[Bug libstdc++/57997] New: Segmentation fault after returning valarray expression from an auto function

public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed

From: "roystgnr at ices dot utexas.edu" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug libstdc++/57997] New: Segmentation fault after returning valarray expression from an auto function
Date: Fri, 26 Jul 2013 22:07:00 -0000	[thread overview]
Message-ID: <bug-57997-4@http.gcc.gnu.org/bugzilla/> (raw)

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57997

            Bug ID: 57997
           Summary: Segmentation fault after returning valarray expression
                    from an auto function
           Product: gcc
           Version: 4.8.1
            Status: UNCONFIRMED
          Severity: major
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: roystgnr at ices dot utexas.edu

The following code:

////////

#include <valarray>

template<typename T>
auto f1(const T& x, const T& y)
-> decltype(x*y/2)
{ return x*y/2; }

int main()
{
  std::valarray<float> a(4, 1);
  std::valarray<float> b(4, 1);
  std::valarray<float> c(4, 1);

  c = a*b/2;
  c = f1(a,b);

  return 0;
} 

////////

compiled with g++ 4.8.1 (-std=c++11), dies at runtime with a segmentation
fault, stack trace:

(gdb) where
#0  0x0000000000400e60 in std::__multiplies::operator()<float>
(this=0x7fffffffd95f, 
    __x=@0x0: <error reading variable>, __y=@0x603030: 4)
    at /usr/include/c++/4.8/bits/valarray_before.h:204
#1  0x0000000000400ddc in std::_BinBase<std::__multiplies,
std::valarray<float>, std::valarray<float> >::operator[] (this=0x7fffffffda50,
__i=0)
    at /usr/include/c++/4.8/bits/valarray_before.h:524
#2  0x0000000000400d4d in std::_BinBase2<std::__divides,
std::_BinClos<std::__multiplies, std::_ValArray, std::_ValArray, float, float>
>::operator[] (this=0x7fffffffdac0, __i=0)
    at /usr/include/c++/4.8/bits/valarray_before.h:545
#3  0x0000000000400d0b in std::_Expr<std::_BinClos<std::__divides, std::_Expr,
std::_Constant, std::_BinClos<std::__multiplies, std::_ValArray,
std::_ValArray, float, float>, float>, float>::operator[] (this=0x7fffffffdac0,
__i=0)
    at /usr/include/c++/4.8/bits/valarray_after.h:216
#4  0x0000000000400c40 in std::__valarray_copy<float,
std::_BinClos<std::__divides, std::_Expr, std::_Constant,
std::_BinClos<std::__multiplies, std::_ValArray, std::_ValArray, float, float>,
float> > (__e=..., __n=1, __a=...)
    at /usr/include/c++/4.8/bits/valarray_array.tcc:146
#5  0x0000000000400a75 in
std::valarray<float>::operator=<std::_BinClos<std::__divides, std::_Expr,
std::_Constant, std::_BinClos<std::__multiplies, std::_ValArray,
std::_ValArray, float, float>, float> > (this=0x7fffffffdaa0, __e=...)
    at /usr/include/c++/4.8/valarray:823
#6  0x000000000040083c in main () at test.C:16


Examination in gdb of the expression template returned by f1 shows member
values which seem to be correct immediately after the return but which become
corrupted during the operator= evaluation.  I can't be sure, but it seems as if
sufficiently complicated expression templates (removing "/2" from the above
code doesn't trigger the problem) may be saving references to stack-allocated
(i.e. temporary, later overwritten) subexpressions.

My colleague reports being able to reproduce the problem (albeit on our
original code, not the above distilled testcase) with gcc trunk r201275.

The problem seems to lie with the valarray headers; using clang++ 3.3 with
libstdc++ results in the same failure, whereas the clang++/libc++ combination
passes our tests.

next             reply	other threads:[~2013-07-26 22:07 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-07-26 22:07 roystgnr at ices dot utexas.edu [this message]
2013-07-26 22:53 ` [Bug libstdc++/57997] " paolo.carlini at oracle dot com
2013-07-26 23:27 ` gdr at gcc dot gnu.org
2013-07-26 23:29 ` gdr at gcc dot gnu.org
2013-07-29 14:50 ` roystgnr at ices dot utexas.edu
2013-07-29 14:59 ` paolo.carlini at oracle dot com
2013-08-01 17:12 ` roystgnr at ices dot utexas.edu
2013-08-01 18:45 ` paolo.carlini at oracle dot com
2014-10-13 15:04 ` redi at gcc dot gnu.org
2014-10-13 15:49 ` glisse at gcc dot gnu.org

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-57997-4@http.gcc.gnu.org/bugzilla/ \
    --to=gcc-bugzilla@gcc.gnu.org \
    --cc=gcc-bugs@gcc.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).