Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JIT: Fix initblk/cpblk and STORE_DYN_BLK size mismatch #78930

Merged
merged 2 commits into from
Nov 30, 2022
Merged

JIT: Fix initblk/cpblk and STORE_DYN_BLK size mismatch #78930

merged 2 commits into from
Nov 30, 2022

Conversation

jakobbotsch
Copy link
Member

STORE_DYN_BLK turns into a call to JIT_MemSet/JIT_MemCpy that go quite directly to memset/memcpy, so the size is actually a native uint. This can cause problems since the JIT does not make any normalization guarantees above 32 bits.

Fix #78912

@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Nov 28, 2022
@ghost ghost assigned jakobbotsch Nov 28, 2022
@ghost
Copy link

ghost commented Nov 28, 2022

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Issue Details

STORE_DYN_BLK turns into a call to JIT_MemSet/JIT_MemCpy that go quite directly to memset/memcpy, so the size is actually a native uint. This can cause problems since the JIT does not make any normalization guarantees above 32 bits.

Fix #78912

Author: jakobbotsch
Assignees: -
Labels:

area-CodeGen-coreclr
Milestone: -

@jakobbotsch
JIT: Fix initblk/cpblk and STORE_DYN_BLK size mismatch
49bd3b8 
STORE_DYN_BLK turns into a call to JIT_MemSet/JIT_MemCpy that go quite
directly to memset/memcpy, so the size is actually a native uint. This
can cause problems since the JIT does not make any normalization
guarantees above 32 bits.

Fix dotnet#78912
@jakobbotsch jakobbotsch marked this pull request as ready for review November 29, 2022 12:21
@jakobbotsch
Copy link
Member Author

cc @dotnet/jit-contrib

Small number of diffs. Alternatively we could move the normalization into JIT_MemSet/JIT_MemCpy and change the argument to a 32-bit integer.

@EgorBo
Copy link
Member

EgorBo commented Nov 29, 2022

change the argument to a 32-bit integer.

I assume you meant to add new 32bit overloads instead of changing existing ones, right?

@jakobbotsch
Copy link
Member Author

I assume you meant to add new 32bit overloads instead of changing existing ones, right?

I don't think introducing overloads would be necessary, there are very few uses of these helpers.

@EgorBo
Copy link
Member

EgorBo commented Nov 29, 2022

I assume you meant to add new 32bit overloads instead of changing existing ones, right?

I don't think introducing overloads would be necessary, there are very few uses of these helpers.

Ah I thought that Unsafe.InitBlockUnaligned had nuint length

kunalspathak
kunalspathak reviewed Nov 29, 2022
View reviewed changes
src/coreclr/jit/morphblock.cpp

if (size != 0)
if ((size != 0) && FitsIn<int32_t>(size))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If i understand correctly, with your casting changes in importer, we would hit this assert and hence moving this to if-check is necessary?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should not see this in practice since we only create these nodes in very limited circumstances, when we see initblk/cpblk. But it wouldn't be considered illegal to have a CNS_INT node in this position with a native int > 2^31 anymore, so we shouldn't have asserts about that.

@kunalspathak
Copy link
Member

I am wondering what exposed this bug now?

@jakobbotsch
Copy link
Member Author

jakobbotsch commented Nov 29, 2022
edited
Loading

I am wondering what exposed this bug now?

Don't know, unfortunately that's not easy to figure out. The repro requires a small property to not be inlined which is occurring in stress, so perhaps inlining changes or stress decision changes caused it to be exposed.

(edit: furthermore, it requires stress to trigger a multi-reg return to be spilled to a spill temp in that small method)

@jakobbotsch jakobbotsch merged commit becfc23 into dotnet:main Nov 30, 2022
@jakobbotsch jakobbotsch deleted the fix-78912 branch November 30, 2022 09:59
@ghost ghost locked as resolved and limited conversation to collaborators Dec 30, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kunalspathak kunalspathak kunalspathak approved these changes

@EgorBo EgorBo EgorBo approved these changes

Assignees

@jakobbotsch jakobbotsch

Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

System.Net.Http.Unit.Tests failing under jitstress
3 participants
@jakobbotsch @EgorBo @kunalspathak