Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JIT: Illegal instruction at JitTest_chain_boxunbox_il.Test.Main() under DOTNET_JitStressRegs=0x2000 #112163

Open
saucecontrol opened this issue Feb 4, 2025 · 8 comments · May be fixed by #112217
Open

JIT: Illegal instruction at JitTest_chain_boxunbox_il.Test.Main() under DOTNET_JitStressRegs=0x2000 #112163

saucecontrol opened this issue Feb 4, 2025 · 8 comments · May be fixed by #112217
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Milestone
10.0.0

Comments

@saucecontrol
Copy link
Member

Description

Seen in two separate PRs on the runtime-coreclr jitstress-isas-avx512 pipeline.

https://dev.azure.com/dnceng-public/public/_build/results?buildId=939955 for #111778

and

https://dev.azure.com/dnceng-public/public/_build/results?buildId=939970 for #111853

Reproduction Steps

View logs for the above CI runs

22:36:26.039 Running test: JIT/Methodical/Boxing/boxunbox/chain_d/chain_d.dll
Fatal error. System.ExecutionEngineException: Illegal instruction: Attempted to execute an instruction code not defined by the processor.
   at JitTest_chain_boxunbox_il.Test.Main()
   at Program.<<Main>$>g__TestExecutor80|0_81(System.IO.StreamWriter, System.IO.StreamWriter, <>c__DisplayClass0_0 ByRef)
   at Program.<Main>$(System.String[])

22:45:42.226 Running test: JIT/Methodical/Boxing/boxunbox/chain_r/chain_r.dll
Fatal error. System.ExecutionEngineException: Illegal instruction: Attempted to execute an instruction code not defined by the processor.
   at JitTest_chain_boxunbox_il.Test.Main()
   at Program.<<Main>$>g__TestExecutor80|0_81(System.IO.StreamWriter, System.IO.StreamWriter, <>c__DisplayClass0_0 ByRef)
   at Program.<Main>$(System.String[])

Expected behavior

No failures

Actual behavior

Illegal Instruction crash

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Feb 4, 2025
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Feb 4, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

@saucecontrol
Copy link
Member Author

saucecontrol commented Feb 4, 2025
edited
Loading

Same instruction in both cases

00007ffc`9fb216b4 62c17e00104702  vmovss  xmm16,dword ptr [r15+8] ds:0000000a`be37d6d2=7ffc9e8f

00007ff8`7bef16b4 62c17e00104702  vmovss  xmm16,dword ptr [r15+8] ds:0000001c`6ed7d782=7ff87acc

Looks like the 00 4th byte is wrong.

@AndyAyersMS
Copy link
Member

cc @dotnet/jit-contrib

Likely from some of the recent xarch emitter changes?

@BruceForstall
Copy link
Member

Maybe #108796? @Ruihan-Yin

@Ruihan-Yin
Copy link
Contributor

I can reproduce the bug locally, looking into it.

@Ruihan-Yin
Copy link
Contributor

The wrong encoding comes from code pieces like this:

Image

JIT did the codegen in the form of vmovss xmm, xmm, m32, but this instructions does not actually have this form.

Image

It looks more like a code gen problem, instead of encoding bug, where INS_movss should not hit emitIns_R_R_A path.

From the stack, I believe the bug is from genCodeForCast, that when ins is vmovss, the code gen function should be sth other than emitIns_R_R_A.

Image

@saucecontrol
Copy link
Member Author

saucecontrol commented Feb 5, 2025
edited
Loading

Ah, this may have been exposed by #111595 then.

That one showed some removed float->double->float casts in the diffs, but those may have actually ended up as float->float in some cases, and this looks suspect:

runtime/src/coreclr/jit/instr.cpp

Line 2481 in 2faef6d

return ins_Move_Extend(TYP_FLOAT, false);

@Ruihan-Yin
Copy link
Contributor

I can try to fix and file a PR for it if there is no ongoing work for this bug. It will be nice to have it fixed since some of our PRs are also hitting this problem.

Ruihan-Yin added a commit to Ruihan-Yin/runtime that referenced this issue Feb 5, 2025
@Ruihan-Yin
fix dotnet#112163
d58b028
@Ruihan-Yin Ruihan-Yin mentioned this issue Feb 5, 2025
Closed
@saucecontrol saucecontrol linked a pull request Feb 6, 2025 that will close this issue
Open
@dotnet-policy-service dotnet-policy-service bot added the in-pr There is an active PR which will close this issue when it is merged label Feb 6, 2025
@amanasifkhalid amanasifkhalid removed the untriaged New issue has not been triaged by the area owner label Feb 6, 2025
@amanasifkhalid amanasifkhalid added this to the 10.0.0 milestone Feb 6, 2025
@kunalspathak kunalspathak mentioned this issue Feb 6, 2025
Merged
@anthonycanino anthonycanino mentioned this issue Feb 10, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI in-pr There is an active PR which will close this issue when it is merged
Projects
None yet
Milestone
10.0.0
Development

Successfully merging a pull request may close this issue.

JIT: Fix illegal instruction encoding for float->float casts saucecontrol/runtime
5 participants
@saucecontrol @AndyAyersMS @BruceForstall @amanasifkhalid @Ruihan-Yin