RFR: 8327963: C2: fix construction of memory graph around Initialize node to prevent incorrect execution if allocation is removed [v5]
Roberto Castañeda Lozano
rcastanedalo at openjdk.org
Wed May 21 10:05:56 UTC 2025
On Tue, 20 May 2025 14:50:36 GMT, Roland Westrelin <roland at openjdk.org> wrote:
> > I still think it would be good to include test cases to confirm that these are not only theoretical concerns, but that should not block the progress of this PR.
>
> Here is a test case:
>
> ```
> import java.util.Arrays;
>
> public class TestAllocNoUseBadMemoryState {
> private static volatile int volatileField;
>
> public static void main(String[] args) {
> boolean[] allTrue = new boolean[3];
> Arrays.fill(allTrue, true);
> A a = new A();
> boolean[] allFalse = new boolean[3];
> for (int i = 0; i < 20_000; i++) {
> a.field1 = 0;
> test1(a, allTrue);
> test1(a, allFalse);
> if (a.field1 != 42) {
> throw new RuntimeException("Lost Store");
> }
> }
> }
>
> private static void test1(A otherA, boolean[] flags) {
> if (flags == null) {
> }
> otherA.field1 = 42;
> for (int i = 0; i < 3; i++) {
> A a = new A();
> if (flags[i]) {
> break;
> }
> }
> }
>
> private static class A {
> int field1;
> }
> }
> ```
>
> where all the damage is done early on when EA runs. A pass of loop opts before EA fully unrolls the loop and creates memory `Phi`s with incorrect `adr_type` (raw memory). Then EA removes the allocation. All that keeps the `Store` to `field1` alive then is uncommon traps from template predicates. Once they are removed, the `Store` goes away (first round of loop opts after EA).
>
> I'll add that test case to the PR.
Thanks Roland for taking the time to research this, this failure really illustrates why the general solution proposed by this PR is needed.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/24570#issuecomment-2897374573
More information about the hotspot-compiler-dev
mailing list