RFR: 8354282: C2: more crashes in compiled code because of dependency on removed range check CastIIs [v4]

Christian Hagedorn chagedorn at openjdk.org
Tue Dec 2 13:54:34 UTC 2025 

On Wed, 26 Nov 2025 13:24:05 GMT, Christian Hagedorn <chagedorn at openjdk.org> wrote:

>> Roland Westrelin has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains nine commits:
>> 
>>  - review
>>  - review
>>  - Merge branch 'master' into JDK-8354282
>>  - review
>>  - infinite loop in gvn fix
>>  - renaming
>>  - merge
>>  - Merge branch 'master' into JDK-8354282
>>  - fix & test
>
> src/hotspot/share/opto/castnode.hpp line 120:
> 
>> 118:     // be removed in any case otherwise the sunk node floats back into the loop.
>> 119:     static const DependencyType NonFloatingNonNarrowing;
>> 120: 
> 
> I needed a moment to completely understand all these combinations. I rewrote the definitions in this process a little bit. Feel free to take some of it over:
> 
> 
>     // All the possible combinations of floating/narrowing with example use cases:
> 
>     // Use case example: Range Check CastII
>     // Floating: The Cast is only dependent on the single range check.
>     // Narrowing: The Cast narrows the type to a positive index. If the input to the Cast is narrower, we can safely
>     //            remove the cast because the array access will be safe.
>     static const DependencyType FloatingNarrowing;
> 
>     // Use case example: Widening Cast nodes' types after loop opts: We want to common Casts with slightly different types.
>     // Floating: These Casts only depend on the single control.
>     // NonNarrowing: Even when the input type is narrower, we are not removing the Cast. Otherwise, the dependency
>     //               to the single control is lost, and an array access could float above its range check because we
>     //               just removed the dependency to the range check by removing the Cast. This could lead to an
>     //               out-of-bounds access.
>     static const DependencyType FloatingNonNarrowing;
> 
>     // Use case example: An array accesses that is no longer dependent on a single range check (e.g. range check smearing).
>     // NonFloating: The array access must be pinned below all the checks it depends on. If the check it directly depends
>     //              on with a control input is hoisted, we do hoist the Cast as well. If we allowed the Cast to float,
>     //              we risk that the array access ends up above another check it depends on (we cannot model two control
>     //              dependencies for a node in the IR). This could lead to an out-of-bounds access.
>     // Narrowing: If the Cast does not narrow the input type, then it's safe to remove the cast because the array access
>     //            will be safe.
>     static const DependencyType NonFloatingNarrowing;
> 
>     // Use case example: Sinking nodes out of a loop
>     // Non-Floating & Non-Narrowing: We don't want the Cast that forces the node to be out of loop to be removed in any
>     //                               case. Otherwise, the sunk node could float back into the l...

Thanks for taking it over :-)

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24575#discussion_r2581287358

More information about the hotspot-dev mailing list