Segmentation fault on specific code

[rbellens]

My dart code crashes with a segmentation fault, when doing similar to the following code:

void main() {
  X();
}

class X {
  late final Y y = Y(
    () async {},
  );

  final double? a;

  final double? b;

  final String? c;

  X({
    this.a,
    this.b,
    this.c,
  });
}

typedef Callback = Future<void> Function();

class Y {
  Y(Callback? f);
}

It seems that the combination of different parts of this code is causing it. E.g. when removing one of the fields a, b or c, it does not crash. The types of these fields on the other hand do not seem to matter. Also initializing the y in the constructor instead of on the definition, fixes the problem. As well as changing the closure to a non-async one.

This is the output when it crashes:

===== CRASH =====
si_signo=Segmentation fault: 11(11), si_code=2, si_addr=0x3c
version=2.12.1 (stable) (Wed Mar 10 10:18:47 2021 +0100) on "macos_x64"
pid=56331, thread=8707, isolate_group=main(0x7fa18d00a600), isolate=main(0x7fa18d00f200)
isolate_instructions=10057aa60, vm_instructions=10057aa60
  pc 0x0000000100ac1800 fp 0x00000003074fde90 dart::kernel::ScopeBuilder::VisitFunctionNode()+0x150
  pc 0x0000000100ac358b fp 0x00000003074fdfb0 dart::kernel::ScopeBuilder::HandleLocalFunction(long)+0x3eb
  pc 0x0000000100ac2118 fp 0x00000003074fe030 dart::kernel::ScopeBuilder::VisitStatement()+0x2b8
  pc 0x0000000100ac1871 fp 0x00000003074fe0e0 dart::kernel::ScopeBuilder::VisitFunctionNode()+0x1c1
  pc 0x0000000100ac358b fp 0x00000003074fe200 dart::kernel::ScopeBuilder::HandleLocalFunction(long)+0x3eb
  pc 0x0000000100ac06aa fp 0x00000003074fe270 dart::kernel::ScopeBuilder::VisitExpression()+0x5da
  pc 0x0000000100ac2c18 fp 0x00000003074fe2a0 dart::kernel::ScopeBuilder::VisitArguments()+0x68
  pc 0x0000000100ac0161 fp 0x00000003074fe310 dart::kernel::ScopeBuilder::VisitExpression()+0x91
  pc 0x0000000100abf1ef fp 0x00000003074fe490 dart::kernel::ScopeBuilder::BuildScopes()+0x84f
  pc 0x0000000100819795 fp 0x00000003074fe7d0 dart::ParsedFunction::EnsureKernelScopes()+0x45
  pc 0x0000000100a8b3c5 fp 0x00000003074fe810 dart::kernel::StreamingFlowGraphBuilder::ParseKernelASTFunction()+0x65
  pc 0x0000000100a8b0ba fp 0x00000003074fe920 dart::kernel::StreamingFlowGraphBuilder::BuildGraph()+0xea
  pc 0x0000000100a9b7e1 fp 0x00000003074febe0 dart::kernel::FlowGraphBuilder::BuildGraph()+0x71
  pc 0x00000001008c4fee fp 0x00000003074fedf0 dart::DartCompilationPipeline::BuildFlowGraph(dart::Zone*, dart::ParsedFunction*, dart::ZoneGrowableArray<dart::ICData const*>*, long, bool)+0x4e
  pc 0x00000001008c6075 fp 0x00000003074ff4b0 dart::CompileParsedFunctionHelper::Compile(dart::CompilationPipeline*)+0x3f5
  pc 0x00000001008c6df3 fp 0x00000003074ff670 dart::CompileFunctionHelper(dart::CompilationPipeline*, dart::Function const&, bool, long)+0x443
  pc 0x00000001008c696c fp 0x00000003074ff700 dart::Compiler::CompileFunction(dart::Thread*, dart::Function const&)+0x1ac
