8134883: C1 hard crash in range check elimination in Nashorn test262parallel
Summary: C1's range check elimination breaks with a non-natural loop that has an exception handler as one entry
Reviewed-by: iveresov
--- a/hotspot/src/share/vm/c1/c1_IR.cpp Mon Dec 07 15:00:46 2015 +0000
+++ b/hotspot/src/share/vm/c1/c1_IR.cpp Wed Dec 02 15:13:42 2015 +0100
@@ -579,11 +579,8 @@
assert(is_visited(cur), "block must be visisted when block is active");
assert(parent != NULL, "must have parent");
- cur->set(BlockBegin::linear_scan_loop_header_flag);
cur->set(BlockBegin::backward_branch_target_flag);
- parent->set(BlockBegin::linear_scan_loop_end_flag);
-
// When a loop header is also the start of an exception handler, then the backward branch is
// an exception edge. Because such edges are usually critical edges which cannot be split, the
// loop must be excluded here from processing.
@@ -592,6 +589,10 @@
_iterative_dominators = true;
return;
}
+
+ cur->set(BlockBegin::linear_scan_loop_header_flag);
+ parent->set(BlockBegin::linear_scan_loop_end_flag);
+
assert(parent->number_of_sux() == 1 && parent->sux_at(0) == cur,
"loop end blocks must have one successor (critical edges are split)");
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/rangechecks/TestRangeCheckExceptionHandlerLoop.jasm Wed Dec 02 15:13:42 2015 +0100
@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+super public class TestRangeCheckExceptionHandlerLoop
+ version 51:0
+{
+
+
+public Method "<init>":"()V"
+ stack 1 locals 1
+{
+ aload_0;
+ invokespecial Method java/lang/Object."<init>":"()V";
+ return;
+}
+
+/* This method has an irreducible loop, with 2 entries, one is the exception handler
+
+ static void test(boolean flag, int[] array, Exception exception) throws Exception {
+ int i = 0;
+ if (flag) {
+ try {
+ throw exception;
+ } catch(Exception e) {
+ array[i] = 0;
+ i++;
+ }
+ }
+ if (i < 10) {
+ throw exception; // caught by exception handler above as well
+ }
+ }
+*/
+public static Method test:"(Z[ILjava/lang/Exception;)V"
+ throws java/lang/Exception
+ stack 3 locals 5
+{
+ iconst_0;
+ istore_3;
+ iload_0;
+ ifeq L17;
+ try t0;
+ aload_2;
+ athrow;
+ endtry t0;
+ catch t0 java/lang/Exception;
+ catch t1 java/lang/Exception;
+ stack_frame_type full;
+ locals_map int, class "[I", class java/lang/Exception, int;
+ stack_map class java/lang/Exception;
+ astore 4;
+ aload_1;
+ iload_3;
+ iconst_0;
+ iastore;
+ iinc 3, 1;
+ L17: stack_frame_type same;
+ iload_3;
+ bipush 10;
+ if_icmpge L25;
+ try t1;
+ aload_2;
+ athrow;
+ endtry t1;
+ L25: stack_frame_type same;
+ return;
+}
+} // end Class TestRangeCheckExceptionHandlerLoop
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/rangechecks/TestRangeCheckExceptionHandlerLoopMain.java Wed Dec 02 15:13:42 2015 +0100
@@ -0,0 +1,41 @@
+/*
+ * Copyright (c) 2015, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 8134883
+ * @summary C1's range check elimination breaks with a non-natural loop that an exception handler as one entry
+ * @compile TestRangeCheckExceptionHandlerLoop.jasm
+ * @run main/othervm -XX:-BackgroundCompilation -XX:-UseOnStackReplacement TestRangeCheckExceptionHandlerLoopMain
+ */
+
+public class TestRangeCheckExceptionHandlerLoopMain {
+ public static void main(String[] args) throws Exception {
+ Exception exception = new Exception();
+ int[] array = new int[10];
+ for (int i = 0; i < 20000; i++) {
+ TestRangeCheckExceptionHandlerLoop.test(false, array, exception);
+ }
+ }
+}