public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c++/99801] New: Address sanitizer false positive with pointer to member function.
@ 2021-03-28 16:07 fsb4000 at yandex dot ru
2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org
` (6 more replies)
0 siblings, 7 replies; 8+ messages in thread
From: fsb4000 at yandex dot ru @ 2021-03-28 16:07 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Bug ID: 99801
Summary: Address sanitizer false positive with pointer to
member function.
Product: gcc
Version: 11.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: fsb4000 at yandex dot ru
Target Milestone: ---
Hi.
Problematic piece of code: https://gcc.godbolt.org/z/s8x3KqaMb
If we change `auto` to `void (Curses_table::*)()` then it works:
https://gcc.godbolt.org/z/bezacsTPa
clang works in both cases:
https://gcc.godbolt.org/z/1e719Maa6
https://gcc.godbolt.org/z/8eqWzGzaW
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug sanitizer/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
@ 2021-03-30 7:32 ` marxin at gcc dot gnu.org
2021-04-12 9:29 ` marxin at gcc dot gnu.org
` (5 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-03-30 7:32 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed| |2021-03-30
Status|UNCONFIRMED |ASSIGNED
Ever confirmed|0 |1
Assignee|unassigned at gcc dot gnu.org |marxin at gcc dot gnu.org
--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
I can take a look.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug sanitizer/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org
@ 2021-04-12 9:29 ` marxin at gcc dot gnu.org
2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org
` (4 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-04-12 9:29 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason at gcc dot gnu.org
--- Comment #2 from Martin Liška <marxin at gcc dot gnu.org> ---
So let's consider the following example:
$ cat pr99801.C
class Curses_table {
public:
void draw_row() {};
void draw_table();
};
void Curses_table::draw_table()
{
void (Curses_table::*draw_fn) (void) = &Curses_table::draw_row;
auto Curses_table::*draw_fn2 = &Curses_table::draw_row;
(this->*draw_fn)();
(this->*draw_fn2)();
}
int main() {
Curses_table t;
t.draw_table();
}
What happens is that we wrongly assign DECL_SIZE_UNIT for draw_fn2 in:
Breakpoint 5, layout_decl (decl=<var_decl 0x7ffff7fbef30 draw_fn>,
known_align=0) at /home/marxin/Programming/gcc/gcc/stor-layout.c:634
(gdb) p debug_tree(type)
<offset_type 0x7ffff777d690
type <template_type_parm 0x7ffff777d5e8 auto VOID
align:8 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff777d5e8
index 0 level 1 orig_level 1
chain <type_decl 0x7ffff760ee40 auto>>
DI
size <integer_cst 0x7ffff75e1eb8 type <integer_type 0x7ffff75ff0a8
bitsizetype> constant 64>
unit-size <integer_cst 0x7ffff75e1ed0 type <integer_type 0x7ffff75ff000
sizetype> constant 8>
align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff777d690 basetype <record_type 0x7ffff777d888 Curses_table>>
while draw_fn is called with:
(gdb) p debug_tree(type)
<record_type 0x7ffff777d3f0 type_2 TI
size <integer_cst 0x7ffff75e1f00 type <integer_type 0x7ffff75ff0a8
bitsizetype> constant 128>
unit-size <integer_cst 0x7ffff75e1f18 type <integer_type 0x7ffff75ff000
sizetype> constant 16>
align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff777d498
fields <field_decl 0x7ffff760eab0 __pfn
type <pointer_type 0x7ffff777d2a0 type <method_type 0x7ffff777d0a8>
unsigned DI
size <integer_cst 0x7ffff75e1eb8 constant 64>
unit-size <integer_cst 0x7ffff75e1ed0 constant 8>
align:64 warn_if_not_align:0 symtab:0 alias-set -1 canonical-type
0x7ffff777d348>
unsigned nonaddressable DI
/home/marxin/Programming/testcases/pr99801.C:9:38 size <integer_cst
0x7ffff75e1eb8 64> unit-size <integer_cst 0x7ffff75e1ed0 8>
align:64 warn_if_not_align:0 offset_align 128
offset <integer_cst 0x7ffff75e1ee8 constant 0>
bit-offset <integer_cst 0x7ffff75e1f30 constant 0> context <record_type
0x7ffff777d3f0>
chain <field_decl 0x7ffff760eb48 __delta type <integer_type
0x7ffff75ff738 long int>
nonaddressable DI /home/marxin/Programming/testcases/pr99801.C:9:38
size <integer_cst 0x7ffff75e1eb8 64> unit-size <integer_cst 0x7ffff75e1ed0 8>
align:64 warn_if_not_align:0 offset_align 128 offset <integer_cst
0x7ffff75e1ee8 0> bit-offset <integer_cst 0x7ffff75e1eb8 64> context
<record_type 0x7ffff777d3f0>>> ptrmemfunc fn type <pointer_type 0x7ffff777d2a0>
chain <type_decl 0x7ffff760ebe0 __ptrmemfunc_type>>
later then the corresponding record_type is set as TREE_TYPE of draw_fn2:
(gdb) bt
#0 0x0000000000a16cd0 in cp_finish_decl (decl=decl@entry=<var_decl
