Bug 35102

Summary: IronJS is broken on master
Product: [Mono] Runtime Reporter: Mark Probst <mark>
Component: JITAssignee: Zoltan Varga <vargaz>
Status: RESOLVED FIXED    
Severity: normal CC: mono-bugs+mono, mono-bugs+runtime
Priority: ---    
Version: unspecified   
Target Milestone: ---   
Hardware: PC   
OS: Mac OS   
Tags: Is this bug a regression?: ---
Last known good build:

Description Mark Probst 2015-10-20 13:04:27 UTC
c41b5a47ad24fc359a092fe9023fc82f68cdf198` breaks IronJS.

To reproduce, in `xamarin/benchmarker/tests/IronJS` run `mono ijs.exe . v8`:

V8 Benchmark Suite - version 6
==================================
crypto.js
Stacktrace:

  at <unknown> <0xffffffff>
  at IronJS.Native.Global.parseInt (IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x003d3>
  at IronJS.Native.Global/parseInt@357.Invoke (IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x0003d>
  at (wrapper delegate-invoke) System.Func`3<IronJS.Runtime.BoxedValue, IronJS.Runtime.BoxedValue, IronJS.Runtime.BoxedValue>.invoke_TResult_T1_T2 (IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0xffffffff>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,double) <0x000b1>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject_BoxedValue_double (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,double) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache`2<IronJS.Runtime.BoxedValue, double>.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,double) <0x000c8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x01845>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject_BoxedValue_BoxedValue (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache`2<IronJS.Runtime.BoxedValue, IronJS.Runtime.BoxedValue>.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x000c8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x00f18>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x000a8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,object) <0x00b9c>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject_object (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,object) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache`1<a_REF>.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,a_REF) <0x000f4>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x00845>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject_BoxedValue_BoxedValue (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache`2<IronJS.Runtime.BoxedValue, IronJS.Runtime.BoxedValue>.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.BoxedValue,IronJS.Runtime.BoxedValue) <0x000c8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x00f15>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x000a8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x00f4f>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x000a8>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.CommonObject) <0x01505>
  at (wrapper delegate-invoke) <Module>.invoke_bound_BoxedValue_Closure_FunctionObject_CommonObject_CommonObject (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,IronJS.Runtime.CommonObject) <0xffffffff>
  at IronJS.Runtime.Optimizations.InlineInvokeCache`1<a_REF>.Invoke (IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject,a_REF) <0x000f4>
  at (wrapper dynamic-method) object.lambda_method (System.Runtime.CompilerServices.Closure,IronJS.Runtime.FunctionObject,IronJS.Runtime.CommonObject) <0x00880>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_object_object_object_object (object,intptr,intptr,intptr) <0xffffffff>
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.MonoMethod.InternalInvoke (System.Reflection.MonoMethod,object,object[],System.Exception&) <0xffffffff>
  at System.Reflection.MonoMethod.Invoke (object,System.Reflection.BindingFlags,System.Reflection.Binder,object[],System.Globalization.CultureInfo) <0x000a3>
  at System.Reflection.MethodBase.Invoke (object,object[]) <0x0002a>
  at System.Delegate.DynamicInvokeImpl (object[]) <0x00246>
  at System.MulticastDelegate.DynamicInvokeImpl (object[]) <0x00035>
  at System.Delegate.DynamicInvoke (object[]) <0x00019>
  at IronJS.Hosting.FSharp.run (System.Delegate,IronJS.Hosting.FSharp/T) <0x000b5>
  at IronJS.Hosting.CSharp/Context.Execute (string) <0x00042>
  at Benchmarks.V8BenchMarkTestSuite.ExecuteTest (IronJS.Hosting.CSharp/Context,string) <0x005a5>
  at Benchmarks.TestSuite.Run () <0x0014e>
  at Benchmarks.Program.Main (string[]) <0x001e2>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <0xffffffff>

Native stacktrace:


Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.rKd5MZ'
Executing commands in '/tmp/mono-gdb-commands.rKd5MZ'.
(lldb) process attach --pid 6396
Process 6396 stopped
* thread #1: tid = 0xb60a4a, 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fff884f072a <+10>: jae    0x7fff884f0734            ; <+20>
    0x7fff884f072c <+12>: movq   %rax, %rdi
    0x7fff884f072f <+15>: jmp    0x7fff884eb414            ; cerror
    0x7fff884f0734 <+20>: retq   

