From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14452 invoked by alias); 26 Nov 2010 00:30:43 -0000 Received: (qmail 14440 invoked by uid 22791); 26 Nov 2010 00:30:41 -0000 X-SWARE-Spam-Status: No, hits=-2.8 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Fri, 26 Nov 2010 00:30:37 +0000 From: "adam.rak at streamnovation dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/18635] use of uninitialised reference accepted in C++ front end X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Keywords: accepts-invalid X-Bugzilla-Severity: normal X-Bugzilla-Who: adam.rak at streamnovation dot com X-Bugzilla-Status: NEW X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: CC Message-ID: In-Reply-To: References: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Date: Fri, 26 Nov 2010 01:05:00 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2010-11/txt/msg03185.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D18635 =C3=81d=C3=A1m R=C3=A1k changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adam.rak at streamnovation | |dot com --- Comment #8 from =C3=81d=C3=A1m R=C3=A1k 2010-11-26 00:30:17 UTC --- in g++-4.6 (and maybe all before) this bug can be even more troublesome: struct AA { int &a; AA() : a(a) { } }; int main() { AA aa; cout << &aa.a << endl; return 0; } compiled without a warning even with g++ main.cpp -O3 -Wall -pedantic -Wextra -Winit-self -Wuninitialized And in -O0 it prints some address, probably the address of the reference as suggested before. But in -O1..3 it prints a 0, which means we made an nullreference.=20 The practical problem is that because of this, the code can be easily messe= d up like this: class AA { ...int &aaa; AA(int& aaaa) : aaa(aaa) {... A single typo and the compiled does really strange things, the segfault is = best case, sometimes the reference points a valid address. It is very hard to de= bug too. And when the programmer checks the code he/she can naively think that = the compiler should check it, so "why bother checking whether they are spelled exactly the same?" The old testcase was a bit harder to do accidentally, this one can happen m= ore easily. A self-init warning might enough to clue the programmer if this happens. An error would be better if we are sure this is invalid.