Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JIT: Assertion failed '(tree->gtDebugFlags & GTF_DEBUG_NODE_MORPHED) && "ERROR: Did not morph this node!"' during 'Morph - Global' #106278

Closed
jakobbotsch opened this issue Aug 12, 2024 · 3 comments · Fixed by #106286
Assignees
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Milestone

Comments

@jakobbotsch
Copy link
Member

// Generated by Fuzzlyn v2.2 on 2024-08-12 14:54:43
// Run on X64 Windows
// Seed: 16070819126771301687-vectort,vector128,vector256,x86aes,x86avx,x86avx2,x86avx512bw,x86avx512bwvl,x86avx512cd,x86avx512cdvl,x86avx512dq,x86avx512dqvl,x86avx512f,x86avx512fvl,x86avx512fx64,x86bmi1,x86bmi1x64,x86bmi2,x86bmi2x64,x86fma,x86lzcnt,x86lzcntx64,x86pclmulqdq,x86popcnt,x86popcntx64,x86sse,x86ssex64,x86sse2,x86sse2x64,x86sse3,x86sse41,x86sse41x64,x86sse42,x86sse42x64,x86ssse3,x86x86base
// Reduced from 61.3 KiB to 0.3 KiB in 00:01:27
// Hits JIT assert in Release:
// Assertion failed '(tree->gtDebugFlags & GTF_DEBUG_NODE_MORPHED) && "ERROR: Did not morph this node!"' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Morph - Global' (IL size 18; hash 0xade6b36b; FullOpts)
// 
//     File: D:\a\_work\1\s\src\coreclr\jit\morph.cpp Line: 12664
// 
using System;
using System.Runtime.CompilerServices;
using System.Numerics;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;

public class Program
{
    public static void Main()
    {
        int[] vr0 = default(int[]);
        double vr1 = -1216.4287239109472d % vr0[0];
    }
}

cc @dotnet/jit-contrib

Most likely introduced by #106185, I'll take a look.

@jakobbotsch jakobbotsch added this to the 9.0.0 milestone Aug 12, 2024
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Aug 12, 2024
@jakobbotsch jakobbotsch self-assigned this Aug 12, 2024
Copy link
Contributor

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Aug 12, 2024
Call morphing calls `gtPrepareCost` as part of `EvalArgsToTemps` and
`SortArgs`. These functions are called when visiting the call node in
post-order, so clearing `GTF_DEBUG_NODE_MORPHED` here ends up clearing
it permanently from subtrees. Since post-order morphing for some nodes
can return child nodes, this allows for a scenario where post-order
morphing returns a descendant node that has had its
`GTF_DEBUG_NODE_MORPHED` flag cleared. Fix it by not clearing the flag.

Fix dotnet#106278
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Aug 12, 2024
@AndyAyersMS
Copy link
Member

Is this a different issue than #106141?

@jakobbotsch
Copy link
Member Author

I think so -- this one started showing up very frequently after #106185, the other one is pretty rare (and win-x86 only).

@github-actions github-actions bot locked and limited conversation to collaborators Sep 14, 2024
mikelle-rogers pushed a commit to mikelle-rogers/runtime that referenced this issue Dec 10, 2024
Call morphing calls `gtPrepareCost` as part of `EvalArgsToTemps` and
`SortArgs`. These functions are called when visiting the call node in
post-order, so clearing `GTF_DEBUG_NODE_MORPHED` here ends up clearing
it permanently from subtrees. Since post-order morphing for some nodes
can return child nodes, this allows for a scenario where post-order
morphing returns a descendant node that has had its
`GTF_DEBUG_NODE_MORPHED` flag cleared. Fix it by not clearing the flag.

Fix dotnet#106278
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants