Skip to content

transform sgen_get_descriptor to parallel safe version in job_major_mod_union_preclean #63293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Jan 3, 2022

Conversation

monojenkins
Copy link
Contributor

@monojenkins monojenkins commented Jan 3, 2022

!! This PR is a copy of mono/mono#21384, please do not edit or review it in this repo !!
Do not automatically approve this PR:

* Consider how the changes affect configurations in this repo,
* Check effects on files that are not mirrored,
* Identify test cases that may be needed in this repo.

!! Merge the PR only after the original PR is merged !!




Fixes mono/mono#21369
Related to dotnet/android#6546

job_major_mod_union_preclean can race with the tarjan bridge
implementation that changes the vtable pointer by settings the three
lower bits. this results in invalid loading of the vtable
(shifted by 7 bytes) which in turn give a wrong desc to the scan
functions

This change is released under the MIT license.

…od_union_preclean

Fixes mono/mono#21369

job_major_mod_union_preclean can race with the tarjan bridge
implementation that changes the vtable pointer by settings the three
lower bits. this results in invalid loading of the vtable
(shifted by 7 bytes)  which in turn give a wrong desc to the scan
functions

This change is released under the MIT license.
@ghost ghost added area-GC-mono mono-mirror community-contribution Indicates that the PR has been added by a community member labels Jan 3, 2022
@ghost
Copy link

ghost commented Jan 3, 2022

Tagging subscribers to this area: @BrzVlad
See info in area-owners.md if you want to be subscribed.

Issue Details

!! This PR is a copy of mono/mono#21384, please do not edit or review it in this repo !!
Do not automatically approve this PR:

* Consider how the changes affect configurations in this repo,
* Check effects on files that are not mirrored,
* Identify test cases that may be needed in this repo.

!! Merge the PR only after the original PR is merged !!




Fixes mono/mono#21369

job_major_mod_union_preclean can race with the tarjan bridge
implementation that changes the vtable pointer by settings the three
lower bits. this results in invalid loading of the vtable
(shifted by 7 bytes) which in turn give a wrong desc to the scan
functions

This change is released under the MIT license.

Author: monojenkins
Assignees: -
Labels:

area-GC-mono, mono-mirror, community-contribution

Milestone: -

@lambdageek
Copy link
Member

And we will want this on the 6.0-maui branch, too, I think, @steveisok

@lambdageek
Copy link
Member

/backport to release/6.0-maui

@github-actions
Copy link
Contributor

github-actions bot commented Jan 3, 2022

Started backporting to release/6.0-maui: https://github.com/dotnet/runtime/actions/runs/1650358310

@srxqds
Copy link
Contributor

srxqds commented Jan 4, 2022

the release/6.0 branch maybe hit these problem?

@lambdageek
Copy link
Member

the release/6.0 branch maybe hit these problem?

Yes. But it's only a problem on configurations which use the Mono GC Bridge and where the GC Bridge callback is manipulating the vtable pointer bits - which is what Xamarin.Android does. No other supported 6.0 configuration uses the GC bridge this way. The backport to release/6.0-maui will be picked up by Xamarin.Android

@tmijieux
Copy link
Contributor

tmijieux commented Jan 5, 2022

the release/6.0 branch maybe hit these problem?

Yes. But it's only a problem on configurations which use the Mono GC Bridge and where the GC Bridge callback is manipulating the vtable pointer bits - which is what Xamarin.Android does. No other supported 6.0 configuration uses the GC bridge this way. The backport to release/6.0-maui will be picked up by Xamarin.Android

the tagging is not happening in the bridge callback("user bridge callback"), rather in bridge tarjan implementation (the part that computes the scc graph) that is in the mono codebase (mono/metadata/sgen-tarjan-bridge.c) and that is called before the cross_references callback. So this could theorically happen without xamarin-android if you use the tarjan bridge implementation. The bit manipulation is not in the c++ implementation of bridge callback in xamarin/xamarin-android.

( I dont know if there is other than xamarin-android that really use the bridge, because the comments in the code seems to indicate it was created with xamarin android in mind ...)

see this snippet,

https://github.com/mono/mono/blob/a791978a6e4312698137be451c648b650a8c8663/mono/metadata/sgen-tarjan-bridge.c#L341-L359

the tarjan bridge implementation uses this mechanism to store metadata about the nodes(gc objects) while new and old implementation use a hash_table (the gc object pointer being the key ) to retrieve per node metadata, hence not modifying the objects themselves.
(This is probably because it is faster to just do 2 pointer derefence and 1 bits check than one hash_table lookup)

@hakenr
Copy link
Member

hakenr commented Jan 22, 2022

Is there any chance this also affects Mono WebAssembly (Blazor)? See #62054

@BrzVlad
Copy link
Member

BrzVlad commented Jan 24, 2022

@hakenr No. This change is only a fix for android targets.

@ghost ghost locked as resolved and limited conversation to collaborators Feb 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-GC-mono community-contribution Indicates that the PR has been added by a community member
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Sgen aborting because of theorically unreachable code
6 participants