| Issue |
143587
|
| Summary |
[tysan] False positive with placement new
|
| Labels |
new issue
|
| Assignees |
|
| Reporter |
zygoloid
|
[Testcase](https://godbolt.org/z/5qzYG63od):
```c++
#include <new>
struct X {
X *p;
};
struct Y {
Y *p;
};
union U {
X head;
Y tail;
};
int main() {
U u;
new (&u) X{.p = 0};
new (&u) Y{.p = 0};
}
```
(reduced from libc++'s `std::variant` implementation). This results in a false-positive diagnostics with `-fsanitize=type`:
```console
==1==ERROR: TypeSanitizer: type-aliasing-violation on address 0x7fffaf0dc548 (pc 0x5e6468605ff7 bp 0x7fffaf0dc4f0 sp 0x7fffaf0dc480 tid 1)
WRITE of size 8 at 0x7fffaf0dc548 with type p1 _ZTS1Y (in Y at offset 0) accesses an existing object of type p1 _ZTS1X (in X at offset 0)
#0 0x5e6468605ff6 (/app/output.s+0x2aff6)
```
Adding an explicit `u.head.~X()` call before the second placement new doesn't make a difference. Presumably type sanitizer isn't properly modeling `new` expressions (nor destructor / pseudo-destructor calls).
![]()
_______________________________________________
llvm-bugs mailing list
llvm-bugs@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-bugs
