Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fuzzlyn: Assertion failed '!m_compiler->lvaInSsa(tree->GetLclNum())' during 'Assertion prop' #109971

Closed
amanasifkhalid opened this issue Nov 19, 2024 · 3 comments · Fixed by #110077
Assignees
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Milestone

Comments

@amanasifkhalid
Copy link
Member

Hitting on multiple platforms. Example on win-x64:

// Generated by Fuzzlyn v2.4 on 2024-11-17 15:25:04
// Run on X64 Windows
// Seed: 8082722256341804456-vectort,vector128,vector256,x86aes,x86avx,x86avx2,x86avx512bw,x86avx512bwvl,x86avx512cd,x86avx512cdvl,x86avx512dq,x86avx512dqvl,x86avx512f,x86avx512fvl,x86avx512fx64,x86bmi1,x86bmi1x64,x86bmi2,x86bmi2x64,x86fma,x86lzcnt,x86lzcntx64,x86pclmulqdq,x86popcnt,x86popcntx64,x86sse,x86ssex64,x86sse2,x86sse2x64,x86sse3,x86sse41,x86sse41x64,x86sse42,x86sse42x64,x86ssse3,x86x86base
// Reduced from 137.3 KiB to 1.0 KiB in 00:02:31
// Hits JIT assert in Release:
// Assertion failed '!m_compiler->lvaInSsa(tree->GetLclNum())' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Assertion prop' (IL size 73; hash 0xade6b36b; FullOpts)
// 
//     File: D:\a\_work\1\s\src\coreclr\jit\optimizer.cpp Line: 3511
// 
using System;
using System.Numerics;
using System.Runtime.Intrinsics;
using System.Runtime.Intrinsics.X86;

public class C0
{
    public sbyte F1;
}

public class C1
{
    public C0 F5;
}

public class Program
{
    public static IRuntime s_rt;
    public static C1 s_1;
    public static C0 s_2;
    public static void Main()
    {
        double vr4 = default(double);
        byte vr5 = 0;
        ushort vr6 = 0;
        if (0 >= vr5)
        {
            s_rt.WriteLine(System.BitConverter.DoubleToUInt64Bits(vr4));
        }
        else
        {
            var vr7 = s_1.F5.F1 % vr6;
            try
            {
                M1();
            }
            finally
            {
                s_2 = s_2;
            }
        }
    }

    public static float M1()
    {
        return default(float);
    }
}

public interface IRuntime
{
    void WriteLine<T>(T value);
}

public class Runtime : IRuntime
{
    public void WriteLine<T>(T value) => System.Console.WriteLine(value);
}

cc @dotnet/jit-contrib

@amanasifkhalid amanasifkhalid added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Nov 19, 2024
@amanasifkhalid amanasifkhalid added this to the 10.0.0 milestone Nov 19, 2024
Copy link
Contributor

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

@jakobbotsch
Copy link
Member

Andy pointed me at this one as well but haven't had time to dig in yet... It's likely introduced by my recent SSA changes. I'll take a look.

@jakobbotsch jakobbotsch self-assigned this Nov 19, 2024
@jakobbotsch
Copy link
Member

The problem here is that we have a CSE use in an unreachable block. Since it's unreachable there is no reaching def so it does not get any SSA number, but optRecordSsaUses is unhappy about that.

jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Nov 22, 2024
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Nov 22, 2024
jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Nov 22, 2024
…lder

Also give unreachable stores an SSA number.

Fix dotnet#109971
mikelle-rogers pushed a commit to mikelle-rogers/runtime that referenced this issue Dec 10, 2024
…lder (dotnet#110077)

There really is no correct reaching definition in this case, so any reaching
definition will do here. This matches what happens normally in the JIT when
various phases optimize control flow after SSA has been built without removing
the now-unreachable blocks.

Also give unreachable stores an SSA number.

Fix dotnet#109971
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants