public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/111299] New: lack of warning on dangling reference to temporary
@ 2023-09-05 21:51 barry.revzin at gmail dot com
  2023-09-06  1:19 ` [Bug c++/111299] " de34 at live dot cn
  2023-09-06  1:43 ` pinskia at gcc dot gnu.org
  0 siblings, 2 replies; 3+ messages in thread
From: barry.revzin at gmail dot com @ 2023-09-05 21:51 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111299

            Bug ID: 111299
           Summary: lack of warning on dangling reference to temporary
           Product: gcc
           Version: 13.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: barry.revzin at gmail dot com
  Target Milestone: ---

Consider the following reduced example:

using size_t = decltype(sizeof(0));

template <typename T, size_t N>
struct array {
    T elems[N];

    auto data() -> T* { return elems; }
    auto data() const -> T const* { return elems; }

    auto size() const -> size_t { return N; }
};

template <typename T>
struct Span {
    T* p;
    size_t len;

    Span(T* p, size_t len) : p(p), len(len) { }

    template <typename R>
    Span(R&& r) : p(r.data()), len(r.size()) { }
};

struct [[gnu::packed]] X {
    array<int, 1> value;
};

auto get_slice_ref(X const& x) {
    return Span<int const>(x.value);
}

auto get_slice_ptr(X const& x) {
    return Span<int const>(x.value.data(), 1);
}


Span<T> is a heavily reduced version of std::span: no fixed extent, no
constraints, etc.

X is a packed struct with a single array member.

Neither version (get_slice_ptr or get_slice_ref) emits any warnings on gcc,
with -Wall -Wextra -Wdangling-reference. 

But the -DREF version is horribly broken. What ends up happening is that in
order to bind x.value to the reference parameter R&& r, we can't actually do
that, so instead we create a temporary initialized by copying x.value and we
bind a reference to that temporary, returning a Span pointing to... that. Which
immediately goes out of scope and we end up with a dangling Span.

You can see the broken-ness in the codegen (https://godbolt.org/z/zY77eresb).
The pointer version does the right thing:

get_slice_ptr(X const&):
        mov     rax, rdi
        mov     edx, 1
        ret

The ref version gives me some garbage:

get_slice_ref(X const&):
        lea     rax, [rsp-12]
        mov     edx, 1
        ret

It would be really helpful if I had any indication that something is going
wrong here.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Bug c++/111299] lack of warning on dangling reference to temporary
  2023-09-05 21:51 [Bug c++/111299] New: lack of warning on dangling reference to temporary barry.revzin at gmail dot com
@ 2023-09-06  1:19 ` de34 at live dot cn
  2023-09-06  1:43 ` pinskia at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: de34 at live dot cn @ 2023-09-06  1:19 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111299

Jiang An <de34 at live dot cn> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |de34 at live dot cn

--- Comment #1 from Jiang An <de34 at live dot cn> ---
> What ends up happening is that in order to bind x.value to the reference parameter R&& r, we can't actually do that, so instead we create a temporary initialized by copying x.value and we bind a reference to that temporary, returning a Span pointing to... that.

This looks like miscompilation. [[gnu::packed]] should have no effect here.

Clang seemingly correctly compiles the function
(https://godbolt.org/z/7x8fGcEM9).

^ permalink raw reply	[flat|nested] 3+ messages in thread
* [Bug c++/111299] lack of warning on dangling reference to temporary
  2023-09-05 21:51 [Bug c++/111299] New: lack of warning on dangling reference to temporary barry.revzin at gmail dot com
  2023-09-06  1:19 ` [Bug c++/111299] " de34 at live dot cn
@ 2023-09-06  1:43 ` pinskia at gcc dot gnu.org
  1 sibling, 0 replies; 3+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-09-06  1:43 UTC (permalink / raw)
  To: gcc-bugs

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=111299

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
(In reply to Jiang An from comment #1)
> > What ends up happening is that in order to bind x.value to the reference parameter R&& r, we can't actually do that, so instead we create a temporary initialized by copying x.value and we bind a reference to that temporary, returning a Span pointing to... that.
> 
> This looks like miscompilation. [[gnu::packed]] should have no effect here.
> 
> Clang seemingly correctly compiles the function
> (https://godbolt.org/z/7x8fGcEM9).

No, [[gnu::packed]] means you cannot bind a full reference to an element of
that struct because it would be miscompiled.

clang actually miscompiles this because then the alignment for the refernece
would be incorrect ...

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2023-09-06  1:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-05 21:51 [Bug c++/111299] New: lack of warning on dangling reference to temporary barry.revzin at gmail dot com
2023-09-06  1:19 ` [Bug c++/111299] " de34 at live dot cn
2023-09-06  1:43 ` pinskia at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).