The crash of the Visual Studio 2010 when running Code Analysis


Every time when I ran Code Analysis on the project from the Visual Studio 2010 it’s always worked fine, but one day when I ran it right away after the project has been loaded the Visual Studio crashed.

To take a look where problem is, I attached WinDbg to Visual Studio and ran "g; !pe" command:

0:000> g;!pe
...
Exception object: 033d9a50
Exception type:   System.Runtime.InteropServices.COMException
Message:          Unspecified error (Exception from HRESULT: 0x80004005 (E_FAIL))
InnerException:   none
StackTrace (generated):
    SP       IP       Function
    0031E4E0 087A7CA5 Microsoft_VisualStudio_CodeAnalysis_Sdk_UI_1fd0000!Microsoft.VisualStudio.CodeAnalysis.SdkUiUtilities.GetSelectedProject(System.IServiceProvider)+0x45
    0031E4EC 614B1AEC StanCore_ni!Microsoft.VisualStudio.CodeAnalysis.ManagedCommandTarget.DoRunCodeAnalysisOnce(System.IServiceProvider)+0x1c
    0031E4FC 087A7A90 stanpackage!<module>.DoRunCodeAnalysisOnce()+0x10
    0031E8D4 6C45A179 Microsoft_VisualStudio_Shell_10_0_ni!Microsoft.Internal.VisualStudio.PlatformUI.DataSource.Invoke(System.String, System.Object, System.Object ByRef)+0x21
    0031E8EC 6FCE119D Microsoft_VisualStudio_Shell_UI_Internal_ni!Microsoft.VisualStudio.PlatformUI.VsCommand.Execute(System.Object)+0x29
    0031E8FC 62EAC08F PresentationFramework_ni!MS.Internal.Commands.CommandHelpers.CriticalExecuteCommandSource(System.Windows.Input.ICommandSource, Boolean)+0x9f
    0031E91C 62F7283A PresentationFramework_ni!System.Windows.Controls.MenuItem.InvokeClickAfterRender(System.Object)+0x62
    0031E930 6BAAFB93 WindowsBase_ni!System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)+0x53
    0031E950 6BAAFAC2 WindowsBase_ni!MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)+0x42
    0031E998 6BAB29B5 WindowsBase_ni!System.Windows.Threading.DispatcherOperation.InvokeImpl()+0x8d
    0031E9D4 6BAB2918 WindowsBase_ni!System.Windows.Threading.DispatcherOperation.InvokeInSecurityContext(System.Object)+0x38
    0031E9DC 6CC24DB5 mscorlib_ni!System.Threading.ExecutionContext.runTryCode(System.Object)+0x51
    0031EE84 6CC24CBA mscorlib_ni!System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)+0x6a
    0031EE9C 6CC27FC2 mscorlib_ni!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)+0x7e
    0031EEC0 6CC27F34 mscorlib_ni!System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)+0x2c
    0031EEDC 6BAB2848 WindowsBase_ni!System.Windows.Threading.DispatcherOperation.Invoke()+0x68
    0031EF18 6BAAE57E WindowsBase_ni!System.Windows.Threading.Dispatcher.ProcessQueue()+0x15e
    0031EF5C 6BAAE70F WindowsBase_ni!System.Windows.Threading.Dispatcher.WndProcHook(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)+0x63
    0031EFAC 6BAAFDB6 WindowsBase_ni!MS.Win32.HwndWrapper.WndProc(IntPtr, Int32, IntPtr, IntPtr, Boolean ByRef)+0xbe
    0031EFF8 6BAAFCE5 WindowsBase_ni!MS.Win32.HwndSubclass.DispatcherCallbackOperation(System.Object)+0x7d
    0031F008 6BAAFB93 WindowsBase_ni!System.Windows.Threading.ExceptionWrapper.InternalRealCall(System.Delegate, System.Object, Int32)+0x53
    0031F028 6BAAFAC2 WindowsBase_ni!MS.Internal.Threading.ExceptionFilterHelper.TryCatchWhen(System.Object, System.Delegate, System.Object, Int32, System.Delegate)+0x42
    0031F070 6BAAE050 WindowsBase_ni!System.Windows.Threading.Dispatcher.InvokeImpl(System.Windows.Threading.DispatcherPriority, System.TimeSpan, System.Delegate, System.Object, Int32)+0xb4
    0031F0B8 6BAAF5E0 WindowsBase_ni!MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)+0x104
StackTraceString: <none>
HResult: 80004005

To start debugging the issue I set a breakpoint using the !mbm command from SOSEX.DLL. While debugging I found out that the method Microsoft.VisualStudio.CodeAnalysis.SdkUiUtilities.GetSelectedProject calls EnvDTE._DTE::get_ActiveSolutionProjects, and that in turn calls msenv!CVShell::get_ActiveSolutionProjects:

0:000> !mbm Microsoft.VisualStudio.CodeAnalysis.SdkUiUtilities.GetSelectedProject 0
0:000> !muf .
Microsoft.VisualStudio.CodeAnalysis.SdkUiUtilities.GetSelectedProject(System.IServiceProvider): EnvDTE.Project
Source information not available.
    loc 0:EnvDTE.DTE
    loc 1:object[]
        087a7c60 55              push    ebp
        087a7c61 8bec            mov     ebp,esp
        087a7c63 56              push    esi
        087a7c64 8bf1            mov     esi,ecx
    IL_0000: ldarg.0  (provider)
    IL_0001: ldtoken EnvDTE.DTE
    IL_0006: call System.Type::GetTypeFromHandle
    IL_000b: callvirt System.IServiceProvider::GetService
    IL_0010: isinst EnvDTE.DTE
    IL_0015: stloc.0 
        087a7c66 b9d0413970      mov     ecx,offset EnvDTE_ni+0xc41d0 (703941d0)
        087a7c6b e896bd7f66      call    clr!JIT_GetRuntimeType (6efa3a06)
        087a7c70 8bd0            mov     edx,eax
        087a7c72 8bce            mov     ecx,esi
        087a7c74 ff15ec162c01    call    dword ptr ds:[12C16ECh]
        087a7c7a 8bd0            mov     edx,eax
        087a7c7c b9d0413970      mov     ecx,offset EnvDTE_ni+0xc41d0 (703941d0)
        087a7c81 e8c2217966      call    clr!JIT_IsInstanceOfAny (6ef39e48)
        087a7c86 8bf0            mov     esi,eax
    IL_0016: ldloc.0 
    IL_0017: brfalse.s IL_0021
        087a7c88 85f6            test    esi,esi
        087a7c8a 740c            je      087a7c98
    IL_0019: ldloc.0 
    IL_001a: callvirt EnvDTE._DTE::get_Solution
    IL_001f: brtrue.s IL_0023
        087a7c8c 8bce            mov     ecx,esi
        087a7c8e ff15f0162c01    call    dword ptr ds:[12C16F0h]
        087a7c94 85c0            test    eax,eax
        087a7c96 7505            jne     087a7c9d
    IL_0021: ldnull 
    IL_0022: ret 
        087a7c98 33c0            xor     eax,eax
        087a7c9a 5e              pop     esi
        087a7c9b 5d              pop     ebp
        087a7c9c c3              ret
    IL_0023: ldloc.0 
    IL_0024: callvirt EnvDTE._DTE::get_ActiveSolutionProjects
    IL_0029: castclass object[]
    IL_002e: stloc.1 
        087a7c9d 8bce            mov     ecx,esi
>>>>>>>>087a7c9f ff15f4162c01    call    dword ptr ds:[12C16F4h]
        087a7ca5 8bd0            mov     edx,eax
        087a7ca7 b9e2429f6c      mov     ecx,offset mscorlib_ni+0x42e2 (6c9f42e2)
        087a7cac e88b897866      call    clr!JIT_ChkCastArray (6ef3063c)
        087a7cb1 8bf0            mov     esi,eax
    IL_002f: ldloc.1 
    IL_0030: ldlen 
    IL_0031: conv.i4 
    IL_0032: ldc.i4.1 
    IL_0033: bge.s IL_0037
        087a7cb3 837e0400        cmp     dword ptr [esi+4],0
        087a7cb7 7f05            jg      087a7cbe
    IL_0035: ldnull 
    IL_0036: ret 
        087a7cb9 33c0            xor     eax,eax
        087a7cbb 5e              pop     esi
        087a7cbc 5d              pop     ebp
        087a7cbd c3              ret
    IL_0037: ldloc.1 
    IL_0038: ldc.i4.0 
    IL_0039: ldelem.ref 
    IL_003a: isinst EnvDTE.Project
    IL_003f: ret 
        087a7cbe 837e0400        cmp     dword ptr [esi+4],0
        087a7cc2 7610            jbe     087a7cd4
        087a7cc4 8b560c          mov     edx,dword ptr [esi+0Ch]
        087a7cc7 b9287e3970      mov     ecx,offset EnvDTE_ni+0xc7e28 (70397e28)
        087a7ccc e877217966      call    clr!JIT_IsInstanceOfAny (6ef39e48)
        087a7cd1 5e              pop     esi
        087a7cd2 5d              pop     ebp
        087a7cd3 c3              ret
        087a7cd4 e86710a266      call    clr!JIT_RngChkFail (6f1c8d40)
        087a7cd9 cc              int     3
    IL_0000: ldarg.0  (provider)
    IL_0001: ldtoken EnvDTE.DTE
    IL_0006: call System.Type::GetTypeFromHandle
    IL_000b: callvirt System.IServiceProvider::GetService
    IL_0010: isinst EnvDTE.DTE
    IL_0015: stloc.0 
    IL_0016: ldloc.0 
    IL_0017: brfalse.s IL_0021
    IL_0019: ldloc.0 
    IL_001a: callvirt EnvDTE._DTE::get_Solution
    IL_001f: brtrue.s IL_0023
    IL_0021: ldnull 
    IL_0022: ret 
    IL_0023: ldloc.0 
    IL_0024: callvirt EnvDTE._DTE::get_ActiveSolutionProjects
    IL_0029: castclass object[]
    IL_002e: stloc.1 
    IL_002f: ldloc.1 
    IL_0030: ldlen 
    IL_0031: conv.i4 
    IL_0032: ldc.i4.1 
    IL_0033: bge.s IL_0037
    IL_0035: ldnull 
    IL_0036: ret 
    IL_0037: ldloc.1 
    IL_0038: ldc.i4.0 
    IL_0039: ldelem.ref 
    IL_003a: isinst EnvDTE.Project
    IL_003f: ret 
703540d8 ffd2            call    edx {msenv!CVShell::get_ActiveSolutionProjects (681f2490)}
703540da 8b4d98          mov     ecx,dword ptr [ebp-68h]
703540dd 8d6108          lea     esp,[ecx+8]
703540e0 8b4dc0          mov     ecx,dword ptr [ebp-40h]
703540e3 c6410801        mov     byte ptr [ecx+8],1
703540e7 8b1564142d70    mov     edx,dword ptr [EnvDTE_ni+0x1464 (702d1464)]
703540ed 833a00          cmp     dword ptr [edx],0
703540f0 7407            je      EnvDTE_ni+0x840f9 (703540f9)
703540f2 50              push    eax
703540f3 e87061fbff      call    EnvDTE_ni+0x3a268 (7030a268)
703540f8 58              pop     eax
703540f9 c7459800000000  mov     dword ptr [ebp-68h],0
70354100 8bf0            mov     esi,eax
70354102 8b4dbc          mov     ecx,dword ptr [ebp-44h]
70354105 e80e5ffbff      call    EnvDTE_ni+0x3a018 (7030a018)
7035410a 85f6            test    esi,esi
7035410c 7c27            jl      EnvDTE_ni+0x84135 (70354135)
7035410e c745dc01000000  mov     dword ptr [ebp-24h],1
70354115 8d4dc4          lea     ecx,[ebp-3Ch]
70354118 e86b5ffbff      call    EnvDTE_ni+0x3a088 (7030a088)
7035411d 8945b8          mov     dword ptr [ebp-48h],eax
70354120 c745e400000000  mov     dword ptr [ebp-1Ch],0
70354127 c745e8fc000000  mov     dword ptr [ebp-18h],0FCh
7035412e 684e413570      push    offset EnvDTE_ni+0x8414e (7035414e)
70354133 eb22            jmp     EnvDTE_ni+0x84157 (70354157)
70354135 ff75bc          push    dword ptr [ebp-44h]
70354138 8b55b4          mov     edx,dword ptr [ebp-4Ch]
7035413b 8bce            mov     ecx,esi
7035413d e8e65efbff      call    EnvDTE_ni+0x3a028 (7030a028)
70354142 8bc8            mov     ecx,eax
70354144 e82761fbff      call    EnvDTE_ni+0x3a270 (7030a270)

