Bug 4678 - P/Invoke with struct return values crashes on x86
Summary: P/Invoke with struct return values crashes on x86
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: JIT ()
Version: unspecified
Hardware: Macintosh Mac OS
: --- normal
Target Milestone: ---
Assignee: Rolf Bjarne Kvinge [MSFT]
URL:
: 4616 ()
Depends on:
Blocks:
 
Reported: 2012-04-26 17:56 UTC by René Ruppert
Modified: 2012-05-10 16:52 UTC (History)
6 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Example code demonstrating the crash (315.46 KB, application/zip)
2012-04-26 17:56 UTC, René Ruppert
Details
Test project (254.97 KB, application/zip)
2012-04-27 04:37 UTC, Rolf Bjarne Kvinge [MSFT]
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description René Ruppert 2012-04-26 17:56:47 UTC
Created attachment 1757 [details]
Example code demonstrating the crash

Monotouch 5.2.11, Mac OS Lion, Simulator 5.0

About:
The weirdest bug ever, I promise! I'm unsure if this is a Monotouch problem or something in Apple's SDK.

Problem:
CGContext.DrawPDFPage / CGContextRenderPDFPage is crashing.

Precondition:
call CATransform3D.Rotate() somewhere in a UIViewController's callbacks before trying to render the PDF page.

Description:
The attached example code tries to create a UIImage from page 10 of a test PDF. While rendering the PDF page, the app crashes with the exception below.

Cause of the crash:
The PDF is rendered inside ViewDidAppear() of a view controller. If CATransform3D.Rotate() is called before the rendering, CGContextDrawPDFPage is crashing.
The fascinating part is: the instance of CATransform3D is not referenced anywhere. It just sits there, making my app crash.

Code example:
Run the app and it will crash. Uncomment the line "oTransform3D = oTransform3D.Rotate(-1, 1, 1, 1);" and it will work.

Here's the crash:

at (wrapper managed-to-native) MonoTouch.CoreGraphics.CGContext.CGContextDrawPDFPage (intptr,intptr) <IL 0x00024, 0xffffffff>
  at MonoTouch.CoreGraphics.CGContext.DrawPDFPage (MonoTouch.CoreGraphics.CGPDFPage) [0x00000] in /Developer/MonoTouch/Source/monotouch/src/shared/CoreGraphics/CGContext.cs:979
  at PDFTest.AppDelegate.GetLowResPagePreviewImage (MonoTouch.CoreGraphics.CGPDFPage) [0x000b6] in /Users/Krumelur/Documents/Develop/PDFTest/PDFTest/AppDelegate.cs:74
  at PDFTest.TestC.ViewDidAppear (bool) [0x00047] in /Users/Krumelur/Documents/Develop/PDFTest/PDFTest/AppDelegate.cs:37
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void__this___sbyte (object,intptr,intptr,intptr) <IL 0x00054, 0xffffffff>
  at (wrapper managed-to-native) MonoTouch.UIKit.UIApplication.UIApplicationMain (int,string[],intptr,intptr) <IL 0x0009f, 0xffffffff>
  at MonoTouch.UIKit.UIApplication.Main (string[],string,string) [0x00042] in /Developer/MonoTouch/Source/monotouch/src/UIKit/UIApplication.cs:29
  at PDFTest.Application.Main (string[]) [0x00000] in /Users/Krumelur/Documents/Develop/PDFTest/PDFTest/Main.cs:17
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <IL 0x00050, 0xffffffff>

Native stacktrace:

	0   PDFTest                             0x0009094c mono_handle_native_sigsegv + 284
	1   PDFTest                             0x00005cd8 mono_sigsegv_signal_handler + 248
	2   libsystem_c.dylib                   0x9194359b _sigtramp + 43
	3   ???                                 0xffffffff 0x0 + 4294967295
	4   CoreFoundation                      0x95e53468 __CFAllocatorSystemAllocate + 24
	5   CoreFoundation                      0x95e53444 CFAllocatorAllocate + 356
	6   CoreFoundation                      0x95e531a1 _CFRuntimeCreateInstance + 385
	7   ImageIO                             0x931b451b _CGImageReadCreate + 83
	8   ImageIO                             0x931b4444 CGImageReadCreateWithProvider + 284
	9   ImageIO                             0x931b4291 CGImageSourceCreateWithDataProvider + 220
	10  CoreGraphics                        0x01460ff5 CGImageCreateWithJPEGDataProvider3 + 87
	11  CoreGraphics                        0x0136fce9 create_image_for_image + 229
	12  CoreGraphics                        0x0136fbd4 CGPDFImageCreateImage + 191
	13  CoreGraphics                        0x0145d35d CGPDFDrawingContextDrawImage + 34
	14  CoreGraphics                        0x01363755 op_Do + 115
	15  CoreGraphics                        0x01456cc9 pdf_scanner_handle_xname + 116
	16  CoreGraphics                        0x01457194 CGPDFScannerScan + 216
	17  CoreGraphics                        0x0138f3c4 CGPDFDrawingContextDrawPage + 506
	18  CoreGraphics                        0x0144a958 pdf_page_draw_in_context + 98
	19  CoreGraphics                        0x01465c67 CGContextDrawPDFPage + 47
	20  ???                                 0x0cef7c94 0x0 + 217021588
	21  ???                                 0x0cef7c08 0x0 + 217021448
	22  ???                                 0x0cef5e08 0x0 + 217013768
	23  ???                                 0x0cef3490 0x0 + 217003152
	24  ???                                 0x0cef30a5 0x0 + 217002149
	25  PDFTest                             0x0000a042 mono_jit_runtime_invoke + 722
	26  PDFTest                             0x00169f4e mono_runtime_invoke + 126
	27  PDFTest                             0x00206748 monotouch_trampoline + 3416
	28  UIKit                               0x0228638f -[UIViewController _setViewAppearState:isAnimating:] + 158
	29  UIKit                               0x022866a4 -[UIViewController __viewDidAppear:] + 136
	30  UIKit                               0x02287cf1 __64-[UIViewController viewDidMoveToWindow:shouldAppearOrDisappear:]_block_invoke_0 + 44
	31  UIKit                               0x02286b00 -[UIViewController _executeAfterAppearanceBlock] + 55
	32  UIKit                               0x021cdfea _afterCACommitHandler + 302
	33  CoreFoundation                      0x011a999e __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 30
	34  CoreFoundation                      0x01140640 __CFRunLoopDoObservers + 384
	35  CoreFoundation                      0x0110c4c6 __CFRunLoopRun + 1174
	36  CoreFoundation                      0x0110bd84 CFRunLoopRunSpecific + 212
	37  CoreFoundation                      0x0110bc9b CFRunLoopRunInMode + 123
	38  GraphicsServices                    0x047c47d8 GSEventRunModal + 190
	39  GraphicsServices                    0x047c488a GSEventRun + 103
	40  UIKit                               0x021bd626 UIApplicationMain + 1163
	41  ???                                 0x0ceeaa05 0x0 + 216967685
	42  ???                                 0x0cb34f18 0x0 + 213077784
	43  ???                                 0x0cb34c10 0x0 + 213077008
	44  ???                                 0x0cb34d66 0x0 + 213077350
	45  PDFTest                             0x0000a042 mono_jit_runtime_invoke + 722
	46  PDFTest                             0x00169f4e mono_runtime_invoke + 126
	47  PDFTest                             0x0016e034 mono_runtime_exec_main + 420
	48  PDFTest                             0x00173455 mono_runtime_run_main + 725
	49  PDFTest                             0x00067245 mono_jit_exec + 149
	50  PDFTest                             0x002116a5 main + 2837
	51  PDFTest                             0x00003095 start + 53
Comment 1 Rolf Bjarne Kvinge [MSFT] 2012-04-26 18:01:27 UTC
I can reproduce the crash, I'll have a look at it.
Comment 2 Rolf Bjarne Kvinge [MSFT] 2012-04-27 03:25:13 UTC
I can confirm it's a bug in Mono, still looking into how to fix it.
Comment 3 René Ruppert 2012-04-27 04:33:26 UTC
Any hints for a workaround meanwhile?
Comment 4 Rolf Bjarne Kvinge [MSFT] 2012-04-27 04:37:15 UTC
Created attachment 1759 [details]
Test project

Attached is a test project which seems to show that this is a bug when calling p/invokes that return structs.

