getTypeOf{Member,}Reference() needs to erase DynamicSelfType in all positions

[tayloraswift]

Description

compiler segfaults when compiling this actor pattern, which uses Self instead of A:

Reproduction

final class A
{
    static
    func _run(with body:(Self) -> ())
    {
    }
}
func f()
{
    A._run { _ in }
}

Stack dump

error: compile command failed due to signal 11 (use -v to see invocation)
Please submit a bug report (https://swift.org/contributing/#reporting-bugs) and include the crash backtrace.
Stack dump:
0.      Program arguments: /usr/bin/swift-frontend -frontend -c -primary-file crash2.swift -target x86_64-unknown-linux-gnu -disable-objc-interop -color-diagnostics -new-driver-path /usr/bin/swift-driver -empty-abi-descriptor -resource-dir /usr/lib/swift -module-name crash2 -plugin-path /usr/lib/swift/host/plugins -plugin-path /usr/local/lib/swift/host/plugins -o /tmp/TemporaryDirectory.6OZwMw/crash2-1.o
1.      Swift version 5.10 (swift-5.10-RELEASE)
2.      Compiling with the current language version
3.      While evaluating request ASTLoweringRequest(Lowering AST to SIL for file "crash2.swift")
4.      While silgen emitFunction SIL function "@$s6crash21fyyF".
 for 'f()' (at crash2.swift:8:1)
Stack dump without symbol names (ensure you have llvm-symbolizer in your PATH or set the environment var `LLVM_SYMBOLIZER_PATH` to point to it):
/usr/bin/swift-frontend(+0x61bbee3)[0x64cfd81e5ee3]
/usr/bin/swift-frontend(+0x61b9e9e)[0x64cfd81e3e9e]
/usr/bin/swift-frontend(+0x61bc25a)[0x64cfd81e625a]
/lib64/libc.so.6(+0x54dd0)[0x78a146bb1dd0]
/usr/bin/swift-frontend(+0x1a111fb)[0x64cfd3a3b1fb]
/usr/bin/swift-frontend(+0x102e813)[0x64cfd3058813]
/usr/bin/swift-frontend(+0x12b6f9e)[0x64cfd32e0f9e]
/usr/bin/swift-frontend(+0x12b912b)[0x64cfd32e312b]
/usr/bin/swift-frontend(+0x12afe92)[0x64cfd32d9e92]
/usr/bin/swift-frontend(+0x129f812)[0x64cfd32c9812]
/usr/bin/swift-frontend(+0x1295ab9)[0x64cfd32bfab9]
/usr/bin/swift-frontend(+0x13431a2)[0x64cfd336d1a2]
/usr/bin/swift-frontend(+0x1332993)[0x64cfd335c993]
/usr/bin/swift-frontend(+0x1342120)[0x64cfd336c120]
/usr/bin/swift-frontend(+0x134d6a2)[0x64cfd33776a2]
/usr/bin/swift-frontend(+0x134d0b7)[0x64cfd33770b7]
/usr/bin/swift-frontend(+0x1336807)[0x64cfd3360807]
/usr/bin/swift-frontend(+0x1334aab)[0x64cfd335eaab]
/usr/bin/swift-frontend(+0x129f871)[0x64cfd32c9871]
/usr/bin/swift-frontend(+0x129607c)[0x64cfd32c007c]
/usr/bin/swift-frontend(+0x130a45e)[0x64cfd333445e]
/usr/bin/swift-frontend(+0x13091ed)[0x64cfd33331ed]
/usr/bin/swift-frontend(+0x12b955f)[0x64cfd32e355f]
/usr/bin/swift-frontend(+0x125a24a)[0x64cfd328424a]
/usr/bin/swift-frontend(+0x125a7c3)[0x64cfd32847c3]
/usr/bin/swift-frontend(+0x125875a)[0x64cfd328275a]
/usr/bin/swift-frontend(+0x125d427)[0x64cfd3287427]
/usr/bin/swift-frontend(+0x1308cb4)[0x64cfd3332cb4]
/usr/bin/swift-frontend(+0x1308bc9)[0x64cfd3332bc9]
/usr/bin/swift-frontend(+0x125fd4a)[0x64cfd3289d4a]
/usr/bin/swift-frontend(+0x125def6)[0x64cfd3287ef6]
/usr/bin/swift-frontend(+0xc624ea)[0x64cfd2c8c4ea]
/usr/bin/swift-frontend(+0xc65a39)[0x64cfd2c8fa39]
/usr/bin/swift-frontend(+0xc644fd)[0x64cfd2c8e4fd]
/usr/bin/swift-frontend(+0xafd840)[0x64cfd2b27840]
/lib64/libc.so.6(+0x3feb0)[0x78a146b9ceb0]
/lib64/libc.so.6(__libc_start_main+0x80)[0x78a146b9cf60]
/usr/bin/swift-frontend(+0xafc975)[0x64cfd2b26975]

