Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix buffer overrun in JIT for Vector256<T> types on ARM64 #35864

Merged
merged 1 commit into from
May 10, 2020
Merged

Fix buffer overrun in JIT for Vector256<T> types on ARM64 #35864

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions src/coreclr/src/jit/compiler.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1738,6 +1738,10 @@ struct fgArgTabEntry
#else
unsigned int regSize = 1;
#endif

if (numRegs > MAX_ARG_REG_COUNT)
NO_WAY("Multireg argument exceeds the maximum length");

for (unsigned int regIndex = 1; regIndex < numRegs; regIndex++)
{
argReg = (regNumber)(argReg + regSize);
Expand Down
5 changes: 1 addition & 4 deletions src/coreclr/src/tools/Common/Compiler/VectorFieldLayoutAlgorithm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,6 @@ public override ValueTypeShapeCharacteristics ComputeValueTypeShapeCharacteristi
{
8 => ValueTypeShapeCharacteristics.Vector64Aggregate,
16 => ValueTypeShapeCharacteristics.Vector128Aggregate,
32 => ValueTypeShapeCharacteristics.Vector256Aggregate,
_ => ValueTypeShapeCharacteristics.None
};
}
Expand All @@ -107,9 +106,7 @@ public static bool IsVectorType(DefType type)
{
return type.IsIntrinsic &&
type.Namespace == "System.Runtime.Intrinsics" &&
(type.Name == "Vector64`1" ||
type.Name == "Vector128`1" ||
type.Name == "Vector256`1") &&
((type.Name == "Vector64`1") || (type.Name == "Vector128`1")) &&
type.Instantiation[0].IsPrimitive;
}
}
Expand Down
3 changes: 1 addition & 2 deletions src/coreclr/src/tools/Common/JitInterface/CorInfoImpl.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2206,15 +2206,14 @@ private CorInfoType getHFAType(CORINFO_CLASS_STRUCT_* hClass)
var type = (DefType)HandleToObject(hClass);

// For 8-byte vectors return CORINFO_TYPE_DOUBLE, which is mapped by JIT to SIMD8.
// Otherwise, return CORINFO_TYPE_VALUECLASS, which is mapped by JIT to SIMD16.
// For 16-byte vectors return CORINFO_TYPE_VALUECLASS, which is mapped by JIT to SIMD16.
// See MethodTable::GetHFAType and Compiler::GetHfaType.
return (type.ValueTypeShapeCharacteristics & ValueTypeShapeCharacteristics.AggregateMask) switch
{
ValueTypeShapeCharacteristics.Float32Aggregate => CorInfoType.CORINFO_TYPE_FLOAT,
ValueTypeShapeCharacteristics.Float64Aggregate => CorInfoType.CORINFO_TYPE_DOUBLE,
ValueTypeShapeCharacteristics.Vector64Aggregate => CorInfoType.CORINFO_TYPE_DOUBLE,
ValueTypeShapeCharacteristics.Vector128Aggregate => CorInfoType.CORINFO_TYPE_VALUECLASS,
ValueTypeShapeCharacteristics.Vector256Aggregate => CorInfoType.CORINFO_TYPE_VALUECLASS,
_ => CorInfoType.CORINFO_TYPE_UNDEF
};
}
Expand Down
1 change: 0 additions & 1 deletion src/coreclr/src/tools/Common/TypeSystem/Common/DefType.FieldLayout.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,6 @@ public int GetHomogeneousAggregateElementSize()
ValueTypeShapeCharacteristics.Float64Aggregate => 8,
ValueTypeShapeCharacteristics.Vector64Aggregate => 8,
ValueTypeShapeCharacteristics.Vector128Aggregate => 16,
ValueTypeShapeCharacteristics.Vector256Aggregate => 16,
_ => throw new InvalidOperationException()
};
}
Expand Down
7 changes: 1 addition & 6 deletions src/coreclr/src/tools/Common/TypeSystem/Common/FieldLayoutAlgorithm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -132,11 +132,6 @@ public enum ValueTypeShapeCharacteristics
/// </summary>
Vector128Aggregate = 0x08,

/// <summary>
/// The type is an aggregate of 256-bit short-vector values.
/// </summary>
Vector256Aggregate = 0x10,

/// <summary>
/// The mask for homogeneous aggregates of floating-point values.
/// </summary>
Expand All @@ -145,7 +140,7 @@ public enum ValueTypeShapeCharacteristics
/// <summary>
/// The mask for homogeneous aggregates of short-vector values.
/// </summary>
ShortVectorAggregateMask = Vector64Aggregate | Vector128Aggregate | Vector256Aggregate,
ShortVectorAggregateMask = Vector64Aggregate | Vector128Aggregate,

/// <summary>
/// The mask for homogeneous aggregates.
Expand Down
1 change: 0 additions & 1 deletion src/coreclr/src/tools/Common/TypeSystem/Common/MetadataFieldLayoutAlgorithm.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -906,7 +906,6 @@ private ValueTypeShapeCharacteristics ComputeHomogeneousAggregateCharacteristic(
ValueTypeShapeCharacteristics.Float64Aggregate => 8,
ValueTypeShapeCharacteristics.Vector64Aggregate => 8,
ValueTypeShapeCharacteristics.Vector128Aggregate => 16,
ValueTypeShapeCharacteristics.Vector256Aggregate => 32,
_ => throw new ArgumentOutOfRangeException()
};

Expand Down
1 change: 0 additions & 1 deletion ...ssgen2/ILCompiler.ReadyToRun/Compiler/DependencyAnalysis/ReadyToRun/TypeFixupSignature.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,7 +88,6 @@ private static void EncodeTypeLayout(ObjectDataSignatureBuilder dataBuilder, Typ
ValueTypeShapeCharacteristics.Vector64Aggregate => CorElementType.ELEMENT_TYPE_R8,
// See MethodTable::GetHFAType
ValueTypeShapeCharacteristics.Vector128Aggregate => CorElementType.ELEMENT_TYPE_VALUETYPE,
ValueTypeShapeCharacteristics.Vector256Aggregate => CorElementType.ELEMENT_TYPE_VALUETYPE,
_ => CorElementType.Invalid
};
dataBuilder.EmitUInt((uint)elementType);
Expand Down
4 changes: 0 additions & 4 deletions src/coreclr/src/vm/class.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1195,10 +1195,6 @@ int MethodTable::GetVectorSize()
{
vectorSize = 16;
}
else if (strcmp(className, "Vector256`1") == 0)
{
vectorSize = 32;
}
else if (strcmp(className, "Vector64`1") == 0)
{
vectorSize = 8;
Expand Down