RFR: 8316414: C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86

Roland Westrelin roland at openjdk.org
Tue Sep 26 08:54:49 UTC 2023


`GraphKit::new_array()` computes the maximum array length as:


BasicType bt = ary_type->isa_aryptr()->elem()->array_element_basic_type();
jint max = TypeAryPtr::max_array_length(bt);


while `AllocateArrayNode::make_ideal_length()` calls
`TypeAryPtr::narrow_size_type()` which in turn uses:


jint max_hi = max_array_length(elem()->basic_type());


That is, one uses `elem()->array_element_basic_type()` and the other
`elem()->basic_type()`. As a result, the test that guarantees a new
array allocation doesn't exceed the maximum array size and the
`CastII` that narrows the length on the success path for the
allocation don't use the same maximum array size values. The `CastII`
one is lower and it is transformed to top. The fallthrough path should
die but doesn't.

-------------

Commit messages:
 - fix & test

Changes: https://git.openjdk.org/jdk/pull/15914/files
 Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=15914&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8316414
  Stats: 49 lines in 2 files changed: 48 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/15914.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/15914/head:pull/15914

PR: https://git.openjdk.org/jdk/pull/15914


More information about the hotspot-compiler-dev mailing list