Bug 60238 - Mono assertion hit when using csharp repl
Summary: Mono assertion hit when using csharp repl
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: General (show other bugs)
Version: 5.8 (2017-10)
Hardware: PC Mac OS
: Normal normal
Target Milestone: Future Cycle (TBD)
Assignee: Aleksey Kliger
URL:
Depends on:
Blocks:
 
Reported: 2017-10-17 17:22 UTC by Marius Ungureanu
Modified: 2018-01-05 13:27 UTC (History)
5 users (show)

See Also:
Tags: bugpool-archive
Is this bug a regression?: ---
Last known good build:


Attachments
Standalone reproduction (1.92 KB, text/plain)
2017-11-13 23:17 UTC, Aleksey Kliger
Details

Description Marius Ungureanu 2017-10-17 17:22:13 UTC
Repro step below

csharp> int[,] x = new int[2,2] { { 1, 2 }, { 3, 4 }}
* Assertion: should not be reached at dynamic-image.c:207

Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Reflection.Emit.ModuleBuilder.getToken (System.Reflection.Emit.ModuleBuilder,object,bool) [0x0000b] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ModuleBuilder.GetToken (System.Reflection.MemberInfo,bool) [0x00061] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ModuleBuilderTokenGenerator.GetToken (System.Reflection.MemberInfo,bool) [0x00000] in <4656b2b94f914437bce672312dd9e44b>:0
  at System.Reflection.Emit.ILGenerator.Emit (System.Reflection.Emit.OpCode,System.Reflection.MethodInfo) [0x0004e] in <4656b2b94f914437bce672312dd9e44b>:0
  at Mono.CSharp.EmitContext.EmitArrayStore (Mono.CSharp.ArrayContainer) [0x0003f] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.EmitDynamicInitializers (Mono.CSharp.EmitContext,bool,Mono.CSharp.StackFieldExpr) [0x000c4] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.EmitToFieldSource (Mono.CSharp.EmitContext) [0x0007b] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ArrayCreation.Emit (Mono.CSharp.EmitContext) [0x00012] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.FieldExpr.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x0005e] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.HoistedVariable.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x00007] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.VariableReference.EmitAssign (Mono.CSharp.EmitContext,Mono.CSharp.Expression,bool,bool) [0x0000b] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Assign.Emit (Mono.CSharp.EmitContext,bool) [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Assign.EmitStatement (Mono.CSharp.EmitContext) [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.BlockVariable.DoEmit (Mono.CSharp.EmitContext) [0x00022] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Statement.Emit (Mono.CSharp.EmitContext) [0x0000d] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Block.DoEmit (Mono.CSharp.EmitContext) [0x00010] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ExplicitBlock.Emit (Mono.CSharp.EmitContext) [0x00042] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ParametersBlock.Emit (Mono.CSharp.EmitContext) [0x00030] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ToplevelBlock.Emit (Mono.CSharp.EmitContext) [0x00038] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.MethodData.Emit (Mono.CSharp.TypeDefinition) [0x0008c] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.MethodOrOperator.Emit () [0x001c4] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Method.Emit () [0x00104] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.TypeDefinition.Emit () [0x00205] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.ClassOrStruct.Emit () [0x0001d] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Class.Emit () [0x00000] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.TypeDefinition.EmitContainer () [0x0000c] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.CompileBlock (Mono.CSharp.Class,Mono.CSharp.Undo,Mono.CSharp.Report) [0x00288] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.Compile (string,Mono.CSharp.CompiledMethod&) [0x000cf] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharp.Evaluator.Evaluate (string,object&,bool&) [0x00006] in <56e7ab5fdc6341bdae3e6947a1b058dc>:0
  at Mono.CSharpShell.Evaluate (string) [0x00000] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.ReadEvalPrintLoopWith (Mono.CSharpShell/ReadLiner) [0x00033] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.ReadEvalPrintLoop () [0x00085] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.CSharpShell.Run (string[]) [0x00007] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at Mono.Driver.Main (string[]) [0x00153] in <ea66da73acc444d8a30d00ed88b725ed>:0
  at (wrapper runtime-invoke) <Module>.runtime_invoke_int_object (object,intptr,intptr,intptr) [0x00054] in <ea66da73acc444d8a30d00ed88b725ed>:0

