RFR: 8279219: [REDO] C2 crash when allocating array of size too large [v3]

Vladimir Ivanov vlivanov at openjdk.java.net
Thu Feb 10 19:17:11 UTC 2022 

On Tue, 1 Feb 2022 09:31:58 GMT, Roland Westrelin <roland at openjdk.org> wrote:

>> The new fix is largely similar to the previous one. 3 bugs were filed
>> because of the previous change but there are only really 2 issues:
>> 
>> - attaching the valid length condition at expansion time to the new
>>   array runtime call causes issues. With Shenandoah, passes of loop
>>   opts are executed after macro expansion but precedence edges are
>>   ignored when assigning controls to nodes which causes loop opts to
>>   incorrectly attempt to eliminate the node pointed to by the
>>   precedence edge. A similar issue occurs when the runtime call ends
>>   up in a subgraph that dies after macro expansion because the
>>   precedence edge is not cleared by dead code elimination which causes
>>   the runtime call to still be reachable. In the new patch, this is
>>   fixed by appending an extra input to the runtime call instead of
>>   using a precedence edge.
>> 
>> - In the previous patch, a top valid length input is used when there's
>>   no valid length input that needs to be recorded. That can cause an
>>   assert failure during CCP. If valid length initially has type top,
>>   the CatchNode out of the AllocateArray then have type (control,
>>   control). If next, the valid length input becomes constant 0, the
>>   CatchNode has type (top, control). An assert catches that the type
>>   of the CatchNode doesn't widen. This fixed by using 1 by default as
>>   valid length input and tweaking CatchNode::Value.
>> 
>> The new patch includes test cases for both issues.
>
> Roland Westrelin has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains five additional commits since the last revision:
> 
>  - review
>  - Merge branch 'master' into JDK-8279219
>  - review
>  - tests & fix
>  - Revert "8279204: [BACKOUT] JDK-8278413: C2 crash when allocating array of size too large"
>    
>    This reverts commit 04ad668921abbd71dfbc474eed6f1760f7a541b1.

src/hotspot/share/opto/graphKit.cpp line 3977:

> 3975:   Node* valid_length_test = _gvn.intcon(1);
> 3976:   if (ary_type->klass()->is_array_klass()) {
> 3977:     BasicType bt = ary_type->klass()->as_array_klass()->element_type()->basic_type();

FTR `array_element_basic_type()` is more appropriate here. 
`basic_type()` reports `T_INT` for all sub-word element types and it may lead to underestimation of maximum array length.

-------------

PR: https://git.openjdk.java.net/jdk/pull/6952

More information about the hotspot-compiler-dev mailing list