[x86/Linux] Unit test b091942 fails with segment fault (stack alignment issue)

[seanshpark]

Unit test JIT/Regression/CLR-x86-JIT/V2.0-Beta2/b091942/b091942 fails with segment fault.

When TestClass:Test1(ref):bool calls to TestClass:RunTest1(ref) method,

G_M38721_IG04:
       8B4DF8       mov      ecx, gword ptr [ebp-08H]
       FF152C2A2AB6 call     [TestClass:RunTest1(ref)]
       90           nop      
       EB00         jmp      SHORT G_M38721_IG05

It calls some stub code and stack align is broken. Call stack looks like this:

...
MethodTable::CheckRunClassInitThrowing() at methodtable.cpp:3,744 0xb6d47969	
JIT_GetSharedNonGCStaticBase_Helper() at jithelpers.cpp:1,554 0xb6f31c41	
JIT_GetSharedNonGCStaticBase_Portable() at jithelpers.cpp:1,468 0xb6f31679	
0xb7fc94f4	;; stub?
0xb2642504	;; inside TestClass:RunTest1(ref)
0xb264246e	
CallDescrWorkerInternal() at asmhelpers.S:348 0xb70db6e5	
...

Code at 0xb6fc9414 looks like this and stack needs alignment.

b7fc94ee:   push    %edx
b7fc94ef:   call    0xb6f31560 <JIT_GetSharedNonGCStaticBase_Portable(int, DWORD, SIZE_T)>
b7fc94f4:   nop     
b7fc94f5:   pop     %edx
b7fc94f6:   ret    

[seanshpark]

cc @parjong @wateret @YongseopKim

[seanshpark]

@BruceForstall , Could you please help me where I could find the code that generates above code calling JIT_GetSharedNonGCStaticBase_Portable ?

[parjong]

@seanshpark May be one of the following?

src $ grep -Rn 'CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE'
...
jit/compiler.hpp:3983:        helper == CORINFO_HELP_GETSHARED_GCSTATIC_BASE || helper == CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE ||
jit/compiler.hpp:3985:        helper == CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR ||
jit/compiler.hpp:3987:        helper == CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_DYNAMICCLASS ||
jit/flowgraph.cpp:6848:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_DYNAMICCLASS:
jit/flowgraph.cpp:6854:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR:
jit/flowgraph.cpp:6862:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE:
jit/flowgraph.cpp:22227:    //       Therefore we might prepend redundant call to HELPER.CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE
jit/utils.cpp:1399:            case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE:
jit/utils.cpp:1401:            case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_DYNAMICCLASS:
jit/utils.cpp:1427:            case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR:
jit/valuenum.cpp:7379:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE:
jit/valuenum.cpp:7385:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR:
jit/valuenum.cpp:7399:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_DYNAMICCLASS:
jit/emit.cpp:2350:        case CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR:
...
vm/jitinterfacegen.cpp:293:        SetJitHelperFunction(CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE,       JIT_GetSharedNonGCStaticBase_Slow);
vm/jitinterfacegen.cpp:295:        SetJitHelperFunction(CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR,JIT_GetSharedNonGCStaticBaseNoCtor_Slow);
vm/i386/jitinterfacex86.cpp:1586:    SetJitHelperFunction(CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE, pMethodAddresses[7]);
vm/i386/jitinterfacex86.cpp:1590:    SetJitHelperFunction(CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE_NOCTOR, pMethodAddresses[9]);

[seanshpark]

Thanks @parjong . Found one debug message,

TID 58dc: Setting JIT dynamic helper  15 (DYNAMIC_CORINFO_HELP_GETSHARED_NONGCSTATIC_BASE) to B7FC94E4

and from above address, this helper code is this.

b7fc94e4:   mov     %ecx,%eax
b7fc94e6:   testb   $0x1,0x18(%eax,%edx,1)
b7fc94eb:   je      0xb7fc94ee
b7fc94ed:   ret     
b7fc94ee:   push    %edx
b7fc94ef:   call    0xb6f31560 <JIT_GetSharedNonGCStaticBase_Portable(int, DWORD, SIZE_T)>
b7fc94f4:   nop     
b7fc94f5:   pop     %edx
b7fc94f6:   ret    

and... by following the steps, I think it's EmitFastGetSharedStaticBase()

[seanshpark]

There seems to be another problem. RunTest1(string [] args) fails with segment fault.

b2646f90:   push    %ebp
b2646f91:   mov     %esp,%ebp
b2646f93:   sub     $0x18,%esp
b2646f96:   xor     %eax,%eax
b2646f98:   mov     %eax,-0x4(%ebp)
b2646f9b:   mov     %eax,-0xc(%ebp)
b2646f9e:   mov     %eax,-0x10(%ebp)
b2646fa1:   mov     %ecx,-0x8(%ebp)
...
b2646ffc:   lea     0xb3f00ba4,%edx
b2647002:   mov     -0xc(%ebp),%ecx
b2647005:   call    0xb70dbad0 <JIT_CheckedWriteBarrierECX>
b264700a:   mov     $0xb62a20f8,%ecx
b264700f:   mov     $0x3,%edx
b2647014:   call    0xb7fc94e8
b2647019:   mov     0xb3f00ba4,%eax
b264701e:   mov     %eax,-0x10(%ebp)
b2647021:   mov     -0x10(%ebp),%eax
b2647024:   cmp     %eax,(%eax)                    ;;; Segment fault: EAX is zero
b2647026:   mov     -0x10(%ebp),%eax
b2647029:   mov     0x7fffffd(%eax),%eax
b264702f:   mov     %eax,-0x4(%ebp)
b2647032:   nop     
b2647033:   mov     %ebp,%esp
b2647035:   pop     %ebp
b2647036:   ret   

[seanshpark]

Above segment fault was from not properly restoring funclet frame. With correct patching with https://github.com/parjong/coreclr/commits/draft/funclet_frame, it works OK.