*** Signal 11: Backtracing from 0x64cfd3a3b1fb... done ***

*** Program crashed: Bad pointer dereference at 0x0000000000000028 ***

Thread 0 "swift-frontend" crashed:

0  0x000064cfd3a3b1fb swift::MetatypeInst::create(swift::SILDebugLocation, swift::SILType, swift::SILFunction*) + 459 in swift-frontend


Registers:

rax 0x000064cfdc949c48  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ················
rdx 0x000064cfdc949bf0  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ················
rcx 0x0000000000000000  0
rbx 0x0000000000000028  40
rsi 0x000064cfdc949c18  48 26 c6 da cf 64 00 00 ff ff ff ff ff ff ff ff  H&ÆÚÏd··ÿÿÿÿÿÿÿÿ
rdi 0x0000000000000000  0
rbp 0x0000000000000008  8
rsp 0x00007ffc12363650  d0 04 67 dc cf 64 00 00 e8 6c 94 dc cf 64 00 00  зgÜÏd··èl·ÜÏd··
 r8 0x00007ffc12363678  00 00 00 00 00 00 00 00 52 68 8f dc cf 64 00 00  ········Rh·ÜÏd··
 r9 0x0000000000000000  0
r10 0x000064cfdc949e00  30 01 00 00 00 00 00 00 10 0a 00 00 00 00 00 00  0···············
r11 0x000078a146d56c60  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ················
r12 0x000064cfdc8f6852  00 00 00 00 00 00 58 6c 90 dc cf 64 00 00 00 00  ······Xl·ÜÏd····
r13 0x000064cfdc94ab18  4c 66 8f dc cf 64 00 00 09 00 00 00 00 00 00 00  Lf·ÜÏd··········
r14 0x00007ffc12363678  00 00 00 00 00 00 00 00 52 68 8f dc cf 64 00 00  ········Rh·ÜÏd··
r15 0x00007ffc12363629  6c 94 dc cf 64 00 00 80 a9 94 dc cf 64 00 00 51  l·ÜÏd···©·ÜÏd··Q
rip 0x000064cfd3a3b1fb  48 8b 76 28 48 89 70 08 48 85 f6 74 c8 48 8d 78  H·v(H·p·H·ötÈH·x

rflags 0x0000000000010246  ZF PF

cs 0x0033  fs 0x0000  gs 0x0000


Images (26 omitted):

0x000064cfd202a000–0x000064cfd8da8800 <no build ID> swift-frontend /usr/bin/swift-frontend

Backtrace took 0.16s

error: fatalError

Expected behavior

it should not crash, and ideally suggest A as a fixit. or just treat final classes and actors the same way that non class-constrained are.

