digitalmars.D.bugs - [Issue 8832] New: Segfault when accessing range returned by function that has delegate referencing local variables
- d-bugmail puremagic.com (37/37) Oct 16 2012 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (6/6) Oct 16 2012 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (16/16) Oct 18 2012 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (16/41) Oct 26 2012 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (27/27) Dec 29 2012 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (8/8) Jan 28 2013 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (6/6) Jan 28 2013 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (12/12) Jan 29 2013 http://d.puremagic.com/issues/show_bug.cgi?id=8832
- d-bugmail puremagic.com (9/9) Jan 29 2013 http://d.puremagic.com/issues/show_bug.cgi?id=8832
http://d.puremagic.com/issues/show_bug.cgi?id=8832
Summary: Segfault when accessing range returned by function
that has delegate referencing local variables
Product: D
Version: D2
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: DMD
AssignedTo: nobody puremagic.com
ReportedBy: hsteoh quickfur.ath.cx
--- Comment #0 from hsteoh quickfur.ath.cx 2012-10-16 17:18:50 PDT ---
import std.algorithm;
import std.range;
import std.stdio;
auto boo() {
auto C = [2];
return [1,1].map!((a) => C).joiner;
}
void main() {
writeln(boo().take(12));
}
This code will either segfault or produce nonsensical output. Replacing (a)=>C
with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the
problem go away, and removing .joiner also makes the problem go away. Removing
the .map makes the problem go away too.
The problem is suspected to be the delegate (a)=>C which references the local
variable C, which goes out of scope when boo() returns. For whatever reason,
dmd isn't emitting code to allocate the delegate's context on the heap, causing
a crash when writeln() tries to read the second element off the range. (I'm not
sure why it doesn't crash with the first element. Maybe luck.)
Replacing the delegate with function(a)=>[1] makes the problem go away.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Oct 16 2012
d-bugmail puremagic.com http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #1 from hsteoh quickfur.ath.cx 2012-10-16 21:50:50 PDT --- See also issue 7978, probably the same bug in a different context. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Oct 16 2012
http://d.puremagic.com/issues/show_bug.cgi?id=8832
--- Comment #2 from hsteoh quickfur.ath.cx 2012-10-18 08:44:25 PDT ---
I think I may have figured out the cause of this bug. If boo() is modified as
follows:
auto boo() {
auto C = [2];
auto d = delegate(int) => C;
return [1,1].map!d.joiner;
}
then everything works. Seems to me that the compiler is failing to pick up the
reference to C *when the delegate is defined inside the compile-time parameter*
to map. Hopefully this helps narrow it down enough to find the problem in the
dmd code.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Oct 18 2012
http://d.puremagic.com/issues/show_bug.cgi?id=8832
Maxim Fomin <maxim maxim-fomin.ru> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |maxim maxim-fomin.ru
--- Comment #3 from Maxim Fomin <maxim maxim-fomin.ru> 2012-10-26 11:41:40 PDT
---
(In reply to comment #0)
import std.algorithm;
import std.range;
import std.stdio;
auto boo() {
auto C = [2];
return [1,1].map!((a) => C).joiner;
}
void main() {
writeln(boo().take(12));
}
This code will either segfault or produce nonsensical output. Replacing (a)=>C
with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the
problem go away, and removing .joiner also makes the problem go away. Removing
the .map makes the problem go away too.
The problem is suspected to be the delegate (a)=>C which references the local
variable C, which goes out of scope when boo() returns. For whatever reason,
dmd isn't emitting code to allocate the delegate's context on the heap, causing
a crash when writeln() tries to read the second element off the range. (I'm not
sure why it doesn't crash with the first element. Maybe luck.)
Replacing the delegate with function(a)=>[1] makes the problem go away.
The problem is in erroneous treating (a) => C of type void. If this is fixed
to:
- delegate(int a) { return C; }
- (int a) { return C; )
- (int a) => C;
everything works fine.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Oct 26 2012
http://d.puremagic.com/issues/show_bug.cgi?id=8832
Walter Bright <bugzilla digitalmars.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bugzilla digitalmars.com
--- Comment #4 from Walter Bright <bugzilla digitalmars.com> 2012-12-29
00:41:00 PST ---
A clearer test case:
import std.algorithm;
import std.range;
import std.stdio;
auto boo() {
auto C = [2];
auto bar(int) { return C; }
return [1,1].map!(bar).joiner;
}
void main() {
writeln(boo().take(12));
}
The problem is that joiner!(MapResult!(bar,int[])) is not recognized as a
'local' template instantiation, even though MapResult!(bar,int[]) is marked as
local. Hence, boo() is not marked as needing a closure (case (4) in
FuncDeclaration::needsClosure()).
The fix listed for Issue 8863 correctly fixes this one. But there are other
problems with that fix, as listed in 8863.
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Dec 29 2012
http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #5 from Walter Bright <bugzilla digitalmars.com> 2013-01-28 19:34:47 PST --- Interestingly, Don's fix: https://github.com/D-Programming-Language/dmd/pull/1554 fixes my clearer test case, but not the original. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Jan 28 2013
http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #6 from Walter Bright <bugzilla digitalmars.com> 2013-01-28 21:09:49 PST --- https://github.com/D-Programming-Language/dmd/pull/1575 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Jan 28 2013
http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #7 from github-bugzilla puremagic.com 2013-01-29 11:54:38 PST --- Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/63bba9d02ad4ff783c10c543c2c9ea4e91248873 fix Issue 8832 - Segfault when accessing range returned by function that has delegate referencing local variables https://github.com/D-Programming-Language/dmd/commit/fe7583317aefdc63e5dc233a627296c5df5594e3 Merge pull request #1575 from WalterBright/b43 fix Issue 8832 - Segfault when accessing range returned by function that... -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
Jan 29 2013
http://d.puremagic.com/issues/show_bug.cgi?id=8832
Walter Bright <bugzilla digitalmars.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
Jan 29 2013