[Mono-bugs] [Bug 487518] New: SIGSEGV in mono_arch_emit_call on amd64; F# unit tests

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Fri Mar 20 19:51:27 EDT 2009 

https://bugzilla.novell.com/show_bug.cgi?id=487518


           Summary: SIGSEGV in mono_arch_emit_call on amd64; F# unit tests
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.4.x
          Platform: x86-64
        OS/Version: Ubuntu
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: JIT
        AssignedTo: lupus at novell.com
        ReportedBy: casey.s.marshall at gmail.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---


User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.0.7)
Gecko/2009030423 Ubuntu/8.04 (hardy) Firefox/3.0.7

Mono 2.4 RC3.

The AMD64 jit crashes when running an F# unit test.

Stacktrace from gdb, with XDEBUG info:

#0  0x0000000000497517 in mono_arch_emit_call (cfg=0x1c3f680, call=0x1c375d0)
at mini-amd64.c:1752
#1  0x000000000043e322 in mono_method_to_ir (cfg=0x1c3f680, method=0x1ced3f0,
start_bblock=0x1c37100, end_bblock=0x1c37200, return_var=0x0,
dont_inline=0x1ceaac0, inline_args=0x0,
    inline_offset=0, is_virtual_call=0) at method-to-ir.c:6176
#2  0x000000000041d7b3 in mini_method_compile (method=0x1ced3f0, opts=55667199,
domain=0x7f7f69597e00, run_cctors=<value optimized out>, compile_aot=<value
optimized out>, parts=0) at mini.c:3196
#3  0x000000000041ee6a in mono_jit_compile_method (method=0x1ced3f0) at
mini.c:3812
#4  0x00000000004881cf in mono_magic_trampoline (regs=0x4238cd48,
code=0x415d8ad0 "I\213�H\213t$0H\213T$8I\213E", m=0x1ced3f0, tramp=<value
optimized out>) at mini-trampolines.c:292
#5  0x00000000403fb168 in <generic_trampoline> ()
#6  0x00000000415d8ad0 in
Microsoft.FSharp.Collections.IEnumerator/clo at 66<string, XXX,
System.Collections.Generic.IEnumerator`1<XXX>>:get_Current
(this=0x7f7f695773c0)
#7  0x0000000041b4b2af in Microsoft.FSharp.Collections.Seq:to_array<object>
(ie=1757862048)
#8  0x000000004055ada8 in XXX (constraints=0x7f7f68b170f0, minLength=10,
minAcc=0.69999999999999996, maximizeType=0x7f7f68c48d80,
template=0x7f7f695200c0,
    read=0x7f7f68feb420)
#9  0x0000000040559b28 in XXX ()
#10 0x00000000413bb742 in (wrapper runtime-invoke)
object:runtime_invoke_void__this__ (param0=0x7f7f68bcf920, param2=0,
param3=1079352000)
#11 0x00000000004bd20f in mono_runtime_invoke_array (method=0x106d5f0,
obj=0x7f7f68bcf920, params=0x0, exc=0x0) at object.c:3495
#12 0x00000000004eafa8 in ves_icall_InternalInvoke (method=<value optimized
out>, this=0x7f7f68bcf920, params=0x0, exc=0x4238d448) at icall.c:3117
#13 0x0000000041f7d04e in (wrapper managed-to-native)
System.Reflection.MonoMethod:InternalInvoke (this=0x7f7f694a7208,
param0=0x7f7f68bcf920, param1=0x0, param2=1111020616)
#14 0x000000004138ed3c in System.Reflection.MonoMethod:Invoke
(this=0x7f7f694a7208, obj=0x7f7f68bcf920, binder=0x7f7f68bcf920,
parameters=0x0, culture=0x0)
#15 0x00000000413c486b in System.Reflection.MethodBase:Invoke
(this=0x7f7f694a7208, obj=0x7f7f68bcf920, parameters=0x0)
#16 0x0000000041b42bf0 in NUnit.Core.Reflect:InvokeMethod
(method=0x7f7f694a7208, fixture=0x7f7f68bcf920, args=0x0)
#17 0x0000000041b42924 in NUnit.Core.Reflect:InvokeMethod
(method=0x7f7f694a7208, fixture=0x7f7f68bcf920)
#18 0x0000000041b428fc in NUnit.Core.TestMethod:RunTestMethod (this=0x4238d448)
#19 0x0000000041b427b1 in NUnit.Core.TestMethod:doTestCase
(this=0x7f7f694c1e70, testResult=0x7f7f689b5738)
#20 0x0000000041b42604 in NUnit.Core.TestMethod:doRun (this=0x7f7f694c1e70,
testResult=0x7f7f689b5738)
#21 0x0000000041b42469 in NUnit.Core.TestMethod:Run (this=0x7f7f694c1e70,
testResult=0x7f7f689b5738)
#22 0x0000000041b42298 in NUnit.Core.NUnitTestMethod:Run (this=0x7f7f694c1e70,
testResult=0x7f7f689b5738)
#23 0x0000000041b4201b in NUnit.Core.TestCase:Run (this=0x7f7f694c1e70,
listener=0x7f7f69470978)
#24 0x0000000041b41f29 in NUnit.Core.TestCase:Run (this=0x7f7f694c1e70,
listener=0x7f7f69470978)
#25 0x0000000040d99169 in NUnit.Core.TestSuite:RunAllTests
(this=0x7f7f694a7208, suiteResult=0x7f7f69559900, listener=0x7f7f69470978,
filter=0x7f7f694900e0)
#26 0x00000000413973b0 in NUnit.Core.TestSuite:Run (this=0x7f7f6a312a10,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#27 0x0000000040d9978c in NUnit.Core.TestFixture:Run (this=0x7f7f6a312a10,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#28 0x0000000040d99169 in NUnit.Core.TestSuite:RunAllTests
(this=0x7f7f6948a850, suiteResult=0x7f7f690f4360, listener=0x7f7f69470978,
filter=0x7f7f694900e0)
#29 0x00000000413973b0 in NUnit.Core.TestSuite:Run (this=0x7f7f6948a850,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#30 0x0000000040d99169 in NUnit.Core.TestSuite:RunAllTests
(this=0x7f7f6948a8c0, suiteResult=0x7f7f690f43c0, listener=0x7f7f69470978,
filter=0x7f7f694900e0)
#31 0x00000000413973b0 in NUnit.Core.TestSuite:Run (this=0x7f7f6948a8c0,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#32 0x0000000040d99169 in NUnit.Core.TestSuite:RunAllTests
(this=0x7f7f6948a930, suiteResult=0x7f7f690f4420, listener=0x7f7f69470978,
filter=0x7f7f694900e0)
#33 0x00000000413973b0 in NUnit.Core.TestSuite:Run (this=0x7f7f6948a930,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#34 0x00000000413969a8 in NUnit.Core.SimpleTestRunner:Run (this=0x7f7f6955d6c0,
listener=0x7f7f69470978, filter=0x7f7f694900e0)
#35 0x00000000413967da in NUnit.Core.TestRunnerThread:TestRunnerThreadProc
(this=0x7f7f6952e100)
#36 0x0000000040b84cc2 in (wrapper runtime-invoke)
object:runtime_invoke_void__this__ (param0=0x7f7f6949e138, param2=0,
param3=1080943562)
#37 0x00000000004d3f55 in start_wrapper (data=<value optimized out>) at
threads.c:629
#38 0x00000000005527b3 in thread_start_routine (args=0x923f68) at threadsc:286
#39 0x000000000057976d in GC_start_routine (arg=0x7f7f694a6fc0) at
pthread_support.c:1382
#40 0x00007f7f6ab3a3f7 in start_thread () from /lib/libpthread.so.0
#41 0x00007f7f6a628b3d in clone () from /lib/libc.so.6
#42 0x0000000000000000 in ?? ()

