Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

8345250: [lworld] C2: Array loads and stores on inexact flat arrays cause crashes #1314

Closed
wants to merge 3 commits into from
+388 −158
Closed

8345250: [lworld] C2: Array loads and stores on inexact flat arrays cause crashes #1314

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cbd5a60
8345250: [lworld] C2: Array loads and stores on inexact flat arrays c…
chhagedorn Dec 3, 2024
95fc9c7
Fix null free
chhagedorn Dec 6, 2024
e1266f8
review comments
chhagedorn Dec 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 18 additions & 16 deletions src/hotspot/share/ci/ciArrayKlass.cpp
View file
Original file line number Diff line number Diff line change
@@ -105,23 +105,25 @@ bool ciArrayKlass::is_leaf_type() {
ciArrayKlass* ciArrayKlass::make(ciType* element_type, bool null_free) {
if (element_type->is_primitive_type()) {
return ciTypeArrayKlass::make(element_type->basic_type());
} else {
ciKlass* klass = element_type->as_klass();
if (null_free && klass->is_loaded()) {
GUARDED_VM_ENTRY(
EXCEPTION_CONTEXT;
Klass* ak = InlineKlass::cast(klass->get_Klass())->value_array_klass(THREAD);
if (HAS_PENDING_EXCEPTION) {
CLEAR_PENDING_EXCEPTION;
} else if (ak->is_flatArray_klass()) {
return CURRENT_THREAD_ENV->get_flat_array_klass(ak);
} else if (ak->is_objArray_klass()) {
return CURRENT_THREAD_ENV->get_obj_array_klass(ak);
}
)
}
return ciObjArrayKlass::make(klass);
}

ciKlass* klass = element_type->as_klass();
assert(!null_free || !klass->is_loaded() || klass->is_inlinetype() || klass->is_abstract() ||
klass->is_java_lang_Object(), "only value classes are null free");
if (null_free && klass->is_loaded() && klass->is_inlinetype()) {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added klass->is_inlinetype() to be able to get the InlineKlass.

GUARDED_VM_ENTRY(
EXCEPTION_CONTEXT;
Klass* ak = InlineKlass::cast(klass->get_Klass())->value_array_klass(THREAD);
if (HAS_PENDING_EXCEPTION) {
CLEAR_PENDING_EXCEPTION;
} else if (ak->is_flatArray_klass()) {
return CURRENT_THREAD_ENV->get_flat_array_klass(ak);
} else if (ak->is_objArray_klass()) {
return CURRENT_THREAD_ENV->get_obj_array_klass(ak);
}
)
}
return ciObjArrayKlass::make(klass);
}

int ciArrayKlass::array_header_in_bytes() {
15 changes: 13 additions & 2 deletions src/hotspot/share/opto/graphKit.cpp
View file
Original file line number Diff line number Diff line change
@@ -1835,7 +1835,18 @@ void GraphKit::access_clone(Node* src, Node* dst, Node* size, bool is_array) {
Node* GraphKit::array_element_address(Node* ary, Node* idx, BasicType elembt,
const TypeInt* sizetype, Node* ctrl) {
const TypeAryPtr* arytype = _gvn.type(ary)->is_aryptr();
uint shift = arytype->is_flat() ? arytype->flat_log_elem_size() : exact_log2(type2aelembytes(elembt));
assert(!arytype->is_flat() || elembt == T_OBJECT, "element type of flat arrays are T_OBJECT");
uint shift;
if (arytype->is_flat() && arytype->klass_is_exact()) {
// We can only determine the flat array layout statically if the klass is exact. Otherwise, we could have different
// value classes at runtime with a potentially different layout. The caller needs to fall back to call
// load/store_unknown_inline_Type() at runtime. We could return a sentinel node for the non-exact case but that
// might mess with other GVN transformations in between. Thus, we just continue in the else branch normally, even
// though we don't need the address node in this case and throw it away again.
shift = arytype->flat_log_elem_size();
} else {
shift = exact_log2(type2aelembytes(elembt));
}
uint header = arrayOopDesc::base_offset_in_bytes(elembt);

// short-circuit a common case (saves lots of confusing waste motion)
@@ -3493,7 +3504,7 @@ Node* GraphKit::gen_checkcast(Node *obj, Node* superklass, Node* *failure_contro
const TypeKlassPtr* improved_klass_ptr_type = klass_ptr_type->try_improve();
const TypeOopPtr* toop = improved_klass_ptr_type->cast_to_exactness(false)->as_instance_type();
bool safe_for_replace = (failure_control == nullptr);
assert(!null_free || toop->is_inlinetypeptr(), "must be an inline type pointer");
assert(!null_free || toop->can_be_inline_type(), "must be an inline type pointer");
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we pass now null_free == true for inexact inline types, is_inlinetypeptr() is false (only true for concrete value classes). can_be_inline_type() is the next better thing we could check.


// Fast cutout: Check the case that the cast is vacuously true.
// This detects the common cases where the test will short-circuit
2 changes: 2 additions & 0 deletions src/hotspot/share/opto/parse.hpp
View file
Original file line number Diff line number Diff line change
@@ -494,8 +494,10 @@ class Parse : public GraphKit {
Node* array_store_check(Node*& adr, const Type*& elemtype);
// Helper function to generate array load
void array_load(BasicType etype);
Node* load_from_unknown_flat_array(Node* array, Node* array_index, const TypeOopPtr* element_ptr);
// Helper function to generate array store
void array_store(BasicType etype);
void store_to_unknown_flat_array(Node* array, Node* idx, Node* non_null_stored_value);
// Helper function to compute array addressing
Node* array_addressing(BasicType type, int vals, const Type*& elemtype);
bool needs_range_check(const TypeInt* size_type, const Node* index) const;
Loading