[Mono-bugs] [Bug 77429][Wis] New - mono_thread_attach and mono_thread_detach do not seem to be threadsafe.

Tue Jan 31 21:44:32 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by allan at imeem.com.

http://bugzilla.ximian.com/show_bug.cgi?id=77429

--- shadow/77429	2006-01-31 21:44:32.000000000 -0500
+++ shadow/77429.tmp.21512	2006-01-31 21:44:32.000000000 -0500
@@ -0,0 +1,143 @@
+Bug#: 77429
+Product: Mono: Runtime
+Version: 1.1
+OS: All
+OS Details: OS X 10.4.4, x86 Linux 2.6.9
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Wishlist
+Component: misc
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: allan at imeem.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: mono_thread_attach and mono_thread_detach do not seem to be threadsafe.
+
+Please fill in this template when reporting a bug, unless you know what you are doing.
+Description of Problem:
+
+mono_thread_attach and mono_thread_detach do not seem to be threadsafe.
+
+Steps to reproduce the problem:
+1. Run this code.
+(tarball with build.sh of same file at http://www.blargle.com/~allan/racy.tar.bz2 )
+Compiles with: gcc -o racy racy.c `pkg-config --cflags --libs mono`
+Something bad will happen eventually. 
+
+#include <pthread.h>
+#include <mono/jit/jit.h>
+#include <mono/metadata/metadata.h>
+#include <mono/metadata/debug-helpers.h>
+#include <mono/metadata/object.h>
+#include <mono/metadata/threads.h>
+#include <mono/metadata/appdomain.h>
+
+#define CHUNK_THREADCOUNT 64
+
+static void *thread_function(void *monoDomain) {
+	printf("Attaching thread...\n");
+	MonoThread *monoThread = mono_thread_attach((MonoDomain *)monoDomain);
+	printf("Thread (%p) attached.\n", monoThread);
+
+	//normally, some threaded stuff would happen here.
+	
+	printf("Detaching thread (%p)\n", monoThread);
+	mono_thread_detach(monoThread);
+	printf("Thread (%p) detached.\n", monoThread);
+}
+
+int main(int argc, char *argv[]) {
+	
+	mono_set_defaults(0, mono_parse_default_optimizations(NULL));
+	MonoDomain *monoDomain = mono_jit_init("racy");
+	
+	while(TRUE) {
+		pthread_t threads[CHUNK_THREADCOUNT];
+		int i;
+		
+		for(i = 0; i < CHUNK_THREADCOUNT; i++)
+			pthread_create(threads + i, NULL, thread_function, monoDomain);
+
+		for(i = 0; i < CHUNK_THREADCOUNT; i++)
+			pthread_join(threads[i], NULL);
+	}
+	
+	return(0);
+}
+
+Actual Results:
+
+On OS X 10.4.4:
+lots of output like this:
+** (process:26186): WARNING **: _wapi_handle_unref: Attempting to unref unused handle 0x150
+
+This is a backtrace of what causes the g_log output:
+#0  0x006e8688 in g_log ()
+#1  0x00317130 in _wapi_handle_unref (handle=0x2863) at handles.c:827
+#2  0x00317c18 in CloseHandle (handle=0x2863) at handles.c:1040
+#3  0x00309d74 in ves_icall_System_Threading_Thread_Thread_free_internal (this=0x0, 
+thread=0x10) at threads.c:555
+#4  0x00064c58 in ?? ()
+#5  0x00064968 in ?? ()
+#6  0x0006458c in ?? ()
+#7  0x0022f334 in mono_jit_runtime_invoke (method=0x111c6c0, obj=0xe4870, params=0x0, 
+exc=0xf0103c90) at mini.c:9863
+#8  0x002e5b9c in mono_runtime_invoke (method=0x0, obj=0x10, params=0x382300, 
+exc=0x3822ec) at object.c:1346
+#9  0x002b446c in run_finalize (obj=0xe4870, data=0x0) at gc.c:102
+#10 0x00343920 in GC_invoke_finalizers ()
+#11 0x002b5300 in finalizer_thread (unused=0x0) at gc.c:778
+#12 0x003097c8 in start_wrapper (data=0x0) at threads.c:305
+#13 0x0032a360 in timed_thread_start_routine (args=0x1120a40) at timed-thread.c:134
+#14 0x9002b200 in _pthread_body ()
+
+Eventually, a segfault or a deadlock will happen. Deadlock/segfault will happen faster if 
+CHUNK_THREADCOUNT is increased to 200 or so.
+
+This is a backtrace of one of the segfaults:
+#0  0x0033f6d0 in GC_suspend_thread_list ()
+#1  0x0033f944 in GC_stop_world ()
+#2  0x0033cf40 in GC_stopped_mark ()
+#3  0x0033cb78 in GC_try_to_collect_inner ()
+#4  0x0033e2e0 in GC_collect_or_expand ()
+#5  0x0033e668 in GC_allocobj ()
+#6  0x00345878 in GC_generic_malloc_inner ()
+#7  0x00350e34 in GC_new_thread ()
+#8  0x00351834 in GC_start_routine_head ()
+#9  0x003519bc in GC_thread_register_foreign ()
+#10 0x0029f96c in mono_gc_register_thread (baseptr=0xf25cce08) at boehm-gc.c:75
+#11 0x00309a10 in mono_thread_attach (domain=0x4df00) at threads.c:407
+#12 0x000028a8 in thread_function ()
+#13 0x9002b200 in _pthread_body ()
+
+On Linux:
+A few iterations of logging output and then Mono will segfault.
+Segfault backtrace:
+#0  0x00d1c890 in pthread_kill () from /lib/tls/libpthread.so.0
+#1  0x005726e5 in GC_suspend_all () from /usr/lib/libmono.so.0
+#2  0x00572729 in GC_suspend_all () from /usr/lib/libmono.so.0
+#3  0x005728d7 in GC_stop_world () from /usr/lib/libmono.so.0
+#4  0x00562311 in GC_stopped_mark () from /usr/lib/libmono.so.0
+#5  0x00561f94 in GC_try_to_collect_inner () from /usr/lib/libmono.so.0
+#6  0x005630d3 in GC_collect_or_expand () from /usr/lib/libmono.so.0
+#7  0x00563316 in GC_allocobj () from /usr/lib/libmono.so.0
+#8  0x00567ab1 in GC_generic_malloc_inner () from /usr/lib/libmono.so.0
+#9  0x00571357 in GC_new_thread () from /usr/lib/libmono.so.0
+#10 0x00571c58 in GC_start_routine_head () from /usr/lib/libmono.so.0
+#11 0x00571daa in GC_thread_register_foreign () from /usr/lib/libmono.so.0
+#12 0x004f0e3b in mono_gc_register_thread () from /usr/lib/libmono.so.0
+#13 0x0050725f in mono_thread_attach () from /usr/lib/libmono.so.0
+#14 0x080487f1 in thread_function ()
+#15 0x00d19341 in start_thread () from /lib/tls/libpthread.so.0
+#16 0x00c846fe in clone () from /lib/tls/libc.so.6
+
+Expected Results:
+Program should spew logging output until killed.
+
+How often does this happen? 
+Eventually, this program will cause something bad to happen.
+
+Additional Information:
