-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[mono] Possible GC hole in runtime invoke #58957
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
Tagging subscribers to this area: @BrzVlad Issue DetailsIntroduced by #58215 and the 6.0 backport #58364 The issue was: if a method is returning a large valuetype that will need to be boxed into a The problem is that while the value is only in the unmanaged heap buffer, if it has any reference types pointing into the managed heap, those pointers are not visible to the GC. So if there's a collection between when the invoked method returns and the point where we copy the result to the Probably what we need to do is use Alternately, if we always expect to box the result anyway, we could just write it directly into the
|
@marek-safar FYI - I think we should probably revert #58364 from 6.0, but also we shoudl throw an ExecutionEngineException if the valuetype is too big (just reverting will mean we're going to go back to a buffer overflow). That will break a System.Text.Json test that was doing something with a large valuetype. |
I think we should just use alloca without thinking about it. There is no added risk here. |
if the alloca causes a stack overflow in unmanaged code, are we going to get a managed stack overflow exception on the thread? or will it be some native crash? |
On some platforms we have stack guard but surely not on all of them. Anyhow, I don't see why it would matter. Any code can potentially stack overflow and we are not causing unreasonable stack increase here. Whatever the size of the valuetype, instances of it would likely still be stored plenty of times on stack frames from managed code. And it's not like the code before wouldn't also stack overflow. The same stack space would still be written when initializing the valuetype, only that now it overflows into other frames making everything even worse. |
Fixes dotnet#58957 Related to dotnet#58215 which was attempting to fix dotnet#58190
) * [mini] Use alloca for runtime_invoke retval buffer Fixes #58957 Related to #58215 which was attempting to fix #58190 * Set initial return buffer size to TARGET_SIZEOF_VOID_P In the common case we use the return buffer just to hold a pointer to the return value Co-authored-by: Aleksey Kliger <alklig@microsoft.com> Co-authored-by: Aleksey Kliger <aleksey@lambdageek.org>
Introduced by #58215 and the 6.0 backport #58364
The issue was: if a method is returning a large valuetype that will need to be boxed into a
MonoObject
that is bigger than the fixed-size stack allocated buffer that we prepare, usemalloc
to allocate a bigger buffer on the unmanaged heap and store the result there and then copy it over into aMonoObject
.The problem is that while the value is only in the unmanaged heap buffer, if it has any reference types pointing into the managed heap, those pointers are not visible to the GC. So if there's a collection between when the invoked method returns and the point where we copy the result to the
MonoObject
, we will have GC holes.Probably what we need to do is use
alloca
(upto some bigger bound - originally it was 256 bytes, but maybe it needs to be larger).Alternately, if we always expect to box the result anyway, we could just write it directly into the
MonoObject
(I think the managed code would always have write barriers there).The text was updated successfully, but these errors were encountered: