ildasm fails to read ni file with a specific option (Segmentation fault)

[hqueue]

I faced Segementation fault when reading ni file using ildasm with -nat option.
It seems that other options pretty works well.
Same behavior observed on x64/Ubuntu 14.04 and arm/Ubuntu16.04.

Environment

Host environment: x64/Ubuntu 14.04
coreclr/corefx are built for x64/Ubuntu 14.04 with Debug
coreclr: 19e1cd2
corefx: 808c9de

Example

Following example is from JIT/CodeGenBringUpTests/Add1/Add1.exe .

$ ./corerun Add1.exe 
$ echo $?
100
$ ./crossgen /ReadyToRun /Platform_Assemblies_Paths `pwd` Add1.exe
Microsoft (R) CoreCLR Native Image Generator - Version 4.5.22220.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Native image /home/hk0110/work/dxl/dotnet/mywork/device/x64_albireo/unittests/coreoverlays/coreoverlay.test20170315debug/Add1.ni.exe generated successfully.
$ ./corerun Add1.ni.exe
$ echo $?
100
$ ./ildasm -nat Add1.ni.exe 

//  Microsoft (R) .NET Framework IL Disassembler.  Version 4.5.22220.0

Segmentation fault (core dumped)
$

Long log of ildasm working with other options

$ ./ildasm -headers -noil Add1.ni.exe
//  Microsoft (R) .NET Framework IL Disassembler.  Version 4.5.22220.0
// warning : THIS IS A PARTIAL DISASSEMBLY, NOT SUITABLE FOR RE-ASSEMBLING
// ----- DOS Header:

// Magic:                      0x5a4d

// Bytes on last page:         0x0000

// Pages in file:              0x0000

// Relocations:                0x0000

// Size of header (paragraphs):0x0000

// Min extra paragraphs:       0x0000

// Max extra paragraphs:       0x0000

// Initial (relative) SS:      0x0000

// Initial SP:                 0x0000

// Checksum:                   0x0000

// Initial IP:                 0x0000

// Initial (relative) CS:      0x0000

// File addr. of reloc table:  0x0040

// Overlay number:             0x0000

// OEM identifier:             0x0000

// OEM info:                   0x0000

// File addr. of COFF header:  0x0080

// ----- COFF/PE Headers:

// Signature:                  0x00004550

// ----- COFF Header:

// Machine:                    0xfd1d

// Number of sections:         0x0003

// Time-date stamp:            0x58b70c75

// Ptr to symbol table:        0x00000000

// Number of symbols:          0x00000000

// Size of optional header:    0x00f0

// Characteristics:            0x2022

// ----- PE Optional Header (64 bit):

// Magic:                          0x020b

// Major linker version:           0x0b

// Minor linker version:           0x00

// Size of code:                   0x00000000

// Size of init.data:              0x00000000

// Size of uninit.data:            0x00000000

// Addr. of entry point:           0x00000000

// Base of code:                   0x00000000

// Image base:                     0x0000000004000000

// Section alignment:              0x00001000

// File alignment:                 0x00001000

// Major OS version:               0x0005

// Minor OS version:               0x0002

// Major image version:            0x0000

// Minor image version:            0x0000

// Major subsystem version:        0x0005

// Minor subsystem version:        0x0002

// Size of image:                  0x00004000

// Size of headers:                0x00001000

// Checksum:                       0x00000000

// Subsystem:                      0x0003

// DLL characteristics:            0x8140

// Size of stack reserve:          0x0000000000100000

Is -nat option stilll valid for ildasm and is this a bug ? or not supported by ildasm anymore ?

[gkhanna79]

CC @RussKeldorph

[hseok-oh]

In my environment, x64 ildasm print some informations.

