Bug 638257

Summary: Runtime crash with verifier enabled when a leave instruction isn't in an exception block
Product: [Mono] Mono: Runtime Reporter: Jérémie LAVAL <jeremie.laval>
Component: verifierAssignee: Rodrigo Kumpera <rkumpera>
Status: RESOLVED DUPLICATE QA Contact: Mono Bugs <mono-bugs>
Severity: Normal    
Priority: P5 - None    
Version: SVN   
Target Milestone: ---   
Hardware: x86-64   
OS: OES - Linux   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: Contains the assemblies to reproduce problem

Description Jérémie LAVAL 2010-09-09 14:42:58 UTC 
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.53 Safari/534.3

When executing a method (IL provided) that has been generated externally, the runtime hard crash (even with --security=verifiable options).

The IL causing the problem is given below (relevant part is at the end in the try/catch block):

.method public static 
           default void Main ()  cil managed 
    {
        // Method begins at RVA 0x20e8
	.entrypoint
	// Code size 120 (0x78)
	.maxstack 2
	.locals (
		class [HeisenLib]Heisen.IHeisenTestFixture	V_0,
		class [mscorlib]System.Threading.Thread[]	V_1,
		int32	V_2,
		string	V_3)
	IL_0000:  ldtoken Testalicious.DummyTests
	IL_0005:  call class [mscorlib]System.Type class [mscorlib]System.Type::GetTypeFromHandle(valuetype [mscorlib]System.RuntimeTypeHandle)
	IL_000a:  call object class [mscorlib]System.Activator::CreateInstance(class [mscorlib]System.Type)
	IL_000f:  castclass [HeisenLib]Heisen.IHeisenTestFixture
	IL_0014:  stloc 0
	IL_0018:  ldloc 0
	IL_001c:  callvirt instance void class [HeisenLib]Heisen.IHeisenTestFixture::Init()
	IL_0021:  ldloc 0
	IL_0025:  callvirt instance class [mscorlib]System.Threading.Thread[] class [HeisenLib]Heisen.IHeisenTestFixture::Run()
	IL_002a:  stloc 1
	IL_002e:  ldc.i4.0 
	IL_002f:  stloc 2
	IL_0033:  ldloc 1
	IL_0037:  ldloc 2
	IL_003b:  ldelem.ref 
	IL_003c:  callvirt instance void class [mscorlib]System.Threading.Thread::Start()
	IL_0041:  stloc 2
	IL_0045:  ldc.i4.1 
	IL_0046:  add 
	IL_0047:  stloc 2
	IL_004b:  ldloc 2
	IL_004f:  ldloc 1
	IL_0053:  ldlen 
	IL_0054:  conv.i4 
	IL_0055:  blt IL_0033
	IL_005a:  break 
	.try { // 0
	  IL_005b:  ldloc 0

	  IL_005f:  callvirt instance void class [HeisenLib]Heisen.IHeisenTestFixture::TestInvariants()
	} // end .try 0
	IL_0064:  leave IL_0077

	catch class [HeisenLib]Heisen.AssertException { // 0
	  IL_0069:  callvirt instance string class [mscorlib]System.Exception::get_Message()
	  IL_006e:  stloc 3

	} // end handler 0
	IL_0072:  leave IL_0077

	IL_0077:  ret 
    } // end of method DummyTests::Main

When the leave instructions are correctly replaced in their handler it works.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Hard runtime crash with the following stack trace:

ERROR:mini.c:3677:create_jit_info: assertion failed: (tblock)

Thread 1 (Thread 0x7f1daf7dc760 (LWP 24106)):
#0  0x00007f1dae33a32d in read () from /lib/libpthread.so.0
#1  0x00007f1daf168f05 in mono_handle_native_sigsegv (signal=<value optimized out>, ctx=<value optimized out>) at mini-exceptions.c:1935
#2  <signal handler called>
#3  0x00007f1dae002565 in raise () from /lib/libc.so.6
#4  0x00007f1dae0039e6 in abort () from /lib/libc.so.6
#5  0x00007f1daec39f01 in g_assertion_message () from /usr/lib/libglib-2.0.so.0
#6  0x00007f1daec3a480 in g_assertion_message_expr () from /usr/lib/libglib-2.0.so.0
#7  0x00007f1daf0f6cd3 in create_jit_info (method="Testalicious.DummyTests:Main ()", opts=51472895, domain=0x7f1daf61ad48, 
    run_cctors=<value optimized out>, compile_aot=0, parts=0) at mini.c:3677
#8  mini_method_compile (method="Testalicious.DummyTests:Main ()", opts=51472895, domain=0x7f1daf61ad48, run_cctors=<value optimized out>, 
    compile_aot=0, parts=0) at mini.c:4571
#9  0x00007f1daf0f71a6 in mono_jit_compile_method_inner (method="Testalicious.DummyTests:Main ()", opt=51472895, ex=0x7fff20a5c9f8)
    at mini.c:4821
#10 mono_jit_compile_method_with_opt (method="Testalicious.DummyTests:Main ()", opt=51472895, ex=0x7fff20a5c9f8) at mini.c:5029
#11 0x00007f1daf0f7e38 in mono_jit_runtime_invoke (method="Testalicious.DummyTests:Main ()", obj=0x0, params=0x7fff20a5ca80, exc=0x0)
    at mini.c:5227
#12 0x00007f1daf23e41b in mono_runtime_invoke (method="Testalicious.DummyTests:Main ()", obj=0x0, params=0x7fff20a5ca80, exc=0x0)
    at object.c:2709
#13 0x00007f1daf243395 in mono_runtime_exec_main (method=<value optimized out>, args=<value optimized out>, exc=0x0) at object.c:3838
#14 0x00007f1daf145b6e in main_thread_handler (argc=<value optimized out>, argv=<value optimized out>) at driver.c:999
#15 mono_main (argc=<value optimized out>, argv=<value optimized out>) at driver.c:1836
#16 0x00007f1dadfeec4d in __libc_start_main () from /lib/libc.so.6
#17 0x0000000000400879 in _start ()

Expected Results:  
The verifier should detect the problem
Comment 1 Jérémie LAVAL 2010-09-13 12:44:10 UTC 
Created attachment 389154 [details]
Contains the assemblies to reproduce problem
Comment 2 Rodrigo Kumpera 2010-09-13 13:56:51 UTC 
This is probably has the same root cause of #633248

*** This bug has been marked as a duplicate of bug 633248 ***