Fix access ordering issue in Module::AllocateDynamicEntry on arm64 #53556
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
While stress testing runtime on Windows ARM64 to repro an issue, I have hit an ordering issue in access to m_maxDynamicEntries and m_pDynamicStaticsInfo in the Module::AllocateDynamicEntry. In one of a few thousands of runs, I got a runtime crash when the m_pDynamicStaticsInfo was NULL. I was able to repro this issue reliably in the above mentioned number of runs. After the fix, it doesn't repro anymore. The newId was 1 at the time of the crash, the m_maxDynamicEntries was around 128. So the crashing thread has got the id 1, then another thread updated the m_maxDynamicEntries before the crashing thread executed the `if (newId >= m_maxDynamicEntries)`, so the thread went right to the `m_pDynamicStaticsInfo[newId].pEnclosingMT = pMT;`. The m_pDynamicStaticInfo is written before the m_maxDynamicEntries, so it was expected that it cannot be NULL, but the crashing thread has seen the operations in an opposite order due to the CPU access reordering. The fix is to add VolatileLoad for accessing the m_maxDynamicEntries and VolatileStore to set it. That ensures that the writes will be visible in the intended order.
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While stress testing runtime on Windows ARM64 to repro an issue, I have
hit an ordering issue in access to m_maxDynamicEntries and
m_pDynamicStaticsInfo in the Module::AllocateDynamicEntry.
In one of a few thousands of runs, I got a runtime crash when the
m_pDynamicStaticsInfo was NULL. I was able to repro this issue reliably
in the above mentioned number of runs. After the fix, it doesn't repro
anymore.
The newId was 1 at the time of the crash, the m_maxDynamicEntries was
around 128. So the crashing thread has got the id 1, then another thread
updated the m_maxDynamicEntries before the crashing thread executed the
if (newId >= m_maxDynamicEntries), so the thread went right to them_pDynamicStaticsInfo[newId].pEnclosingMT = pMT;. Them_pDynamicStaticInfo is written before the m_maxDynamicEntries, so it
was expected that it cannot be NULL, but the crashing thread has seen
the operations in an opposite order due to the CPU access reordering.
The fix is to add VolatileLoad for accessing the m_maxDynamicEntries and
VolatileStore to set it. That ensures that the writes will be visible in
the intended order.