8155635: C2: Mixed unsafe accesses break alias analysis

Reviewed-by: kvn

8155635: C2: Mixed unsafe accesses break alias analysis
Reviewed-by: kvn
0bb98b6c · dbuck · 107f519f · 0bb98b6c · 0bb98b6c · 0bb98b6c
5 changed file
--- a/src/share/vm/opto/compile.cpp
+++ b/src/share/vm/opto/compile.cpp
@@ -1680,16 +1680,23 @@ Compile::AliasType* Compile::find_alias_type(const TypePtr* adr_type, bool no_cr
  const TypePtr* flat = flatten_alias_type(adr_type);

 #ifdef ASSERT
-  assert(flat == flatten_alias_type(flat), "idempotent");
-  assert(flat != TypePtr::BOTTOM,     "cannot alias-analyze an untyped ptr");
-  if (flat->isa_oopptr() && !flat->isa_klassptr()) {
-    const TypeOopPtr* foop = flat->is_oopptr();
-    // Scalarizable allocations have exact klass always.
-    bool exact = !foop->klass_is_exact() || foop->is_known_instance();
-    const TypePtr* xoop = foop->cast_to_exactness(exact)->is_ptr();
-    assert(foop == flatten_alias_type(xoop), "exactness must not affect alias type");
-  }
-  assert(flat == flatten_alias_type(flat), "exact bit doesn't matter");
+  {
+    ResourceMark rm;
+    assert(flat == flatten_alias_type(flat),
+           err_msg("not idempotent: adr_type = %s; flat = %s => %s", Type::str(adr_type),
+                   Type::str(flat), Type::str(flatten_alias_type(flat))));
+    assert(flat != TypePtr::BOTTOM,
+           err_msg("cannot alias-analyze an untyped ptr: adr_type = %s", Type::str(adr_type)));
+    if (flat->isa_oopptr() && !flat->isa_klassptr()) {
+      const TypeOopPtr* foop = flat->is_oopptr();
+      // Scalarizable allocations have exact klass always.
+      bool exact = !foop->klass_is_exact() || foop->is_known_instance();
+      const TypePtr* xoop = foop->cast_to_exactness(exact)->is_ptr();
+      assert(foop == flatten_alias_type(xoop),
+             err_msg("exactness must not affect alias type: foop = %s; xoop = %s",
+                     Type::str(foop), Type::str(xoop)));
+    }
+  }
 #endif

  int idx = AliasIdxTop;

--- a/src/share/vm/opto/library_call.cpp
+++ b/src/share/vm/opto/library_call.cpp
 /*
- * Copyright (c) 1999, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -2544,8 +2544,8 @@ const TypeOopPtr* LibraryCallKit::sharpen_unsafe_type(Compile::AliasType* alias_

 #ifndef PRODUCT
    if (C->print_intrinsics() || C->print_inlining()) {
-      tty->print("  from base type: ");  adr_type->dump();
-      tty->print("  sharpened value: ");  tjp->dump();
+      tty->print("  from base type:  ");  adr_type->dump(); tty->cr();
+      tty->print("  sharpened value: ");  tjp->dump();      tty->cr();
    }
 #endif
    // Sharpen the value type.
@@ -2632,6 +2632,9 @@ bool LibraryCallKit::inline_unsafe_access(bool is_native_ptr, bool is_store, Bas

  // Can base be NULL? Otherwise, always on-heap access.
  bool can_access_non_heap = TypePtr::NULL_PTR->higher_equal(_gvn.type(heap_base_oop));
+  if (can_access_non_heap && type == T_OBJECT) {
+    return false; // off-heap oop accesses are not supported
+  }

  const TypePtr *adr_type = _gvn.type(adr)->isa_ptr();

@@ -2776,34 +2779,10 @@ bool LibraryCallKit::inline_unsafe_access(bool is_native_ptr, bool is_store, Bas
    }

    MemNode::MemOrd mo = is_volatile ? MemNode::release : MemNode::unordered;
-    if (type != T_OBJECT ) {
-      (void) store_to_memory(control(), adr, val, type, adr_type, mo, is_volatile, unaligned, mismatched);
+    if (type == T_OBJECT ) {
+      (void) store_oop_to_unknown(control(), heap_base_oop, adr, adr_type, val, type, mo, mismatched);
    } else {
-      // Possibly an oop being stored to Java heap or native memory
-      if (!can_access_non_heap) {
-        // oop to Java heap.
-        (void) store_oop_to_unknown(control(), heap_base_oop, adr, adr_type, val, type, mo, mismatched);
-      } else {
-        // We can't tell at compile time if we are storing in the Java heap or outside
-        // of it. So we need to emit code to conditionally do the proper type of
-        // store.
-
-        IdealKit ideal(this);
-#define __ ideal.
-        // QQQ who knows what probability is here??
-        __ if_then(heap_base_oop, BoolTest::ne, null(), PROB_UNLIKELY(0.999)); {
-          // Sync IdealKit and graphKit.
-          sync_kit(ideal);
-          Node* st = store_oop_to_unknown(control(), heap_base_oop, adr, adr_type, val, type, mo, mismatched);
-          // Update IdealKit memory.
-          __ sync_kit(this);
-        } __ else_(); {
-          __ store(__ ctrl(), adr, val, type, alias_type->index(), mo, is_volatile, mismatched);
-        } __ end_if();
-        // Final sync IdealKit and GraphKit.
-        final_sync(ideal);
-#undef __
-      }
+      (void) store_to_memory(control(), adr, val, type, adr_type, mo, is_volatile, unaligned, mismatched);
    }
  }


--- a/src/share/vm/opto/type.cpp
+++ b/src/share/vm/opto/type.cpp
 /*
- * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -885,6 +885,13 @@ void Type::dump_on(outputStream *st) const {
    st->print(" [narrowklass]");
  }
 }
+
+//-----------------------------------------------------------------------------
+const char* Type::str(const Type* t) {
+  stringStream ss;
+  t->dump_on(&ss);
+  return ss.as_string();
+}
 #endif

 //------------------------------singleton--------------------------------------

--- a/src/share/vm/opto/type.hpp
+++ b/src/share/vm/opto/type.hpp
@@ -358,6 +358,8 @@ public:
  }
  virtual void dump2( Dict &d, uint depth, outputStream *st ) const;
  static  void dump_stats();
+
+  static const char* str(const Type* t);
 #endif
  void typerr(const Type *t) const; // Mixing types error


--- a/test/compiler/unsafe/MixedUnsafeStoreObject.java
+++ b/test/compiler/unsafe/MixedUnsafeStoreObject.java
+/*
+ * Copyright (c) 2016, 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8155635
+ * @library /testlibrary
+ * @run main/othervm -XX:+IgnoreUnrecognizedVMOptions -Xbatch -XX:-TieredCompilation compiler.unsafe.MixedUnsafeStoreObject
+ * @run main/othervm -Xbatch compiler.unsafe.MixedUnsafeStoreObject
+ * @comment Testcase currently only known to reproduce when run with -XX:+UseG1GC.
+ */
+
+package compiler.unsafe;
+
+import sun.misc.Unsafe;
+
+import com.oracle.java.testlibrary.Utils;
+
+public class MixedUnsafeStoreObject {
+    static final Unsafe UNSAFE = Utils.getUnsafe();
+
+    static final long F_OFFSET;
+
+    static {
+        try {
+            F_OFFSET = UNSAFE.objectFieldOffset(T.class.getDeclaredField("f"));
+        } catch (Exception e) {
+            throw new Error(e);
+        }
+    }
+
+    static class T {
+        Object f;
+    }
+
+    public static void testFieldInstanceObject(Object t) {
+        for (int c = 0; c < 20000; c++) { // trigger OSR compilation
+            // java/lang/Object+12 *
+            // _base = InstPtr, _ptr = BotPTR, _field = NULL, mismatched = true
+            UNSAFE.putObject(t, F_OFFSET, "foo");
+        }
+    }
+
+    public static void testFieldInstanceT(T t) {
+        for (int c = 0; c < 20000; c++) { // trigger OSR compilation
+            // ...$T+12 *
+            // _base = InstPtr, _ptr = BotPTR, _field = T.f, mismatched = false
+            UNSAFE.putObject(t, F_OFFSET, "foo");
+        }
+    }
+    public static void main(String[] args) {
+        testFieldInstanceObject(new T());
+        testFieldInstanceT(new T());
+    }
+}
+