InfoQ Homepage News Critical Bug Revealed in .NET 4.6's RyuJIT Compiler

# Critical Bug Revealed in .NET 4.6's RyuJIT Compiler

Leia em português

Stack Exchange's Nick Craver and Marc Gravell have released details on a critical flaw with the RyuJIT compiler that is part of the .NET 4.6 package that ships with Visual Studio 2015 and base .NET in Windows 10.  Craver and Gravell ultimately tracked down the bug to a problem with RyuJIT's handling of Tail Call optimization.  The result is that “...the method we called did not get the parameters we passed”, and as the author's point out, this could have drastic consequences if the variables affected were dealing with critical values.

As a result of this discovery, Microsoft's Matt Mitchell has submitted a patch (via pull request) to fix this problem.  Interestingly, a fix for this bug was previously applied and then removed three days ago (July 24) by a different Microsoft developer.  Craver points out that the presence of this bug is not immediately obvious for several reasons:

• It only happens with optimizations enabled. For most developers and projects, that’s not in DEBUG and won’t show locally.
• That means you’ll only see this in RELEASE, which for most people is only production.
• Attaching a debugger alters the behavior. This almost always hides the issue.
• Adding a Debug.WriteLine() will often fix the issue because of the tail change.

It is important to note that even when the patch is accepted into the GitHub repository it does not mean the problem is over—new binaries will then have to be delivered by Microsoft to users with .NET 4.6 installed.  Craver recommends that developers that have not yet deployed .NET 4.6 in production do not do so until the patched binaries are available.   If you have .NET 4.6 installed (regardless of environment) Craver recommends disabling RyuJIT immediately and has provided directions on how to do so along with proof of concept code.  It is important note that since this flaw affects the RyuJIT compiler, it affects programs that target previous versions of the .NET runtime too.

Microsoft’s Response (Updated 7-28-2015)

Microsoft’s Rich Lander has provided the formal response to Craver and Gravell’s report.   Lander reports that only 64-bit processes are affected by this bug—32-bit processes are not.  While Lander says his team does not currently consider this an exploitable flaw, the team is nonetheless moving a fix through the release process as though it were.

The guidance from Lander essentially recommends that RyuJIT be disabled until the patch is available if .NET Framework 4.6 is being used.  However, given the time to troubleshoot it would be worth investigating if this bug is causing problems for your specific situation as there may be a different cause for your application’s unexpected behavior.

According to Lander that F# developers are more likely to experience the repercussions of this bug and thus should not install .NET 4.6 if possible.  Lander has provided code samples that reproduce the bug in both C# and F#.  No release date for the binary patch has been provided.

Style

## Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.