Empty array allocated on the Frozen Heap for a Collectible type? #100437

xoofx · 2024-03-29T14:13:29Z

Hello folks,

Apologies, it's not a fully reproducible bug as we haven't tried yet to reproduce it with a simpler sample, but we have a suspicion.

We are investigating an error where we have the GC marking of frozen objects gc_heap::mark_ro_segments()that is crashing.

One place that we are curious about is in TryAllocateFrozenSzArray:

runtime/src/coreclr/vm/gchelpers.cpp

Lines 516 to 520 in 7486be8

    
           if (pArrayMT->ContainsPointers() && cElements > 0) 
        
           { 
        
               // For arrays with GC pointers we can only work with empty arrays 
        
               return NULL; 
        
           }

Where it seems that we could allow to allocate an empty array for collectible MethodTable in the Frozen heap. Shouldn't it be something like this instead?

    if (pArrayMT->Collectible() || (pArrayMT->ContainsPointers() && cElements > 0))
    {
        // For arrays with GC pointers we can only work with empty arrays
        return NULL;
    }

Before we investigate this further, any thoughts?

cc: @EgorBo

The text was updated successfully, but these errors were encountered:

dotnet-policy-service · 2024-03-29T14:13:48Z

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

jkotas · 2024-03-29T15:11:51Z

Before we investigate this further, any thoughts?

Yes, this looks like a bug. Could you please submit a PR with the fix?

xoofx · 2024-03-29T15:12:39Z

Yes, this looks like a bug. Could you please submit a PR with the fix?

Sure!

jkotas · 2024-03-29T15:17:11Z

There is CORJIT_FLAG_FROZEN_ALLOC_ALLOWED that handles most cases, but it does not cover shared generics. The shared generic code may have CORJIT_FLAG_FROZEN_ALLOC_ALLOWED set, but the actual instantiation can be collectible. I think you should be able to reproduce the crash using a pattern like this.

xoofx · 2024-03-29T15:35:00Z

Created PR #100444. We have tested a similar fix in our own fork, and it seems to be fixing our issues.

dotnet#100437) Add assert for collectible in FrozenObjectHeapManager::TryAllocateObject Fix another potential case Add test Fix test Fix test bis Fix test bis bis

dotnet#100437)

#100444) * Fix allocation of empty array in the frozen heap for collectible types (#100437) * Remove Optimize from csproj * Add test for generic with static * Apply suggestions from code review * Better test * Disable tests on Mono --------- Co-authored-by: Jan Kotas <jkotas@microsoft.com>

dotnet#100444) * Fix allocation of empty array in the frozen heap for collectible types (dotnet#100437) * Remove Optimize from csproj * Add test for generic with static * Apply suggestions from code review * Better test * Disable tests on Mono --------- Co-authored-by: Jan Kotas <jkotas@microsoft.com> (cherry picked from commit 78f7707)

#100444) (#100509) * Fix allocation of empty array in the frozen heap for collectible types (#100437) * Remove Optimize from csproj * Add test for generic with static * Apply suggestions from code review * Better test * Disable tests on Mono --------- Co-authored-by: Alexandre Mutel <alexandre_mutel@live.com>

dotnet#100444) * Fix allocation of empty array in the frozen heap for collectible types (dotnet#100437) * Remove Optimize from csproj * Add test for generic with static * Apply suggestions from code review * Better test * Disable tests on Mono --------- Co-authored-by: Jan Kotas <jkotas@microsoft.com>

dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Mar 29, 2024

dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Mar 29, 2024

xoofx mentioned this issue Mar 29, 2024

Fix allocation of empty array in the frozen heap for collectible types #100444

Merged

JulieLeeMSFT assigned xoofx Mar 29, 2024

JulieLeeMSFT added this to the 9.0.0 milestone Mar 29, 2024

JulieLeeMSFT assigned EgorBo Mar 29, 2024

dotnet-policy-service bot removed the untriaged New issue has not been triaged by the area owner label Mar 29, 2024

xoofx added a commit to xoofx/dotnet-runtime that referenced this issue Mar 30, 2024

Fix allocation of empty array in the frozen heap for collectible types (

a9abd1d

dotnet#100437)

xoofx added a commit to xoofx/dotnet-runtime that referenced this issue Mar 30, 2024

Fix allocation of empty array in the frozen heap for collectible types (

9721b40

dotnet#100437)

jkotas closed this as completed in #100444 Apr 2, 2024

github-actions bot locked and limited conversation to collaborators May 2, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Empty array allocated on the Frozen Heap for a Collectible type? #100437

Empty array allocated on the Frozen Heap for a Collectible type? #100437

xoofx commented Mar 29, 2024 •

edited

Loading

dotnet-policy-service bot commented Mar 29, 2024

jkotas commented Mar 29, 2024

xoofx commented Mar 29, 2024

jkotas commented Mar 29, 2024

xoofx commented Mar 29, 2024 •

edited

Loading

Empty array allocated on the Frozen Heap for a Collectible type? #100437

Empty array allocated on the Frozen Heap for a Collectible type? #100437

Comments

xoofx commented Mar 29, 2024 • edited Loading

dotnet-policy-service bot commented Mar 29, 2024

jkotas commented Mar 29, 2024

xoofx commented Mar 29, 2024

jkotas commented Mar 29, 2024

xoofx commented Mar 29, 2024 • edited Loading

xoofx commented Mar 29, 2024 •

edited

Loading

xoofx commented Mar 29, 2024 •

edited

Loading