RFR: JDK-8277060: EXCEPTION_INT_DIVIDE_BY_ZERO in TypeAryPtr::dump2 with -XX:+TracePhaseCCP

Wed Jun 29 18:40:40 UTC 2022

On Mon, 27 Jun 2022 08:45:19 GMT, Tobias Holenstein <tholenstein at openjdk.org> wrote:

> `-XX:+TracePhaseCCP`fails in `TypeAryPtr::dump2` when `_offset` >= `header_size` and the basic type of the array element (`elem()->basic_type()`) is `T_ILLEGAL`: This case needs to be handled separately and print `+any`. Otherwise calling `type2aelembytes(T_ILLEGAL)` would lead to an out of array access because `T_ILLEGAL` has int value 99 and `_type2aelembytes[]` only has size 20. That `type2aelembytes(T_ILLEGAL)` returns zero and therefore triggers the `EXCEPTION_INT_DIVIDE_BY_ZERO` was luck. Therefore an assert was added to `type2aelembytes` to catch out-of bound accesses.
> 
> In the test case node `827 CMoveP` has base type `T_ILLEGAL` because `elem()->base()`  is `Type::Bottom`. Normally an array would have either type `int[]` or `long[]`. Because we assign it to `Object`, the `Object` has type `bottom[int:1]:NotNull` because the is no common supertype of `long[int:1]:NotNull:exact` and `int[int:1]:NotNull:exact`. In normal Java we could not copy the `Object srcArrLocal ` to `int[] dstArr`, because we would need to access `srcArrLocal[]` which is not possible for `Object` - But using `UNSAFE.copyMemory` this is allowed. Therefore the printing code has to be adjusted to support this case
> 
> https://github.com/openjdk/jdk/blob/6605d1614db2de302ebaf90863dcd2585b5c27ba/test/hotspot/jtreg/compiler/debug/TestTracePhaseCCP.java#L49-L51
> 
> ![T_ILLEGAL](https://user-images.githubusercontent.com/71546117/176450705-12d4dc5c-f80d-4a7f-ae60-d71ddd089678.png)

Good.

-------------

Marked as reviewed by kvn (Reviewer).

PR: https://git.openjdk.org/jdk/pull/9295