Executable module set to "/Users/schani/Work/mono/mono/mono/mini/mono-sgen".
Architecture set to: x86_64-apple-macosx.
(lldb) thread list
Process 6396 stopped
* thread #1: tid = 0xb60a4a, 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0xb60a4b, 0x00007fff884eff5e libsystem_kernel.dylib`__psynch_cvwait + 10
  thread #3: tid = 0xb60a4c, 0x00007fff884eacd2 libsystem_kernel.dylib`semaphore_wait_trap + 10
  thread #4: tid = 0xb60a4d, 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
  thread #5: tid = 0xb60a4e, 0x00007fff884f10a2 libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
  thread #6: tid = 0xb60a4f, 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
warning: could not load any Objective-C class information from the dyld shared cache. This will significantly reduce the quality of type information available.
* thread #1: tid = 0xb60a4a, 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x000000010963fa52 mono-sgen`mono_handle_native_sigsegv(signal=11, ctx=0x0000000109f17f48, info=0x0000000109f17ee0) + 626 at mini-exceptions.c:2233
    frame #2: 0x000000010970276d mono-sgen`mono_arch_handle_altstack_exception(sigctx=0x0000000109f17f48, siginfo=0x0000000109f17ee0, fault_addr=0x0000000000000004, stack_ovf=0) + 125 at exceptions-amd64.c:808
    frame #3: 0x000000010952e8f2 mono-sgen`mono_sigsegv_signal_handler(_dummy=11, _info=0x0000000109f17ee0, context=0x0000000109f17f48) + 786 at mini-runtime.c:2527
    frame #4: 0x00007fff9219052a libsystem_platform.dylib`_sigtramp + 26
    frame #5: 0x0000000109689fbc mono-sgen`mono_arch_emit_call(cfg=0x00007fd24000b800, call=0x00007fd23def5570) + 4700 at mini-amd64.c:2499
    frame #6: 0x0000000109539950 mono-sgen`mono_emit_call_args(cfg=0x00007fd24000b800, sig=0x00007fd23b68b1f0, args=0x00007fd240041320, calli=0, virtual=0, tail=1, rgctx=0, unbox_trampoline=0) + 1008 at method-to-ir.c:2645
    frame #7: 0x000000010953704b mono-sgen`mono_emit_method_call_full(cfg=0x00007fd24000b800, method=0x00007fd23b68c360, sig=0x00007fd23b68b1f0, tail=1, args=0x00007fd240041320, this_ins=0x0000000000000000, imt_arg=0x0000000000000000, rgctx_arg=0x0000000000000000) + 4139 at method-to-ir.c:2836
    frame #8: 0x0000000109555be1 mono-sgen`mono_method_to_ir(cfg=0x00007fd24000b800, method=0x00007fd23e51b340, start_bblock=0x00007fd24003b650, end_bblock=0x00007fd24003b778, return_var=0x0000000000000000, inline_args=0x0000000000000000, inline_offset=0, is_virtual_call=0) + 95649 at method-to-ir.c:9648
    frame #9: 0x00000001095249be mono-sgen`mini_method_compile(method=0x00007fd23e51b340, opts=370239999, domain=0x00007fd23b503620, flags=JIT_FLAG_RUN_CCTORS, parts=0, aot_method_index=-1) + 5662 at mini.c:3603
    frame #10: 0x000000010952925a mono-sgen`mono_jit_compile_method_inner(method=0x00007fd23e51b340, target_domain=0x00007fd23b503620, opt=370239999, jit_ex=0x00007fff566df960) + 1802 at mini.c:4255
    frame #11: 0x000000010952dfcf mono-sgen`mono_jit_compile_method_with_opt(method=0x00007fd23e51b340, opt=370239999, ex=0x00007fff566df960) + 1551 at mini-runtime.c:1927
    frame #12: 0x000000010952d93d mono-sgen`mono_jit_compile_method(method=0x00007fd23e51b340) + 61 at mini-runtime.c:1970
    frame #13: 0x000000010982f92b mono-sgen`mono_compile_method(method=0x00007fd23e51b340) + 75 at object.c:612
    frame #14: 0x0000000109646373 mono-sgen`common_call_trampoline_inner(regs=0x00007fff566dfdb0, code="H\x8b\x8c$\x98", m=0x00007fd23e51b340, vt=0x0000000000000000, vtable_slot=0x0000000000000000) + 3395 at mini-trampolines.c:569
    frame #15: 0x0000000109642d55 mono-sgen`common_call_trampoline(regs=0x00007fff566dfdb0, code="H\x8b\x8c$\x98", m=0x00007fd23e51b340, vt=0x0000000000000000, vtable_slot=0x0000000000000000) + 53 at mini-trampolines.c:683
    frame #16: 0x0000000109642d15 mono-sgen`mono_magic_trampoline(regs=0x00007fff566dfdb0, code="H\x8b\x8c$\x98", arg=0x00007fd23e51b340, tramp="蓋\r?\b@\xb3Q>?") + 69 at mini-trampolines.c:698
    frame #17: 0x0000000109dbd295

