Bug 16489 - NullReferenceException in System.NumberFormatter.ResetCharBuf
Summary: NullReferenceException in System.NumberFormatter.ResetCharBuf
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: JIT ()
Version: 3.2.x
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2013-11-28 03:47 UTC by Aleksey Sotnikov
Modified: 2014-08-06 02:02 UTC (History)
5 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
test file (791 bytes, text/plain)
2013-11-28 03:49 UTC, Aleksey Sotnikov
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Aleksey Sotnikov 2013-11-28 03:47:43 UTC
Failed in multithreaded application when try convert int to string. Reproduces not always

Exeption:
mono intToStringParallel.exe 

Unhandled Exception:
System.NullReferenceException: Object reference not set to an instance of an object
  at System.NumberFormatter.ResetCharBuf (Int32 size) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.FastIntegerToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.NumberToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.Int32.ToString () [0x00000] in <filename unknown>:0 
  at System.String.Concat (System.Object arg0, System.Object arg1) [0x00000] in <filename unknown>:0 
  at T.thread_start () [0x00000] in <filename unknown>:0 
  at System.Threading.Thread.StartInternal () [0x00000] in <filename unknown>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object
  at System.NumberFormatter.ResetCharBuf (Int32 size) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.FastIntegerToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.NumberToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.Int32.ToString () [0x00000] in <filename unknown>:0 
  at System.String.Concat (System.Object arg0, System.Object arg1) [0x00000] in <filename unknown>:0 
  at T.thread_start () [0x00000] in <filename unknown>:0 
  at System.Threading.Thread.StartInternal () [0x00000] in <filename unknown>:0 

OS: Ubuntu 13.10

Mono version:
Mono JIT compiler version 3.2.3 (tarball Ср. нояб. 27 17:04:10 MSK 2013)
Copyright (C) 2002-2012 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
	TLS:           __thread
	SIGSEGV:       altstack
	Notifications: epoll
	Architecture:  amd64
	Disabled:      none
	Misc:          softdebug 
	LLVM:          supported, not enabled.
	GC:            sgen
Comment 1 Aleksey Sotnikov 2013-11-28 03:49:02 UTC
Created attachment 5559 [details]
test file
Comment 2 Marek Safar 2013-12-03 16:11:06 UTC
I cannot reproduce it with master
Comment 3 Aleksey Sotnikov 2013-12-09 02:43:29 UTC
failed the test on the last master. application crashes when run once every 20-30 starts

/usr/bin/mono intToStringParallel.exe 2

Unhandled Exception:
System.NullReferenceException: Object reference not set to an instance of an object
  at System.NumberFormatter.ResetCharBuf (Int32 size) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.FastIntegerToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.NumberToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.Int32.ToString () [0x00000] in <filename unknown>:0 
  at System.String.Concat (System.Object arg0, System.Object arg1) [0x00000] in <filename unknown>:0 
  at T.thread_start () [0x00000] in <filename unknown>:0 
  at System.Threading.Thread.StartInternal () [0x00000] in <filename unknown>:0 
[ERROR] FATAL UNHANDLED EXCEPTION: System.NullReferenceException: Object reference not set to an instance of an object
  at System.NumberFormatter.ResetCharBuf (Int32 size) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.FastIntegerToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.NumberFormatter.NumberToString (Int32 value, IFormatProvider fp) [0x00000] in <filename unknown>:0 
  at System.Int32.ToString () [0x00000] in <filename unknown>:0 
  at System.String.Concat (System.Object arg0, System.Object arg1) [0x00000] in <filename unknown>:0 
  at T.thread_start () [0x00000] in <filename unknown>:0 
  at System.Threading.Thread.StartInternal () [0x00000] in <filename unknown>:0 


/usr/bin/mono --version
Mono Runtime Engine version 3.2.7 (master/3217cdc Пн. дек.  9 10:30:15 MSK 2013)
Copyright (C) 2002-2013 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
	TLS:           __thread
	SIGSEGV:       altstack
	Notifications: epoll
	Architecture:  amd64
	Disabled:      none
	Misc:          softdebug 
	LLVM:          supported, not enabled.
	GC:            sgen
Comment 4 Marek Safar 2013-12-12 04:58:42 UTC
I cannot reproduce it with x86.

Zoltan, maybe it's ThreadStatic amd64 bug I could not spot any race in C# code.
Comment 5 Zoltan Varga 2013-12-13 15:23:34 UTC
Could you try running the test with -O=-aot ?
Comment 6 Marek Safar 2013-12-14 03:49:30 UTC
No difference for me
Comment 7 Aleksey Sotnikov 2013-12-16 01:52:22 UTC
I fix this bug. Can you commit this diff?

diff --git a/mcs/class/corlib/System/NumberFormatter.cs b/mcs/class/corlib/System/NumberFormatter.cs
index dc0fb5a..8c5c22f 100644
--- a/mcs/class/corlib/System/NumberFormatter.cs
+++ b/mcs/class/corlib/System/NumberFormatter.cs
@@ -551,7 +551,7 @@ namespace System
                private void ResetCharBuf (int size)
                {
                        _ind = 0;
-                       if (_cbuf.Length < size)
+                       if (_cbuf == null || _cbuf.Length < size)
                                _cbuf = new char [size];
                }
Comment 8 Zoltan Varga 2014-01-03 11:37:01 UTC
Aleksey: Could you try running the test with -O=-aot ?
Comment 9 Zoltan Varga 2014-01-03 19:16:06 UTC
Fixed in mono master fefb5f9b7b8a205ee33393e43847b68e626708ad.
Comment 10 Jahmai 2014-07-30 23:44:54 UTC
I am getting this problem with Xamarin iOS 7.2.3

I fail to see how fefb5f9b7b8a205ee33393e43847b68e626708ad fixes this issue.

Actually, Aleksey's suggested patch looks like it is more likely to fix this.
Comment 11 Zoltan Varga 2014-07-31 06:43:45 UTC
Do you have some kind of test case ?
Comment 12 Jahmai 2014-08-06 02:02:05 UTC
I have been unsuccessful in producing a test case.

I reviewed the code some more, and naturally it is theoretically impossible for this to happen.

However, I have noticed in other places a rare bug where public static readonly variables suddenly become null (or are never initialized correctly).

I have also observed that this crash only happens on startup of our app. Not after it has been running for some time.

Digging into NumberFormatter.cs I see: 

public NumberFormatter(Thread current)
{
    this._cbuf = EmptyArray<char>.Value;
    if (current != null)
    {
        this.CurrentCulture = current.CurrentCulture;
    }
}

Which leads me to think perhaps there is some other rare bug that causes EmptyArray<char>.Value to return null.

I have started a question on Xamarin forums about this as I don't really know where to go about developing a test case around this theory.

https://forums.xamarin.com/discussion/21809/rare-unusual-crash-where-public-static-readonly-variables-are-null