JDK-8299546 : C2: MulLNode::mul_ring() wrongly returns bottom type due to casting errors with large numbers
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8,11,17,19,20,21
  • Priority: P4
  • Status: In Progress
  • Resolution: Unresolved
  • Submitted: 2023-01-03
  • Updated: 2023-01-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21
21Unresolved
Description
This was found by fuzzing (hitting the assert "Missed optimization opportunity in PhaseCCP") when multiplying two longs resulting in a large number. The current logic in MulLNode::mul_ring() tries to cast the longs to doubles to check for overflows. However, when the product is too large (but still small enough to not overflow the 64-bit long range), we could get precision errors and wrongly bottom type even though there is no overflow. This should be fixed.

Moreover, the code in MulLNode::mul_ring() is very similar to MulINode::mul_ring() and should be shared.

Reproduce original fuzzer test:
$ java -XX:-TieredCompilation  -XX:+StressCCP -XX:+StressIGVN -XX:StressSeed=1110788490 -Xcomp -XX:CompileOnly=Test Test.java
$ java -XX:-TieredCompilation  -Xcomp -XX:CompileOnly=Reduced -XX:CompileCommand=dontinline,*::* Reduced.java
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/11907 Date: 2023-01-09 16:19:46 +0000
09-01-2023
ILW = Imprecise type information leading to missed optimization opportunities and could hit assertion in CCP verification code, rare, no workaround = MLH = P4
03-01-2023