Skip to content

SIGTRAP in drop glue when slice literal initialization panics #30018

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
sfackler opened this issue Nov 24, 2015 · 8 comments · Fixed by #30823
Closed

SIGTRAP in drop glue when slice literal initialization panics #30018

sfackler opened this issue Nov 24, 2015 · 8 comments · Fixed by #30823
Assignees
@pnkfelix
Labels
I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@sfackler
Copy link
Member 

struct Foo;

impl Drop for Foo {
    fn drop(&mut self) {}
}

fn foo() -> Foo {
    panic!();
}

fn main() {
    let _ = &[foo()];
}

Backtrace:

* thread #1: tid = 0x9916e, 0x0000000100000deb test`Foo::drop.2547::ha10a92966c711a1c + 43, queue = 'com.apple.main-thread', stop reason = EXC_BREAKPOINT (code=EXC_I386_BPT, subcode=0x0)
  * frame #0: 0x0000000100000deb test`Foo::drop.2547::ha10a92966c711a1c + 43
    frame #1: 0x0000000100000da1 test`_$u5b$Foo$u3b$$u20$1$u5d$::drop.2545::h30bf5c7af770ce1a + 49
    frame #2: 0x0000000100000d6c test`main::h49ea8f6746b41e81Raa + 92
    frame #3: 0x0000000100006493 test`sys_common::unwind::try::try_fn::h8880715059644542985 + 35
    frame #4: 0x00000001000040a9 test`__rust_try + 9
    frame #5: 0x000000010000631c test`rt::lang_start::hf0f318bf9acb9103hUw + 540
    frame #6: 0x0000000100000e7a test`main + 42
    frame #7: 0x00007fff8e9185ad libdyld.dylib`start + 1
@sfackler sfackler added the I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. label Nov 24, 2015
@sfackler
Copy link
Member Author

Popped up in broken tests in one of my crates: kornelski/rust-security-framework@8ab48c2

@alexcrichton
Copy link
Member

triage: I-nominated

probably good to have crashes like this categorized at least

@alexcrichton alexcrichton added T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. and removed I-nominated labels Nov 25, 2015
@sfackler
Copy link
Member Author

It does appear to have been present since 1.0 at least, BTW.

@sfackler
Copy link
Member Author

@alexcrichton added back I-nominated, assuming that the removal was unintentional.

@nikomatsakis
Copy link
Contributor

@pnkfelix notes that this is likely a debug flag, and probably only occurs if debug assertions are enabled.

@nikomatsakis
Copy link
Contributor

triage: P-medium

@sfackler
Copy link
Member Author

sfackler commented Dec 3, 2015

Yeah, when compiling with optimizations, it won't hit this signal but continues on and behavior depends on the specific case. The minimized example exits without issue, but the test case I had in my crate segfaults.

@sfackler sfackler added P-medium Medium priority and removed I-nominated labels Dec 6, 2015
@pnkfelix pnkfelix self-assigned this Jan 11, 2016
@pnkfelix
Copy link
Member

I think I know why this happens; it is probably related to how somewhat sloppy handling of the drop flags on scratch/temporary values in other contexts (see e.g. #30530).

@pnkfelix pnkfelix mentioned this issue Jan 11, 2016
Closed
@pnkfelix pnkfelix mentioned this issue Jan 11, 2016
Merged
pnkfelix added a commit to pnkfelix/rust that referenced this issue Jan 13, 2016
@pnkfelix
Unit/regression tests for issues rust-lang#29092, rust-lang#30018, ru…
df1283c 
…st-lang#30530, rust-lang#30822.

Note that the test for rust-lang#30822 is folded into the test for rust-lang#30530 (but
the file name mentions only 30530).
Manishearth added a commit to Manishearth/rust that referenced this issue Jan 14, 2016
@Manishearth
Rollup merge of rust-lang#30823 - pnkfelix:put-back-alloca-zeroing-fo…
9036c82 
…r-issue-30530, r=dotdash

Put back alloca zeroing for issues rust-lang#29092, rust-lang#30018, rust-lang#30530; inject zeroing for rust-lang#30822.

----

Background context: `fn alloca_zeroed` was removed in PR rust-lang#22969, so we haven't been "zero'ing" (\*) the alloca's since at least that point, but the logic behind that PR seems sound, so its not entirely obvious how *long* the underlying bug has actually been present.  In other words, I have not yet done a survey to see when the new `alloc_ty` and `lvalue_scratch_datum` calls were introduced that should have had "zero'ing" the alloca's.

----

I first fixed rust-lang#30018, then decided to do a survey of `alloc_ty` calls to see if they needed similar treatment, which quickly led to a rediscovery of rust-lang#30530.

While making the regression test for the latter, I discovered rust-lang#30822, which is a slightly different bug (in terms of where the "zero'ing" needs to go), but still relevant.

I haven't finished the aforementioned survey of `fn alloc_ty` calls, but I decided I wanted to get this up for review in its current state (namely to see if my attempt to force developers to include a justification for passing `Uninit` can possibly fly, or if I should abandon that path of action).

----

(*): I am putting quotation marks around "zero'ing" because we no longer use zero as our "dropped" marker value.

Fix rust-lang#29092
Fix rust-lang#30018
Fix rust-lang#30530
Fix rust-lang#30822
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@pnkfelix pnkfelix

Labels
I-crash Issue: The compiler crashes (SIGSEGV, SIGABRT, etc). Use I-ICE instead when the compiler panics. P-medium Medium priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Put back zeroing; issues 29092, 30018, 30530, 30822 pnkfelix/rust
5 participants
@alexcrichton @nikomatsakis @pnkfelix @sfackler @rust-highfive