RFR: 8354282: C2: more crashes in compiled code because of dependency on removed range check CastIIs [v8]

Roland Westrelin roland at openjdk.org
Fri Dec 5 14:05:09 UTC 2025 

On Tue, 2 Dec 2025 17:32:09 GMT, Quan Anh Mai <qamai at openjdk.org> wrote:

>> Roland Westrelin has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains 17 commits:
>> 
>>  - Merge branch 'master' into JDK-8354282
>>  - whitespace
>>  - review
>>  - review
>>  - Update src/hotspot/share/opto/castnode.cpp
>>    
>>    Co-authored-by: Christian Hagedorn <christian.hagedorn at oracle.com>
>>  - Update src/hotspot/share/opto/castnode.cpp
>>    
>>    Co-authored-by: Christian Hagedorn <christian.hagedorn at oracle.com>
>>  - Update src/hotspot/share/opto/castnode.cpp
>>    
>>    Co-authored-by: Christian Hagedorn <christian.hagedorn at oracle.com>
>>  - Update test/hotspot/jtreg/compiler/c2/irTests/TestPushAddThruCast.java
>>    
>>    Co-authored-by: Christian Hagedorn <christian.hagedorn at oracle.com>
>>  - review
>>  - review
>>  - ... and 7 more: https://git.openjdk.org/jdk/compare/ef5e744a...93b8b0c5
>
> src/hotspot/share/opto/castnode.hpp line 105:
> 
>> 103:     // All the possible combinations of floating/narrowing with example use cases:
>> 104: 
>> 105:     // Use case example: Range Check CastII
> 
> I believe this is incorrect, a range check should be floating non-narrowing. It is only narrowing if the length of the array is a constant. It is because this cast encodes the dependency on the condition `index u< length`. This condition cannot be expressed in terms of `Type` unless `length` is a constant.

Range check `CastII` were added to protect the `ConvI2L` in the address expression on 64 bits. The problem there was, in some cases, that the `ConvI2L` would float above the range check (because `ConvI2L` has no control input) and could end up with an out of range input (which in turn would cause the `ConvI2L` to become `top` in places where it wasn't expected).
So `CastII` doesn't carry the control dependency of an array access on its range check. That dependency is carried by the `MemNode` which has its control input set to the range check.
What you're saying, if I understand it correctly, would be true if the `CastII` was required to prevent an array `Load` from floating. But that's not the case.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/24575#discussion_r2592801401

More information about the shenandoah-dev mailing list