JIT: bail on flipping post-layout JTRUE when reversal needs new IR

[Copilot]

optOptimizePostLayout runs after LSRA and called gtReverseCond, which can fall back to wrapping the operand in a fresh GT_EQ(tree, 0). The new GT_INT_CON child is never inserted into the LIR, tripping found use of a node that is not in the LIR sequence in checked builds (reported by Fuzzlyn on linux-arm32). The fallback was also reached whenever LSRA inserted a GT_COPY/GT_RELOAD on top of the JTRUE operand, since the wrapper is not itself a comparison.

Description

• gentree.cpp / compiler.h — Extract gtTryReverseCond(GenTree*) -> bool that reverses compares, JCC/SETCC, JCMP/JTEST, and integral constants in place. gtReverseCond becomes a thin wrapper that adds the GT_EQ(tree, 0) fallback when in-place reversal isn't possible, preserving semantics for all existing callers.
• optimizer.cpp — In optOptimizePostLayout, peel GT_COPY/GT_RELOAD off the GT_JTRUE operand via gtSkipReloadOrCopy(), then use gtTryReverseCond and skip flipping the block if it returns false rather than mutating the LIR.
• src/tests/JIT/Regression/JitBlue/Runtime_127745 — Added a JIT regression test using the reduced repro from the Fuzzlyn report: a method with a do-while loop, try-finally, and a bitwise-OR of two comparisons that produces a SETCC result under a JTRUE.

GenTree* cond = test;
if (test->OperIs(GT_JTRUE))
{
    cond = test->gtGetOp1()->gtSkipReloadOrCopy();
}

if (!gtTryReverseCond(cond))
{
    continue;
}

[dotnet-policy-service]

Tagging subscribers to this area: @JulieLeeMSFT, @jakobbotsch
See info in area-owners.md if you want to be subscribed.

[Copilot]

Pull request overview

This PR adjusts late (post-LSRA) block-flipping in the CoreCLR JIT to avoid creating new IR nodes after LIR has been formed, by introducing an in-place-only condition reversal helper. This prevents LIR integrity failures when condition reversal would otherwise require synthesizing new IR (e.g., wrapping a non-compare in == 0) and also handles GT_COPY/GT_RELOAD wrappers introduced by LSRA on GT_JTRUE operands.

Changes:

• Add Compiler::gtTryReverseCond(GenTree*) -> bool to reverse supported conditions in-place (relops, JCC/SETCC, JCMP/JTEST, integral constants) without allocating new IR.
• Make gtReverseCond a thin wrapper that preserves existing behavior by falling back to creating GT_EQ(tree, 0) when in-place reversal isn’t possible.
• Update optOptimizePostLayout to (1) peel GT_COPY/GT_RELOAD off GT_JTRUE operands and (2) skip flipping a block when in-place reversal isn’t possible, rather than mutating LIR.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/coreclr/jit/optimizer.cpp	Switch post-layout flipping to use in-place-only reversal and bail out when reversal would require new IR; skip LSRA GT_COPY/GT_RELOAD wrappers for GT_JTRUE.
src/coreclr/jit/gentree.cpp	Introduce gtTryReverseCond and refactor gtReverseCond to use it, keeping the existing fallback semantics for other callers.
src/coreclr/jit/compiler.h	Declare the new gtTryReverseCond helper on Compiler.

[jakobbotsch]

cc @dotnet/jit-contrib PTAL @dhartglassMSFT

[dhartglassMSFT]

@copilot add the bug repro from 127745 as a JIT regression test

[Copilot]

@copilot add the bug repro from 127745 as a JIT regression test

Done in the latest commit. Added src/tests/JIT/Regression/JitBlue/Runtime_127745/Runtime_127745.cs with the reduced repro from the issue (do-while loop, try-finally, and the bitwise-OR condition that produces a SETCC). The test is registered in Regression_ro_2.csproj. Since the regression was a compile-time JIT assertion rather than wrong output, the test calls the method and catches the NullReferenceException from the null static fields.

[jakobbotsch]

I think it is unlikely that this test reproduces the original problem. Fuzzlyn found that we need a collectible ALC for the test (that impacts our codegen for static access), and that's a bit of a pain to set up correctly in the regression tests. I would probably just skip the regression test and rely on the Fuzzlyn testing.

[dhartglassMSFT]

sounds good, change LGTM, if you need another signoff after presumably removing the cs and csproj changes let me know