From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 121FA388E819; Sun, 7 Feb 2021 22:44:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 121FA388E819 From: "msebor at gcc dot gnu.org" To: gcc-bugs@gcc.gnu.org Subject: [Bug middle-end/98989] missing -Wfree-nonheap-object freeing std::strings over 15 bytes long Date: Sun, 07 Feb 2021 22:44:03 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: middle-end X-Bugzilla-Version: 11.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: normal X-Bugzilla-Who: msebor at gcc dot gnu.org X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: keywords Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Feb 2021 22:44:04 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D98989 Martin Sebor changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |diagnostic --- Comment #1 from Martin Sebor --- The reason the invalid call isn't diagnosed is because the allocation call = is "hidden" behind the call to std::__cxx11::basic_string::_M_create(), = and _M_create isn't annotated as an allocation function (with attribute malloc). In this case, though, the optimized IL shows that besides free() the functi= on also calls operator delete() on the same pointer. That's almost certainly wrong regardless of the control flow and so the warning could trigger simpl= y on that basis. annotating _M_create() shouldn't be necessary ;; Function f (_Z1fv, funcdef_no=3D1194, decl_uid=3D32383, cgraph_uid=3D317, symbol_order=3D347) Removing basic block 5 void f () { size_type __dnew; struct string str; char * _7; char * _9; long unsigned int _11; long unsigned int _12; char * _19; long unsigned int __dnew.6_20; long unsigned int __dnew.7_22; char * _23; char * _24; [local count: 1073741824]: MEM[(struct basic_string *)&str] =3D{v} {CLOBBER}; MEM[(struct _Alloc_hider *)&str] =3D{v} {CLOBBER}; MEM[(struct _Alloc_hider *)&str]._M_p =3D &str.D.24447._M_local_buf; __dnew =3D 16; _19 =3D std::__cxx11::basic_string::_M_create (&str, &__dnew, 0); str._M_dataplus._M_p =3D _19; __dnew.6_20 =3D __dnew; str.D.24447._M_allocated_capacity =3D __dnew.6_20; __builtin_memcpy (_19, "abcdefghijklmnop", 16); __dnew.7_22 =3D __dnew; str._M_string_length =3D __dnew.7_22; _23 =3D str._M_dataplus._M_p; _24 =3D _23 + __dnew.7_22; MEM[(char_type &)_24] =3D 0; __dnew =3D{v} {CLOBBER}; _7 =3D str._M_dataplus._M_p; free (_7); _9 =3D str._M_dataplus._M_p; if (&str.D.24447._M_local_buf !=3D _9) goto ; [53.47%] else goto ; [46.53%] [local count: 574129753]: _11 =3D str.D.24447._M_allocated_capacity; _12 =3D _11 + 1; operator delete (_9, _12); [local count: 1073741824]: str =3D{v} {CLOBBER}; str =3D{v} {CLOBBER}; return; }=