Notice (2018-05-24): bugzilla.xamarin.com is now in
Please join us on
Visual Studio Developer Community and in the
Mono organizations on
GitHub to continue tracking issues. Bugzilla will remain
available for reference in read-only mode. We will continue to work
on open Bugzilla bugs, copy them to the new locations
as needed for follow-up, and add the new items under Related
Our sincere thanks to everyone who has contributed on this bug
tracker over the years. Thanks also for your understanding as we
make these adjustments and improvements for the future.
Please create a new report on
GitHub or Developer Community with
your current version information, steps to reproduce, and relevant error
messages or log files if you are hitting an issue that looks similar to
this resolved bug and you do not yet see a matching new report.
When running the attached test program (or anything that requires stack unwinding), Mono crashes or asserts inside mono_arch_unwind_frame because of a bogus lmf->previous_lmf value.
I've narrowed down the issue to stack corruption that happens when mono_arch_create_generic_trampoline calls mono_magic_trampoline. Right before mono_magic_trampoline is called, cur_lmf->previous_lmf is still valid, but a check at the beginning of mono_magic_trampoline shows that the value has already changed to garbage, which suggest that he compiler generated prolog for this function stomped the stack.
The issue happens in Visual Studio built AMD64 Mono (Git 2ef316dd5ceef7328c285dad7740743905f17e4d). It does not seem to happen on X86 Mono.
Created attachment 12290 [details]
It seems that the Windows x64 ABI requires the caller to reserve a "shadow space" of at least 32 bytes on the stack for the callee, and mono_arch_create_generic_trampoline does not do that.
From https://msdn.microsoft.com/en-us/library/ms235286.aspx :
"The x64 Application Binary Interface (ABI) is a 4 register fast-call calling convention, with stack-backing for those registers
The caller is responsible for allocating space for parameters to the callee, and must always allocate sufficient space for the 4 register parameters, even if the callee doesn’t have that many parameters."
Should be fixed by 20d936551646e0ee892b418910c8a133b6262b67, could you try it out ?
Thank you, it's fixed. Might need to add it to mono_arch_create_sdb_trampoline too.