Skip to content

[release/10.0] JIT: Handle FIELD_LIST for tailcall arg/parameter interference checks #122287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jakobbotsch wants to merge 3 commits into
base: release/10.0
Choose a base branch
from
Open

[release/10.0] JIT: Handle FIELD_LIST for tailcall arg/parameter interference checks #122287

jakobbotsch wants to merge 3 commits into from
+83 −4

Conversation

@jakobbotsch
Copy link
Member

@jakobbotsch jakobbotsch commented Dec 8, 2025
edited
Loading

Customer Impact

  • Customer reported
  • Found internally

The JIT may corrupt the values of arguments when forwarding parameters to other functions as part of a tailcall. Reported by customer in #122138.

Regression

  • Yes
  • No

This is a regression in .NET 10 where we started tailcalling in new scenarios not covered by some existing handling.

Testing

Regression test included.

Risk

Low. Detect the case in the existing handling and introduce additional defensive copies for it.

Copilot AI review requested due to automatic review settings December 8, 2025 12:46
@github-actions github-actions bot added the area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI label Dec 8, 2025
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Dec 8, 2025

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Dec 8, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes a JIT bug where tailcall argument values could be corrupted when forwarding parameters to other functions. The issue was a regression in .NET 10 where new tailcall scenarios exposed incomplete handling of FIELD_LIST operands in interference checks.

  • Introduces FirstOperand helper method to correctly traverse complex operand structures including FIELD_LIST
  • Updates tailcall argument interference detection to handle non-atomic copies (such as FIELD_LIST operands)
  • Adds regression test to verify the fix

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
src/tests/JIT/Regression/JitBlue/Runtime_122138/Runtime_122138.csproj Test project configuration for the regression test
src/tests/JIT/Regression/JitBlue/Runtime_122138/Runtime_122138.cs Regression test that reproduces the tailcall argument corruption scenario with nullable parameters
src/coreclr/jit/lower.h Declares new FirstOperand helper method
src/coreclr/jit/lower.cpp Implements FirstOperand helper and updates LowerFastTailCall to handle FIELD_LIST operands in interference checks

JulieLeeMSFT
JulieLeeMSFT approved these changes Dec 8, 2025
View reviewed changes
Copy link
Member

@JulieLeeMSFT JulieLeeMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@JulieLeeMSFT JulieLeeMSFT JulieLeeMSFT approved these changes

Assignees

@jakobbotsch jakobbotsch

Labels

area-CodeGen-coreclr CLR JIT compiler in src/coreclr/src/jit and related components such as SuperPMI

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jakobbotsch @JulieLeeMSFT