[Fuzzlyn] Jump into the middle of handler region

[tannergooding]

Error

The error reproduces on both regular x86 and in AltJit clrjit_win_x86_x64.dll

Jump into the middle of handler region: BB10 branches to BB11

Assert failure(PID 855144 [0x000d0c68], Thread: 812212 [0xc64b4]): Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main()' during 'Unroll loops' (IL size 111; hash 0xcb019401; FullOpts)

    File: D:\Users\tagoo\source\repos\runtime_base\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
    Image: D:\Users\tagoo\source\repos\runtime_base\artifacts\bin\coreclr\windows.x64.Checked\CoreRun.exe
ERROR:
Assert failure(PID 855144 [0x000d0c68], Thread: 812212 [0xc64b4]): Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main()' during 'Unroll loops' (IL size 111; hash 0xcb019401; FullOpts)

    File: D:\Users\tagoo\source\repos\runtime_base\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
    Image: D:\Users\tagoo\source\repos\runtime_base\artifacts\bin\coreclr\windows.x64.Checked\CoreRun.exe

Repro

// Generated by Fuzzlyn v1.5 on 2023-02-06 00:41:34
// Run on X86 Windows
// Seed: 12611629827253727687
// Reduced from 444.9 KiB to 1.1 KiB in 00:13:23
// Hits JIT assert in Release:
// Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Unroll loops' (IL size 131; hash 0xade6b36b; FullOpts)
// 
//     File: D:\a\_work\1\s\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
// 
public interface I0
{
}

public class C0 : I0
{
    public sbyte F3;
}

public class Program
{
    public static ushort s_11;
    public static bool[][] s_18;
    public static C0 s_26;
    public static short[] s_42;
    public static void Main()
    {
        short vr7 = default(short);
        for (int vr8 = 0; vr8 < 0; vr8++)
        {
            try
            {
                System.Console.WriteLine(32767);
            }
            finally
            {
                I0 vr9 = new C0();
            }
        }

        for (int vr10 = 0; vr10 < 0; vr10++)
        {
            if (s_18[0][0])
            {
                var vr11 = s_26.F3;
            }
            else
            {
                System.Console.WriteLine(0);
            }

            if (!((ushort)(-s_11++) >= 0))
            {
                vr7 = vr7;
                try
                {
                    vr7 = 0;
                }
                finally
                {
                    vr7 = s_42[0];
                }
            }
        }
    }
}

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch, @kunalspathak
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Error

The error reproduces on both regular x86 and in AltJit clrjit_win_x86_x64.dll

Jump into the middle of handler region: BB10 branches to BB11

Assert failure(PID 855144 [0x000d0c68], Thread: 812212 [0xc64b4]): Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main()' during 'Unroll loops' (IL size 111; hash 0xcb019401; FullOpts)

    File: D:\Users\tagoo\source\repos\runtime_base\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
    Image: D:\Users\tagoo\source\repos\runtime_base\artifacts\bin\coreclr\windows.x64.Checked\CoreRun.exe
ERROR:
Assert failure(PID 855144 [0x000d0c68], Thread: 812212 [0xc64b4]): Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main()' during 'Unroll loops' (IL size 111; hash 0xcb019401; FullOpts)

    File: D:\Users\tagoo\source\repos\runtime_base\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
    Image: D:\Users\tagoo\source\repos\runtime_base\artifacts\bin\coreclr\windows.x64.Checked\CoreRun.exe

Repro

// Generated by Fuzzlyn v1.5 on 2023-02-06 00:41:34
// Run on X86 Windows
// Seed: 12611629827253727687
// Reduced from 444.9 KiB to 1.1 KiB in 00:13:23
// Hits JIT assert in Release:
// Assertion failed '!"Jump into the middle of handler region"' in 'Program:Main(Fuzzlyn.ExecutionServer.IRuntime)' during 'Unroll loops' (IL size 131; hash 0xade6b36b; FullOpts)
// 
//     File: D:\a\_work\1\s\src\coreclr\jit\fgdiagnostic.cpp Line: 2609
// 
public interface I0
{
}

public class C0 : I0
{
    public sbyte F3;
}

public class Program
{
    public static ushort s_11;
    public static bool[][] s_18;
    public static C0 s_26;
    public static short[] s_42;
    public static void Main()
    {
        short vr7 = default(short);
        for (int vr8 = 0; vr8 < 0; vr8++)
        {
            try
            {
                System.Console.WriteLine(32767);
            }
            finally
            {
                I0 vr9 = new C0();
            }
        }

        for (int vr10 = 0; vr10 < 0; vr10++)
        {
            if (s_18[0][0])
            {
                var vr11 = s_26.F3;
            }
            else
            {
                System.Console.WriteLine(0);
            }

            if (!((ushort)(-s_11++) >= 0))
            {
                vr7 = vr7;
                try
                {
                    vr7 = 0;
                }
                finally
                {
                    vr7 = s_42[0];
                }
            }
        }
    }
}

Author:	tannergooding
Assignees:	-
Labels:	area-CodeGen-coreclr
Milestone:	-

[jakobbotsch]

Fallout from #80353?

[tannergooding]

@jakobbotsch, it's certainly possible but given the checks are vr8 < 0 and vr10 < 0 it wouldn't be my first guess.

#80353 simply updated the current limit from 1 (which should cover those checks) to 4.