http://gcc.gnu.org/bugzilla/show_bug.cgi?id=58366
--- Comment #5 from Dominique d'Humieres <dominiq at lps dot ens.fr> --- On x86_64-apple-darwin10, if I compile the test with -std=c++11 -fsanitize=address (w/wo -pthread), I get ==60580== ERROR: AddressSanitizer: heap-use-after-free on address 0x60080001bfe8 at pc 0x10000249d bp 0x1039cce10 sp 0x1039cce08 READ of size 8 at 0x60080001bfe8 thread T16777215 0x60080001bfe8 is located 24 bytes inside of 40-byte region [0x60080001bfd0,0x60080001bff8) ==60580== AddressSanitizer CHECK failed: ../../../../work/libsanitizer/asan/asan_report.cc:344 "((t)) != (0)" (0x0, 0x0) If I compile with -g -std=c++11 (w/wo -pthread), valgrind crashes with ==60478== Thread 3: ==60478== Invalid read of size 8 ==60478== at 0x100002624: std::_Function_base::~_Function_base() (functional:1997) ==60478== by 0x10000284F: std::function<int ()()>::~function() (functional:2138) ==60478== by 0x1000046C7: ThreadLocalGenerator::~ThreadLocalGenerator() (pr58366.cpp:9) ==60478== by 0x100043218: (anonymous namespace)::run(void*) (in /opt/gcc/gcc4.9w/lib/libstdc++.6.dylib) ==60478== by 0x1001BA39B: _pthread_exit (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001B9E88: thread_start (in /usr/lib/libSystem.B.dylib) ==60478== Address 0x1003fcc78 is 24 bytes inside a block of size 40 free'd ==60478== at 0x10003452D: free (vg_replace_malloc.c:430) ==60478== by 0x1003E3A62: emutls_destroy (in /opt/gcc/gcc4.9w/lib/libgcc_s.1.dylib) ==60478== by 0xFF: ??? ==60478== by 0x1008FEEBF: ??? ==60478== by 0x1008FEFFF: ??? ==60478== by 0x1001BA6E7: _pthread_tsd_cleanup (in /usr/lib/libSystem.B.dylib) ==60478== ==60478== Invalid read of size 8 ==60478== at 0x100002631: std::_Function_base::~_Function_base() (functional:1998) ==60478== by 0x10000284F: std::function<int ()()>::~function() (functional:2138) ==60478== by 0x1000046C7: ThreadLocalGenerator::~ThreadLocalGenerator() (pr58366.cpp:9) ==60478== by 0x100043218: (anonymous namespace)::run(void*) (in /opt/gcc/gcc4.9w/lib/libstdc++.6.dylib) ==60478== by 0x1001BA39B: _pthread_exit (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001B9E88: thread_start (in /usr/lib/libSystem.B.dylib) ==60478== Address 0x1003fcc78 is 24 bytes inside a block of size 40 free'd ==60478== at 0x10003452D: free (vg_replace_malloc.c:430) ==60478== by 0x1003E3A62: emutls_destroy (in /opt/gcc/gcc4.9w/lib/libgcc_s.1.dylib) ==60478== by 0xFF: ??? ==60478== by 0x1008FEEBF: ??? ==60478== by 0x1008FEFFF: ??? ==60478== by 0x1001BA6E7: _pthread_tsd_cleanup (in /usr/lib/libSystem.B.dylib) ==60478== ==60478== Invalid read of size 8 ==60478== at 0x100003B39: std::_Function_base::_Base_manager<std::_Bind<std::uniform_int_distribution<int> ()(std::mersenne_twister_engine<unsigned int, 32ul, 624ul, 397ul, 31ul, 2567483615u, 11ul, 4294967295u, 7ul, 2636928640u, 15ul, 4022730752u, 18ul, 1812433253u>)> >::_M_destroy(std::_Any_data&, std::integral_constant<bool, false>) (functional:1894) ==60478== by 0x1000034CE: std::_Function_base::_Base_manager<std::_Bind<std::uniform_int_distribution<int> ()(std::mersenne_twister_engine<unsigned int, 32ul, 624ul, 397ul, 31ul, 2567483615u, 11ul, 4294967295u, 7ul, 2636928640u, 15ul, 4022730752u, 18ul, 1812433253u>)> >::_M_manager(std::_Any_data&, std::_Any_data const&, std::_Manager_operation) (functional:1918) ==60478== by 0x100002646: std::_Function_base::~_Function_base() (functional:1998) ==60478== by 0x10000284F: std::function<int ()()>::~function() (functional:2138) ==60478== by 0x1000046C7: ThreadLocalGenerator::~ThreadLocalGenerator() (pr58366.cpp:9) ==60478== by 0x100043218: (anonymous namespace)::run(void*) (in /opt/gcc/gcc4.9w/lib/libstdc++.6.dylib) ==60478== by 0x1001BA39B: _pthread_exit (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001B9E88: thread_start (in /usr/lib/libSystem.B.dylib) ==60478== Address 0x1003fcc68 is 8 bytes inside a block of size 40 free'd ==60478== at 0x10003452D: free (vg_replace_malloc.c:430) ==60478== by 0x1003E3A62: emutls_destroy (in /opt/gcc/gcc4.9w/lib/libgcc_s.1.dylib) ==60478== by 0xFF: ??? ==60478== by 0x1008FEEBF: ??? ==60478== by 0x1008FEFFF: ??? ==60478== by 0x1001BA6E7: _pthread_tsd_cleanup (in /usr/lib/libSystem.B.dylib) ==60478== vg_alloc_ThreadState: no free slots available Increase VG_N_THREADS, rebuild and try again. valgrind: the 'impossible' happened: VG_N_THREADS is too low ==60478== at 0x1380340C7: ??? ==60478== by 0x13803412E: ??? ==60478== by 0x13803417C: ??? ==60478== by 0x13803418A: ??? ==60478== by 0x13809B5BF: ??? ==60478== by 0x1380C4C9B: ??? ==60478== by 0x1380A0179: ??? ==60478== by 0x13809DAD2: ??? ==60478== by 0x1380C463F: ??? sched status: running_tid=1 Thread 1: status = VgTs_Runnable ==60478== at 0x1001B9E52: __bsdthread_create (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1000A8DEA: std::thread::_M_start_thread(std::shared_ptr<std::thread::_Impl_base>) (in /opt/gcc/gcc4.9w/lib/libstdc++.6.dylib) ==60478== by 0x7FFF5FBFE97F: ??? ==60478== by 0x7FFF5FBFE96F: ??? Thread 2: status = VgTs_Init ==60478== at 0x1001B9E7C: thread_start (in /usr/lib/libSystem.B.dylib) Thread 3: status = VgTs_WaitSys ==60478== at 0x100180D7A: mach_msg_trap (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001817FF: semaphore_create (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001BCDF1: new_sem_from_pool (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001BA5B0: _pthread_exit (in /usr/lib/libSystem.B.dylib) ==60478== by 0x1001B9E88: thread_start (in /usr/lib/libSystem.B.dylib) Thread 4: status = VgTs_Init ==60478== at 0x1001B9E7C: thread_start (in /usr/lib/libSystem.B.dylib) ... Thread 499: status = VgTs_Init ==60478== at 0x1001B9E7C: thread_start (in /usr/lib/libSystem.B.dylib)
