Infinite loop inside CodeGen::genCreateAddrMode while JIT optimizing

[vmpsoft]

Description

We are developing obfuscation tool for .NET application and found the problem inside .NET runtime.

Reproduction Steps

The runtime stucks while optimizing the method D607A317::5807B4B7 from Publish.dll
Publish.zip

Expected behavior

Console.WriteLine("Hello` world!");
Console.ReadKey();

Actual behavior

The application stucks.

Regression?

No response

Known Workarounds

No response

Configuration

No response

Other information

No response

[dotnet-policy-service]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

[AndyAyersMS]

@vmpsoft which version of .NET were you using?

[vmpsoft]

DLL was compiled for .NET 7.0 and I tested it with the latest .NET runtime (7.0.20).

[AndyAyersMS]

Per https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core .NET 7 is out of support.

Nonetheless we'll investigate.

Can you repro this on .NET 8?

[vmpsoft]

The problem also exists in ,NET 8.0:
Example.zip

The debugger shows the same function from clrjit.dll:
public: virtual bool __cdecl CodeGen::genCreateAddrMode(struct GenTree *, bool, bool *, struct GenTree **, struct GenTree **, unsigned int *, __int64 *)

[EgorBo]

Yeah it does look like an infinite loop:

[0x0]   clrjit!GenTree::IsIntCnsFitsInI32+0x3   0x201717c7c8   0x7ff93fde118b   
[0x1]   clrjit!CodeGen::genCreateAddrMode+0x14b   0x201717c7d0   0x7ff93fdc736f   
[0x2]   clrjit!Lowering::TryCreateAddrMode+0xaf   0x201717c810   0x7ff93fdcee72   
[0x3]   clrjit!Lowering::LowerAdd+0x7cc   (Inline Function)   (Inline Function)   
[0x4]   clrjit!Lowering::LowerNode+0x8b2   0x201717c960   0x7ff93fdce37b   
[0x5]   clrjit!Lowering::LowerBlock+0x1b   (Inline Function)   (Inline Function)   
[0x6]   clrjit!Lowering::DoPhase+0x8b   0x201717cba0   0x7ff93fd7ddf1   
[0x7]   clrjit!Phase::Run+0x20   (Inline Function)   (Inline Function)   
[0x8]   clrjit!Compiler::compCompile+0x1381   0x201717cbd0   0x7ff93fe28745   
[0x9]   clrjit!Compiler::compCompileHelper+0x345   0x201717d420   0x7ff93fe27b4f   
[0xa]   clrjit!Compiler::compCompile+0x24f   0x201717d500   0x7ff93fdd0975   
[0xb]   clrjit!jitNativeCode+0x265   0x201717d600   0x7ff93fe4c476   
[0xc]   clrjit!CILJit::compileMethod+0xa6   0x201717d7a0   0x7ff9433289fe   
[0xd]   coreclr!invokeCompileMethodHelper+0x70   (Inline Function)   (Inline Function)   
[0xe]   coreclr!invokeCompileMethod+0xb0   (Inline Function)   (Inline Function)   
[0xf]   coreclr!UnsafeJitFunction+0x7ee   0x201717d840   0x7ff943315507   
[0x10]   coreclr!MethodDesc::JitCompileCodeLocked+0xef   0x201717dde0   0x7ff943315327   
[0x11]   coreclr!MethodDesc::JitCompileCodeLockedEventWrapper+0x17b   0x201717df30   0x7ff943314ffc   
[0x12]   coreclr!MethodDesc::JitCompileCode+0x2bc   0x201717e0c0   0x7ff9433256b4   
[0x13]   coreclr!MethodDesc::PrepareILBasedCode+0x177   (Inline Function)   (Inline Function)   
[0x14]   coreclr!MethodDesc::PrepareCode+0x177   (Inline Function)   (Inline Function)   
[0x15]   coreclr!CodeVersionManager::PublishVersionableCodeIfNecessary+0x2b4   0x201717e170   0x7ff943324b38   
[0x16]   coreclr!MethodDesc::DoPrestub+0x138   0x201717e5d0   0x7ff9433248d9   
[0x17]   coreclr!PreStubWorker+0x1f9   0x201717e6e0   0x7ff94345d085   
[0x18]   coreclr!ThePreStub+0x55   0x201717e880   0x7ff8e38d1be9   
[0x19]   Publish!F0BA0825..ctor+0x229   0x201717e930   0x7ff8e38d1965   
[0x1a]   Publish!12869E39.5D0CB029+0x35   0x201717e9d0   0x7ff94345bd43   
[0x1b]   coreclr!CallDescrWorkerInternal+0x83   0x201717ea10   0x7ff943390ac9   
[0x1c]   coreclr!CallDescrWorkerWithHandler+0x56   (Inline Function)   (Inline Function)   
[0x1d]   coreclr!MethodDescCallSite::CallTargetWorker+0x2a1   0x201717ea50   0x7ff94338d6e0   
[0x1e]   coreclr!MethodDescCallSite::Call+0xb   (Inline Function)   (Inline Function)   
[0x1f]   coreclr!RunMainInternal+0x11c   0x201717eb90   0x7ff9433b2ff6   
[0x20]   coreclr!RunMain+0xd2   0x201717ecb0   0x7ff9433b332b   
[0x21]   coreclr!Assembly::ExecuteMainMethod+0x1bf   0x201717ed60   0x7ff943309141   
[0x22]   coreclr!CorHost2::ExecuteAssembly+0x281   0x201717f030   0x7ff94341e9e8   
[0x23]   coreclr!coreclr_execute_assembly+0xd8   0x201717f1a0   0x7ff9954d2b76   
[0x24]   hostpolicy!coreclr_t::execute_assembly+0x2a   (Inline Function)   (Inline Function)   
[0x25]   hostpolicy!run_app_for_context+0x596   0x201717f240   0x7ff9954d2e5c   
[0x26]   hostpolicy!run_app+0x3c   0x201717f3d0   0x7ff9954d379a   
[0x27]   hostpolicy!corehost_main+0x15a   0x201717f410   0x7ff9af18da09   
[0x28]   hostfxr!execute_app+0x2e9   0x201717f510   0x7ff9af18ff86   
[0x29]   hostfxr!`anonymous namespace'::read_config_and_execute+0xa6   0x201717f5f0   0x7ff9af19207c   
[0x2a]   hostfxr!fx_muxer_t::handle_exec_host_command+0x16c   0x201717f6e0   0x7ff9af190553   
[0x2b]   hostfxr!fx_muxer_t::execute+0x483   0x201717f790   0x7ff9af188390   
[0x2c]   hostfxr!hostfxr_main_startupinfo+0xa0   0x201717f8d0   0x7ff7211800fa   
[0x2d]   apphost!exe_start+0x85a   0x201717f9d0   0x7ff721180586   
[0x2e]   apphost!wmain+0x1c6   0x201717fba0   0x7ff721181ad8   
[0x2f]   apphost!invoke_main+0x22   (Inline Function)   (Inline Function)   
[0x30]   apphost!__scrt_common_main_seh+0x10c   0x201717fc10   0x7ff9d08d257d   
[0x31]   KERNEL32!BaseThreadInitThunk+0x1d   0x201717fc50   0x7ff9d254af28   
[0x32]   ntdll!RtlUserThreadStart+0x28   0x201717fc80   0x0   

It seems to be this loop:

runtime/src/coreclr/jit/codegencommon.cpp

Line 1173 in de3c892

AGAIN:

Presumably some weird IL generated by the obfuscator?

[EgorBo]

The problematic method is F0BA0825+0389DF9D:.ctor():this