Bug 58344 - SIMD crash using System.Numerics.Vector
Summary: SIMD crash using System.Numerics.Vector
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: JIT (show other bugs)
Version: 5.2 (2017-04)
Hardware: PC Mac OS
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2017-07-24 21:39 UTC by Larry Ewing [MSFT]
Modified: 2017-07-24 22:34 UTC (History)
3 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments

Description Larry Ewing [MSFT] 2017-07-24 21:39:04 UTC
I'm getting a crash in the SIMD intrinsic code emitter when doing some simple operations on
a Vector3.  I haven't been able to isolate a simple test case but I can avoid the crash by
making sure that I store a Vector3 property in a local variable before operating on it.

Thread 0 Crashed:: tid_307  Dispatch queue: com.apple.main-thread
0   libsystem_kernel.dylib        	0x00007fff9ec54d42 __pthread_kill + 10
1   libsystem_pthread.dylib       	0x00007fff9ed42457 pthread_kill + 90
2   libsystem_c.dylib             	0x00007fff9ebba420 abort + 129
3   com.xamarin.Inspector         	0x000000010697efbb mono_handle_native_crash + 603 (mini-exceptions.c:2548)
4   libsystem_platform.dylib      	0x00007fff9ed35b3a _sigtramp + 26
5   dyld                          	0x0000000114e9f551 ImageLoaderMachOCompressed::resolve(ImageLoader::LinkContext const&, char const*, unsigned char, long, ImageLoader const**, ImageLoaderMachOCompressed::LastLookup*, bool) + 273
6   libsystem_c.dylib             	0x00007fff9ebba420 abort + 129
7   com.xamarin.Inspector         	0x0000000106890ea0 log_callback(char const*, char const*, char const*, int, void*) + 64 (runtime.m:1100)
8   com.xamarin.Inspector         	0x0000000106b33263 monoeg_g_logv + 83 (goutput.c:116)
9   com.xamarin.Inspector         	0x0000000106b3347f monoeg_assertion_message + 143 (goutput.c:137)
10  com.xamarin.Inspector         	0x00000001069a391f get_simd_vreg_or_expanded_scalar + 511
11  com.xamarin.Inspector         	0x00000001069a364c simd_intrinsic_emit_binary_op + 44 (simd-intrinsics.c:1193)
12  com.xamarin.Inspector         	0x000000010699ec6d mono_emit_simd_intrinsics + 1485 (simd-intrinsics.c:2036)
13  com.xamarin.Inspector         	0x000000010694261b mini_emit_inst_for_method + 3771 (method-to-ir.c:6173)
14  com.xamarin.Inspector         	0x000000010691c018 mono_method_to_ir + 42824 (method-to-ir.c:9057)
15  com.xamarin.Inspector         	0x00000001069995ac mini_method_compile + 2908 (mini.c:3466)
16  com.xamarin.Inspector         	0x000000010699c795 mono_jit_compile_method_inner + 773 (mini.c:4191)
17  com.xamarin.Inspector         	0x000000010698c034 mono_jit_compile_method_with_opt + 660 (mini-runtime.c:1886)
18  com.xamarin.Inspector         	0x0000000106992406 common_call_trampoline + 1174 (mini-trampolines.c:704)
19  com.xamarin.Inspector         	0x0000000106991f39 mono_magic_trampoline + 73 (mini-trampolines.c:834)
20  ???                           	0x000000010900039e 0 + 4445963166
21  ???                           	0x0000000142c56290 0 + 5415199376
22  com.xamarin.Inspector         	0x000000010698f894 mono_jit_runtime_invoke + 1316 (mini-runtime.c:2546)
23  com.xamarin.Inspector         	0x0000000106a57df8 do_runtime_invoke + 88 (object.c:2829)
24  com.xamarin.Inspector         	0x0000000106a57d70 mono_runtime_invoke + 208 (object.c:2983)
25  com.xamarin.Inspector         	0x0000000106bcc9b2 native_to_managed_trampoline_382(objc_object*, objc_selector*, _MonoMethod**, NSEvent*, unsigned int) + 578 (registrar.m:23161)
26  com.xamarin.Inspector         	0x0000000106bccb38 -[InspectSCNView scrollWheel:] + 56 (registrar.m:44001)
27  com.apple.AppKit              	0x00007fff8779dd25 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 6735
28  com.apple.AppKit              	0x00007fff8779bf0a -[NSWindow(NSEventRouting) sendEvent:] + 541
29  com.apple.AppKit              	0x00007fff87620a92 -[NSApplication(NSEvent) sendEvent:] + 2186
30  com.apple.AppKit              	0x00007fff86e9b427 -[NSApplication run] + 1002
31  com.apple.AppKit              	0x00007fff86e65e0e NSApplicationMain + 1237
32  ???                           	0x000000010e8b9702 0 + 4538996482
33  ???                           	0x000000010cbde48d 0 + 4508738701
34  com.xamarin.Inspector         	0x000000010698f894 mono_jit_runtime_invoke + 1316 (mini-runtime.c:2546)
35  com.xamarin.Inspector         	0x0000000106a57df8 do_runtime_invoke + 88 (object.c:2829)
36  com.xamarin.Inspector         	0x0000000106a5b299 do_exec_main_checked + 137 (object.c:4624)
37  com.xamarin.Inspector         	0x00000001068f4a7f mono_jit_exec + 287 (driver.g.c:1040)
38  com.xamarin.Inspector         	0x00000001068f7293 mono_main + 9187 (driver.g.c:2248)
39  com.xamarin.Inspector         	0x000000010689915e xamarin_main + 1182 (launcher.m:662)
40  com.xamarin.Inspector         	0x000000010689a0b4 main + 36 (launcher.m:680)
41  libdyld.dylib                 	0x00007fff9eb26235 start + 1
Comment 1 Larry Ewing [MSFT] 2017-07-24 22:16:40 UTC
Here is the --verbose output at the point of failure

