JIT: fix incorrect scale in genCreateAddrMode + no-opt

[EgorBo]

Fixes #75312

The problem is basically an incorrect behavior of genCreateAddrMode for the following tree:

N009 ( 11,  9) [000008] -------N---                         *  ADD       int
N007 ( 10,  8) [000006] -------N---                         +--*  ADD       int
N001 (  3,  2) [000000] -c---------                         |  +--*  LCL_VAR   int    V00 arg0
N006 (  7,  6) [000005] -------N---                         |  \--*  LSH       int
N004 (  6,  5) [000003] -----------                         |     +--*  MUL       int
N002 (  1,  1) [000001] -----------                         |     |  +--*  CNS_INT   int    3
N003 (  1,  1) [000002] -c---------                         |     |  \--*  CNS_INT   int    0
N005 (  1,  1) [000004] -c---------                         |     \--*  CNS_INT   int    2
N008 (  1,  1) [000007] -c---------                         \--*  CNS_INT   int    1

for which, genCreateAddrMode returns:

base = arg0
idx = nullptr
scale = 0
offset = 4

while offset should be 1

[ghost]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Issue Details

---

Fixes #75312

The problem is basically in a tree:

N009 ( 11,  9) [000008] -------N---                         *  ADD       int
N007 ( 10,  8) [000006] -------N---                         +--*  ADD       int
N001 (  3,  2) [000000] -c---------                         |  +--*  LCL_VAR   int    V00 arg0
N006 (  7,  6) [000005] -------N---                         |  \--*  LSH       int
N004 (  6,  5) [000003] -----------                         |     +--*  MUL       int
N002 (  1,  1) [000001] -----------                         |     |  +--*  CNS_INT   int    3
N003 (  1,  1) [000002] -c---------                         |     |  \--*  CNS_INT   int    0
N005 (  1,  1) [000004] -c---------                         |     \--*  CNS_INT   int    2
N008 (  1,  1) [000007] -c---------                         \--*  CNS_INT   int    1

that is an address for IND, for which, genCreateAddrMode returns:

base = arg0
idx = nullptr
scale = 0
offset = 4

while offset should be 1

Author:	EgorBo
Assignees:	-
Labels:	area-CodeGen-coreclr
Milestone:	-

[EgorBo]

/azp run runtime-coreclr outerloop, runtime-coreclr jitstress, runtime-coreclr jitstressregs, runtime-coreclr gcstress0x3-gcstress0xc, Fuzzlyn

[azure-pipelines]

Azure Pipelines successfully started running 5 pipeline(s).

[JulieLeeMSFT]

@kunalspathak Please prioritize to review this PR before RC2 snap.
cc @dotnet/jit-contrib.

[kunalspathak]

/azp run runtime-coreclr outerloop, runtime-coreclr jitstress, runtime-coreclr jitstressregs, runtime-coreclr gcstress0x3-gcstress0xc, Fuzzlyn

Have you analyzed any of these failures and are there anything related?

[JulieLeeMSFT]

cc @jeffschwMSFT. Once we complete this PR, we will backport this to 7.0 and 6.0.

[AndyAyersMS]

Jit stress failures look like known issues:

• Test failure JIT\\Performance\\CodeQuality\\Roslyn\\CscBench\\CscBench.cmd #74900 (fix in PR)
• Test failure GC\\API\\GC\\GetTotalPauseDuration\\GetTotalPauseDuration.cmd #74631 (test was supposed to be disabled, but isn't yet)

[AndyAyersMS]

So the bug was an uninitialized local? How could we have not caught this before now?

[kunalspathak]

So the bug was an uninitialized local? How could we have not caught this before now?

That's exactly I was wondering. Why it needed complex C++ / CLI only to reproduce?

[EgorBo]

So the bug was an uninitialized local? How could we have not caught this before now?

Ah, no, that change is unrelated, let me remove the redundant initialization actually,
the problem is in zero scale, it's not respected.

[EgorBo]

Why it needed complex C++ / CLI only to reproduce?

It's not C++ specific, it's just that x * 0 rarely makes it to genAddrMode phase - when optimizations are enabled it's folded long before it reaches the phase. In debug mode it's hard to get it anyhow since e.g. Roslyn folds x * 0 to 0 even in Debug mode with <Optimize>false</Optimize> - that's why I wrote the test in IL.

This bug is a good example on why we need unit tests for jit phases

[kunalspathak]

the problem is in zero scale, it's not respected.

Make sense.

[kunalspathak]

LGTM

[kunalspathak]

So its ok to have tmpMul == 0 here from the else on line 1417 and not scale?

[EgorBo]

Looks like it can be but only if we also disable jit optimizations and write IL for array[1 + 2] because Roslyn will fold cns + cns too again (even in Debug mode).

[EgorBo]

Actually, let me run a few more tests, probably some parts of this logic can be just removed

[EgorBo]

@kunalspathak so I've slightly changed the logic - the whole block can be removed in theory but it produced several Tier0 regressions so I decided to keep it + special handled zero index or zero scale, so if optGetArrayRefScaleAndIndex returns either 0 or non-zero but index represents 0 then we drop the whole index part.

[kunalspathak]

What happens for !(rv2->OperIs(GT_MUL, GT_LSH) && (rv2->gtGetOp2()->IsCnsIntOrI())) where we set index = rv2?

else
{
    /* May be a simple array. rv2 will points to the actual index */

    index  = rv2;
    tmpMul = mul;
}

[EgorBo]

@kunalspathak good point, it explains a single regression in the jit-diffs, but overall the code as is correct, it's just that the block you highlighted handles constant index that is converted to constant offset (this path is never hit in optimized code from what I see)

[EgorBo]

Let me push a quick change

[EgorBo]

@kunalspathak should be correct now and zero diff

[kunalspathak]

LGTM. Just double check if there are zero diffs for all archs before merging.

[EgorBo]

Yeah, the diff is empty but there is a conflict

[EgorBo]

/backport to release/7.0

[github-actions]

Started backporting to release/7.0: https://github.com/dotnet/runtime/actions/runs/3048213131

[EgorBo]

@kunalspathak could you also approve the backport - #75560