Crash in shape code during tag comparison

[brson]

The second comparison crashes. Probably due to weird alignment.

tag modlist = [int];                                                                                                                                                          

fn main() {                                                                                                                                                                   
    let ml = modlist([]);                                                                                                                                                     
    assert ml == modlist([]);                                                                                                                                                 
    assert ml == modlist([]);                                                                                                                                                 
}   

==27842== Thread 2:
==27842== Invalid read of size 8
==27842==    at 0x50FA892: shape::ctxt<shape::data<shape::cmp, shape::ptr_pair> >::walk_vec0() (rust_shape.h:964)
==27842==    by 0x50FA084: shape::ctxt<shape::data<shape::cmp, shape::ptr_pair> >::walk() (rust_shape.h:372)
==27842==    by 0x50F6879: shape::cmp::walk_variant2(shape::tag_info&, unsigned long, std::pair<unsigned char const*, unsigned char const*>) (rust_shape.cpp:423)
==27842==    by 0x50F6914: shape::cmp::walk_tag2(shape::tag_info&, shape::data_pair<unsigned long> const&) (rust_shape.h:955)
==27842==    by 0x50F98E5: shape::data<shape::cmp, shape::ptr_pair>::walk_tag1(shape::tag_info&) (rust_shape.h:993)
==27842==    by 0x50F9A8C: shape::ctxt<shape::data<shape::cmp, shape::ptr_pair> >::walk_tag0() (rust_shape.h:468)
==27842==    by 0x50F9F6C: shape::ctxt<shape::data<shape::cmp, shape::ptr_pair> >::walk() (rust_shape.h:373)
==27842==    by 0x50F6732: shape_cmp_type (rust_shape.cpp:542)
==27842==    by 0x5101E48: ??? (in /home/brian/dev/rust/build/x86_64-unknown-linux-gnu/stage1/lib/rustc/x86_64-unknown-linux-gnu/lib/librustrt.so)
==27842==    by 0x64A06AF: ???
==27842==    by 0x64A5FEF: ???
==27842==    by 0x533482F: ??? (in /home/brian/dev/rust/build/x86_64-unknown-linux-gnu/stage1/lib/rustc/x86_64-unknown-linux-gnu/lib/librustrt.so)
==27842==  Address 0x100000000064ac1 is not stack'd, malloc'd or (recently) free'd

[brson]

See also #792

[nikomatsakis]

I have a branch addressing this issue, but it's not quite ready to be merged in. I think it's important to fix it soon though.

[nikomatsakis]

Specifically what happens:

• Tag data is never aligned right now.
• The shape code assumes correct alignment.
• So, when walking a tag, shape will sometimes erroneously align (for example when the variant data contains a ptr).

The problem here is that the shape code is doing the right thing, really. And it's somewhat tricky to accurately model the behavior of the compiled code, I believe, which does do alignment with the tag variant data, but because the variant data block as a whole is not aligned, this alignment is off. The shape could have to be significantly altered to model this (incorrect) behavior.

[nikomatsakis]

@kevina this is what is causing your comment d11babe to crash and misbehave. (actually, you also need to fix up the shape code to expect a 32-bit discr, but once you do that (I'll send you the patch...) you will start seeing this problem)

[nikomatsakis]

closing as a "duplicate", or at least "symptom", of #1645