[Issue 3769] New: Segfault using invalid case (D1 only)

[Issue 3769] Segfault(constfold.c) using invalid case (D1 only)

Feb 04, 2010

Don

[Issue 3769] Regression: Segfault(constfold.c) array literals and case statements

Feb 05, 2010

Feb 05, 2010

Feb 06, 2010

Feb 06, 2010

Mar 09, 2010

http://d.puremagic.com/issues/show_bug.cgi?id=3769 Summary: Segfault using invalid case (D1 only) Product: D Version: 1.020 Platform: Other OS/Version: Windows Status: NEW Keywords: ice-on-invalid-code Severity: critical Priority: P2 Component: DMD AssignedTo: nobody@puremagic.com ReportedBy: clugdbug@yahoo.com.au --- Comment #0 from Don <clugdbug@yahoo.com.au> 2010-02-04 05:36:47 PST --- This code was correctly rejected in DMD1.010, but segfaults in 1.020 and later, including 1.056. I'm intentionally not marking it as regression since it is ancient and cannot exist in old code. Although this test case is D1 only, there are related bugs in D2. ------- const int[ 19 ] buggy_3763 = [ 2 ]; void bugzilla3763() { switch(2) { case buggy_3763[1]: } } -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=3769 Don <clugdbug@yahoo.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Segfault using invalid case |Segfault(constfold.c) using |(D1 only) |invalid case (D1 only) --- Comment #1 from Don <clugdbug@yahoo.com.au> 2010-02-04 13:41:49 PST --- This is a terrible one. It only happens when DMD is compiled with the optimizer on, so it doesn't happen in the debug version of DMD. It's crashing inside constfold.c Index(), around line 1206; it's called from IndexExp::optimize() The code is: else if (e1->op == TOKarrayliteral && !e1->checkSideEffect(2)) { ArrayLiteralExp *ale = (ArrayLiteralExp *)e1; e = (Expression *)ale->elements->data[i]; e->type = type; } It crashes on the first mention of ale->elements. I wonder if this could be a DMC bug? -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

February 05, 2010

[Issue 3769] Regression: Segfault(constfold.c) array literals and case statements

Posted by Don
in reply to Don

Permalink

Don

Posted in reply to Don

Permalink

http://d.puremagic.com/issues/show_bug.cgi?id=3769


Don <clugdbug@yahoo.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|ice-on-invalid-code         |ice-on-valid-code, patch
            Summary|Segfault(constfold.c) using |Regression:
                   |invalid case (D1 only)      |Segfault(constfold.c) array
                   |                            |literals and case
                   |                            |statements


--- Comment #2 from Don <clugdbug@yahoo.com.au> 2010-02-05 00:12:17 PST ---
The root cause is in init.c, Expression *ArrayInitializer::toExpression(),
around line 439.
The Expressions array which holds all of the members of the array literal, does
not get initialized. But the later part of this function assumes that all of
the entries are null.
Here's a patch which fixes it:

    elements = new Expressions();
    elements->setDim(edim);
+   elements->zero();
    for (size_t i = 0, j = 0; i < value.dim; i++, j++)
    {
    if (index.data[i])
        j = ((Expression *)index.data[i])->toInteger();

BUT... this kind of bug is ridiculous, IMHO. I think in root/array.c,
void Array::reserve(unsigned nentries) should be initializing the data it gets
from realloc.
I bet this isn't the only place in the compiler where this landmine is waiting.
Absolutely horrid.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=3769 --- Comment #3 from Don <clugdbug@yahoo.com.au> 2010-02-05 02:17:54 PST --- Better test case, works for both D1 and D2: --- const char[][ 89 ] ENUM_NAME = [ 1:"N0" ]; void bug3769() { switch(`Hi`.dup) { case ENUM_NAME[1]: } } ---- -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=3769 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bugzilla@digitalmars.com --- Comment #4 from Walter Bright <bugzilla@digitalmars.com> 2010-02-05 20:37:36 PST --- Changeset 372 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=3769 Kosmonaut <Kosmonaut@tempinbox.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Kosmonaut@tempinbox.com --- Comment #5 from Kosmonaut <Kosmonaut@tempinbox.com> 2010-02-05 23:37:43 PST --- (In reply to comment #4) > Changeset 372 http://www.dsource.org/projects/dmd/changeset/372 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

http://d.puremagic.com/issues/show_bug.cgi?id=3769 Walter Bright <bugzilla@digitalmars.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #6 from Walter Bright <bugzilla@digitalmars.com> 2010-03-08 22:23:07 PST --- Fixed dmd 1.057 and 2.041 -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------

Forums