RFR(XS): 8066775 opto/node.hpp:355, assert(i < _max) failed: oob: i=1, _max=1

Roland Westrelin roland.westrelin at oracle.com
Mon Dec 8 15:29:57 UTC 2014

Hi David,

Thanks for taking a look at this.

>> http://cr.openjdk.java.net/~roland/8066775/webrev.00/
>> Another follow up from "8054478 C2: Incorrectly compiled char[] array access crashes JVM”
>> The part of the graph where the CastII becomes dead and the CastII's control is an IfTrue projection with input top. 
> It looks plausible to me, but I was surprised that it was not immediately evident from the
> (other) source code that the clause in the "if" would make the assertion necessarily be true.
> (could it be something other than IfFalse or IfTrue?  I'm a bit more suspicious of "obvious"
> assumptions after a recent other bug.)
> if (in(0) != NULL && in(0)->in(0) != NULL && in(0)->in(0)->is_If()) {
>       assert(in(0)->is_IfFalse() || in(0)->is_IfTrue(), "should be If proj”);

FWIW, I reproduced the bug, observed that we indeed have CastII->IfTrue->top and that the bug goes away with the change.
As I understand, you’re puzzled that we didn’t notice that that code was a problem before?
For that problem to happen, nodes need to be processed by the IGVN in a specific order: the IfNode must become dead first then CastII is processed and finally the If projection is processed and goes dead. I assume, most of the time, the nodes are processed in the obvious order IfNode first, then If projection then CastII.


More information about the hotspot-compiler-dev mailing list