-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[browser][AOT] some assignments are not properly rooted #106200
Comments
Tagging subscribers to 'arch-wasm': @lewing |
The repro is sensitive the exact layout of the binaries, unfortunately. |
Is the issue specific to AOT? |
yeah jitcall trampolines are an AOT feature |
I updated the issue description, it's not jiterp's fault. It's un-rooted managed pointer in AOT'ed code. |
|
fixed by #106313 |
corlib_System_RuntimeType_CreateInstanceImpl_System_Reflection_BindingFlags_System_Reflection_Binder_object___System_Globalization_CultureInfo
cause AOT compiled binary to fail.CreateInstanceImpl(BindingFlags bindingAttr, Binder? binder, object?[]? args, CultureInfo? culture)
See
runtime/src/mono/System.Private.CoreLib/src/System/RuntimeType.Mono.cs
Lines 1507 to 1554 in 15e96fa
There is optional parameter
binder
which is in-place re-assigned to
DefaultBinder
The AOT will generate badly aligned shadow stack
Which will translate to
Which is not rooting the managed pointer to default binder.
The allocation of
new List<MethodBase>
may trigger GC and move the managed objects.Then the indirect_call (virtual method dispatch) will de-reference garbage data on the original address.
The text was updated successfully, but these errors were encountered: