[9] RFR(S): 8150804: C2 Compilation fails with assert(_base >= OopPtr && _base <= AryPtr) failed: Not a Java pointer
Tobias Hartmann
tobias.hartmann at oracle.com
Fri Mar 11 15:40:04 UTC 2016
Hi,
please review the following patch.
https://bugs.openjdk.java.net/browse/JDK-8150804
http://cr.openjdk.java.net/~thartmann/8150804/webrev.00/
We fail in Compile::Process_OopMap_Node() while processing monitors of a safepoint node because the monitor object is TOP. The crash is rare but reproduces with my regression test. The problem is the elimination of Phi nodes with a unique input which was broken by the fixes for JDK-8139771 [1] and JDK-8146999 [2].
Here are the details (for context, see 'TestPhiElimination.java'):
A::get() is inlined into test(obj) producing the following graph:
Parm (obj)
TestPhiElimination
|
CastPP
TestPhiElimination:NotNull
|
CheckCastPP
A:NotNull
/ \
CheckCastPP |
A:NotNull |
\ /
Phi
A
|
Safepoint
https://bugs.openjdk.java.net/secure/attachment/57820/before_ideal.png
PhiNode::ideal() then replaces the Phi by a CheckCastPP because it has a unique input (see PhiNode::unique_input()):
Parm (obj)
TestPhiElimination
|
CheckCastPP
A
|
Safepoint
https://bugs.openjdk.java.net/secure/attachment/57821/after_ideal.png
We completely lose the NotNull information provided by the CastPP. Therefore, we cannot prove that obj != null when accessing a field of obj and add an uncommon trap. Obj is also used as a monitor (A::get() is synchronized) and set to TOP in the uncommon trap branch. We are never able to prove that the null branch is not reachable and later fail when emitting code in Process_OopMap_Node because the monitor object is still TOP.
Before the fix for JDK-8139771, we had a check to verify that the type of the unique (uncasted) input is "at least as good" as the type of the PhiNode:
phase->type(uncasted_input)->higher_equal(type()))
http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/9e17d9e4b59f#l4.79
Re-adding this check, fixes the problem. However, I'm concerned that this check is not strong enough. For example, in the case where the type of the PhiNode is Object:
Parm (obj)
TestPhiElimination
|
CastPP
TestPhiElimination:NotNull
|
CheckCastPP
A:NotNull
/ \
CheckCastPP |
A:NotNull |
\ /
Phi
Object
We would still replace the Phi because TestPhiElimination->higher_equal(Object) and again lose the NotNull information. I therefore added a slightly stronger check that also checks the types in-between. I had to remove the assert that Roland added.
What do you think?
Thanks,
Tobias
[1] https://bugs.openjdk.java.net/browse/JDK-8139771
[1] https://bugs.openjdk.java.net/browse/JDK-8146999
More information about the hotspot-compiler-dev
mailing list