#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by RyanGlScott): * status: new => infoneeded Comment: For whatever reason, I'm not able to reproduce this on either my Ubuntu 14.04 or 17.04 machines with GHC 8.2.1. I'm doing this: {{{ $ ghc -fforce-recomp -threaded bug.c Bug.hs [1 of 1] Compiling Main ( Bug.hs, Bug.o ) Linking Bug ... $ ./Bug }}} It then proceeds to run forever (AFAICT) without hitting any `value mistmatch`es or segfaults. Some questions: 1. What operating system are you using? 2. How can I reproduce this issue //with just GHC//? Please, no instructions involving fancy build tools like `stack`, since if this really is a GHC bug, one should be able to trigger the issue with just GHC. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by andrewchen): I am running arch linux x64 on a i5-4200U laptop. I'm able to reproduce with just the system ghc: {{{ ghc Main.hs test.c -threaded -O1 -fforce-recomp [1 of 1] Compiling Main ( Main.hs, Main.o ) Linking Main ... }}} For me the program fails within seconds: {{{ $ time ./Main value mismatch value mismatch value mismatch value mismatch zsh: segmentation fault (core dumped) ./Main ./Main 2.19s user 0.20s system 67% cpu 3.553 total }}} I'm also able to reproduce the issue in a fedora virtual machine on the same physical machine using ghc 8.2.1 binaries downloaded from haskell.org. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by andrewchen): Also, I forgot to add, the bug does not occur when compiled with debug symbols (-g). -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:5 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by RyanGlScott): Somewhat to my surprise, this regression was introduced in 8d5cf8bf584fd4849917c29d82dcf46ee75dd035 (`Join points`). -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:7 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari): I could have sworn I left a comment last night but it seems I am mistaken. Here is what I discovered while looking into this so far: The test is indeed rather environment sensitive. Moreover, as it doesn't occur under `rr` I strongly suspect it's a race of some sort. When compiled with `-debug` the eventual segmentation fault always seems to occur in `stg_putMVarzh`. Specifically here, {{{ Dump of assembler code for function stg_putMVarzh: 0x00000000004ab1b0 <+0>: cmpl $0x1,0x4f4800 0x00000000004ab1b8 <+8>: je 0x4ab35e 0x00000000004ab1be <+14>: mov $0x479e18,%eax 0x00000000004ab1c3 <+19>: mov %rbx,%rcx 0x00000000004ab1c6 <+22>: sub $0x8,%rsp 0x00000000004ab1ca <+26>: mov %rcx,%rdi 0x00000000004ab1cd <+29>: mov %rax,%rcx 0x00000000004ab1d0 <+32>: xor %eax,%eax 0x00000000004ab1d2 <+34>: callq *%rcx 0x00000000004ab1d4 <+36>: add $0x8,%rsp 0x00000000004ab1d8 <+40>: cmpq $0x4f2c30,0x18(%rbx) 0x00000000004ab1e0 <+48>: jne 0x4ab366 0x00000000004ab1e6 <+54>: mov 0x8(%rbx),%rcx 0x00000000004ab1ea <+58>: cmp $0x4f2c30,%rcx 0x00000000004ab1f1 <+65>: je 0x4ab466 0x00000000004ab1f7 <+71>: cmpq $0x4ac2f0,(%rcx) 0x00000000004ab1fe <+78>: je 0x4ab45d 0x00000000004ab204 <+84>: cmpq $0x4aca20,(%rcx) 0x00000000004ab20b <+91>: je 0x4ab45d 0x00000000004ab211 <+97>: mov 0x10(%rcx),%rdx 0x00000000004ab215 <+101>: mov 0x8(%rcx),%rsi 0x00000000004ab219 <+105>: mov %rsi,0x8(%rbx) 0x00000000004ab21d <+109>: cmpq $0x4f2c30,0x8(%rbx) 0x00000000004ab225 <+117>: jne 0x4ab22f 0x00000000004ab227 <+119>: movq $0x4f2c30,0x10(%rbx) => 0x00000000004ab22f <+127>: cmp 0x28(%rdx),%rbx 0x00000000004ab233 <+131>: je 0x4ab276 ... }}} I believe this corresponds to this bit of C--, {{{#!c ... tso = StgMVarTSOQueue_tso(q); StgMVar_head(mvar) = StgMVarTSOQueue_link(q); if (StgMVar_head(mvar) == stg_END_TSO_QUEUE_closure) { // cmpq $0x4f2c30,0x8(%rbx) StgMVar_tail(mvar) = stg_END_TSO_QUEUE_closure; // movq $0x4f2c30,0x10(%rbx) } ASSERT(StgTSO_block_info(tso) == mvar); // cmp 0x28(%rdx),%rbx ... }}} Indeed we find that, {{{

...

