Description: ------------ If a function is returning a inheritance class object, the print/call of that function will have an argument shift. Testcase: --------- #include <iostream> using namespace std; class Dad { public: Dad(int i): _value(i) {} private: int _value ; }; class Son : public Dad { public: Son() : Dad(777) {} }; class B{ public: Son f(int a, int b, B* c){ cout << this << " " << a << " " << b << " " << c << endl; cout << (this == c) << endl; return Son(); } }; int main(){ B* p = new B(); p->f(1,2,p); return 0; } How to reproduce: ----------------- Compile the above mentioned testcase (gdb) b main Breakpoint 1 at 0x4009ee: file test.cpp, line 27. (gdb) r Starting program: /home/SillyDuck/bad Breakpoint 1, main () at test.cpp:27 27 B* p = new B(); (gdb) n 28 p->f(1,2,p); (gdb) p p->f(1,2,p) 0x7fffffffda00 6376480 1 0x2 0 $1 = {<Dad> = {_value = 0}, <No data fields>} Environment: ------------ GNU gdb (GDB) 8.0.1 gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) Also appears in the gcc 4.8.3 with gdb 7.12 in CentOS 6.6 (In fact it appears in most linux system) Discussion: ----------- After tracing the src, I think the root problem may be in the gnu-v3-api.c --> gnuv3_pass_by_reference the assembly of test.cpp did not has a pointer passed as the first argument for the return value. But gdb is somehow inconsist with gcc's behavior... If the function is calling some other function with incorrect "this" pointer, it sometimes also crashes the gdb... 00000000004009e6 <main>: 4009e6: 55 push %rbp 4009e7: 48 89 e5 mov %rsp,%rbp 4009ea: 48 83 ec 10 sub $0x10,%rsp 4009ee: bf 01 00 00 00 mov $0x1,%edi 4009f3: e8 d8 fe ff ff callq 4008d0 <_Znwm@plt> 4009f8: 48 89 45 f8 mov %rax,-0x8(%rbp) 4009fc: 48 8b 55 f8 mov -0x8(%rbp),%rdx 400a00: 48 8b 45 f8 mov -0x8(%rbp),%rax 400a04: 48 89 d1 mov %rdx,%rcx 400a07: ba 02 00 00 00 mov $0x2,%edx 400a0c: be 01 00 00 00 mov $0x1,%esi 400a11: 48 89 c7 mov %rax,%rdi 400a14: e8 cf 00 00 00 callq 400ae8 <_ZN1B1fEiiPS_> 400a19: b8 00 00 00 00 mov $0x0,%eax 400a1e: c9 leaveq 400a1f: c3 retq Interesting thing is that if we add a copy constructor in Dad, this problem is gone...
Created attachment 10492 [details] Arg shift illustration