Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006435OCamlOCaml backend (code generation)public2014-05-20 16:352014-05-21 06:12
Reporterdim 
Assigned Togarrigue 
PriorityhighSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version4.02.0+dev 
Target Version4.02.0+devFixed in Version4.02.0+dev 
Summary0006435: segfault with shadowing/include
DescriptionThe following program segfault with trunk:

-----[ foo.ml ]-----

module M = struct
  type t = string

  let x = 0
  let x = 1

  module Set = Set.Make(String)
end

include M

-----[ main.ml ]-----

module F (M : sig
            type t
            module Set : Set.S with type elt = t
          end) =
struct
  let test set = Printf.printf "%d\n" (M.Set.cardinal set)
end

module M = F (Foo)

let () = M.test (Foo.M.Set.singleton "42")

---------------------

compile with: ocamlbuild main.native

It is easy to see what is wrong by looking at the lambda code:

The field for [Foo.M] is compiled as:

  (setfield_imm 0 (global Foo!)
     (makeblock 0
        (field 1 M/1117) ; let x = 1
        (field 2 M/1117) ; module Set = Set.Make(String)
  ))

And [Main.M]:

  (M/1165 =
     (apply (field 0 (global Main!))
       (let (let/1316 =a (global Foo!))
          (makeblock 0
             (field 2 (field 0 let/1316)) ; [Foo.M].(2) while [Foo.M] has only 2 fields!
          ))))

The (field 2 <something>) seems to come from (field 2 M/...) of [Foo]. Adding more [let x = ...] in foo.ml increases the offset.

TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0011526)
shinwell (developer)
2014-05-20 16:36
edited on: 2014-05-20 16:45

Just for the record: I think this one took more than ten full days of debugging to find!

I've confirmed that this bug was introduced by the original module alias patches.
Another symptom may be "Fatal error: out of memory" caused by heap corruption.

(0011527)
garrigue (manager)
2014-05-21 06:12

Fixed in 4.02, at revision 14896.

The problem was that Typemod.simplify_signature could remove some fields in submodules, without updating the corresponding alias paths (the offsets are contained in paths).

Rather than do the tricky job of updating paths, I settled for the cleaner solution of simplifying signatures immediately: introduce a coercion at the definition point if a module contains a shadowed field. As a result simplify_signature is no longer recursive.

- Issue History
Date Modified Username Field Change
2014-05-20 16:35 dim New Issue
2014-05-20 16:35 dim Status new => assigned
2014-05-20 16:35 dim Assigned To => garrigue
2014-05-20 16:36 shinwell Note Added: 0011526
2014-05-20 16:36 shinwell Severity major => crash
2014-05-20 16:44 shinwell Note Edited: 0011526 View Revisions
2014-05-20 16:45 shinwell Note Edited: 0011526 View Revisions
2014-05-20 16:54 doligez Priority normal => high
2014-05-20 16:54 doligez Target Version => 4.02.0+dev
2014-05-21 06:12 garrigue Note Added: 0011527
2014-05-21 06:12 garrigue Status assigned => resolved
2014-05-21 06:12 garrigue Fixed in Version => 4.02.0+dev
2014-05-21 06:12 garrigue Resolution open => fixed


Copyright © 2000 - 2011 MantisBT Group
Powered by Mantis Bugtracker