[9] RFR (S): 8134918: C2: Type speculation produces mismatched unsafe accesses

Vladimir Ivanov vladimir.x.ivanov at oracle.com
Thu Apr 14 16:53:22 UTC 2016


Type speculation can produce mismatched unsafe accesses.

It injects a guard based on profile data and then propagate type info 
down to the users. If there's an unsafe access, it can become mismatched 
w.r.t. profile data being used.

It happens even for valid usages. If an unsafe access always matches 
memory location at runtime, the code produced by type speculation in 
that case is effectively dead.

What cause problems are unsafe OOP accesses (U.putObject()/getObject() 
on non-OOP locations).

The fix is to avoid intrinsification of problematic accesses. Type 
speculation injects precise type information, which is available during 

We could try to support mismatched unsafe object accesses instead, but I 
don't see any value in that.

Testing: JPRT, pit-hs-comp (in progress).


Best regards,
Vladimir Ivanov

More information about the hotspot-compiler-dev mailing list