  thread #2: tid = 0xb60a4b, 0x00007fff884eff5e libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #0: 0x00007fff884eff5e libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fff920f173d libsystem_pthread.dylib`_pthread_cond_wait + 767
    frame #2: 0x00000001098d0d82 mono-sgen`thread_func(thread_data=0x0000000000000000) + 114 at sgen-thread-pool.c:118
    frame #3: 0x00007fff920f09b1 libsystem_pthread.dylib`_pthread_body + 131
    frame #4: 0x00007fff920f092e libsystem_pthread.dylib`_pthread_start + 168
    frame #5: 0x00007fff920ee385 libsystem_pthread.dylib`thread_start + 13

  thread #3: tid = 0xb60a4c, 0x00007fff884eacd2 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #0: 0x00007fff884eacd2 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x00000001099072da mono-sgen`mono_sem_wait(sem=0x0000000109a07cc0, alertable=1) + 26 at mono-semaphore.c:109
    frame #2: 0x000000010982a724 mono-sgen`finalizer_thread(unused=0x0000000000000000) + 196 at gc.c:717
    frame #3: 0x00000001097f1563 mono-sgen`start_wrapper_internal(data=0x00007fd23d00f9d0) + 675 at threads.c:716
    frame #4: 0x00000001097f12b1 mono-sgen`start_wrapper(data=0x00007fd23d00f9d0) + 33 at threads.c:763
    frame #5: 0x0000000109915649 mono-sgen`inner_start_thread(arg=0x00007fff566e4280) + 569 at mono-threads-posix.c:92
    frame #6: 0x00007fff920f09b1 libsystem_pthread.dylib`_pthread_body + 131
    frame #7: 0x00007fff920f092e libsystem_pthread.dylib`_pthread_start + 168
    frame #8: 0x00007fff920ee385 libsystem_pthread.dylib`thread_start + 13

  thread #4: tid = 0xb60a4d, 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fff920f058c libsystem_pthread.dylib`_pthread_wqthread + 1283
    frame #2: 0x00007fff920ee375 libsystem_pthread.dylib`start_wqthread + 13

  thread #5: tid = 0xb60a4e, 0x00007fff884f10a2 libsystem_kernel.dylib`kevent_qos + 10, queue = 'com.apple.libdispatch-manager'
    frame #0: 0x00007fff884f10a2 libsystem_kernel.dylib`kevent_qos + 10
    frame #1: 0x00007fff984f31ad libdispatch.dylib`_dispatch_mgr_invoke + 216
    frame #2: 0x00007fff984f2e15 libdispatch.dylib`_dispatch_mgr_thread + 52

  thread #6: tid = 0xb60a4f, 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #0: 0x00007fff884f078a libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fff920f058c libsystem_pthread.dylib`_pthread_wqthread + 1283
    frame #2: 0x00007fff920ee375 libsystem_pthread.dylib`start_wqthread + 13
(lldb) detach

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Process 6396 stopped
* thread #1: tid = 0xb60a4a, 0x00007fff884f072a libsystem_kernel.dylib`__wait4 + 10
Process 6396 stopped
Process 6396 detached
(lldb) quit
fish: Job 1, '~/Work/mono/mono/mono/mini/mono-sgen ijs.exe . v8' terminated by signal SIGABRT (Abort)
Comment 1 Zoltan Varga 2015-10-20 14:13:00 UTC
Reverted it.