https://gcc.gnu.org/bugzilla/show_bug.cgi?id=103909
Bug ID: 103909 Summary: co_yield of aggregate-initialized temporaries leads to segmentation faults. Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: c++ Assignee: unassigned at gcc dot gnu.org Reporter: johannes.kalmbach at googlemail dot com Target Milestone: --- co_yield of aggregate-initialized temporaries leads to segmentation faults. Expected behavior: Let `generator` be a reasonably defined generator type (e.g. cppcoro::generator). Let `T` be an arbitrary type. The following pattern is supposed to work: generator<T> f() { co_yield T{<valid-init-statement-for-T>}; } (the lifetime of the temporary crosses the suspension point inside `co_yield`. Actual behavior (for different types): - Aggregates containing arithmetic types work as expected (e.g. std::array<int, N>, or struct F{int i;}; - Types where {}-initialization uses a initializer-list constructor lead to a compilation error, but is is already reported as https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98056 - Aggregates containing std::string (e.g. std::array<std::string, N>, or struct F{std::string s};) compile, but lead to free(): invalid pointer, munmap_chunk(): invalid pointer, or segmentation faults. - Types with exactly the same layouts as these aggregates, but with an explicit constructor which disables aggregate initialization work correctly, e.g. struct G { std::string s; G(std::string s_in) : s{std::move(s_in)} {} }; GCC version that show this behavior: 11.1, 11.2, trunk (via godbolt) Compiler Flags: -fcoroutines -std=c++2a -O2 minimal Example code that illustrates the bug (also printed below): https://godbolt.org/z/nrGG5zKjq All of the above cases compile and work as expected on clang 13. Best regards Johannes Source code of minimal example (identical to godbolt link) #include <iostream> #include <coroutine> #include <array> using namespace std; template <typename T> struct generator { struct promise_type { generator get_return_object() noexcept { return generator{coroutine_handle<promise_type>::from_promise(*this)}; } suspend_always initial_suspend() const noexcept { return {};} suspend_always final_suspend() const noexcept {return {};} suspend_always yield_value(T& v) noexcept {m_v = &v; return {};} suspend_always yield_value(T&& v) noexcept {m_v = &v; return {}; } void unhandled_exception() { } void return_void() {} T& value() const noexcept { return *m_v; } private: T* m_v; }; ~generator() {m_coroutine.destroy(); } void move_next() { m_coroutine.resume();} T& value() {return m_coroutine.promise().value();} generator(coroutine_handle<promise_type> coroutine) noexcept : m_coroutine(coroutine) {} std::coroutine_handle<promise_type> m_coroutine; }; generator<std::array<std::string, 3>> arr(){ // Compiles, but leads to segfault/ invalid free when accessed. co_yield {"a", "b", "c"}; } generator<std::array<int, 3>> arrInt(){ // Works fine co_yield {1, 2, 3}; } struct F { std::string x; const std::string& operator[](size_t) const { return x; } }; generator<F> f() { // leads to "munmap_chunk(): invalid pointer"; co_yield {"abc"}; } struct G { std::string s; G(std::string s_in) : s{std::move(s_in)} {} const std::string& operator[](size_t) const { return s; } }; generator<G> g() { // Works as expected, only difference to F/f() is the manually // specified constructor. co_yield {"abc"}; } template<typename Generator> void outputOne(Generator g) { g.move_next(); const auto& el = g.value(); std::cout << el[0] << el[1] << el[2] << std::endl; } int main() { outputOne(g()); outputOne(f()); outputOne(arrInt()); outputOne(arr()); }