[SR-11285] EXC_BAD_ACCESS when self in convenience override init of an NSObject subclass is type-casted to a non-class protocol or passed to a generic func #53686

swift-ci · 2019-08-09T23:05:35Z


Previous ID	SR-11285
Radar	None
Original Reporter	ellsk (JIRA User)
Type	Bug

Environment

Repro Env:

Xcode 10.2.1 (swift language version = 5.0)

Mac OS: 10.14.5

Note: Crash doesn't happen if swift version is set to 4.2 on Xcode 10.2.1, or on the latest Xcode 11 beta5 (swift 5.1 compiler, swift language version = 5).

Additional Detail from JIRA


Votes	0
Component/s	Compiler
Labels	Bug
Assignee	None
Priority	Medium

md5: e771a51601b0da55f6cd9deae8f4316e

Issue Description:

When self is (1) type-casted to a non-class protocol (which it conforms to), or (2) passed to a generic func, in a convenience override initializer (after self.init(..)) of an NSObject subclass, it causes a crash on swift_getObjectType call. The stacktrace looks the same for both cases (see below).

This doesn't happen if it doesn't inherit NSObject, or if the convenience override init is annotated with @nonobjc, or if the class is final, or if I call the generic func (or func accepting a protocol arg) after convenience override init is returned.

If the protocol is a class protocol, the crash doesn't happen for the case (1), but still happens for the case (2) above.

This is seen on Xcode 10.2.1 with swift language version set to 5.0. Note that the crash doesn't happen if swift version is set to 4.2 on Xcode 10.2.1, or on the latest Xcode 11 beta5 (swift 5.1 compiler, swift language version = 5).

Can you elaborate on what the bug was on this version and the fix for it? Sil produced by both Xcode versions (with swift lang version = 5) look the same. Also is there any other workaround besides the ones mentioned above? We need to be on this version for another couple of months.

Code example

[File.swift]

import Foundation

protocol Bar {}

class Foo: NSObject, Bar {

    init(x: Int) { super.init() }

    convenience override init() {

        self.init(x: 1)

        baz(self)  // Crash:  EXC_BAD_ACCESS (code=1, address= ...) for case (1)
        cat(self)  // Crash:  EXC_BAD_ACCESS (code=1, address= ...) for case (2)

    }

    func baz(_ arg: Bar) {}
    func cat<T>(_ arg: T) {}
}


[AppDelegate.swift]

@UIApplicationMain
class AppDelegate: UIResponder, UIApplicationDelegate {
    func application(_ application: UIApplication, didFinishLaunchingWithOptions launchOptions: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        _ = Foo()
        return true
    }
}

Stacktrace

* thread #&#8203;1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x175580e40570)

    frame #&#8203;0: 0x000000010bc96299 libswiftCore.dylib`swift_getObjectType + 57

  * frame #&#8203;1: 0x000000010a75f0c5 BRW`Foo.init() at File.swift:10:13

    frame #&#8203;2: 0x000000010a75f1a3 BRW`@objc Foo.init() at <compiler-generated>:0

    frame #&#8203;3: 0x000000010a75f04b BRW`Foo.__allocating_init() at File.swift:0

    frame #&#8203;4: 0x000000010a75f493 BRW`AppDelegate.application(application=0x00007fd37b401460, launchOptions=nil, self=0x000060000003c280) at AppDelegate.swift:18:13

    frame #&#8203;5: 0x000000010a75f574 BRW`@objc AppDelegate.application(_:didFinishLaunchingWithOptions:) at <compiler-generated>:0

    frame #&#8203;6: 0x000000010f2b3311 UIKitCore`-[UIApplication _handleDelegateCallbacksWithOptions:isSuspended:restoreState:] + 280

    frame #&#8203;7: 0x000000010f2b4cad UIKitCore`-[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 3932

    frame #&#8203;8: 0x000000010f2ba0c6 UIKitCore`-[UIApplication _runWithMainScene:transitionContext:completion:] + 1617

    frame #&#8203;9: 0x000000010eaff6d6 UIKitCore`__111-[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:]_block_invoke + 904

