httpserver example sigsegv in ponyint_gc_release on master

[BlackYoup]

Hello,

I've been playing with pony those last days, it's fun! I took a look at the httpserver example and it crashes (sigsegv) when I use the master branch. It doesn't crash using release 0.21.3. I couldn't find any similar issue, sorry if that's a duplicate.

Trigger the bug

I used https://github.com/ponylang/ponyc/blob/master/examples/httpserver/httpserver.pony and executed the program without arguments: ./httpserver. I then made a request using curl http://127.0.0.1:50000 and the sigsegv happens.

SIGSEGV

gdb backtrace (I don't have a working lldb for now)

Thread 3 "httpserver" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffe600e700 (LWP 9843)]
0x000000000046e141 in ponyint_gc_release (gc=0x7fffe5002ca8, aref=0x7fffe5000b00) at src/libponyrt/gc/gc.c:683
(gdb) bt
#0  0x000000000046e141 in ponyint_gc_release (gc=0x7fffe5002ca8, aref=0x7fffe5000b00) at src/libponyrt/gc/gc.c:683
#1  0x000000000046384a in handle_message (ctx=0x7ffff680f048, actor=0x7fffe5002c00, msg=0x7fffe4ff65c0)
    at src/libponyrt/actor/actor.c:107
#2  0x0000000000463adf in ponyint_actor_run (ctx=0x7ffff680f048, actor=0x7fffe5002c00, batch=100) at src/libponyrt/actor/actor.c:226
#3  0x00000000004704ea in run (sched=0x7ffff680f000) at src/libponyrt/sched/scheduler.c:799
#4  0x00000000004705be in run_thread (arg=0x7ffff680f000) at src/libponyrt/sched/scheduler.c:840
#5  0x00007ffff710f52a in start_thread () from /usr/x86_64-pc-linux-gnu/lib/libpthread.so.0
#6  0x00007ffff690581f in clone () from /usr/x86_64-pc-linux-gnu/lib/libc.so.6

Assembly: last rax equals 0x0

  0x46e134 <ponyint_gc_release+153>       call   0x477ecb <ponyint_objectmap_getobject>
  0x46e139 <ponyint_gc_release+158>       mov    QWORD PTR [rbp-0x28],rax
  0x46e13d <ponyint_gc_release+162>       mov    rax,QWORD PTR [rbp-0x28]
> 0x46e141 <ponyint_gc_release+166>       mov    rdx,QWORD PTR [rax+0x8]

The problem seems to be here:
https://github.com/ponylang/ponyc/blob/98bbbbb579a86fce62ed68c3167c6ccdd07e0c1e/src/libponyrt/gc/gc.c#L681...L683

ponyint_objectmap_getobject returns a null pointer.

I made a git bisect between 98bbbbb (current master) and 0.21.3 and this commit seems to be the culprit: ff24b91 (#2557)

Additional information

System: Exherbo
ponyc:

0.21.3-98bbbbb5 [debug]
compiled with: llvm 3.9.1 -- x86_64-pc-linux-gnu-gcc (GCC) 6.4.0
Defaults: pic=false ssl=openssl_0.9.0

Let me know if there is something missing or if I can help you more with this issue :)

[Praetonus]

Hi @BlackYoup. Could you try with the following diff?

diff --git i/src/libponyc/codegen/genfun.c w/src/libponyc/codegen/genfun.c
index 5aa9bb864..0fca75757 100644
--- i/src/libponyc/codegen/genfun.c
+++ w/src/libponyc/codegen/genfun.c
@@ -368,7 +368,7 @@ static void add_dispatch_case(compile_t* c, reach_type_t* t,
 
   for(size_t i = 0; i < count - 1; i++)
   {
-    if(gentrace_needed(c, params[i].type->ast_cap, params[i].type->ast_cap))
+    if(gentrace_needed(c, params[i].ast, params[i].ast))
     {
       need_trace = true;
       break;
@@ -380,10 +380,7 @@ static void add_dispatch_case(compile_t* c, reach_type_t* t,
     gencall_runtime(c, "pony_gc_recv", &ctx, 1, "");
 
     for(size_t i = 1; i < count; i++)
-    {
-      gentrace(c, ctx, args[i], args[i], params[i - 1].type->ast_cap,
-        params[i - 1].type->ast_cap);
-    }
+      gentrace(c, ctx, args[i], args[i], params[i - 1].ast, params[i - 1].ast);
 
     gencall_runtime(c, "pony_recv_done", &ctx, 1, "");
   }

[BlackYoup]

This patch indeed fixes the problem because I can't reproduce it since c2c4f5f :)