From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15260 invoked by alias); 22 Aug 2012 18:30:47 -0000 Received: (qmail 15241 invoked by uid 22791); 22 Aug 2012 18:30:44 -0000 X-SWARE-Spam-Status: No, hits=-3.6 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00 X-Spam-Check-By: sourceware.org Received: from localhost (HELO gcc.gnu.org) (127.0.0.1) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 22 Aug 2012 18:30:30 +0000 From: "gromer at google dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/54351] New: ~unique_ptr() should not set __p to null Date: Wed, 22 Aug 2012 18:30:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: gromer at google dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Changed-Fields: Message-ID: X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated Content-Type: text/plain; charset="UTF-8" MIME-Version: 1.0 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org X-SW-Source: 2012-08/txt/msg01547.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=54351 Bug #: 54351 Summary: ~unique_ptr() should not set __p to null Classification: Unclassified Product: gcc Version: 4.7.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ AssignedTo: unassigned@gcc.gnu.org ReportedBy: gromer@google.com libstdc++'s unique_ptr destructor is currently implemented as: ~unique_ptr() noexcept { reset(); } This has the effect of resetting the stored pointer to null, and then invoking the deleter on the formerly-stored pointer. I believe this is inconsistent with the language standard, which specifies the destructor as "If get() == nullptr there are no effects. Otherwise get_deleter()(get())." (note no mention of any side effects on the value of the stored pointer). This is a problem because this implementation will break code that (legitimately, AFAICT) relies on being able to continue to invoke operations on the scoped_ptr while the destructor is executing. The fix is to reimplement the destructor (in both the base template and the array specialization) as ~unique_ptr() noexcept { if (__p != pointer()) get_deleter()(__p); } If the intent is to zero out __p to help catch use-after-destruction errors, I believe it would be permissible to set __p to null after the call to get_deleter(), because at that point the change would no longer be visible to conforming code. To make this concrete, here's an example: the following program prints "bad" under libstdc++, but I believe a standard-conforming implementation is required to print "good": ============================= #include #include using std::cout; using std::endl; using std::unique_ptr; struct A; struct B { unique_ptr a; }; struct A { B* b; ~A() { if (b->a == nullptr) { cout << "bad" << endl; } else { cout << "good" << endl; } } }; int main(int argc, char** argv) { B b; b.a.reset(new A); b.a->b = &b; } =============================== As a point of comparison, MSVC++ 2010 prints "good" on this example program.