Crash due to an invalid kernel when wildcard variables are used

[alexmarkov]

Consider the following code:

class Foo {
  Foo(this._);
  final double _;
}

main() {
  print(Foo(42));
}

It causes the following crash when run using dart foo.dart:

===== CRASH =====
si_signo=Segmentation fault(11), si_code=SEGV_MAPERR(1), si_addr=0x5b
version=3.7.0-edge (main) (Unknown timestamp) on "linux_x64"
pid=3394805, thread=3394815, isolate_group=main(0x559ccbb38050), isolate=main(0x559ccbb3cf10)
os=linux, arch=x64, comp=no, sim=no
isolate_instructions=559cb2174400, vm_instructions=559cb2174400
fp=7f5476c7e430, sp=7f5476c7e410, pc=7f548fa25f84
  pc 0x00007f548fa25f84 fp 0x00007f5476c7e430 [Unoptimized] new Foo.+0x54
  pc 0x00007f548fa25ed6 fp 0x00007f5476c7e470 [Unoptimized] main+0x76
  pc 0x00007f548fa25e03 fp 0x00007f5476c7e498 [Unoptimized] main+0x73

Kernel for this code:

  class Foo extends core::Object {
    final field core::double _;
    constructor •(wildcard dynamic _#wc0#formal) → foo4::Foo
      : foo4::Foo::_ = _#wc0#formal, super core::Object::•()
      ;
  }
  static method main() → dynamic {
    core::print(new foo4::Foo::•(42));
  }

For some reason, type of the constructor parameter was changed to dynamic. This kernel is incorrectly typed: dynamic parameter is assigned to double field without as check. Crash happens when int 42 is assigned to (unboxed) double field.

/cc @kallentu @johnniwinther @davidmorgan

[kallentu]

Thanks for the issue. Found the problem in the CFE now, will spin up a CL to fix this.