RFR: 8323682: C2: guard check is not generated in Arrays.copyOfRange intrinsic when allocation is eliminated by EA
Vladimir Kozlov
kvn at openjdk.org
Mon Mar 25 16:58:29 UTC 2024
On Mon, 25 Mar 2024 13:28:32 GMT, Daniel Lundén <dlunden at openjdk.org> wrote:
> The library intrinsic `_copyOfRange` does not add a guard for start indices that are larger than the length of the source arrays. Macro expansion of `ArrayCopy` nodes later adds such a guard, but in certain situations escape analysis may result in removing the `ArrayCopy` node before it is expanded. The result is incorrect behavior of the compiled program (as the missing guard may have relevant side effects, such as throwing an exception).
>
> ### Changeset
>
> - Add the missing guard (start index <= source array length).
> - Remove an unnecessary guard (end index >= 0) that holds as a result of the other guards. The updated set of guards then more closely follows the `copyOfRange` [Java API documentation](https://docs.oracle.com/en/java/javase/22/docs/api/java.base/java/util/Arrays.html#copyOfRange(U[],int,int,java.lang.Class)).
> - Add a regression test.
>
> ### Testing
>
> - [GitHub Actions](https://github.com/dlunde/jdk/actions/runs/8388044152)
> - tier1 to tier5 on windows-x64, linux-x64, linux-aarch64, macosx-x64, and macosx-aarch64.
src/hotspot/share/opto/library_call.cpp line 4323:
> 4321: // Bail out if either start or end is negative.
> 4322: generate_negative_guard(start, bailout, &start);
> 4323: generate_negative_guard(end, bailout, &end);
I think we need this check to avoid underflow in integer expression (end - start): (min_int - 1) == max_int
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18472#discussion_r1537911056
More information about the hotspot-compiler-dev
mailing list