C++ unordered_map emplace() function throwing seg fault and I have no idea why

Question

I am getting a seg fault while using std::unordered_map::emplace(). Here is the minimal reproducible example:

#include 
#include 
#include 
using namespace std;

class WordTable {
public:
  WordTable() {
    total = 0;
  }
  ~WordTable() {}

  void addWord(const string word, const int incr = 1) {
    cout << "begin emplace" << endl;
    table.emplace(word, Node()); //this is where the seg fault occurs
    cout << "emplace succeeded" << endl;
    if (incr) {
      table[word].incrementCount();
      incrementTotal();
    }
  }
private:
  struct Node {
  public:
    Node() {
      count = 0;
      kids = new WordTable();
    }
    ~Node() {
      delete kids;
    }
    int incrementCount() {
      return ++count;
    }
  private:
    int count;
    WordTable* kids;
  };

  int incrementTotal() {
    return ++total;
  }
  int total;
  unordered_map table;
};

int main() {
  WordTable tmp;
  cout << "add word 1" << endl;
  tmp.addWord("Hi");
  cout << "end add word 1" << endl;
  tmp.addWord("Hi");
  cout << "end add word 2" << endl;

  WordTable* test = new WordTable();
  cout << "add word 3" << endl;
  test->addWord("Hi");
  cout << "end add word 3" << endl;
}

And the corresponding output:

add word 1
begin emplace
emplace succeeded
end add word 1
begin emplace
emplace succeeded
end add word 2
add word 3
begin emplace
Segmentation fault (core dumped)

The seg fault happens in the call to .emplace() in the third call to addWord().

What is supposed to happen is that addWord("Hi") adds a mapping to the std::unordered_map table. That mapping should have "Hi" as the key value and a Node() object for the mapped value.

Here's the first weird part: if I only have one call to addWord() before that third call, there is no seg fault. Here's the output:

add word 1
begin emplace
emplace succeeded
end add word 1
end add word 2
add word 3
begin emplace
emplace succeeded
end add word 3

The second weird part is that if I statically allocate test, then there is also no seg fault. Here's the output from that:

add word 1
begin emplace
emplace succeeded
end add word 1
begin emplace
emplace succeeded
end add word 2
add word 3
begin emplace
emplace succeeded
end add word 3

I have no idea what's happening nor why it's happening. I simply don't understand how a seg fault could occur inside the STL unordered_map::emplace(). The only issue I can think of is the way I am creating a Node() in addWord(), but I don't see how that would enable addWord() to succeed in the first two calls but seg fault in the third.

I would greatly appreciate any assistance!!!

Fire Lancer · Accepted Answer

In Node, you allocate and free WordTable *kids in the constructor and destructor, but it will have the default copy constructor and operator. These will just copy the pointer itself, not create a new object, like:

Node(const Node &cp) // default
    : count(cp.count), kids(cp.kids) // no "new"!
{}

When the first of these copies is destructed, the pointer is deleted, leaving the other copies with an invalid pointer, which will hopefully crash on access (the alternative is often some form of heap corruption). In this case the second access seems to vary by compiler, GCC seems to run into issues within emplace due to making extra copies, MSVC doesn't until it goes to ~WordTable() when main returns (the WordTable tmp stack variable).

You can see this by tracking the new/delete:

Node() {
  count = 0;
  kids = new WordTable();
  cout << "new kids " << kids << endl;
}
~Node() {
  cout << "delete kids " << kids << endl;
  delete kids;
}

// GCC
add word 1
begin emplace
new kids 0xa38c30
delete kids 0xa38c30 // was deleted inside emplace, but when `~WordTable` happens later (if it got that far) will be deleted a second time, the one stored in the WordTable instance.
emplace succeeded
end add word 1
begin emplace
new kids 0xa38c30 // Can get the same pointer as 0xa38c30 is now "free"
delete kids 0xa38c30 // and again
delete kids 0xa38c30 // this time twice due to some GCC specific implementation detail, when the value "Hi" already existed so the value was no longer wanted
emplace succeeded
end add word 2
add word 3
begin emplace
new kids 0xa38cf0 // same pointer again
SIGSEGV // this time not so lucky, maybe because that double deletion just above corrupted something

