[Mono-bugs] [Bug 77893][Nor] New - SSA PRE corrupts memory on Array.Sort

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Fri Mar 24 04:20:32 EST 2006 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by pawel.sakowski at mind-breeze.com.

http://bugzilla.ximian.com/show_bug.cgi?id=77893

--- shadow/77893	2006-03-24 04:20:32.000000000 -0500
+++ shadow/77893.tmp.18468	2006-03-24 04:20:32.000000000 -0500
@@ -0,0 +1,91 @@
+Bug#: 77893
+Product: Mono: Runtime
+Version: 1.1
+OS: GNU/Linux [Other]
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: misc
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: pawel.sakowski at mind-breeze.com               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: SSA PRE corrupts memory on Array.Sort
+
+Description of Problem:
+Enabling -O=ssapre makes certain invocations of Array.Sort corrupt the
+memory. The corruption (depending on the exact data structure and data
+being sorted) varies from zeroing the memory out to changing types of
+reference objects.
+
+Steps to reproduce the problem:
+1. Compile with gmcs:
+using System;
+using System.Collections.Generic;
+
+public struct S1 {
+  public S2 s2;
+  public bool b;
+}
+public struct S2 {
+  public long n;
+  public uint m;
+}
+
+class Sorter: IComparer<S1>
+{
+  public int Compare(S1 x, S1 y)
+  {
+    return x.s2.n.CompareTo(y.s2.n);
+  }
+}
+
+class Test
+{
+  static void Main()
+  {
+    int count=3;
+    S1[] array = new S1[3];
+    for(int i=0; i<count; i++) {
+      array[i].s2.n=111*i+222;
+    }
+    Array.Sort(array,new Sorter());
+    for (int i=0; i<count; i++) {
+      Console.WriteLine("D,"+array[i].s2.n);
+    }
+  }
+}
+
+2. mono -O=ssapre foo.exe
+
+Actual Results:
+D,222
+D,0
+D,444
+
+Expected Results:
+D,222
+D,333
+D,444
+
+How often does this happen? 
+100%
+
+Additional information:
+In a more complex code I also witnessed that after sorting:
+
+struct S {
+  [...]
+  string field1;
+  [...]
+  KeyValueList field2; // KeyValueList being a custom class
+}
+
+field1.Length returned (reproducibly) a negative value and field1.GetType()
+returned KeyValueList. I wasn't able to produce a small test case to
+demonstrate this behavior. However, I suspect it is a simptom of the same
+bug as in the test case above.

More information about the mono-bugs mailing list