Bug 8832 – Segfault when accessing range returned by function that has delegate referencing local variables

import std.algorithm; import std.range; import std.stdio; auto boo() { auto C = [2]; return [1,1].map!((a) => C).joiner; } void main() { writeln(boo().take(12)); } This code will either segfault or produce nonsensical output. Replacing (a)=>C with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the problem go away, and removing .joiner also makes the problem go away. Removing the .map makes the problem go away too. The problem is suspected to be the delegate (a)=>C which references the local variable C, which goes out of scope when boo() returns. For whatever reason, dmd isn't emitting code to allocate the delegate's context on the heap, causing a crash when writeln() tries to read the second element off the range. (I'm not sure why it doesn't crash with the first element. Maybe luck.) Replacing the delegate with function(a)=>[1] makes the problem go away.

See also issue 7978, probably the same bug in a different context.

I think I may have figured out the cause of this bug. If boo() is modified as follows: auto boo() { auto C = [2]; auto d = delegate(int) => C; return [1,1].map!d.joiner; } then everything works. Seems to me that the compiler is failing to pick up the reference to C *when the delegate is defined inside the compile-time parameter* to map. Hopefully this helps narrow it down enough to find the problem in the dmd code.

(In reply to comment #0) > import std.algorithm; > import std.range; > import std.stdio; > > auto boo() { > auto C = [2]; > return [1,1].map!((a) => C).joiner; > } > > void main() { > writeln(boo().take(12)); > } > > This code will either segfault or produce nonsensical output. Replacing (a)=>C > with (a)=>[2] makes the problem go away; shortening [1,1] to [1] also makes the > problem go away, and removing .joiner also makes the problem go away. Removing > the .map makes the problem go away too. > > The problem is suspected to be the delegate (a)=>C which references the local > variable C, which goes out of scope when boo() returns. For whatever reason, > dmd isn't emitting code to allocate the delegate's context on the heap, causing > a crash when writeln() tries to read the second element off the range. (I'm not > sure why it doesn't crash with the first element. Maybe luck.) > > Replacing the delegate with function(a)=>[1] makes the problem go away. The problem is in erroneous treating (a) => C of type void. If this is fixed to: - delegate(int a) { return C; } - (int a) { return C; ) - (int a) => C; everything works fine.

A clearer test case: import std.algorithm; import std.range; import std.stdio; auto boo() { auto C = [2]; auto bar(int) { return C; } return [1,1].map!(bar).joiner; } void main() { writeln(boo().take(12)); } The problem is that joiner!(MapResult!(bar,int[])) is not recognized as a 'local' template instantiation, even though MapResult!(bar,int[]) is marked as local. Hence, boo() is not marked as needing a closure (case (4) in FuncDeclaration::needsClosure()). The fix listed for Issue 8863 correctly fixes this one. But there are other problems with that fix, as listed in 8863.

Interestingly, Don's fix: https://github.com/D-Programming-Language/dmd/pull/1554 fixes my clearer test case, but not the original.

Commits pushed to master at https://github.com/D-Programming-Language/dmd https://github.com/D-Programming-Language/dmd/commit/63bba9d02ad4ff783c10c543c2c9ea4e91248873 fix Issue 8832 - Segfault when accessing range returned by function that has delegate referencing local variables https://github.com/D-Programming-Language/dmd/commit/fe7583317aefdc63e5dc233a627296c5df5594e3 Merge pull request #1575 from WalterBright/b43 fix Issue 8832 - Segfault when accessing range returned by function that...