[C++] PR 51326 - Patchwork

Message ID	4ED75A6F.7000500@oracle.com
State	New
Headers	show Return-Path: <gcc-patches-return-308846-incoming=patchwork.ozlabs.org@gcc.gnu.org> Message-ID: <4ED75A6F.7000500@oracle.com> Date: Thu, 01 Dec 2011 11:43:59 +0100 From: Paolo Carlini <paolo.carlini@oracle.com> User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111105 Thunderbird/8.0 MIME-Version: 1.0 To: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org> CC: Jason Merrill <jason@redhat.com> Subject: [C++ Patch] PR 51326 Content-Type: multipart/mixed; boundary="------------040009080107090607020508" Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk Sender: gcc-patches-owner@gcc.gnu.org

Message ID

4ED75A6F.7000500@oracle.com

State

New

Headers

Message-ID: <4ED75A6F.7000500@oracle.com>
Date: Thu, 01 Dec 2011 11:43:59 +0100
From: Paolo Carlini <paolo.carlini@oracle.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
CC: Jason Merrill <jason@redhat.com>
Subject: [C++ Patch] PR 51326
Content-Type: multipart/mixed;
	boundary="------------040009080107090607020508"
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
Sender: gcc-patches-owner@gcc.gnu.org

Commit Message

Paolo Carlini Dec. 1, 2011, 10:43 a.m. UTC

Hi,

in this ICE on invalid, 4.7 Regression, we ICE at the beginning of 
build_user_type_conversion_1 because expr is NULL_TREE. The function is 
called as such from reference_binding which, in 4.6, used to call 
instead convert_class_to_reference which does check for a NULL_TREE 
expr. Thus I think adjusting likewise build_user_type_conversion_1 
should be fine. Tested x86_64-linux.

Thanks,
Paolo.

//////////////////
/cp
2011-12-01  Paolo Carlini  <paolo.carlini@oracle.com>

	PR c++/51326
	* call.c (build_user_type_conversion_1): Early return NULL if
	expr is NULL_TREE.

/testsuite
2011-12-01  Paolo Carlini  <paolo.carlini@oracle.com>

	PR c++/51326
	* g++.dg/inherit/crash3.C: New.

Comments

Jason Merrill Dec. 1, 2011, 9:52 p.m. UTC | #1

OK.

Jason

Dodji Seketeli Dec. 3, 2011, 9:25 p.m. UTC | #2

Hello Paolo,

Paolo Carlini <paolo.carlini@oracle.com> a écrit:

> Index: cp/call.c
> ===================================================================
> --- cp/call.c	(revision 181875)
> +++ cp/call.c	(working copy)
> @@ -3373,7 +3373,7 @@ static struct z_candidate *
>  build_user_type_conversion_1 (tree totype, tree expr, int flags)
>  {
>    struct z_candidate *candidates, *cand;
> -  tree fromtype = TREE_TYPE (expr);
> +  tree fromtype;
>    tree ctors = NULL_TREE;
>    tree conv_fns = NULL_TREE;
>    conversion *conv = NULL;
> @@ -3382,6 +3382,11 @@ build_user_type_conversion_1 (tree totype, tree ex
>    bool any_viable_p;
>    int convflags;
>  
> +  if (!expr)
> +    return NULL;
> +
> +  fromtype = TREE_TYPE (expr);
> +
>    /* We represent conversion within a hierarchy using RVALUE_CONV and
>       BASE_CONV, as specified by [over.best.ics]; these become plain
>       constructor calls, as specified in [dcl.init].  */

This might be a theoretical nit, but it looks like if expr is
error_mark_node, we'd crash as well, because of the line below that comes
right after the comment above:

  gcc_assert (!MAYBE_CLASS_TYPE_P (fromtype) || !MAYBE_CLASS_TYPE_P (totype)
	      || !DERIVED_FROM_P (totype, fromtype));

I don't have a test case for that though.

Jason Merrill Dec. 4, 2011, 12:20 a.m. UTC | #3

On 12/03/2011 04:25 PM, Dodji Seketeli wrote:
> This might be a theoretical nit, but it looks like if expr is
> error_mark_node, we'd crash as well, because of the line below that comes
> right after the comment above:
>
>    gcc_assert (!MAYBE_CLASS_TYPE_P (fromtype) || !MAYBE_CLASS_TYPE_P (totype)
> 	      || !DERIVED_FROM_P (totype, fromtype));

That should be OK, since TREE_TYPE (error_mark_node) is error_mark_node.

Jason

Dodji Seketeli Dec. 4, 2011, 7:31 a.m. UTC | #4

Jason Merrill <jason@redhat.com> a écrit:

> On 12/03/2011 04:25 PM, Dodji Seketeli wrote:
>> This might be a theoretical nit, but it looks like if expr is
>> error_mark_node, we'd crash as well, because of the line below that comes
>> right after the comment above:
>>
>>    gcc_assert (!MAYBE_CLASS_TYPE_P (fromtype) || !MAYBE_CLASS_TYPE_P (totype)
>> 	      || !DERIVED_FROM_P (totype, fromtype));
>
> That should be OK, since TREE_TYPE (error_mark_node) is
> error_mark_node.

Oh, right.

Index: testsuite/g++.dg/inherit/crash3.C
===================================================================
--- testsuite/g++.dg/inherit/crash3.C	(revision 0)
+++ testsuite/g++.dg/inherit/crash3.C	(revision 0)
@@ -0,0 +1,11 @@ 
+// PR c++/51326
+
+struct A
+{
+  virtual int& foo(); // { dg-error "overriding" }
+};
+
+struct B : A
+{
+  B& foo();           // { dg-error "conflicting return type" }
+};
Index: cp/call.c
===================================================================
--- cp/call.c	(revision 181875)
+++ cp/call.c	(working copy)
@@ -3373,7 +3373,7 @@  static struct z_candidate *
 build_user_type_conversion_1 (tree totype, tree expr, int flags)
 {
   struct z_candidate *candidates, *cand;
-  tree fromtype = TREE_TYPE (expr);
+  tree fromtype;
   tree ctors = NULL_TREE;
   tree conv_fns = NULL_TREE;
   conversion *conv = NULL;
@@ -3382,6 +3382,11 @@  build_user_type_conversion_1 (tree totype, tree ex
   bool any_viable_p;
   int convflags;
 
+  if (!expr)
+    return NULL;
+
+  fromtype = TREE_TYPE (expr);
+
   /* We represent conversion within a hierarchy using RVALUE_CONV and
      BASE_CONV, as specified by [over.best.ics]; these become plain
      constructor calls, as specified in [dcl.init].  */