Bug 3769 – Regression: Segfault(constfold.c) array literals and case statements

This code was correctly rejected in DMD1.010, but segfaults in 1.020 and later, including 1.056. I'm intentionally not marking it as regression since it is ancient and cannot exist in old code. Although this test case is D1 only, there are related bugs in D2. ------- const int[ 19 ] buggy_3763 = [ 2 ]; void bugzilla3763() { switch(2) { case buggy_3763[1]: } }

This is a terrible one. It only happens when DMD is compiled with the optimizer on, so it doesn't happen in the debug version of DMD. It's crashing inside constfold.c Index(), around line 1206; it's called from IndexExp::optimize() The code is: else if (e1->op == TOKarrayliteral && !e1->checkSideEffect(2)) { ArrayLiteralExp *ale = (ArrayLiteralExp *)e1; e = (Expression *)ale->elements->data[i]; e->type = type; } It crashes on the first mention of ale->elements. I wonder if this could be a DMC bug?

The root cause is in init.c, Expression *ArrayInitializer::toExpression(), around line 439. The Expressions array which holds all of the members of the array literal, does not get initialized. But the later part of this function assumes that all of the entries are null. Here's a patch which fixes it: elements = new Expressions(); elements->setDim(edim); + elements->zero(); for (size_t i = 0, j = 0; i < value.dim; i++, j++) { if (index.data[i]) j = ((Expression *)index.data[i])->toInteger(); BUT... this kind of bug is ridiculous, IMHO. I think in root/array.c, void Array::reserve(unsigned nentries) should be initializing the data it gets from realloc. I bet this isn't the only place in the compiler where this landmine is waiting. Absolutely horrid.

Better test case, works for both D1 and D2: --- const char[][ 89 ] ENUM_NAME = [ 1:"N0" ]; void bug3769() { switch(`Hi`.dup) { case ENUM_NAME[1]: } } ----

Changeset 372

(In reply to comment #4) > Changeset 372 http://www.dsource.org/projects/dmd/changeset/372

Fixed dmd 1.057 and 2.041