RFR: 8267904: C2 crash when compile negative Arrays.copyOf length after loop [v2]

Hui Shi hshi at openjdk.java.net
Mon May 31 11:00:19 UTC 2021


On Mon, 31 May 2021 09:41:02 GMT, Hui Shi <hshi at openjdk.org> wrote:

>> src/hotspot/share/opto/library_call.cpp line 4474:
>> 
>>> 4472:           assert(prev->type()->is_int()->_lo == cur->type()->is_int()->_lo, "not same");
>>> 4473:           assert(prev->type()->is_int()->_hi == cur->type()->is_int()->_hi, "not same");
>>> 4474:         }
>> 
>> Is this really necessary? Have you seen cases with multiple identical CastII nodes? Or is it to be extra cautious?
>
> Thanks for your comment!
> 
> Multiple identical CastII node do happens and check is added to ensure they are identical CastIINodes. Cases are:
> 1. CastIINode created in GraphKit::new_array 
> 2. CastIINode might created before inline_arraycopy if GraphKit::load_array_length is invoked. If new array's length is loaded multiple times before System.arraycopy, there could be multiple CastIINode.

simple example

        byte[] result = new byte[len];   // first CastII in GraphKit::new_array
        System.arraycopy(path, begin, result, 0, result.length);  // second CastII  when processing "result.length"

-------------

PR: https://git.openjdk.java.net/jdk/pull/4238


More information about the hotspot-compiler-dev mailing list