Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Another segfault in gc_heap::get_region_plan_gen_num for a frozen object #63906

Closed
MichalStrehovsky opened this issue Jan 17, 2022 · 2 comments · Fixed by #63970
Closed

Another segfault in gc_heap::get_region_plan_gen_num for a frozen object #63906

MichalStrehovsky opened this issue Jan 17, 2022 · 2 comments · Fixed by #63970
Assignees
@cshung
Labels
area-GC-coreclr
Milestone
7.0.0

Comments

@MichalStrehovsky
Copy link
Member

Introduced by enabling regions. Similar to #63778 but won't be fixed with the pull request in flight.

reproNative.exe!WKS::gc_heap::get_region_gen_num(unsigned char * obj) Line 11252  C++
reproNative.exe!WKS::gc_heap::object_gennum(unsigned char * o) Line 10991    C++
reproNative.exe!WKS::GCHeap::WhichGeneration(Object * object) Line 43434    C++
reproNative.exe!HndWriteBarrierWorker(OBJECTHANDLE__ * handle, Object * value) Line 578  C++
reproNative.exe!HndWriteBarrier(OBJECTHANDLE__ * handle, Object * objref) Line 22  C++
reproNative.exe!HndAssignHandle(OBJECTHANDLE__ * handle, Object * objref) Line 47  C++
reproNative.exe!HndCreateHandle(HandleTable * hTable, unsigned int uType, Object * object, unsigned __int64 lExtraInfo) Line 314    C++
reproNative.exe!GCHandleStore::CreateDependentHandle(Object * primary, Object * secondary) Line 49      C++
reproNative.exe!RhpHandleAllocDependent(Object * pPrimary, Object * pSecondary) Line 26      C++
reproNative.exe!S_P_CoreLib_System_Runtime_RuntimeImports__RhHandleAllocDependent() Line 235    Unknown

We’re in get_region_gen_num asking about a frozen object again.

I’ve tried adding an early out to object_gennum (if !is_in_heap_range, return max_generation) and that seems to do the trick, but maybe I’ve just introduced a GC hole, so I’ll better leave that to the GC team.
@ghost
Copy link

ghost commented Jan 17, 2022

Tagging subscribers to this area: @dotnet/gc
See info in area-owners.md if you want to be subscribed.

Issue Details

Introduced by enabling regions. Similar to #63778 but won't be fixed with the pull request in flight.

reproNative.exe!WKS::gc_heap::get_region_gen_num(unsigned char * obj) Line 11252  C++
reproNative.exe!WKS::gc_heap::object_gennum(unsigned char * o) Line 10991    C++
reproNative.exe!WKS::GCHeap::WhichGeneration(Object * object) Line 43434    C++
reproNative.exe!HndWriteBarrierWorker(OBJECTHANDLE__ * handle, Object * value) Line 578  C++
reproNative.exe!HndWriteBarrier(OBJECTHANDLE__ * handle, Object * objref) Line 22  C++
reproNative.exe!HndAssignHandle(OBJECTHANDLE__ * handle, Object * objref) Line 47  C++
reproNative.exe!HndCreateHandle(HandleTable * hTable, unsigned int uType, Object * object, unsigned __int64 lExtraInfo) Line 314    C++
reproNative.exe!GCHandleStore::CreateDependentHandle(Object * primary, Object * secondary) Line 49      C++
reproNative.exe!RhpHandleAllocDependent(Object * pPrimary, Object * pSecondary) Line 26      C++
reproNative.exe!S_P_CoreLib_System_Runtime_RuntimeImports__RhHandleAllocDependent() Line 235    Unknown

We’re in get_region_gen_num asking about a frozen object again.

I’ve tried adding an early out to object_gennum (if !is_in_heap_range, return max_generation) and that seems to do the trick, but maybe I’ve just introduced a GC hole, so I’ll better leave that to the GC team.

Author: MichalStrehovsky
Assignees: -
Labels:

area-GC-coreclr
Milestone: -

@dotnet-issue-labeler dotnet-issue-labeler bot added the untriaged New issue has not been triaged by the area owner label Jan 17, 2022
@MichalStrehovsky MichalStrehovsky mentioned this issue Jan 17, 2022
Closed
@jkotas jkotas mentioned this issue Jan 18, 2022
Closed
@mangod9 mangod9 removed the untriaged New issue has not been triaged by the area owner label Jan 18, 2022
@mangod9 mangod9 added this to the 7.0.0 milestone Jan 18, 2022
@cshung cshung self-assigned this Jan 18, 2022
@Maoni0
Copy link
Member

Maoni0 commented Jan 18, 2022
edited
Loading

thanks for discovering this. we should put the check in WhichGeneration since object_gennum is only used by the GC internally for objects not on the ro segments (where frozen objects are kept).

unsigned int GCHeap::WhichGeneration (Object* object)
{
#ifdef FEATURE_BASICFREEZE
    if (!((o < g_gc_highest_address) && (o >= g_gc_lowest_address)))
    {
        return max_generation;
    }
#endif //FEATURE_BASICFREEZE
    gc_heap* hp = gc_heap::heap_of ((uint8_t*)object);
    unsigned int g = hp->object_gennum ((uint8_t*)object);
    dprintf (3, ("%Ix is in gen %d", (size_t)object, g));
    return g;
}

@cshung cshung mentioned this issue Jan 18, 2022
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Jan 18, 2022
@MichalStrehovsky MichalStrehovsky mentioned this issue Jan 19, 2022
Merged
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Jan 20, 2022
@ghost ghost locked as resolved and limited conversation to collaborators Feb 19, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@cshung cshung

Labels
area-GC-coreclr
Projects
None yet
Milestone
7.0.0
Development

Successfully merging a pull request may close this issue.

Check if the child object is in the heap range before object_gennum cshung/runtime
4 participants
@cshung @Maoni0 @MichalStrehovsky @mangod9