[9] RFR (XS): 8155635: C2: assert(flat != TypePtr::BOTTOM) failed: cannot alias-analyze an untyped ptr

Vladimir Ivanov vladimir.x.ivanov at oracle.com
Sat Apr 30 00:24:48 UTC 2016

Thanks for the feedback, Vladimir.

On 4/30/16 2:39 AM, Vladimir Kozlov wrote:
> I am not comfortable with this fix. You may replace in(Base) != NULL
> with TOP.
Do you see any cases when it is possible?
I don't see any sense in an absolute address with a valid heap base.

I can check that in(Base) == in(Address) == NULL. It will fix the 
problem as well.

> Also it should not be RAW pointer (TOP as Base) if it is created by
> graph transformation from normal oop pointer.
> I think we should track which pointers are really RAW when creating them.
> Can you explain why we have such graph shape where we access memory
> after a merge point and on one merged path has NULL as pointer to
> object. There should be NULL check after merge before memory access in
> such case.
It's not necessarily a normal oop pointer. Double-register addressing 
mode is the source of such shapes. Consider the following example:

   Object o = (flag ? INSTANCE : null);
   long off = (flag ? F_OFFSET : ADDR);
   UNSAFE.getLong(o, off);

is translated into:

   LoadL mem (AddP (Phi #NULL #NonNull) off)

If such AddP is split through the Phi, it turns into (AddP #NULL #NULL 
off) and (AddP #NonNull #NonNull off). The former is untyped and causes 
problems later.

What I can't replicate is how X-shaped control flow eligible for SplitIf 
transformation is produced.

In the failing case, initial null & exact type checks of an oop local 
(on OSR entry) merge into redundant X-shaped block. Unsafe accesses uses 
the local as a base later.

Best regards,
Vladimir Ivanov

> On 4/29/16 4:11 PM, Vladimir Ivanov wrote:
>> http://cr.openjdk.java.net/~vlivanov/8155635/webrev.00/
>> https://bugs.openjdk.java.net/browse/JDK-8155635
>> SplitIf transformation can produce untyped pointers when slitting AddP
>> nodes for unsafe accesses through a Phi which
>> merges non-null & null values:
>>     AddP ... (Phi (ConP #NULL) (CheckCastPP Oop:...:NotNull))
>> Proposed fix is to enable oop pointer to raw pointer conversion for
>> absolute addresses.
>> I also experimented with blocking SplitIf transformation is such
>> cases, but the transformation seems viable and
>> considerably simplifies the graph: X-shaped control flow is untangled
>> by eliminating redundant and the transformation
>> sharpens types on both branches.
>> I checked specifically how Phi merges raw & oop pointers after the
>> split and it works fine.
>> Testing: failing test, JPRT, RBT (hs-tier0-comp.js).
>> Thanks!
>> Best regards,
>> Vladimir Ivanov
>> PS: though AddP (Phi #NULL #NotNull) shape is common, I wasn't able to
>> write a simplified test case which triggers
>> SplitIf transformation.

More information about the hotspot-compiler-dev mailing list