<html>
<head>
<base href="https://llvm.org/bugs/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW --- - Segmentation fault at _tree:1098 with -O2 in Mac OS X clang++"
href="https://llvm.org/bugs/show_bug.cgi?id=31376">31376</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Segmentation fault at _tree:1098 with -O2 in Mac OS X clang++
</td>
</tr>
<tr>
<th>Product</th>
<td>libc++
</td>
</tr>
<tr>
<th>Version</th>
<td>3.7
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Macintosh
</td>
</tr>
<tr>
<th>OS</th>
<td>MacOS X
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P
</td>
</tr>
<tr>
<th>Component</th>
<td>All Bugs
</td>
</tr>
<tr>
<th>Assignee</th>
<td>unassignedclangbugs@nondot.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>i@yoichihirai.com
</td>
</tr>
<tr>
<th>CC</th>
<td>llvm-bugs@lists.llvm.org, mclow.lists@gmail.com
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr></table>
<p>
<div>
<pre>When I assign a temporary std::map<u256, int> object into an already existing
map, the executable compiled with -O2 causes a segmentation fault. The same
problem happens with std::map<int, u256>. Here u256 denotes a class in
boost::multiprecision.
The OS and the compiler versions:
$ uname -a
Darwin Yoichis-Air.local 15.6.0 Darwin Kernel Version 15.6.0: Thu Sep 1
15:01:16 PDT 2016; root:xnu-3248.60.11~2/RELEASE_X86_64 x86_64
$ clang++ --version
Apple LLVM version 8.0.0 (clang-800.0.42.1)
Target: x86_64-apple-darwin15.6.0
Thread model: posix
InstalledDir:
/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
The program that causes the problem:
$ cat main.cpp
#include <boost/multiprecision/cpp_int.hpp>
#include <map>
#include <iostream>
int main()
{
using namespace::std;
using u256 =
boost::multiprecision::number<boost::multiprecision::cpp_int_backend<256, 256,
boost::multiprecision::unsigned_magnitude, boost::multiprecision::unchecked,
void>>;
map<u256, int> k = {{1, 131264}};
k = {};
cout << "passed" << endl << flush;
return 0;
}
I can observe a segmentation fault with -O2.
$ clang++ -O2 -std=c++11 -stdlib=libc++ main.cpp && ./a.out
Segmentation fault: 11
$ clang++ -O1 -std=c++11 -stdlib=libc++ main.cpp && ./a.out
passed
$ clang++ -O3 -std=c++11 -stdlib=libc++ main.cpp && ./a.out
passed
When I add debugging information and try valgrind, it says the access happens
in __tree:1098.
$ clang++ -g -O2 -std=c++11 -stdlib=libc++ main.cpp
$ valgrind ./a.out
<snip>
==23530== Process terminating with default action of signal 11 (SIGSEGV)
==23530== General Protection Fault
==23530== at 0x100001788: void
std::__1::__tree<std::__1::__value_type<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0>, int>,
std::__1::__map_value_compare<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0>,
std::__1::__value_type<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0>, int>,
std::__1::less<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0> >, true>,
std::__1::allocator<std::__1::__value_type<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0>, int> >
<span class="quote">>::__assign_unique<std::__1::pair<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,</span >
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0> const, int>
const*>(std::__1::pair<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0> const, int> const*,
std::__1::pair<boost::multiprecision::number<boost::multiprecision::backends::cpp_int_backend<256u,
256u, (boost::multiprecision::cpp_integer_type)0,
(boost::multiprecision::cpp_int_check_type)0, void>,
(boost::multiprecision::expression_template_option)0> const, int> const*)
(__tree:1098)
==23530== by 0x1000010F3: main (map:986)
The libc++ version is 3.7 when I see _LIBCPP_VERSION.
The Boost version is 1.62.00 when I see BOOST_VERSION.
The same problem can still be observed with the key and the value types
swapped.
$ cat variant.cpp
#include <boost/multiprecision/cpp_int.hpp>
#include <map>
#include <iostream>
int main()
{
using namespace::std;
using u256 =
boost::multiprecision::number<boost::multiprecision::cpp_int_backend<256, 256,
boost::multiprecision::unsigned_magnitude, boost::multiprecision::unchecked,
void>>;
map<int, u256> k = {{1, 131264}};
k = {};
cout << "passed" << endl << flush;
return 0;
}
$ clang++ -O1 -std=c++11 -stdlib=libc++ variant.cpp && ./a.out
passed
$ clang++ -O2 -std=c++11 -stdlib=libc++ variant.cpp && ./a.out
Segmentation fault: 11
$ clang++ -O3 -std=c++11 -stdlib=libc++ variant.cpp && ./a.out
Segmentation fault: 11
Valgrind points to the same line for these cases as well.</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are on the CC list for the bug.</li>
</ul>
</body>
</html>