  pc 0x00000001007b9dbf fp 0x00000003074ff730 dart::Function::EnsureHasCode() const+0x4f
  pc 0x00000001008c5426 fp 0x00000003074ff7f0 dart::DRT_CompileFunction(dart::NativeArguments)+0x136
  pc 0x000000010ba02213 fp 0x00000003074ff830 Unknown symbol
  pc 0x000000010ba02274 fp 0x00000003074ff860 Unknown symbol
  pc 0x00000001110a469a fp 0x00000003074ff898 Unknown symbol
  pc 0x00000001110a45d9 fp 0x00000003074ff8c0 Unknown symbol
  pc 0x00000001110a4510 fp 0x00000003074ff918 Unknown symbol
  pc 0x00000001110a34d8 fp 0x00000003074ff948 Unknown symbol
  pc 0x00000001110a3243 fp 0x00000003074ff9a8 Unknown symbol
  pc 0x00000001110a2bf8 fp 0x00000003074ff9e0 Unknown symbol
  pc 0x000000010ba0265f fp 0x00000003074ffa58 Unknown symbol
  pc 0x0000000100727862 fp 0x00000003074ffaf0 dart::DartEntry::InvokeCode(dart::Code const&, dart::Array const&, dart::Array const&, dart::Thread*)+0x112
  pc 0x0000000100727665 fp 0x00000003074ffb60 dart::DartEntry::InvokeFunction(dart::Function const&, dart::Array const&, dart::Array const&, unsigned long)+0x155
  pc 0x000000010072a172 fp 0x00000003074ffbc0 dart::DartLibraryCalls::HandleMessage(dart::Object const&, dart::Instance const&)+0x1e2
  pc 0x000000010074f2f3 fp 0x00000003074ffdb0 dart::IsolateMessageHandler::HandleMessage(std::__1::unique_ptr<dart::Message, std::__1::default_delete<dart::Message> >)+0x4f3
  pc 0x0000000100780d13 fp 0x00000003074ffe30 dart::MessageHandler::HandleMessages(dart::MonitorLocker*, bool, bool)+0x133
  pc 0x0000000100781324 fp 0x00000003074ffe90 dart::MessageHandler::TaskCallback()+0x1e4
  pc 0x00000001008b3858 fp 0x00000003074fff20 dart::ThreadPool::WorkerLoop(dart::ThreadPool::Worker*)+0x158
  pc 0x00000001008b3b1f fp 0x00000003074fff50 dart::ThreadPool::Worker::Main(unsigned long)+0x6f
  pc 0x00000001008181a5 fp 0x00000003074fffb0 dart::ThreadStart(void*)+0xb5
  pc 0x00007fff20382950 fp 0x00000003074fffd0 _pthread_start+0xe0
  pc 0x00007fff2037e47b fp 0x00000003074ffff0 thread_start+0xf
-- End of DumpStackTrace
[exit     : sp(0) fp(0x3074ff830) pc(0)]
[stub     : sp(0x3074ff840) fp(0x3074ff860) pc(0x10ba02274)]
[dart     : sp(0x3074ff870) fp(0x3074ff898) pc(0x1110a469a) file:///../bug.dart_::_main ]
[dart     : sp(0x3074ff8a8) fp(0x3074ff8c0) pc(0x1110a45d9) file:///../bug.dart_::_main_main ]
[dart     : sp(0x3074ff8d0) fp(0x3074ff918) pc(0x1110a4510) dart:core__Closure@0150898_dyn_call ]
[dart     : sp(0x3074ff928) fp(0x3074ff948) pc(0x1110a34d8) dart:isolate_::__delayEntrypointInvocation@1026248_<anonymous closure> ]
[dart     : sp(0x3074ff958) fp(0x3074ff9a8) pc(0x1110a3243) dart:core__Closure@0150898_dyn_call ]
[dart     : sp(0x3074ff9b8) fp(0x3074ff9e0) pc(0x1110a2bf8) dart:isolate__RawReceivePortImpl@1026248__handleMessage@1026248 ]
[entry    : sp(0x3074ff9f0) fp(0x3074ffa58) pc(0x10ba0265f)]
/Users/rikbellens/tools/flutter/bin/internal/shared.sh: line 224: 56331 Abort trap: 6           "$DART" "$@"

This is the output of dart --version:

Dart SDK version: 2.12.1 (stable) (Wed Mar 10 10:18:47 2021 +0100) on "macos_x64"

[a-siva]

//cc @alexmarkov