8374783: C2 compilation asserts with "slice of address and input slice don't match"#31500
8374783: C2 compilation asserts with "slice of address and input slice don't match"#31500robcasloz wants to merge 10 commits into
Conversation
|
👋 Welcome back rcastanedalo! A progress list of the required criteria for merging this PR into |
|
❗ This change is not yet ready to be integrated. |
|
@robcasloz The following labels will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing lists. If you would like to change these labels, use the /label pull request command. |
|
The total number of required reviews for this PR has been set to 2 based on the presence of this label: |
robcasloz
force-pushed
the
JDK-8374783-slices-do-not-match-selective-cleanup
branch
from
52ad24a to
aca441c
Compare
|
/label remove core-libs,hotspot |
|
@robcasloz The |
|
/label add hotspot-compiler |
|
@robcasloz |
Webrevs
|
|
I think this does not cover all the cases. What if we have an |
Thanks Quan, I have not found any case where discovering the base address type after late inlining triggers this issue, because there seems to always be some casting that blocks the reuse of the unsafe load's AddP node by the subsequent memory access. I have added a test case illustrating this scenario (commit e6bde69), here is how the addresses look like when the second memory access ( 
I have done some fuzzing to try to find some variant of this case where both AddP nodes can be unified but could not find any. Let me know if you had a different scenario in mind. |
|
I just added yet another test variant using an array instead of a class instance (commit c605fa2). In this case, no slice mismatch occurs either, because both the offset-known and unknown address types map to the same memory slice. Even thought it is not strictly necessary, the changeset enforces a cleanup between the incremental inlining steps in this case as well. |
iwanowww
left a comment
iwanowww
left a comment
There was a problem hiding this comment.
Overall, looks reasonable, but I'm not persuaded yet the base case is not affected in a similar manner (Object -> A transition during late inlining).
As an alternative way to fix the problem, the result can be wrapped into an Opaque flavor which vanished during the very first IGVN pass. In general, it would provoke fewer cleanup passes and can be applied in broader than strictly required scenarios (if it turns out it's tricky to detect affected cases).
| // memory slice corresponding to *any* field of a class K is not the same as | ||
| // the slice corresponding to a specific field of K. This mismatch can in | ||
| // its turn lead to e.g. incorrect memory graphs. | ||
| if (C->inlining_incrementally() && |
There was a problem hiding this comment.
Is C->inlining_incrementally() == true? It's CallGenerator::do_late_inline_helper() after all.
| // the slice corresponding to a specific field of K. This mismatch can in | ||
| // its turn lead to e.g. incorrect memory graphs. | ||
| if (C->inlining_incrementally() && | ||
| !result->is_top() && result->is_Con() && result->bottom_type()->isa_intptr_t()) { |
There was a problem hiding this comment.
isa_intptr_t() looks fishy. I don't see how it depends on bitness. It originates from byte codes where sizes are explicit and hard-coded (Java int vs long).
What about cases involving int->long casts? Does it catch them?
| @@ -729,6 +729,27 @@ void CallGenerator::do_late_inline_helper() { | |||
| } | |||
| C->set_inlining_progress(true); | |||
| C->set_do_cleanup(kit.stopped()); // path is dead; needs cleanup | |||
There was a problem hiding this comment.
I suggest to extract the code into a helper method (e.g., needs_cleanup) and call it from here (C->set_do_cleanup(needs_cleanup(...));)
3 participants
This changeset forces an incremental inlining cleanup whenever an incrementally inlined call exposes an address where the offset becomes constant. This is necessary to prevent slice mismatches when parsing subsequent accesses to the address due to outdated IGVN-recorded address type information, see more details in the JBS issue. If not prevented, such mismatches can lead to e.g. incorrect memory graphs, as illustrated in the included test file.
This solution is the most effective and least intrusive one among a few evaluated options, see JBS issue.
Testing
applications/ctw/modules/jdk_jpackage.java)Thanks to @iwanowww for useful discussions and suggestions!
Progress
Issue
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/31500/head:pull/31500$ git checkout pull/31500Update a local copy of the PR:
$ git checkout pull/31500$ git pull https://git.openjdk.org/jdk.git pull/31500/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 31500View PR using the GUI difftool:
$ git pr show -t 31500Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/31500.diff
Using Webrev
Link to Webrev Comment