2017-07-24 17:09:07.376 Xamarin Workbooks[72462:7909622] Method System.nfloat AppKit.NSEvent:get_ScrollingDeltaY () emitted at 0x138460520 to 0x1384605b8 (code length 152) [Xamarin Workbooks.exe]
2017-07-24 17:09:07.376 Xamarin Workbooks[72462:7909622] converting method void Xamarin.Interactive.Camera.Dolly`2<SceneKit.SCNQuaternion, CoreGraphics.CGPoint>:Pan3 (System.Numerics.Vector3)
2017-07-24 17:09:07.376 Xamarin Workbooks[72462:7909622] warning: get_simd_vreg:: could not infer source simd vreg for op
 vcall_membase [R24 + 0x70] R20 <- [Xamarin.Interactive.Camera.Dolly`2<SceneKit.SCNQuaternion, CoreGraphics.CGPoint>:get_Position ()] [%rdi <- R22] [%rsi <- R23] clobbers: c
2017-07-24 17:09:07.376 Xamarin Workbooks[72462:7909622] error: * Assertion: should not be reached at /Users/builder/data/lanes/4991/494fcbcf/source/xamarin-macios/external/mono/mono/mini/simd-intrinsics.c:838
Stacktrace:

  at <unknown> <0xffffffff>
  at Xamarin.Interactive.Client.Mac.ViewInspector.InspectorSCNView.ScrollWheel (AppKit.NSEvent) [0x00060] in /Users/lewing/Source/inspector/Clients/Xamarin.Interactive.Client.Mac/ViewInspector/InspectorSCNView.cs:144
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object (object,intptr,intptr,intptr) [0x00022] in <880d757b2bcf45658254ed4057e00ad0>:0
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) AppKit.NSApplication.NSApplicationMain (int,string[]) [0x0005a] in <653ae31ee54341a090651b4a9522dc3f>:0
  at AppKit.NSApplication.Main (string[]) [0x00041] in /Users/builder/data/lanes/4991/494fcbcf/source/xamarin-macios/src/AppKit/NSApplication.cs:100
  at Xamarin.Interactive.Client.Mac.Entry.Main (string[]) [0x00007] in /Users/lewing/Source/inspector/Clients/Xamarin.Interactive.Client.Mac/Entry.cs:18
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) [0x00051] in <880d757b2bcf45658254ed4057e00ad0>:0

Native stacktrace:

