8362117: C2: compiler/stringopts/TestStackedConcatsAppendUncommonTrap.java fails with a wrong result due to invalidated liveness assumptions for data phis #27028
Conversation
|
👋 Welcome back dskantz! A progress list of the required criteria for merging this PR into |
|
❗ This change is not yet ready to be integrated. |
|
@danielogh The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
openjdk
bot
added
hotspot-compiler
Webrevs
|
| @@ -1062,6 +1067,29 @@ bool StringConcat::validate_control_flow() { | |||
| // XXX should check for possibly merging stores. simple data merges are ok. | |||
| // The IGVN will make this simple diamond go away when it | |||
| // transforms the Region. Make sure it sees it. | |||
|
|
|||
| // First exclude the following pattern: | |||
| // append -> Phi -> Region -> (True, False) -> If -> Bool -> CmpP -> Proj (Result) -> toString; | |||
There was a problem hiding this comment.
2 things:
- I was a bit confused about the
->directionality. Just to confirm:toStringhappens first, then the if-diamond, then the append, right? If yes: I would have reversed the order here. Then again, I'm not super familiar with string opts, so maybe the convention is different here than elsewhere. - Are you sure this can only happen with diamonds? What about nested diamonds?
There was a problem hiding this comment.
Ah I see the condition above already checks that it can only be a diamond.
| static String f() { | ||
| String s = "a"; | ||
| s = new StringBuilder().append(s).append(s).toString(); | ||
| s = new StringBuilder().append(s).append((s == "xx") ? s : "aa").toString(); | ||
| Asserts.assertEQ(s, "aaaa"); // in particular, we should not have s.equals("aaxx"). | ||
| return s; | ||
| } | ||
| } |
There was a problem hiding this comment.
I wonder if we could write some kind of StringBuilder fuzzer. Not saying it has to happen as part of this fix. But it seems we have issues with very similar patterns. And they seem quite basic: chains, diamonds, etc.
Would probably not be too hard to use the template framework to generate some random shapes, and verify the result the compiled code gives vs the interpreter.
There was a problem hiding this comment.
I think this is a good idea for sure.
|
@danielogh Thanks for working on this!
|
| @@ -1062,6 +1067,29 @@ bool StringConcat::validate_control_flow() { | |||
| // XXX should check for possibly merging stores. simple data merges are ok. | |||
| // The IGVN will make this simple diamond go away when it | |||
| // transforms the Region. Make sure it sees it. | |||
|
|
|||
| // First exclude the following pattern: | |||
| // append -> Phi -> Region -> (True, False) -> If -> Bool -> CmpP -> Proj (Result) -> toString; | |||
There was a problem hiding this comment.
Ah I see the condition above already checks that it can only be a diamond.
| Node* v1 = ptr->in(1)->in(0)->in(1)->in(1)->in(1); | ||
| Node* v2 = ptr->in(1)->in(0)->in(1)->in(1)->in(2); |
There was a problem hiding this comment.
You may want to use some intermediate results and give them names.
For example:
Node* iff = ptr->in(1)->in(0)
You seem to make an assumption that the input of the bool is a cmp, right? Did you check that? Or is it somehow guaranteed? What if in some edge-case of an edge-case it is something else that has only one input? Could that happen?
There was a problem hiding this comment.
I'm not sure if there is a guarantee, but it appears to be a pre-existing assumption that is asserted later in eliminate_unneeded_control:
jdk/src/hotspot/share/opto/stringopts.cpp
Line 268 in b06459d
|
This seems to be missing the root cause of the problem. From what I can tell, we have two string concats here, with the 2nd dependent on the first. But we incorrectly decide to coalesce them into a single concat, which then causes havoc when eliminate_unneeded_control() starts nuking edges without regard for the dependency. |
|
Hmm, I see now that validate_control_flow() does limit coalescing, but I'm worried that the pattern matching may not catch all problematic cases. |
|
Yes, |
This PR addresses a wrong compilation during string optimizations.
During stacked string concatenation of two StringBuilder links SB1 and SB2, the pattern "append -> Phi -> Region -> (True, False) -> If -> Bool -> CmpP -> Proj (Result) -> toString" may be observed, where toString is the end of SB1, and the simple diamond is part of SB2.
After JDK-8291775, the Bool test to the diamond If is set to a constant zero to allow for folding the simple diamond away during IGVN, while not letting the top() value from the result projection of SB1 propagate through the graph too quickly. The assumption was that any data Phi of the Region would go away during PhaseRemoveUseless as they are no longer live -- I think that in the case of JDK-8291775, the user of phi was the constructor of SB2. However, in the attached test case, the Phi stays live as it's a parameter (input to an append) of SB2 and will be used during the transformation in
copy_string. When the diamond region is later folded, the Phi's user picks up the wrong input corresponding to the false branch.The proposed solution is to disable the stacked concatenation optimization for this specific pattern. This might be pragmatic as it's an edge case and there's already a bug tail: JDK-8271341-> JDK-8291775 -> JDK-8362117.
Testing: T1-3 (aed5952).
Extra testing: ran T1-3 on Linux with an instrumented build and verified that the pattern I am excluding in this PR is not seen during any other compilation than that of the proposed regression test.
Progress
Issue
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27028/head:pull/27028$ git checkout pull/27028Update a local copy of the PR:
$ git checkout pull/27028$ git pull https://git.openjdk.org/jdk.git pull/27028/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 27028View PR using the GUI difftool:
$ git pr show -t 27028Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27028.diff
Using Webrev
Link to Webrev Comment