| Anonymous | Login | Signup for a new account | 2013-05-25 16:39 CEST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | |||
| 0005518 | OCaml | OCaml runtime system | public | 2012-03-04 17:46 | 2012-03-06 20:18 | |||
| Reporter | sliquister | |||||||
| Assigned To | ||||||||
| Priority | normal | Severity | crash | Reproducibility | always | |||
| Status | closed | Resolution | fixed | |||||
| Platform | OS | Ubuntu | OS Version | |||||
| Product Version | 3.12.1 | |||||||
| Target Version | Fixed in Version | 3.13.0+dev | ||||||
| Summary | 0005518: Segfault with lazy empty arrays | |||||||
| Description | It also breaks in version 3.11.2. The following program segfaults in the garbage collector: let empty = lazy [||] let _ = Lazy.force empty let () = Gc.minor () | |||||||
| Steps To Reproduce | Compile with ocamlc or ocamlopt without any particular options. | |||||||
| Additional Information | If the lazy value is not forced, it doesn't segfault. If the array is not empty, it doesn't segfault. If the empty array is computed rather than a literal, it still segfaults. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0007000) gasche (developer) 2012-03-04 20:57 |
Confirmed -- also reproduced with reasonably-recent trunk. |
|
(0007006) sliquister (reporter) 2012-03-05 20:42 |
On the other hand, this works fine (tested with tags between 1 and 240): let empty = lazy (Obj.new_block 1 0) let _ = Lazy.force empty let () = Gc.minor () So it only segfaults for an atom with tag 0. |
|
(0007007) sliquister (reporter) 2012-03-05 21:18 |
I would say that the following piece of code from minor_gc is the culprit: if (Is_block (f)){ vv = Is_in_value_area(f); if (vv) { ft = Tag_val (Hd_val (f) == 0 ? Field (f, 0) : f); } } f is the array, and I think Field(f, 0) is called because the header of an atom with a tag 0 looks a lot like a forwarded header. |
|
(0007013) doligez (manager) 2012-03-06 20:18 |
Fixed in trunk (commit 12194). |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2012-03-04 17:46 | sliquister | New Issue | |
| 2012-03-04 20:57 | gasche | Note Added: 0007000 | |
| 2012-03-04 20:57 | gasche | Status | new => acknowledged |
| 2012-03-04 20:57 | gasche | Severity | minor => crash |
| 2012-03-05 20:42 | sliquister | Note Added: 0007006 | |
| 2012-03-05 21:18 | sliquister | Note Added: 0007007 | |
| 2012-03-06 20:18 | doligez | Note Added: 0007013 | |
| 2012-03-06 20:18 | doligez | Status | acknowledged => closed |
| 2012-03-06 20:18 | doligez | Resolution | open => fixed |
| 2012-03-06 20:18 | doligez | Fixed in Version | => 3.13.0+dev |
|
Issue History |
| Copyright © 2000 - 2011 MantisBT Group |
 |