Native stacktrace:

	0   mono                                0x0000000105192551 mono_handle_native_crash + 257
	1   libsystem_platform.dylib            0x00007fff8b5ceb3a _sigtramp + 26
	2   ???                                 0x0000000115180551 0x0 + 4648863057
	3   libsystem_c.dylib                   0x00007fff8b453420 abort + 129
	4   mono                                0x0000000105369bff mono_log_write_logfile + 351
	5   mono                                0x0000000105381873 monoeg_g_logv + 83
	6   mono                                0x0000000105381a8f monoeg_assertion_message + 143
	7   mono                                0x00000001052f2581 mono_dynamic_image_register_token + 177
	8   mono                                0x00000001052f4756 mono_image_create_token + 2086
	9   ???                                 0x000000010973aef7 0x0 + 4453543671

Debug info from gdb:

(lldb) command source -s 0 '/tmp/mono-gdb-commands.i7IcrJ'
Executing commands in '/tmp/mono-gdb-commands.i7IcrJ'.
(lldb) process attach --pid 8673
warning: (x86_64) /Library/Frameworks/Mono.framework/Versions/5.8.0/lib/mono/4.5/mscorlib.dll.dylib empty dSYM file detected, dSYM was created with an executable with no debug info.
Process 8673 stopped
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10
libsystem_kernel.dylib`__wait4:
->  0x7fff8b4ee3ee <+10>: jae    0x7fff8b4ee3f8            ; <+20>
    0x7fff8b4ee3f0 <+12>: movq   %rax, %rdi
    0x7fff8b4ee3f3 <+15>: jmp    0x7fff8b4e6cd4            ; cerror
    0x7fff8b4ee3f8 <+20>: retq
Target 0: (mono) stopped.

Executable module set to "/Library/Frameworks/Mono.framework/Versions/5.8.0/bin/mono".
Architecture set to: x86_64h-apple-macosx.
(lldb) thread list
Process 8673 stopped
* thread #1: tid = 0x548da1, 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  thread #2: tid = 0x548da2, 0x00007fff8b4edbf2 libsystem_kernel.dylib`__psynch_cvwait + 10, name = 'SGen worker'
  thread #3: tid = 0x548da3, 0x00007fff8b4e6386 libsystem_kernel.dylib`semaphore_wait_trap + 10, name = 'Finalizer'
  thread #4: tid = 0x548da6, 0x00007fff8b4ee44e libsystem_kernel.dylib`__workq_kernreturn + 10
(lldb) thread backtrace all
* thread #1, name = 'tid_307', queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
  * frame #0: 0x00007fff8b4ee3ee libsystem_kernel.dylib`__wait4 + 10
    frame #1: 0x00000001051925de mono`mono_handle_native_crash(signal=<unavailable>, ctx=<unavailable>, info=<unavailable>) at mini-exceptions.c:2726 [opt]
    frame #2: 0x00007fff8b5ceb3a libsystem_platform.dylib`_sigtramp + 26
    frame #3: 0x00007fff8b4edd43 libsystem_kernel.dylib`__pthread_kill + 11
    frame #4: 0x00007fff8b5db457 libsystem_pthread.dylib`pthread_kill + 90
    frame #5: 0x00007fff8b453420 libsystem_c.dylib`abort + 129
    frame #6: 0x0000000105369bff mono`mono_log_write_logfile(log_domain=<unavailable>, level=<unavailable>, hdr=<unavailable>, message="* Assertion: should not be reached at dynamic-image.c:207\n") at mono-log-common.c:135 [opt]
    frame #7: 0x0000000105381873 mono`monoeg_g_logv(log_domain=0x0000000000000000, log_level=G_LOG_LEVEL_ERROR, format=<unavailable>, args=<unavailable>) at goutput.c:115 [opt]
    frame #8: 0x0000000105381a8f mono`monoeg_assertion_message(format=<unavailable>) at goutput.c:135 [opt]
    frame #9: 0x00000001052f2581 mono`mono_dynamic_image_register_token(assembly=0x00007fe1808f1e00, token=167772162, obj=0x00007fe180803628, how_collide=<unavailable>) at dynamic-image.c:207 [opt]
    frame #10: 0x00000001052f4756 mono`mono_image_create_token(assembly=<unavailable>, obj=<unavailable>, create_open_instance=-2139081168, register_token=1, error=<unavailable>) at sre.c:1241 [opt]
    frame #11: 0x000000010973aef7
  thread #2, name = 'SGen worker'
    frame #0: 0x00007fff8b4edbf2 libsystem_kernel.dylib`__psynch_cvwait + 10
    frame #1: 0x00007fff8b5d97fa libsystem_pthread.dylib`_pthread_cond_wait + 712
    frame #2: 0x000000010536109e mono`thread_func [inlined] mono_os_cond_wait(mutex=<unavailable>) at mono-os-mutex.h:173 [opt]
    frame #3: 0x000000010536108b mono`thread_func at sgen-thread-pool.c:165 [opt]
    frame #4: 0x000000010536107d mono`thread_func(data=0x0000000000000000) at sgen-thread-pool.c:196 [opt]
    frame #5: 0x00007fff8b5d893b libsystem_pthread.dylib`_pthread_body + 180
    frame #6: 0x00007fff8b5d8887 libsystem_pthread.dylib`_pthread_start + 286
    frame #7: 0x00007fff8b5d808d libsystem_pthread.dylib`thread_start + 13
  thread #3, name = 'Finalizer'
    frame #0: 0x00007fff8b4e6386 libsystem_kernel.dylib`semaphore_wait_trap + 10
    frame #1: 0x000000010530d81c mono`finalizer_thread [inlined] mono_os_sem_wait(flags=MONO_SEM_FLAGS_ALERTABLE) at mono-os-semaphore.h:90 [opt]
    frame #2: 0x000000010530d811 mono`finalizer_thread at mono-coop-semaphore.h:43 [opt]
    frame #3: 0x000000010530d805 mono`finalizer_thread(unused=<unavailable>) at gc.c:866 [opt]
    frame #4: 0x00000001052c9bf0 mono`start_wrapper [inlined] start_wrapper_internal at threads.c:993 [opt]
    frame #5: 0x00000001052c9b53 mono`start_wrapper(data=<unavailable>) at threads.c:1053 [opt]
    frame #6: 0x00007fff8b5d893b libsystem_pthread.dylib`_pthread_body + 180
    frame #7: 0x00007fff8b5d8887 libsystem_pthread.dylib`_pthread_start + 286
    frame #8: 0x00007fff8b5d808d libsystem_pthread.dylib`thread_start + 13
  thread #4
    frame #0: 0x00007fff8b4ee44e libsystem_kernel.dylib`__workq_kernreturn + 10
    frame #1: 0x00007fff8b5d848e libsystem_pthread.dylib`_pthread_wqthread + 1023
    frame #2: 0x00007fff8b5d807d libsystem_pthread.dylib`start_wqthread + 13
(lldb) detach

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries
used by your application.
=================================================================
Comment 1 Zoltan Varga 2017-10-27 03:40:51 UTC
With master, I get:

mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
mono_dynamic_image_register_token: Unexpected previous object when called with MONO_DYN_IMAGE_TOK_NEW
Comment 2 Ludovic Henry 2017-11-08 21:03:28 UTC
When reproducing with Mono 5.8.0.40 (2017-10/ce494e3d152), I get same as https://bugzilla.xamarin.com/show_bug.cgi?id=60238#c1
Comment 3 Aleksey Kliger 2017-11-13 23:17:13 UTC
Created attachment 25681 [details]
Standalone reproduction
Comment 4 Aleksey Kliger 2017-11-13 23:17:52 UTC
I missed the codepath in mono_image_get_array_token() that returns an existing token.
Additionally ModuleBuilder:GetArrayMethod apparently returns fresh MonoArrayMehtod objects every time it's invoked - the upshot is that how_collide in mono_image_create_token for a MonoArrayMethod should be MONO_DYN_IMAGE_TOK_REPLACE.

Note You need to log in before you can comment on or make changes to this bug.