...

print/a $rbx $1 = 0x42000b8400 print/a $rdx $2 = 0x42deadbeef }}} Yikes!

This sounds to me like we reentered STG while forgetting to do some bit of cleanup from the foreign call. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:9 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari): Indeed the `--chaos` tip is quite helpful. Thanks! So it appears that the crazy TSO is loaded in `stg_putMVar#` on line 1737: {{{#!c ... // There are readMVar/takeMVar(s) waiting: wake up the first one tso = StgMVarTSOQueue_tso(q); // <--- here StgMVar_head(mvar) = StgMVarTSOQueue_link(q); if (StgMVar_head(mvar) == stg_END_TSO_QUEUE_closure) { StgMVar_tail(mvar) = stg_END_TSO_QUEUE_closure; } ... }}} Here `q` is `0x42000b7530` which is a fairly reasonable-looking `MVAR_TSO_QUEUE`, except with a completely wild `tso` field, {{{ 0x42000b7530: 0x4acd28 0x4f2c30 0x42000b7540: 0x42deadbeef 0x433508 }}} Indeed the last guy to write to `StgMVarTSOQueue_tso(q)` is the FFI target, `test`, {{{ Dump of assembler code for function test: => 0x00000000004044f0 <+0>: movl $0xdeadbeef,(%rdi) 0x00000000004044f6 <+6>: retq }}} where `%rdi == 0x00000042000b7540`. Let's look at the calling sequence produced by GHC, {{{#!asm _c4Rp: movq $block_c4Ru_info,-8(%rbp) # I64[Sp - 8] = c4Ru; movq %rax,(%rbp) # I64[Sp] = _s4Ok::I64; addq $-8,%rbp # Sp = Sp - 8; movq 872(%r13),%rbx # _u4RJ::P64 = CurrentTSO; movq 24(%rbx),%rcx # I64[I64[_u4RJ::P64 + 24] + 16] = Sp; movq %rbp,16(%rcx) movq 888(%r13),%rcx # _u4RK::I64 = CurrentNursery; leaq 8(%r12),%rdx # P64[_u4RK::I64 + 8] = Hp + 8; # I64[_u4RJ::P64 + 104] = I64[_u4RJ::P64 + 104] # - ((Hp + 8) - I64[_u4RK::I64]); movq %rdx,8(%rcx) leaq 8(%r12),%rdx subq (%rcx),%rdx movq 104(%rbx),%rcx subq %rdx,%rcx movq %rcx,104(%rbx) # (_u4RH::I64) = call "ccall" arg hints: [PtrHint,] result hints: [PtrHint] suspendThread(BaseReg, 0); subq $8,%rsp # native-call stack adjustment movq %r13,%rdi # setup argument 1 (BaseReg) xorl %esi,%esi # setup argument 2 (0) movq %rax,%rbx # Save $rax in callee-saved register xorl %eax,%eax # ??? call suspendThread addq $8,%rsp # undo stack adjustment subq $8,%rsp # redo stack adjustment; silly GHC movq %rbx,%rdi # ??? <---- This is where the bad argument comes from movq %rax,%rbx # Ahhh, I think I see xorl %eax,%eax call test # Native call addq $8,%rsp # undo stack adjustment subq $8,%rsp # you are such a joker, GHC movq %rbx,%rdi xorl %eax,%eax call resumeThread ... }}} It looks to me like what happens here is that we spill `$rax` (which contains a pointer to the current `MVar` closure) to `$rbx` twice, losing knowledge of the first spill. Consequently we end up passing the `MVar` as the argument to `test`. Hilarity ensues. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:11 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by hsyl20): You don't need the FFI to trigger the bug. You can replace: {{{#!haskell foreign import ccall safe "test" c_test :: Ptr Word32 -> IO () }}} with: {{{#!haskell {-# NOINLINE c_test #-} c_test :: Ptr Word32 -> IO () c_test ptr = poke ptr 0xDEADBEEF }}} -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:13 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by andrewchen): Really interestingly replacing `forever` with `replicateM_ 1000000000` doesn't trigger the bug anymore. A bit of speculation: compiler sees that the `touch#` at the end of `allocaBytes` is unreachable due to `forever`, and so ignores it and allows the allocated are to be GC'ed. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:15 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari): Very good insights, alexbiehl and andrewchen. Indeed it looks indeed the GC is (correctly, given the code) concluding that the array is unreachable. Looking at the `-dverbose-core2core` output one sees that the `touch#` call is dropped during one of the simplifier passes (`SimplMode {Phase = 0 [post-call-arity], inline, rules, eta-expand, case-of-case}`). That is certainly the bug. To answer, a few of your questions:

is it ok to store an address which clearly points into heap allocated memory but doesn't point to an info table?

