From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 2A9A53858C2B; Tue, 9 May 2023 08:49:51 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2A9A53858C2B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1683622191; bh=b6C4FmZwlLls0mmid+VdN5DmQZgb09DHvCTa6nJJKWQ=; h=From:To:Subject:Date:In-Reply-To:References:From; b=f+eqwoEuMUoCFzFPAkX06aiggVazcgpt5hULHAb273V/8+eiPs8Eqc/+JE/j0JIWg iem+CvlK7pL+dS8H1FrCA+MG20pRv9rQnckT4JCktPTjam9tuJ25UQnYO56kIUatUL h1QdRYG/ggKIJ2Gqrhh/GakuqgS2gtiovLOInbYY= From: "rguenth at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug ipa/109770] [10/11/12/13/14 Regression] wrong(?) devirtualization Date: Tue, 09 May 2023 08:49:50 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: ipa X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: wrong-code X-Bugzilla-Severity: normal X-Bugzilla-Who: rguenth at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: 10.5 X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109770 --- Comment #7 from Richard Biener --- (In reply to m.cencora from comment #6) > (In reply to Richard Biener from comment #0) > > #include > >=20 > > struct Base > > { > > virtual ~Base() {} > > }; > > struct A : Base > > { > > virtual ~A() {} > > }; > > struct B : Base > > { > > [[gnu::noinline]] B() { new (this) A; } > > virtual ~B() { __builtin_abort (); } > > }; > > int main() > > { > > Base *p =3D new B; > > delete p; > > } > >=20 > > aborts when compiled with -O2 (with devirtualization enabled). Neither > > GCC nor clang diagnose the placement new in B::B() (but it looks fishy). >=20 > I believe you need to std::launder the p pointer before calling delete: > https://en.cppreference.com/w/cpp/utility/launder Ah, interesting. I was looking for an answer whether new T may produce anything other than an object with dynamic type T or if there are any constraints on the object constructed. In particular C++20 11.10.4 refered to by 6.7.3 doesn't mention whether re-using the storage is permitted for an object under construction. It says usage is limited and doesn't explicitely allow re-use so that might mean re-use is not allow= ed. Note std::launder is C++17 only, the original reporter was using C++98 / C+= +14 Reading C++20, 6.7.3/9, at least suggests that the placement new (this) A in the CTOR invokes undefined behavior because the lifetime of B hasn't ended (but 6.7.3/1.5 makes this ambiguous - we're re-using the storage here, and also we're not talking about an object with automatic storage duration)= .=