Environment

Swift version 5.10 (swift-5.10-RELEASE)
Target: x86_64-unknown-linux-gnu

Additional information

also crashes on main

[slavapestov]

with asserts:

Assertion failed: (hasDynamicSelfMetadata() && "This method can only be called if the " "SILFunction has a self-metadata parameter"), function getDynamicSelfMetadata, file SILFunction.h, line 1623.
Please submit a bug report (https://swift.org/contributing/#reporting-bugs) and include the crash backtrace.
Stack dump:
0.	Program arguments: /Users/slava/src/build/Ninja-RelWithDebInfoAssert/swift-macosx-arm64/bin/swift-frontend -frontend -c -primary-file /Users/slava/src/swift/self.swift -target arm64-apple-macosx15.0 -Xllvm -aarch64-use-tbi -enable-objc-interop -color-diagnostics -empty-abi-descriptor -Xcc -working-directory -Xcc /Users/slava/src/swift -resource-dir /Users/slava/src/build/Ninja-RelWithDebInfoAssert/swift-macosx-arm64/lib/swift -module-name self -plugin-path /Users/slava/src/build/Ninja-RelWithDebInfoAssert/swift-macosx-arm64/lib/swift/host/plugins -plugin-path /Users/slava/src/build/Ninja-RelWithDebInfoAssert/swift-macosx-arm64/local/lib/swift/host/plugins -o /var/folders/qn/b1yvkm_x0ml3hphs428lmyx40000gn/T/TemporaryDirectory.OD8e21/self-1.o
1.	Swift version 6.0-dev (LLVM d5c188027e398b3, Swift 551150474e658e3)
2.	Compiling with effective version 5.10
3.	While evaluating request ASTLoweringRequest(Lowering AST to SIL for file "/Users/slava/src/swift/self.swift")
4.	While silgen emitFunction SIL function "@$s4self1fyyF".

-dump-ast shows the problem:

  (func_decl range=[/Users/slava/src/swift/self.swift:8:1 - line:11:1] "f()" interface type="() -> ()" access=internal
    (parameter_list range=[/Users/slava/src/swift/self.swift:8:7 - line:8:8])
    (brace_stmt range=[/Users/slava/src/swift/self.swift:9:1 - line:11:1]
      (call_expr type="()" location=/Users/slava/src/swift/self.swift:10:7 range=[/Users/slava/src/swift/self.swift:10:5 - line:10:19] nothrow isolation_crossing="none"
        (dot_syntax_call_expr type="((Self) -> ()) -> ()" location=/Users/slava/src/swift/self.swift:10:7 range=[/Users/slava/src/swift/self.swift:10:5 - line:10:7] nothrow isolation_crossing="none"
          (declref_expr type="(A.Type) -> ((Self) -> ()) -> ()" location=/Users/slava/src/swift/self.swift:10:7 range=[/Users/slava/src/swift/self.swift:10:7 - line:10:7] decl="self.(file).A._run(with:)@/Users/slava/src/swift/self.swift:4:10" function_ref=single)
          (argument_list implicit
            (argument
              (type_expr type="A.Type" location=/Users/slava/src/swift/self.swift:10:5 range=[/Users/slava/src/swift/self.swift:10:5 - line:10:5] typerepr="A"))))
        (argument_list labels="with:"
          (argument label="with"
            (closure_expr type="(Self) -> ()" location=/Users/slava/src/swift/self.swift:10:12 range=[/Users/slava/src/swift/self.swift:10:12 - line:10:19] discriminator=0 nonisolated captures=(<dynamic_self> )
              (parameter_list range=[/Users/slava/src/swift/self.swift:10:14 - line:10:14]
                (parameter <anonymous @ 0x14a8487c8> interface type="Self"))
              (brace_stmt range=[/Users/slava/src/swift/self.swift:10:12 - line:10:19]))))))))

The dynamic Self type "leaks out" into the types of expressions inside f(), which subsequently causes a crash in SILGen because we're referencing the dynamic Self type outside of a class method.

ConstraintSystem::getTypeOfReference() needs to erase DynamicSelfType everywhere, and not just in return position. This logic has been broken for years, and I'd like to clean it up soon.