In the above case, the answer is probably yes. This pointer is saved as a field of a stack frame (namely a return frame for `block_c4Dx_info`). The info table for this frame likely declares this field as a non-pointer. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:17 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by simonpj): * cc: simonmar (added) Comment:

It looks like to avoid this we will either need to teach the simplifier not to throw away otherwise dead continuations which contain some "important" primops

Can you give an example to show what it is throwing away, and why that's bad? I don't get it yet. I have even forgotten why `touch#` exists. Copying Simon Marlow. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:19 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

I imagine the simplifier has proven that action never returns and then dropped the case with the continuation containing the `touch#`. That seems

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: infoneeded Priority: highest | Milestone: Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari): like a reasonable thing to do. Correct. I believe it is `Simplify.rebuildCall` that is responsible for this. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:21 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: patch Priority: highest | Milestone: 8.2.2 Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Phab:D4110 Wiki Page: | -------------------------------------+------------------------------------- Comment (by simonpj): ...for an implementation of `with#`, that is. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:23 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: patch Priority: highest | Milestone: 8.2.2 Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by simonpj): * differential: Phab:D4110 => Comment: Let's move discussion of `with#` to new ticket just for that purpose: #14375. This ticket remains to track the bug reported in the Description. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:25 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: bgamari Type: bug | Status: patch Priority: highest | Milestone: 8.4.1 Component: Runtime System | Version: 8.2.1 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by bgamari): * owner: (none) => bgamari -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:27 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.4.4 Component: Compiler | Version: 8.4.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Changes (by hsyl20): * status: closed => new * differential: => Phab:D5020 * component: Runtime System => Compiler * version: 8.2.1 => 8.4.3 * milestone: 8.4.1 => 8.4.4 * owner: bgamari => (none) * resolution: fixed => Comment: Sadly 404bf05ed3193e918875cd2f6c95ae0da5989be2 never made into HEAD nor GHC 8.4 branch and #14375 hasn't been completed before GHC 8.4 release. Hence HEAD and 8.4.* suffer from this bug (see #15260). I've made a new diff reintroducing the workaround and adding a regression test: Phab:D5020. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:30 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

This issue seems quite serious to me and it's actually encountered in

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.6.1 Component: Compiler | Version: 8.5 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: #15260 | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Comment (by hsyl20): Replying to [comment:31 osa1]: the wild (see the related ticket). bgamari, can we milestone this for the next release? Could we also have a 8.4.4 release?

comment:29 says "correctness issue is resolved for now" but I don't see how. As far as I can see no commits were done for this ticket.

It was fixed in 8.2.2: https://git.haskell.org/ghc.git/commitdiff/404bf05ed3193e918875cd2f6c95ae0da... -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:32 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.6.1 Component: Compiler | Version: 8.5 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: #15260 | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Comment (by simonpj):

Ah, I guess the patch was only merged to 8.2.2 branch (not to master).

That's terrible. And very unusual; usually we put things on master first and then merge to a branch. However, if I understand aright: * The patch in 8.2.2 (comment:33 above) is very much a hack. * The real fix is in #14375 * There is an active patch for #14375 So we should make sure that the patch for #14375 does fix this ticket, and #15260 -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:34 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.6.1 Component: Compiler | Version: 8.5 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: #15260 | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Comment (by svenpanne): So this looks like a hint that there will be a GHC 8.4.4. :-) Can we bump the haddock submodule in that branch, too, to get a fix for https://github.com/haskell/haddock/issues/837? That issue is quite annoying, breaking lots of packages when built with stack. Perhaps there is already a ticket for this, but I couldn't find it. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:36 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.6.1 Component: Compiler | Version: 8.5 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: #15260 | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Comment (by hsyl20): Thanks Ben. Could you also merge the test case from Phab:D5020 so that it doesn't get lost? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:38 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#14346: 8.2.1 regression: heap corruption after safe foreign calls -------------------------------------+------------------------------------- Reporter: andrewchen | Owner: (none) Type: bug | Status: new Priority: highest | Milestone: 8.6.1 Component: Compiler | Version: 8.5 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: Runtime crash | Test Case: Blocked By: | Blocking: Related Tickets: #15260 | Differential Rev(s): Phab:D5020 Wiki Page: | -------------------------------------+------------------------------------- Comment (by bgamari):

Thanks Ben. Could you also merge the test case from ​Phab:D5020 so that it doesn't get lost?

Sure. Done in f8e5da92c0160a675e1666a5d6ed6a8ffcae193c. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/14346#comment:40 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler