[Mono-bugs] [Bug 78093][Maj] New - Class loader race condition

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Wed Apr 12 15:33:17 EDT 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pawel.sakowski at mind-breeze.com.

http://bugzilla.ximian.com/show_bug.cgi?id=78093

--- shadow/78093	2006-04-12 15:33:17.000000000 -0400
+++ shadow/78093.tmp.27662	2006-04-12 15:33:17.000000000 -0400
@@ -0,0 +1,75 @@
+Bug#: 78093
+Product: Mono: Runtime
+Version: 1.1
+OS: GNU/Linux [Other]
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Major
+Component: JIT
+AssignedTo: lupus at ximian.com                            
+ReportedBy: pawel.sakowski at mind-breeze.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Class loader race condition
+
+My server application, put under a simulated load, dies with ~95%
+probability, either by a SIGSEGV or a Mono assertion. The stack trace
+points to the Mono class loader. The problem occurs the moment the requests
+start to come.
+
+Having investigated the issue I'm pretty sure the internal reason for the
+crash is a race condition on initialization of a class which hasn't been
+used before and is suddenly accessed almost simultanously by >=2 threads. A
+preliminary inspection of the Mono code responsible for loading new classes
+shows that it badly needs some locking: there's little protection from
+concurrent initialization, or using a partly-initialized class.
+
+I haven't been able to extact a small reproducible test case.
+
+The following patch fixes the symptoms of the problem in case of my
+application. Probably the loading code is mutexed for longer than
+absolutely necessary, but the performance hit should be negligible (it
+matters only on SMP machines, and the code is anyway normally only used in
+the initial phase of process lifetime).
+
+A typical stack trace:
+
+(gdb) bt
+#0  0x009117a2 in _dl_sysinfo_int80 () from /lib/ld-linux.so.2
+#1  0x009517d5 in raise () from /lib/tls/libc.so.6
+#2  0x00953149 in abort () from /lib/tls/libc.so.6
+#3  0x0012cebe in g_logv () from /usr/lib/libglib-2.0.so.0
+#4  0x0012cef0 in g_log () from /usr/lib/libglib-2.0.so.0
+#5  0x0033b1e0 in mono_class_init (class=0x0) at class.c:2092
+#6  0x0033bd34 in collect_implemented_interfaces_aux (klass=0xa17006c0,
+res=0xa1a3d3e0) at class.c:1424
+#7  0x0033bd88 in mono_class_get_implemented_interfaces (klass=0x0) at
+class.c:1435
+#8  0x0033f44f in mono_class_setup_vtable_general (class=0xa17006c0,
+overrides=0x9f1d7e8, onum=22) at class.c:1685
+#9  0x00340a0b in mono_class_setup_vtable (class=0xa17006c0) at class.c:1658
+#10 0x0033b200 in mono_class_init (class=0xa17006c0) at class.c:2306
+#11 0x0033697d in method_from_memberref (image=0x9b558c0, idx=Variable
+"idx" is not available.
+) at loader.c:536
+#12 0x003370a8 in mono_get_method_from_token (image=0x9b558c0,
+token=167772248, klass=0x0, context=0x0) at loader.c:1107
+#13 0x00337988 in mono_get_method_full (image=0x9b558c0, token=167772248,
+klass=0x0, context=0x0) at loader.c:1216
+#14 0x00256c45 in mono_method_to_ir (cfg=0xa1702d28, method=0x9ba6b90,
+start_bblock=0xa1703920, end_bblock=0xa17039c0, locals_offset=9,
+    return_var=0x0, dont_inline=0x9d124c0, inline_args=0x0,
+inline_offset=0, is_virtual_call=0) at mini.c:3242
+#15 0x002688c6 in mini_method_compile (method=0x9ba6b90, opts=1141131,
+domain=0x21f00, run_cctors=0, compile_aot=0, parts=0) at mini.c:9275
+#16 0x002490db in mono_jit_compile_method_with_opt (method=0x9ba6b90,
+opt=Variable "opt" is not available.
+) at mini.c:9659
+#17 0x002d3064 in mono_compile_method (method=0x0) at object.c:405
+#18 0x002a4d65 in mono_magic_trampoline (regs=0x0, code=0x1dc4c0
+"\203Ä,\213Eè\215eô^_[ÉÃhE\n", m=0x9ba6b90, tramp=0x0) at mini-trampolines.c:27
+#19 0x0017c032 in ?? ()

More information about the mono-bugs mailing list