Hi,
We began to get this new crash in codes that exist years ago from our recent released version, it crashed after a view removed itself from superview.
We tried to look at the assembly code of NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex, find out that d0 <= 0 would branch to NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex.cold.1.
We believe that it's related with Autolayout, but setting a negative value for width or height constraints can't reproduce this crash.
Here is the crash log
Exception Type: NSInternalInconsistencyException Invalid parameter not satisfying: placeValue > 0
Exception Codes: fault addr: (null)
Crashed Thread: 0
0 CoreFoundation ___exceptionPreprocess + 164
1 libobjc.A.dylib _objc_exception_throw + 88
2 Foundation -[NSMutableDictionary(NSMutableDictionary) initWithContentsOfFile:] + 0
3 CoreAutoLayout NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex.cold.1 + 100
4 CoreAutoLayout _NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex + 848
5 CoreAutoLayout _NSISSparseVectorAddVectorTimesScalar + 72
6 CoreAutoLayout -[NSISObjectiveLinearExpression replaceVar:withExpression:processVarNewToReceiver:processVarDroppedFromReceiver:] + 200
7 CoreAutoLayout ____substituteOutAllOccurencesOfBodyVar_block_invoke + 504
8 CoreAutoLayout __substituteOutAllOccurencesOfBodyVar + 340
9 CoreAutoLayout __pivotToMakeColNewHeadOfRow + 960
10 CoreAutoLayout -[NSISEngine removeConstraintWithMarker:] + 748
11 CoreAutoLayout -[NSLayoutConstraint _removeFromEngine:] + 140
12 UIKitCore ___57-[UIView(AdditionalLayoutSupport) _switchToLayoutEngine:]_block_invoke + 164
13 CoreAutoLayout -[NSISEngine withBehaviors:performModifications:] + 84
14 UIKitCore -[UIView(AdditionalLayoutSupport) _switchToLayoutEngine:] + 212
15 UIKitCore ___57-[UIView(AdditionalLayoutSupport) _switchToLayoutEngine:]_block_invoke_2 + 148
16 UIKitCore ___57-[UIView(AdditionalLayoutSupport) _switchToLayoutEngine:]_block_invoke + 544
17 CoreAutoLayout -[NSISEngine withBehaviors:performModifications:] + 84
18 UIKitCore -[UIView(AdditionalLayoutSupport) _switchToLayoutEngine:] + 212
19 UIKitCore ___45-[UIView(Hierarchy) _postMovedFromSuperview:]_block_invoke + 84
20 CoreAutoLayout -[NSISEngine withBehaviors:performModifications:] + 84
21 UIKitCore -[UIView _postMovedFromSuperview:] + 512
22 UIKitCore ___UIViewWasRemovedFromSuperview + 136
23 UIKitCore -[UIView(Hierarchy) removeFromSuperview] + 244
Assembly of NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex
CoreAutoLayout`NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex:
-> 0x1ec1a2124 <+0>: pacibsp
0x1ec1a2128 <+4>: stp d11, d10, [sp, #-0x60]!
0x1ec1a212c <+8>: stp d9, d8, [sp, #0x10]
0x1ec1a2130 <+12>: stp x24, x23, [sp, #0x20]
0x1ec1a2134 <+16>: stp x22, x21, [sp, #0x30]
0x1ec1a2138 <+20>: stp x20, x19, [sp, #0x40]
0x1ec1a213c <+24>: stp x29, x30, [sp, #0x50]
0x1ec1a2140 <+28>: add x29, sp, #0x50
0x1ec1a2144 <+32>: mov x19, x1
0x1ec1a2148 <+36>: fmov d9, d2
0x1ec1a214c <+40>: fmov d10, d1
0x1ec1a2150 <+44>: fmov d8, d0
0x1ec1a2154 <+48>: mov x20, x0
0x1ec1a2158 <+52>: fcmp d0, #0.0
0x1ec1a215c <+56>: b.le 0x1ec1a2470 ; <+844>
0x1ec1a2160 <+60>: fcmp d10, #0.0
0x1ec1a2164 <+64>: adrp x8, 112778
....
0x1ec1a2468 <+836>: ldp d11, d10, [sp], #0x60
0x1ec1a246c <+840>: retab
0x1ec1a2470 <+844>: bl 0x1ec1cac18 ; NSISSparseVectorAddTermWithPlaceValueCoefficientStartingIndex.cold.1
0x1ec1a2474 <+848>: b 0x1ec1a2160 ; <+60>