[interp] do not bake object reference into code stream (mono#8021)

it won't be scanned by the GC, defer string allocation to execution-time instead. this fixes a GC crash when running mini regression suite on iOS/arm64.
nealef · Apr 5, 2018 · 8e0a121 · 8e0a121
1 parent 92b741f
commit 8e0a121
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 9 deletions.
diff --git a/mono/mini/interp/interp.c b/mono/mini/interp/interp.c
@@ -3477,6 +3477,23 @@ interp_exec_method_full (InterpFrame *frame, ThreadContext *context, guint16 *st
 			++sp;
 			ip += 2;
 			MINT_IN_BREAK;
+		MINT_IN_CASE(MINT_LDSTR_TOKEN) {
+			MonoString *s = NULL;
+			guint32 strtoken = (guint32) rtm->data_items [* (guint16 *)(ip + 1)];
+
+			MonoMethod *method = frame->imethod->method;
+			if (method->wrapper_type == MONO_WRAPPER_DYNAMIC_METHOD) {
+				s = mono_method_get_wrapper_data (method, strtoken);
+			} else if (method->wrapper_type != MONO_WRAPPER_NONE) {
+				s = mono_string_new_wrapper (mono_method_get_wrapper_data (method, strtoken));
+			} else {
+				g_assert_not_reached ();
+			}
+			sp->data.p = s;
+			++sp;
+			ip += 2;
+			MINT_IN_BREAK;
+		}
 		MINT_IN_CASE(MINT_NEWOBJ) {
 			MonoClass *newobj_class;
 			MonoMethodSignature *csig;

diff --git a/mono/mini/interp/mintops.def b/mono/mini/interp/mintops.def
@@ -262,6 +262,7 @@ OPDEF(MINT_BLT_UN_R8_S, "blt.un.r8.s", 2, MintOpShortBranch)
 OPDEF(MINT_SWITCH, "switch", 0, MintOpSwitch)
 
 OPDEF(MINT_LDSTR, "ldstr", 2, MintOpMethodToken) /* not really */
+OPDEF(MINT_LDSTR_TOKEN, "ldstr.token", 2, MintOpMethodToken) /* not really */
 
 OPDEF(MINT_CALL, "call", 2, MintOpMethodToken) 
 OPDEF(MINT_VCALL, "vcall", 2, MintOpMethodToken) 

diff --git a/mono/mini/interp/transform.c b/mono/mini/interp/transform.c
@@ -2855,19 +2855,20 @@ generate (MonoMethod *method, MonoMethodHeader *header, InterpMethod *rtm, unsig
 			break;
 		}
 		case CEE_LDSTR: {
-			MonoString *s;
 			token = mono_metadata_token_index (read32 (td->ip + 1));
 			td->ip += 5;
-			if (method->wrapper_type == MONO_WRAPPER_DYNAMIC_METHOD) {
-				s = mono_method_get_wrapper_data (method, token);
-			} else if (method->wrapper_type != MONO_WRAPPER_NONE) {
-				s = mono_string_new_wrapper (mono_method_get_wrapper_data (method, token));
-			} else {
-				s = mono_ldstr_checked (domain, image, token, error);
+			if (method->wrapper_type == MONO_WRAPPER_NONE) {
+				MonoString *s = mono_ldstr_checked (domain, image, token, error);
 				goto_if_nok (error, exit);
+				/* GC won't scan code stream, but reference is held by metadata
+				 * machinery so we are good here */
+				ADD_CODE (td, MINT_LDSTR);
+				ADD_CODE (td, get_data_item_index (td, s));
+			} else {
+				/* defer allocation to execution-time */
+				ADD_CODE (td, MINT_LDSTR_TOKEN);
+				ADD_CODE (td, get_data_item_index (td, (gpointer) token));
 			}
-			ADD_CODE(td, MINT_LDSTR);
-			ADD_CODE(td, get_data_item_index (td, s));
 			PUSH_TYPE(td, STACK_TYPE_O, mono_defaults.string_class);
 			break;
 		}