|
| BUG in optimized JIT compiler |
|
|
|
|
| Messages |
|
Related Types |
This message was discovered on microsoft.public.dotnet.framework.
Responses highlighted in red are from those people who are likely to be able to contribute good, authoratitive information to this discussion. They include Microsoft employees, MVP's and others who IMHO contribute well to these kinds of discussions.
| Andreas Suurkuusk |
| GOOD ANSWER |
Hi,
I've found a bug in the JIT compiler that occurs when performing a bitwise
AND with 0xff.
When JITting optimized code the JITter optimizes the AND by moving the
operand into a register and then retrieving the zero extended byte part of
the register.
E.g:
b = a & 0xff; becomes
mov eax, a
movzx ebx, al
mov b, ebx
The problem is that the JITter sometimes uses registers without a byte part
(i.e. edi, esi, ebp) for this operation. When it tries to retrieve the byte
part of for instance edi, it will use bh instead of the non-existing edi(l),
thus retrieving a completely wrong value.
Below is a small class that can be used to test this behaviour. It should
output the value 7, but in all my tests I have received the value 5, since
the second data (data1) is retrieved from bh which is 0 in this case.
NOTE! The code has to be compiled with the /o+ option. Plus, it can't be run
under a debugger since that will turn off the optimization, to view the
generated x86 use System.Diagnostics.Debugger.Break() at a suitable
location.
Below the CSharp code is the JIT compiled x86 code for TestIt().
using System;
class JitBugTest
{
byte[] data = new byte[] { 1, 2, 4 };
int index;
int GetNextData()
{
return data[index++];
}
/// <summary>
/// Adds three bytes retrieved using GetNextData, which should add up to 7.
/// </summary>
/// <returns>Should return 7</returns>
int TestIt()
{
int data0 = GetNextData() & 0xff;
int data1 = GetNextData() & 0xff;
int data2 = GetNextData() & 0xff;
return data0 +data1 + data2;
}
static void Main(string[] args)
{
JitBugTest test = new JitBugTest();
int val = test.TestIt(); // Val should be 7
Console.WriteLine( val.ToString() );
}
}
Here comes the x86 code:
int TestIt()
{
int byte0 = GetNextData() & 0xff;
00000000 push edi
00000001 push esi
00000002 push ebx
00000003 mov esi,dword ptr [ecx+4]
00000006 mov edi,esi
00000008 mov edx,dword ptr [ecx+8]
0000000b lea eax,[edx+1]
0000000e mov dword ptr [ecx+8],eax
00000011 cmp edx,dword ptr [edi+4]
00000014 jae 0000005A
00000016 movzx ebx,byte ptr [edi+edx+8]
0000001b movzx eax,bl
0000001e mov ebx,eax
int byte1 = GetNextData() & 0xff;
00000020 mov edx,dword ptr [ecx+8]
00000023 lea eax,[edx+1]
00000026 mov dword ptr [ecx+8],eax
00000029 cmp edx,dword ptr [esi+4]
0000002c jae 0000005A
0000002e movzx edi,byte ptr [esi+edx+8] ; --- ERROR:
Can't use edi to AND with 0xff
00000033 movzx eax,bh ; ---
ERROR: Can't use bh to retrieve low byte of edi
00000036 mov edi,eax
int byte2 = GetNextData() & 0xff;
00000038 mov edx,dword ptr [ecx+8]
0000003b lea eax,[edx+1]
0000003e mov dword ptr [ecx+8],eax
00000041 cmp edx,dword ptr [esi+4]
00000044 jae 0000005A
00000046 movzx edx,byte ptr [esi+edx+8]
0000004b movzx eax,dl
0000004e mov edx,eax
return byte0 + byte1 + byte2;
00000050 add ebx,edi
return byte0 + byte1 + byte2;
00000052 add ebx,edx
00000054 mov eax,ebx
00000056 pop ebx
00000057 pop esi
00000058 pop edi
00000059 ret
0000005a xor ecx,ecx
0000005c call 763A1207
00000061 int 3
If this is not a known bug I hope someone at Microsoft will report it so
that it will be fixed in future versions.
Andreas Suurkuusk
SciTech Software AB
|
|
|
| |
|
|
| |
| |
| Egbert Nierop \(MVP for IIS\) (VIP) |
| GOOD ANSWER |
Obvious q:
Suppose that you tested this with Sp2?
--
|
|
|
| |
|
|
| |
| |
| Andreas Suurkuusk |
| GOOD ANSWER |
Yes,
All versions: No service pack, SP1 and SP2. Same result.
/Andreas
"Egbert Nierop (MVP for IIS)" <Click here to reveal e-mail address> skrev i meddelandet
news:#h#02arQCHA.2268@tkmsftngp10...
[Original message clipped]
|
|
|
| |
|
|
| |
|
|
| |
| Jacob Yang |
| GOOD ANSWER |
Hi Andreas,
You can report a bug to Microsoft at the following URL.
http://support.microsoft.com/default.aspx?scid=fh;en-us;feedback
Thanks,
Jacob Yang
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. ? 2001 Microsoft Corporation. All rights
reserved
|
|
|
| |
|
|
| |
|
|
|
|
|
|
|
|
BootFX
Reliable and powerful .NET application framework. |
|
|
|
|
|
|
