New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-8481] Crash in storeEnumTagSinglePayload #51002
Comments
Comment by Fabian Ehrentraud (JIRA) Maybe the issue somehow stems from the code accessing an array with an element type of two protocols ( |
@jckarter, @slavapestov, do you remember anything like this? Fabian, have you tested with Xcode 10 betas yet? |
Sounds like https://bugs.swift.org/browse/SR-7743. |
We had inconclusive anecdata from @mattneub that SR-7743 doesn't appear in Xcode 10 beta 1, but we were never able to narrow down the underlying cause AFAIK. I do recall @mikeash caught and fixed a sporadic out-of-bounds access during value witness table instantiation with types with extra inhabitants, which seems like it could have been one possible underlying cause of these crashes. |
This and SR-7743 both look exactly like the problem I fixed. The PR for the fix is: #17880 The bug was a read to memory slightly beyond the end of a metadata structure. This happened frequently (any time these functions were called on a metadata structure that's not `ExtraInhabitantsValueWitnessTable`) but the value was never used, so most of the time it was harmless. Every so often, you'd line things up just right where the read spilled over onto the next page and the next page wasn't readable, and you'd crash. The key indicator is a crash in `storeEnumTagSinglePayload` or a similar function at an address that's either exactly at the start of a page, or 8 (or possibly 16) bytes beyond it. That's exactly what this crash shows. |
Comment by Fabian Ehrentraud (JIRA) Since we cannot reproduce the issue locally, I can only judge by the amount of crashes from our live app. Crashes nearly have completely dropped off in iOS 12. Of course that also could be related to the sporadic nature of this crash, and the low iOS 12 beta adoption rate from users of our live app. Here I have one crash from iOS 12 build 16A5345f: Crashed: com.apple.main-thread
EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x000000010b8ac008
Crashed: com.apple.main-thread
0 libswiftCore.dylib 0x107396734 swift::metadataimpl::NonFixedValueWitnesses<swift::metadataimpl::NonFixedOpaqueExistentialBox, true>::storeEnumTagSinglePayload(swift::OpaqueValue*, int, unsigned int, swift::TargetMetadata<swift::InProcess> const*) + 20
1 willhaben 0x104fb1b0c specialized WHCollectionViewSectionsModel.dequeueAndConfigureSupplementaryView(withKind:collectionView:indexPath:) (WHCollectionViewModel.swift:103)
2 willhaben 0x104f6a43c @objc FeedViewController.collectionView(_:viewForSupplementaryElementOfKind:at:) (FeedViewController.swift:262)
3 UIKitCore 0x223b105dc <redacted> + 504
4 UIKitCore 0x223b13d0c <redacted> + 4072
5 UIKitCore 0x223b18d88 <redacted> + 324
6 UIKitCore 0x22411d570 <redacted> + 1380 And here is one from iOS 12 build 16A5327f: Crashed: com.apple.main-thread
EXC_BAD_ACCESS KERN_INVALID_ADDRESS 0x000000010fae8008
Crashed: com.apple.main-thread
0 libswiftCore.dylib 0x107676734 swift::metadataimpl::NonFixedValueWitnesses<swift::metadataimpl::NonFixedOpaqueExistentialBox, true>::storeEnumTagSinglePayload(swift::OpaqueValue*, int, unsigned int, swift::TargetMetadata<swift::InProcess> const*) + 20
1 willhaben 0x10525223c @objc FeedViewController.collectionView(_:numberOfItemsInSection:) (WHCollectionViewModel.swift:124)
2 UIKitCore 0x25ff28dd4 -[UICollectionViewData _updateItemCounts] + 380
3 UIKitCore 0x25ff2ae38 -[UICollectionViewData numberOfSections] + 28
4 UIKitCore 0x25ff34ab8 -[UICollectionViewFlowLayout _getSizingInfosWithExistingSizingDictionary:] + 580
5 UIKitCore 0x25ff36a20 -[UICollectionViewFlowLayout _fetchItemsInfoForRect:] + 260
6 UIKitCore 0x25ff30874 -[UICollectionViewFlowLayout prepareLayout] + 224
7 UIKitCore 0x25ff290c4 -[UICollectionViewData _prepareToLoadData] + 228
8 UIKitCore 0x25ff29904 -[UICollectionViewData validateLayoutInRect:] + 104
9 UIKitCore 0x25fefaf98 -[UICollectionView layoutSubviews] + 228
10 UIKitCore 0x2604fd0c0 -[UIView(CALayerDelegate) layoutSublayersOfLayer:] + 1444 |
The bug is/was in the Swift dylibs which get embedded in your app, so an updated OS won't fix it. It's possible that it will cause the crash to happen more or less frequently due to differences in where pages are allocated, but the fundamental problem won't change. So the bad news is that if you use Xcode 9.something, you'll have the bug even on iOS 12. The good news is that once you build with an Xcode that has the fix, the bug will go away even on older versions of iOS. |
Attachment: Download
Environment
Swift 4.1.2
Additional Detail from JIRA
md5: 257b1885667984f82c4d2cb09ceda5c6
duplicates:
relates to:
Issue Description:
In production I have quite a few crashes with varying backtraces, but all crashing at this point:
I cannot reproduce it locally.
Attached there is the code that seems to be affected (cannot be run by itself). Crashes happen in different UICollectionView delegate/datasource callbacks. All the crashes seem to point to the method
WHCollectionViewSectionsModel.sectionModelAtSectionIndex(_ section: Int)
, even though in different crash reports, some of the methods in between do not show up.Example:
The text was updated successfully, but these errors were encountered: