Created attachment 1422
dustmited testcase
dmd segfaults on the given sample. actually, it goes to infinite recursion and OS kills it.
sample usage: dmd -c -o- dmdsf.d
Comment #1 by hsteoh — 2014-09-12T20:35:53Z
For short code samples, you can just paste the code into the bug report, like this:
------
struct A {
auto opSlice () {}
auto opSlice () { return B; }
}
void main () {
auto df = A();
foreach (fi; df[0..0]) {}
}
------
On Linux/x86_64, it doesn't actually go into infinite recursion, but segfaults on an invalid pointer:
------
(gdb) bt
#0 Parameter::foreach (args=args@entry=0x29, dg=dg@entry=0x40a000 <dimDg(void*, size_t, Parameter*)>,
ctx=ctx@entry=0x7fffffffe198, pn=pn@entry=0x0) at mtype.c:9182
#1 0x000000000041c3ce in Parameter::dim (args=args@entry=0x29) at mtype.c:9131
#2 0x000000000046c768 in PrettyPrintVisitor::parametersToBuffer (this=this@entry=0x7fffffffe200,
parameters=parameters@entry=0x29, varargs=varargs@entry=9087320) at hdrgen.c:2909
#3 0x00000000004659bf in parametersTypeToChars (parameters=0x29, varargs=9087320) at hdrgen.c:3106
#4 0x00000000004f70a7 in FuncCandidateWalker::fp (param=0x7fffffffe3b0, s=<optimized out>)
at func.c:3091
#5 0x00000000004ecd8f in overloadApply (fstart=0x7ffff7edab70, param=0x7fffffffe3b0,
fp=0x4f7070 <FuncCandidateWalker::fp(void*, Dsymbol*)>) at func.c:2786
#6 0x00000000004edc20 in resolveFuncCall (loc=..., sc=0x7fffffffe198, s=0x0, tiargs=0x3,
tthis=0x7ffff7395be0 <_IO_helper_jumps>, fargs=0x7ffff7f698a0, flags=0) at func.c:3252
#7 0x00000000004d6251 in CallExp::semantic (this=0x7ffff7f69910, sc=0x7ffff7f67740)
at expression.c:8279
#8 0x00000000004e5a71 in semantic (sc=0x7ffff7f67740, this=<optimized out>) at expression.c:7801
#9 SliceExp::semantic (this=<optimized out>, sc=0x7ffff7f67740) at expression.c:9716
#10 0x000000000041f8d3 in OpOverload::visit (this=0x7fffffffe590, ae=0x7ffff7edb970) at opover.c:501
#11 0x000000000041f4a6 in op_overload (e=e@entry=0x7ffff7edb970, sc=sc@entry=0x7ffff7f67740)
at opover.c:1220
#12 0x00000000004dfd3d in op_overload (sc=0x7ffff7f67740, this=0x7ffff7edb970) at expression.h:221
#13 ArrayExp::semantic (this=0x7ffff7edb970, sc=0x7ffff7f67740) at expression.c:10153
#14 0x0000000000422778 in inferAggregate (fes=fes@entry=0x7ffff7edba10, sc=sc@entry=0x7ffff7f67740,
sapply=@0x7fffffffe6f8: 0x0) at opover.c:1454
#15 0x000000000044673e in ForeachStatement::semantic (this=0x7ffff7edba10, sc=0x7ffff7f67740)
at statement.c:1592
#16 0x0000000000442d4a in CompoundStatement::semantic (this=0x7ffff7edba70, sc=0x7ffff7f67740)
at statement.c:1030
#17 0x00000000004ef6f3 in FuncDeclaration::semantic3 (this=0x7ffff7edb2f0,
sc=0x40a000 <dimDg(void*, size_t, Parameter*)>) at func.c:1615
#18 0x0000000000407400 in Module::semantic3 (this=this@entry=0x7ffff7eda420) at module.c:783
#19 0x0000000000404b5c in tryMain (argc=9, argv=0x899600) at mars.c:1517
#20 0x00007ffff7016b45 in __libc_start_main (main=0x4024d0 <main(int, char const**)>, argc=2,
argv=0x7fffffffeb78, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffeb68) at libc-start.c:287
#21 0x0000000000402a05 in _start ()
(gdb) p args
$2 = (Parameters *) 0x29
------
The value 0x29 is invalid for a Parameters pointer. Going up the stack, this bad pointer seems to have come from FuncCandidateWalker::fp(), which is trying to coerce f->type into a TypeFunction*, but it's actually a pointer to TypeError. Now, going to investigate how it got to this point without a valid TypeFunction object...
Comment #2 by k.hara.pg — 2014-09-13T08:38:29Z
(In reply to hsteoh from comment #1)
[snip]
>
> The value 0x29 is invalid for a Parameters pointer. Going up the stack, this
> bad pointer seems to have come from FuncCandidateWalker::fp(), which is
> trying to coerce f->type into a TypeFunction*, but it's actually a pointer
> to TypeError. Now, going to investigate how it got to this point without a
> valid TypeFunction object...
Good analysis!
https://github.com/D-Programming-Language/dmd/pull/3983
Comment #3 by github-bugzilla — 2014-09-14T05:46:13Z