RFR: 8320308: C2 compilation crashes in LibraryCallKit::inline_unsafe_access

Tobias Holenstein tholenstein at openjdk.org
Tue Jul 9 18:03:42 UTC 2024 

We failed in `LibraryCallKit::inline_unsafe_access()` while trying to inline `Unsafe::getShortUnaligned`. 
https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/test/hotspot/jtreg/compiler/parsing/TestUnsafeArrayAccessWithNullBase.java#L86
The reason is that base (the array) is `ConP #null` hidden behind two `CheckCastPP` with `speculative=byte[int:>=0]`

We call `Node* adr = make_unsafe_address(base, offset, type, kind == Relaxed);`
https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2361
- with **base** = `147  CheckCastPP` 
-  `118  ConP  === 0  [[[ 106 101 71 ] #null`
![fail](https://github.com/openjdk/jdk/assets/71546117/180e61e7-baa3-4274-842e-5ae94c4d73b6)

Depending on the **offset** we go two different paths in `LibraryCallKit::make_unsafe_address` which both lead to the same error in the end. 
1. For `UNSAFE.getShortUnaligned(array, 1_049_000)` we get kind = `Type::AnyPtr` because `offset >= os::vm_page_size()`.  Since we assume base can't be null we insert an assert:
https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2111

2. whereas for `UNSAFE.getShortUnaligned(array, 1)` we get kind = `Type:: OopPtr`
https://github.com/openjdk/jdk/blob/c17fa910cf3bad48547a3f0d68a30795ec3194e6/src/hotspot/share/opto/library_call.cpp#L2078
and insert a null check
https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2090
In both cases we return call `basic_plus_adr(..)` on a base being `top()` which returns **adr** =  `1  Con  === 0  [[ ]]  #top`

https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2386 => `_gvn.type(adr)` is _top_

https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2394 => `adr_type` is _nullptr_

https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2405-L2406 => `BasicType bt` is  _T_ILLEGAL_

https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2424 => we fail here with `SIGSEGV: null pointer dereference` because `alias_type->adr_type()` is _nullptr_

### Fix
the fix is to bailed out in this case
https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2361-L2364


**Testing**: tier1-4 pass

-------------

Commit messages:
 - less iterantions
 - update CompileCommand
 - Merge branch 'JDK-8320308' of github.com:tobiasholenstein/jdk into JDK-8320308
 - Update UnsafeArrayAccess.java
 - move test
 - comments
 - improve comments
 - more comments
 - Update UnsafeArrayAccess.java
 - add IgnoreUnrecognizedVMOptions
 - ... and 3 more: https://git.openjdk.org/jdk/compare/3e3f83f6...34c6e0de

Changes: https://git.openjdk.org/jdk/pull/20033/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=20033&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8320308
  Stats: 118 lines in 2 files changed: 117 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/20033.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/20033/head:pull/20033

PR: https://git.openjdk.org/jdk/pull/20033

More information about the hotspot-compiler-dev mailing list