The msenv!CVShell::get_ActiveSolutionProjects calls msenv!CVsUIShell::FindToolWindow to find Solution Explorer window. But since the window does not exist the msenv!CVsUIShell::FindToolWindow returns 80004005:

681f25c0 8b442458        mov     eax,dword ptr [esp+58h]
681f25c4 8b08            mov     ecx,dword ptr [eax]
681f25c6 8d542460        lea     edx,[esp+60h]
681f25ca 52              push    edx
681f25cb 686864fe67      push    offset msenv!GUID_SolutionExplorer (67fe6468)
681f25d0 53              push    ebx
681f25d1 50              push    eax
681f25d2 ff5114          call    dword ptr [ecx+14h]  ds:0023:67e945cc={msenv!CVsUIShell::FindToolWindow (67ed3b49)}
681f25d5 89442414        mov     dword ptr [esp+14h],eax
681f25d9 3bc3            cmp     eax,ebx
681f25db 0f8c20070000    jl      msenv!CVShell::get_ActiveSolutionProjects+0x871 (681f2d01)
0:000> p
eax=80004005 ebx=00000000 ecx=67ed3bf2 edx=0031e464 esi=0031e49c edi=77683ed5
eip=681f25d5 esp=0031e38c ebp=0031e450 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000246
msenv!CVShell::get_ActiveSolutionProjects+0x145:
681f25d5 89442414        mov     dword ptr [esp+14h],eax ss:0023:0031e3a0=00000000

And finally when msenv!CVShell::get_ActiveSolutionProjects returns the error code to the EnvDTE._DTE::get_ActiveSolutionProjects, it throw an exception causing the Visual Studio to crash.

0:000> u 7030a270 L1
EnvDTE_ni+0x3a270:
7030a270 e9e90ac9fe      jmp     clr!IL_Throw (6ef9ad5e)

So, if you want to run Code Analysis without crashing the Visual Studio, you need first "create" Solution Explorer window by pressing CTRL+ALT+L.