[Mono-bugs] [Bug 561797] New: Simple program with a loop crashes the runtime.

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Dec 8 22:09:55 EST 2009


http://bugzilla.novell.com/show_bug.cgi?id=561797

http://bugzilla.novell.com/show_bug.cgi?id=561797#c0


           Summary: Simple program with a loop crashes the runtime.
    Classification: Mono
           Product: Mono: Runtime
           Version: SVN
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: JIT
        AssignedTo: lupus at novell.com
        ReportedBy: miguel at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


Created an attachment (id=331681)
 --> (http://bugzilla.novell.com/attachment.cgi?id=331681)
Sample file that crashes the runtime

The following program crashes the runtime, from the csharp command:

csharp> var continuing = true; do { for (; ; ){} } while (continuing);

The stack trace is at the end;   I have a much longer sample that oscillates
between crashing the runtime or if you try to make a smaller test case produces
a verifier error.

Program received signal SIGSEGV, Segmentation fault.
mono_class_setup_fields (klass=<value optimized out>) at class.c:1141
1141        MonoClass *gtd = class->generic_class ?
mono_class_get_generic_type_definition (class) : NULL;
(gdb) where
#0  0x00000000004dee9e in mono_class_setup_fields (klass=<value optimized out>)
#1  0x00000000004df611 in mono_class_setup_fields_locking
(class="System.Object") at class.c:1350
#2  0x00000000004df66a in mono_class_get_fields (klass="System.Object",
iter=<value optimized out>) at class.c:7031
#3  0x000000000057e9a3 in compute_class_bitmap (class=<value optimized out>,
bitmap=0x7fffffffd110, size=<value optimized out>, offset=0,
max_set=0x7fffffffd13c, static_fields=0)
    at object.c:637
#4  0x000000000057f954 in mono_class_compute_gc_descriptor
(class="System.InvalidProgramException") at object.c:942
#5  0x000000000057fcfd in mono_class_create_runtime_vtable
(raise_on_error=<value optimized out>, class=<value optimized out>,
domain=<value optimized out>) at object.c:1831
#6  mono_class_vtable_full (raise_on_error=<value optimized out>, class=<value
optimized out>, domain=<value optimized out>) at object.c:1713
#7  0x0000000000582e19 in mono_object_new (domain=0x943c70, klass=Traceback
(most recent call last):
  File "/mono/bin/mono-gdb.py", line 165, in to_string
    class_name = stringify_class_name (klass ["name_space"].string (), klass
["name"].string ())
RuntimeError: Cannot access memory at address 0x49
) at object.c:4013
#8  0x000000000051b53a in mono_exception_from_name_domain
(domain=0x7ffff7e80db0, image=0x943e80, name_space=0x5d08b7 "System",
name=0x5d08eb "InvalidProgramException") at exception.c:59
#9  0x000000000051b8ae in mono_exception_from_name_msg (image=0x943c70,
name_space=0x1 <Address 0x1 out of bounds>, name=0x0, msg=0xb <Address 0xb out
of bounds>) at exception.c:176
#10 0x000000000041fb0a in mono_jit_compile_method_inner (jit_ex=<value
optimized out>, opt=<value optimized out>, target_domain=<value optimized out>,
method="Class0:Host ()")
    at mini.c:4189
#11 mono_jit_compile_method_with_opt (jit_ex=<value optimized out>, opt=<value
optimized out>, target_domain=<value optimized out>, method="Class0:Host ()")
at mini.c:4345
#12 0x000000000041ffed in mono_jit_compile_method (method=Traceback (most
recent call last):
  File "/mono/bin/mono-gdb.py", line 151, in to_string
    return "\"%s:%s ()\"" % (class_name, val ["name"].string ())
RuntimeError: Error reading string from inferior: Input/output error
) at mini.c:4370
#13 0x000000000048bac8 in mono_delegate_trampoline (regs=<value optimized out>,
code=<value optimized out>, tramp_data=<value optimized out>, tramp=<value
optimized out>)
    at mini-trampolines.c:852
#14 0x0000000040003058 in <generic_trampoline> ()
#15 0x0000000040047215 in ?? ()
#16 0x00007fffffffd6bf in ?? ()
#17 0x00007fffffffd6b0 in ?? ()
#18 0x0000000000000000 in ?? ()

The larger sample is attached and produces the following stack trace:


Program received signal SIGSEGV, Segmentation fault.
link_bblock (cfg=0x9ce640, from=0xa003e8, to=0x121) at method-to-ir.c:426
426        for (i = 0; i < to->in_count; ++i) {
(gdb) where
#0  link_bblock (cfg=0x9ce640, from=0xa003e8, to=0x121) at method-to-ir.c:426
#1  0x0000000000439d25 in mono_method_to_ir (cfg=0x9ce640, method=<value
optimized out>, start_bblock=<value optimized out>, end_bblock=<value optimized
out>, 
    return_var=<value optimized out>, dont_inline=<value optimized out>,
inline_args=0x0, inline_offset=0, is_virtual_call=0) at method-to-ir.c:6917
#2  0x000000000041e00f in mini_method_compile
(method="Langue.Interpreter:Evaluate ()", opts=<value optimized out>,
domain=<value optimized out>, run_cctors=<value optimized out>, 
    compile_aot=<value optimized out>, parts=<value optimized out>) at
mini.c:3418
#3  0x000000000041f672 in mono_jit_compile_method_inner (jit_ex=<value
optimized out>, opt=<value optimized out>, target_domain=<value optimized out>,
method=
    "Langue.Interpreter:Evaluate ()") at mini.c:4153
#4  mono_jit_compile_method_with_opt (jit_ex=<value optimized out>, opt=<value
optimized out>, target_domain=<value optimized out>,
method="Langue.Interpreter:Evaluate ()") at mini.c:4345
#5  0x000000000041ffed in mono_jit_compile_method (method=Traceback (most
recent call last):
  File "/mono/bin/mono-gdb.py", line 150, in to_string
    class_name = stringify_class_name (klass ["name_space"].string (), klass
["name"].string ())
RuntimeError: Error reading string from inferior: Input/output error
) at mini.c:4370
#6  0x000000000048ab67 in common_call_trampoline (regs=<value optimized out>,
code=0x40012264 "\277\070\242\231", arg=<value optimized out>, tramp=<value
optimized out>, vt=0x0, 
    vtable_slot=0x0, need_rgctx_tramp=0) at mini-trampolines.c:438
#7  0x000000000048b6a8 in mono_magic_trampoline (regs=0x7fffffffd708,
code=0x40012264 "\277\070\242\231", arg=0x9bd590, tramp=0x1 <Address 0x1 out of
bounds>) at mini-trampolines.c:554
#8  0x0000000040002168 in ?? ()
#9  0x0000000000000000 in ?? ()
(gdb) p i
$1 = 10545376
(gdb) p to
$2 = (MonoBasicBlock *) 0x121

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.


More information about the mono-bugs mailing list