CoreCLR: checked build (48e2448)
CoreFX: debug build (dotnet/corefx@a38b122)

hseok82:~/dotnet_test/x64_runtime/coreoverlay_checked$ ./ildasm -nat System.Private.CoreLib.ni.dll 

//  Microsoft (R) .NET Framework IL Disassembler.  Version 4.5.22220.0



// Metadata version: v4.0.22220
.assembly System.Private.CoreLib
{
  .publickey = (00 24 00 00 04 80 00 00 94 00 00 00 06 02 00 00   // .$..............
                00 24 00 00 52 53 41 31 00 04 00 00 01 00 01 00   // .$..RSA1........
                8D 56 C7 6F 9E 86 49 38 30 49 F3 83 C4 4B E0 EC   // .V.o..I80I...K..
                20 41 81 82 2A 6C 31 CF 5E B7 EF 48 69 44 D0 32   //  A..*l1.^..HiD.2
                18 8E A1 D3 92 07 63 71 2C CB 12 D7 5F B7 7E 98   // ......cq,..._.~.
                11 14 9E 61 48 E5 D3 2F BA AB 37 61 1C 18 78 DD   // ...aH../..7a..x.
                C1 9E 20 EF 13 5D 0C B2 CF F2 BF EC 3D 11 58 10   // .. ..]......=.X.
                C3 D9 06 96 38 FE 4B E2 15 DB F7 95 86 19 20 E5   // ....8.K....... .
                AB 6F 7D B2 E2 CE EF 13 6A C2 3D 5D D2 BF 03 17   // .o}.....j.=]....
                00 AE C2 32 F6 C6 B1 C7 85 B4 30 5C 12 3B 37 AB ) // ...2......0\.;7.
  .hash algorithm 0x00008004
  .ver 4:0:0:0
}
.imagebase 0x0000000180270000
.file alignment 0x00001000
.stackreserve 0x0000000000000000
.subsystem 0x0003       // WINDOWS_CUI
.corflags 0x00000004    //  IL_LIBRARY
// Image base: 0x00007F90782F2000

// Export dir VA=F911B0 size=46 
// in section '.text': VA=720000 Misc.VS=8711F6 PRD=720000 
// Export Directory Table:
// dwFlags = 0
// dwDateTime = 0
// wVMajor = 0
// wVMinor = 0
// dwNameRVA = F911D8
// dwOrdinalBase = 0
// dwNumATEntries = 0
// dwNumNamePtrs = 0
// dwAddrTableRVA = 0
// dwNamePtrRVA = 0
// dwOrdTableRVA = 0
// DLL Name: 'System.Private.CoreLib.ni.dll'


// *********** DISASSEMBLY COMPLETE ***********************

On the other hand, I also faced segmentation fault when I ran arm ildasm.

[hqueue]

@hseok-oh I also found out that ildasm work well with -native option for System.Private.CoreLib.ni.dll.
However still ildasm faced segfault using -native option for native image from JIT/CodeGenBringUpTests/Add1/Add1.exe on x64.
I suspect that there can be some differences between native image for application and libarary, e.g. entry point and etc.

And it seems that there is no additional information with -nat option from the log you shared me and the information is also available without any option.

[hseok-oh]

In Windows, similar result.

System.Private.CoreLib.dll

PS E:\git\coreclr\bin\Product\Windows_NT.x64.Debug> .\crossgen.exe /Platform_Assemblies_Paths . /ReadyToRun .\System.Private.CoreLib.dll
Microsoft (R) CoreCLR Native Image Generator - Version 4.5.22220.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Vararg calling convention not supported. while compiling method System.String.Concat
Native image .\System.Private.CoreLib.ni.dll generated successfully.
PS E:\git\coreclr\bin\Product\Windows_NT.x64.Debug> .\ildasm.exe -nat .\System.Private.CoreLib.ni.dll

