[Mono-bugs] [Bug 77470][Nor] New - mono_thread_attach/mono_thread_detach can cause deadlock/segfault on OS X

Fri Feb 3 22:29:27 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by allan at imeem.com.

http://bugzilla.ximian.com/show_bug.cgi?id=77470

--- shadow/77470	2006-02-03 22:29:27.000000000 -0500
+++ shadow/77470.tmp.22116	2006-02-03 22:29:27.000000000 -0500
@@ -0,0 +1,107 @@
+Bug#: 77470
+Product: Mono: Runtime
+Version: 1.1
+OS: 
+OS Details: OS X 10.4.4, at least on PPC G4/G5 machines
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: misc
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: allan at imeem.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: mono_thread_attach/mono_thread_detach can cause deadlock/segfault on OS X
+
+Please fill in this template when reporting a bug, unless you know what you are doing.
+Description of Problem:
+
+Usage of mono_thread_attach() and mono_thread_detach() on OS X can lead to a segfault or 
+deadlock on OS X.
+
+Steps to reproduce the problem:
+1. Run following code:
+
+#include <pthread.h>
+#include <mono/jit/jit.h>
+#include <mono/metadata/metadata.h>
+#include <mono/metadata/debug-helpers.h>
+#include <mono/metadata/object.h>
+#include <mono/metadata/threads.h>
+#include <mono/metadata/appdomain.h>
+
+#define CHUNK_THREADCOUNT 200
+
+static void *thread_function(void *monoDomain) {
+	printf("Attaching thread...\n");
+	MonoThread *monoThread = mono_thread_attach((MonoDomain *)monoDomain);
+	printf("Thread (%p) attached.\n", monoThread);
+
+	//normally, some threaded stuff would happen here.
+	
+	printf("Detaching thread (%p)\n", monoThread);
+	mono_thread_detach(monoThread);
+	printf("Thread (%p) detached.\n", monoThread);
+}
+
+int main(int argc, char *argv[]) {
+	
+	mono_set_defaults(0, mono_parse_default_optimizations(NULL));
+	MonoDomain *monoDomain = mono_jit_init("racy");
+	
+	while(TRUE) {
+		pthread_t threads[CHUNK_THREADCOUNT];
+		int i;
+		
+		for(i = 0; i < CHUNK_THREADCOUNT; i++)
+			pthread_create(threads + i, NULL, thread_function, monoDomain);
+
+		for(i = 0; i < CHUNK_THREADCOUNT; i++)
+			pthread_join(threads[i], NULL);
+	}
+	
+	return(0);
+}
+
+Actual Results:
+Under OS X 10.4.4, program will eventually deadlock or segfault. Sometimes it happens right 
+away, other times it will run for a while before dying.
+
+One example backtrace (Run against Mono SVN checked out on 3 February 2006):
+
+Program received signal EXC_BAD_ACCESS, Could not access memory.
+Reason: KERN_INVALID_ADDRESS at address: 0x007ed000
+[Switching to process 11199 thread 0x1ccf07]
+GC_start_world () at darwin_stop_world.c:444
+444               if (thread == GC_mach_threads[j].thread) {
+(gdb) bt
+#0  GC_start_world () at darwin_stop_world.c:444
+#1  0x003072c8 in GC_stopped_mark (stop_func=0x306d18 <GC_never_stop_func>) at alloc.c:
+579
+#2  0x00307bfc in GC_try_to_collect_inner (stop_func=0x306d18 <GC_never_stop_func>) at 
+alloc.c:386
+#3  0x003083ac in GC_collect_or_expand (needed_blocks=1, ignore_off_page=0) at alloc.c:1046
+#4  0x00308660 in GC_allocobj (sz=256, kind=1) at alloc.c:1126
+#5  0x0030c8dc in GC_generic_malloc_inner (lb=1024, k=1) at malloc.c:136
+#6  0x0030ca24 in GC_generic_malloc (lb=1024, k=1) at malloc.c:192
+#7  0x0030cca8 in GC_malloc (lb=1024) at malloc.c:311
+#8  0x002b49f4 in mono_alloc_static_data (static_data_ptr=0x16b1d60, offset=3) at threads.c:
+2440
+#9  0x002b4bec in thread_adjust_static_data (thread=0x16b1d20) at threads.c:2516
+#10 0x002b2084 in mono_thread_attach (domain=0x73f00) at threads.c:443
+#11 0x0000285c in thread_function ()
+#12 0x9002b200 in _pthread_body ()
+
+Expected Results:
+On ia32 Linux, the sample code seems to run indefinitely.
+
+How often does this happen? 
+Program will always segfault or deadlock.
+
+Additional Information:
+
+On both ia32 Linux and OS X 10.4.4, the sample code causes a lot of warning output as 
+described in Bug #77468.