0x7ffff7794510 draw_fn2>, init=<optimized out>, init@entry=<ptrmem_cst
0x7ffff7774b20>, init_const_expr_p=true, asmspec_tree=<optimized out>,
asmspec_tree@entry=<tree 0x0>, flags=5)
at /home/marxin/Programming/gcc/gcc/cp/decl.c:7744
#1 0x0000000000b06168 in cp_parser_init_declarator (parser=0x7ffff760e7b8,
flags=<optimized out>, decl_specifiers=0x7fffffffd2b0, checks=0x0,
function_definition_allowed_p=<optimized out>, member_p=<optimized out>,
declares_class_or_enum=0,
function_definition_p=0x7fffffffd350, maybe_range_for_decl=0x0,
init_loc=0x7fffffffd29c, auto_result=0x7fffffffd3f0) at
/home/marxin/Programming/gcc/gcc/cp/parser.c:21872
#2 0x0000000000ae166d in cp_parser_simple_declaration (parser=0x7ffff760e7b8,
function_definition_allowed_p=<optimized out>, maybe_range_for_decl=0x0) at
/home/marxin/Programming/gcc/gcc/cp/parser.c:14442
#3 0x0000000000ae385b in cp_parser_declaration_statement
(parser=parser@entry=0x7ffff760e7b8) at
/home/marxin/Programming/gcc/gcc/cp/parser.c:13577
#4 0x0000000000ae3ea4 in cp_parser_statement (parser=0x7ffff760e7b8,
in_statement_expr=<tree 0x0>, in_compound=<optimized out>, if_p=<optimized
out>, chain=<optimized out>, loc_after_labels=0x0) at
/home/marxin/Programming/gcc/gcc/cp/parser.c:11808
#5 0x0000000000ae5983 in cp_parser_statement_seq_opt
(parser=parser@entry=0x7ffff760e7b8,
in_statement_expr=in_statement_expr@entry=<tree 0x0>) at
/home/marxin/Programming/gcc/gcc/cp/parser.c:12174
but the DECL_SIZE_UNIT is not adjusted.
@Jason: Can you please take a look?
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org
2021-04-12 9:29 ` marxin at gcc dot gnu.org
@ 2021-08-16 11:41 ` marxin at gcc dot gnu.org
2021-08-16 11:41 ` marxin at gcc dot gnu.org
` (3 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-08-16 11:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
--- Comment #3 from Martin Liška <marxin at gcc dot gnu.org> ---
@Jason: May I please ping this?
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
` (2 preceding siblings ...)
2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org
@ 2021-08-16 11:41 ` marxin at gcc dot gnu.org
2021-11-05 16:26 ` marxin at gcc dot gnu.org
` (2 subsequent siblings)
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-08-16 11:41 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |WAITING
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
` (3 preceding siblings ...)
2021-08-16 11:41 ` marxin at gcc dot gnu.org
@ 2021-11-05 16:26 ` marxin at gcc dot gnu.org
2022-12-25 6:52 ` pinskia at gcc dot gnu.org
2022-12-25 6:56 ` pinskia at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: marxin at gcc dot gnu.org @ 2021-11-05 16:26 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Martin Liška <marxin at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|WAITING |NEW
Assignee|marxin at gcc dot gnu.org |unassigned at gcc dot gnu.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
` (4 preceding siblings ...)
2021-11-05 16:26 ` marxin at gcc dot gnu.org
@ 2022-12-25 6:52 ` pinskia at gcc dot gnu.org
2022-12-25 6:56 ` pinskia at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-12-25 6:52 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
--- Comment #4 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Created attachment 54155
--> https://gcc.gnu.org/bugzilla/attachment.cgi?id=54155&action=edit
Original testcase
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Bug c++/99801] Address sanitizer false positive with pointer to member function.
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
` (5 preceding siblings ...)
2022-12-25 6:52 ` pinskia at gcc dot gnu.org
@ 2022-12-25 6:56 ` pinskia at gcc dot gnu.org
6 siblings, 0 replies; 8+ messages in thread
From: pinskia at gcc dot gnu.org @ 2022-12-25 6:56 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99801
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Last reconfirmed|2021-03-30 00:00:00 |2022-12-24
--- Comment #5 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
-O0 -fsanitize=address
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-12-25 6:56 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-28 16:07 [Bug c++/99801] New: Address sanitizer false positive with pointer to member function fsb4000 at yandex dot ru
2021-03-30 7:32 ` [Bug sanitizer/99801] " marxin at gcc dot gnu.org
2021-04-12 9:29 ` marxin at gcc dot gnu.org
2021-08-16 11:41 ` [Bug c++/99801] " marxin at gcc dot gnu.org
2021-08-16 11:41 ` marxin at gcc dot gnu.org
2021-11-05 16:26 ` marxin at gcc dot gnu.org
2022-12-25 6:52 ` pinskia at gcc dot gnu.org
2022-12-25 6:56 ` pinskia at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).