well this is concerning:
💣 Program crashed: Bad pointer dereference at 0x0000000000000000
Thread 3 crashed:
0 0x00007f2415fc28dd _swift_release_dealloc + 13 in libswiftCore.so
1 0x00007f2415fc329b bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 122 in libswiftCore.so
2 0x00007f2415fb689b swift_arrayDestroy + 58 in libswiftCore.so
3 0x00007f2415d643b7 _ContiguousArrayStorage.__deallocating_deinit + 38 in libswiftCore.so
4 0x00007f2415fc28e0 _swift_release_dealloc + 15 in libswiftCore.so
5 0x00007f2415fc329b bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 122 in libswiftCore.so
i didn’t know what i did to deserve this until i remembered i had used the consuming modifier in some nearby code i had edited earlier.
extension MarkdownInterpreter
{
private mutating
- func append(_ block:__owned MarkdownBlock)
+ func append(_ block:consuming MarkdownBlock)
{
when i use __owned, the app works. when i use consuming, it segfaults.
has anyone else run into something similar recently?
kavon
November 17, 2023, 7:20am
2
This could be an over-release of a value related to the new consuming ownership. Are you able to file a bug about this on GitHub ? A reproducer for this would be great.
i managed to write a test case in swift-unidoc that reproduces this consistently in 09351c8
$ swift run -c release SymbolGraphLinkerTests Topics OneList ImplicitTopic Topics
i don’t have time to reduce this to a smaller reproducer right now, but when i do i’ll file it on GitHub.
2 Likes
gregcotten
November 18, 2023, 1:29am
4
I've been having a similar issue, but it's a stop reason = signal SIGTRAP, and it's happening with Foundation library code. Not pertaining to ownership, though - sorry I saw this post when searching for my own problem and found a somewhat similar stacktrace.
Swift 5.9.1 on Ubuntu 20.04, x68_64
frame #2: 0x00007fff2cc83ff0 libswiftCore.so`_swift_release_dealloc + 16
frame #3: 0x00007fff2cc849ab libswiftCore.so`bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1>>::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 123
frame #4: 0x00007fff2c23d8ec libFoundation.so`Foundation.URL.init(reference: Foundation.NSURL) -> Foundation.URL + 92
frame #5: 0x00007fff2c23cceb libFoundation.so`Foundation.URL.appendingPathComponent(_: Swift.String, isDirectory: Swift.Bool) -> Foundation.URL + 123
gregcotten
November 18, 2023, 1:36am
5
I commented out the code that was causing the issue above and got this (somewhere else in the code)
Swift 5.9.1 on Ubuntu 20.04, x68_64
signal SIGSEGV: invalid address (fault address: 0x100000008)
* frame #0: 0x00007fff2cc83e36 libswiftCore.so`swift_release + 38
frame #1: 0x00007fff2cc7986b libswiftCore.so`swift_arrayDestroy + 59
frame #2: 0x00007fff2cb3d0d1 libswiftCore.so`Swift.__StringStorage.__deallocating_deinit + 49
frame #3: 0x00007fff2cc84ff0 libswiftCore.so`_swift_release_dealloc + 16
frame #4: 0x00007fff2cc859ab libswiftCore.so`bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1>>::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 123
frame #5: 0x00007fff2c1f9922 libFoundation.so`Foundation.ProcessInfo.environment.getter : Swift.Dictionary<Swift.String, Swift.String> + 498
frame #6: 0x00007fff2c06237c libFoundation.so`Foundation.FileManager._urls(for: Foundation.FileManager.SearchPathDirectory, in: Foundation.FileManager.SearchPathDomainMask) -> Swift.Array<Foundation.URL> + 76
i’ve gotten this down to a minimal reproducer, which i filed on GitHub.
opened 09:19PM - 30 Nov 23 UTC
bug
crash
triage needed
### Description
the following test program crashes with a segfault when compile… d with a 5.9.1 toolchain.
### Reproduction
```swift
class Class
{
init()
{
}
}
struct ClassList
{
var array:[Class]
init(_ x:consuming Class)
{
self.array = []
defer
{
self.array.append(x)
}
_ = copy x
}
}
func main()
{
let _:ClassList = .init(Class.init())
}
main()
```
```
$ swiftc Snippets/_Crashes/Refcounting.swift
$ ./Refcounting
```
### Stack dump
```text
💣 Program crashed: Bad pointer dereference at 0x00007fd15e861868
Thread 0 "Refcounting" crashed:
0 0x00007fd15e861868
1 0x00007fd15e60429b bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 122 in libswiftCore.so
2 0x00007fd15e5f789b swift_arrayDestroy + 58 in libswiftCore.so
3 0x00007fd15e3a53b7 _ContiguousArrayStorage.__deallocating_deinit + 38 in libswiftCore.so
4 0x00007fd15e6038e0 _swift_release_dealloc + 15 in libswiftCore.so
5 0x00007fd15e60429b bool swift::RefCounts<swift::RefCountBitsT<(swift::RefCountInlinedness)1> >::doDecrementSlow<(swift::PerformDeinit)1>(swift::RefCountBitsT<(swift::RefCountInlinedness)1>, unsigned int) + 122 in libswiftCore.so
6 0x000056073eea4f68 main() + 39 in Refcounting
7 0x000056073eea4d29 main + 8 in Refcounting
Segmentation fault (core dumped)
```
### Expected behavior
the defer statement should correctly increment the ref count of the captured binding.
### Environment
```
$ swift --version
Swift version 5.9.1 (swift-5.9.1-RELEASE)
Target: x86_64-unknown-linux-gnu
```
### Additional information
_No response_
it seems to affect defer statements that capture bindings that use the consuming ownership specifier. because the miscompile affects ref counting, the crashes can occur very far away from where the ref count actually diverged, which made it challenging to isolate the actual cause of the crash.
3 Likes
update for 5.10: the original reproducer no longer segfaults (probably due to other ARC optimizations), but the underlying bug is still present. details here