RFR: 8348631: Crash in PredictedCallGenerator::generate after JDK-8347006

Tobias Hartmann thartmann at openjdk.org
Tue Jan 28 20:41:07 UTC 2025 

On Tue, 28 Jan 2025 13:10:37 GMT, Tobias Hartmann <thartmann at openjdk.org> wrote:

> We crash / assert during C2 compilation of intrinsics like `_getLength` because the cast emitted by the array guard added by [JDK-8347006](https://bugs.openjdk.org/browse/JDK-8347006) is folded to top:
> https://github.com/openjdk/jdk/blob/c33c1cfe7349ac657cd7bf54861227709d3c8f1b/src/hotspot/share/opto/library_call.cpp#L4302-L4305
> 
> This happens when C2's type system determines that the type of the object that we cast implements an interface other than `Serializable` or `Cloneable` and therefore can't be an array. This is possible since [JDK-8297933](https://bugs.openjdk.org/browse/JDK-8297933). Now unfortunately, control via the layout helper check is not (yet) folded due to:
> https://github.com/openjdk/jdk/blob/c33c1cfe7349ac657cd7bf54861227709d3c8f1b/src/hotspot/share/opto/memnode.cpp#L2215-L2223
> 
> This is probably an oversight from [JDK-8297933](https://bugs.openjdk.org/browse/JDK-8297933). Given that this is a regression in JDK 24, I'm going with a conservative approach of simply checking the cast for top and not using it if that's the case. In addition, I made the code more robust and added a compilation bailout (assert in debug) if an intrinsic produces a `top` result.
> 
> We should then properly fix this by making sure that the layout helper check is folded. I filed [JDK-8348853](https://bugs.openjdk.org/browse/JDK-8348853) for this.
> 
> Big thanks to @cushon for reporting this just in time for fixing in JDK 24!
> 
> Best regards,
> Tobias

Thanks for the reviews Emanuel and Vladimir!

> General question: how in other part of VM (runtime, gc) layout helper was changed for JDK-8297933?

@vnkozlov The layout helper was not changed but IIUC (@rwestrel, please correct me if I'm wrong), the type system has now enough information about interfaces that it can determine that casting an object implementing an interface to an array must be TOP. However, the layout helper check is not folded.

> I tested these changes against the original issue that prompted JDK-8348631, and everything looks good.

@cushon Thanks for checking!

-------------

PR Comment: https://git.openjdk.org/jdk/pull/23331#issuecomment-2620005934

More information about the hotspot-compiler-dev mailing list