-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Segfault in an unconditional drop call after a match #30530
Comments
It looks like |
Seems like a case where we failed to initialize the temporary storage slot to 0, even though it is only conditionally initialized. cc @pnkfelix |
Looks like it might be the same problem as #29092 |
triage: P-high |
Yes, this looks right. In particular, the code in trans is structured in a somewhat misleading way: there's this The problem, I think, is that there is no guarantee that the populate call will dominates the cleanup code generated at the end of the scope. The I'm not completely sure the best way to fix this quickly. My current plan is to try to inject initialization code (for types that need the drop flag) that will run right after the Update: (not sure if the above hypothesis is 100% right; I'm reviewing the logic from |
oh: mod build { ... fn Alloca(cx, ty, name) -> ValueRef { AllocaFcx(cx.fcx, ty, name) } ... } |
@pnkfelix Yeah, we put all the allocas at the top of the entry BB. Doing otherwise results in dynamic stack manipulation which isn't the best in LLVM (IIRC you can stack overflow by having an alloca in a loop - presumably missing a |
@eddyb right, its actually perfectly sensible; I just worry (or worried) that some people may have the wrong impression based on the function signature(s). |
…st-lang#30530, rust-lang#30822. Note that the test for rust-lang#30822 is folded into the test for rust-lang#30530 (but the file name mentions only 30530).
…r-issue-30530, r=dotdash Put back alloca zeroing for issues rust-lang#29092, rust-lang#30018, rust-lang#30530; inject zeroing for rust-lang#30822. ---- Background context: `fn alloca_zeroed` was removed in PR rust-lang#22969, so we haven't been "zero'ing" (\*) the alloca's since at least that point, but the logic behind that PR seems sound, so its not entirely obvious how *long* the underlying bug has actually been present. In other words, I have not yet done a survey to see when the new `alloc_ty` and `lvalue_scratch_datum` calls were introduced that should have had "zero'ing" the alloca's. ---- I first fixed rust-lang#30018, then decided to do a survey of `alloc_ty` calls to see if they needed similar treatment, which quickly led to a rediscovery of rust-lang#30530. While making the regression test for the latter, I discovered rust-lang#30822, which is a slightly different bug (in terms of where the "zero'ing" needs to go), but still relevant. I haven't finished the aforementioned survey of `fn alloc_ty` calls, but I decided I wanted to get this up for review in its current state (namely to see if my attempt to force developers to include a justification for passing `Uninit` can possibly fly, or if I should abandon that path of action). ---- (*): I am putting quotation marks around "zero'ing" because we no longer use zero as our "dropped" marker value. Fix rust-lang#29092 Fix rust-lang#30018 Fix rust-lang#30530 Fix rust-lang#30822
…enkov Remove completed FIXME. rust-lang#30530
This code will segfault running drop glue for
Box<Box<Fn()>>
, even though a value of that type is not actually created.Interestingly, it exits successfully if the second match body is wrapped in a block.
The text was updated successfully, but these errors were encountered: