[Issue 10970] Segfault in a simple test compiled without -g.

d-bugmail at puremagic.com d-bugmail at puremagic.com
Fri Sep 6 16:56:47 PDT 2013


http://d.puremagic.com/issues/show_bug.cgi?id=10970



--- Comment #10 from hsteoh at quickfur.ath.cx 2013-09-06 16:56:43 PDT ---
(In reply to comment #6)
[...]
> In just this little snippet, there are *all* kinds of wrong:
> 1. insertion: when inserting a new item, CC ("this(this)") is never called for
> some strange reason. Furthermore, destruction happens *twice* (again, for some
> strange reason).
> 2. removal: Where's the destructor?
[...]

Ugh. I looked at the code, and it's just one big ugly mess.

For starters, _aaGetX, which implements "aa[key] = value", takes only a *size*
parameter to the value to be stored. If the Slot for that key doesn't already
exist, it creates one for it, and then proceeds to memset the value part of the
Slot to binary zero. So already, we have a problem: now there's a Slot for
which the value isn't properly initialized (e.g., if the value type has a
non-trivial ctor that sets things up).

Next, when you call remove(), it ultimately goes to _aaDelX, which calls
GC.free on the Slot, which, according to the docs, explicitly does NOT finalize
the block. So, the key and value originally in that slot, if they have dtors,
won't have their dtors called.

To top things off, I added writeln's before and after inserting the element
into the AA, and discovered that the ctor call and BOTH of the dtor calls
happen *during insertion into the AA*. So it looks like after _aaGetX created
an invalid instance of S (bypassing the ctor), the compiler is attempting to
perform an assignment to it from a temporary copy of S it created from the RHS
of the statement. Since the compiler believes (wrongly) that the AA Slot
already contains a value of type S, it calls S's dtor in order to delete the
old value, then copies the new value into it. Afterwards, it destructs the
temporary copy of S (so this accounts for the 1 ctor call and 2 dtor calls).
But here, the mess is topped off with yet another bug: the postblit isn't being
called after this assignment!!

Ugh! This code is an embarrassment!! Makes me want to fork dmd, rip out every
last bit of the existing AA implementation, and redo it from scratch. It'll
probably be easier than trying to sort out this rabbit warren of AA bugs.

-- 
Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email
------- You are receiving this mail because: -------


More information about the Digitalmars-d-bugs mailing list