From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7257 invoked by alias); 26 Jul 2013 22:07:49 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 7159 invoked by uid 48); 26 Jul 2013 22:07:45 -0000 From: "roystgnr at ices dot utexas.edu" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/57997] New: Segmentation fault after returning valarray expression from an auto function Date: Fri, 26 Jul 2013 22:07:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: 4.8.1 X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: roystgnr at ices dot utexas.edu X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2013-07/txt/msg01303.txt.bz2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=57997 Bug ID: 57997 Summary: Segmentation fault after returning valarray expression from an auto function Product: gcc Version: 4.8.1 Status: UNCONFIRMED Severity: major Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: roystgnr at ices dot utexas.edu The following code: //////// #include template auto f1(const T& x, const T& y) -> decltype(x*y/2) { return x*y/2; } int main() { std::valarray a(4, 1); std::valarray b(4, 1); std::valarray c(4, 1); c = a*b/2; c = f1(a,b); return 0; } //////// compiled with g++ 4.8.1 (-std=c++11), dies at runtime with a segmentation fault, stack trace: (gdb) where #0 0x0000000000400e60 in std::__multiplies::operator() (this=0x7fffffffd95f, __x=@0x0: , __y=@0x603030: 4) at /usr/include/c++/4.8/bits/valarray_before.h:204 #1 0x0000000000400ddc in std::_BinBase, std::valarray >::operator[] (this=0x7fffffffda50, __i=0) at /usr/include/c++/4.8/bits/valarray_before.h:524 #2 0x0000000000400d4d in std::_BinBase2 >::operator[] (this=0x7fffffffdac0, __i=0) at /usr/include/c++/4.8/bits/valarray_before.h:545 #3 0x0000000000400d0b in std::_Expr, float>, float>::operator[] (this=0x7fffffffdac0, __i=0) at /usr/include/c++/4.8/bits/valarray_after.h:216 #4 0x0000000000400c40 in std::__valarray_copy, float> > (__e=..., __n=1, __a=...) at /usr/include/c++/4.8/bits/valarray_array.tcc:146 #5 0x0000000000400a75 in std::valarray::operator=, float> > (this=0x7fffffffdaa0, __e=...) at /usr/include/c++/4.8/valarray:823 #6 0x000000000040083c in main () at test.C:16 Examination in gdb of the expression template returned by f1 shows member values which seem to be correct immediately after the return but which become corrupted during the operator= evaluation. I can't be sure, but it seems as if sufficiently complicated expression templates (removing "/2" from the above code doesn't trigger the problem) may be saving references to stack-allocated (i.e. temporary, later overwritten) subexpressions. My colleague reports being able to reproduce the problem (albeit on our original code, not the above distilled testcase) with gcc trunk r201275. The problem seems to lie with the valarray headers; using clang++ 3.3 with libstdc++ results in the same failure, whereas the clang++/libc++ combination passes our tests.