RFR: 8358751: C2: Recursive inlining check for compiled lambda forms is broken
Vladimir Ivanov
vlivanov at openjdk.org
Tue Aug 26 17:55:45 UTC 2025
Recursive inlining checks are relaxed for compiled LambdaForms. Since LambdaForms are heavily reused, the check is performed on `MethodHandle` receivers instead.
Unfortunately, the current implementation is broken. JVMState doesn't guarantee presence of receivers for caller frames.
An attempt to fetch pruned receiver reports unrelated info, but, in the worst case, it ends up as an out-of-bounds access into node's input array and crashes the JVM.
Proposed fix captures receiver information as part of inlining and preserves it on `JVMState` for every compiled LambdaForm frame, so it can be reliably recovered during subsequent inlining attempts.
Testing: hs-tier1 - hs-tier8
(Special thanks to @mroth23 who prepared a reproducer of the bug.)
-------------
Commit messages:
- fix
Changes: https://git.openjdk.org/jdk/pull/26891/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26891&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8358751
Stats: 76 lines in 4 files changed: 42 ins; 1 del; 33 mod
Patch: https://git.openjdk.org/jdk/pull/26891.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/26891/head:pull/26891
PR: https://git.openjdk.org/jdk/pull/26891
More information about the hotspot-compiler-dev
mailing list