13

今天我花了好几个小时试图理解为什么这段代码g++6.2and上出现段错误g++7.0,同时愉快地按预期在clang++3.9 (and 4.0)上工作。

我将问题简化为85 行独立代码片段,正常执行时不会出现段错误,但在 UBSAN 下总是报错。

通过使用 编译、启用优化并作为额外标志传递,该问题在 wandbox 上可重现。g++7-fsanitize=undefined

这是 UBSAN 报告的内容:

prog.cc: In function 'int main()':
prog.cc:61:49: warning: 'ns#0' is used uninitialized in this function [-Wuninitialized]
         ([&] { ([&] { n.execute(ns...); })(); })();
         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^~
prog.cc:28:10: note: 'ns#0' was declared here
     auto execute(TNode& n, TNodes&... ns)
          ^~~~~~~
prog.cc:30:9: runtime error: member call on null pointer of type 'struct node_then'

g++声明ns#0在“lambda gibberish” (模拟for_tuple原始片段)中未初始化。现在,发生了一些非常有趣的事情:

  • 如果我删除“lambda gibberish”,将第 61 行转换为

     n.execute(ns...);

    然后 UBSAN 停止抱怨。

  • 如果我将捕获列表从 更改[&][&n, &ns...],UBSAN 也会停止抱怨:

     ([&](auto) { ([&n, &ns...] { n.execute(ns...); })(); })(0);

    ……等等什么?那和 有什么不同[&]

将上述发现应用于原始代码片段可修复 segfaults

这是一个g++错误吗?或者我的代码中是否有任何未定义的行为?

4

1 回答 1

5

这与临时变量无关:这是一个 gcc7.0 优化器错误。这是一个更简单的复制器:

#include <utility>

struct root
{
  template <typename TNode, typename... TNodes>
  void start(TNode n, TNodes... ns)
  {
    n->execute(ns...);
  }
};

template <typename TParent>
struct node_then
{
  TParent *_p;

  node_then(TParent *p) : _p{ p }
  {
  }

  auto execute()
  {
  }

  template <typename TNode, typename... TNodes>
  auto execute(TNode n, TNodes... ns)
  {
    n->execute(ns...);
  }

  template <typename... TNodes>
  auto start(TNodes... ns)
  {
    _p->start(this, ns...);
  }
};

template <typename TParent>
struct node_wait_all
{
  TParent *_p;

  node_wait_all(TParent *p) : _p{ p }
  {
  }

  template <typename TNode, typename... TNodes>
  auto execute(TNode n, TNodes... ns)
  {
    ([&] { ([&] { n->execute(ns...); })(); })();
  }

  template <typename... TNodes>
  auto start(TNodes... ns)
  {
    _p->start(this, ns...);
  }
};


int main()
{
  //node_wait_all<root> obj(new root());
  //node_then<node_wait_all<root>> obj2(new node_wait_all<root>(new root()));
  node_then<node_then<node_wait_all<root>>> obj3(new node_then<node_wait_all<root>>(new node_wait_all<root>(new root())));
  obj3.start();
}

输出:

prog.cc: In function 'int main()':
prog.cc:67:1: internal compiler error: in visit_ref_for_mod_analysis, at ipa-prop.c:2308
 }
 ^
0x96c4d6 visit_ref_for_mod_analysis
    /home/heads/gcc/gcc-source/gcc/ipa-prop.c:2308
0x8f615d walk_stmt_load_store_addr_ops(gimple*, void*, bool (*)(gimple*, tree_node*, tree_node*, void*), bool (*)(gimple*, tree_node*, tree_node*, void*), bool (*)(gimple*, tree_node*, tree_node*, void*))
    /home/heads/gcc/gcc-source/gcc/gimple-walk.c:817
0x9761a2 ipa_analyze_params_uses_in_bb
    /home/heads/gcc/gcc-source/gcc/ipa-prop.c:2335
0x9761a2 analysis_dom_walker::before_dom_children(basic_block_def*)
    /home/heads/gcc/gcc-source/gcc/ipa-prop.c:2415
0x10c8472 dom_walker::walk(basic_block_def*)
    /home/heads/gcc/gcc-source/gcc/domwalk.c:265
0x977ceb ipa_analyze_node(cgraph_node*)
    /home/heads/gcc/gcc-source/gcc/ipa-prop.c:2486
0x1108f0a ipcp_generate_summary
    /home/heads/gcc/gcc-source/gcc/ipa-cp.c:5036
0xa4759c execute_ipa_summary_passes(ipa_opt_pass_d*)
    /home/heads/gcc/gcc-source/gcc/passes.c:2167
0x7d6b45 ipa_passes
    /home/heads/gcc/gcc-source/gcc/cgraphunit.c:2311
0x7d6b45 symbol_table::compile()
    /home/heads/gcc/gcc-source/gcc/cgraphunit.c:2425
0x7d8616 symbol_table::compile()
    /home/heads/gcc/gcc-source/gcc/cgraphunit.c:2587
0x7d8616 symbol_table::finalize_compilation_unit()
    /home/heads/gcc/gcc-source/gcc/cgraphunit.c:2584
Please submit a full bug report,
with preprocessed source if appropriate.
Please include the complete backtrace with any bug report.
See <http://gcc.gnu.org/bugs.html> for instructions.

链接: http: //melpon.org/wandbox/permlink/E11fOumFJda6OW6m

为了帮助理解这段代码,我使用了一个强大的调试工具:paint.exe

在此处输入图像描述

于 2016-11-18T10:16:31.443 回答