[release/9.0-staging] JIT: Fix invalid removal of explicit zeroing in methods without .localsinit #115568
+44
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR backports a fix to the JIT to address an issue where explicit zeroing of struct fields gets mistakenly removed in methods without .localsinit (when the SkipLocalsInit attribute is applied).
- Ensures explicit field zeroing is preserved by killing dependent assertions for dead fields.
- Adds a dedicated test case to validate the fix.
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.csproj | New test project configuration for JIT regression. |
| src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.cs | New test validating correct zeroing behavior. |
| src/coreclr/jit/morphblock.cpp | Introduces calls to kill dependent assertions in field-by-field initialization and copy paths to prevent incorrect removal of zeroing. |
Comments suppressed due to low confidence (2)
src/coreclr/jit/morphblock.cpp:409
- Double-check that killing dependent assertions here correctly targets only fields that are truly dead, ensuring that no valid assertions are unintentionally removed.
m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));
src/coreclr/jit/morphblock.cpp:1238
- Verify that the use of fgKillDependentAssertionsSingle in the field-by-field copy logic is consistent with its use in the initialization routine and does not remove assertions that should be preserved.
m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));
jeffschwMSFT
approved these changes
May 14, 2025
EgorBo
approved these changes
May 14, 2025
This was referenced May 14, 2025
jeffschwMSFT
added
the
area-CodeGen-coreclr
|
Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch |
rbhanda
added
Servicing-approved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport of #115556 to release/9.0-staging
Customer Impact
The JIT may mistakenly remove explicit field zeroing for some struct fields in methods without .localsinit (e.g. by having the
SkipLocalsInitattribute applied in C#). This can happen when the IL first zero-initializes the full struct local using e.g.initobj, and then later zeroes a particular field of the struct local usingstfld. Under certain circumstances, the JIT mistakenly eliminates both explicit zeroings of the field, leaving no zero initialization present, resulting in the field containing stack garbage.Reported by customer in #113658.
Regression
This was exposed by support for cross-block assertion prop enabled in #94689.
Testing
Unit test added, and tested manually on user's test case.
Risk
Low