Fix allocation of empty array in the frozen heap for collectible types (

#100437) Add assert for collectible in FrozenObjectHeapManager::TryAllocateObject Fix another potential case Add test Fix test Fix test bis Fix test bis bis
dotnet · Mar 30, 2024 · 81578a1 · 81578a1
1 parent b7d91f2
commit 81578a1
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 3 deletions.
diff --git a/src/coreclr/vm/frozenobjectheap.cpp b/src/coreclr/vm/frozenobjectheap.cpp
@@ -47,6 +47,7 @@ Object* FrozenObjectHeapManager::TryAllocateObject(PTR_MethodTable type, size_t
 
             _ASSERT(type != nullptr);
             _ASSERT(FOH_COMMIT_SIZE >= MIN_OBJECT_SIZE);
+            _ASSERT(!type->Collectible());
 
             // Currently we don't support frozen objects with special alignment requirements
             // TODO: We should also give up on arrays of doubles on 32-bit platforms.

diff --git a/src/coreclr/vm/gchelpers.cpp b/src/coreclr/vm/gchelpers.cpp
@@ -513,9 +513,11 @@ OBJECTREF TryAllocateFrozenSzArray(MethodTable* pArrayMT, INT32 cElements)
 
     // The initial validation is copied from AllocateSzArray impl
 
-    if (pArrayMT->ContainsPointers() && cElements > 0)
+    if (pArrayMT->Collectible() || (pArrayMT->ContainsPointers() && cElements > 0))
     {
-        // For arrays with GC pointers we can only work with empty arrays
+        // We cannot allocate in the frozen heap if:
+        // - the array type is collectible
+        // - or for non empty arrays with GC pointers
         return NULL;
     }
 
@@ -1122,7 +1124,7 @@ OBJECTREF TryAllocateFrozenObject(MethodTable* pObjMT)
 
     SetTypeHandleOnThreadForAlloc(TypeHandle(pObjMT));
 
-    if (pObjMT->ContainsPointers() || pObjMT->IsComObjectType())
+    if (pObjMT->Collectible() || pObjMT->ContainsPointers() || pObjMT->IsComObjectType())
     {
         return NULL;
     }

diff --git a/src/tests/JIT/Regression/JitBlue/Runtime_100437/Runtime_100437.cs b/src/tests/JIT/Regression/JitBlue/Runtime_100437/Runtime_100437.cs
@@ -0,0 +1,45 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Runtime.CompilerServices;
+using System.Runtime.Loader;
+using Xunit;
+
+public class Runtime_100437
+{
+    [Fact]
+    public static int TestCollectibleEmptyArrayNotInFrozenHeap()
+    {
+        WeakReference[] wrs = new WeakReference[10];
+        for (int i = 0; i < wrs.Length; i++)
+        {
+            var alc = new MyAssemblyLoadContext();
+            var a = alc.LoadFromAssemblyPath(typeof(Runtime_100437).Assembly.Location);
+            wrs[i] = (WeakReference)a.GetType("Runtime_100437").GetMethod("Work").Invoke(null, null);
+            GC.Collect();
+        }
+
+        int result = 0;
+        foreach (var wr in wrs)
+        {
+            // This is testing that the empty array from Work(), if collected, should not have been allocated on the Frozen heap
+            // otherwise it will result in a random crash.
+            result += wr.Target?.ToString()?.GetHashCode() ?? 0;
+        }
+        return result;
+    }
+
+    public static WeakReference Work()
+    {
+        return new WeakReference(Array.Empty<Runtime_100437>());
+    }
+
+    private class MyAssemblyLoadContext : AssemblyLoadContext
+    {
+        public MyAssemblyLoadContext()
+            : base(isCollectible: true)
+        {
+        }
+    }
+}
diff --git a/src/tests/JIT/Regression/JitBlue/Runtime_100437/Runtime_100437.csproj b/src/tests/JIT/Regression/JitBlue/Runtime_100437/Runtime_100437.csproj
@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <Optimize>True</Optimize>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="$(MSBuildProjectName).cs" />
+  </ItemGroup>
+</Project>