    frame #&#8203;10: 0x000000010eb07fce UIKitCore`+[_UICanvas _enqueuePostSettingUpdateTransactionBlock:] + 153

    frame #&#8203;11: 0x000000010eaff2ec UIKitCore`-[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:] + 236

    frame #&#8203;12: 0x000000010eaffc48 UIKitCore`-[__UICanvasLifecycleMonitor_Compatability activateEventsOnly:withContext:completion:] + 1091

    frame #&#8203;13: 0x000000010eafdfba UIKitCore`__82-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:]_block_invoke + 782

    frame #&#8203;14: 0x000000010eafdc71 UIKitCore`-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:] + 433

    frame #&#8203;15: 0x000000010eb029b6 UIKitCore`__125-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:]_block_invoke + 576

    frame #&#8203;16: 0x000000010eb03610 UIKitCore`_performActionsWithDelayForTransitionContext + 100

    frame #&#8203;17: 0x000000010eb0271d UIKitCore`-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:] + 223

    frame #&#8203;18: 0x000000010eb076d0 UIKitCore`-[_UICanvas scene:didUpdateWithDiff:transitionContext:completion:] + 392

    frame #&#8203;19: 0x000000010f2b89a8 UIKitCore`-[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 514

    frame #&#8203;20: 0x000000010ee6fdfa UIKitCore`-[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 361

    frame #&#8203;21: 0x0000000117bb6125 FrontBoardServices`-[FBSSceneImpl _didCreateWithTransitionContext:completion:] + 448

    frame #&#8203;22: 0x0000000117bbfed6 FrontBoardServices`__56-[FBSWorkspace client:handleCreateScene:withCompletion:]_block_invoke_2 + 283

    frame #&#8203;23: 0x0000000117bbf700 FrontBoardServices`__40-[FBSWorkspace _performDelegateCallOut:]_block_invoke + 53

    frame #&#8203;24: 0x000000010ddb7db5 libdispatch.dylib`_dispatch_client_callout + 8

    frame #&#8203;25: 0x000000010ddbb2ba libdispatch.dylib`_dispatch_block_invoke_direct + 300

    frame #&#8203;26: 0x0000000117bf1146 FrontBoardServices`__FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK__ + 30

    frame #&#8203;27: 0x0000000117bf0dfe FrontBoardServices`-[FBSSerialQueue _performNext] + 451

    frame #&#8203;28: 0x0000000117bf1393 FrontBoardServices`-[FBSSerialQueue _performNextFromRunLoopSource] + 42

    frame #&#8203;29: 0x000000010c98bbe1 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17

    frame #&#8203;30: 0x000000010c98b463 CoreFoundation`__CFRunLoopDoSources0 + 243

    frame #&#8203;31: 0x000000010c985b1f CoreFoundation`__CFRunLoopRun + 1231

    frame #&#8203;32: 0x000000010c985302 CoreFoundation`CFRunLoopRunSpecific + 626

    frame #&#8203;33: 0x0000000114b0a2fe GraphicsServices`GSEventRunModal + 65

    frame #&#8203;34: 0x000000010f2bbba2 UIKitCore`UIApplicationMain + 140

    frame #&#8203;35: 0x000000010a75fc4b BRW`main at AppDelegate.swift:12:7

    frame #&#8203;36: 0x000000010de2c541 libdyld.dylib`start + 1

The text was updated successfully, but these errors were encountered:

swift-ci transferred this issue from apple/swift-issues Apr 25, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SR-11285] EXC_BAD_ACCESS when self in convenience override init of an NSObject subclass is type-casted to a non-class protocol or passed to a generic func #53686

[SR-11285] EXC_BAD_ACCESS when self in convenience override init of an NSObject subclass is type-casted to a non-class protocol or passed to a generic func #53686

swift-ci commented Aug 9, 2019

[SR-11285] EXC_BAD_ACCESS when self in convenience override init of an NSObject subclass is type-casted to a non-class protocol or passed to a generic func #53686

[SR-11285] EXC_BAD_ACCESS when self in convenience override init of an NSObject subclass is type-casted to a non-class protocol or passed to a generic func #53686

Comments

swift-ci commented Aug 9, 2019

Code example

Stacktrace