You can prevent the default copy by "deleting" the constructor, operator:

Node(const Node &) = delete;
Node &operator = (const Node &) = delete;

This will turn table.emplace(word, Node()); into a compile error, as this is where the copy is happening. Although you called emplace, you passed it a full temporary object, so it will try and emplace to the copy constructor Node(const Node &). What you want to do with emplace is pass it the constructor arguments, this is a bit tricky for the default constructor case, a simple table.emplace(word) won't compile:

table.emplace(std::piecewise_construct, std::make_tuple(word), std::make_tuple());

Alternatively if you want your object to be safely copyable, implement those functions explicitly.

Node(const Node &cp)
    : count(cp.count), kids(new WordTable()) // create a full new object this time
{
    *kids = *cp.kids;
    cout << "copy constructor " << kids << endl;
}
Node &operator = (const Node &cp)
{
    *kids = *cp.kids;
    cout << "copy operator " << kids << endl;
    return *this;
}

add word 1
begin emplace
new kids 0xee8c30
copy constructor 0xee8cd0 // this time made a new object
delete kids 0xee8c30 // deleted the original but 0xee8cd0 is still valid
emplace succeeded
end add word 1
begin emplace
new kids 0xee8c30
copy constructor 0xee8d90
delete kids 0xee8d90
delete kids 0xee8c30
emplace succeeded
end add word 2
add word 3
begin emplace
new kids 0xee8d40
copy constructor 0xee8de0
delete kids 0xee8d40
emplace succeeded
end add word 3
delete kids 0xee8cd0 // that first copy getting deleted when main returns

The copy of the WordTable is fine, as unordered_map will copy each key/value individually, using the ones just provided.

Another similar alternative would be to provide suitable move constructors and operators, either along side the copy ones, or with the copy deleted.

Node(const Node &cp) = delete;
Node &operator = (const Node &cp) = delete;
Node(Node && mv)
    : count(mv.count), kids(mv.kids)
{
    mv.kids = nullptr; // took kids away from mv
    cout << "move constructor " << kids << endl;
}
Node &operator = (Node &&mv)
{
    swap(count, mv.count);
    swap(kids, mv.kids);
    cout << "move operator " << kids << " from " << mv.kids << endl;
    return *this;
}

add word 1
begin emplace
new kids 0x1c4cc30 // temporary object
move constructor 0x1c4cc30 // final emplace value
delete kids 0 // moved it out, so nothing is deleted here
emplace succeeded
end add word 1
begin emplace
new kids 0x1c4ccf0
move constructor 0x1c4ccf0
delete kids 0x1c4ccf0  // delete due to duplicate "Hi"
delete kids 0 // again it was moved, so empty
emplace succeeded
end add word 2
add word 3
begin emplace
new kids 0x1c4ccf0
move constructor 0x1c4ccf0
delete kids 0
emplace succeeded
end add word 3
delete kids 0x1c4cc30

Remember that whatever state you leave the moved object in (e.g. here zero count and null kids) needs to itself be valid. So you would need to be careful and have appropriate if (kids == nullptr) checks if you did that.

A case like this is also a good one for a std::unique_ptr, where some object is being created and destroyed within a single unique place, saving the need for a manual delete. It will also automatically prevent the default copy, as unique_ptr itself disallows copying, but allows moving (Note: If you have an a ~Node(), you won't get the move functions automatically).

struct Node {
public:
    Node()
        : count(0)
        , kids(std::make_unique()) // std::unique_ptr(new WordTable())
    {}
    int incrementCount() {
        return ++count;
    }
private:
    int count;
    std::unique_ptr kids;
};

C++ unordered_map emplace() function throwing seg fault and I have no idea why

Answers (2)

Related Questions