RFR: 8354282: C2: more crashes in compiled code because of dependency on removed range check CastIIs [v8]
Quan Anh Mai
qamai at openjdk.org
Mon Dec 8 07:41:01 UTC 2025
On Fri, 5 Dec 2025 14:02:14 GMT, Roland Westrelin <roland at openjdk.org> wrote:
>> src/hotspot/share/opto/castnode.hpp line 105:
>>
>>> 103: // All the possible combinations of floating/narrowing with example use cases:
>>> 104:
>>> 105: // Use case example: Range Check CastII
>>
>> I believe this is incorrect, a range check should be floating non-narrowing. It is only narrowing if the length of the array is a constant. It is because this cast encodes the dependency on the condition `index u< length`. This condition cannot be expressed in terms of `Type` unless `length` is a constant.
>
> Range check `CastII` were added to protect the `ConvI2L` in the address expression on 64 bits. The problem there was, in some cases, that the `ConvI2L` would float above the range check (because `ConvI2L` has no control input) and could end up with an out of range input (which in turn would cause the `ConvI2L` to become `top` in places where it wasn't expected).
> So `CastII` doesn't carry the control dependency of an array access on its range check. That dependency is carried by the `MemNode` which has its control input set to the range check.
> What you're saying, if I understand it correctly, would be true if the `CastII` was required to prevent an array `Load` from floating. But that's not the case.
Got it, sorry I misunderstood!
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/24575#discussion_r2597364668
More information about the hotspot-compiler-dev
mailing list