Integrated: 8336729: C2: Div/Mod nodes without zero check could be split through iv phi of outer loop of long counted loop nest resulting in SIGFPE

Christian Hagedorn chagedorn at openjdk.org
Tue Aug 20 15:49:58 UTC 2024 

On Thu, 15 Aug 2024 11:11:54 GMT, Christian Hagedorn <chagedorn at openjdk.org> wrote:

> The previous fix for preventing `Div/Mod` nodes to be split through iv phis when their divisor could become zero (see [JDK-8299259](https://bugs.openjdk.org/browse/JDK-8299259)) is not complete. Originally, we thought that it is enough to prevent a split through the phi if it belongs to a `BaseCountedLoop`:
> https://github.com/openjdk/jdk/blob/da7311bbe37c2b9632b117d52a77c659047820b7/src/hotspot/share/opto/loopopts.cpp#L302-L304
> 
> The reasoning behind this was that the iv phi type of `BaseCountedLoops` can be improved in such a way that it does not contain zero but the backedge input can include zero:
> https://github.com/openjdk/jdk/blob/da7311bbe37c2b9632b117d52a77c659047820b7/test/hotspot/jtreg/compiler/splitif/TestSplitDivisionThroughPhi.java#L69-L78
> 
> This optimization is not possible for `LoopNodes` where we know nothing about the number of iterations. 
> 
> However, there was an oversight: A `LongCountedLoop` is later split into an inner and an outer `LoopNode` where the inner loop is transformed into a `CountedLoop` while the outer loop stays a `LoopNode`. Both loops share the same optimized iv phi type as the original `LongCountedLoop`! Therefore, we can have the same situation as fixed in JDK-8299259 but with a `LoopNode` instead of a `CountedLoopNode` (see https://github.com/openjdk/jdk/pull/11900 for more details).
> 
> The simplest way to fix this is to extend the bailout fix of JDK-8299259 to not only apply to `BaseCountedLoopNodes` but to `LoopNodes` in general which is what I propose with this patch.
> 
> Thanks to @eme64 for extracting the original simpler reproducer to reproduce this problem easier. I've added an even simpler non-jasm reproducer in this patch in favor of the original jasm reproducer.
> 
> Thanks,
> Christian

This pull request has now been integrated.

Changeset: 55a97ec8
Author:    Christian Hagedorn <chagedorn at openjdk.org>
URL:       https://git.openjdk.org/jdk/commit/55a97ec8793242c0cacbafd3a4fead25cdce2934
Stats:     52 lines in 3 files changed: 45 ins; 0 del; 7 mod

8336729: C2: Div/Mod nodes without zero check could be split through iv phi of outer loop of long counted loop nest resulting in SIGFPE

Co-authored-by: Emanuel Peter <epeter at openjdk.org>
Reviewed-by: epeter, kvn, thartmann

-------------

PR: https://git.openjdk.org/jdk/pull/20594

More information about the hotspot-compiler-dev mailing list