[15] RFR: 8237894: CTW: C1 compilation fails with assert(x->type()->tag() == f->type()->tag()) failed: should have same type

Jamsheed C M jamsheed.c.m at oracle.com
Fri Mar 13 06:24:58 UTC 2020 

Hi,

updated the test, as i had excluded main from compilation also added 
other cases described in the comment.

webrev updated in place.

Best regards,

Jamsheed

On 12/03/2020 19:25, Jamsheed C M wrote:
> Hi Tobias, Aleksey,
>
> Did a little more research on this issue.
>
> Two cases+mitigation described below
>
> 1) Null based field access.
>    Value Numbering null based field access causes instructions to be 
> eliminated across type/subtypes.
>    Declared type of these instructions are field type, so it being 
> receiver causes problems to Type System.
>    To mitigate this issue, we hash declared type in addition to 
> existing hashing.
> 2) Null based indexed access.
>    Value Numbering null based indexed access causes instructions to be 
> eliminated across type/subtypes.
>    Element basic type in encoded in the access instruction, this 
> causes problems to Type system.
>    Declared type of these instructions are null, so it being receiver 
> doesn't cause any problem to Type System.
>    To mitigate this issue, we hash basic type in addition to existing 
> hashing
>
> in addition i disable inlining if recv is constant null
>
> I have included case 1&2 in the newly added test.
>
> revised webrev: http://cr.openjdk.java.net/~jcm/8237894/webrev.02/
>
> testing:mach5 hs-tier1-5( running, link in jbs)
>
> request for review and feedback
>
> Thanks and Best regards,
>
> Jamsheed
>
> On 17/02/2020 21:18, Jamsheed C M wrote:
>> Hi Tobias,
>>
>> from further analysis, it seems it  is not good idea to do this fix 
>> either, as it  can still cause arbitrary memory access an crashes 
>> even in production build in attempt resolving the method for inlining.
>>
>> so, i think it is better to disable the value numbering for null 
>> constants and stop inlining over it. assuming use of other use cases 
>> are limited and can have a performance penalty in those use cases.
>>
>> Best regards,
>>
>> Jamsheed
>>
>> On 17/02/2020 19:18, Jamsheed C M wrote:
>>> Hi Tobias,
>>>
>>> On 17/02/2020 18:34, Tobias Hartmann wrote:
>>>> On 17.02.20 13:34, Jamsheed C M wrote:
>>>>> i meant for null object field access or indexed access, the 
>>>>> instruction can match across subtypes*
>>>>> and get eliminated. which can still put us in awkward situation if 
>>>>> we try checking exact/declared
>>>>> types, which we normally don't do.
>>>>>
>>>>> *(as instruction types are erased types)
>>>> Right but it's not a problem with current code.
>>>
>>> i am guessing it, but i am not very sure from runtime side, if it 
>>> has asserts checking recv type and declared type of current 
>>> instruction (i.e resolve_invoke)
>>>
>>>>>>>> And given that, does your solution actually work with Object 
>>>>>>>> arrays?
>>>>>>> Yes, as we are asserting on elem instruction type for indexed 
>>>>>>> access.
>>>>>> But isn't it the case that with your change, a null from an 
>>>>>> MyObject1[] load still has the same hash
>>>>>> as a null from a MyObject2[] load because type()->tag() is the 
>>>>>> same? And wouldn't that still trigger
>>>>>> the assert?
>>>>> it wouldn't, instruction types are erased types. so sub types all 
>>>>> would match
>>>> Okay, I see. Thanks for the explanation.
>>>>
>>>> Webrev.01 seems reasonable to me but I think it would be good if 
>>>> someone with more C1 expertise
>>>> could take a look as well.
>>>
>>> sure.
>>>
>>> Best regards,
>>>
>>> Jamsheed
>>>
>>>>
>>>> Thanks,
>>>> Tobias

More information about the hotspot-compiler-dev mailing list