https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118865
Bug ID: 118865
Summary: [15 regression] -Wfree-nonheap-object false positive
Product: gcc
Version: 15.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: snyder at bnl dot gov
Target Milestone: ---
hi -
This test case generates a false-positive -Wfree-nonheap-object warning
with gcc 15 -O1 (tested as of 20250213 on a fedora 40 x86_64 system):
-- test.cc -------------------------------------------------------------
#include <list>
#include <cmath>
double processJetContainer(const int* jbeg, const int* jend)
{
std::list<int> listJets(jbeg, jend);
int dr2min = 500000;
std::list<int>::iterator it=listJets.begin();
for( ; it != listJets.end(); ++it)
{
dr2min = *it;
}
listJets.erase(listJets.begin());
return sqrt(dr2min);
}
--------------------------------------------------------------------------
$ gcc --version -c -O1 test.cc
gcc (GCC) 15.0.1 20250213 (experimental)
...
$ gcc -c -O1 test.cc
In file included from
/usr/local/gcc/include/c++/15.0.1/x86_64-pc-linux-gnu/bits/c++allocator.h:33,
from /usr/local/gcc/include/c++/15.0.1/bits/allocator.h:46,
from /usr/local/gcc/include/c++/15.0.1/list:65,
from test.cc:1:
In member function ‘void std::__new_allocator<_Tp>::deallocate(_Tp*, size_type)
[with _Tp = std::_List_node<int>]’,
inlined from ‘static void std::allocator_traits<std::allocator<_Tp1>
>::deallocate(allocator_type&, pointer, size_type) [with _Tp =
std::_List_node<int>]’ at
/usr/local/gcc/include/c++/15.0.1/bits/alloc_traits.h:649:23,
inlined from ‘void std::__cxx11::_List_base<_Tp,
_Alloc>::_M_put_node(_Node_ptr) [with _Tp = int; _Alloc = std::allocator<int>]’
at /usr/local/gcc/include/c++/15.0.1/bits/stl_list.h:820:32,
inlined from ‘void std::__cxx11::_List_base<_Tp,
_Alloc>::_M_destroy_node(_Node_ptr) [with _Tp = int; _Alloc =
std::allocator<int>]’ at
/usr/local/gcc/include/c++/15.0.1/bits/stl_list.h:855:19,
inlined from ‘void std::__cxx11::list<_Tp, _Allocator>::_M_erase(iterator)
[with _Tp = int; _Alloc = std::allocator<int>]’ at
/usr/local/gcc/include/c++/15.0.1/bits/stl_list.h:2474:23,
inlined from ‘std::__cxx11::list<_Tp, _Allocator>::iterator
std::__cxx11::list<_Tp, _Allocator>::erase(const_iterator) [with _Tp = int;
_Alloc = std::allocator<int>]’ at
/usr/local/gcc/include/c++/15.0.1/bits/list.tcc:153:15,
inlined from ‘double processJetContainer(const int*, const int*)’ at
test.cc:15:17:
/usr/local/gcc/include/c++/15.0.1/bits/new_allocator.h:172:66: warning: ‘void
operator delete(void*, std::size_t)’ called on unallocated object ‘listJets’
[-Wfree-nonheap-object]
172 | _GLIBCXX_OPERATOR_DELETE(_GLIBCXX_SIZED_DEALLOC(__p, __n));
| ^
test.cc: In function ‘double processJetContainer(const int*, const int*)’:
test.cc:6:18: note: declared here
6 | std::list<int> listJets(jbeg, jend);
| ^~~~~~~~
$
I was able to reduce this further, expanding the library headers:
-- testred.cc ----------------------------------------------------------
struct Node_t
{
Node_t* _M_next;
};
class list
{
public:
list();
Node_t m_node;
void foo();
void
_M_erase(Node_t* __position)
{
this->foo();
__builtin_operator_delete (__position, sizeof(Node_t));
}
};
double processJetContainer()
{
list listJets;
int dr2min = 0;
Node_t* it = listJets.m_node._M_next;
while( it != &listJets.m_node)
{
++dr2min;
it = it->_M_next;
}
listJets._M_erase (listJets.m_node._M_next);
return __builtin_sqrt(dr2min);
}
--------------------------------------------------------------------------
$ gcc -c -O1 testred.cc
In member function ‘void list::_M_erase(Node_t*)’,
inlined from ‘double processJetContainer()’ at testred.cc:37:21:
testred.cc:19:58: warning: ‘void operator delete(void*, long unsigned int)’
called on unallocated object ‘listJets’ [-Wfree-nonheap-object]
19 | __builtin_operator_delete (__position, sizeof(Node_t));
| ^
testred.cc: In function ‘double processJetContainer()’:
testred.cc:27:8: note: declared here
27 | list listJets;
| ^~~~~~~~
$
The warning is not seen with gcc 14.2.1 (fedora 40 system compiler).