	0   Xamarin Workbooks                   0x0000000102a85e61 mono_handle_native_crash + 257
	1   libsystem_platform.dylib            0x00007fff9ed35b3a _sigtramp + 26
	2   ???                                 0x000000000000003c 0x0 + 60
	3   libsystem_c.dylib                   0x00007fff9ebba420 abort + 129
	4   Xamarin Workbooks                   0x0000000102997ea0 _ZL12log_callbackPKcS0_S0_iPv + 64
	5   Xamarin Workbooks                   0x0000000102c3a263 monoeg_g_logv + 83
	6   Xamarin Workbooks                   0x0000000102c3a47f monoeg_assertion_message + 143
	7   Xamarin Workbooks                   0x0000000102aaa91f get_simd_vreg_or_expanded_scalar + 511
	8   Xamarin Workbooks                   0x0000000102aaa64c simd_intrinsic_emit_binary_op + 44
	9   Xamarin Workbooks                   0x0000000102aa5c6d mono_emit_simd_intrinsics + 1485
	10  Xamarin Workbooks                   0x0000000102a4961b mini_emit_inst_for_method + 3771
	11  Xamarin Workbooks                   0x0000000102a23018 mono_method_to_ir + 42824
	12  Xamarin Workbooks                   0x0000000102aa05ac mini_method_compile + 2908
	13  Xamarin Workbooks                   0x0000000102aa3795 mono_jit_compile_method_inner + 773
	14  Xamarin Workbooks                   0x0000000102a93034 mono_jit_compile_method_with_opt + 660
	15  Xamarin Workbooks                   0x0000000102a99406 common_call_trampoline + 1174
	16  Xamarin Workbooks                   0x0000000102a98f39 mono_magic_trampoline + 73
	17  ???                                 0x0000000105ef939e 0x0 + 4394554270
	18  ???                                 0x0000000138460347 0x0 + 5239079751
	19  Xamarin Workbooks                   0x0000000102a96894 mono_jit_runtime_invoke + 1316
	20  Xamarin Workbooks                   0x0000000102b5edf8 do_runtime_invoke + 88
	21  Xamarin Workbooks                   0x0000000102b5ed06 mono_runtime_invoke + 102
	22  Xamarin Workbooks                   0x0000000102cd39b2 _ZL32native_to_managed_trampoline_382P11objc_objectP13objc_selectorPP11_MonoMethodP7NSEventj + 578
	23  Xamarin Workbooks                   0x0000000102cd3b38 -[InspectSCNView scrollWheel:] + 56
	24  AppKit                              0x00007fff8779dd25 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 6735
	25  AppKit                              0x00007fff8779bf0a -[NSWindow(NSEventRouting) sendEvent:] + 541
	26  AppKit                              0x00007fff87620a92 -[NSApplication(NSEvent) sendEvent:] + 2186
	27  AppKit                              0x00007fff86e9b427 -[NSApplication run] + 1002
	28  AppKit                              0x00007fff86e65e0e NSApplicationMain + 1237
	29  ???                                 0x00000001097e799e 0x0 + 4454250910
	30  ???                                 0x00000001097e7804 0x0 + 4454250500
	31  Xamarin Workbooks                   0x0000000102a96894 mono_jit_runtime_invoke + 1316
	32  Xamarin Workbooks                   0x0000000102b5edf8 do_runtime_invoke + 88
	33  Xamarin Workbooks                   0x0000000102b62299 do_exec_main_checked + 137
	34  Xamarin Workbooks                   0x00000001029fba7f mono_jit_exec + 287
	35  Xamarin Workbooks                   0x00000001029fe293 mono_main + 9187
	36  Xamarin Workbooks                   0x00000001029a015e xamarin_main + 1182
	37  Xamarin Workbooks                   0x00000001029a10b4 main + 36
	38  libdyld.dylib                       0x00007fff9eb26235 start + 1

Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.XTn5Yp'
Executing commands in '/tmp/mono-gdb-commands.XTn5Yp'.
(lldb) process attach --pid 72462
Process 72462 stopped
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fff9ec553ee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fff9ec553ee <+10>: jae    0x7fff9ec553f8            ; <+20>
    0x7fff9ec553f0 <+12>: movq   %rax, %rdi
    0x7fff9ec553f3 <+15>: jmp    0x7fff9ec4dcd4            ; cerror
    0x7fff9ec553f8 <+20>: retq
Comment 2 Larry Ewing [MSFT] 2017-07-24 22:22:19 UTC
in this trace the crashing code is

public void Pan3 (Vector3 offset)
            => Position += offset;

whereas this version works fine

public void Pan2 (Vector3 offset)
        {
            var e = Position;
            Console.WriteLine (e);
            e += offset;
            Position = e;
        }
Comment 3 Larry Ewing [MSFT] 2017-07-24 22:26:44 UTC
With MONO_VERBOSE_METHOD=Pan3 we get:

2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] converting method void Xamarin.Interactive.Camera.Dolly`2<SceneKit.SCNQuaternion, CoreGraphics.CGPoint>:Pan3 (System.Numerics.Vector3)
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] creating vars
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] created temp 0 (R16) of type System.IntPtr
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] created temp 1 (R17) of type System.Numerics.Vector3
	this:  arg R16 <-
	arg [0]:  arg R17 <-
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] creating locals
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] locals done
method to IR Xamarin.Interactive.Camera.Dolly`2<SceneKit.SCNQuaternion, CoreGraphics.CGPoint>:Pan3 (System.Numerics.Vector3)
converting (in B2: stack: 0) IL_0000: ldarg.0   
converting (in B2: stack: 1) IL_0001: ldarg.0   
converting (in B2: stack: 2) IL_0002: callvirt  0x0a00072d
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] created temp 2 (R20) of type System.Numerics.Vector3
converting (in B2: stack: 2) IL_0007: ldarg.1   
converting (in B2: stack: 3) IL_0008: call      0x0a000730
  SIMD intrinsic System.Numerics.Vector3:op_Addition (System.Numerics.Vector3,System.Numerics.Vector3)
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] warning: get_simd_vreg:: could not infer source simd vreg for op
 vcall_membase [R24 + 0x70] R20 <- [Xamarin.Interactive.Camera.Dolly`2<SceneKit.SCNQuaternion, CoreGraphics.CGPoint>:get_Position ()] [%rdi <- R22] [%rsi <- R23] clobbers: c
2017-07-24 17:21:27.503 Xamarin Workbooks[72547:7926575] error: * Assertion: should not be reached at /Users/builder/data/lanes/4991/494fcbcf/source/xamarin-macios/external/mono/mono/mini/simd-intrinsics.c:838
Stacktrace:

  at <unknown> <0xffffffff>
  at Xamarin.Interactive.Client.Mac.ViewInspector.InspectorSCNView.ScrollWheel (AppKit.NSEvent) [0x00060] in /Users/lewing/Source/inspector/Clients/Xamarin.Interactive.Client.Mac/ViewInspector/InspectorSCNView.cs:144
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___object (object,intptr,intptr,intptr) [0x00022] in <880d757b2bcf45658254ed4057e00ad0>:0
  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) AppKit.NSApplication.NSApplicationMain (int,string[]) [0x0005a] in <653ae31ee54341a090651b4a9522dc3f>:0
  at AppKit.NSApplication.Main (string[]) [0x00041] in /Users/builder/data/lanes/4991/494fcbcf/source/xamarin-macios/src/AppKit/NSApplication.cs:100
  at Xamarin.Interactive.Client.Mac.Entry.Main (string[]) [0x00007] in /Users/lewing/Source/inspector/Clients/Xamarin.Interactive.Client.Mac/Entry.cs:18
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) [0x00051] in <880d757b2bcf45658254ed4057e00ad0>:0

Native stacktrace:

