Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Type synonym definitions can weaken constraints of previously defined types through their manifests #7160

Closed
vicuna opened this issue Mar 2, 2016 · 2 comments
Closed

Type synonym definitions can weaken constraints of previously defined types through their manifests #7160

vicuna opened this issue Mar 2, 2016 · 2 comments
Assignees
@garrigue
Labels
bug typing

Comments

@vicuna
Copy link

vicuna commented Mar 2, 2016

Original bug ID: 7160
Reporter: mandrykin
Assigned to: @garrigue
Status: closed (set by @xavierleroy on 2017-09-24T15:32:01Z)
Resolution: fixed
Priority: low
Severity: crash
Platform: x86_64
OS: Linux 3.19.0
OS Version: Ubuntu 15.04
Fixed in version: 4.03.0+dev / +beta1
Category: typing
Monitored by: @hcarty

Bug description

The attached example shows how type defining a type synonym with an incompatible manifest can actually change the previous definition instead of being rejected. This can potentially lead to segmentation faults when ill-typed programs are accepted.

Steps to reproduce

ocaml

(* OCaml version 4.03.0+beta1*)
type 'a any = [< A | B] as 'a;;
(* type 'a any = 'a constraint 'a = [< A | B ] )
type _ t = X : int -> [A] t | Y : string -> [B] t | C : (_ any as 'l) t -> 'l t;;
( type _ t =
X : int -> [ A ] t | Y : string -> [ B ] t
| C : 'a any t -> ([< A | B ] as 'a) any t )
let rec f = function Y s -> s | C y -> f y;;
( val f : [ B ] any t -> string = <fun> *) f (Y "5");; (* - : string = "5" *) f (C (Y "5"));; (* - : string = "5" *) f (X 5);; (* Error: This expression has type [ A ] t
but an expression was expected of type [ B ] any t Type [ A ] is not compatible with type [ B ] any = [ B ]
These two variant types have no intersection )
f (C (X 5));;
( Error: This expression has type [ A ] t but an expression was expected of type [ B ] any any t
Type [ A ] is not compatible with type [ B ] any any = [ B ] These two variant types have no intersection *) (* Until now everything is OK *) type 'a tt = 'a t = X : int -> [A] tt | Y : string -> [B] tt | C : [< A | B] t -> [< A | B] tt;; (* type 'a tt = 'a t = X : int -> [ A ] tt
| Y : string -> [ B ] tt | C : [< A | B ] t -> [< A | B ] tt *) (* This type synonym definition is accepted though its constraints for the C constructor are different (no equality previously expressed with variable 'l) *) (* Now even the definition of type _ t itself is changed *) f (Y "5");; (* - : string = "5" *) f (C (Y "5"));; (* - : string = "5" *) f (X 5);; (* Error: This expression has type [ A ] tt = [ A ] t but an expression was expected of type [ B ] any t
Type [ A ] is not compatible with type [ B ] any = [ `B ]
These two variant types have no intersection )
( The following should not be accepted *)
f (C (X 5));;
Segmentation fault (core dumped)

File attachments
@vicuna
Copy link
Author

vicuna commented Mar 2, 2016

Comment author: mandrykin

Attached a smaller example.

@vicuna
Copy link
Author

vicuna commented Mar 3, 2016

Comment author: @garrigue

Thank you, this is a nasty soundness bug, and went completely undetected since the introduction of GADTs.

This is fixed in 4.03 and trunk, at commits e21dd56 and a18af2a.

@vicuna vicuna closed this as completed Sep 24, 2017
@vicuna vicuna added the typing label Mar 14, 2019
@vicuna vicuna added the bug label Mar 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garrigue garrigue

Labels
bug typing
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garrigue @vicuna