Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DEREF_OF_NULL in /src/coreclr/jit/lsrabuild.cpp #93048

Closed
ellena13 opened this issue Oct 5, 2023 · 2 comments · Fixed by #94409
Closed

DEREF_OF_NULL in /src/coreclr/jit/lsrabuild.cpp #93048

ellena13 opened this issue Oct 5, 2023 · 2 comments · Fixed by #94409
Assignees
@jakobbotsch
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Milestone
9.0.0

Comments

@ellena13
Copy link

ellena13 commented Oct 5, 2023
edited
Loading

Pointer GenTree::gtGetOp1(...), that can have only NULL value, is passed as 1st parameter in call to function LinearScan::BuildUse

runtime/src/coreclr/jit/lsraxarch.cpp

Lines 211 to 216 in e40b3ab

if (tree->TypeGet() != TYP_VOID && tree->gtGetOp1() == nullptr)
{
assert(dstCount == 1);
BuildUse(tree->gtGetOp1());
BuildDef(tree);
}

where it is dereferenced at

runtime/src/coreclr/jit/lsrabuild.cpp

Lines 2929 to 2930 in e40b3ab

RefPosition* LinearScan::BuildUse(GenTree* operand, regMaskTP candidates, int multiRegIdx)
{

runtime/src/coreclr/jit/lsrabuild.cpp

Lines 2964 to 2967 in e40b3ab

if (operand->AsLclVar()->IsLastUse(multiRegIdx))
{
VarSetOps::RemoveElemD(compiler, currentLiveVars, fieldVarDsc->lvVarIndex);
}

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova.
@ghost ghost added the untriaged New issue has not been triaged by the area owner label Oct 5, 2023
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Oct 5, 2023
@ghost
Copy link

ghost commented Oct 5, 2023

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Issue Details

Description

Pointer GenTree::gtGetOp1(...), that can have only NULL value, is passed as 1st parameter in call to function LinearScan::BuildUse

runtime/src/coreclr/jit/lsraxarch.cpp

Lines 211 to 214 in e40b3ab

if (tree->TypeGet() != TYP_VOID && tree->gtGetOp1() == nullptr)
{
assert(dstCount == 1);
BuildUse(tree->gtGetOp1());

where it is dereferenced at

https://github.com/dotnet/runtime/blob/9476f404988e5f18ecdf99f19d9a4cb5a7bbb219/src/coreclr/jit/lsrabuild.cpp#L3202C1-L3204C1

https://github.com/dotnet/runtime/blob/9476f404988e5f18ecdf99f19d9a4cb5a7bbb219/src/coreclr/jit/lsrabuild.cpp#L3238C9-L3241C10

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova.

Reproduction Steps

.

Expected behavior

.

Actual behavior

.

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response

Author: ellena13
Assignees: -
Labels:

area-CodeGen-coreclr, untriaged
Milestone: -

@jakobbotsch
Copy link
Member

Looks like dead code, we don't have those kind of passthrough GT_NOP nodes in LIR.

@jakobbotsch jakobbotsch added this to the 9.0.0 milestone Oct 5, 2023
@jakobbotsch jakobbotsch self-assigned this Oct 5, 2023
@ghost ghost removed the untriaged New issue has not been triaged by the area owner label Oct 5, 2023
jakobbotsch added a commit to jakobbotsch/runtime that referenced this issue Nov 6, 2023
@jakobbotsch
JIT: Remove dead GT_NOP code in LSRA
88f70b9 
Rationalization removes all GT_NOP nodes, and we do not seem to
introduce any of these before LSRA (and especially not the typed
"passthrough" GT_NOP nodes). This code is just wrong for the passthrough
nodes, so just switch all the LSRA code to only handle potential void
NOPs.

Fix dotnet#93048
@jakobbotsch jakobbotsch mentioned this issue Nov 6, 2023
Merged
@ghost ghost added the in-pr There is an active PR which will close this issue when it is merged label Nov 6, 2023
jakobbotsch added a commit that referenced this issue Nov 7, 2023
@jakobbotsch
JIT: Remove dead GT_NOP code in LSRA (#94409)
85d3773 
Rationalization removes all GT_NOP nodes, and we do not seem to
introduce any of these before LSRA (and especially not the typed
"passthrough" GT_NOP nodes). This code is just wrong for the passthrough
nodes, so just switch all the LSRA code to only handle potential void
NOPs.

Fix #93048
@ghost ghost removed the in-pr There is an active PR which will close this issue when it is merged label Nov 7, 2023
@ghost ghost locked as resolved and limited conversation to collaborators Dec 7, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jakobbotsch jakobbotsch

Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI
Projects
None yet
Milestone
9.0.0
Development

Successfully merging a pull request may close this issue.

JIT: Remove dead GT_NOP code in LSRA jakobbotsch/runtime
2 participants
@jakobbotsch @ellena13