With the fix for PR41101 23_containers/forward_list/operations/6.cc will be
miscompiled because libstdc++ violates strict aliasing rules.
forward_list::sort() accesses _M_impl._M_head as _Node which is invalid.
Reasoning as follows (pieces from the header, following the type chains):
template<typename _Alloc>
struct _Fwd_list_node_base
{
...
_Pointer _M_next;
...
template<typename _Tp, typename _Alloc>
struct _Fwd_list_node : public _Fwd_list_node_base<_Alloc>
{
...
template<typename _Comp>
void
_M_sort_after(_Comp __comp);
_Tp _M_value;
template<typename _Tp, typename _Alloc>
struct _Fwd_list_base
{
...
struct _Fwd_list_impl
: public _Node_alloc_type
{
_Fwd_list_node_base<_Tp_alloc_type> _M_head;
...
};
_Fwd_list_impl _M_impl;
...
public:
...
typedef _Fwd_list_node<_Tp, _Tp_alloc_type> _Node;
template<typename _Tp, typename _Alloc = allocator<_Tp> >
class forward_list : private _Fwd_list_base<_Tp, _Alloc>
{
private:
typedef _Fwd_list_base<_Tp, _Alloc> _Base;
typedef typename _Base::_Node _Node;
...
void
sort()
{
_Node* __tmp = __static_pointer_cast<_Node*>(&this->_M_impl._M_head);
__tmp->_M_sort_after(std::less<_Tp>());
}
where you can see that _M_head is of type _Fwd_list_node_base but we are
accessing it as _Fwd_list_node which even has one more data member
(which might be not accessed but that is not the point).
The effect is that libstdc++ does the equivalent to
struct B {
int i;
};
struct A {
struct B b;
int j;
};
struct B b;
struct A *p = (struct A *)&b;
... = p->b.i;
which is not valid.
--
Summary: forward_list::sort violates strict aliasing rules
Product: gcc
Version: 4.5.0
Status: UNCONFIRMED
Keywords: wrong-code
Severity: normal
Priority: P3
Component: libstdc++
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: rguenth at gcc dot gnu dot org
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41316
