[Issue 8832] New: Segfault when accessing range returned by function that has delegate referencing local variables

Oct 17, 2012

hsteoh@quickfur.ath.cx

Oct 17, 2012

hsteoh@quickfur.ath.cx

Oct 18, 2012

hsteoh@quickfur.ath.cx

Oct 26, 2012

Dec 29, 2012

Jan 29, 2013

Jan 29, 2013

Jan 29, 2013

github-bugzilla@puremagic.com

Jan 29, 2013

Walter Bright

http://d.puremagic.com/issues/show_bug.cgi?id=8832 Summary: Segfault when accessing range returned by function that has delegate referencing local variables Product: D Version: D2 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: DMD AssignedTo: nobody@puremagic.com ReportedBy: hsteoh@quickfur.ath.cx --- Comment #0 from hsteoh@quickfur.ath.cx 2012-10-16 17:18:50 PDT --- import std.algorithm; import std.range; import std.stdio; auto boo() { auto C = [2]; return [1,1].map!((a) => C).joiner; } void main() { writeln(boo().take(12)); } This code will either segfault or produce nonsensical output. Replacing (a)=>C with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the problem go away, and removing .joiner also makes the problem go away. Removing the .map makes the problem go away too. The problem is suspected to be the delegate (a)=>C which references the local variable C, which goes out of scope when boo() returns. For whatever reason, dmd isn't emitting code to allocate the delegate's context on the heap, causing a crash when writeln() tries to read the second element off the range. (I'm not sure why it doesn't crash with the first element. Maybe luck.) Replacing the delegate with function(a)=>[1] makes the problem go away. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #1 from hsteoh@quickfur.ath.cx 2012-10-16 21:50:50 PDT --- See also issue 7978, probably the same bug in a different context. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #2 from hsteoh@quickfur.ath.cx 2012-10-18 08:44:25 PDT --- I think I may have figured out the cause of this bug. If boo() is modified as follows: auto boo() { auto C = [2]; auto d = delegate(int) => C; return [1,1].map!d.joiner; } then everything works. Seems to me that the compiler is failing to pick up the reference to C *when the delegate is defined inside the compile-time parameter* to map. Hopefully this helps narrow it down enough to find the problem in the dmd code. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

October 26, 2012

[Issue 8832] Segfault when accessing range returned by function that has delegate referencing local variables

Posted by Maxim Fomin
in reply to hsteoh@quickfur.ath.cx

Permalink

Maxim Fomin

Posted in reply to hsteoh@quickfur.ath.cx

Permalink

http://d.puremagic.com/issues/show_bug.cgi?id=8832


Maxim Fomin <maxim@maxim-fomin.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |maxim@maxim-fomin.ru


--- Comment #3 from Maxim Fomin <maxim@maxim-fomin.ru> 2012-10-26 11:41:40 PDT ---
(In reply to comment #0)
> import std.algorithm;
> import std.range;
> import std.stdio;
> 
> auto boo() {
>     auto C = [2];
>     return [1,1].map!((a) => C).joiner;
> }
> 
> void main() {
>     writeln(boo().take(12));
> }
> 
> This code will either segfault or produce nonsensical output. Replacing (a)=>C with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the problem go away, and removing .joiner also makes the problem go away. Removing the .map makes the problem go away too.
> 
> The problem is suspected to be the delegate (a)=>C which references the local
> variable C, which goes out of scope when boo() returns. For whatever reason,
> dmd isn't emitting code to allocate the delegate's context on the heap, causing
> a crash when writeln() tries to read the second element off the range. (I'm not
> sure why it doesn't crash with the first element. Maybe luck.)
> 
> Replacing the delegate with function(a)=>[1] makes the problem go away.

The problem is in erroneous treating (a) => C of type void. If this is fixed
to:
- delegate(int a) { return C; }
- (int a) { return C; )
- (int a) => C;
everything works fine.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla@digitalmars.com --- Comment #4 from Walter Bright <bugzilla@digitalmars.com> 2012-12-29 00:41:00 PST --- A clearer test case: import std.algorithm; import std.range; import std.stdio; auto boo() { auto C = [2]; auto bar(int) { return C; } return [1,1].map!(bar).joiner; } void main() { writeln(boo().take(12)); } The problem is that joiner!(MapResult!(bar,int[])) is not recognized as a 'local' template instantiation, even though MapResult!(bar,int[]) is marked as local. Hence, boo() is not marked as needing a closure (case (4) in FuncDeclaration::needsClosure()). The fix listed for Issue 8863 correctly fixes this one. But there are other problems with that fix, as listed in 8863. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #5 from Walter Bright <bugzilla@digitalmars.com> 2013-01-28 19:34:47 PST --- Interestingly, Don's fix: https://github.com/D-Programming-Language/dmd/pull/1554 fixes my clearer test case, but not the original. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #6 from Walter Bright <bugzilla@digitalmars.com> 2013-01-28 21:09:49 PST --- https://github.com/D-Programming-Language/dmd/pull/1575 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 --- Comment #7 from github-bugzilla@puremagic.com 2013-01-29 11:54:38 PST --- Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/63bba9d02ad4ff783c10c543c2c9ea4e91248873 fix Issue 8832 - Segfault when accessing range returned by function that has delegate referencing local variables https://github.com/D-Programming-Language/dmd/commit/fe7583317aefdc63e5dc233a627296c5df5594e3 Merge pull request #1575 from WalterBright/b43 fix Issue 8832 - Segfault when accessing range returned by function that... -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=8832 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

Forums