unit with the workaround for your
reference.

Both files were produced with the following command line using GCC 12.2.0
(Debian 12.2.0-3):

g++-12 ... -DLIBBUILD2_SHARED_BUILD -DLIBBUILD2_CC_SHARED_BUILD
-DLIBBUILD2_BIN_SHARED -DLIBBUILD2_SHARED -DLIBBUTL_SHARED 
-DLIBPKG_CONFIG_SHARED -g -std=c++23 -finput-charset=UTF-8 -fPIC -E
-fdirectives-only -o compile-rule.ii compile-rule.cxx

And should be compiled with:

g++-12 -DLIBBUILD2_SHARED_BUILD -DLIBBUILD2_CC_SHARED_BUILD
-DLIBBUILD2_BIN_SHARED -DLIBBUILD2_SHARED -DLIBBUTL_SHARED
-DLIBPKG_CONFIG_SHARED -g -std=c++23 -finput-charset=UTF-8 -fPIC -o
compile-rule.o -c -fdirectives-only compile-rule.ii

Let me know if there is anything else you need.

[Bug c++/107555] Never constructed object destroyed during exception handling

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|WAITING                     |UNCONFIRMED
     Ever confirmed|1                           |0

[Bug c++/107555] Never constructed object destroyed during exception handling

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=107555

--- Comment #7 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Boris Kolpackov from comment #6)
> I was under the impression that only something runnable would be useful, but

https://gcc.gnu.org/bugs/#need

> if all that's need is a preprocessed translation unit, then that's no
> problem at all. I've also attached the translation unit with the workaround
> for your reference.

Thanks for attaching them.