[interpreter] Fix crash on empty switch instruction#126017
Open
radekdoulik wants to merge 1 commit intodotnet:mainfrom
Open
[interpreter] Fix crash on empty switch instruction#126017radekdoulik wants to merge 1 commit intodotnet:mainfrom
radekdoulik wants to merge 1 commit intodotnet:mainfrom
Conversation
The CEE_SWITCH handler called allocate(n) with n=0 for switch instructions with zero targets, triggering an assert in the arena allocator. Bail out early when n=0 since an empty switch is a no-op that just consumes the stack value. Fixes crash in JIT/Regression/CLR-x86-JIT/V1-M11-Beta1/b44946/b44946.il which contains a switch() with zero targets. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
radekdoulik
added
arch-wasm
Contributor
|
Tagging subscribers to this area: @BrzVlad, @janvorli, @kg |
26 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a crash in the CoreCLR interpreter compiler when encountering a CEE_SWITCH IL instruction with zero targets by avoiding a zero-sized allocation during switch table construction.
Changes:
- Add an early exit in the
CEE_SWITCHhandler whenn == 0(empty switch), treating it as a stack pop + fallthrough. - Prevent
getAllocator(...).allocate<T>(0)from being reached for empty switches.
BrzVlad
approved these changes
Mar 24, 2026
radekdoulik
changed the title
radekdoulik
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Note
This PR description was AI/Copilot-generated.
Summary
The interpreter's CEE_SWITCH handler crashes when compiling a
switchinstruction with zero targets (e.g.,switch ()in IL). The handler unconditionally callsallocate(n)withn=0, which triggersassert(size != 0)in the arena allocator.Fix
Bail out early when
n == 0since an empty switch is a no-op that just consumes the stack value — no INTOP_SWITCH instruction needs to be emitted.Test
Fixes crash in
JIT/Regression/CLR-x86-JIT/V1-M11-Beta1/b44946/b44946.ilwhich containsswitch()with zero targets. Verified the Regression_6 merged runner passes: 290 passed, 0 failed.