RFR: 8370939: C2: SIGSEGV in SafePointNode::verify_input when processing MH call from Compile::process_late_inline_calls_no_inline() [v7]

Roland Westrelin roland at openjdk.org
Tue Dec 2 09:13:38 UTC 2025 

> In test cases, `mh` is initially not constant so the method handle
> invoke can't be inlined. It is later found to be constant, so it can
> be turned into a direct call by
> `Compile::process_late_inline_calls_no_inline()`. In the meantime, the
> `CallNode` for the mh invoke is cloned (by loop switching). In the
> process, only a shallow copy of the `JVMState` for the call is
> made. The initial `CallNode` is the first to be processed by
> `Compile::process_late_inline_calls_no_inline()` and that causes that
> `CallNode` to become dead. The cloned `CallNode` is then
> processed. The `JVMState` for that one references the initial
> `CallNode` in its caller's `JVMState`. Because that node is dead, that
> causes a crash. The fix I propose is to make a deep copy of the
> `JVMState` when a `CallNode` is cloned, if a `CallGenerator` is
> assigned to the node.
> 
> The other failure I see with these tests is:
> 
> 
> #  Internal Error (/home/roland/jdk-jdk/src/hotspot/share/opto/compile.hpp:1091), pid=3319164, tid=3319186
> #  assert(_number_of_mh_late_inlines > 0) failed: _number_of_mh_late_inlines < 0 !
> 
> 
> because even though the `CallNode` is cloned, there's still only one
> late inline recorded. The fix here is to increment
> `_number_of_mh_late_inlines` when the node is cloned.
> 
> This was reported by the netty developers.

Roland Westrelin has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 11 additional commits since the last revision:

 - Merge branch 'master' into JDK-8370939
 - Merge branch 'master' into JDK-8370939
 - review
 - Merge branch 'master' into JDK-8370939
 - review
 - more
 - more
 - more
 - more
 - test
 - ... and 1 more: https://git.openjdk.org/jdk/compare/1b191400...64b11e6e

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/28088/files
  - new: https://git.openjdk.org/jdk/pull/28088/files/bf46ba3e..64b11e6e

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=28088&range=06
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=28088&range=05-06

  Stats: 19716 lines in 575 files changed: 12799 ins; 3715 del; 3202 mod
  Patch: https://git.openjdk.org/jdk/pull/28088.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/28088/head:pull/28088

PR: https://git.openjdk.org/jdk/pull/28088

More information about the hotspot-compiler-dev mailing list