Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JIT: Inlining may produce incorrectly byref-typed SUB trees #84291

Open
jakobbotsch opened this issue Apr 4, 2023 · 6 comments
Open

JIT: Inlining may produce incorrectly byref-typed SUB trees #84291

jakobbotsch opened this issue Apr 4, 2023 · 6 comments
Assignees
@EgorBo
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Milestone
Future

Comments

@jakobbotsch
Copy link
Member

See #82166 (comment):

STMT00051 ( 0x000[E-] ... ??? ) <- INL02 @ 0x000[E-] <- INLRT @ 0x0A1[E-]
               [000177] -A---------                           ASG       long  
               [000176] D------N---                         ├──▌  LCL_VAR   long   V10 tmp1         
               [000175] -----------                         └──▌  SUB       byref 
               [000173] -----------                            ├──▌  FIELD_ADDR byref  SequentialLayoutMinPacking`1[ushort]:_byte
               [000174] -----------                              └──▌  LCL_VAR_ADDR byref  V04 loc1         
               [000172] -----------                            └──▌  LCL_VAR_ADDR long   V04 loc1

impGetByRefResultType bases its result on the type of operands, yet the inliner can directly substitute argument trees in some cases causing this to not really work out in the expected way.
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Apr 4, 2023
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Apr 4, 2023
@ghost
Copy link

ghost commented Apr 4, 2023

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch, @kunalspathak
See info in area-owners.md if you want to be subscribed.

Issue Details

See #82166 (comment):

STMT00051 ( 0x000[E-] ... ??? ) <- INL02 @ 0x000[E-] <- INLRT @ 0x0A1[E-]
               [000177] -A---------                           ASG       long  
               [000176] D------N---                         ├──▌  LCL_VAR   long   V10 tmp1         
               [000175] -----------                         └──▌  SUB       byref 
               [000173] -----------                            ├──▌  FIELD_ADDR byref  SequentialLayoutMinPacking`1[ushort]:_byte
               [000174] -----------                              └──▌  LCL_VAR_ADDR byref  V04 loc1         
               [000172] -----------                            └──▌  LCL_VAR_ADDR long   V04 loc1

impGetByRefResultType bases its result on the type of operands, yet the inliner can directly substitute argument trees in some cases causing this to not really work out in the expected way.

Author: jakobbotsch
Assignees: -
Labels:

area-CodeGen-coreclr
Milestone: -

@jakobbotsch jakobbotsch mentioned this issue Apr 4, 2023
Merged
@JulieLeeMSFT JulieLeeMSFT removed the untriaged New issue has not been triaged by the area owner label Apr 4, 2023
@JulieLeeMSFT JulieLeeMSFT added this to the 8.0.0 milestone Apr 4, 2023
@jakobbotsch
Copy link
Member Author

This might not be too hard to fix; the actual signature types are available in the StackEntry that is popped right above the call to impGetByRefResultType. They are currently ignored, but really should be used to determine the target type instead of basing it on the type of the trees, which doesn't take implicit TYP_BYREF<->TYP_I_IMPL casts into account.

MichalPetryka added a commit to MichalPetryka/runtime that referenced this issue Jul 21, 2023
@MichalPetryka
Avoid BYREF trees in ByteOffset
305d83d 
Solves the particular problematic case from dotnet#84291.
@MichalPetryka MichalPetryka mentioned this issue Jul 21, 2023
Merged
jakobbotsch pushed a commit that referenced this issue Jul 24, 2023
@MichalPetryka
Avoid BYREF trees in ByteOffset (#89324)
f040d86 
Solves the particular problematic case from #84291.
@EgorBo
Copy link
Member

EgorBo commented Aug 5, 2023

Moving to 9.0 (will see if I have time to land this in 8.0 as the best effort)

@EgorBo EgorBo modified the milestones: 8.0.0, 9.0.0 Aug 5, 2023
@EgorBo
Copy link
Member

EgorBo commented Jul 29, 2024

@jakobbotsch I can't reproduce it on Main it seems, SUB gets typed as long for me:

               [000003] DA---------                         *  STORE_LCL_VAR long   V02 loc0         
               [000002] -----------                         \--*  SUB       long  
               [000001] -----------                            +--*  LCL_VAR   byref  V01 arg1          (last use)
               [000000] -----------                            \--*  LCL_VAR   byref  V00 arg0          (last use)

@EgorBo
Copy link
Member

EgorBo commented Jul 29, 2024
edited
Loading

I was playing with this repro:

using System.Numerics;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.Arm;
using System.Runtime.InteropServices;

public class Program
{
    public static void Main()
    {
        new SequentialLayoutMinPacking<ushort>().OffsetOfByte();
        new SequentialLayoutMinPacking<ushort>().OffsetOfValue();
    }

    internal static int OffsetOf<T, U>(ref T origin, ref U target)
    {
        return Unsafe.ByteOffset(ref origin, ref Unsafe.As<U, T>(ref target)).ToInt32();
    }
}


[StructLayout(LayoutKind.Sequential, Pack = 1)]
struct SequentialLayoutMinPacking<T>
{
    public byte _byte;
    public T _value;

    public int Size => Unsafe.SizeOf<SequentialLayoutMinPacking<T>>();

    [MethodImpl(MethodImplOptions.NoInlining)]
    public int OffsetOfByte() => Program.OffsetOf(ref this, ref _byte);

    [MethodImpl(MethodImplOptions.NoInlining)]
    public int OffsetOfValue() => Program.OffsetOf(ref this, ref _value);
}

@EgorBo
Copy link
Member

EgorBo commented Jul 29, 2024

Spoke with @jakobbotsch offline, it seems that #89324 has fixed it and it's no longer possible to reproduce it in C#/Unsafe, only with raw IL. So moving to future for now.

@EgorBo EgorBo modified the milestones: 9.0.0, Future Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EgorBo EgorBo

Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Projects
None yet
Milestone
Future
Development

No branches or pull requests
3 participants
@EgorBo @jakobbotsch @JulieLeeMSFT