Segmentation fault on updating a Ref

[Tac-Tics]

This code causes a segmentation fault.

main () = do
  r = Ref 0
  r #= 1
  Ref x = r
  println (show x)

The behavior I expected was to see "1" printed to standard output.

[Tac-Tics]

Here is the stack trace of the program at the point of the crash in GDB.

#0  0xb7fd8889 in primRefUpdate ()
   from /data/projects/haskell/ddc/runtime/libddc-runtime.so
#1  0x0806618e in Main_main ()
#2  0xb7fd09f5 in _apply1 ()
   from /data/projects/haskell/ddc/runtime/libddc-runtime.so
#3  0x0804c83d in _topHandle_vCL1 ()
#4  0xb7fd0a0a in _apply1 ()
   from /data/projects/haskell/ddc/runtime/libddc-runtime.so
#5  0xb7fd9592 in primException_try ()
   from /data/projects/haskell/ddc/runtime/libddc-runtime.so
#6  0x0804cc95 in Control_Exception_topHandle ()
#7  0x080663b4 in main ()

[Tac-Tics]

It appears to be the update, not the dereference that causes the segfault.

The problem can be distilled to a one-liner:

main () = Ref 0 #= 1

[Tac-Tics]

The problem was that the Ref object was assumed to be a DataM*, which is not always valid. When you instantiate a Ref object directly, such as "r = Ref 0", the reference is actually created as a Data*. Trying to access a Ref as a DataM* when it is actually a Data* caused the update function to access memory outside of the struct, leading to the segfault.

I'm guessing the reason this wasn't caught earlier was that none of the tests directly instantiate a Ref, instead, always relying on a pullback projection (foo#bar) to create one implicitly.