Crashes on iOS - il2cpp - generics

Hi guys,

we are dealing with strange crashes using JSON deserialization. We are using this plugin https://www.assetstore.unity3d.com/en/#!/content/11347. Game is crashing when deserializing JSON data. Device is using iOS 7 and Unity was 5.2.3. It looks like, that this type of crash is not 100 %, and I think it depends on iOS version. We have crashes of this type with previous version of unity 5.2.21f, but they occured much less often

Here is generated c++ method, where crash occurs (line 37):

Code (csharp):

1.  
2. // System.Boolean System.Collections.Generic.Dictionary`2<System.Object,System.Object>::TryGetValue(TKey,TValue&)
3. extern TypeInfo* ArgumentNullException_t1_1500_il2cpp_TypeInfo_var;
4. extern TypeInfo* Object_t_il2cpp_TypeInfo_var;
5. extern Il2CppCodeGenString* _stringLiteral793;
6. extern "C" bool Dictionary_2_TryGetValue_m1_15085_gshared (Dictionary_2_t1_1952 * __this, Object_t * ___key, Object_t ** ___value, const MethodInfo* method)
7. {
8.     static bool s_Il2CppMethodIntialized;
9.     if (!s_Il2CppMethodIntialized)
10.     {
11.         ArgumentNullException_t1_1500_il2cpp_TypeInfo_var = il2cpp_codegen_type_info_from_index(3);
12.         Object_t_il2cpp_TypeInfo_var = il2cpp_codegen_type_info_from_index(0);
13.         _stringLiteral793 = il2cpp_codegen_string_literal_from_index(793);
14.         s_Il2CppMethodIntialized = true;
15.     }
16.     int32_t V_0 = 0;
17.     int32_t V_1 = 0;
18.     Object_t * V_2 = {0};
19.     {
20.         Object_t * L_0 = ___key;
21.         if (L_0)
22.         {
23.             goto IL_0016;
24.         }
25.     }
26.     {
27.         ArgumentNullException_t1_1500 * L_1 = (ArgumentNullException_t1_1500 *)il2cpp_codegen_object_new (ArgumentNullException_t1_1500_il2cpp_TypeInfo_var);
28.         ArgumentNullException__ctor_m1_13269(L_1, (String_t*)_stringLiteral793, /*hidden argument*/NULL);
29.         il2cpp_codegen_raise_exception((Il2CppCodeGenException*)L_1);
30.     }
31.    
32. IL_0016:
33.     {
34.         Object_t* L_2 = (Object_t*)(__this->___hcp_12);
35.         Object_t * L_3 = ___key;
36.         NullCheck((Object_t*)L_2);
37.         //LINE 8481 HERE !!!! - CRASH
38.         int32_t L_4 = (int32_t)InterfaceFuncInvoker1< int32_t, Object_t * >::Invoke(1 /* System.Int32 System.Collections.Generic.IEqualityComparer`1<System.Object>::GetHashCode(T) */, IL2CPP_RGCTX_DATA(InitializedTypeInfo(method->declaring_type)->rgctx_data, 35), (Object_t*)L_2, (Object_t *)L_3);
39.         V_0 = (int32_t)((int32_t)((int32_t)L_4|(int32_t)((int32_t)-2147483648)));
40.         Int32U5BU5D_t1_275* L_5 = (Int32U5BU5D_t1_275*)(__this->___table_4);
41.         int32_t L_6 = V_0;
42.         Int32U5BU5D_t1_275* L_7 = (Int32U5BU5D_t1_275*)(__this->___table_4);
43.         NullCheck(L_7);
44.         NullCheck(L_5);
45.         IL2CPP_ARRAY_BOUNDS_CHECK(L_5, ((int32_t)((int32_t)((int32_t)((int32_t)L_6&(int32_t)((int32_t)2147483647)))%(int32_t)(((int32_t)((int32_t)(((Array_t *)L_7)->max_length)))))));
