Closed vpenades closed 4 years ago
Proof of concept to reproduce the exception:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net462</TargetFramework>
<Platforms>x64</Platforms>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="System.Numerics.Vectors" Version="4.5.0" />
</ItemGroup>
</Project>
using System;
using System.Numerics;
namespace JitCrashPOC
{
class Program
{
static void Main(string[] args)
{
Console.WriteLine("Hello World!");
var map = new ItemRunner();
map.UpdateItem(0,10);
}
}
class Item
{
public Vector3 _Position = new Vector3(0.0f, 0.0f, 0.0f);
}
class ItemRunner
{
public ItemRunner()
{
for (int i = 0; i < _Pool.Length; ++i) { _Pool[i] = new Item(); }
}
private const float _LenghtZ = 1000.0f;
private static readonly Vector3 _Start = new Vector3(0.0f, -1021.7f, -3451.3f);
private static readonly Vector3 _Slope = new Vector3(0.0f, 0.286f, 0.958f);
private Item[] _Pool = new Item[30];
private Item _LastGenerated;
public void UpdateItem(float fDelta, int depth)
{
if (depth == 0) return;
for (int i = 0; i < _Pool.Length; i++)
{
var vDelta = _Slope * fDelta;
if (_LastGenerated != null) _Pool[i]._Position = _LastGenerated._Position - _Slope * _LenghtZ;
else _Pool[i]._Position = _Start - vDelta;
_LastGenerated = _Pool[i];
}
UpdateItem(0, depth-1);
}
}
}
@briansull Seems related to dotnet/coreclr#18775
Assert failure(PID 3372 [0x00000d2c], Thread: 14092 [0x370c]): Assertion failed '!"Bad type in gtNewZeroConNode"' in 'JitCrashPOC.ItemRunner:UpdateItem(float,int):this' (IL size 142)
File: d:\projects\coreclr\src\jit\gentree.cpp Line: 6108
Image: D:\Projects\coreclr\bin\Product\Windows_NT.x64.Checked\CoreRun.exe
I am testing a fix
PR dotnet/coreclr#19065 addresses this issue
Thanks for the fix.
So, do you have an estimation of when it will be available for end users?
Fix is now checked in to master
vpenades - Is it the case that you want this fix on the desktop CLR?
Yes, the crash was initially reported on an end users machine.
What I don't know is if the crash happened because the compiler generatea bad IL, in which case I guess the fix will come with the next VS2017 update... Or the .Net JIT generated bad native code...
The issue occurs in the .Net JIT compiler, when it finds a method that it can optimize in a special way, by turning a recursive call into a method that uses a loop instead of tail-recursion. The method also must be using the SIMD types such as Vector3.
Here's the callstack dump:
Assembly code:
Other relevant info:
I'll post any other info I can get.