Bug 228 - mono-sgen crashes with assertion at sgen-major-scan-object.h:81
Summary: mono-sgen crashes with assertion at sgen-major-scan-object.h:81
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: GC ()
Version: unspecified
Hardware: Macintosh Mac OS
: Highest critical
Target Milestone: ---
Assignee: Mark Probst
URL:
Depends on:
Blocks:
 
Reported: 2011-08-08 08:58 UTC by Daniel Kirstenpfad
Modified: 2012-01-09 17:49 UTC (History)
7 users (show)

Tags: crash
Is this bug a regression?: ---
Last known good build:


Attachments
log / screen output with complete crash dump (9.90 KB, text/plain)
2011-08-08 08:58 UTC, Daniel Kirstenpfad
Details
crash with current master (9.14 KB, application/octet-stream)
2011-08-17 07:43 UTC, Daniel Kirstenpfad
Details
Small test case to reproduce this crash. (2.78 KB, application/octet-stream)
2011-11-30 14:14 UTC, Brian Luczkiewicz
Details
Stacktrace from Terminal (3.80 KB, text/plain)
2012-01-05 13:37 UTC, PJ
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Daniel Kirstenpfad 2011-08-08 08:58:18 UTC
Created attachment 85 [details]
log / screen output with complete crash dump

Description of Problem:

I am using a rather complex graph database application benchmark and I want to create a number of vertices and egdes. Doing so crashes the sgen garbage collector. Using boehm-gc works without a glitch.

All sourcecode to reproduce the problem is available as open-source.

Steps to reproduce the problem:
1. clone sourcecode from here: https://github.com/sones/benchmark
2. init and update submodules
3. run "buildbenchmark.sh"
4. run "mono-sgen GraphDBBenchmark.exe in GraphDBBenchmark/bin/Debug/"
5. enter: "IMPORT 'SIMPLENETWORK'"
6. behold teh crash

Actual Results:

crashing

Expected Results:

not crashing

How often does this happen? 

everytime

Additional Information:
Comment 1 Mark Probst 2011-08-10 05:34:44 UTC
This works for me with mono master on darwin.  There's been a few sgen bugfixes committed recently, so if your mono is older, could you please try with master?
Comment 2 Daniel Kirstenpfad 2011-08-10 07:26:51 UTC
i've checked with the currently stable versions (2.10.3 and today 2.10.4) and had that behaviour - I will do a compile run of the master asap - which will be at last on next monday. Would be great if the bug is already patched in master and may be included in the next releases...
Comment 3 Daniel Kirstenpfad 2011-08-17 07:43:54 UTC
Created attachment 148 [details]
crash with current master
Comment 4 Daniel Kirstenpfad 2011-08-17 07:45:27 UTC
I compiled from master and got this version:

Mono JIT compiler version 2.11 (master/409d4ac Mi 17 Aug 2011 12:38:36 CEST)
Copyright (C) 2002-2011 Novell, Inc, Xamarin, Inc and Contributors. www.mono-project.com
	TLS:           normal
	SIGSEGV:       normal
	Notification:  kqueue
	Architecture:  amd64
	Disabled:      none
	Misc:          softdebug 
	LLVM:          supported, not enabled.
	GC:            sgen

After recompiling my benchmark project I get a new crash directly at start-up - see http://bugzilla.xamarin.com/attachment.cgi?id=148
Comment 5 Daniel Kirstenpfad 2011-09-02 07:11:51 UTC
stable 2.10.5 is also crashing with the same error message
Comment 6 Miguel de Icaza [MSFT] 2011-11-12 11:11:49 UTC
Daniel,

Your instructions to build the benchmark are incomplete and the module does not build when I use "sh buildbenchmark.sh" there are hundreds of missing references to your libraries.

Please provide detailed build instructions.
Comment 7 Brian Luczkiewicz 2011-11-30 14:14:28 UTC
Created attachment 976 [details]
Small test case to reproduce this crash.

To reproduce:

$ dmcs t.cs && mono-sgen t.exe
Comment 8 Brian Luczkiewicz 2011-11-30 14:15:18 UTC
I've attached a small test case for this bug.

The sgen code at this location has a FIXME that seems to indicate that someone has anticipated this problem:

        case DESC_TYPE_LARGE_BITMAP:
        case DESC_TYPE_COMPLEX:
                // FIXME:
                g_assert_not_reached ();                      <-------- line 81

The gist seems to be that valuetypes with very complicated memory layouts blow up the collector. I distilled this test case out of a much larger program, and indeed, the crash seems to happen when scanning arrays of complex valuetypes.
Comment 9 Miguel de Icaza [MSFT] 2011-11-30 14:57:46 UTC
Reopening now that we have a test case.
Comment 10 Paolo Molaro 2011-12-01 11:56:37 UTC
Fixed for the mono-2-10 branch (master has different code and the program works fine there).
Comment 11 PJ 2012-01-05 13:37:22 UTC
Created attachment 1130 [details]
Stacktrace from Terminal

Stacktrace after running "dmcs t.cs && mono-sgen t.exe" on the provided t.cs.
Comment 12 PJ 2012-01-05 13:39:51 UTC
Re-opening. Duplicated bug on:
Mono 2.10.8
MonoTouch 5.0.4
MacOS 10.7.2
Comment 13 Miguel de Icaza [MSFT] 2012-01-09 15:22:39 UTC
PJ, what you are experiencing is a different bug.   The original bug was related to the GC lacking support for certain kinds of types, and what you seem to be triggering is a bug somewhere else.

I filed a new bug for this problem 2810, but I am unable to reproduce it myself.
Comment 14 PJ 2012-01-09 17:49:54 UTC
I've added info to 2810. If anyone has a suggestion on how to verify this particular bug let me know. Thanks!