[jdk17] RFR: 8269285: Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998 [v3]
Vladimir Ivanov
vlivanov at openjdk.java.net
Wed Jun 30 17:02:43 UTC 2021
On Wed, 30 Jun 2021 16:44:31 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
>> See the bug report for more details.
>>
>> I believe the [JDK-8191998](https://bugs.openjdk.java.net/browse/JDK-8191998) change introduced a slight regression, where the speculative type join may empty the type. It would then crash on assert in `fastdebug` builds, or miscompile the null-check to `true` in `release` bits. New test captures both failure modes.
>>
>> This is not a recent regression, but a regression nevertheless, so I would like to have that fix in JDK 17. Please review carefully, or speak up if you want to move it to JDK 18+ and then backport later.
>>
>> Additional testing:
>> - [x] New test fails without the patch, passes with it
>> - [x] Linux x86_64 `fastdebug` `tier1`
>
> Aleksey Shipilev has updated the pull request incrementally with one additional commit since the last revision:
>
> Use filter_speculative
Looks good.
src/hotspot/share/opto/callGenerator.cpp line 1154:
> 1152: const Type* sig_type = TypeOopPtr::make_from_klass(signature->accessing_klass());
> 1153: if (arg_type != NULL && !arg_type->higher_equal(sig_type)) {
> 1154: const Type* recv_type = arg_type->filter_speculative(sig_type); // keep speculative parts
No need to adjust the comment: `sig_type` doesn't have speculative part (by construction).
-------------
Marked as reviewed by vlivanov (Reviewer).
PR: https://git.openjdk.java.net/jdk17/pull/169
More information about the hotspot-compiler-dev
mailing list