RFR: 8257624: C2: PhaseMacroExpand::eliminate_macro_nodes() crashes on out-of-bounds access into macro node array
Vladimir Ivanov
vlivanov at openjdk.java.net
Wed Dec 2 19:26:04 UTC 2020
Elimination of a single macro node may trigger removal of some other macro nodes (e.g., see `PhaseMacroExpand::process_users_of_allocation()` which can eliminate `AllocateCopy` if it is a user of `Allocate` node being scalar replaced). But `PhaseMacroExpand::eliminate_macro_nodes()` doesn't take it into account: it iterates over the array backwards one by one and if it is unfortunate to eliminate multiple elements when it is at the very end of the array, it crashes on an out-of-bounds access.
The fix is to adjust current position on every iteration. If there are multiple elements removed, current position can point at an element which is already processed, but that's benign.
Testing:
- [x] failing tests
- [x] hs-tier-1-6 w/ -XX:+AlwaysIncrementalInline
-------------
Commit messages:
- 8257624: C2: PhaseMacroExpand::eliminate_macro_nodes() crashes on out-of-bounds access into macro node array
Changes: https://git.openjdk.java.net/jdk/pull/1572/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=1572&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8257624
Stats: 8 lines in 1 file changed: 6 ins; 0 del; 2 mod
Patch: https://git.openjdk.java.net/jdk/pull/1572.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/1572/head:pull/1572
PR: https://git.openjdk.java.net/jdk/pull/1572
More information about the hotspot-compiler-dev
mailing list