Just run the project to see the crash.

Comment out AppDelegate.cs:35 (the call to CATransform3DInvert) to make the crash go away.

Note that at Appdelegate.cs:36 I call a native method where the struct is returned as an out pointer, this does not crash.
Comment 5 Rolf Bjarne Kvinge [MSFT] 2012-04-27 04:40:17 UTC
René: from the test project I attached you can see a workaround: you need to create a static library in Xcode that wraps the CATransform* functions to provide the return value as an out pointer instead of as a normal return value.
Comment 6 René Ruppert 2012-04-27 05:17:07 UTC
I can see that your workaround is successful, however I don't know how to translate this:

CATransform3D oTransform3D = CATransform3D.Identity;
oTransform3D.m34 = 1.0f / -400;
oTransform3D = oTransform3D.Translate(fAnimDir * TILE_TRANSLATION_X + fOffsetX, 0, 0);
oTransform3D = oTransform3D.Rotate(fAnimDir * (-70f) * (float)Math.PI / 180f, 0, 1, 0);	

What are the method signatures of the external code?

[DllImport ("__Internal")]
extern static void CATransform3DRotateMT (out CATransform3D res, ???);
		
[DllImport ("__Internal")]
extern static void CATransform3DTranslateMT (out CATransform3D res, ???);
Comment 7 René Ruppert 2012-04-27 05:23:43 UTC
Oh, I totally missed the point with the static library. I need to find out how to create such a library and make it work on Simulator and the device. Never done that before.

If I understand you correctly, the problem is not limited to CATransform3D? Any p/invoke with structures could cause the issue? Scary.
Comment 8 Rolf Bjarne Kvinge [MSFT] 2012-04-27 05:25:19 UTC
It doesn't affect all p/invokes that return structures, but I'm not exactly sure why. You only need the workaround it in the simulator, on device it works correctly.
Comment 9 René Ruppert 2012-04-27 05:35:44 UTC
I'm not entirely sure anymore. I have crash reports from the device that (to me) indicate at least similar problems. But I might be wrong. All I know is that I'm getting corrupted memory and NULL refs where they shouldn't be and the one with the PDF rendering turned out to be a real problem.

==========================================================
System.Exception: Invalid handle
 at MonoTouch.CoreGraphics.CGContext..ctor (IntPtr handle, Boolean owns) [0x00000] in <filename unknown>:0
 at MonoTouch.CoreGraphics.CGBitmapContext..ctor (System.Byte[] data, Int32 width, Int32 height, Int32 bitsPerComponent, Int32 bytesPerRow, MonoTouch.CoreGraphics.CGColorSpace colorSpace, CGImageAlphaInfo bitmapInfo) [0x00000] in <filename unknown>:0
 at iBrainloop.Controllers.PdfViewer.PdfViewerHelpers.GetLowResPagePreviewImage (MonoTouch.CoreGraphics.CGPDFPage oPdfPage, RectangleF oTargetRect) [0x00000] in <filename unknown>:0
 at iBrainloop.Controllers.PdfViewer.PdfViewerHelpers.GetLowResPagePreview (MonoTouch.CoreGraphics.CGPDFPage oPdfPage, RectangleF oTargetRect) [0x00000] in <filename unknown>:0
 at iBrainloop.Controllers.PdfViewer.PdfSinglePageController.RenderHighQualityPdfPage () [0x00000] in <filename unknown>:0
 at iBrainloop.Controllers.PdfViewer.PdfSinglePageController.ViewWillAppear (Boolean animated) [0x00000] in <filename unknown>:0
 at MonoTouch.UIKit.UIViewController.PresentModalViewController (MonoTouch.UIKit.UIViewController modalViewController, Boolean animated) [0x00000] in <filename unknown>:0
 at BrainloopMobile.PreviewHelpers+<PreviewLocalDMO>c__AnonStorey21.<>m__52 (PROGRESS_STATUS eStatus) [0x00000] in <filename unknown>:0
 at BrainloopMobile.ProgressController+<DoWork>c__AnonStorey2A.<>m__67 () [0x00000] in <filename unknown>:0
 at MonoTouch.Foundation.NSActionDispatcher.Apply () [0x00000] in <filename unknown>:0
 at MonoTouch.UIKit.UIApplication.Main (System.String[] args, System.String principalClassName, System.String delegateClassName) [0x00000] in <filename unknown>:0
 at BrainloopMobile.Application.Main (System.String[] args) [0x00000] in <filename unknown>:0