The crash is here:

            vtarg->sreg1 = call->vret_var->dreg;

The field `vret_var' of `call' is NULL. As far as I can tell, that field is
never filled in with a real value before it is used.

Contents of `call':

(gdb) print *call
$5 = {inst = {opcode = 439, type = 0 '\0', ssa_op = 0, flags = 0 '\0', dreg =
-1, sreg1 = -1, sreg2 = -1, next = 0x0, prev = 0x0, data = {op = {{src = 0x0,
var = 0x0, const_val = 0, p = 0x0,
          method = 0x0, signature = 0x0, many_blocks = 0x0, target_block = 0x0,
args = 0x0, vtype = 0x0, klass = 0x0, phi_args = 0x0, call_inst = 0x0}, {src =
0x0, var = 0x0, const_val = 0,
          p = 0x0, method = 0x0, signature = 0x0, many_blocks = 0x0,
target_block = 0x0, args = 0x0, vtype = 0x0, klass = 0x0, phi_args = 0x0,
call_inst = 0x0}}, i8const = 0, r8const = 0},
    cil_code = 0x7f7f692dd400 "(�\t", backend = {reg3 = 0, arg_info = 0, size =
0, memcpy_args = 0x0, data = 0x0, shift_amount = 0, is_pinvoke = 0,
record_cast_details = 0, spill_var = 0x0,
      source_opcode = 0}, klass = 0x0}, signature = 0x1cebbc0, method =
0x1cebc00, args = 0x1c37520, out_args = 0x0, vret_var = 0x0, fptr = 0x0,
stack_usage = 0, virtual = 0, tail_call = 1,
  fptr_is_patch = 0, vret_in_reg = 0, dynamic_imt_arg = 0, used_iregs = 64,
used_fregs = 0, out_ireg_args = 0x1c37720, out_freg_args = 0x0}


Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Crashes with a segmentation fault.

Expected Results:  
Runs normally.

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list