Skip to content
This repository has been archived by the owner on Jan 23, 2023. It is now read-only.

Fix for potential bad tailcall code generation #1298

Merged
merged 1 commit into from Jul 29, 2015
Merged

Fix for potential bad tailcall code generation #1298

merged 1 commit into from Jul 29, 2015

Conversation

mmitche
Copy link
Member

@mmitche mmitche commented Jul 27, 2015

The JIT can potentially pass an incorrect parameter to a callee when optimizing a tail call. While updating a GT_LCL* node with lcl var num of temp passed to the tail call, we also need to change its opererand to GT_LCL_VAR.

Fixes #1296

@masonwheeler
Copy link

Nice work tracking this down! :)

@akoeplinger
Copy link
Member

Seems this is the same as in #1289 from TFS that was later rolled back?

dotnet-bot@838b043
dotnet-bot@0aef784

@masonwheeler
Copy link

Yeah, looks like it. Why did it get rolled back?

@mmitche
Copy link
Member Author

mmitche commented Jul 27, 2015

@masonwheeler Not quite sure, but here it is again :)

@hmemcpy
Copy link

hmemcpy commented Jul 27, 2015

Maybe we could ask @sivarv? :)

@mmdriley
Copy link

Should we include the regression test here or in a followup PR?

@mmitche
Copy link
Member Author

mmitche commented Jul 28, 2015

@mmdriley I've managed to narrow down a regression test, I'll have that included in the merge tomorrow morning :)

@danielgindi
Copy link

Wow you guys still haven't figured out why the bug is there, and why the fix was rolled back previously...?
This is really worrying.

@forki
Copy link

forki commented Jul 28, 2015

@danielgindi it looks like @sivarv wanted to fix dotnet/fsharp#536 (comment), but it wasn't the correct fix for that so I assume he rolled it back.

@danielgindi
Copy link

@forki Thanks for your response :-)

Btw, I love it that Microsoft has moved to Git!

@PeterMurdoch
Copy link

Thanks!

@brihter
Copy link

brihter commented Jul 28, 2015

I was just thinking, how come this didn't show up in the tests? It seems like this would blow up everywhere.

@danielgindi
Copy link

Nope. This blows up in production environment only, and only where there are function call which are the last statement in a function, and only when the optimizer decides to...

@brihter
Copy link

brihter commented Jul 28, 2015

This would imply the tests are either not run in "production environment" (meaning "Release" mode with "Optimize code" enabled) or there is no such test that would trigger the tail call opt.

@Rutix
Copy link

Rutix commented Jul 28, 2015

Or this case is such an edge case that one of the test just doesn't trigger it. They probably have added a test case now to their internal tests that hits this edge case. (Atleast I hope so ;))

@mmitche
Fix for potential bad tailcall code generation
99dc0f5 
The JIT can potentially pass an incorrect parameter to a callee when optimizing a tail call.  While updating a GT_LCL* node with lcl var num of temp passed to the tail call, we also need to change its opererand to GT_LCL_VAR.
@mmitche
Copy link
Member Author

mmitche commented Jul 28, 2015

Hey all, sorry for the delay in response. I have added the test case along with the fix.

The reason that the original fix was backed was for a few reasons:

  1. We wanted to check the fix directly into github rather than having it go across the mirror for visibility reasons
  2. We wanted to evaluate the fix further to see what kind of security impact it might have.

@richlander has posted a nice blog about the issue over at the MSDN dotnet blog: http://blogs.msdn.com/b/dotnet/archive/2015/07/28/ryujit-bug-advisory-in-the-net-framework-4-6.aspx

@brihter
Copy link

brihter commented Jul 29, 2015

Thank you @mmitche.

mmitche added a commit that referenced this pull request Jul 29, 2015
@mmitche
Merge pull request #1298 from mmitche/tail-call-fix
f579474 
Fix for potential bad tailcall code generation
@mmitche mmitche merged commit f579474 into dotnet:master Jul 29, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone