[SR-14874] Runtime crash demangling type metadata in SwiftPM executable target #57221

sharplet · 2021-07-04T17:29:41Z


Previous ID	SR-14874
Radar	rdar://problem/80238310
Original Reporter	@sharplet
Type	Bug
Status	Resolved
Resolution	Invalid

Environment

Xcode 12.5
Build version 12E262
Apple Swift version 5.4 (swiftlang-1205.0.26.9 clang-1205.0.19.55)
Target: x86_64-apple-darwin20.5.0

Xcode 13.0
Build version 13A5155e
swift-driver version: 1.26 Apple Swift version 5.5 (swiftlang-1300.0.20.104 clang-1300.0.21.1)
Target: x86_64-apple-macosx11.0

Additional Detail from JIRA


Votes	0
Component/s	Compiler
Labels	Bug
Assignee	@mikeash
Priority	Medium

md5: 5540ecf7c2789e81332bf70a229be7db

Issue Description:

Here is the stack trace of the crash, captured in Xcode 13 beta 2:

Thread 1 Queue : com.apple.main-thread (serial)
#&#8203;0  0x00007fff203c156e in __abort_with_payload ()
#&#8203;1  0x00007fff203c2fbd in abort_with_payload_wrapper_internal ()
#&#8203;2  0x00007fff203c2f6d in abort_with_reason ()
#&#8203;3  0x0000000100b213d2 in pthread_self.cold.1 ()
#&#8203;4  0x0000000100b1a41b in pthread_self ()
#&#8203;5  0x00007fff2caa0559 in _swift_getGenericMetadata(swift::MetadataRequest, void const* const*, swift::TargetTypeContextDescriptor<swift::InProcess> const*) ()
#&#8203;6  0x00007fff2ca7a180 in __swift_instantiateCanonicalPrespecializedGenericMetadata ()
#&#8203;7  0x00007fff2cac3804 in (anonymous namespace)::DecodedMetadataBuilder::createBoundGenericType(swift::TargetContextDescriptor<swift::InProcess> const*, __swift::__runtime::llvm::ArrayRef<swift::TargetMetadata<swift::InProcess> const*>, swift::TargetMetadata<swift::InProcess> const*) const ()
#&#8203;8  0x00007fff2cac0e7d in swift::Demangle::__runtime::TypeDecoder<(anonymous namespace)::DecodedMetadataBuilder>::decodeMangledType(swift::Demangle::__runtime::Node*) ()
#&#8203;9  0x00007fff2cabfc42 in swift::Demangle::__runtime::TypeDecoder<(anonymous namespace)::DecodedMetadataBuilder>::decodeMangledType(swift::Demangle::__runtime::Node*) ()
#&#8203;10 0x00007fff2cabe298 in swift_getTypeByMangledNodeImpl(swift::MetadataRequest, swift::Demangle::__runtime::Demangler&, swift::Demangle::__runtime::Node*, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#&#8203;11 0x00007fff2cabe06d in swift::swift_getTypeByMangledNode(swift::MetadataRequest, swift::Demangle::__runtime::Demangler&, swift::Demangle::__runtime::Node*, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#&#8203;12 0x00007fff2cabe7a7 in swift_getTypeByMangledNameImpl(swift::MetadataRequest, __swift::__runtime::llvm::StringRef, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#&#8203;13 0x00007fff2cabbd6d in swift::swift_getTypeByMangledName(swift::MetadataRequest, __swift::__runtime::llvm::StringRef, void const* const*, std::__1::function<swift::TargetMetadata<swift::InProcess> const* (unsigned int, unsigned int)>, std::__1::function<swift::TargetWitnessTable<swift::InProcess> const* (swift::TargetMetadata<swift::InProcess> const*, unsigned int)>) ()
#&#8203;14 0x00007fff2cabbf9b in swift_getTypeByMangledNameInContext ()
#&#8203;15 0x0000000100062369 in __swift_instantiateConcreteTypeFromMangledName ()
#&#8203;16 0x00000001000fef5b in static HelpGenerator.generateSections(commandStack:) at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Usage/HelpGenerator.swift:219
#&#8203;17 0x00000001000fb94c in HelpGenerator.init(commandStack:) at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Usage/HelpGenerator.swift:134
#&#8203;18 0x0000000100104f7f in MessageInfo.init(error:type:) at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Usage/MessageInfo.swift:72
#&#8203;19 0x00000001000a05fa in static ParsableArguments.exit(withError:) at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Parsable Types/ParsableArguments.swift:183
#&#8203;20 0x00000001000ad916 in static ParsableCommand.main(_:) at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Parsable Types/ParsableCommand.swift:97
#&#8203;21 0x00000001000ad9f7 in static ParsableCommand.main() at /Users/user/Library/Developer/Xcode/DerivedData/swift-git-henjnxlnihocntecivdxdpsxzcbk/SourcePackages/checkouts/swift-argument-parser/Sources/ArgumentParser/Parsable Types/ParsableCommand.swift:105
#&#8203;22 0x0000000100005b92 in main at /Users/user/src/sharplet/swift-git/Sources/swift-git/main.swift:10
#&#8203;23 0x00007fff203eff5d in start ()
#&#8203;24 0x00007fff203eff5d in start ()

The interesting thing is I can only reproduce it when the executable target is part of the swift-git package. If I create a separate package and add swift-git as a dependency, with the same source code, there's no crash. This includes both SwiftPM at the command line and Xcode projects.

Steps to reproduce:

Clone https://github.com/sharplet/swift-git-example.
Check out the Git tag metadata-crash (commit 050844ba8eaac4da70185d0b33356201c2ee725b).
Update submodules with git submodule update --init.
Run the bin/bad script.
For comparison, run bin/good.

The two scripts demonstrate two ways of building an executable from the same source code. One uses swift-git as a package dependency (the working one), and the other is defined as part of the same package.

I have also reproduced the same crash without swift-argument-parser, this time when calling print(_:) with an argument of type Git.GitError.

The text was updated successfully, but these errors were encountered:

typesanitizer · 2021-07-07T00:49:28Z

@swift-ci create

mikeash · 2021-07-08T15:07:30Z

This is a fun one! The pthread_t for the main thread is being corrupted by set_error_from_buffer in libgit2. It looks like this is happening because git_threadstate_global_init is never called, which means tls_key is never properly initialized. Using the initial value of 0 apparently leads to hilarity when doing GIT_THREADSTATE->last_error = error.

Manually calling git_threadstate_global_init produces a crash on a NULL dereference in errors.c. Not sure what's going wrong there, but it looks like it isn't specific to Swift. The Swift runtime just happens to be the first thing that detects the corruption in this case.

swift-ci transferred this issue from apple/swift-issues Apr 25, 2022

This issue was closed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SR-14874] Runtime crash demangling type metadata in SwiftPM executable target #57221

[SR-14874] Runtime crash demangling type metadata in SwiftPM executable target #57221

sharplet commented Jul 4, 2021

typesanitizer commented Jul 7, 2021

mikeash commented Jul 8, 2021

[SR-14874] Runtime crash demangling type metadata in SwiftPM executable target #57221

[SR-14874] Runtime crash demangling type metadata in SwiftPM executable target #57221

Comments

sharplet commented Jul 4, 2021

typesanitizer commented Jul 7, 2021

mikeash commented Jul 8, 2021