Skip to content

CEE_CALL yielding invalid address call instruction on win64 #44397

New issue
New issue
Closed
Closed
CEE_CALL yielding invalid address call instruction on win64#44397
Labels
area-CodeGen-coreclrCLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMIquestionAnswer questions and provide assistance, not an issue with source code or documentation.tracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directlyuntriagedNew issue has not been triaged by the area owner
@tonybaloney

Description

@tonybaloney
tonybaloney
opened on Nov 9, 2020

This relates directly to RyuJIT and the emitter for CEE_CALL to a IAT_PVALUE global method.

I'm working on a project that uses only the JIT and compiles CIL to native code.
When calling Global Static methods, the executable is crashing because the JIT is generating invalid call instructions. The call addresses are valid in macOS and Linux, but in Windows they point to an invalid memory address.

When debugging I can see that the call to getCallInfo will return a CORINFO_CALL_INFO struct with the field codePointerLookup.constLookup.addr at the correct memory address of the compiled function. The method has the flags CORINFO_FLG_STATIC

However, when the Jitted code executes it will start running through the correct machine code instructions and raises an access violation on the call. The Windows debugger shows that the memory address it tried to call is not executable code.

Exception thrown at 0x000002E846673418 in unit_tests.exe: 0xC0000005: Access violation executing location 0x000002E846673418.

000002E84D9F084D 00 00                add         byte ptr [rax],al  
000002E84D9F084F 00 00                add         byte ptr [rax],al  
000002E84D9F0851 00 00                add         byte ptr [rax],al  
000002E84D9F0853 00 00                add         byte ptr [rax],al  
000002E84D9F0855 00 00                add         byte ptr [rax],al  
000002E84D9F0857 00 82 05 3F 19 E2    add         byte ptr [rdx-1DE6C0FBh],al  
000002E84D9F085D F6 00 09             test        byte ptr [rax],9  
000002E84D9F0860 55                   push        rbp  
000002E84D9F0861 4C 8D 9C 24 10 FF FF FF lea         r11,[rsp-0F0h]  
000002E84D9F0869 E8 AA 2B C8 F8       call        000002E846673418   <<<< 
000002E84D9F086E 49 8B E3             mov         rsp,r11  
000002E84D9F0871 48 8D AC 24 F0 00 00 00 lea         rbp,[rsp+0F0h]  
000002E84D9F0879 33 C0                xor         eax,eax  
000002E84D9F087B 48 89 85 38 FF FF FF mov         qword ptr [rbp-0C8h],rax

This code works perfectly on macOS and Linux, so there must be something about the virtual memory addresses in Windows, or a missing indirection?

If someone could help, that would be great. The code is here microsoft/Pyjion#237

Configuration

  • .NET 5 RC2
  • Windows 10 AMD64 (Virtual Machine)

Regression?

Yes, this worked on a very old version of .NET core 1.0

Other information

@AndyAyersMS helped on this project last time (issue #42925). It's working brilliantly on macOS and Linux now.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-CodeGen-coreclrCLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMIquestionAnswer questions and provide assistance, not an issue with source code or documentation.tracking-external-issueThe issue is caused by external problem (e.g. OS) - nothing we can do to fix it directlyuntriagedNew issue has not been triaged by the area owner

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions