1.1 --- a/src/share/vm/opto/parseHelper.cpp Fri Nov 07 09:36:34 2014 -0800
1.2 +++ b/src/share/vm/opto/parseHelper.cpp Mon Nov 10 17:14:59 2014 +0100
1.3 @@ -156,22 +156,43 @@
1.4 int klass_offset = oopDesc::klass_offset_in_bytes();
1.5 Node* p = basic_plus_adr( ary, ary, klass_offset );
1.6 // p's type is array-of-OOPS plus klass_offset
1.7 - Node* array_klass = _gvn.transform( LoadKlassNode::make(_gvn, immutable_memory(), p, TypeInstPtr::KLASS) );
1.8 + Node* array_klass = _gvn.transform(LoadKlassNode::make(_gvn, NULL, immutable_memory(), p, TypeInstPtr::KLASS));
1.9 // Get the array klass
1.10 const TypeKlassPtr *tak = _gvn.type(array_klass)->is_klassptr();
1.11
1.12 - // array_klass's type is generally INexact array-of-oop. Heroically
1.13 - // cast the array klass to EXACT array and uncommon-trap if the cast
1.14 - // fails.
1.15 + // The type of array_klass is usually INexact array-of-oop. Heroically
1.16 + // cast array_klass to EXACT array and uncommon-trap if the cast fails.
1.17 + // Make constant out of the inexact array klass, but use it only if the cast
1.18 + // succeeds.
1.19 bool always_see_exact_class = false;
1.20 if (MonomorphicArrayCheck
1.21 - && !too_many_traps(Deoptimization::Reason_array_check)) {
1.22 + && !too_many_traps(Deoptimization::Reason_array_check)
1.23 + && !tak->klass_is_exact()
1.24 + && tak != TypeKlassPtr::OBJECT) {
1.25 + // Regarding the fourth condition in the if-statement from above:
1.26 + //
1.27 + // If the compiler has determined that the type of array 'ary' (represented
1.28 + // by 'array_klass') is java/lang/Object, the compiler must not assume that
1.29 + // the array 'ary' is monomorphic.
1.30 + //
1.31 + // If 'ary' were of type java/lang/Object, this arraystore would have to fail,
1.32 + // because it is not possible to perform a arraystore into an object that is not
1.33 + // a "proper" array.
1.34 + //
1.35 + // Therefore, let's obtain at runtime the type of 'ary' and check if we can still
1.36 + // successfully perform the store.
1.37 + //
1.38 + // The implementation reasons for the condition are the following:
1.39 + //
1.40 + // java/lang/Object is the superclass of all arrays, but it is represented by the VM
1.41 + // as an InstanceKlass. The checks generated by gen_checkcast() (see below) expect
1.42 + // 'array_klass' to be ObjArrayKlass, which can result in invalid memory accesses.
1.43 + //
1.44 + // See issue JDK-8057622 for details.
1.45 +
1.46 always_see_exact_class = true;
1.47 // (If no MDO at all, hope for the best, until a trap actually occurs.)
1.48 - }
1.49
1.50 - // Is the array klass is exactly its defined type?
1.51 - if (always_see_exact_class && !tak->klass_is_exact()) {
1.52 // Make a constant out of the inexact array klass
1.53 const TypeKlassPtr *extak = tak->cast_to_exactness(true)->is_klassptr();
1.54 Node* con = makecon(extak);
1.55 @@ -202,11 +223,15 @@
1.56 // Extract the array element class
1.57 int element_klass_offset = in_bytes(ObjArrayKlass::element_klass_offset());
1.58 Node *p2 = basic_plus_adr(array_klass, array_klass, element_klass_offset);
1.59 - Node *a_e_klass = _gvn.transform( LoadKlassNode::make(_gvn, immutable_memory(), p2, tak) );
1.60 + // We are allowed to use the constant type only if cast succeeded. If always_see_exact_class is true,
1.61 + // we must set a control edge from the IfTrue node created by the uncommon_trap above to the
1.62 + // LoadKlassNode.
1.63 + Node* a_e_klass = _gvn.transform(LoadKlassNode::make(_gvn, always_see_exact_class ? control() : NULL,
1.64 + immutable_memory(), p2, tak));
1.65
1.66 // Check (the hard way) and throw if not a subklass.
1.67 // Result is ignored, we just need the CFG effects.
1.68 - gen_checkcast( obj, a_e_klass );
1.69 + gen_checkcast(obj, a_e_klass);
1.70 }
1.71
1.72
