Assert failure: Compiler optimization assumption invalid: FAILED: pMgr != 0

[BruceForstall]

Pipeline: runtime-coreclr libraries-jitstress
Configs:

• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-jitstress1-Windows.10.Amd64.Open
• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-jitstress1_tiered-Windows.10.Amd64.Open
• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-tailcallstress-Windows.10.Amd64.Open

Also in LibraryImportGenerator.Unit.Tests, same configs.

https://dev.azure.com/dnceng/public/_build/results?buildId=1807559&view=ms.vss-test-web.build-test-results-tab

Looks like a VSD assert.

@dotnet/jit-contrib JIT issue?

[ghost]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Pipeline: runtime-coreclr libraries-jitstress
Configs:

• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-jitstress1-Windows.10.Amd64.Open
• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-jitstress1_tiered-Windows.10.Amd64.Open
• System.Text.RegularExpressions.Unit.Tests, net7.0-windows-Release-x86-CoreCLR_checked-tailcallstress-Windows.10.Amd64.Open

https://dev.azure.com/dnceng/public/_build/results?buildId=1807559&view=ms.vss-test-web.build-test-results-tab

Looks like a VSD assert.

@dotnet/jit-contrib JIT issue?

Author:	BruceForstall
Assignees:	-
Labels:	area-CodeGen-coreclr, blocking-clean-ci-optional
Milestone:	7.0.0

[jkotas]

This looks like JIT stress issue. JIT stress converted delegate call to tailcall. This conversion is not valid when the delegate points to virtual interface method.

[BruceForstall]

@jakobbotsch Related to #69941? #70033?

[jakobbotsch]

Probably #70033, though it is curious that this seemingly used to work. Maybe something rotted in the period that the JIT helper was not being used.

[jakobbotsch]

@jkotas

This looks like JIT stress issue. JIT stress converted delegate call to tailcall. This conversion is not valid when the delegate points to virtual interface method.

What exactly do you mean by virtual interface method here? Do you mean any call that may go through VSD?

[jkotas]

Here is what is happening based on the crash dump:

// This delegate points to shuffle thunk that in turn points to VSD stub
// The VSD stub expects the callsite to be VSD DelegateCallSite.
var d = typeof(IFace).GetMethod("Method").CreateDelegate<Action<IFace>>();

var c = new ClassA();

// JIT stress converted this to tailcall. The callsite is not identified as 
// DelegateCallSite anymore and that's why we get the assert.
d(c); 

public class ClassA : IFace
{
    public virtual void Method() { Console.WriteLine("Method"); }
}

public interface IFace
{
    public void Method();
}

it is curious that this seemingly used to work.

These delegates pointing to VSD stubs are very rare. It is quite possible that it was broken for a long time and we just got lucky that the JIT stress did not hit it before.

[jakobbotsch]

These delegates pointing to VSD stubs are very rare. It is quite possible that it was broken for a long time and we just got lucky that the JIT stress did not hit it before.

I see, thanks for the example. In practice does this mean that tail prefixed delegate calls cannot be done through the old mechanism?

[jkotas]

Right.

It may be possible to fix up the x86 JIT_TailCall helper to handle this case, but I do not think that it is worth it.

[jakobbotsch]

The other half of why we may not have seen this before is that isCallRelativeIndirect inside StubCallSite::StubCallSite needs to pass, i.e. the tailcaller's caller need to be on the form call [rel32]. If that check does not pass the VSD resolver properly sees the call as a delegate call.