public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
* [Bug c++/99801] New: Address sanitizer false positive with pointer to member function.
@ 2021-03-28 16:07 fsb4000 at yandex dot ru
2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: fsb4000 at yandex dot ru @ 2021-03-28 16:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Bug ID: 99801
Summary: Address sanitizer false positive with pointer to
member function.
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: fsb4000 at yandex dot ru
Target Milestone: ---
Hi.
Problematic piece of code: https://gcc.godbolt.org/z/s8x3KqaMb
If we change `auto` to `void (Curses_table::*)()` then it works:
https://gcc.godbolt.org/z/bezacsTPa
clang works in both cases:
https://gcc.godbolt.org/z/1e719Maa6
https://gcc.godbolt.org/z/8eqWzGzaW
^ permalink raw reply [flat|nested] 8+ messages in thread* [Bug sanitizer/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru @ 2021-03-30 7:32 ` marxin at gcc dot gnu.org 2021-04-12 9:29 ` marxin at gcc dot gnu.org ` (5 subsequent siblings) 6 siblings, 0 replies; 8+ messages in thread From: marxin at gcc dot gnu.org @ 2021-03-30 7:32 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed| |2021-03-30 Status|UNCONFIRMED |ASSIGNED Ever confirmed|0 |1 Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org --- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> --- I can take a look. ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug sanitizer/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru 2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org @ 2021-04-12 9:29 ` marxin at gcc dot gnu.org 2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org ` (4 subsequent siblings) 6 siblings, 0 replies; 8+ messages in thread From: marxin at gcc dot gnu.org @ 2021-04-12 9:29 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jason at gcc dot gnu.org --- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> --- So let's consider the following example: $ cat pr99801.C class Curses_table { public: void draw_row() {}; void draw_table(); }; void Curses_table::draw_table() { void (Curses_table::*draw_fn) (void) = &Curses_table::draw_row; auto Curses_table::*draw_fn2 = &Curses_table::draw_row; (this->*draw_fn)(); (this->*draw_fn2)(); } int main() { Curses_table t; t.draw_table(); } What happens is that we wrongly assign DECL_SIZE_UNIT for draw_fn2 in: Breakpoint 5, layout_decl (decl=<var_decl 0x7ffff7fbef30 draw_fn>, known_align=0) at /home/marxin/Programming/gcc/gcc/stor-layout.c:634 (gdb) p debug_tree(type) <offset_type 0x7ffff777d690 type <template_type_parm 0x7ffff777d5e8 auto VOID align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7ffff777d5e8 index 0 level 1 orig_level 1 chain <type_decl 0x7ffff760ee40 auto>> DI size <integer_cst 0x7ffff75e1eb8 type <integer_type 0x7ffff75ff0a8 bitsizetype> constant 64> unit-size <integer_cst 0x7ffff75e1ed0 type <integer_type 0x7ffff75ff000 sizetype> constant 8> align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7ffff777d690 basetype <record_type 0x7ffff777d888 Curses_table>> while draw_fn is called with: (gdb) p debug_tree(type) <record_type 0x7ffff777d3f0 type_2 TI size <integer_cst 0x7ffff75e1f00 type <integer_type 0x7ffff75ff0a8 bitsizetype> constant 128> unit-size <integer_cst 0x7ffff75e1f18 type <integer_type 0x7ffff75ff000 sizetype> constant 16> align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7ffff777d498 fields <field_decl 0x7ffff760eab0 __pfn type <pointer_type 0x7ffff777d2a0 type <method_type 0x7ffff777d0a8> unsigned DI size <integer_cst 0x7ffff75e1eb8 constant 64> unit-size <integer_cst 0x7ffff75e1ed0 constant 8> align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type 0x7ffff777d348> unsigned nonaddressable DI /home/marxin/Programming/testcases/pr99801.C:9:38 size <integer_cst 0x7ffff75e1eb8 64> unit-size <integer_cst 0x7ffff75e1ed0 8> align:64 warn_if_not_align:0 offset_align 128 offset <integer_cst 0x7ffff75e1ee8 constant 0> bit-offset <integer_cst 0x7ffff75e1f30 constant 0> context <record_type 0x7ffff777d3f0> chain <field_decl 0x7ffff760eb48 __delta type <integer_type 0x7ffff75ff738 long int> nonaddressable DI /home/marxin/Programming/testcases/pr99801.C:9:38 size <integer_cst 0x7ffff75e1eb8 64> unit-size <integer_cst 0x7ffff75e1ed0 8> align:64 warn_if_not_align:0 offset_align 128 offset <integer_cst 0x7ffff75e1ee8 0> bit-offset <integer_cst 0x7ffff75e1eb8 64> context <record_type 0x7ffff777d3f0>>> ptrmemfunc fn type <pointer_type 0x7ffff777d2a0> chain <type_decl 0x7ffff760ebe0 __ptrmemfunc_type>> later then the corresponding record_type is set as TREE_TYPE of draw_fn2: (gdb) bt #0 0x0000000000a16cd0 in cp_finish_decl (decl=decl@entry=<var_decl 