← Back to index | Original Bugzilla link

Bug 15840 – std.typecons.RefCounted segfaults when checking isInitialized, then segfaults GDB

Status
RESOLVED
Resolution
WONTFIX
Severity
major
Priority
P1
Component
phobos
Product
D
Version
D2
Platform
x86_64
OS
Linux
Creation time
2016-03-27T21:26:00Z
Last change time
2016-03-29T06:08:55Z
Assigned to
nobody
Creator
dlang

Comments

Comment #0 by dlang — 2016-03-27T21:26:13Z
I was using d2sqlite3, which uses RefCounted to manage cleanup of all the prepared statements, and it... started segfaulting. It's very consistent now, though I honestly can't rule out memory corruption from somewhere else that has nothing to do with this code. But, it also might be some edge case nobody's run into before. Basically, I call stmt.inject(), which tries to assert that p.handle (a C pointer) is not NULL (and it's not NULL, as far as I can tell). Since p is RefCounted, p.handle invokes RefCounted.refCountedPayload() presumably to get the object that has .handle, and inside refCountedPayload() there is a sanity check for if the reference counting thingy has been initialized. So "return (_store !is null)" pretty much. That causes a segmentation fault. When in gdb, after that error I do $ p _store then gdb itself segfaults, and silently dies. I instrumented all the destructors to make sure, and nothing is being used after getting destroyed. Since RefCounted was ostensibly being used to allow blit copying, I also put @disable this(this) in the structures in d2sqlite3, and dealt with that logistics nightmare, and I still get a segmentation fault. The segfault is not happening during program shut down, but inside a normal statement, beneath the main function. The only thing I can think is that RefCounted is somehow the problem. I'm using the latest DMD, and phobos, and druntime (as of earlier today), as well as the latest GDB. DMD is compiled without DEBUG=1, and both phobos and druntime are compiled with BUILD=debug. And otherwise it's the default "dub" configuration.
Comment #1 by dlang — 2016-03-27T21:33:39Z
I should add that even when not crashing, whenever I p _store of any RefCounted, gdb segfaults and silently dies. So that's actually probably not part of the problem, but just gdb unable to handle whatever RefCounted is doing.
Comment #2 by dlang — 2016-03-29T06:08:55Z
Neh, there was a null pointer dereference not being caught, that ended up causing this problem. Accessing garbage data cast to a RefCounted.