Skip to content

[release/6.0] Fix JIT using too wide indirections when returning small structs #68379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
carlossanlop merged 8 commits into from
May 5, 2022
Merged

[release/6.0] Fix JIT using too wide indirections when returning small structs #68379

carlossanlop merged 8 commits into from
May 5, 2022

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Apr 22, 2022
edited by jakobbotsch
Loading

Backport of #68160 to release/6.0

/cc @jakobbotsch

Customer Impact

When returning small structs (< 4 bytes) by indirection (field/array access or pointer/byref dereference), the JIT may instead read 4 bytes from the address. If the address is at the end of a page boundary this may lead to segfault/access violation. Reported by customers in #64802 and #68157.

Testing

Regression test included.

Risk

Low; affects behavior only when directly returning indirections of small structs by reading the correct number of bytes.

@ghost ghost added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Apr 22, 2022
@ghost
Copy link

ghost commented Apr 22, 2022

Tagging subscribers to this area: @JulieLeeMSFT
See info in area-owners.md if you want to be subscribed.

Issue Details

Backport of #68160 to release/6.0

/cc @jakobbotsch

Customer Impact

Testing

Risk

IMPORTANT: If this change touches code that ships in a NuGet package, please make certain that you have added any necessary package authoring and gotten it explicitly reviewed.

Author: github-actions[bot]
Assignees: -
Labels:

area-CodeGen-coreclr
Milestone: -

@JulieLeeMSFT JulieLeeMSFT added this to the 6.0.x milestone May 3, 2022
@JulieLeeMSFT
Copy link
Member

JulieLeeMSFT commented May 3, 2022

@jeffschwMSFT for servicing consider request.

jeffschwMSFT
jeffschwMSFT approved these changes May 3, 2022
View reviewed changes
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved. Can you provide example code and how likely we think that this occurs? We will take for consideration for 6.0.x

@carlossanlop
Copy link
Contributor

carlossanlop commented May 3, 2022

@jeffschwMSFT missing servicing approved label.

@jeffschwMSFT jeffschwMSFT added the Servicing-consider Issue for next servicing release review label May 3, 2022
@jakobbotsch
Copy link
Member

jakobbotsch commented May 4, 2022

Approved. Can you provide example code and how likely we think that this occurs? We will take for consideration for 6.0.x

The miscompilation itself is common. We have 155 cases of the miscompilation in our own libraries when crossgenning.

Code that reproduces the issue looks like:

struct S
{
  <fields so that `S` has size 1 or 2>
}

S SomeFunction()
{
   return <code that is a memory read of `S`, e.g. accessing a field or array of type `S`>;
}

Note that the memory access has to be directly under the return.

The rare part is hitting an actual issue due to the too wide read, which requires the memory address to be right at the end of a page, with the next page not being committed. I believe we have not seen this issue once in our own testing. But we did have two customer reports in #64802 and #68157. The symptom of this is access violation/segfault.

The fix here is to instead of typing a small struct indirection as TYP_INT, we type it as the primitive of the correct type. So it is a very small change in the produced IR which is why I consider the risk low.

@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels May 5, 2022
@rbhanda rbhanda modified the milestones: 6.0.x, 6.0.6 May 5, 2022
@carlossanlop carlossanlop merged commit 819dfb9 into release/6.0 May 5, 2022
@carlossanlop carlossanlop deleted the backport/pr-68160-to-release/6.0 branch May 5, 2022 17:41
@ghost ghost locked as resolved and limited conversation to collaborators Jun 4, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jeffschwMSFT jeffschwMSFT jeffschwMSFT approved these changes

@AndyAyersMS AndyAyersMS AndyAyersMS approved these changes

@JulieLeeMSFT JulieLeeMSFT JulieLeeMSFT approved these changes

Assignees

@jakobbotsch jakobbotsch

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI Servicing-approved Approved for servicing release

Projects

None yet

Milestone

6.0.6

Development

Successfully merging this pull request may close these issues.

7 participants

@JulieLeeMSFT @carlossanlop @jakobbotsch @jeffschwMSFT @AndyAyersMS @rbhanda