[Bug c++/99185] New: asan initialization-order-fiasco false positive

[Bug c++/99185] New: asan initialization-order-fiasco false positive

[kal.conley at dectris dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

            Bug ID: 99185
           Summary: asan initialization-order-fiasco false positive
           Product: gcc
           Version: 10.2.1
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: kal.conley at dectris dot com
  Target Milestone: ---

The default constructor does not initialize primitive types.

a.cc:
=====
struct A {
  int value;
  A() = default;
};
A g;

b.cc:
=====
struct A {
  int value;
  A() = default;
};
extern A g;

int b = []() {
    g.value = 1;
    return 0;
}();

int main() {
    return 0;
}

$ g++ -fsanitize=address -std=c++20 a.cc b.cc; ./a.out

=================================================================
==3844820==ERROR: AddressSanitizer: initialization-order-fiasco on address
0x000000404160 at pc 0x0000004013c6 bp 0x7fff2371ecc0 sp 0x7fff2371ecb0
WRITE of size 4 at 0x000000404160 thread T0
    #0 0x4013c5 in b::{lambda()#1}::operator()() const
(/home/kal/work/cxx/a.out+0x4013c5)
    #1 0x4012a8 in __static_initialization_and_destruction_0(int, int)
(/home/kal/work/cxx/a.out+0x4012a8)
    #2 0x40134b in _GLOBAL__sub_I_b (/home/kal/work/cxx/a.out+0x40134b)
    #3 0x40142c in __libc_csu_init (/home/kal/work/cxx/a.out+0x40142c)
    #4 0x7f43cfb8b00d in __libc_start_main (/lib64/libc.so.6+0x2700d)
    #5 0x4010dd in _start (/home/kal/work/cxx/a.out+0x4010dd)

0x000000404160 is located 0 bytes inside of global variable 'g' defined in
'a.cc:5:3' (0x404160) of size 4
  registered at:
    #0 0x7f43d00b5cc8  (/lib64/libasan.so.6+0x37cc8)
    #1 0x401202 in _sub_I_00099_1 (/home/kal/work/cxx/a.out+0x401202)
    #2 0x40142c in __libc_csu_init (/home/kal/work/cxx/a.out+0x40142c)

SUMMARY: AddressSanitizer: initialization-order-fiasco
(/home/kal/work/cxx/a.out+0x4013c5) in b::{lambda()#1}::operator()() const
Shadow bytes around the buggy address:
  0x0000800787d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800787e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800787f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078810: 00 00 00 00 f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00
=>0x000080078820: f9 f9 f9 f9 f9 f9 f9 f9 00 00 00 00[f6]f6 f6 f6
  0x000080078830: f6 f6 f6 f6 00 00 00 00 04 f9 f9 f9 f9 f9 f9 f9
  0x000080078840: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078850: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078860: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x000080078870: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
  Shadow gap:              cc
==3844820==ABORTING

[Bug c++/99185] asan initialization-order-fiasco false positive

[kal.conley at dectris dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #1 from kal.conley at dectris dot com ---
Strict init-order checking is enabled.

[Bug c++/99185] asan initialization-order-fiasco false positive

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #2 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
I think the error is correct. There is no defined ordering of globalstar
between translation units.
Can you explain why you think the ordering  is defined here?

[Bug c++/99185] asan initialization-order-fiasco false positive

[kal.conley at dectris dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #3 from kal.conley at dectris dot com ---
I don't think there should be any dynamic initialization of A here. Also, its
weird that if the definition if A is changed to:

struct A {
  int value = 0;
  A() = default;
};

then the error goes away.

[Bug c++/99185] asan initialization-order-fiasco false positive

[m.cencora at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

m.cencora at gmail dot com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |m.cencora at gmail dot com

--- Comment #4 from m.cencora at gmail dot com ---
I think it is just that sanitizer didn't caught up to the C++20 standard where
constexpr was relaxed to allow uninitialized variables.
Constant initialization is applied only when class constructor in constexpr,
and only since C++20 'A' class has constexpr constructor.

Proof, following compiles only since C++20:
struct A {
  int value;
  constexpr A() = default;
};

[Bug c++/99185] asan initialization-order-fiasco false positive

[kal.conley at dectris dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #5 from kal.conley at dectris dot com ---
I don't think this has anything to do with C++20. The behavior doesn't change
when compiling for C++17. In any case, `g` should be static initialized with
zeros and no dynamic initialization in `a.cc` should take place.

[Bug c++/99185] asan initialization-order-fiasco false positive

[m.cencora at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #6 from m.cencora at gmail dot com ---
Now that I think about and having read relevant chapters of C++20 spec,
observed behavior seems to be expected.

A cannot be constant initialized (because it has missing initializer for
'value' member) so at first zero-initialization is performed as part of static
initialization, then A constructor is called as part of dynamic initialization.

[Bug c++/99185] asan initialization-order-fiasco false positive

[kal.conley at dectris dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #7 from kal.conley at dectris dot com ---
There is no fiasco here because the default constructor of `A` does no dynamic
initialization. If the definition of `A` is changed to:

struct A {
  int value;
};

then the error goes away. However, in both cases there is the same
implicitly-defined default constructor generated by the compiler. Explicitly
declaring `A() = default` should not change anything in this regard. Generating
an error in this case is not useful.

[Bug c++/99185] asan initialization-order-fiasco false positive

[m.cencora at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99185

--- Comment #8 from m.cencora at gmail dot com ---
It does not matter whether A constructor is default or empty. If class instance
cannot be constant-initialized then dynamic initialization will take place.

I think gcc just incorrectly performs constant initialization in these
scenarios.

clang reports error as expected:
struct A
{
    int value;
};

struct B
{
    int value;
    B() = default;
};

constinit A a;
constinit B b;