[Mono-bugs] [Bug 638257] New: Runtime crash with verifier enabled when a leave instruction isn't in an exception block

[bugzilla_noreply]

https://bugzilla.novell.com/show_bug.cgi?id=638257

https://bugzilla.novell.com/show_bug.cgi?id=638257#c0


           Summary: Runtime crash with verifier enabled when a leave
                    instruction isn't in an exception block
    Classification: Mono
           Product: Mono: Runtime
           Version: SVN
          Platform: x86-64
        OS/Version: OES - Linux
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: verifier
        AssignedTo: rkump...@novell.com
        ReportedBy: jeremie.la...@gmail.com
         QAContact: mono-bugs@lists.ximian.com
          Found By: ---
           Blocker: ---


User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.3
(KHTML, like Gecko) Chrome/6.0.472.53 Safari/534.3

When executing a method (IL provided) that has been generated externally, the
runtime hard crash (even with --security=verifiable options).

The IL causing the problem is given below (relevant part is at the end in the
try/catch block):

method public static 
           default void Main ()  cil managed 
    {
        // Method begins at RVA 0x20e8
    .entrypoint
    // Code size 120 (0x78)
    .maxstack 2
    .locals (
        class [HeisenLib]Heisen.IHeisenTestFixture    V_0,
        class [mscorlib]System.Threading.Thread[]    V_1,
        int32    V_2,
        string    V_3)
    IL_0000:  ldtoken Testalicious.DummyTests
    IL_0005:  call class [mscorlib]System.Type class
[mscorlib]System.Type::GetTypeFromHandle(valuetype
[mscorlib]System.RuntimeTypeHandle)
    IL_000a:  call object class
[mscorlib]System.Activator::CreateInstance(class [mscorlib]System.Type)
    IL_000f:  castclass [HeisenLib]Heisen.IHeisenTestFixture
    IL_0014:  stloc 0
    IL_0018:  ldloc 0
    IL_001c:  callvirt instance void class
[HeisenLib]Heisen.IHeisenTestFixture::Init()
    IL_0021:  ldloc 0
    IL_0025:  callvirt instance class [mscorlib]System.Threading.Thread[] class
[HeisenLib]Heisen.IHeisenTestFixture::Run()
    IL_002a:  stloc 1
    IL_002e:  ldc.i4.0 
    IL_002f:  stloc 2
    IL_0033:  ldloc 1
    IL_0037:  ldloc 2
    IL_003b:  ldelem.ref 
    IL_003c:  callvirt instance void class
[mscorlib]System.Threading.Thread::Start()
    IL_0041:  stloc 2
    IL_0045:  ldc.i4.1 
    IL_0046:  add 
    IL_0047:  stloc 2
    IL_004b:  ldloc 2
    IL_004f:  ldloc 1
    IL_0053:  ldlen 
    IL_0054:  conv.i4 
    IL_0055:  blt IL_0033
    IL_005a:  break 
    .try { // 0
      IL_005b:  ldloc 0

      IL_005f:  callvirt instance void class
[HeisenLib]Heisen.IHeisenTestFixture::TestInvariants()
    } // end .try 0
    IL_0064:  leave IL_0077

    catch class [HeisenLib]Heisen.AssertException { // 0
      IL_0069:  callvirt instance string class
[mscorlib]System.Exception::get_Message()
      IL_006e:  stloc 3

    } // end handler 0
    IL_0072:  leave IL_0077

    IL_0077:  ret 
    } // end of method DummyTests::Main

When the leave instructions are correctly replaced in their handler it works.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
Actual Results:  
Hard runtime crash with the following stack trace:

ERROR:mini.c:3677:create_jit_info: assertion failed: (tblock)

Thread 1 (Thread 0x7f1daf7dc760 (LWP 24106)):
#0  0x00007f1dae33a32d in read () from /lib/libpthread.so.0
#1  0x00007f1daf168f05 in mono_handle_native_sigsegv (signal=<value optimized
out>, ctx=<value optimized out>) at mini-exceptions.c:1935
#2  <signal handler called>
#3  0x00007f1dae002565 in raise () from /lib/libc.so.6
#4  0x00007f1dae0039e6 in abort () from /lib/libc.so.6
#5  0x00007f1daec39f01 in g_assertion_message () from /usr/lib/libglib-2.0.so.0
#6  0x00007f1daec3a480 in g_assertion_message_expr () from
/usr/lib/libglib-2.0.so.0
#7  0x00007f1daf0f6cd3 in create_jit_info (method="Testalicious.DummyTests:Main
()", opts=51472895, domain=0x7f1daf61ad48, 
    run_cctors=<value optimized out>, compile_aot=0, parts=0) at mini.c:3677
#8  mini_method_compile (method="Testalicious.DummyTests:Main ()",
opts=51472895, domain=0x7f1daf61ad48, run_cctors=<value optimized out>, 
    compile_aot=0, parts=0) at mini.c:4571
#9  0x00007f1daf0f71a6 in mono_jit_compile_method_inner
(method="Testalicious.DummyTests:Main ()", opt=51472895, ex=0x7fff20a5c9f8)
    at mini.c:4821
#10 mono_jit_compile_method_with_opt (method="Testalicious.DummyTests:Main ()",
opt=51472895, ex=0x7fff20a5c9f8) at mini.c:5029
#11 0x00007f1daf0f7e38 in mono_jit_runtime_invoke
(method="Testalicious.DummyTests:Main ()", obj=0x0, params=0x7fff20a5ca80,
exc=0x0)
    at mini.c:5227
#12 0x00007f1daf23e41b in mono_runtime_invoke
(method="Testalicious.DummyTests:Main ()", obj=0x0, params=0x7fff20a5ca80,
exc=0x0)
    at object.c:2709
#13 0x00007f1daf243395 in mono_runtime_exec_main (method=<value optimized out>,
args=<value optimized out>, exc=0x0) at object.c:3838
#14 0x00007f1daf145b6e in main_thread_handler (argc=<value optimized out>,
argv=<value optimized out>) at driver.c:999
#15 mono_main (argc=<value optimized out>, argv=<value optimized out>) at
driver.c:1836
#16 0x00007f1dadfeec4d in __libc_start_main () from /lib/libc.so.6
#17 0x0000000000400879 in _start ()

Expected Results:  
The verifier should detect the problem

-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
_______________________________________________
mono-bugs maillist  -  mono-bugs@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-bugs