Skip to content

[release/8.0-staging] JIT: Track sideness of arrOp in GetCheckedBoundArithInfo #100968

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 2, 2024
Merged

[release/8.0-staging] JIT: Track sideness of arrOp in GetCheckedBoundArithInfo #100968

merged 2 commits into from
May 2, 2024

Conversation

@EgorBo
Copy link
Member

@EgorBo EgorBo commented Apr 12, 2024
edited
Loading

Fixes #100809

Backport of #100848 to release/8.0-staging

Customer Impact

  • Customer reported
  • Found internally

Reported in #100809, there is a very specific pattern that is incorrectly lowered by JIT into an invalid code. Unfortunately, there is no good workaround for it we can recommend + the pattern in question lives in the BCL so users can't change it. The minimal repro to hit the bug is:

using System.Runtime.CompilerServices;

AlwaysFalse(10);

[MethodImpl(MethodImplOptions.NoInlining | 
            MethodImplOptions.AggressiveOptimization)]
bool AlwaysFalse(int x)
{
    var result = new byte[x];
    int count = result.Length - 2;
    return (x < 0 || result.Length - count < 0);
}

Prints True in Release and False in Debug. The actual bug was introduced many releases ago, but it started to manifest only since .NET 8.0 because of an unrelated optimization (#81998) that exposed it.
 

Regression

  • Yes
  • No

Regressed in .NET 8.0

Testing

Added a test

Risk

Low: it requires a very specific code pattern to hit

@ghost ghost added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Apr 12, 2024
@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

jakobbotsch
jakobbotsch reviewed Apr 13, 2024
View reviewed changes
src/coreclr/jit/optcse.cpp
// Comparison is against the bound +/- some offset.

assert(vnStore->IsVNCompareCheckedBoundArith(oldCmpVN));
vnStore->GetCompareCheckedBoundArithInfo(oldCmpVN, &info);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about the other uses of this function? Do they need to be changed too?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jakobbotsch I've inspected all uses and didn't find places where we might make wrong decisions due to order of operands (the only use of arrOp is this CSE where we compose a new VN and in rangecheck)

@Ziuan Ziuan mentioned this pull request Apr 20, 2024
Closed
@EgorBo
Copy link
Member Author

EgorBo commented May 2, 2024

PTAL @AndyAyersMS @jakobbotsch (backport of #100848)

jeffschwMSFT
jeffschwMSFT approved these changes May 2, 2024
View reviewed changes
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. we will take for consideration in 8.0.x

@jeffschwMSFT jeffschwMSFT added the Servicing-consider Issue for next servicing release review label May 2, 2024
@jeffschwMSFT jeffschwMSFT added this to the 8.0.x milestone May 2, 2024
@rbhanda rbhanda modified the milestones: 8.0.x, 8.0.6 May 2, 2024
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels May 2, 2024
@EgorBo EgorBo merged commit 13a33f1 into dotnet:release/8.0-staging May 2, 2024
@EgorBo EgorBo deleted the fix-GetCompareCheckedBoundArithInfo8 branch May 2, 2024 18:31
@github-actions github-actions bot locked and limited conversation to collaborators Jun 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jakobbotsch jakobbotsch jakobbotsch approved these changes

@jeffschwMSFT jeffschwMSFT jeffschwMSFT approved these changes

Assignees

@EgorBo EgorBo

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI Servicing-approved Approved for servicing release

Projects

None yet

Milestone

8.0.6

Development

Successfully merging this pull request may close these issues.

4 participants

@EgorBo @jakobbotsch @jeffschwMSFT @rbhanda