RFR: 8267904: C2 crash when compile negative Arrays.copyOf length after loop [v2]
Hui Shi
hshi at openjdk.java.net
Mon May 31 11:00:19 UTC 2021
On Mon, 31 May 2021 09:41:02 GMT, Hui Shi <hshi at openjdk.org> wrote:
>> src/hotspot/share/opto/library_call.cpp line 4474:
>>
>>> 4472: assert(prev->type()->is_int()->_lo == cur->type()->is_int()->_lo, "not same");
>>> 4473: assert(prev->type()->is_int()->_hi == cur->type()->is_int()->_hi, "not same");
>>> 4474: }
>>
>> Is this really necessary? Have you seen cases with multiple identical CastII nodes? Or is it to be extra cautious?
>
> Thanks for your comment!
>
> Multiple identical CastII node do happens and check is added to ensure they are identical CastIINodes. Cases are:
> 1. CastIINode created in GraphKit::new_array
> 2. CastIINode might created before inline_arraycopy if GraphKit::load_array_length is invoked. If new array's length is loaded multiple times before System.arraycopy, there could be multiple CastIINode.
simple example
byte[] result = new byte[len]; // first CastII in GraphKit::new_array
System.arraycopy(path, begin, result, 0, result.length); // second CastII when processing "result.length"
-------------
PR: https://git.openjdk.java.net/jdk/pull/4238
More information about the hotspot-compiler-dev
mailing list