Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assertion failure in AOT compiler re speculative inlining #53294

Closed
rmacnak-google opened this issue Aug 21, 2023 · 1 comment
Closed

Assertion failure in AOT compiler re speculative inlining #53294

rmacnak-google opened this issue Aug 21, 2023 · 1 comment
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)

Comments

@rmacnak-google
Copy link
Contributor 

$ dart runtime/tools/dartfuzz/dartfuzz.dart --no-fp --no-ffi --flat --seed 2380220029 fuzz.dart
$ DART_CONFIGURATION='ReleaseX64C' DART_VM_FLAGS='--enable-asserts' pkg/vm/tool/precompiler2 fuzz.dart snapshot

../../runtime/vm/compiler/aot/precompiler.cc: 3657: error: unreachable code
version=3.2.0-edge.00c69057c26fc11cb6068763e882dd19ac50b002 (be) (Fri Aug 18 16:17:16 2023 -0700) on "linux_x64"
pid=113476, thread=113476, isolate_group=isolate(0x55cbdd23d560), isolate=(nil)((nil))
os=linux, arch=x64, comp=yes, sim=no
isolate_instructions=0, vm_instructions=0
fp=7ffe13eb49d0, sp=7ffe13eb4898, pc=55cbdbcc17bc
  pc 0x000055cbdbcc17bc fp 0x00007ffe13eb49d0 dart::Profiler::DumpStackTrace(void*)+0x7c
  pc 0x000055cbdbb3dde4 fp 0x00007ffe13eb4ab0 dart::Assert::Fail(char const*, ...) const+0x84
  pc 0x000055cbdbff5436 fp 0x00007ffe13eb5150 dart::PrecompileParsedFunctionHelper::Compile(dart::CompilationPipeline*)+0xb56
  pc 0x000055cbdbff5747 fp 0x00007ffe13eb5810 /usr/local/google/home/rmacnak/dart1/sdk/pkg/vm/tool/../../../out/ReleaseX64C/gen_snapshot+0xa7e747
  pc 0x000055cbdbff1487 fp 0x00007ffe13eb5920 dart::Precompiler::CompileFunction(dart::Precompiler*, dart::Thread*, dart::Zone*, dart::Function const&)+0x177
  pc 0x000055cbdbff0204 fp 0x00007ffe13eb59b0 dart::Precompiler::ProcessFunction(dart::Function const&)+0xe4
  pc 0x000055cbdbfeb97b fp 0x00007ffe13eb5a10 dart::Precompiler::Iterate()+0x9b
  pc 0x000055cbdbfe8782 fp 0x00007ffe13eb6110 dart::Precompiler::DoCompileAll()+0x1572
  pc 0x000055cbdbfe71a8 fp 0x00007ffe13eb65a0 dart::Precompiler::CompileAll()+0xb8
  pc 0x000055cbdc18437e fp 0x00007ffe13eb6700 Dart_Precompile+0x24e
  pc 0x000055cbdbb1b95c fp 0x00007ffe13eb6890 dart::bin::main(int, char**)+0x8dc

@alexmarkov
@rmacnak-google rmacnak-google added area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.) labels Aug 21, 2023
@rmacnak-google
Copy link
Contributor Author

Reduced to

@pragma("vm:never-inline")
hide() => null;

@pragma("vm:never-inline")
int foo2() {
  int loc0 = 23;
  try {
    while (--loc0 > 0) {
      hide();
    }
  } catch (exception, stackTrace) {
  } finally {
    return loc0 ~/ -1;
  }
}

main() {
  foo2();
}

The phi for loc0 between the catch entry and the normal entry has been assigned the type int by SSA construction, but the parameter for loc0 coming from the catch entry is untyped. Code looking at the type of the phi decides its safe to do an unboxed integer operation, select representation adds the unboxing, code generation in the catch side of the phi notes it can't prove the input is int and tries to emit a deopt stub.

@rmacnak-google rmacnak-google mentioned this issue Sep 26, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-vm Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends. crash Process exits with SIGSEGV, SIGABRT, etc. An unhandled exception is not a crash. dartfuzz Found with Dart fuzzing (DartFuzz, libFuzzer, etc.)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rmacnak-google