	0   Xamarin Workbooks                   0x0000000103551e61 mono_handle_native_crash + 257
	1   libsystem_platform.dylib            0x00007fff9ed35b3a _sigtramp + 26
	2   ???                                 0x000000010754d551 0x0 + 4417967441
	3   libsystem_c.dylib                   0x00007fff9ebba420 abort + 129
	4   Xamarin Workbooks                   0x0000000103463ea0 _ZL12log_callbackPKcS0_S0_iPv + 64
	5   Xamarin Workbooks                   0x0000000103706263 monoeg_g_logv + 83
	6   Xamarin Workbooks                   0x000000010370647f monoeg_assertion_message + 143
	7   Xamarin Workbooks                   0x000000010357691f get_simd_vreg_or_expanded_scalar + 511
	8   Xamarin Workbooks                   0x000000010357664c simd_intrinsic_emit_binary_op + 44
	9   Xamarin Workbooks                   0x0000000103571c6d mono_emit_simd_intrinsics + 1485
	10  Xamarin Workbooks                   0x000000010351561b mini_emit_inst_for_method + 3771
	11  Xamarin Workbooks                   0x00000001034ef018 mono_method_to_ir + 42824
	12  Xamarin Workbooks                   0x000000010356c5ac mini_method_compile + 2908
	13  Xamarin Workbooks                   0x000000010356f795 mono_jit_compile_method_inner + 773
	14  Xamarin Workbooks                   0x000000010355f034 mono_jit_compile_method_with_opt + 660
	15  Xamarin Workbooks                   0x0000000103565406 common_call_trampoline + 1174
	16  Xamarin Workbooks                   0x0000000103564f39 mono_magic_trampoline + 73
	17  ???                                 0x0000000103d2039e 0x0 + 4359062430
	18  ???                                 0x000000013f246df7 0x0 + 5354319351
	19  Xamarin Workbooks                   0x0000000103562894 mono_jit_runtime_invoke + 1316
	20  Xamarin Workbooks                   0x000000010362adf8 do_runtime_invoke + 88
	21  Xamarin Workbooks                   0x000000010362ad06 mono_runtime_invoke + 102
	22  Xamarin Workbooks                   0x000000010379f9b2 _ZL32native_to_managed_trampoline_382P11objc_objectP13objc_selectorPP11_MonoMethodP7NSEventj + 578
	23  Xamarin Workbooks                   0x000000010379fb38 -[InspectSCNView scrollWheel:] + 56
	24  AppKit                              0x00007fff8779dd25 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 6735
	25  AppKit                              0x00007fff8779bf0a -[NSWindow(NSEventRouting) sendEvent:] + 541
	26  AppKit                              0x00007fff87620a92 -[NSApplication(NSEvent) sendEvent:] + 2186
	27  AppKit                              0x00007fff86e9b427 -[NSApplication run] + 1002
	28  AppKit                              0x00007fff86e65e0e NSApplicationMain + 1237
	29  ???                                 0x00000001074d599e 0x0 + 4417477022
	30  ???                                 0x00000001074d5804 0x0 + 4417476612
	31  Xamarin Workbooks                   0x0000000103562894 mono_jit_runtime_invoke + 1316
	32  Xamarin Workbooks                   0x000000010362adf8 do_runtime_invoke + 88
	33  Xamarin Workbooks                   0x000000010362e299 do_exec_main_checked + 137
	34  Xamarin Workbooks                   0x00000001034c7a7f mono_jit_exec + 287
	35  Xamarin Workbooks                   0x00000001034ca293 mono_main + 9187
	36  Xamarin Workbooks                   0x000000010346c15e xamarin_main + 1182
	37  Xamarin Workbooks                   0x000000010346d0b4 main + 36
	38  libdyld.dylib                       0x00007fff9eb26235 start + 1

Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.bC5Wuy'
Executing commands in '/tmp/mono-gdb-commands.bC5Wuy'.
(lldb) process attach --pid 72547
Process 72547 stopped
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fff9ec553ee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fff9ec553ee <+10>: jae    0x7fff9ec553f8            ; <+20>
    0x7fff9ec553f0 <+12>: movq   %rax, %rdi
    0x7fff9ec553f3 <+15>: jmp    0x7fff9ec4dcd4            ; cerror
    0x7fff9ec553f8 <+20>: retq
Comment 4 Zoltan Varga 2017-07-24 22:30:38 UTC
Testcase:
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
using System;
using System.Numerics;

public class Tests
{
	public virtual Vector3 Position { get; set; }

	public void foo (Vector3 offset) => Position += offset;

	public static void Main () {
		var o = new Tests ();
		o.foo (new Vector3 (1, 2, 3));
	}
}
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Comment 5 Zoltan Varga 2017-07-24 22:34:39 UTC
Fixed in mono master/2017-06 by 11ce9cab628ff32f55c2d34996b90a174ee189fa.

Note You need to log in before you can comment on or make changes to this bug.