<div dir="ltr"><div class="gmail_quote"><div>Hi Malcolm,</div><div><br></div><div>From my perspective, it seems to be an undefined behaviour anyway, so a bug in Boost.Serialization.</div><div>At least, that's how I interpret [dcl.ref] "References" (11.3.2 in latest draft), paragraph 5:</div><div><br></div><font face="monospace">[ Note: In particular, a null reference cannot exist in a well-defined program, because the only way to create such a reference would be to bind it to the “object” obtained by indirection through a null pointer, which causes undefined behavior. ... ]</font><div><br></div><div>Here, the null reference created from `*t` may technically exist in `register_type`, even if it's not used, so I'd argue that clang's 5 conclusion about UB is correct. Even more, that's already the "indirection through a null pointer" that causes UB.</div><div><br></div><div>On the other hand, decltype is a pure-type manipulation, therefore there is no possible UB.</div><div><br></div><div>A small fix does the job: <a href="https://godbolt.org/g/mSLgqr">https://godbolt.org/g/mSLgqr</a>.</div><div>Using `decltype(*t)` instead of passing `*t` as argument does not provoke the same behaviour.</div><div><br></div><div>The relevant snippet with changes:</div><div><br></div><div><div style="background-color:rgb(255,255,254);font-family:"Fira Mono";font-size:14px;line-height:19px;white-space:pre"><div> <span style="color:rgb(0,0,255)">template</span><<span style="color:rgb(0,0,255)">class</span> T, <span style="color:rgb(0,0,255)">class</span> U = <span style="color:rgb(0,0,255)">typename</span> remove_reference<T>::type> </div><div> <span style="color:rgb(0,0,255)">static</span> <span style="color:rgb(0,0,255)">void</span> register_type(Archive &ar){</div><div> non_abstract::<span style="color:rgb(0,0,255)">template</span> register_type<U>(ar);</div><div> }</div><br><div> <span style="color:rgb(0,0,255)">template</span><<span style="color:rgb(0,0,255)">class</span> TPtr></div><div> <span style="color:rgb(0,0,255)">static</span> <span style="color:rgb(0,0,255)">void</span> invoke(Archive &ar, <span style="color:rgb(0,0,255)">const</span> TPtr t){</div><div> register_type<<span style="color:rgb(0,0,255)">decltype</span>(*t)>(ar);</div><div> <span style="color:rgb(0,0,255)">if</span>(NULL == t) {</div><div> ar.save_null_pointer();</div><div> <span style="color:rgb(0,0,255)">return</span>;</div><div> }</div><div> save(ar, * t);</div><div> }</div></div></div><div><br></div><div>Best regards,</div><div>Marek Kurdej </div><div><br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">From: Malcolm Parsons via cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>><br>To: cfe-dev <<a href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>><br>Cc: <a href="mailto:ramey@rrsd.com" target="_blank">ramey@rrsd.com</a><br>Bcc: <br>Date: Fri, 22 Sep 2017 12:00:26 +0100<br>Subject: [cfe-dev] boost serialization crash with clang 5.0.0<br>Hi,<br>
<br>
I tried to upgrade to clang 5.0.0 and found that a program that uses<br>
the boost serialization library crashes with a null pointer<br>
dereference during serialization.<br>
</blockquote></div></div><div dir="ltr">-- <br></div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr">Marek</div></div>