http://gcc.gnu.org/bugzilla/show_bug.cgi?id=47541
Summary: For integer pointers, the value of ++*p is not
written back to memory
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
AssignedTo: unassig...@gcc.gnu.org
ReportedBy: veks...@il.ibm.com
The problem occurs in a copy constructor both for 386 and for X86-64. This is a
copy constructor of a reference counting object which uses int* to keep
track of the number of copies of an "A" object. The copy constructor messes up,
it calculates the new count (in some cases), but forgets to write it back to
the int*.
The attached test case is a bit complicated, yet it is a simplification of real
code. There are two options to see the issue:
$ g++ -O2 -g refcount.cpp && ./a.out
Segmentation fault (core dumped)
$ g++ -O2 -DTRACE -g refcount.cpp && ./a.out
A::A()
RefCount()
count=1
RefCount(const RefCount&)
count=1
~RefCount()
A::~A
count=0
Segmentation fault (core dumped)
As you can see, the reference is not incremented when it should be.
$ g++ -v
Using built-in specs.
COLLECT_GCC=g++
COLLECT_LTO_WRAPPER=/usr/libexec/gcc/x86_64-redhat-linux/4.5.1/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --prefix=/usr --mandir=/usr/share/man
--infodir=/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla
--enable-bootstrap --enable-shared --enable-threads=posix
--enable-checking=release --with-system-zlib --enable-__cxa_atexit
--disable-libunwind-exceptions --enable-gnu-unique-object
--enable-linker-build-id
--enable-languages=c,c++,objc,obj-c++,java,fortran,ada,lto --enable-plugin
--enable-java-awt=gtk --disable-dssi
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-1.5.0.0/jre
--enable-libgcj-multifile --enable-java-maintainer-mode
--with-ecj-jar=/usr/share/java/eclipse-ecj.jar --disable-libjava-multilib
--with-ppl --with-cloog --with-tune=generic --with-arch_32=i686
--build=x86_64-redhat-linux
Thread model: posix
gcc version 4.5.1 20100924 (Red Hat 4.5.1-4) (GCC)
