RFR: 8320308: C2 compilation crashes in LibraryCallKit::inline_unsafe_access [v4]
Tobias Holenstein
tholenstein at openjdk.org
Tue Sep 24 15:08:04 UTC 2024
> We failed in `LibraryCallKit::inline_unsafe_access()` while trying to inline `Unsafe::getShortUnaligned`.
> https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/test/hotspot/jtreg/compiler/parsing/TestUnsafeArrayAccessWithNullBase.java#L86
> The reason is that base (the array) is `ConP #null` hidden behind two `CheckCastPP` with `speculative=byte[int:>=0]`
>
> We call `Node* adr = make_unsafe_address(base, offset, type, kind == Relaxed);`
> https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2361
> - with **base** = `147 CheckCastPP`
> - `118 ConP === 0 [[[ 106 101 71 ] #null`
> <img width="470" alt="type" src="https://github.com/user-attachments/assets/cbe5497e-cb0c-4f8e-a5d5-7a6ee1157778">
>
> Depending on the **offset** we go two different paths in `LibraryCallKit::make_unsafe_address` which both lead to the same error in the end.
> 1. For `UNSAFE.getShortUnaligned(array, 1_049_000)` we get kind = `Type::AnyPtr` because `offset >= os::vm_page_size()`. Since we assume base can't be null we insert an assert:
> https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2111
>
> 2. whereas for `UNSAFE.getShortUnaligned(array, 1)` we get kind = `Type:: OopPtr`
> https://github.com/openjdk/jdk/blob/c17fa910cf3bad48547a3f0d68a30795ec3194e6/src/hotspot/share/opto/library_call.cpp#L2078
> and insert a null check
> https://github.com/openjdk/jdk/blob/34c6e0deac567c0f4ed08aa2824671551d843e95/src/hotspot/share/opto/library_call.cpp#L2090
> In both cases we return call `basic_plus_adr(..)` on a base being `top()` which returns **adr** = `1 Con === 0 [[ ]] #top`
>
> https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2386 => `_gvn.type(adr)` is _top_
>
> https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2394 => `adr_type` is _nullptr_
>
> https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2405-L2406 => `BasicType bt` is _T_ILLEGAL_
>
> https://github.com/openjdk/jdk/blob/3d5d51e228c19aa216451f647023101ae8bdbc79/src/hotspot/share/opto/library_call.cpp#L2424 => we fail here with `SIGSEGV: null pointer dereference` because `alias_type->adr_type()` is _nullptr_
>
> ### Fix (updated on 18th Sep 2024)
> The fix modifies the `LibraryCallKit::classify_unsafe_addr()`...
Tobias Holenstein has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains 18 additional commits since the last revision:
- from JDK-8340707 from ProblemList
- Merge remote-tracking branch 'origin/master' into JDK-8320308
- Merge remote-tracking branch 'origin/master' into JDK-8320308
- add another JTreg test with less flags
- Fix 2.0 : Add uncast in LibraryCallKit::classify_unsafe_addr
- less iterantions
- update CompileCommand
- Merge branch 'JDK-8320308' of github.com:tobiasholenstein/jdk into JDK-8320308
- Update UnsafeArrayAccess.java
- move test
- ... and 8 more: https://git.openjdk.org/jdk/compare/f9b5cc9c...79d8e96c
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/20033/files
- new: https://git.openjdk.org/jdk/pull/20033/files/5ba2d9e6..79d8e96c
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=20033&range=03
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=20033&range=02-03
Stats: 260761 lines in 3326 files changed: 210461 ins; 32393 del; 17907 mod
Patch: https://git.openjdk.org/jdk/pull/20033.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/20033/head:pull/20033
PR: https://git.openjdk.org/jdk/pull/20033
More information about the hotspot-compiler-dev
mailing list