Skip to content

Fix GC hole with rorx instruction #114467

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 10, 2025
Merged

Fix GC hole with rorx instruction #114467

merged 1 commit into from
Apr 10, 2025

Conversation

@BruceForstall
Copy link
Contributor

The rorx instruction uses format IF_RWR_ARD_CNS. This format was not handled when killing GC refs in emitOutputAM.

I added other cases of register write "ARD" address mode formats to the same case as "defense in depth" -- most or all of them are probably SIMD instructions with SIMD destination registers, and won't go down this code path.

Diffs include cases in the HardwareIntrinsics tests, but also in the libraries code, for both x64 and x86.

Fixes #114445

@BruceForstall
Fix GC hole with rorx instruction
5ca8f19 
The `rorx` instruction uses format IF_RWR_ARD_CNS. This format was not
handled when killing GC refs in `emitOutputAM`.

I added other cases of register write "ARD" address mode formats
to the same case as "defense in depth" -- most or all of them are
probably SIMD instructions with SIMD destination registers, and won't go
down this code path.

Diffs include cases in the HardwareIntrinsics tests, but also in the
libraries code, for both x64 and x86.
@ghost ghost added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Apr 10, 2025
Copilot AI reviewed Apr 10, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

src/coreclr/jit/emitxarch.cpp:15334

  • Ensure that the newly added case labels (IF_RWR_ARD_CNS, IF_RRW_ARD_CNS, etc.) correctly trigger the GC reference update as intended and that there are no side effects in the emitter's GC handling logic.
case IF_RWR_ARD_CNS:

@dotnet-policy-service
Copy link
Contributor

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

@BruceForstall
Copy link
Contributor Author

The bug was introduced with #111778, cc @saucecontrol

@BruceForstall
Copy link
Contributor Author

@kunalspathak @tannergooding PTAL
cc @dotnet/jit-contrib @dotnet/avx512-contrib

tannergooding
tannergooding reviewed Apr 10, 2025
View reviewed changes
src/coreclr/jit/emitxarch.cpp
{
switch (id->idInsFmt())
{
case IF_RWR_ARD:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and other places likely shouldn't be switching on the format at all. The emitfmtsxarch.h entries (https://github.com/dotnet/runtime/blob/main/src/coreclr/jit/emitfmtsxarch.h) all have relevant flags indicating whether given registers a read, write, or read-write (tracked via IS_INFO).

We should probably have this be, instead:

if (id->idIsReg1Write())
{
    emitGCregDeadUpd(id->idReg1(), dst);
}

if (id->idIsReg2Write())
{
    emitGCregDeadUpd(id->idReg2(), dst);
}

Technically we also define idIsReg3Write() and idIsReg4Write() for parity, but these are completely unused today and could be commented out.

Realistically we could be centralizing these checks for all instructions in some emitGCregDeadUpd(id, dst) helper given we don't need to be checking specific formats at all, which seems much more robust and less error prone.

tannergooding
tannergooding approved these changes Apr 10, 2025
View reviewed changes
Copy link
Member

@tannergooding tannergooding left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM as it appears to fix the issue, but I think in general this is still error prone and could be made significantly more robust if we centralized the GC updates for all emitted instructions using the IS_INFO available for each instrDesc

@BruceForstall
Copy link
Contributor Author

I agree that a more robust, generalized checking refactoring would be good. It also seems weird to call emitInsCanOnlyWriteSSE2OrAVXReg instead of just checking the register number to determine if it's a GPR or not (and it seems bad that emitInsCanOnlyWriteSSE2OrAVXReg has a list of instructions that might write GPRs, which it already has a comment about generalizing).

@BruceForstall BruceForstall merged commit a9374b4 into dotnet:main Apr 10, 2025
112 checks passed
@BruceForstall BruceForstall deleted the Fix114445 branch April 10, 2025 04:42
@github-actions github-actions bot locked and limited conversation to collaborators May 10, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@tannergooding tannergooding tannergooding approved these changes

@kunalspathak kunalspathak Awaiting requested review from kunalspathak

Assignees

@BruceForstall BruceForstall

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Assert failure: !CREATE_CHECK_STRING(!"Detected use of a corrupted OBJECTREF. Possible GC hole.")

2 participants

@BruceForstall @tannergooding