RFR: 8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86
Roland Westrelin
roland at openjdk.org
Tue Sep 26 08:54:49 UTC 2023
`GraphKit::new_array()` computes the maximum array length as:
BasicType bt = ary_type->isa_aryptr()->elem()->array_element_basic_type();
jint max = TypeAryPtr::max_array_length(bt);
while `AllocateArrayNode::make_ideal_length()` calls
`TypeAryPtr::narrow_size_type()` which in turn uses:
jint max_hi = max_array_length(elem()->basic_type());
That is, one uses `elem()->array_element_basic_type()` and the other
`elem()->basic_type()`. As a result, the test that guarantees a new
array allocation doesn't exceed the maximum array size and the
`CastII` that narrows the length on the success path for the
allocation don't use the same maximum array size values. The `CastII`
one is lower and it is transformed to top. The fallthrough path should
die but doesn't.
-------------
Commit messages:
- fix & test
Changes: https://git.openjdk.org/jdk/pull/15914/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15914&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8316414
Stats: 49 lines in 2 files changed: 48 ins; 0 del; 1 mod
Patch: https://git.openjdk.org/jdk/pull/15914.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/15914/head:pull/15914
PR: https://git.openjdk.org/jdk/pull/15914
More information about the hotspot-compiler-dev
mailing list