Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Soundness bug related to type constraints #6275

Closed
vicuna opened this issue Dec 16, 2013 · 6 comments
Closed

Soundness bug related to type constraints #6275

vicuna opened this issue Dec 16, 2013 · 6 comments
Assignees

Comments

@vicuna
Copy link

vicuna commented Dec 16, 2013

Original bug ID: 6275
Reporter: @lpw25
Assigned to: @garrigue
Status: closed (set by @xavierleroy on 2015-12-11T18:25:30Z)
Resolution: fixed
Priority: normal
Severity: minor
Version: 4.01.0
Fixed in version: 4.01.1+dev
Category: typing
Related to: #5985
Monitored by: @yallop @hcarty

Bug description

Soundness bug related to type constraints reported by art-w on reddit:

        OCaml version 4.02.0+dev2-2013-09-12
 
# type 'x t = A of 'a constraint 'x = [< `X of 'a ] ;;
type 'b t = A of 'a constraint 'b = [< `X of 'a ]
# let magic (x : 'a) = 
    let A x = A x in
      x;;
    val magic : 'a -> 'b = <fun>
# (magic 0: string);;
 
Process ocaml-toplevel segmentation fault
@vicuna
Copy link
Author

vicuna commented Dec 16, 2013

Comment author: @lpw25

This appears to be related to the injectivity bug. A type which unifies with:

[< `X of 'a | `Y]

may not be injective in 'a since it might be [`Y]. I think something similar is happening in this bug.

@vicuna
Copy link
Author

vicuna commented Dec 16, 2013

Comment author: @lpw25

Same bug using GADTs instead of constraints:

        OCaml version 4.02.0+dev2-2013-09-12
 
# type 'a t = A : 'a -> [< `X of 'a ] t;;
type 'a t = A : 'a -> [< `X of 'a ] t
# let magic (x : 'a) =
        let A x = A x in
          x;;
    val magic : 'a -> 'b = <fun>
# (magic 0: string);;
 
Process ocaml-toplevel segmentation fault

@vicuna
Copy link
Author

vicuna commented Dec 17, 2013

Comment author: @garrigue

Fixed in trunk and 4.01, at revisions 14363 and 14364.

It is indeed very similar to #5985 as the problem is non-injectivity,
and this is related to the need of having both upper and lower bounds
for variance.
You could say it's worse, as you don't even need abstraction to trigger it.

@vicuna
Copy link
Author

vicuna commented Dec 17, 2013

Comment author: @damiendoligez

Reopened because on 4.01 the fix breaks the regression test for #5985.

@vicuna
Copy link
Author

vicuna commented Dec 17, 2013

Comment author: @lpw25

It looks like revision 14364 doesn't actually include the fix, only the tests for the bug.

@vicuna
Copy link
Author

vicuna commented Dec 18, 2013

Comment author: @garrigue

Indeed, I committed in testsuite for 4.01...
Now really fixed at 14373.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants