Put embedGenericHandle in sync with constraint resolution (hacky) #12
Conversation
|
Attaching my findings from the investigation for reference (originally sent offline in an e-mail to David): Hi David! This is the summary of my current findings regarding two runtime crashes in GenericContext tests I have recently investigated. It would be great if you could share your thoughts as to how to continue the investigation and / or what is the right way of fixing this. In general, both failures seem to indicate that the embedGenericHandle contract is insufficient in presence of constrained type resolution. I am not yet fully clear on why that doesn’t cause issues even in the absence of SVMs; my current working theory is that for instance virtual methods the presence of the this pointer containing the pointer to the correct method table probably makes these various lookups more robust. Thanks Tomas Test_Call_GenericOverReferenceType_ClassAGenericClass_NonGeneric_NonGeneric_GenericMethodOverInt This is the test you helped me investigate on Monday. The problem is that the constrained resolution in getCallInfo works fine but is subsequently not honored in embedGenericHandle – this method only receives the primary pResolvedToken without the constraint resolution and we’re passing neither the constrained token nor the result from getCallInfo to the method so that it creates the generic dictionary corresponding to the unconstrained interface type, not the actual type calculated via the constraint resolution. As I mentioned yesterday, just as a proof of concept I verified locally that I can fix this by patching the primary pResolvedToken in getCallInfo but I suspect it’s not the right solution. It seems to me that the right solution would be to either change the JIT API by passing either the pConstrainedResolvedToken or the pResult of getCallInfo to embedGenericHandle so that it can work with the correct type & method after constraint resolution (passing pResult would be better than passing pConstrainedResolvedToken because that would basically require us to duplicate the constraint resolution logic between getCallInfo and embedGenericHandle); alternatively we might be able to somehow pre-calculate the data for embedGenericHandle directly in getCallInfo but that would also require changing the JIT contract. Test_Call_GenericOverReferenceType_ClassAGenericClass_GenericOverString_NonGeneric_GenericMethodOverString<string> Here the primary crash happens during population of the generic dictionary entry but I think that the underlying problem is more or less the same as in the first case: .method /*06000445*/ public static void
Test_Call_GenericOverReferenceType_ClassAGenericClass_GenericOverString_NonGeneric_GenericMethodOverString<T>() cil managed noinlining
{
//
.maxstack 8
IL_0000: constrained. class [GenericContextCommonAndImplementation/*23000005*/]GenericClass`1/*0100000A*/<object>/*1B000191*/
IL_0006: call void class [GenericContextCommonAndImplementation/*23000005*/]IFaceNonGeneric/*01000003*//*1B000002*/::GenericMethod<string>() /* 2B000002 */
When we resolve the mdtMethodSpec token 0x2B000002 in resolveToken, the call to GetDescFromMemberRef from GetMethodDescFromMethodSpec ends up populating pResolvedToken->pTypeSpec / pResolvedToken->cbTypeSpec with the signature representing the type IFaceNonGeneric. When we subsequently call embedGenericHandle, the code at runtime/src/coreclr/vm/jitinterface.cpp Line 3347 in 36dce21 // Encode containing type
if (pResolvedToken->pTypeSpec != NULL)
{
SigPointer sigptr(pResolvedToken->pTypeSpec, pResolvedToken->cbTypeSpec);
sigptr.ConvertToInternalExactlyOne(pModule, NULL, &sigBuilder);
}
else
{
sigBuilder.AppendElementType(ELEMENT_TYPE_INTERNAL);
sigBuilder.AppendPointer(pResolvedToken->hClass);
}
encodes the incorrect type IFaceNonGeneric, not the correct type GenericClass`1<object> (after the constraint resolution), to the slot, so that we subsequently fail in Dictionary::PopulateEntry because FindOrCreateAssociatedMethodDesc fails to resolve pDefMD = “IFaceNonGeneric.GenericMethod” on pExactMT = “IFaceNonGeneric”. |
|
After rebasing to the latest state of your branch, the results are even better: 928 successes reported 572 failures reported |
As a proof of concept I am presenting the hotfix propagating constraint resolution from getCallInfo to embedGenericHandle by means of patching the pResolvedToken. It looks like a very dirty thing to do but it fixes all crashes in the GenericContext tests: 609 successes reported 891 failures reported Expected: 100 Actual: 1 END EXECUTION - FAILED FAILED Thanks Tomas
trylek
force-pushed
the
SVMGenericContext
branch
from
e7a141f to
16d68e9
Compare
|
1272 successes reported |
|
David has figured out a cleaner way of fixing this, closing. |
…tnet#52769) Transition to GC Unsafe mode on every MONO_RT_EXTERNAL_ONLY function in reflection.c In particular, fix mono_reflection_type_from_name which is used in https://github.com/xamarin/xamarin-android/blob/681887ebdbd192ce7ce1cd02221d4939599ba762/src/monodroid/jni/embedded-assemblies.cc#L350 Fixes stack traces like ``` 05-14 08:06:12.848 31274 31274 F DEBUG : #00 pc 00000b99 [vdso] (__kernel_vsyscall+9) 05-14 08:06:12.848 31274 31274 F DEBUG : #1 pc 0005ad68 /apex/com.android.runtime/lib/bionic/libc.so (syscall+40) (BuildId: 6e3a0180fa6637b68c0d181c343e6806) 05-14 08:06:12.848 31274 31274 F DEBUG : #2 pc 00076511 /apex/com.android.runtime/lib/bionic/libc.so (abort+209) (BuildId: 6e3a0180fa6637b68c0d181c343e6806) 05-14 08:06:12.848 31274 31274 F DEBUG : #3 pc 0002afcd /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonodroid.so (xamarin::android::internal::MonodroidRuntime::mono_log_handler(char const*, char const*, char const*, int, void*)+141) (BuildId: 9726f32ad5f8fa5e7c5762baf2f6e3294da41cc1) 05-14 08:06:12.848 31274 31274 F DEBUG : #4 pc 00112c5d /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (eglib_log_adapter+141) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #5 pc 00020fdf /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (monoeg_g_logv+175) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #6 pc 0002113a /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (monoeg_g_log+42) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #7 pc 00128892 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_threads_transition_do_blocking+258) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #8 pc 0012a406 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_threads_enter_gc_safe_region_unbalanced_with_info+134) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #9 pc 0012a27e /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_threads_enter_gc_safe_region_internal+46) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #10 pc 000799a7 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_loader_lock+71) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #11 pc 000447a1 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_class_create_from_typedef+129) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #12 pc 0003c073 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_class_get_checked+99) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #13 pc 0003cc0f /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_class_from_name_checked_aux+735) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #14 pc 00037989 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_class_from_name_checked+73) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #15 pc 000cc5f4 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_reflection_get_type_internal+132) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #16 pc 000c9bce /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_reflection_get_type_with_rootimage+126) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #17 pc 000ca204 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (_mono_reflection_get_type_from_info+292) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #18 pc 000ca06e /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_reflection_type_from_name_checked+334) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #19 pc 000c9f01 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonosgen-2.0.so (mono_reflection_type_from_name+49) (BuildId: b67e93dd750dafdd6f65f408b021b6a3a74868ac) 05-14 08:06:12.849 31274 31274 F DEBUG : #20 pc 0001b40b /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonodroid.so (xamarin::android::internal::EmbeddedAssemblies::typemap_java_to_managed(char const*)+427) (BuildId: 9726f32ad5f8fa5e7c5762baf2f6e3294da41cc1) 05-14 08:06:12.849 31274 31274 F DEBUG : #21 pc 0001b551 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonodroid.so (xamarin::android::internal::EmbeddedAssemblies::typemap_java_to_managed(_MonoString*)+113) (BuildId: 9726f32ad5f8fa5e7c5762baf2f6e3294da41cc1) 05-14 08:06:12.849 31274 31274 F DEBUG : #22 pc 000211a7 /data/app/~~rMrkpKmVPaBpM5jKb8fPAg==/com.microsoft.maui-JfRo8RWSDJaNtJuBa0y7_Q==/lib/x86/libmonodroid.so (xamarin::android::internal::MonodroidRuntime::typemap_java_to_managed(_MonoString*)+39) (BuildId: 9726f32ad5f8fa5e7c5762baf2f6e3294da41cc1) ```
1 participant
As a proof of concept I am presenting the hotfix propagating
constraint resolution from getCallInfo to embedGenericHandle
by means of patching the pResolvedToken. It looks like a very
dirty thing to do but it fixes all crashes in the GenericContext
tests:
609 successes reported
891 failures reported
Expected: 100
Actual: 1
END EXECUTION - FAILED
FAILED
Thanks
Tomas