46.         int32_t L_8 = ((int32_t)((int32_t)((int32_t)((int32_t)L_6&(int32_t)((int32_t)2147483647)))%(int32_t)(((int32_t)((int32_t)(((Array_t *)L_7)->max_length))))));
47.         V_1 = (int32_t)((int32_t)((int32_t)(*(int32_t*)(int32_t*)SZArrayLdElema(L_5, L_8, sizeof(int32_t)))-(int32_t)1));
48.         goto IL_00a2;
49.     }
50.    
51. IL_0048:
52.     {
53.         LinkU5BU5D_t1_3010* L_9 = (LinkU5BU5D_t1_3010*)(__this->___linkSlots_5);
54.         int32_t L_10 = V_1;
55.         NullCheck(L_9);
56.         IL2CPP_ARRAY_BOUNDS_CHECK(L_9, L_10);
57.         int32_t L_11 = (int32_t)(((Link_t1_256 *)(Link_t1_256 *)SZArrayLdElema(L_9, L_10, sizeof(Link_t1_256 )))->___HashCode_0);
58.         int32_t L_12 = V_0;
59.         if ((!(((uint32_t)L_11) == ((uint32_t)L_12))))
60.         {
61.             goto IL_0090;
62.         }
63.     }
64.     {
65.         Object_t* L_13 = (Object_t*)(__this->___hcp_12);
66.         ObjectU5BU5D_t1_272* L_14 = (ObjectU5BU5D_t1_272*)(__this->___keySlots_6);
67.         int32_t L_15 = V_1;
68.         NullCheck(L_14);
69.         IL2CPP_ARRAY_BOUNDS_CHECK(L_14, L_15);
70.         int32_t L_16 = L_15;
71.         Object_t * L_17 = ___key;
72.         NullCheck((Object_t*)L_13);
73.         bool L_18 = (bool)InterfaceFuncInvoker2< bool, Object_t *, Object_t * >::Invoke(0 /* System.Boolean System.Collections.Generic.IEqualityComparer`1<System.Object>::Equals(T,T) */, IL2CPP_RGCTX_DATA(InitializedTypeInfo(method->declaring_type)->rgctx_data, 35), (Object_t*)L_13, (Object_t *)(*(Object_t **)(Object_t **)SZArrayLdElema(L_14, L_16, sizeof(Object_t *))), (Object_t *)L_17);
74.         if (!L_18)
75.         {
76.             goto IL_0090;
77.         }
78.     }
79.     {
80.         Object_t ** L_19 = ___value;
81.         ObjectU5BU5D_t1_272* L_20 = (ObjectU5BU5D_t1_272*)(__this->___valueSlots_7);
82.         int32_t L_21 = V_1;
83.         NullCheck(L_20);
84.         IL2CPP_ARRAY_BOUNDS_CHECK(L_20, L_21);
85.         int32_t L_22 = L_21;
86.         (*(Object_t **)L_19) = (*(Object_t **)(Object_t **)SZArrayLdElema(L_20, L_22, sizeof(Object_t *)));
87.         return 1;
88.     }
89.    
90. IL_0090:
91.     {
92.         LinkU5BU5D_t1_3010* L_23 = (LinkU5BU5D_t1_3010*)(__this->___linkSlots_5);
93.         int32_t L_24 = V_1;
94.         NullCheck(L_23);
95.         IL2CPP_ARRAY_BOUNDS_CHECK(L_23, L_24);
96.         int32_t L_25 = (int32_t)(((Link_t1_256 *)(Link_t1_256 *)SZArrayLdElema(L_23, L_24, sizeof(Link_t1_256 )))->___Next_1);
97.         V_1 = (int32_t)L_25;
98.     }
99.    
100. IL_00a2:
101.     {
102.         int32_t L_26 = V_1;
103.         if ((!(((uint32_t)L_26) == ((uint32_t)(-1)))))
104.         {
105.             goto IL_0048;
106.         }
107.     }
108.     {
109.         Object_t ** L_27 = ___value;
110.         Initobj (Object_t_il2cpp_TypeInfo_var, (&V_2));
111.         Object_t * L_28 = V_2;
112.         (*(Object_t **)L_27) = L_28;
113.         return 0;
114.     }
115. }
116.