[Mono-bugs] [Bug 668095] New: Segfault when calling a synchronized generic method through an interface

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Fri Jan 28 17:16:41 EST 2011 

https://bugzilla.novell.com/show_bug.cgi?id=668095

https://bugzilla.novell.com/show_bug.cgi?id=668095#c0


           Summary: Segfault when calling a synchronized generic method
                    through an interface
    Classification: Mono
           Product: Mono: Runtime
           Version: SVN
          Platform: x86-64
        OS/Version: Ubuntu
            Status: NEW
          Severity: Major
          Priority: P5 - None
         Component: JIT
        AssignedTo: lupus at novell.com
        ReportedBy: knielsen at ariasolutions.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---


Description of Problem:

The mono virtual machine segfaults when calling a generic method with the
MethodImplOptions.Synchronized attribute through an interface:

Thread 1 (Thread 0x7fc35183b740 (LWP 4282)):
#0  0x00007fc350d9393d in read () from /lib/libpthread.so.0
#1  0x0000000000491577 in read (signal=<value optimized out>, ctx=<value
optimized out>) at /usr/include/bits/unistd.h:45
#2  mono_handle_native_sigsegv (signal=<value optimized out>, ctx=<value
optimized out>) at mini-exceptions.c:2126
#3  0x00000000004e5c2f in mono_arch_handle_altstack_exception
(sigctx=0x7fc3516dbbc0, fault_addr=<value optimized out>, stack_ovf=0) at
exceptions-amd64.c:944
#4  0x000000000041726b in mono_sigsegv_signal_handler (_dummy=11,
info=0x7fc3516dbcf0, context=0x7fc3516dbbc0) at mini.c:5827
#5  <signal handler called>
#6  0x0000000000494a3d in mono_create_static_rgctx_trampoline
(m="MonoGenericsCrash.DefaultRetriever:GetDefault ()", addr=0x407f1d00) at
mini-trampolines.c:102
#7  0x000000000049514b in common_call_trampoline (regs=<value optimized out>,
code=0x407f1cdb "H\213\370I\273\364\034\177@", m=
    "MonoGenericsCrash.DefaultRetriever:GetDefault ()", tramp=<value optimized
out>, vt=0xc435b8, vtable_slot=0xc43550, need_rgctx_tramp=1)
    at mini-trampolines.c:483
#8  0x0000000000495903 in mono_vcall_trampoline (regs=0x7fffaf75cb68,
code=0x407f1cdb "H\213\370I\273\364\034\177@", slot=<value optimized out>,
tramp=
    0x407f1176
"\350\325\230g\001\b\363\377\377\377\377\377\377\377\350Ç\001\b\364\377\377\377\377\377\377\377è\001\b\365\377\377\377\377\377\377\377è\001\b\366\377\377\377\377\377\377\377è001\b\367\377\377\377\377\377\377\377è001\b\370\377\377\377\377\377\377\377è001\b\371\377\377\377\377\377\377\377\350s\230g\001\b\372\377\377\377\377\377\377\377\350e\230g\001\b\373\377\377\377\377\377\377\377\350W\230g\001\b\374\377\377\377\377\377\377\377\350I\230g\001\b\375\377\377\377\377\377\377\377\350;\230g\001\b\376\377\377\377\377\377\377\377\350-\230g\001\b\377\377\377\377\377\377\377\377\350\037\230g\001\004\033")
    at mini-trampolines.c:656
#9  0x0000000041e6abba in ?? ()
#10 0x00007fffaf75cc20 in ?? ()
#11 0x0000000041e69177 in ?? ()
#12 0x0000000000000020 in ?? ()
#13 0x0000000000000000 in ?? ()

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================


Steps to reproduce the problem:
1. Run the following program:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.CompilerServices;

namespace MonoGenericsCrash
{
  interface IDefaultRetriever
  {
    T GetDefault<T>();
  }
  class DefaultRetriever : IDefaultRetriever
  {
    [MethodImpl(MethodImplOptions.Synchronized)]
    public T GetDefault<T>()
    {
      return default(T);
    }
  }
  class Program
  {
    static void Main()
    {
      DoSomething(new DefaultRetriever());
    }

    static void DoSomething(IDefaultRetriever foo)
    {
      int result = foo.GetDefault<int>();
      if (result != 0)
        throw new InvalidOperationException("received " + result + " instead of
expected 0");
    }
  }
}

Actual Results: Program segfaults
Expected Results: Program should not segfault
How often does this happen? Always.

Additional Information:

After some debugging, I determined that the problem was caused by the
common_call_trampoline function (mini-trampolines.c:470), where it replaces the
inflated MonoMethod pointer with a wrapped synchronized one, but does not
update the need_rgctx_tramp variable, causing other parts of the runtime to
assume the wrapping method is inflated when it really isn't.

I will attach a patch that fixes the problem and adds a
test-case for this bug.

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list