Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JIT: Improper handling of GC structs with undone promotion in tailcall-to-loop optimization #81081

Closed
jakobbotsch opened this issue Jan 24, 2023 · 1 comment · Fixed by #81083
Closed

JIT: Improper handling of GC structs with undone promotion in tailcall-to-loop optimization #81081

jakobbotsch opened this issue Jan 24, 2023 · 1 comment · Fixed by #81083
Assignees
@jakobbotsch
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Milestone
8.0.0

Comments

@jakobbotsch
Copy link
Member

jakobbotsch commented Jan 24, 2023
edited
Loading 

class Program
{
    static void Main()
    {
        Test(1234, default);
    }

    static int Test(int count, S16 s)
    {
        object o = "1234";
        if (count == 0 || o.GetHashCode() == 1234)
            return 42;

        return Test(count - 1, s);
    }

    struct S16
    {
        public object A, B;
    }
}

Run with DOTNET_JitNoInline=1 on win-x64. Result:

Assert failure(PID 13352 [0x00003428], Thread: 36112 [0x8d10]): Assertion failed '!parentStruct->lvUndoneStructPromotion' in 'Program:Test(int,Program+S16):int' during 'Mark local vars' (IL size 35; hash 0x046a6981; FullOpts)

    File: C:\dev\dotnet\runtime\src\coreclr\jit\lclvars.cpp Line: 4295
    Image: C:\dev\dotnet\runtime4\artifacts\tests\coreclr\windows.x64.Checked\Tests\Core_Root\corerun.exe

The problem is that the tailcall-to-loop optimization tries to zero out the copy created for the promotion of s, but that promotion was undone.
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Jan 24, 2023
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Jan 24, 2023
@jakobbotsch jakobbotsch self-assigned this Jan 24, 2023
@ghost
Copy link

ghost commented Jan 24, 2023

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch, @kunalspathak
See info in area-owners.md if you want to be subscribed.

Issue Details 
class Program
{
    static void Main()
    {
        Test(1234, default);
    }

    static int Test(int count, S16 s)
    {
        object o = "1234";
        if (count == 0 || o.GetHashCode() == 1234)
            return 42;

        return Test(count - 1, s);
    }

    struct S16
    {
        public object A, B;
    }
}

Run with DOTNET_JitNoInline=1. Result:

Assert failure(PID 13352 [0x00003428], Thread: 36112 [0x8d10]): Assertion failed '!parentStruct->lvUndoneStructPromotion' in 'Program:Test(int,Program+S16):int' during 'Mark local vars' (IL size 35; hash 0x046a6981; FullOpts)

    File: C:\dev\dotnet\runtime\src\coreclr\jit\lclvars.cpp Line: 4295
    Image: C:\dev\dotnet\runtime4\artifacts\tests\coreclr\windows.x64.Checked\Tests\Core_Root\corerun.exe

The problem is that the tailcall-to-loop optimization tries to zero out the copy created for the promotion of s, but that promotion was undone.

Author: jakobbotsch
Assignees: -
Labels:

area-CodeGen-coreclr
Milestone: -

@jakobbotsch jakobbotsch removed the untriaged New issue has not been triaged by the area owner label Jan 24, 2023
@jakobbotsch jakobbotsch added this to the 8.0.0 milestone Jan 24, 2023
jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Jan 24, 2023
@jakobbotsch
JIT: Fix tailcall-to-loop improper locals zeroing
c347da9 
The zeroing that the tailcall-to-loop optimization does was zeroing the
promoted copies implicit byrefs even when promotion of them was undone.
This was introducing unexpected references to the promoted fields.

Fix dotnet#81081
@jakobbotsch jakobbotsch mentioned this issue Jan 24, 2023
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Jan 24, 2023
jakobbotsch added a commit that referenced this issue Jan 25, 2023
@jakobbotsch
JIT: Fix tailcall-to-loop improper locals zeroing (#81083)
9b76c28 
The zeroing that the tailcall-to-loop optimization does was zeroing the
promoted copies for implicit byrefs even when promotion of them was undone.
This was introducing unexpected references to the promoted fields.

Fix #81081
@ghost ghost locked as resolved and limited conversation to collaborators Feb 24, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jakobbotsch jakobbotsch

Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Milestone
8.0.0
Development

Successfully merging a pull request may close this issue.

JIT: Fix tailcall-to-loop improper locals zeroing jakobbotsch/runtime
1 participant
@jakobbotsch