316375 – (MONO69083) [PATCH PPC] JIT Failure after appdomain unload

Bug 316375 (MONO69083) - [PATCH PPC] JIT Failure after appdomain unload

Summary: [PATCH PPC] JIT Failure after appdomain unload

Status:	RESOLVED FIXED

Alias:	MONO69083

Product:	Mono: Runtime
Classification:	Mono
Component:	misc (show other bugs)
Version:	1.0
Hardware:	Other Other

Priority:	P3 - Medium Severity: Enhancement
Target Milestone:	---
Assignee:	Mono Bugs
QA Contact:	Mono Bugs

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2004-11-04 07:48 UTC by Geoff Norton
Modified:	2007-09-15 21:24 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
patch (768 bytes, patch) 2004-11-09 23:22 UTC, Thomas Wiest	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Wiest 2007-09-15 18:57:54 UTC



---- Reported by grompf@sublimeintervention.com 2004-11-04 00:48:15 MST ----

The PPC JIT is being left in a inconsistent state after a AppDomain unload.

Take the following testcase:


using System;

class T{
        static void Main (string [] args) {
                AppDomain a = AppDomain.CreateDomain("T");
                AppDomain.Unload (a);
        }
}

junglist:~/Documents/Development/mono/bugs plasma$ mono appdom2.exe

Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of 
an object
junglist:~/Documents/Development/mono/bugs plasma$ gdb --args mono appdom2.exe 
GNU gdb 5.3-20030128 (Apple version gdb-330.1) (Fri Jul 16 21:42:28 GMT 2004)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-apple-darwin".
Reading symbols for shared libraries .r
.......... done
(gdb) r
Starting program: /usr/bin/mono appdom2.exe
Reading symbols for shared libraries ++++++++. done

Program received signal EXC_BAD_ACCESS, Could not access memory.
[Switching to process 393 thread 0x1103]
0x00fa5578 in ?? ()
(gdb) bt     
#0  0x00fa5578 in ?? ()
Cannot access memory at address 0xfa5578
Cannot access memory at address 0xfa5578
#1  0x00fa9b64 in ?? ()
#2  0x001259dc in ?? ()
#3  0x0048c320 in run_finalize (obj=0x995b00, data=0xfa9b30) at gc.c:107
#4  0x0048cbc8 in finalize_domain_objects (req=0x560318) at gc.c:564
#5  0x0048ccd0 in finalizer_thread (unused=0x16) at gc.c:599
#6  0x0049b028 in start_wrapper (data=0xc31850) at threads.c:269
#7  0x004e2728 in timed_thread_start_routine (args=0xc31860) at timed-thread.c:135
#8  0x900246e8 in _pthread_body ()
(gdb) p print_method_from_ip (0x00fa5578)
No method at 0xfa5578
$1 = void
(gdb) p print_method_from_ip (0x00fa9b64)
IP 0xfa9b64 at offset 0x34 of method System.Security.Cryptography.RNGCryptoServiceProvider:
Finalize () (0xfa9b30 0xfa9bac)

Program exited normally.

Take the following testcase:

using System;

class T{
        static void Main (string [] args) {
                AppDomain a = AppDomain.CreateDomain("T");
                AppDomain b = AppDomain.CreateDomain("T2");
                AppDomain.Unload (a);
                // We will fail on this second call
                AppDomain.Unload (b);
        }
}

junglist:~/Documents/Development/mono/bugs plasma$ mono appdom2.exe

Unhandled Exception: System.ExecutionEngineException: SIGILL
in (unmanaged) (wrapper remoting-invoke) System.AppDomain:getDomainID ()
in <0x00088> (wrapper remoting-invoke) System.AppDomain:getDomainID ()
in <0x00054> (wrapper remoting-invoke-with-check) System.AppDomain:getDomainID ()
in <0x0005c> System.AppDomain:Unload (System.AppDomain)
in <0x00058> T:Main (string[])


Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of 
an object
junglist:~/Documents/Development/mono/bugs plasma$ gdb --args mono appdom2.exe 
GNU gdb 5.3-20030128 (Apple version gdb-330.1) (Fri Jul 16 21:42:28 GMT 2004)
Copyright 2003 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "powerpc-apple-darwin".
Reading symbols for shared libraries .........r.. done
(gdb) r
Starting program: /usr/bin/mono appdom2.exe
Reading symbols for shared libraries ++++++++. done

Program received signal EXC_BAD_INSTRUCTION, Illegal instruction/operand.
[Switching to process 421 thread 0x2403]
0x009cd000 in ?? ()
(gdb) bt
#0  0x009cd000 in ?? ()
#1  0x00f63764 in ?? ()
#2  0x00bf7d9c in ?? ()
#3  0x00bf59c8 in ?? ()
#4  0x00be9af0 in ?? ()
#5  0x0047bb0c in mono_remoting_invoke (real_proxy=0x6f8c0, msg=0x0, exc=0x0, 
out_args=0x70f40) at object.c:2817
#6  0x00491060 in mono_remoting_wrapper (method=0xc1d010, params=0xf0401a44) at 
marshal.c:1912
#7  0x00fa98a4 in ?? ()
#8  0x00fa9758 in ?? ()
#9  0x00fa9640 in ?? ()
#10 0x001249ec in ?? ()
#11 0x001248b0 in ?? ()
#12 0x00479ec8 in mono_runtime_exec_main (method=0x99e7b0, args=0x68f20, exc=0x0) at 
object.c:1575
#13 0x00479a90 in mono_runtime_run_main (method=0xc3bd10, argc=0, argv=0xbffffe60, 
exc=0x0) at object.c:1429
#14 0x0049b028 in start_wrapper (data=0xc3b740) at threads.c:269
#15 0x004e2728 in timed_thread_start_routine (args=0xc3b690) at timed-thread.c:135
#16 0x900246e8 in _pthread_body ()
(gdb) p print_method_from_ip (0x009cd000)
No method at 0x9cd000
$1 = void
(gdb) p print_method_from_ip (0x00f63764)
IP 0xf63764 at offset 0xbc of method System.AppDomain:InvokeInDomainByID 
(int,System.Reflection.MethodInfo,object,object[]) (0xf636a8 0xf637dc)
$2 = void
(gdb) 

At a (albeit) quick initial glance I dont see anything glaringly obvious in the JIT code;

any ideas on where to start digging lupus? Based on the behaviour I'm thinking stack corruption?

(This happens both on UbuntuPPC and Mac OS X g4)

-kangaroo



---- Additional Comments From vargaz@gmail.com 2004-11-05 10:59:32 MST ----

I checked in some fixes to the PPC trampoline code which might fix 
this? Could you rerun you test ?



---- Additional Comments From grompf@sublimeintervention.com 2004-11-05 17:10:50 MST ----

vargaz:

No change.

-kangaroo




---- Additional Comments From grompf@sublimeintervention.com 2004-11-09 16:22:55 MST ----

Created an attachment (id=166995)
patch




---- Additional Comments From grompf@sublimeintervention.com 2004-11-09 16:24:01 MST ----

The above patch resolves this issue on darwin and lin/ppc, bringing
darwin down to 1 failed test (vararg).

The issue was (as explained to neale and me on irc by vargaz) tramping
cross appdomain calls.

ChangeLog will be included if approved for commit.

-kangaroo




---- Additional Comments From lupus@ximian.com 2004-11-10 10:03:09 MST ----

Move the declaration of the local vars at the start of the function
and commit. 



---- Additional Comments From grompf@sublimeintervention.com 2004-11-10 23:44:21 MST ----

commited to HEAD



---- Additional Comments From grompf@sublimeintervention.com 2004-11-10 23:44:42 MST ----

resolving as fixed


Imported an attachment (id=166995)

Unknown operating system unknown. Setting to default OS "Other".