[Bug c++/98499] New: [11 Regression] Possibly bad std::string initialization in constructors

slyfox at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Sat Jan 2 11:11:09 GMT 2021


https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98499

            Bug ID: 98499
           Summary: [11 Regression] Possibly bad std::string
                    initialization in constructors
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: slyfox at gcc dot gnu.org
  Target Milestone: ---

Initially bug is observed on a usage crash of libsass-3.6.4. Code snippet
around the crash:
https://github.com/sass/libsass/blob/3.6.4/src/context.cpp#L621

I think I extracted a small example that illustrates the problem:

```c++
// cat main.cc
#include <string>

__attribute__((noinline))
static std::string dir_name() { return "c"; }
__attribute__((noinline))
static std::string make_canonical_path (std::string path) { return path; }

class Importer {
  public:
    std::string imp_path;
    std::string ctx_path;
    std::string base_path;
  public:
    __attribute__((noinline)) Importer(std::string imp_path, std::string
ctx_path)
    : imp_path(make_canonical_path(imp_path))
    , ctx_path(make_canonical_path(ctx_path))
    , base_path(dir_name())
    {}
};

struct Include {
    Include(const Importer& imp){}
};

int main() {
  const Include & inc = {{"a", "b"}};
}
```

g++-11 generates crashing binaries, g++-10 does not:

```
$ g++-11.0.0 -O2 -std=c++11 main.cc -o a-11; ./a-11; echo $?
free(): invalid pointer
Aborted (core dumped)
134
$ g++-10.2.0 -O2 -std=c++11 main.cc -o a-10; ./a-10; echo $?
0
```

I was not able to easily get rid of std::string as it uses something from
libstdc++.so.

Thus I'm not sure where the bug is. My suspictions are:
1. invalid c++
2. std::string implementation bug
3. g++'s code generation problem around lifetimes of temporary values

I suspect `[3.]`.


```
$ g++-11.0.0 -v
Using built-in specs.
COLLECT_GCC=/usr/bin/g++-11.0.0
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-pc-linux-gnu/11.0.0/lto-wrapper
Target: x86_64-pc-linux-gnu
Configured with:
/var/tmp/portage/sys-devel/gcc-11.0.0_pre9999/work/gcc-11.0.0_pre9999/configure
--host=x86_64-pc-linux-gnu --build=x86_64-pc-linux-gnu --prefix=/usr
--bindir=/usr/x86_64-pc-linux-gnu/gcc-bin/11.0.0
--includedir=/usr/lib/gcc/x86_64-pc-linux-gnu/11.0.0/include
--datadir=/usr/share/gcc-data/x86_64-pc-linux-gnu/11.0.0
--mandir=/usr/share/gcc-data/x86_64-pc-linux-gnu/11.0.0/man
--infodir=/usr/share/gcc-data/x86_64-pc-linux-gnu/11.0.0/info
--with-gxx-include-dir=/usr/lib/gcc/x86_64-pc-linux-gnu/11.0.0/include/g++-v11
--with-python-dir=/share/gcc-data/x86_64-pc-linux-gnu/11.0.0/python
--enable-languages=c,c++,go,jit,fortran --enable-obsolete --enable-secureplt
--disable-werror --with-system-zlib --enable-nls --without-included-gettext
--enable-checking=release --with-bugurl=https://bugs.gentoo.org/
--with-pkgversion='Gentoo 11.0.0_pre9999 p5, commit
12ae2bc70846a2be8255eaa41322cd1a5a7b7350' --disable-esp --enable-libstdcxx-time
--enable-host-shared --enable-shared --enable-threads=posix
--enable-__cxa_atexit --enable-clocale=gnu --enable-multilib
--with-multilib-list=m32,m64 --disable-fixed-point --enable-targets=all
--enable-libgomp --disable-libssp --disable-libada --disable-systemtap
--enable-valgrind-annotations --enable-vtable-verify --with-zstd --enable-lto
--with-isl --disable-isl-version-check --enable-default-pie
--enable-default-ssp
Thread model: posix
Supported LTO compression algorithms: zlib zstd
gcc version 11.0.0 20201228 (experimental) (Gentoo 11.0.0_pre9999 p5, commit
12ae2bc70846a2be8255eaa41322cd1a5a7b7350)
```


More information about the Gcc-bugs mailing list