runtime: Crash on macOS related to code signing and third-party JIT compilation

Description

Our .NET library hosts the V8 JavaScript engine – a native component that performs JIT compilation.

On macOS, .NET code that consumes our library works correctly when run as an application, (dotnet run), but crashes when run from the test host (dotnet test) or as a tool (dotnet tool run).

The crash occurs when V8 jumps into its JIT-compiled code. According to the Console application, the exception type is “EXC_CRASH (SIGKILL (Code Signature Invalid))”. The native library that hosts V8 is signed with an official Microsoft signature.

This affects arm64 (M1) hardware, and possibly x64 in some scenarios. It does not affect Linux or Windows.

This issue was reported for our project here and here.

Reproduction Steps

Andrey Taritsyn has provided a minimal sample. Here are his instructions:

  • Clone a repository.
    • mkdir TemporaryProjects && cd TemporaryProjects
    • git clone https://github.com/Taritsyn/ClearScriptV8Tester.DotNetTool
  • Build a NuGet package.
    • cd ClearScriptV8Tester.DotNetTool
    • dotnet pack
  • Install and run a tool locally.
    • cd ..
    • mkdir TestDotNetTool && cd TestDotNetTool
    • dotnet new tool-manifest
    • dotnet tool install ClearScriptV8Tester.DotNetTool --add-source ../ClearScriptV8Tester.DotNetTool/nupkg
    • dotnet tool run clearscript-v8-tester

Expected behavior

The tool should print out “Number of iterations: 999999” in green characters.

Actual behavior

The tool crashes abruptly.

Regression?

We’ve only reproduced this issue on arm64 (M1) hardware, so it appears to be new in .NET 6. Our tests on x64 and Rosetta did not crash with .NET 6 or .NET 5, but some users are reporting that the issue affects .NET 6 on x64.

Known Workarounds

In a different scenario (see this issue), we were able to eliminate the crash by overwriting the official Microsoft code signature with the ad hoc linker signature as follows:

codesign --sign - --options linker-signed --force ClearScriptV8.osx-arm64.dylib

Configuration

We’ve confirmed the crash with .NET 6 in macOS 12.1 on the arm64 (M1) architecture.

Other information

Our coded tests are not affected by this issue, apparently because they test only locally built, unsigned (or linker-signed) libraries.

About this issue

  • Original URL
  • State: closed
  • Created 2 years ago
  • Comments: 36 (23 by maintainers)

Most upvoted comments

Ha! I updated to 6.0.1 and now it doesn’t work. So something must have regressed

+2
agocke on Jan 22, 2022

Hi @MarcoRossignoli,

To confirm that can you append --diag:log to the test command?

Will do. BTW, does that not work with dotnet tool run?

+1
ClearScriptLib on Jan 20, 2022
Read more comments on GitHub
← runtime: Crash in some tvOS test suite runs
runtime: Crash on using Expression.Compile() in a release mode (iOS). →