Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ocamlopt.opt stack overflow #7166

Closed
vicuna opened this issue Mar 7, 2016 · 6 comments
Closed

ocamlopt.opt stack overflow #7166

vicuna opened this issue Mar 7, 2016 · 6 comments
Milestone

Comments

@vicuna
Copy link

vicuna commented Mar 7, 2016

Original bug ID: 7166
Reporter: @kayceesrk
Status: closed (set by @mshinwell on 2016-12-07T16:49:28Z)
Resolution: open
Priority: normal
Severity: major
Version: 4.02.3
Target version: 4.03.1+dev
Category: typing
Tags: afl
Monitored by: @gasche

Bug description

Another bug found with afl-instrumented ocamlopt.opt (See #7165). The compilation fails with Fatal error: exception Stack overflow.

Steps to reproduce

$ ocamlopt.opt crash_22909_21.ml
Fatal error: exception Stack overflow

File attachments

@vicuna
Copy link
Author

vicuna commented Mar 7, 2016

Comment author: @mshinwell

This doesn't fail for me on 4.03 (with a 10Mb stack limit). It produces the following type error instead:

File "crash_22909_21.ml", line 91, characters 0-63:
Error: Some type variables are unbound in this type:
class type ustorage = [ucncat:'a storage -> 'selfhar] storage
The method concat has type
(ucncat:'a storage -> 'selfhar) storage ->
(< concat : 'c; copy : 'd;
first : (ucncat:'a storage -> 'selfhar) cursor;
fold : 'b.
((ucncat:'a storage -> 'selfhar) -> int -> 'b -> 'b) ->
'b -> 'b;
iter : ((ucncat:'a storage -> 'selfhar) -> unit) -> unit;
len : int; nth : int -> (ucncat:'a storage -> 'selfhar) cursor;
sub : int -> int -> 'd; .. >
as 'd)
as 'c
where 'selfhar is unbound

@vicuna
Copy link
Author

vicuna commented Mar 7, 2016

Comment author: @mshinwell

What is the backtrace when you get the stack overflow?

@vicuna
Copy link
Author

vicuna commented Mar 7, 2016

Comment author: @kayceesrk

Yes. I confirmed that stack overflow does not occur with 4.03. On 4.02.3, the backtrace on stack overflow is:

Fatal error: exception Stack overflow
Raised at file "format.ml", line 185, characters 41-52
Called from file "format.ml", line 427, characters 6-24

@vicuna
Copy link
Author

vicuna commented Mar 7, 2016

Comment author: @stedolan

Here's a minimal testcase, built by a combination of afl-tmin and manual minimisation:

class type ['a] storage = object ('self)
method b : 'a -> 'self
end

class type g = ['r] storage

I see a backtrace containing a loop of pr_arrow, tree_of_typobject and tree_of_typfields in Printtyp, testing with 4.02.3.

@vicuna
Copy link
Author

vicuna commented Jul 13, 2016

Comment author: @alainfrisch

I don't see immediately any change in Printtyp between 4.02.3 and 4.03 that would explain that fix. Perhaps something in the type-checker producing a different type. It would be good to know if the bug has been fixed or just now stay hidden for unrelated reasons (but it's hard to get motivated to track a bug which is no longer apparent...).

@vicuna
Copy link
Author

vicuna commented Dec 7, 2016

Comment author: @mshinwell

No-one appears to have been motivated to investigate this in the past five months and, given that the particular example exhibited now works, I move to close this PR and wait for a subsequent PR when such a problem arises again. This is only stack overflow not unsoundness, after all.

@vicuna vicuna closed this as completed Dec 7, 2016
@vicuna vicuna added the typing label Mar 14, 2019
@vicuna vicuna added this to the 4.03.1 milestone Mar 14, 2019
@vicuna vicuna added the bug label Mar 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant