JDK-8341023 : Check uses of preallocated type constants like TypePtr::BOTTOM
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 24
  • Priority: P4
  • Status: Open
  • Resolution: Unresolved
  • Submitted: 2024-09-26
  • Updated: 2024-11-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdUnresolved
Related Reports
Relates :  
JDK-8320308 - C2 compilation crashes in LibraryCallKit::inline_unsafe_access
Description
In `LibraryCallKit::inline_unsafe_access()`, we encountered an issue where speculative types, hidden behind `CheckCastPP` nodes, prevented the correct classification of null pointers. While we resolved this specific case by using `base->uncast()` in `LibraryCallKit::classify_unsafe_addr()`, there may be additional cases where speculative types interfere with exact comparisons against preallocated type constants.

Exact pointer comparisons involving speculative types can yield incorrect results, especially when comparing against constants like `TypePtr::BOTTOM`, `TypePtr::NOTNULL`, and others.

For example, a comparison such as:
```cpp
TypePtr::NOTNULL == ptr
```
may fail if `ptr` contains speculative information (propagated through nodes like `CheckCastPP`), leading to incorrect behavior or even the generation of dead code. This issue is not limited to `LibraryCallKit::classify_unsafe_addr()` but could impact multiple areas in the codebase where preallocated types are compared against speculative types using pointer equality.

A common scenario would be a base pointer carrying speculative type information, which may not match `TypePtr::NULL_PTR`, even if the pointer represents a null value.

**Suggested Fix**:  
Review all uses of preallocated type constants (e.g., `TypePtr::BOTTOM`, `TypePtr::NOTNULL`, etc.) and ensure that comparisons with speculative types are handled correctly. Introducing `uncast()` or similar speculative stripping mechanisms where necessary can help mitigate these issues and prevent the generation of incorrect or dead code.
Comments
ILW = Potential problems with speculative types leading to crashes, not observed, no workaround = MLH = P4
27-09-2024