Skip to content

Comments

Don't hoist potentially invalid byrefs#124833

Closed
EgorBo wants to merge 4 commits intodotnet:mainfrom
EgorBo:fix-invalid-byrefs
Closed

Don't hoist potentially invalid byrefs#124833
EgorBo wants to merge 4 commits intodotnet:mainfrom
EgorBo:fix-invalid-byrefs

Conversation

@EgorBo
Copy link
Member

@EgorBo EgorBo commented Feb 24, 2026

Fixes #124807

Copilot AI review requested due to automatic review settings February 24, 2026 23:36
@github-actions github-actions bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Feb 24, 2026
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Feb 24, 2026

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Feb 24, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request fixes a critical GC crash issue where if-conversion was speculatively hoisting potentially invalid managed references (byrefs). The issue occurred when if-conversion transformed ternary operations involving null references (like Unsafe.NullRef<byte>()) into unconditionally evaluated code, leading to GC crashes.

Changes:

  • Added gtTreeMayHaveInvalidByrefs method to detect trees with potentially invalid byrefs
  • Integrated the check into if-conversion logic to skip conversion when invalid byrefs are detected
  • The fix prevents speculative hoisting of GC-typed nodes that could be invalid

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
src/coreclr/jit/ifconversion.cpp Added check to skip if-conversion when potentially invalid byrefs are detected in then or else branches
src/coreclr/jit/gentree.cpp Implemented gtTreeMayHaveInvalidByrefs method with tree visitor to detect potentially invalid GC-typed nodes
src/coreclr/jit/compiler.h Added declaration for the new static method gtTreeMayHaveInvalidByrefs

EgorBo and others added 2 commits February 25, 2026 03:58
@EgorBo
Update gentree.cpp
dd7799a
@EgorBo
Update src/coreclr/jit/ifconversion.cpp
81b10ba 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings February 25, 2026 02:58
@build-analysis build-analysis bot mentioned this pull request Feb 25, 2026
Open
3 tasks
Copilot AI reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

@build-analysis build-analysis bot mentioned this pull request Feb 25, 2026
Open
@EgorBo EgorBo closed this Feb 25, 2026
@EgorBo
Copy link
Member Author

EgorBo commented Feb 25, 2026

Too ad-hoc fix since we have more code paths where we might produce these (#124807 (comment))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@EgorBo EgorBo

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

ifConversion can hoist invalid managed references.

1 participant

@EgorBo