search

dart-lang / sdk

The Dart SDK, including the VM, JS and Wasm compilers, analysis, core libraries, and more.
https://dart.dev
BSD 3-Clause "New" or "Revised" License
10.11k stars 1.57k forks source link

Segfault when using onError with Isolate.spawn and an InvalidExpression #45865

Open simolus3 opened 3 years ago

simolus3 commented 3 years ago

When running a kernel file referencing a field with an InvalidExpression as its initializer in an isolate with an onError handler, the VM crashes:

===== CRASH =====
si_signo=Segmentation fault(11), si_code=1, si_addr=(nil)
version=2.12.4 (stable) (Thu Apr 15 12:26:53 2021 +0200) on "linux_x64"
pid=136094, thread=136106, isolate_group=main(0x55befc6fdc00), isolate=main(0x55befc69b000)
isolate_instructions=55befa06c3a0, vm_instructions=55befa06c3a0
  pc 0x00007f0ecb9dc505 fp 0x00007f0ec1dfe740 /usr/lib/libc.so.6+0x161505
  pc 0x000055befa2035c0 fp 0x00007f0ec1dfe780 dart::ApiMessageWriter::WriteCObject(_Dart_CObject*)+0x160
  pc 0x000055befa20427b fp 0x00007f0ec1dfe7e0 dart::ApiMessageWriter::WriteCMessage(_Dart_CObject*, long, dart::Message::Priority)+0x2b
  pc 0x000055befa22fbf2 fp 0x00007f0ec1dfe940 dart::Isolate::NotifyErrorListeners(char const*, char const*)+0x132
  pc 0x000055befa22f669 fp 0x00007f0ec1dfe9a0 dart::IsolateMessageHandler::ProcessUnhandledException(dart::Error const&)+0x279
  pc 0x000055befa22f1b9 fp 0x00007f0ec1dfeb90 dart::IsolateMessageHandler::HandleMessage(std::__2::unique_ptr<dart::Message, std::__2::default_delete<dart::Message> >)+0x5c9
  pc 0x000055befa25b486 fp 0x00007f0ec1dfec00 dart::MessageHandler::HandleMessages(dart::MonitorLocker*, bool, bool)+0x146
  pc 0x000055befa25bb3a fp 0x00007f0ec1dfec60 dart::MessageHandler::TaskCallback()+0x1da
  pc 0x000055befa369a88 fp 0x00007f0ec1dfece0 dart::ThreadPool::WorkerLoop(dart::ThreadPool::Worker*)+0x148
  pc 0x000055befa369f5c fp 0x00007f0ec1dfed10 dart::ThreadPool::Worker::Main(unsigned long)+0x5c
  pc 0x000055befa2e159d fp 0x00007f0ec1dfedd0 dart+0x1c5259d
-- End of DumpStackTrace

See the comment for an easy repro. I've tested this on 2.12.4 stable and 2.14.0-57.0.dev.

simolus3 commented 3 years ago

Much smaller repro, note that the frontend generates similar files for invalid sources.

// @dart=2.9
import 'dart:io';
import 'dart:isolate';

import 'package:kernel/kernel.dart';

void main() {
  final component = Component();
  final lib = Library(Uri.parse('package:foo/bar.dart'));
  component.libraries.add(lib);

  final field = Field.immutable(Name('field'),
      initializer: InvalidExpression('field'), isStatic: true);
  lib.addField(field);

  final fun = FunctionNode(ExpressionStatement(StaticGet(field)));
  final proc =
      Procedure(Name('main'), ProcedureKind.Method, fun, isStatic: true);
  lib.addProcedure(proc);
  component.setMainMethodAndMode(
      proc.reference, true, NonNullableByDefaultCompiledMode.Weak);

  final file = File('crash.dill')
    ..writeAsBytesSync(writeComponentToBytes(component));

  Isolate.spawnUri(
    Uri.file(file.absolute.path),
    const [],
    ReceivePort().sendPort,
    onError: ReceivePort().sendPort,
  );
}
simolus3 commented 3 years ago

In Isolate::NotifyErrorListeners, stacktrace is a nullptr which I think is causing the errors here.