RFR: 8331575: C2: crash when ConvL2I is split thru phi at LongCountedLoop
Roland Westrelin
roland at openjdk.org
Fri May 3 12:51:19 UTC 2024
In the test case:
long i;
for (; i > 0; i--) {
res += 42 / ((int) i);
The long counted loop phi has type `[1..100]`. As a consequence, the
`ConvL2I` also has type `[1..100]`. The `DivI` node that follows can't
fault: it is not guarded by a zero check and has no control set.
The `ConvL2I` is split through phi and so is the `DiVI` node:
`PhaseIdealLoop::cannot_split_division()` returns true because the
value coming from the backedge into the `DivI` (when it is about to be
split thru phi) is the result of the `ConvL2I` which has type
`[1..100`] so is not zero as far as the compiler can tell.
On the last iteration of the loop, i is 1. Because the DivI was split
thru Phi, it computes the value for the following iteration, so for i
= 0. This causes a crash when the compiled code runs.
The same problem can't happen with an int counted loop because logic
in `PhaseIdealLoop::split_thru_phi()` prevents a `ConvI2L` from being
split thru phi. I propose to fix this the same way: in the test case,
it's not true that once the `ConvL2I` is split thru phi it keeps type
`[1..100]`. The fix is fairly conservative because it's base on the
existing logic for `ConvI2L`: we would want to not split a `ConvL2I`
only a counted loopd but. I suppose the same is true for the `ConvI2L`
and I thought it would be best to revisit both together.
-------------
Commit messages:
- test and fix
Changes: https://git.openjdk.org/jdk/pull/19086/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=19086&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8331575
Stats: 68 lines in 2 files changed: 66 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/19086.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/19086/head:pull/19086
PR: https://git.openjdk.org/jdk/pull/19086
More information about the hotspot-compiler-dev
mailing list