public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "avi@cloudius-systems.com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c++/95111] New: coroutines use-after-free with lambdas
Date: Wed, 13 May 2020 17:36:57 +0000 [thread overview]
Message-ID: <bug-95111-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95111
Bug ID: 95111
Summary: coroutines use-after-free with lambdas
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: avi@cloudius-systems.com
Target Milestone: ---
coroutines copy their input to the coroutine frame, so a coroutine like
future<T> f(T x) {
co_await something();
co_return x;
}
will copy x back from the coroutine frame. However, lambdas are passed by
pointer, so something like
[x] () -> future<T> {
co_await something();
co_return x;
}
will fail, it is translated as something like
struct lambda {
T x;
}
future<T> lambda_operator_parens(const lambda* l) {
co_await something();
co_return l->x;
}
Since l is captured by value, *l is dangling and is leaked.
I think the following translation would be more useful:
future<T> lambda_operator_parens_rref(const lambda l) {
co_await something();
co_return l.x;
}
l would be copied by value and would survive copying/moving into the coroutine
frame.
I don't know if the current behavior is mandated by the standard, but if it is,
it seems a serious defect.
next reply other threads:[~2020-05-13 17:36 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-13 17:36 avi@cloudius-systems.com [this message]
2020-05-13 19:12 ` [Bug c++/95111] " iains at gcc dot gnu.org
2020-05-13 19:14 ` avi@cloudius-systems.com
2020-05-13 19:15 ` avi@cloudius-systems.com
2020-05-13 19:21 ` iains at gcc dot gnu.org
2020-05-13 19:27 ` avi@cloudius-systems.com
2020-05-13 19:39 ` iains at gcc dot gnu.org
2020-05-13 20:10 ` avi@cloudius-systems.com
2020-05-13 20:11 ` avi@cloudius-systems.com
2020-05-13 20:17 ` iains at gcc dot gnu.org
2020-05-13 20:24 ` avi@cloudius-systems.com
2020-05-14 11:15 ` avi@cloudius-systems.com
2020-05-14 11:24 ` ville.voutilainen at gmail dot com
2020-05-14 11:29 ` avi@cloudius-systems.com
2020-05-14 11:46 ` iains at gcc dot gnu.org
2020-05-14 11:54 ` avi@cloudius-systems.com
2020-05-14 11:57 ` ville.voutilainen at gmail dot com
2020-05-14 11:59 ` ville.voutilainen at gmail dot com
2020-05-14 12:01 ` avi@cloudius-systems.com
2020-05-14 12:02 ` iains at gcc dot gnu.org
2020-05-14 12:02 ` avi@cloudius-systems.com
2020-05-14 12:25 ` iains at gcc dot gnu.org
2020-05-14 12:33 ` avi@cloudius-systems.com
2020-05-14 12:34 ` avi@cloudius-systems.com
2020-05-14 18:02 ` egallager at gcc dot gnu.org
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-95111-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).