New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RyuJIT: Mishandling of subrange assertion for rewritten call parameter #19558

jakobbotsch opened this Issue Aug 19, 2018 · 0 comments


None yet
2 participants

jakobbotsch commented Aug 19, 2018

The example is:

// Debug: Outputs 0
// Release: Outputs 65536
public class Program
    static short s_19;
    public static void Main()

    static void M75(short arg0)
            arg0 = -1;
            arg0 &= 1;

        arg0 = s_19;
        short var11 = arg0;
        System.Console.WriteLine(0 - var11);

(remember to set COMPlus_TieredCompilation to 0 in release).

Similarly to #18867, RyuJIT reloads the argument as a 32-bit value without handling the upper bits correctly:

       55                   push     rbp
       4883EC10             sub      rsp, 16
       488D6C2410           lea      rbp, [rsp+10H]
       488965F0             mov      qword ptr [rbp-10H], rsp
       894D10               mov      dword ptr [rbp+10H], ecx

       480FBF0DE11FEEFF     movsx    rcx, word  ptr [reloc classVar[0x7d865280]]
       66894D10             mov      word  ptr [rbp+10H], cx
       8B4D10               mov      ecx, dword ptr [rbp+10H]
       F7D9                 neg      ecx
       48B82022987DFF7F0000 mov      rax, 0x7FFF7D982220

       488D6500             lea      rsp, [rbp]
       5D                   pop      rbp
       48FFE0       rax

@mikedn has analyzed it here: #18867 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment