public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/49728] New: g++ -> int object in memory deleted multiple times: no runtime error
@ 2011-07-13  8:54 b7756204 at klzlk dot com
  2011-07-13  8:56 ` [Bug c++/49728] " b7756204 at klzlk dot com
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: b7756204 at klzlk dot com @ 2011-07-13  8:54 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49728

           Summary: g++ -> int object in memory deleted multiple times: no
                    runtime error
           Product: gcc
           Version: 4.5.2
            Status: UNCONFIRMED
          Severity: minor
          Priority: P3
         Component: c++
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: b7756204@klzlk.com


Created attachment 24749
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24749
source code

Hi!

Below is an example, where an int-memory-object is deleted 3 times.
No runtime errors occur?

Is this a bug?
Thanks.



The example uses smart-pointers.
(source sode attached)
The int-memory-object (pointed-to by ip) is deleted 3 times: see lines 59, 62,
67

The deleted int-memory-object, can still be accessed: see lines 61, 64, 68



// line 1
// Below an int-object is created with new int(1)
// Usually a runtime error occurs if an object is deleted 2 or more times.
// But in the course of the execution, the object is deleted 3 times --> Why
does no runtime error occur?


#include <iostream>

using std::cout;
using std::endl;

class U_a
{
  friend class B;
  U_a(int *p) : ip(p), use(1) {}
  ~U_a() {
    std::cout << "Delete " << ip << std::endl;
    delete ip;
  }
  int *ip;
  size_t use; // use-counter, used by smart-pointer...
};

class B // uses smart pointers
{
public:
  B(int *p) : ptr(new U_a(p)) {}
  B(const B &rhs) : ptr(rhs.ptr) {
    ++ptr->use;
  }
  B &operator=(const B &rhs) {
    ++rhs.ptr->use;
    if (--ptr->use == 0)
      delete ptr;
    ptr = rhs.ptr;
    return *this;
  }
  int get_ip_val() {
    return *ptr->ip;
  }
  ~B() {
    if (--ptr->use == 0)
      delete ptr;
  }
private:
  U_a *ptr;
};


int main()
{

  int *ip = new int(1); // created "object-pointed-to-by ip" and give it
initial value 1
  {
    B b1(ip);
    {
      B b2(ip);         // deliberate bad use of smart-pointer class. This is
not the copy constructor! ;)
      cout << "Val: " << b1.get_ip_val() << endl;
    }                   // b2's destructor has run and deleted
"object-pointed-to-by ip"!

    cout << "Val: " << b1.get_ip_val() << endl; // 1)*** Why can we still get
"object-pointed-to-by ip"? Why is there no runtime error?
  }          // 2)*** b1's destructor has run and deleted "object-pointed-to-by
ip" the second time!!! Why is there still no runtime error?

  *ip = 4;   // 3)*** Why is there still no runtime error?

  std::cout << "Delete " << ip << std::endl;
  delete ip; // here we delete "object-pointed-to-by ip" a 3rd time     4)***
Why is there still no runtime error?
  *ip = 5;   // 5)*** Why is there still no runtime error?

  return 0;
}


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug c++/49728] g++ -> int object in memory deleted multiple times: no runtime error
  2011-07-13  8:54 [Bug c++/49728] New: g++ -> int object in memory deleted multiple times: no runtime error b7756204 at klzlk dot com
@ 2011-07-13  8:56 ` b7756204 at klzlk dot com
  2011-07-13  9:39 ` [Bug c++/49728] g++ -> double free " redi at gcc dot gnu.org
  2011-07-13  9:48 ` redi at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: b7756204 at klzlk dot com @ 2011-07-13  8:56 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49728

--- Comment #1 from JohnBrystone <b7756204 at klzlk dot com> 2011-07-13 08:56:00 UTC ---
posted here first...
http://www.cplusplus.com/forum/general/46599/


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug c++/49728] g++ -> double free -> int object in memory deleted multiple times: no runtime error
  2011-07-13  8:54 [Bug c++/49728] New: g++ -> int object in memory deleted multiple times: no runtime error b7756204 at klzlk dot com
  2011-07-13  8:56 ` [Bug c++/49728] " b7756204 at klzlk dot com
@ 2011-07-13  9:39 ` redi at gcc dot gnu.org
  2011-07-13  9:48 ` redi at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: redi at gcc dot gnu.org @ 2011-07-13  9:39 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49728

Jonathan Wakely <redi at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |RESOLVED
         Resolution|                            |INVALID

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> 2011-07-13 09:38:45 UTC ---
You haven't provided most of the information requested at
http://gcc.gnu.org/bugs/

The code has undefined behaviour, that doesn't mean you get an error, it means
the code is buggy.

It's not the compiler's job to diagnose it. On GNU/Linux use valgrind or
glibc's MALLOC_CHECK_ feature (see 'man malloc')


^ permalink raw reply	[flat|nested] 4+ messages in thread
* [Bug c++/49728] g++ -> double free -> int object in memory deleted multiple times: no runtime error
  2011-07-13  8:54 [Bug c++/49728] New: g++ -> int object in memory deleted multiple times: no runtime error b7756204 at klzlk dot com
  2011-07-13  8:56 ` [Bug c++/49728] " b7756204 at klzlk dot com
  2011-07-13  9:39 ` [Bug c++/49728] g++ -> double free " redi at gcc dot gnu.org
@ 2011-07-13  9:48 ` redi at gcc dot gnu.org
  2 siblings, 0 replies; 4+ messages in thread
From: redi at gcc dot gnu.org @ 2011-07-13  9:48 UTC (permalink / raw)
  To: gcc-bugs

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=49728

--- Comment #3 from Jonathan Wakely <redi at gcc dot gnu.org> 2011-07-13 09:47:14 UTC ---
See http://blog.regehr.org/archives/213 for an introduction to what undefined
behaviour means. C++ does not check for runtime errors, instead your program is
simply broken.
http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html is
another good article.


^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2011-07-13  9:48 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-07-13  8:54 [Bug c++/49728] New: g++ -> int object in memory deleted multiple times: no runtime error b7756204 at klzlk dot com
2011-07-13  8:56 ` [Bug c++/49728] " b7756204 at klzlk dot com
2011-07-13  9:39 ` [Bug c++/49728] g++ -> double free " redi at gcc dot gnu.org
2011-07-13  9:48 ` redi at gcc dot gnu.org

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).