search

JuliaLang / julia

The Julia Programming Language
https://julialang.org/
MIT License
45.87k stars 5.49k forks source link

Julia 1.11.1 Bug: splatting `collect(kwargs)` into an array can crash julia if kwargs are empty #56628

Open hhaensel opened 6 days ago

hhaensel commented 6 days ago

According to my tests splatting collect(kwargs) into an array crashes julia if kwargs are empty and two or more types are part of the array Here's my MNWE after some hours of drill-down.

f1(; kwargs...) = Any[collect(kwargs)...]
f2(; kwargs...) = [1, collect(kwargs)...]
f3(; kwargs...) = Any[1, collect(kwargs)...]
f4(; kwargs...) = [1:10, 1, collect(kwargs)...]
f5(; kwargs...) = [1:10, 1, [kwargs...]...]

# works
f1()
f2()
f5()
f3(kw = "hi")
f4(kw = "hi")

# crashes
f3()
f4()

with the following message

Unreachable reached at 00000114787988b5

Please submit a bug report with steps to reproduce this fault, and any error messages that follow (in their entirety). Thanks.
Exception: EXCEPTION_ILLEGAL_INSTRUCTION at 0x114787988b5 -- #f4#45 at .\REPL[4]:1
in expression starting at REPL[10]:1
#f4#45 at .\REPL[4]:1
f4 at .\REPL[4]:1
unknown function (ip: 0000011478798954)
jl_apply at C:/workdir/src\julia.h:2157 [inlined]
do_call at C:/workdir/src\interpreter.c:126
eval_value at C:/workdir/src\interpreter.c:223
eval_stmt_value at C:/workdir/src\interpreter.c:174 [inlined]
eval_body at C:/workdir/src\interpreter.c:681
jl_interpret_toplevel_thunk at C:/workdir/src\interpreter.c:821
jl_toplevel_eval_flex at C:/workdir/src\toplevel.c:943
jl_toplevel_eval_flex at C:/workdir/src\toplevel.c:886
ijl_toplevel_eval at C:/workdir/src\toplevel.c:952 [inlined]
ijl_toplevel_eval_in at C:/workdir/src\toplevel.c:994
eval at .\boot.jl:430 [inlined]
eval_user_input at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:245
repl_backend_loop at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:342
#start_repl_backend#59 at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:327
start_repl_backend at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:324
#run_repl#72 at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:483
run_repl at C:\workdir\usr\share\julia\stdlib\v1.11\REPL\src\REPL.jl:469
jfptr_run_repl_10352 at C:\Users\<user>\.julia\juliaup\julia-1.11.1+0.x64.w64.mingw32\share\julia\compiled\v1.11\REPL\u0gqU_e6ieL.dll (unknown line)
#1139 at .\client.jl:446
jfptr_YY.1139_15054 at C:\Users\<user>\.julia\juliaup\julia-1.11.1+0.x64.w64.mingw32\share\julia\compiled\v1.11\REPL\u0gqU_e6ieL.dll (unknown line)
jl_apply at C:/workdir/src\julia.h:2157 [inlined]
jl_f__call_latest at C:/workdir/src\builtins.c:875
#invokelatest#2 at .\essentials.jl:1055 [inlined]
invokelatest at .\essentials.jl:1052 [inlined]
run_main_repl at .\client.jl:430
repl_main at .\client.jl:567 [inlined]
_start at .\client.jl:541
jfptr__start_73819.1 at C:\Users\<user>\.julia\juliaup\julia-1.11.1+0.x64.w64.mingw32\lib\julia\sys.dll (unknown line)
jl_apply at C:/workdir/src\julia.h:2157 [inlined]
true_main at C:/workdir/src\jlapi.c:900
jl_repl_entrypoint at C:/workdir/src\jlapi.c:1059
mainCRTStartup at C:/workdir/cli\loader_exe.c:58
BaseThreadInitThunk at C:\WINDOWS\System32\KERNEL32.DLL (unknown line)
RtlUserThreadStart at C:\WINDOWS\SYSTEM32\ntdll.dll (unknown line)
Allocations: 2491270 (Pool: 2491227; Big: 43); GC: 5

EDIT: Tested on windows and mac-os and julia v1.11.1, does not occur in julia v1.10

DilumAluthge commented 6 days ago

I'm able to reproduce the crash using the above MWE on Julia 1.11.1. Both f3() and f4() crash for me.

hhaensel commented 6 days ago

Some background: table() of StippleUI crashed in certain situations. This is the commit to work around the bug: https://github.com/GenieFramework/StippleUI.jl/commit/28c630cb721c57eaaf010f6fb601e59d4e4f6402

DilumAluthge commented 6 days ago

I am also able to reproduce the crashes (both f3() and f4()) on Julia nightly (d9d1fc5be8).

DilumAluthge commented 6 days ago

Huh. Why did GitHub say I removed those labels?

hhaensel commented 6 days ago

Wow, you were fast! - It took me much more time to find out the culprit...

DilumAluthge commented 6 days ago

I can also confirm that the crash does not occur on Julia 1.10.6:

julia> f3()
1-element Vector{Any}:
 1

julia> f4()
2-element Vector{Any}:
  1:10
 1

If someone can do a git bisect between Julia 1.10 and 1.11, then we might be able to identify the commit that introduced the bug.

DilumAluthge commented 6 days ago

I'd also be interested in seeing if an assert build of Julia produces any useful messages.

DilumAluthge commented 6 days ago

git bisect blames 0a82b71681028d6b1a49d580496f28ebc214a21e (#51317).

0a82b71681028d6b1a49d580496f28ebc214a21e is the first bad commit
commit 0a82b71681028d6b1a49d580496f28ebc214a21e
Author: Jameson Nash <vtjnash@gmail.com>
Date:   Wed Sep 27 11:31:25 2023 +0200

    inference: avoid inferring unreachable code methods (#51317)

 base/compiler/abstractinterpretation.jl |  57 ++++++++++------
 base/compiler/abstractlattice.jl        |   8 ++-
 base/compiler/optimize.jl               |   4 +-
 base/compiler/ssair/inlining.jl         |   2 +-
 base/compiler/ssair/passes.jl           |   2 +-
 base/compiler/tfuncs.jl                 | 117 ++++++++++++++++----------------
 base/compiler/typelattice.jl            |   4 +-
 base/compiler/typeutils.jl              |  17 +++--
 test/compiler/inference.jl              |  21 ++++++
 9 files changed, 138 insertions(+), 94 deletions(-)
bisect found first bad commit