0x7ffff7794510 draw_fn2>, init=<optimized out>, init@entry=<ptrmem_cst 0x7ffff7774b20>, init_const_expr_p=true, asmspec_tree=<optimized out>, asmspec_tree@entry=<tree 0x0>, flags=5) at /home/marxin/Programming/gcc/gcc/cp/decl.c:7744 #1 0x0000000000b06168 in cp_parser_init_declarator (parser=0x7ffff760e7b8, flags=<optimized out>, decl_specifiers=0x7fffffffd2b0, checks=0x0, function_definition_allowed_p=<optimized out>, member_p=<optimized out>, declares_class_or_enum=0, function_definition_p=0x7fffffffd350, maybe_range_for_decl=0x0, init_loc=0x7fffffffd29c, auto_result=0x7fffffffd3f0) at /home/marxin/Programming/gcc/gcc/cp/parser.c:21872 #2 0x0000000000ae166d in cp_parser_simple_declaration (parser=0x7ffff760e7b8, function_definition_allowed_p=<optimized out>, maybe_range_for_decl=0x0) at /home/marxin/Programming/gcc/gcc/cp/parser.c:14442 #3 0x0000000000ae385b in cp_parser_declaration_statement (parser=parser@entry=0x7ffff760e7b8) at /home/marxin/Programming/gcc/gcc/cp/parser.c:13577 #4 0x0000000000ae3ea4 in cp_parser_statement (parser=0x7ffff760e7b8, in_statement_expr=<tree 0x0>, in_compound=<optimized out>, if_p=<optimized out>, chain=<optimized out>, loc_after_labels=0x0) at /home/marxin/Programming/gcc/gcc/cp/parser.c:11808 #5 0x0000000000ae5983 in cp_parser_statement_seq_opt (parser=parser@entry=0x7ffff760e7b8, in_statement_expr=in_statement_expr@entry=<tree 0x0>) at /home/marxin/Programming/gcc/gcc/cp/parser.c:12174 but the DECL_SIZE_UNIT is not adjusted. @Jason: Can you please take a look? ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru 2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org 2021-04-12 9:29 ` marxin at gcc dot gnu.org @ 2021-08-16 11:41 ` marxin at gcc dot gnu.org 2021-08-16 11:41 ` marxin at gcc dot gnu.org ` (3 subsequent siblings) 6 siblings, 0 replies; 8+ messages in thread From: marxin at gcc dot gnu.org @ 2021-08-16 11:41 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 --- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> --- @Jason: May I please ping this? ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru ` (2 preceding siblings ...) 2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org @ 2021-08-16 11:41 ` marxin at gcc dot gnu.org 2021-11-05 16:26 ` marxin at gcc dot gnu.org ` (2 subsequent siblings) 6 siblings, 0 replies; 8+ messages in thread From: marxin at gcc dot gnu.org @ 2021-08-16 11:41 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |WAITING ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru ` (3 preceding siblings ...) 2021-08-16 11:41 ` marxin at gcc dot gnu.org @ 2021-11-05 16:26 ` marxin at gcc dot gnu.org 2022-12-25 6:52 ` pinskia at gcc dot gnu.org 2022-12-25 6:56 ` pinskia at gcc dot gnu.org 6 siblings, 0 replies; 8+ messages in thread From: marxin at gcc dot gnu.org @ 2021-11-05 16:26 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 Martin Liška <marxin at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|WAITING |NEW Assignee|marxin at gcc dot gnu.org |unassigned at gcc dot gnu.org ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru ` (4 preceding siblings ...) 2021-11-05 16:26 ` marxin at gcc dot gnu.org @ 2022-12-25 6:52 ` pinskia at gcc dot gnu.org 2022-12-25 6:56 ` pinskia at gcc dot gnu.org 6 siblings, 0 replies; 8+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-12-25 6:52 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 --- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> --- Created attachment 54155 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54155&action=edit Original testcase ^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function. 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru ` (5 preceding siblings ...) 2022-12-25 6:52 ` pinskia at gcc dot gnu.org @ 2022-12-25 6:56 ` pinskia at gcc dot gnu.org 6 siblings, 0 replies; 8+ messages in thread From: pinskia at gcc dot gnu.org @ 2022-12-25 6:56 UTC (permalink / raw) To: gcc-bugs https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801 Andrew Pinski <pinskia at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Last reconfirmed|2021-03-30 00:00:00 |2022-12-24 --- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> --- -O0 -fsanitize=address ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-12-25 6:56 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru 2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org 2021-04-12 9:29 ` marxin at gcc dot gnu.org 2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org 2021-08-16 11:41 ` marxin at gcc dot gnu.org 2021-11-05 16:26 ` marxin at gcc dot gnu.org 2022-12-25 6:52 ` pinskia at gcc dot gnu.org 2022-12-25 6:56 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).