https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105204
Bug ID: 105204 Summary: -Wuse-after-free=1 inconsistency with conditional free Product: gcc Version: 12.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: middle-end Assignee: unassigned at gcc dot gnu.org Reporter: piotr.grabowski at scylladb dot com Target Milestone: --- Created attachment 52772 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=52772&action=edit two examples of conditional free Below, I added two examples of conditional free(), which cause inconsistent behavior of -Wuse-after-free=1. In the first case, GCC 12 does not issue -Wuse-after-free=1 warning, but in the second similar example, the warning is triggered. // Compile with: g++ -Wuse-after-free=1 -O2 -c example-inconsistency.cpp void example1(int* ptr, bool condition) { if (condition) { free(ptr); } ++*ptr; // No -Wuse-after-free=1 warning } void example2(int* ptr) { if (*ptr == 1234) { free(ptr); } ++*ptr; // -Wuse-after-free=1 warning issued } Compiled with: g++ (GCC) 12.0.1 20220404 (experimental) We hit that second case in our production code in our implementation of shared pointer in Seastar (https://github.com/scylladb/seastar/blob/05cdfc2d30c553ec73b5cdbfb6c4318c232b3a6d/include/seastar/core/shared_ptr.hh#L255). Below is a simplified version of it, which triggers -Wuse-after-free=1: // Compile with: g++ -Wuse-after-free=1 -O2 -c example-shared-ptr.cpp struct shared_ptr { size_t* ref_count; public: shared_ptr(const shared_ptr& other) : ref_count(other.ref_count) { (*ref_count)++; } ~shared_ptr() { if (--(*ref_count) == 0) { free(ref_count); } } }; void example3(shared_ptr& sp) { shared_ptr sp2(sp); shared_ptr sp3(sp); // -Wuse-after-free=1 is issued } Is this the expected behavior of -Wuse-after-free=1 and we should work around it in our code?