Dart on Apple M1 (arm64) doesn't call pthread_jit_write_protect_np when writing to executable memory

[knopp]

This results in immediate segfault when running on Apple M1. Relevant documention from Apple:

https://developer.apple.com/documentation/apple-silicon/porting-just-in-time-compilers-to-apple-silicon

Related to: #42773

This tracker is for issues related to:

• Dart VM

[knopp]

Some background: Flutter engine can now cross compile to darwin-arm64 and with some changes flutter tool can assemble darwin-arm64 assets. Release (AOT) build works as expected on M1, JIT crashes when writing to executable memory.

[knopp]

Something to keep in mind when implementing this: pthread_jit_write_protect_np does not have a sane initial value.

[mraleph]

@knopp if you read the whole issue then it apparently does have a reasonable default and the issue was a misunderstanding: https://github.com/dotnet/runtime/pull/51135/files

[knopp]

My bad, I must have overlooked it. Never mind then.

[rmacnak-google]

FWIW, I have built the standalone VM for ARM64 and successfully run both JIT and AOT on an M1, so I suspect there is some Flutter-specific issue.

[knopp]

@rmacnak-google, weird - that shouldn't be possible according to Apple documentation. You shouldn't be able to write into MAP_JIT pages without calling pthread_jit_write_protect_np(0) first. I don't suppose you have System Integrity Protection disabled? (not even sure that matters here)

[mraleph]

I think this code in the engine which disables code write protection is to blame. Dart VM by default already flips code regions between RW and RX modes so that a memory region is never R and X at the same time (alternatively we use dual mapping to achieve the same on platforms where this is possible). That explains, why standalone VM works just fine. Flutter Engine disables this mode to avoid performance issues associated with it (unclear if this issues are relevant in development though), but as a result it uses VM in the mode where code pages are RWX and consequently we hit Mac OS X new protections.

[knopp]

@mraleph, you're right! Thanks. It seems that mprotect with right flags does the job. So I guess this issue can be closed and it is indeed a flutter problem.

[eseidelGoogle]

Is there a link to the Flutter issue? :)

[knopp]

Here: flutter/flutter#81208 (with a PR)