Opened 4 months ago

Closed 3 months ago

#1689 closed defect (fixed)

Segfault when calling the procedure bound in a named let with wrong number of arguments

Reported by: Mario Domenech Goulart Owned by:
Priority: major Milestone: 5.3
Component: compiler Version: 5.2.0
Keywords: segfault, named let Cc:
Estimated difficulty: medium

Description

Just stumbled upon the case below. Compiling the code with -O0 leads to a binary that crashes. The compiler reports an error with optimization levels greater than 0.

$ cat segfault.scm
(let loop ((lst '((1 1))) (x 0))
  (if (null? lst)
      x
      (if (< (caar lst) x)
          x
          (loop (cdr lst)))))

$ ~/local/chicken-5.2.0/bin/csc -O0 segfault.scm && ./segfault

Error: segmentation violation

        Call history:

        segfault.scm:2: scheme#null?
        segfault.scm:4: scheme#caar
        segfault.scm:4: scheme#<
        segfault.scm:6: scheme#cdr
        segfault.scm:6: loop            <--

Interesting that this only happens with -O0:

$ ~/local/chicken-5.2.0/bin/csc -O0 segfault.scm ; echo $?
0

$ ~/local/chicken-5.2.0/bin/csc -O1 segfault.scm ; echo $?

Error: known procedure called recursively with wrong number of arguments: `loop9'

Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 1
1

$ ~/local/chicken-5.2.0/bin/csc -O2 segfault.scm ; echo $?

Error: known procedure called recursively with wrong number of arguments: `loop9'

Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 2
1

$ ~/local/chicken-5.2.0/bin/csc -O3 segfault.scm ; echo $?

Error: known procedure called recursively with wrong number of arguments: `loop9'

Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 3
1

$ ~/local/chicken-5.2.0/bin/csc -O4 segfault.scm ; echo $?

Error: known procedure called recursively with wrong number of arguments: `loop9'

Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 4
1

$ ~/local/chicken-5.2.0/bin/csc -O5 segfault.scm ; echo $?

Error: known procedure called recursively with wrong number of arguments: `loop9'

Error: shell command terminated with non-zero exit status 256: '/home/mario/local/chicken-5.2.0/bin/chicken' 'segfault.scm' -output-file 'segfault.c' -optimize-level 5
1

Info on the environment:

$ ~/local/chicken-5.2.0/bin/csc -version
CHICKEN
(c) 2008-2020, The CHICKEN Team
(c) 2000-2007, Felix L. Winkelmann
Version 5.2.0 (rev 317468e4)
linux-unix-gnu-x86-64 [ 64bit dload ptables ]

$ ~/local/chicken-5.2.0/bin/csc -cc-name
'gcc'

$ gcc --version
gcc (Debian 6.3.0-18+deb9u1) 6.3.0 20170516
Copyright (C) 2016 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Change History (3)

comment:1 Changed 3 months ago by felix winkelmann

Normally (with optimization), these cases are caught at compile-time and for local known calls, an argc-check is generally omitted. I'm not sure how to fix this, since the necessary check is done in the optimizer. Perhaps we can lift or reimplement the check in the first passes of the analysis phase.

comment:2 Changed 3 months ago by felix winkelmann

Estimated difficulty: medium

comment:3 Changed 3 months ago by sjamaan

Resolution: fixed
Status: newclosed

Fixed with 877ddd9e7df963653ccc29c83bed12a9fa7cf045

Note: See TracTickets for help on using tickets.