================================================================

System.Exception: Exception of type 'System.Exception' was thrown.
 at MonoTouch.QuickLook.QLPreviewController+_QLPreviewControllerDelegate.FrameForPreviewItem
(MonoTouch.QuickLook.QLPreviewItem item, MonoTouch.UIKit.UIView view)
[0x00000] in <filename unknown>:0
 at MonoTouch.UIKit.UIViewController.PresentModalViewController
(MonoTouch.UIKit.UIViewController modalViewController, Boolean
animated) [0x00000] in <filename unknown>:0
 at BrainloopMobile.PreviewHelpers+<PreviewLocalDMO>c__AnonStorey1F.<>m__4E
(PROGRESS_STATUS eStatus) [0x00000] in <filename unknown>:0
 at BrainloopMobile.ProgressController+<DoWork>c__AnonStorey27.<>m__62
() [0x00000] in <filename unknown>:0
 at MonoTouch.Foundation.NSActionDispatcher.Apply () [0x00000] in
<filename unknown>:0
 at MonoTouch.UIKit.UIApplication.Main (System.String[] args,
System.String principalClassName, System.String delegateClassName)
[0x00000] in <filename unknown>:0
 at BrainloopMobile.Application.Main (System.String[] args) [0x00000]
in <filename unknown>:0
Comment 10 Rolf Bjarne Kvinge [MSFT] 2012-04-27 17:14:01 UTC
*** Bug 4616 has been marked as a duplicate of this bug. ***
Comment 11 Zoltan Varga 2012-04-27 17:43:16 UTC
I can repro this using rolf's test project. The pinvoke declaration looks good, and it seems to match the unmanaged structure. The generated managed-to-native wrappers looks ok too, I couldn't find any problem with it when running it under gdb, it doesn't seem to overwrite memory etc.
Comment 12 René Ruppert 2012-05-06 09:00:41 UTC
Anything going on here about this problem?
Comment 13 Zoltan Varga 2012-05-07 19:54:34 UTC
Just the comment above, we couldn't yet figure out what is the source of the problem.
Comment 14 René Ruppert 2012-05-08 02:28:47 UTC
How sure are you that it is happening in the SImulator only? My PM is urging my to add some fancy 3D animation back into our app but I told them that this is potentially dangerous because of the problem above.
Comment 15 Rolf Bjarne Kvinge [MSFT] 2012-05-08 07:32:10 UTC
I think I figured this out, and I can confirm it's only in the simulator.

The problem is how we load native libraries for DllImport, we probe several paths, and in some cases when we try a path that doesn't exist the system finds the (wrong) native library in a completely different location.
Comment 16 Rolf Bjarne Kvinge [MSFT] 2012-05-10 16:52:47 UTC
Fixed in monotouch master (402c9f840). The next release with this fix will be 5.3.4 - I can however get you a hotfix/interim release if you're interested.