New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ARM32: runtime crash inside JIT #57061
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
I'm looking at this. |
The crash happens because the block that contains s_37.F5 = s_23.F3.F1.F4++; does not have SSA form built for it; it is unreachable from the entry and thus not part of the dominator tree. Later, we crash here when trying to query SSA information for it during value numbering: runtime/src/coreclr/jit/optimizer.cpp Lines 7247 to 7250 in f02d9ff
That's kind of strange, since that code runs only for IR nodes inside loops, and the snippet above is not inside a loop. However, in ARM32 the flow-graph is a little different due to different exception handling blocks being added compared to other platforms and then Not totally sure how to fix this. It's weird that we have this unreachable code sticking around, but that seems to be a consequence of the exception handlers inside the block and also seems to happen on other platforms (at least x86). Perhaps we should just be checking if the local has SSA form built for it in the value numbering code? Though it seems unfortunate to have to handle this case downstream. cc @dotnet/jit-contrib |
In x64 we do seem to be able to remove that unreachable block entirely, so not completely sure why it is left over in x86/ARM32. |
That seems to be a bug in |
When 'removing' a BBF_DONT_REMOVE block we change it to BBJ_THROW. After this it is possible that other blocks become unreachable, so we should keep looking for such blocks. In dotnet#57061 that manifested in a case where the unreachable block did not have SSA built for it, but downstream the compiler was relying on SSA being built. Fix dotnet#57061
When 'removing' a BBF_DONT_REMOVE block we change it to BBJ_THROW. After this it is possible that other blocks become unreachable, so we should keep looking for such blocks. In #57061 that manifested in a case where the unreachable block did not have SSA built for it, but downstream the compiler was relying on SSA being built. Fix #57061
The text was updated successfully, but these errors were encountered: