BT

Critical Bug Revealed in .NET 4.6's RyuJIT Compiler

| by Jeff Martin Follow 16 Followers on Jul 28, 2015. Estimated reading time: 2 minutes |

Stack Exchange's Nick Craver and Marc Gravell have released details on a critical flaw with the RyuJIT compiler that is part of the .NET 4.6 package that ships with Visual Studio 2015 and base .NET in Windows 10.  Craver and Gravell ultimately tracked down the bug to a problem with RyuJIT's handling of Tail Call optimization.  The result is that “...the method we called did not get the parameters we passed”, and as the author's point out, this could have drastic consequences if the variables affected were dealing with critical values.

As a result of this discovery, Microsoft's Matt Mitchell has submitted a patch (via pull request) to fix this problem.  Interestingly, a fix for this bug was previously applied and then removed three days ago (July 24) by a different Microsoft developer.  Craver points out that the presence of this bug is not immediately obvious for several reasons:

  • It only happens with optimizations enabled. For most developers and projects, that’s not in DEBUG and won’t show locally.
    • That means you’ll only see this in RELEASE, which for most people is only production.
  • Attaching a debugger alters the behavior. This almost always hides the issue.
  • Adding a Debug.WriteLine() will often fix the issue because of the tail change.

It is important to note that even when the patch is accepted into the GitHub repository it does not mean the problem is over—new binaries will then have to be delivered by Microsoft to users with .NET 4.6 installed.  Craver recommends that developers that have not yet deployed .NET 4.6 in production do not do so until the patched binaries are available.   If you have .NET 4.6 installed (regardless of environment) Craver recommends disabling RyuJIT immediately and has provided directions on how to do so along with proof of concept code.  It is important note that since this flaw affects the RyuJIT compiler, it affects programs that target previous versions of the .NET runtime too.

Microsoft’s Response (Updated 7-28-2015)

Microsoft’s Rich Lander has provided the formal response to Craver and Gravell’s report.   Lander reports that only 64-bit processes are affected by this bug—32-bit processes are not.  While Lander says his team does not currently consider this an exploitable flaw, the team is nonetheless moving a fix through the release process as though it were.

The guidance from Lander essentially recommends that RyuJIT be disabled until the patch is available if .NET Framework 4.6 is being used.  However, given the time to troubleshoot it would be worth investigating if this bug is causing problems for your specific situation as there may be a different cause for your application’s unexpected behavior.

According to Lander that F# developers are more likely to experience the repercussions of this bug and thus should not install .NET 4.6 if possible.  Lander has provided code samples that reproduce the bug in both C# and F#.  No release date for the binary patch has been provided.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and don't miss out on content that matters to you

BT