<html>

    <head>

      <base href="https://llvm.org/bugs/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW --- - UBSan vptr: false positive if virtual method if privately overriden"

   href="https://llvm.org/bugs/show_bug.cgi?id=30478">30478</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>UBSan vptr: false positive if virtual method if privately overriden

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>new-bugs

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>trunk

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>PC

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>Linux

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>normal

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>new bugs

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>unassignedbugs@nondot.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>krasin@google.com

          </td>

        </tr>

        <tr>

          <th>CC</th>

          <td>llvm-bugs@lists.llvm.org

          </td>

        </tr>

        <tr>

          <th>Classification</th>

          <td>Unclassified

          </td>

        </tr></table>

      <p>

        <div>

        <pre>Created <span class=""><a href="attachment.cgi?id=17329" name="attach_17329" title="many_bases.cc">attachment 17329</a> <a href="attachment.cgi?id=17329&action=edit" title="many_bases.cc">[details]</a></span>

many_bases.cc

Based on the analysis of a Chromium test failure that feels like a false

positive from UBSan's vptr check, I have come up with the following minimal

reproducer:

many_bases.cc (also attached):

#include <stdio.h>

class Base1 {

 public:

  virtual void Do() { printf("Base1::Do\n"); }

};

class Base2 {

 public:

  virtual void Do2() { printf("Base2::Do2\n"); }

};

class Derived final : public Base1, public Base2 {

private:

  void Do2() override { printf("Derived::Do2\n"); }

};

int main(void) {

  Derived obj;

  static_cast<Base2*>(&obj)->Do2();

}

Compiling and running:

$ clang++ -o many_bases many_bases.cc -fsanitize=vptr

-fno-sanitize-recover=undefined -fvisibility=hidden -std=gnu++11 &&

./many_bases

many_bases.cc:20:30: runtime error: member call on address 0x7ffe64429bb8 which

does not point to an object of type 'Base2'

0x7ffe64429bb8: note: object is of type 'Derived'

 ea 46 63 ba  c0 ee 42 00 00 00 00 00  e0 ee 42 00 00 00 00 00  00 00 00 00 00

00 00 00  00 00 00 00

              ^~~~~~~~~~~~~~~~~~~~~~~

              vptr for 'Derived'

The error message does not make sense to me.</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are on the CC list for the bug.</li>

      </ul>

    </body>

</html>