Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[src/runtime] Add extra checks to Runtime.IsUserType to detect invalid pointers. #19747

Closed
wants to merge 3 commits into from
Closed

[src/runtime] Add extra checks to Runtime.IsUserType to detect invalid pointers. #19747

wants to merge 3 commits into from

Conversation

rolfbjarne
Copy link
Member

@rolfbjarne rolfbjarne commented Jan 4, 2024
edited
Loading

This will hopefully make it easier to diagnose these kinds of crashes:

Thread 0 Crashed:
0   libobjc.A.dylib                      0x00000001a6f6e7f8 object_getClass + 48
1   MyTestDotNetApp.Net                  0x0000000104b90a68 do_icall (interp.c:2273)
2   MyTestDotNetApp.Net                  0x0000000104b8f838 do_icall_wrapper (interp.c:2361)
3   MyTestDotNetApp.Net                  0x0000000104b85214 interp_exec_method (interp.c:3885)
4   MyTestDotNetApp.Net                  0x0000000104b82de8 interp_runtime_invoke (interp.c:2122)
5   MyTestDotNetApp.Net                  0x0000000104b4aedc mono_jit_runtime_invoke (mini-runtime.c:3650)
6   MyTestDotNetApp.Net                  0x0000000104a8b874 mono_runtime_try_invoke (object.c:2415)
7   MyTestDotNetApp.Net                  0x0000000104a8d8a0 mono_runtime_invoke (object.c:2464)
8   MyTestDotNetApp.Net                  0x0000000104c42b68 native_to_managed_trampoline_68(objc_object*, objc_selector*, _MonoMethod**, objc_object*, unsigned int) (registrar.mm:4511)
9   MyTestDotNetApp.Net                  0x0000000104c42a00 +[__NSObject_Disposer drain:] (registrar.mm:20968)
10  Foundation                           0x00000001adc13b14 __NSThreadPerformPerform + 260

This happens because we try to access freed/invalid memory, but unfortunately
the crash report / stack trace does not contain any hint whatsoever about the
memory that triggered the crash.

By adding an opt-in to validate the memory for a given object, we might be
able to detect this crash in a few cases, and instead throw a managed
exception with much more information.

A project opts-in by setting _ValidateObjectPointers=true in the csproj.

Ref: #19493

@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@rolfbjarne rolfbjarne force-pushed the safer-is-user-type2 branch from 8c3de85 to ee46620 Compare January 5, 2024 08:41
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@rolfbjarne
[src/runtime] Add extra checks to Runtime.IsUserType to detect invali…
b375147 
…d pointers.

This will hopefully make it easier to diagnose these kinds of crashes:

    Thread 0 Crashed:
    0   libobjc.A.dylib                      0x00000001a6f6e7f8 object_getClass + 48
    1   MyTestDotNetApp.Net                  0x0000000104b90a68 do_icall (interp.c:2273)
    2   MyTestDotNetApp.Net                  0x0000000104b8f838 do_icall_wrapper (interp.c:2361)
    3   MyTestDotNetApp.Net                  0x0000000104b85214 interp_exec_method (interp.c:3885)
    4   MyTestDotNetApp.Net                  0x0000000104b82de8 interp_runtime_invoke (interp.c:2122)
    5   MyTestDotNetApp.Net                  0x0000000104b4aedc mono_jit_runtime_invoke (mini-runtime.c:3650)
    6   MyTestDotNetApp.Net                  0x0000000104a8b874 mono_runtime_try_invoke (object.c:2415)
    7   MyTestDotNetApp.Net                  0x0000000104a8d8a0 mono_runtime_invoke (object.c:2464)
    8   MyTestDotNetApp.Net                  0x0000000104c42b68 native_to_managed_trampoline_68(objc_object*, objc_selector*, _MonoMethod**, objc_object*, unsigned int) (registrar.mm:4511)
    9   MyTestDotNetApp.Net                  0x0000000104c42a00 +[__NSObject_Disposer drain:] (registrar.mm:20968)
    10  Foundation                           0x00000001adc13b14 __NSThreadPerformPerform + 260

This happens because we try to access freed/invalid memory, but unfortunately
the crash report / stack trace does not contain any hint whatsoever about the
memory that triggered the crash.

By adding an opt-in to validate the memory for a given object, we might be
able to detect this crash in a few cases, and instead throw a managed
exception with much more information.

A project opts-in by setting `_ValidateObjectPointers=true` in the csproj.

Ref: xamarin#19493
@rolfbjarne rolfbjarne force-pushed the safer-is-user-type2 branch from 9042870 to b375147 Compare June 7, 2024 16:39
@rolfbjarne rolfbjarne changed the title [src/runtime] Add extra checks to Runtime.IsUserType to avoid crashing. [src/runtime] Add extra checks to Runtime.IsUserType to detect invalid pointers. Jun 7, 2024
@rolfbjarne rolfbjarne marked this pull request as ready for review June 7, 2024 16:40
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
@vs-mobiletools-engineering-service2

This comment has been minimized.

Sign in to view
mandel-macaque
mandel-macaque approved these changes Jul 9, 2024
View reviewed changes
src/Foundation/NSObject2.cs Outdated Show resolved Hide resolved
src/Foundation/NSObject2.cs Outdated Show resolved Hide resolved
dalexsoto
dalexsoto approved these changes Jul 9, 2024
View reviewed changes
Copy link
Member

@dalexsoto dalexsoto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we document this inside our docs folder?

@rolfbjarne
Copy link
Member Author

Superseded by #21001.

@rolfbjarne rolfbjarne closed this Aug 8, 2024
@rolfbjarne rolfbjarne mentioned this pull request Aug 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@haritha-mohan haritha-mohan haritha-mohan approved these changes

@mcumming mcumming mcumming approved these changes

@mandel-macaque mandel-macaque mandel-macaque approved these changes

@dalexsoto dalexsoto dalexsoto approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rolfbjarne @vs-mobiletools-engineering-service2 @dalexsoto @mandel-macaque @mcumming @haritha-mohan