segfaults in options_description with -fipa-pta

[Seth <sshannin@…>]

With gcc-6.1.0, I'm seeing a lot of segfaults associated with boost::program_options::options_description. I had an older, but recent version of gcc lying around (5.3.0) that did not exhibit this behavior, so there's a decent chance that the fault lines in gcc itself vs. a newly exhibited bug here.

If I make an empty one and just let it fall out of scope, I get a segfault from the destructor:

seth@luca:~$ cat example.cpp 
#include <boost/program_options.hpp>

int main() {
    boost::program_options::options_description d;
    return 0;
}
seth@luca:~$ g++ -g3 example.cpp -llibboost_program_options -fipa-pta -o example 
seth@luca:~$ gdb ./example
(gdb) r
Starting program: /home/seth/./example 
Traceback (most recent call last):

Program received signal SIGSEGV, Segmentation fault.
0x00000000004026db in boost::detail::atomic_exchange_and_add (pw=0x200c5f2d8d48e02c, dv=-1)
    at /toolchain/toolchain9/include/boost/smart_ptr/detail/sp_counted_base_gcc_x86.hpp:50
50          );
(gdb) bt
#0  0x00000000004026db in boost::detail::atomic_exchange_and_add (pw=0x200c5f2d8d48e02c, dv=-1)
    at /toolchain/toolchain9/include/boost/smart_ptr/detail/sp_counted_base_gcc_x86.hpp:50
#1  0x0000000000402709 in boost::detail::sp_counted_base::release (this=0x200c5f2d8d48e024)
    at /toolchain/toolchain9/include/boost/smart_ptr/detail/sp_counted_base_gcc_x86.hpp:144
#2  0x00000000004027a7 in boost::detail::shared_count::~shared_count (this=0x4033a8 <__libc_csu_init+8>, __in_chrg=<optimized out>)
    at /toolcain/toolchain9/include/boost/smart_ptr/detail/shared_count.hpp:473
#3  0x0000000000402de0 in boost::shared_ptr<boost::program_options::options_description>::~shared_ptr (this=0x4033a0 <__libc_csu_init>, 
    __in_chrg=<optimized out>) at /toolchain/toolchain9/include/boost/smart_ptr/shared_ptr.hpp:336
#4  0x0000000000402dfb in std::_Destroy<boost::shared_ptr<boost::program_options::options_description> > (__pointer=0x4033a0 <__libc_csu_init>)
    at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_construct.h:93
#5  0x0000000000402ce9 in std::_Destroy_aux<false>::__destroy<boost::shared_ptr<boost::program_options::options_description>*> (
    __first=0x4033a0 <__libc_csu_init>, __last=0x0) at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_construct.h:103
#6  0x0000000000402b98 in std::_Destroy<boost::shared_ptr<boost::program_options::options_description>*> (__first=0x4033a0 <__libc_csu_init>, 
    __last=0x0) at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_construct.h:126
#7  0x0000000000402a23 in std::_Destroy<boost::shared_ptr<boost::program_options::options_description>*, boost::shared_ptr<boost::program_options::options_description> > (__first=0x4033a0 <__libc_csu_init>, __last=0x0) at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_construct.h:151
#8  0x000000000040288b in std::vector<boost::shared_ptr<boost::program_options::options_description>, std::allocator<boost::shared_ptr<boost::program_options::options_description> > >::~vector (this=0x7fffffffdf58, __in_chrg=<optimized out>)
    at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_vector.h:426
#9  0x00000000004027c6 in boost::program_options::options_description::~options_description (this=0x7fffffffdef0, __in_chrg=<optimized out>)
    at /toolchain/toolchain9/include/boost/program_options/options_description.hpp:173
#10 0x00000000004026b9 in main () at example.cpp:4

Alternatively, if I actually add any options, it segfaults during that:

seth@luca:~$ cat example2.cpp
#include <boost/program_options.hpp>

int main() {
    namespace po = boost::program_options;
    po::options_description d;

    int x = 0;
    d.add_options() ("xs,x", po::value(&x));
    return 0;
}

Program received signal SIGSEGV, Segmentation fault.
0x000000000040dc66 in push_back (__x=<optimized out>, this=<optimized out>) at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_bvector.h:89
89              *_M_p &= ~_M_mask;
(gdb) bt
#0  0x000000000040dc66 in push_back (__x=<optimized out>, this=<optimized out>) at /toolchain/toolchain9/include/c++/6.1.0/bits/stl_bvector.h:89
#1  add () at libs/program_options/src/options_description.cpp:288
#2  boost::program_options::options_description_easy_init::operator() (this=0x4, name=0x7fffffffdee0 " \305\334\367\377\177", s=0x62ed80)
    at libs/program_options/src/options_description.cpp:246
#3  0x0000000000403d78 in main () at example2.cpp:8

seth@luca:~$ g++ --version
g++ (GCC) 6.1.0
Copyright (C) 2016 Free Software Foundation, Inc.

I'm linking statically against program_options.

Let me know if there's any more information I can provide that would be helpful.

[anonymous]

Hi,

I see the same behaviour (std::string::assign segmentation fault after calling programs_options::notify() ) when I have the gcc option:

-fno-rtti

dwyer@bane build]$ g++ --version
g++ (GCC) 5.3.1 20160406 (Red Hat 5.3.1-6)

Boost: 1.61.0 release version.

When I remove that command line option, everything works fine.

==16447== 
==16447== Process terminating with default action of signal 11 (SIGSEGV)
==16447==  Access not within mapped region at address 0x8
==16447==    at 0x51586FE: std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_M_assign(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) (in /usr/lib64/libstdc++.so.6.0.21)
==16447==    by 0x4B7650: assign (basic_string.h:1095)
==16447==    by 0x4B7650: operator= (basic_string.h:551)
==16447==    by 0x4B7650: boost::program_options::typed_value<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, char>::notify(boost::any const&) const (value_semantic.hpp:39)
==16447==    by 0x534791: boost::program_options::variables_map::notify() (in /home/dwyer/Projects/massoder/build/bin/ingestor)
==16447==    by 0x4AD4DB: Commandline::extractOptions(int, char**) (Commandline.cpp:158)
==16447==    by 0x4B1271: Commandline::process(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, int, char**) (Commandline.cpp:56)
==16447==    by 0x4A488F: main (Main.cpp:36)