https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78747
Bug ID: 78747 Summary: Duplicate _S_empty_rep_storage causes crash when STV_HIDDEN Product: gcc Version: 6.2.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: jengelh at inai dot de Target Milestone: --- The following testcase produces a crashing program. The gist seems to be that main.o and lib1.o each get a copy of the std::basic_string<T>::Rep::_M_dispose function, and along with it, the _ZNSbIDsSt11char_traitsIDsESaIDsEE4_Rep20_S_empty_rep_storageE symbol. They get marked hidden by the used symbol visiblity file (see below), which means that they will not be combined by the runtime linker, and each _M_dispose tests for its own empty_rep only, leading to Undesired Behavior when one _M_dispose gets the other _S_empty_rep_storage. void _M_dispose(const _Alloc& __a) _GLIBCXX_NOEXCEPT { #if _GLIBCXX_FULLY_DYNAMIC_STRING == 0 if (__builtin_expect(this != &_S_empty_rep(), false)) #endif In other words, a situation arises which is loosely described in the gcc manpage: "-fvisibility-inlines-hidden This switch declares that the user does not attempt to compare pointers to inline functions or methods", but here, we have a third case, a static object. So, are version-scripts with local:* basically incompatible with C++? Trying to figure out whether this is just a documentation RFE, or whether there is something that could be done to libstdc++ to improve the situation (abandoning pointerish comparisons?) Maybe bug #54173 is related too. ---main.cpp-- #include <string> __attribute__((visibility("default"))) void l1_func(std::u16string &); int main(void) { std::u16string a; a.append(a); l1_func(a); return 0; } ---lib1.cpp--- #include <string> __attribute__((visibility("default"))) void l1_func(std::u16string &); void l1_func(std::u16string &a) { static const char16_t t[] = {41, 42}; a.append(t, 2); } ---lib.sym--- ABC { global: *l1_func*; local: *; }; ---makeit.sh--- g++ -std=gnu++11 lib1.cpp -shared -fPIC -o lib1.so -Wl,--version-script=lib.sym g++ -std=gnu++11 ldr.cpp ./lib1.so --- Observed behavior --- 11:13 zap:/dev/shm/t > ./mk 11:13 zap:/dev/shm/t > ./a.out *** Error in `./a.out': free(): invalid pointer: 0x00000000006020a0 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x721af)[0x7f794e17c1af] /lib64/libc.so.6(+0x779d6)[0x7f794e1819d6] /lib64/libc.so.6(+0x78723)[0x7f794e182723] ./lib1.so(+0x149a)[0x7f794ed4b49a] ./lib1.so(+0x140d)[0x7f794ed4b40d] ./lib1.so(+0x11d0)[0x7f794ed4b1d0] ./lib1.so(+0xf19)[0x7f794ed4af19] ./lib1.so(+0xbd8)[0x7f794ed4abd8] ./lib1.so(_Z7l1_funcRSbIDsSt11char_traitsIDsESaIDsEE+0x24)[0x7f794ed4aaaa] ./a.out[0x4009de] /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f794e12a6e5] ./a.out[0x400839] Using built-in specs. COLLECT_GCC=g++-6 COLLECT_LTO_WRAPPER=/usr/lib64/gcc/x86_64-suse-linux/6/lto-wrapper Target: x86_64-suse-linux Configured with: ../configure --prefix=/usr --infodir=/usr/share/info --mandir=/usr/share/man --libdir=/usr/lib64 --libexecdir=/usr/lib64 --enable-languages=c,c++,objc,fortran,obj-c++,java,ada,go --enable-offload-targets=hsa --enable-checking=release --with-gxx-include-dir=/usr/include/c++/6 --enable-ssp --disable-libssp --disable-libvtv --disable-libcc1 --disable-plugin --with-bugurl=http://bugs.opensuse.org/ --with-pkgversion='SUSE Linux' --disable-libgcj --with-slibdir=/lib64 --with-system-zlib --enable-__cxa_atexit --enable-libstdcxx-allocator=new --disable-libstdcxx-pch --with-default-libstdcxx-abi=gcc4-compatible --enable-version-specific-runtime-libs --enable-linker-build-id --enable-linux-futex --enable-gnu-indirect-function --program-suffix=-6 --without-system-libunwind --enable-multilib --with-arch-32=x86-64 --with-tune=generic --build=x86_64-suse-linux --host=x86_64-suse-linux Thread model: posix gcc version 6.2.1 20161121 [gcc-6-branch revision 242657] (SUSE Linux)