63736 – gcc generated program with segfault on atomic exchange when the atomic variable is a member of a struct allocated with make_shared

Bug 63736 - gcc generated program with segfault on atomic exchange when the atomic variable is a member of a struct allocated with make_shared

Summary: gcc generated program with segfault on atomic exchange when the atomic variab...

Status:	RESOLVED FIXED

Alias:	None

Product:	gcc
Classification:	Unclassified
Component:	libstdc++ (show other bugs)
Version:	4.8.1

Importance:	P3 normal
Target Milestone:	4.9.2
Assignee:	Not yet assigned to anyone

URL:
Keywords:	wrong-code

Depends on:
Blocks:

Reported:	2014-11-04 14:41 UTC by Leandro Santiago
Modified:	2016-10-22 01:11 UTC (History)
CC List:	1 user (show)

See Also:
Host:
Target:	x86_64-linux-gnu
Build:
Known to work:	4.9.2, 5.0
Known to fail:	4.8.2
Last reconfirmed:	2014-12-10 00:00:00

Attachments
self contained program which reproduces the problem (409 bytes, text/x-c++src) 2014-11-04 14:41 UTC, Leandro Santiago	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Leandro Santiago 2014-11-04 14:41:46 UTC

Created attachment 33882 [details]
self contained program which reproduces the problem

I am sending a sample code with a self contained program which declares a struct called PStruct which contains a variable member which is an atomic of a simple struct.

G++ compiles the code correctly, however it has a segmentation fault in a (IMO) valid atomic exchance operation, when PStruct is allocated using make_shared, but it does not happen when it's allocated using new operator.

In clang 3.5 the code generate a valid program, which runs as expected.

G++ info:

Using built-in specs.
COLLECT_GCC=g++-4.8
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.8/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.8.1-2ubuntu1~12.04' --with-bugurl=file:///usr/share/doc/gcc-4.8/README.Bugs --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr --program-suffix=-4.8 --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.8 --libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-gnu-unique-object --enable-plugin --with-system-zlib --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64/jre --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.8-amd64 --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.8-amd64 --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64 --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.8.1 (Ubuntu 4.8.1-2ubuntu1~12.04)

The command line I am using to compile the code:
$ g++-4.8 -std=c++11 -Wall -Wextra atomic_of_struct_test.cpp -o atomic_of_struct_test -lrt -latomic

The attached file reproduces the problem, because allocates using make_shared. To allocate using new operator, comment line 34 and uncomment line 37.

The expected output in both allocation ways is:
field1: 2, field2: 4

The actual output when compiled with g++ is:
Segmentation fault (core dumped)

The backtrace of the later execution:

#0  0x00007ffff7bd5897 in ?? () from /usr/lib/x86_64-linux-gnu/libatomic.so.1
No symbol table info available.
#1  0x0000000000401186 in std::atomic<TwoFieldStruct>::exchange (this=0x604028, __i=..., _m=std::memory_order_seq_cst) at /usr/include/c++/4.8/atomic:225
        tmp = {
          field1 = 140737488346624, 
          field2 = 4198920
        }
#2  0x00000000004010e3 in PStruct::setMs (this=0x604028, ms=...) at atomic_of_struct_test.cpp:18
No locals.
#3  0x0000000000400f81 in main () at atomic_of_struct_test.cpp:39
        ms = {
          field1 = 2, 
          field2 = 4
        }
        ptr = std::shared_ptr (count 1, weak 0) 0x604028
        oms = {
          field1 = 0, 
          field2 = 4197680
        }

Comment 1 Leandro Santiago 2014-11-04 14:55:11 UTC

I forgot to mention I am using Ubuntu 12.04 64-bit on a i7 machine and kernel 3.8.0.

Comment 2 Leandro Santiago 2014-11-04 22:52:58 UTC

I tested the same program again with gcc from master branch from today and it worked as expected, generated a runnable executable. 

Is it possible to backport whichever the solution is to gcc 4.8?

[1] COLLECT_GCC=/home/tenchi/programs/gcc/bin/g++
COLLECT_LTO_WRAPPER=/home/tenchi/programs/gcc/libexec/gcc/x86_64-unknown-linux-gnu/5.0.0/lto-wrapper
Target: x86_64-unknown-linux-gnu
Configured with: ../configure --prefix=/home/tenchi/programs/gcc --enable-debug --enable-lto
Thread model: posix
gcc version 5.0.0 20141104 (experimental) (GCC)

Comment 3 Leandro Santiago 2014-11-06 11:27:52 UTC

I've just realized the gcc I am using is 4.8.1 instead of 4.8.1 as initially reported.

Comment 4 Jonathan Wakely 2014-11-08 16:13:07 UTC

I can reproduce it with 4.8.2 and can confirm it seems to be fixed in 4.9.0 (even when linking to the libatomic.so from 4.8.2)

#0  0x00007ffff7dcc898 in libat_exchange_16_i1 (mptr=0x604028, newval=<optimized out>, smodel=<optimized out>) at ../../../libatomic/exch_n.c:54
#1  0x00000000004011b4 in std::atomic<TwoFieldStruct>::exchange (this=0x604028, __i=..., _m=std::memory_order_seq_cst) at /usr/include/c++/4.8.3/atomic:225
#2  0x0000000000401111 in PStruct::setMs (this=0x604028, ms=...) at /var/tmp/atomic_of_struct_test.cpp:18
#3  0x0000000000400fb1 in main () at /var/tmp/atomic_of_struct_test.cpp:39

Comment 5 Andrew Pinski 2016-10-22 01:09:39 UTC

This is most likely an alignment issue.  In that make_shared not using the "right" alignment.

Comment 6 Andrew Pinski 2016-10-22 01:11:16 UTC

Fixed so closing.