From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <sweeks@janestcapital.com>
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on yquem.inria.fr
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=disabled 
	version=3.1.3
X-Original-To: caml-list@yquem.inria.fr
Delivered-To: caml-list@yquem.inria.fr
Received: from mail4-relais-sop.national.inria.fr (mail4-relais-sop.national.inria.fr [192.134.164.105])
	by yquem.inria.fr (Postfix) with ESMTP id A99D6BC6B
	for <caml-list@yquem.inria.fr>; Mon, 11 Feb 2008 21:04:01 +0100 (CET)
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAAAA85sEfAXQImh2dsb2JhbACQOgEBAQgKKZk2
X-IronPort-AV: E=Sophos;i="4.25,334,1199660400"; 
   d="scan'208";a="22488491"
Received: from discorde.inria.fr ([192.93.2.38])
  by mail4-smtp-sop.national.inria.fr with ESMTP; 11 Feb 2008 21:04:01 +0100
Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83])
	by discorde.inria.fr (8.13.6/8.13.6) with ESMTP id m1BK3u5P032058
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=OK)
	for <caml-list@inria.fr>; Mon, 11 Feb 2008 21:04:01 +0100
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AgAAAMU4sEdCm3xrnWdsb2JhbACQOgEBAQEBCg8ImUw
X-IronPort-AV: E=Sophos;i="4.25,334,1199660400"; 
   d="scan'208";a="7179308"
Received: from www.janestcapital.com (HELO smtp.janestcapital.com) ([66.155.124.107])
  by mail2-smtp-roc.national.inria.fr with ESMTP; 11 Feb 2008 21:04:00 +0100
Received: from qsmtp.delacy.com [38.96.172.125] by janestcapital.com with ESMTP
  (SMTPD-9.10) id AA2F0618; Mon, 11 Feb 2008 15:03:59 -0500
Received: from nyc-qws-r03.delacy.com ([172.25.65.47] helo=nyc-qws-r03)
	by qsmtp.delacy.com with smtp (Exim 4.62)
	(envelope-from <sweeks@janestcapital.com>)
	id 1JOesf-0000SV-Hc; Mon, 11 Feb 2008 15:03:58 -0500
Received: by nyc-qws-r03 (sSMTP sendmail emulation); Mon, 11 Feb 2008 15:03:57 -0500
From: "Stephen Weeks" <sweeks@janestcapital.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <18352.43565.401296.820373@nyc-qws-r03.delacy.com>
Date: Mon, 11 Feb 2008 15:03:57 -0500
To: caml-list@inria.fr
Subject: type unsoundness with constraints and polymorphic variants
X-Mailer: VM 7.19 under Emacs 23.0.50.1
X-Miltered: at discorde with ID 47B0AA2C.000 by Joe's j-chkmail (http://j-chkmail . ensmp . fr)!
X-Spam: no; 0.00; variants:01 ocaml:01 segfault:01 runtime:01 read-only:01 bug:01 segfault:01 sig:01 val:01 struct:01 polymorphic:01 compile:01 functions:01 constraint:01 match:02 


We've hit a type unsoundness in OCaml that can easily cause a segfault
at runtime.  It came up in some code that uses phantom types to
express whether or not a structure can be mutated and the identity
functions to convert from a read-write object to a read-only view.

Here is a distillation of the bug.  If you compile this, you get a
warning about line 11 being an unused case.  If you then run the
resulting executable, you get a segfault.

--------------------------------------------------------------------------------
type 'a t = 'a constraint 'a = [< `X | `Y of unit -> unit ]

module M : sig
  val f : 'a t -> [ `Y of unit -> unit ] t
end = struct
  let f x = x
end

let () =
  match M.f `X with
  | `X -> ()  (* line 11 *)
  | `Y f -> f ()