Skip to content

[release/9.0-staging] JIT: Fix invalid removal of explicit zeroing in methods without .localsinit#115568

Merged
jakobbotsch merged 3 commits intodotnet:release/9.0-stagingfrom
jakobbotsch:fix-113658-backport
May 22, 2025
Merged

[release/9.0-staging] JIT: Fix invalid removal of explicit zeroing in methods without .localsinit#115568
jakobbotsch merged 3 commits intodotnet:release/9.0-stagingfrom
jakobbotsch:fix-113658-backport

Conversation

@jakobbotsch
Copy link
Member

@jakobbotsch jakobbotsch commented May 14, 2025
edited
Loading

Backport of #115556 to release/9.0-staging

Customer Impact

  • Customer reported
  • Found internally

The JIT may mistakenly remove explicit field zeroing for some struct fields in methods without .localsinit (e.g. by having the SkipLocalsInit attribute applied in C#). This can happen when the IL first zero-initializes the full struct local using e.g. initobj, and then later zeroes a particular field of the struct local using stfld. Under certain circumstances, the JIT mistakenly eliminates both explicit zeroings of the field, leaving no zero initialization present, resulting in the field containing stack garbage.

Reported by customer in #113658.

Regression

  • Yes
  • No

This was exposed by support for cross-block assertion prop enabled in #94689.

Testing

Unit test added, and tested manually on user's test case.

Risk

Low

Copilot AI review requested due to automatic review settings May 14, 2025 16:22
Copilot AI reviewed May 14, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR backports a fix to the JIT to address an issue where explicit zeroing of struct fields gets mistakenly removed in methods without .localsinit (when the SkipLocalsInit attribute is applied).

  • Ensures explicit field zeroing is preserved by killing dependent assertions for dead fields.
  • Adds a dedicated test case to validate the fix.

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File Description
src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.csproj New test project configuration for JIT regression.
src/tests/JIT/Regression/JitBlue/Runtime_113658/Runtime_113658.cs New test validating correct zeroing behavior.
src/coreclr/jit/morphblock.cpp Introduces calls to kill dependent assertions in field-by-field initialization and copy paths to prevent incorrect removal of zeroing.
Comments suppressed due to low confidence (2)

src/coreclr/jit/morphblock.cpp:409

  • Double-check that killing dependent assertions here correctly targets only fields that are truly dead, ensuring that no valid assertions are unintentionally removed.
m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));

src/coreclr/jit/morphblock.cpp:1238

  • Verify that the use of fgKillDependentAssertionsSingle in the field-by-field copy logic is consistent with its use in the initialization routine and does not remove assertions that should be preserved.
m_comp->fgKillDependentAssertionsSingle(m_dstLclNum DEBUGARG(m_store));

@jakobbotsch jakobbotsch added the Servicing-consider Issue for next servicing release review label May 14, 2025
jeffschwMSFT
jeffschwMSFT approved these changes May 14, 2025
View reviewed changes
Copy link
Member

@jeffschwMSFT jeffschwMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. please get a code review. we will take for consideration in 9.0.x

@jeffschwMSFT jeffschwMSFT added this to the 9.0.x milestone May 14, 2025
@jakobbotsch jakobbotsch requested review from AndyAyersMS and EgorBo May 14, 2025 16:29
This was referenced May 14, 2025
Open
Open
@jeffschwMSFT jeffschwMSFT added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label May 15, 2025
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented May 15, 2025

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

@rbhanda rbhanda modified the milestones: 9.0.x, 9.0.7 May 20, 2025
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels May 20, 2025
@jakobbotsch jakobbotsch merged commit 331ddf9 into dotnet:release/9.0-staging May 22, 2025
105 of 110 checks passed
@jakobbotsch jakobbotsch deleted the fix-113658-backport branch May 22, 2025 18:38
@github-actions github-actions bot locked and limited conversation to collaborators Jun 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

Copilot code review Copilot Copilot left review comments

@EgorBo EgorBo EgorBo approved these changes

@jeffschwMSFT jeffschwMSFT jeffschwMSFT approved these changes

@AndyAyersMS AndyAyersMS Awaiting requested review from AndyAyersMS

Assignees

@jakobbotsch jakobbotsch

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI Servicing-approved Approved for servicing release

Projects

None yet

Milestone

9.0.7

Development

Successfully merging this pull request may close these issues.

4 participants

@jakobbotsch @EgorBo @jeffschwMSFT @rbhanda