RFR: 8370939: C2: SIGSEGV in SafePointNode::verify_input when processing MH call from Compile::process_late_inline_calls_no_inline() [v7]

Tobias Hartmann thartmann at openjdk.org
Tue Dec 2 12:51:05 UTC 2025 

On Tue, 2 Dec 2025 09:13:38 GMT, Roland Westrelin <roland at openjdk.org> wrote:

>> In test cases, `mh` is initially not constant so the method handle
>> invoke can't be inlined. It is later found to be constant, so it can
>> be turned into a direct call by
>> `Compile::process_late_inline_calls_no_inline()`. In the meantime, the
>> `CallNode` for the mh invoke is cloned (by loop switching). In the
>> process, only a shallow copy of the `JVMState` for the call is
>> made. The initial `CallNode` is the first to be processed by
>> `Compile::process_late_inline_calls_no_inline()` and that causes that
>> `CallNode` to become dead. The cloned `CallNode` is then
>> processed. The `JVMState` for that one references the initial
>> `CallNode` in its caller's `JVMState`. Because that node is dead, that
>> causes a crash. The fix I propose is to make a deep copy of the
>> `JVMState` when a `CallNode` is cloned, if a `CallGenerator` is
>> assigned to the node.
>> 
>> The other failure I see with these tests is:
>> 
>> 
>> #  Internal Error (/home/roland/jdk-jdk/src/hotspot/share/opto/compile.hpp:1091), pid=3319164, tid=3319186
>> #  assert(_number_of_mh_late_inlines > 0) failed: _number_of_mh_late_inlines < 0 !
>> 
>> 
>> because even though the `CallNode` is cloned, there's still only one
>> late inline recorded. The fix here is to increment
>> `_number_of_mh_late_inlines` when the node is cloned.
>> 
>> This was reported by the netty developers.
>
> Roland Westrelin has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 11 additional commits since the last revision:
> 
>  - Merge branch 'master' into JDK-8370939
>  - Merge branch 'master' into JDK-8370939
>  - review
>  - Merge branch 'master' into JDK-8370939
>  - review
>  - more
>  - more
>  - more
>  - more
>  - test
>  - ... and 1 more: https://git.openjdk.org/jdk/compare/8558ffcd...64b11e6e

Looks good to me. I submitted some testing and will report back once it passed.

src/hotspot/share/opto/compile.hpp line 1102:

> 1100: 
> 1101:   void mark_has_mh_late_inlines() { _has_mh_late_inlines = true; }
> 1102:   bool has_mh_late_inlines() const     { return _has_mh_late_inlines; }

Suggestion:

  bool has_mh_late_inlines() const { return _has_mh_late_inlines; }

-------------

Marked as reviewed by thartmann (Reviewer).

PR Review: https://git.openjdk.org/jdk/pull/28088#pullrequestreview-3529910175
PR Review Comment: https://git.openjdk.org/jdk/pull/28088#discussion_r2581026773

More information about the hotspot-compiler-dev mailing list