Opened 5 years ago
Closed 5 years ago
#1689 closed defect (fixed)
Segfault when calling the procedure bound in a named let with wrong number of arguments
| Reported by: | Mario Domenech Goulart | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | 5.3 |
| Component: | compiler | Version: | 5.2.0 |
| Keywords: | segfault, named let | Cc: | |
| Estimated difficulty: | medium |
Description
Just stumbled upon the case below. Compiling the code with -O0 leads to a binary that crashes. The compiler reports an error with optimization levels greater than 0.
$ cat segfault.scm
(let loop ((lst '((1 1))) (x 0))
(if (null? lst)
x
(if (< (caar lst) x)
x
(loop (cdr lst)))))
$ ~/local/chicken-5.2.0/bin/csc -O0 segfault.scm && ./segfault
Error: segmentation violation
Call history:
segfault.scm:2: scheme#null?
segfault.scm:4: scheme#caar
segfault.scm:4: scheme#<
segfault.scm:6: scheme#cdr
segfault.scm:6: loop <--
Interesting that this only happens with -O0:
$ ~/local/chicken-5.2.0/bin/csc -O0 segfault.scm ; echo $? 0 $ ~/local/chicken-5.2.0/bin/csc -O1 segfault.scm ; echo $? Error: known procedure called recursively with wrong number of arguments: `loop9' Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 1 1 $ ~/local/chicken-5.2.0/bin/csc -O2 segfault.scm ; echo $? Error: known procedure called recursively with wrong number of arguments: `loop9' Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 2 1 $ ~/local/chicken-5.2.0/bin/csc -O3 segfault.scm ; echo $? Error: known procedure called recursively with wrong number of arguments: `loop9' Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 3 1 $ ~/local/chicken-5.2.0/bin/csc -O4 segfault.scm ; echo $? Error: known procedure called recursively with wrong number of arguments: `loop9' Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 4 1 $ ~/local/chicken-5.2.0/bin/csc -O5 segfault.scm ; echo $? Error: known procedure called recursively with wrong number of arguments: `loop9' Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 5 1
Info on the environment:
$ ~/local/chicken-5.2.0/bin/csc -version CHICKEN (c) 2008-2020, The CHICKEN Team (c) 2000-2007, Felix L. Winkelmann Version 5.2.0 (rev 317468e4) linux-unix-gnu-x86-64 [ 64bit dload ptables ] $ ~/local/chicken-5.2.0/bin/csc -cc-name 'gcc' $ gcc --version gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516 Copyright (C) 2016 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Change History (3)
comment:1 Changed 5 years ago by
comment:2 Changed 5 years ago by
| Estimated difficulty: | → medium |
|---|
comment:3 Changed 5 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Fixed with 877ddd9e7df963653ccc29c83bed12a9fa7cf045
Note: See
TracTickets for help on using
tickets.
Normally (with optimization), these cases are caught at compile-time and for local known calls, an argc-check is generally omitted. I'm not sure how to fix this, since the necessary check is done in the optimizer. Perhaps we can lift or reimplement the check in the first passes of the analysis phase.