From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15320 invoked by alias); 25 Jan 2015 18:35:21 -0000 Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-bugs-owner@gcc.gnu.org Received: (qmail 28606 invoked by uid 48); 25 Jan 2015 18:07:39 -0000 From: "andrey.vihrov at gmail dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug libstdc++/64504] Invalid free() with _GLIBCXX_DEBUG and -fwhole-program Date: Sun, 25 Jan 2015 18:35:00 -0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: libstdc++ X-Bugzilla-Version: 4.9.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: andrey.vihrov at gmail dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-SW-Source: 2015-01/txt/msg02788.txt.bz2 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64504 --- Comment #3 from Andrey Vihrov --- I compiled the example program without and with -fwhole-program to assembly code, and here are the differences: http://pastie.org/9859649 As I understand, normally the ".weak" directive ensures that there is only one definition of std::string::_Rep::_S_empty_rep_storage per whole program. But with -fwhole-program the .weak directive disappears, and instead another local definition is created. Looking at libstdc++ source code, I see // The following storage is init'd to 0 by the linker, resulting // (carefully) in an empty string with one reference. static size_type _S_empty_rep_storage[]; . . . // Linker sets _S_empty_rep_storage to all 0s (one reference, empty string) // at static init time (before static ctors are run). template typename basic_string<_CharT, _Traits, _Alloc>::size_type basic_string<_CharT, _Traits, _Alloc>::_Rep::_S_empty_rep_storage[ (sizeof(_Rep_base) + sizeof(_CharT) + sizeof(size_type) - 1) / sizeof(size_type)]; I can get kind of the same difference in assembly by compiling this code: template struct S { static char arr[]; }; template char S::arr[3]; int main() { return S<>::arr[1]; } Without -fwhole-program ".weak" and stuff is emitted, with the option the array probably becomes static and so the program is compiled to "return 0". So it looks like the problem here is that with -fwhole-program GCC does not consider the possible existence of the same template instantiation in other translation units.