Skip to content

Commit

Permalink
JIT: Avoid clearing morphed flag in gtSetEvalOrder (dotnet#106286)
Browse files Browse the repository at this point in the history
Call morphing calls `gtPrepareCost` as part of `EvalArgsToTemps` and
`SortArgs`. These functions are called when visiting the call node in
post-order, so clearing `GTF_DEBUG_NODE_MORPHED` here ends up clearing
it permanently from subtrees. Since post-order morphing for some nodes
can return child nodes, this allows for a scenario where post-order
morphing returns a descendant node that has had its
`GTF_DEBUG_NODE_MORPHED` flag cleared. Fix it by not clearing the flag.

Fix dotnet#106278
  • Loading branch information
jakobbotsch authored and mikelle-rogers committed Dec 4, 2024
1 parent b0fd751 commit c951ec2
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 5 deletions.
5 changes: 0 additions & 5 deletions src/coreclr/jit/gentree.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -4904,11 +4904,6 @@ unsigned Compiler::gtSetEvalOrder(GenTree* tree)
return gtSetEvalOrderMinOpts(tree);
}

#ifdef DEBUG
/* Clear the GTF_DEBUG_NODE_MORPHED flag as well */
tree->gtDebugFlags &= ~GTF_DEBUG_NODE_MORPHED;
#endif

/* Is this a FP value? */

bool isflt = varTypeIsFloating(tree->TypeGet());
Expand Down
31 changes: 31 additions & 0 deletions src/tests/JIT/Regression/JitBlue/Runtime_106278/Runtime_106278.cs
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.

// Generated by Fuzzlyn v2.2 on 2024-08-12 14:54:43
// Run on X64 Windows
// Seed: 16070819126771301687-vectort,vector128,vector256,x86aes,x86avx,x86avx2,x86avx512bw,x86avx512bwvl,x86avx512cd,x86avx512cdvl,x86avx512dq,x86avx512dqvl,x86avx512f,x86avx512fvl,x86avx512fx64,x86bmi1,x86bmi1x64,x86bmi2,x86bmi2x64,x86fma,x86lzcnt,x86lzcntx64,x86pclmulqdq,x86popcnt,x86popcntx64,x86sse,x86ssex64,x86sse2,x86sse2x64,x86sse3,x86sse41,x86sse41x64,x86sse42,x86sse42x64,x86ssse3,x86x86base
// Reduced from 61.3 KiB to 0.3 KiB in 00:01:27
// Hits JIT assert in Release:
// Assertion failed '(tree->gtDebugFlags & GTF_DEBUG_NODE_MORPHED) && "ERROR: Did not morph this node!"' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Morph - Global' (IL size 18; hash 0xade6b36b; FullOpts)
//
// File: D:\a\_work\1\s\src\coreclr\jit\morph.cpp Line: 12664
//

using System;
using Xunit;

public class Runtime_106278
{
[Fact]
public static void TestEntryPoint()
{
try
{
int[] vr0 = default(int[]);
double vr1 = -1216.4287239109472d % vr0[0];
}
catch (NullReferenceException)
{
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<Optimize>True</Optimize>
</PropertyGroup>
<ItemGroup>
<Compile Include="$(MSBuildProjectName).cs" />
</ItemGroup>
</Project>

0 comments on commit c951ec2

Please sign in to comment.