Beta segfault regression

[alexcrichton]

Running this code in either release or debug mode will yield a segfault:

#[derive(Debug)]
pub struct Binding {
    action: Action,
    mode: u32,
}

#[derive(Debug)]
pub enum Action {
    Esc(&'static str),
    Paste,
    Char(char)
}

static V_BINDINGS: &'static [Binding] = &[
    Binding { action: Action::Paste, mode: 0 },
    Binding { action: Action::Char('v'), mode: 1 },
];

fn main() {
    println!("{:?}", V_BINDINGS);
}

It looks like this also runs successfully on stable, just failing on beta/nightly

cc @jwilm

[TimNN]

This looks very similar to #36401.

[TimNN]

This was introduced between nightly-2016-09-22 and nightly-2016-09-27 (Changes).

I'm no llvm ir expert, however I believe the following excerpts show the problem:

; GOOD
%Binding = type { %Action, i8 }
%Action = type { i8, [7 x i8], [2 x i64] }

@_ZN5newsf10V_BINDINGS17h3669347bdb3d8fc8E = internal constant { %Binding*, i64 } { %Binding* bitcast ({
    { { i8, [23 x i8] }, i8, [7 x i8] },
    { { i8, [23 x i8] }, i8, [7 x i8] }
}* @ref8290 to %Binding*), i64 2 }, align 8


; BAD
%Binding = type { %Action, i8 }
%Action = type { i32, [1 x i32], [2 x i64] }

@_ZN5newsf10V_BINDINGS17h490c5b52b95657e8E = internal constant { %Binding*, i64 } { %Binding* bitcast ({
    { { i32, [20 x i8] }, i8 },
    { { i32, [20 x i8] }, i8 }
}* @ref8293 to %Binding*), i64 2 }, align 8

The definition in the BAD case is missing the [7 x i8] padding between the slice elements.

Edit: Note that this ir was obtained from a slightly modified code, the V_BINDINGS definition was changed to

static V_BINDINGS: &'static [Binding] = &[
    Binding { action: Action::Paste, mode: 0 },
    Binding { action: Action::Paste, mode: 1 },
];

And the struct changed to

pub struct Binding {
    action: Action,
    mode: u8, // <-- Change is here
}

Also, some manually edited Debug impl's revealed that (in the modified case) the first Binding is correctly handled as a Paste, however the second is Esc (which then leads to the segfault when trying read the string literal from an invalid address.

[TimNN]

The following code reproduces the problem without the segfault:

#![feature(core_intrinsics)]

use std::{mem, intrinsics};

pub struct Binding {
    action: Action,
    mode: u8,
}

pub enum Action {
    Esc(i64),
    Char(u32),
    Paste,
}

static V_BINDINGS: &'static [Binding] = &[
    Binding { action: Action::Paste, mode: 0xff },
    Binding { action: Action::Paste, mode: 0xff },
];

fn main() {
    let first = unsafe { intrinsics::discriminant_value(&V_BINDINGS[0].action) };
    let second = unsafe { intrinsics::discriminant_value(&V_BINDINGS[1].action) };

    // Edit: added the next three asserts.
    assert_eq!(mem::size_of::<Action>(), 16);
    assert_eq!(mem::size_of::<Binding>(), 24);
    assert_eq!(&V_BINDINGS[1] as *const _ as usize - &V_BINDINGS[0] as *const _ as usize, 24); 

    // Edit: added hexdump
    let start = &V_BINDINGS[0] as *const _ as *const u8;
    for i in 0 .. 48 {
        print!("{:02X} ", unsafe { *start.offset(i) });
        if i % 24 == 23 { println!(""); }
    }

    assert_eq!(first, 2);
    assert_eq!(second, 2); // <-- This fails
}

The expected hexdump would be (from the working nightly):

02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00
02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 00 00 00 00

The actual hexdump is:

02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 02 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 FF 00 00 00 73 65 67 32 2E 72 73 00

[brson]

Waiting on backport.

[TimNN]

Reopened because this still affects beta.

[alexcrichton]

Backported in #37344, so closing.