[Fuzzlyn] Jump into the middle of handler region #81675
Assignees
Labels
area-CodeGen-coreclr
CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Milestone
Comments
dotnet-issue-labeler
bot
added
the
area-CodeGen-coreclr
|
Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch, @kunalspathak Issue DetailsErrorThe error reproduces on both regular x86 and in AltJit Repro// Generated by Fuzzlyn v1.5 on 2023-02-06 00:41:34
// Run on X86 Windows
// Seed: 12611629827253727687
// Reduced from 444.9 KiB to 1.1 KiB in 00:13:23
// Hits JIT assert in Release:
// Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Unroll loops' (IL size 131; hash 0xade6b36b; FullOpts)
//
// File: D:\a\_work\1\s\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
//
public interface I0
{
}
public class C0 : I0
{
public sbyte F3;
}
public class Program
{
public static ushort s_11;
public static bool[][] s_18;
public static C0 s_26;
public static short[] s_42;
public static void Main()
{
short vr7 = default(short);
for (int vr8 = 0; vr8 < 0; vr8++)
{
try
{
System.Console.WriteLine(32767);
}
finally
{
I0 vr9 = new C0();
}
}
for (int vr10 = 0; vr10 < 0; vr10++)
{
if (s_18[0][0])
{
var vr11 = s_26.F3;
}
else
{
System.Console.WriteLine(0);
}
if (!((ushort)(-s_11++) >= 0))
{
vr7 = vr7;
try
{
vr7 = 0;
}
finally
{
vr7 = s_42[0];
}
}
}
}
}
|
|
Fallout from #80353? |
|
@jakobbotsch, it's certainly possible but given the checks are #80353 simply updated the current limit from |
JulieLeeMSFT
removed
the
untriaged
ghost
added
the
in-pr
BruceForstall
added a commit
to BruceForstall/runtime
that referenced
this issue
Feb 18, 2023
Fix two problems with code in loops that are determined to not execute that have exception handling clauses: 1. Be more specific in loop unrolling to avoid unrolling even zero-count loops (which causes the loop to be removed) if there is a block in the loop with a different handler region than the handler region of the "top" block. This should only kick in for x86, where handlers are not extracted as funclets. 2. In Value Numbering, before actually value numbering nodes, `optComputeLoopSideEffectsOfBlock()` walks all the blocks of all top-level loops collecting data. Unfortunately, it sets the Value Number of certain nodes as a way to pass information "up the tree" during processing. Presumably these "fake" value numbers actually get replaced during actual value numbering for the tree. However, when we go to actually value number the IR, we only walk reachable blocks. Thus, in some cases, we would end up with a top-level "fake" value number on an unreachable statement root, thus leading `fgDebugCheckExceptionSets()` to check the tree and assert. To fix this, at the end of the `optComputeLoopSideEffectsOfBlock()`, clear the VN in case it was previously set. Fixes dotnet#81675
BruceForstall
added a commit
that referenced
this issue
Feb 22, 2023
Fix two problems with code in loops that are determined to not execute that have exception handling clauses: 1. Be more specific in loop unrolling to avoid unrolling even zero-count loops (which causes the loop to be removed) if there is a block in the loop with a different handler region than the handler region of the "top" block. This should only kick in for x86, where handlers are not extracted as funclets. 2. In Value Numbering, before actually value numbering nodes, `optComputeLoopSideEffectsOfBlock()` walks all the blocks of all top-level loops collecting data. Unfortunately, it sets the Value Number of certain nodes as a way to pass information "up the tree" during processing. Presumably these "fake" value numbers actually get replaced during actual value numbering for the tree. However, when we go to actually value number the IR, we only walk reachable blocks. Thus, in some cases, we would end up with a top-level "fake" value number on an unreachable statement root, thus leading `fgDebugCheckExceptionSets()` to check the tree and assert. To fix this, at the end of the `optComputeLoopSideEffectsOfBlock()`, clear the VN in case it was previously set. Fixes #81675
ghost
removed
the
in-pr
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Error
The error reproduces on both regular x86 and in AltJit
clrjit_win_x86_x64.dllRepro
The text was updated successfully, but these errors were encountered: