Skip to content

crash in BackwardPass::ReverseCopyProp #6762

New issue
New issue
Open
Open
crash in BackwardPass::ReverseCopyProp#6762
Labels
Bug
@zhunki

Description

@zhunki
zhunki
opened on Dec 14, 2021

the following poc will crash the latest build on ubuntu.

function opt() {
	let v4 = 9;
	for (let v5 = 0; v5 < v4; v5 = v5 / v4) {
		v4 = v5;
	}
	const v6 = v4--;
}
for(i = 0;i < 1000; i++){
	opt();
}

#0 0x0000555555e96e6d in BackwardPass::ReverseCopyProp(IR::Instr*) ()
#1 0x0000555555e90fb5 in BackwardPass::ProcessBlock(BasicBlock*) ()
#2 0x0000555555e8d66d in BackwardPass::OptBlock(BasicBlock*) ()
#3 0x0000555555e8cf1e in BackwardPass::Optimize() ()
#4 0x0000555555d485ca in GlobOpt::BackwardPass(Js::Phase) ()
#5 0x0000555555d488a8 in GlobOpt::Optimize() ()
#6 0x0000555555d4155f in Func::TryCodegen() ()
#7 0x0000555555d4125c in Func::Codegen(Memory::JitArenaAllocator*, JITTimeWorkItem*, ThreadContextInfo*, ScriptContextInfo*, JITOutputIDL*, Js::EntryPointInfo*, FunctionJITRuntimeInfo const*, JITTimePolymorphicInlineCacheInfo*, void*, Js::ScriptContextProfiler*, bool) ()
#8 0x0000555555cc0e29 in NativeCodeGenerator::CodeGen(Memory::PageAllocatorBase<Memory::VirtualAllocWrapper, Memory::SegmentBaseMemory::VirtualAllocWrapper, Memory::PageSegmentBaseMemory::VirtualAllocWrapper >, CodeGenWorkItemIDL, JITOutputIDL&, bool, Js::EntryPointInfo*) ()
#9 0x0000555555cc10cd in NativeCodeGenerator::CodeGen(Memory::PageAllocatorBase<Memory::VirtualAllocWrapper, Memory::SegmentBaseMemory::VirtualAllocWrapper, Memory::PageSegmentBaseMemory::VirtualAllocWrapper >, CodeGenWorkItem, bool) ()
#10 0x0000555555cc1953 in NativeCodeGenerator::Process(JsUtil::Job*, JsUtil::ParallelThreadData*) ()
#11 0x0000555555cd4a0e in JsUtil::BackgroundJobProcessor::Process(JsUtil::Job*, JsUtil::ParallelThreadData*) ()
#12 0x0000555555cd4b15 in JsUtil::BackgroundJobProcessor::Run(JsUtil::ParallelThreadData*) ()
#13 0x0000555555cd3a47 in JsUtil::BackgroundJobProcessor::StaticThreadProc(void*) ()
#14 0x000055555571f9fd in CorUnix::CPalThread::ThreadEntry(void*) ()
#15 0x00007ffff7aa2609 in start_thread (arg=) at pthread_create.c:477
#16 0x00007ffff7857293 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Metadata

Metadata

Assignees

No one assigned

    Labels

    Bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions