Span CopyTo Span - Crashes .Net #13701
Comments
|
This program crashes on .Net Framework 4.72 and 4.8 using System.Memory" Version="4.5.3" Program was written as a stress test so it does the bare minimum amount of code to reproduce the crash |
|
Confirmed on Win10 18363.418 w/ .NET Framework 4.8 x64. Crash is coming from the GC, which might imply that there's a |
|
GC sounds plausible - from my tests - If you reduce the number of new / allocations (ie move the allocation out of the loops)... it won't crash.. |
|
I caught a Managed Debugging Assistant with this code: |
|
https://github.com/dotnet/coreclr/issues/27924 is the root cause of this crash. |
|
@jkotas - if a root cause has been identified in the jitter .cpp code - I suspect this can't be fixed with a new System.Memory dll... will it require a patch to the framework ? |
|
It can be worked around in System.Memory by avoiding the code pattern that hits the JIT bug. |
|
any update on a fix for this issue? |
|
We are evaluating several options for addressing this. It is going to take several months to get the fix out for .NET Framework, current ETA May 2020. |
This is the fix for #27924. This is a GC hole bug that was found externally, #27590. The cause is that the JIT was using the target type of the subtract when it needed to make a copy of the source, but it needs to use the source type. ## Customer Impact Corruption of state that is non-deterministic and hard to track down. ## Regression? Not a recent regression, but exposed by Unsafe.ByteOffset. ## Testing The fix has been verified in the runtime repo. ## Risk Low: The fix is straightfoward and only impacts 3 lines of code.
jkotas
added
tenet-reliability
GrabYourPitchforks
added
area-System.Runtime.CompilerServices
and removed
area-System.Memory
labels
maryamariyan
added
the
untriaged
|
The fix for .NET Framework is tracked by https://devdiv.visualstudio.com/DevDiv/_workitems/edit/1026837 in the internal bug database. @JulieLeeMSFT Could you please look into what we want to do here? cc @dotnet/jit-contrib @eerhardt @GrabYourPitchforks |
|
@briansull please port the .NET Core fix to Framework. |
JulieLeeMSFT
added
the
area-CodeGen-coreclr
|
Huh, not sure why that internal issue was assigned to me. I've given it to Brian. |
|
@jkotas |
You need to add a reference to https://www.nuget.org/packages/System.Runtime.CompilerServices.Unsafe/ |
|
How do I add that reference? |
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net48</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="System.Runtime.CompilerServices.Unsafe" Version="4.7.1" />
</ItemGroup>
</Project>
|
|
Thanks, I have a repro case and have tested the fix. It looks good |
|
I have checked in the fix for this issue into the Desktop .Net runtime for 4.8 and 4.7 The fix is expected to ship in the latter part of September as part of that month’s non security release. (barring any unexpected issues) |
|
1026837 | [4.8] Possible data corruption in .NET Framework when using Span-based APIs |
|
Thanks @briansull! |
ghost
locked as resolved and limited conversation to collaborators
There appears to be some sort of threading issue in the System.Memory 4.5.3 running on .Net Framework for the following code:
Memory<byte> memory = new byte[100];ReadOnlySpan<byte> temp = new byte[30];temp.CopyTo(memory.Span);attached is a sample program that will crash the error:
The process was terminated due to an internal error in the .NET Runtime at IP 00007FFE09357BFD (00007FFE091A0000) with exit code 80131506.
category:correctness
theme:gc-info
skill-level:expert
cost:medium
The text was updated successfully, but these errors were encountered: