JDK-8328470 : [lworld] C2: can_eliminate_allocation() wrongly removes allocation by skipping over phi merging an InlineTypeNode
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: repo-valhalla
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-03-19
  • Updated: 2024-03-25
  • Resolved: 2024-03-25
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
repo-valhallaFixed
Related Reports
Relates :  
JDK-8293541 - [lworld] IR verification fails for TestLWorld::test109_sharp and test110_sharp
Description
PhaseMacroExpand::can_eliminate_allocation() checks if an allocation can be removed. There is some special code for inline types which checks if an InlineTypeNode is only used in flat fields of another InlineTypeNode:

https://github.com/openjdk/valhalla/blob/9b79f47af28ca02f380fd32786a8d3d75d7a1937/src/hotspot/share/opto/macro.cpp#L698-L713

If that is the case, we can eliminate the allocation. If the InlineTypeNode has other usages, we need to continue to check them. However, instead of pushing `use` to the list, we directly push the use `u` of the InlineTypeNode. When re-iterating the while-loop, we continue with the use of `u` and skip processing `u` entirely which could lead to the situation of wrongly removing an allocation which is still required. This can lead to null pointer accesses.

This was discovered after JDK-8293541 which enables more allocations to be checked and removed by can_eliminate_allocation().
Comments
Was fixed by JDK-8325660: https://github.com/openjdk/valhalla/commit/c87311663f926fe63238822234903574cef47211
25-03-2024