//  Microsoft (R) .NET Framework IL Disassembler.  Version 4.5.22220.0



// Metadata version: v4.0.22220
.assembly System.Private.CoreLib
{
  .publickey = (00 24 00 00 04 80 00 00 94 00 00 00 06 02 00 00   // .$..............
                00 24 00 00 52 53 41 31 00 04 00 00 01 00 01 00   // .$..RSA1........
                8D 56 C7 6F 9E 86 49 38 30 49 F3 83 C4 4B E0 EC   // .V.o..I80I...K..
                20 41 81 82 2A 6C 31 CF 5E B7 EF 48 69 44 D0 32   //  A..*l1.^..HiD.2
                18 8E A1 D3 92 07 63 71 2C CB 12 D7 5F B7 7E 98   // ......cq,..._.~.
                11 14 9E 61 48 E5 D3 2F BA AB 37 61 1C 18 78 DD   // ...aH../..7a..x.
                C1 9E 20 EF 13 5D 0C B2 CF F2 BF EC 3D 11 58 10   // .. ..]......=.X.
                C3 D9 06 96 38 FE 4B E2 15 DB F7 95 86 19 20 E5   // ....8.K....... .
                AB 6F 7D B2 E2 CE EF 13 6A C2 3D 5D D2 BF 03 17   // .o}.....j.=]....
                00 AE C2 32 F6 C6 B1 C7 85 B4 30 5C 12 3B 37 AB ) // ...2......0\.;7.
  .hash algorithm 0x00008004
  .ver 4:0:0:0
}
.imagebase 0x00000001802c0000
.file alignment 0x00000200
.stackreserve 0x0000000000000000
.subsystem 0x0003       // WINDOWS_CUI
.corflags 0x00000004    //  IL_LIBRARY
// Image base: 0x00000000032D0000

// Export dir VA=15A1194 size=46
// in section '.text': VA=852000 Misc.VS=D4F1DA PRD=851000
// Export Directory Table:
// dwFlags = 0
// dwDateTime = 0
// wVMajor = 0
// wVMinor = 0
// dwNameRVA = 15A11BC
// dwOrdinalBase = 0
// dwNumATEntries = 0
// dwNumNamePtrs = 0
// dwAddrTableRVA = 0
// dwNamePtrRVA = 0
// dwOrdTableRVA = 0
// DLL Name: 'System.Private.CoreLib.ni.dll'


// *********** DISASSEMBLY COMPLETE ***********************

And assert failure: Add1.ni.dll

PS E:\git\coreclr\bin\tests\Windows_NT.x64.Debug\Tests\Core_Root> .\crossgen.exe /Platform_Assemblies_Paths . /ReadyToRu
n E:\git\coreclr\bin\tests\Windows_NT.x64.Debug\JIT\CodeGenBringUpTests\Add1\Add1.exe
Microsoft (R) CoreCLR Native Image Generator - Version 4.5.22220.0
Copyright (c) Microsoft Corporation.  All rights reserved.

Native image E:\git\coreclr\bin\tests\Windows_NT.x64.Debug\JIT\CodeGenBringUpTests\Add1\Add1.ni.exe generated successful
ly.
PS E:\git\coreclr\bin\tests\Windows_NT.x64.Debug\Tests\Core_Root> .\ildasm.exe -nat E:\git\coreclr\bin\tests\Windows_NT.
x64.Debug\JIT\CodeGenBringUpTests\Add1\Add1.ni.exe

//  Microsoft (R) .NET Framework IL Disassembler.  Version 4.5.22220.0


Assert failure(PID 16628 [0x000040f4], Thread: 13564 [0x34fc]): Precondition failure: Illegal null pointerFAILED: ok
         FAILED: CheckPointer(pData)
                e:\git\coreclr\src\dlls\mscoree\mscoree.cpp, line: 265

<no module>! <no symbol> + 0x0 (0x00000000`00000000)
    File: e:\git\coreclr\src\inc\check.h Line: 338
    Image: E:\git\coreclr\bin\tests\Windows_NT.x64.Debug\Tests\Core_Root\ildasm.exe

[jkotas]

This option only works for fragile native images (ie CoreLib only by default).

The fix should be to also check pNativeHeader->Signature == CORCOMPILE_SIGNATURE around here: https://github.com/dotnet/coreclr/blob/3c61ffd676603bb14d4e815e1e249f816d4cbc74/src/ildasm/dasm.cpp#L7366

And fail gracefully instead of crashing if this condition is false.

[hqueue]

@jkotas Thank you for the information.
BTW Is there specific reason that this option is only avaialble for FragileNonVersionable ?
Can we implement -native feature for crossgen with ReadyToRun native image ?

[jkotas]

The information dumped by the -native option is present in the fragile images only.

[hqueue]

Got it. Thanks :)