8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type

Vladimir Ivanov · Vladimir Ivanov · commit c7bc0f7a12d1 · 2019-12-03T20:13:16.000+03:00
Reviewed-by: kvn, thartmann
diff --git a/src/hotspot/share/opto/type.cpp b/src/hotspot/share/opto/type.cpp
@@ -4104,32 +4104,22 @@ const TypeOopPtr *TypeAryPtr::cast_to_nonconst() const {
 }
 
 
-//-----------------------------narrow_size_type-------------------------------
-// Local cache for arrayOopDesc::max_array_length(etype),
-// which is kind of slow (and cached elsewhere by other users).
-static jint max_array_length_cache[T_CONFLICT+1];
-static jint max_array_length(BasicType etype) {
-  jint& cache = max_array_length_cache[etype];
-  jint res = cache;
-  if (res == 0) {
-    switch (etype) {
-    case T_NARROWOOP:
+//-----------------------------max_array_length-------------------------------
+// A wrapper around arrayOopDesc::max_array_length(etype) with some input normalization.
+jint TypeAryPtr::max_array_length(BasicType etype) {
+  if (!is_java_primitive(etype) && !is_reference_type(etype)) {
+    if (etype == T_NARROWOOP) {
       etype = T_OBJECT;
-      break;
-    case T_NARROWKLASS:
-    case T_CONFLICT:
-    case T_ILLEGAL:
-    case T_VOID:
-      etype = T_BYTE;           // will produce conservatively high value
-      break;
-    default:
-      break;
+    } else if (etype == T_ILLEGAL) { // bottom[]
+      etype = T_BYTE; // will produce conservatively high value
+    } else {
+      fatal("not an element type: %s", type2name(etype));
     }
-    cache = res = arrayOopDesc::max_array_length(etype);
   }
-  return res;
+  return arrayOopDesc::max_array_length(etype);
 }
 
+//-----------------------------narrow_size_type-------------------------------
 // Narrow the given size type to the index range for the given array base type.
 // Return NULL if the resulting int type becomes empty.
 const TypeInt* TypeAryPtr::narrow_size_type(const TypeInt* size) const {
diff --git a/src/hotspot/share/opto/type.hpp b/src/hotspot/share/opto/type.hpp
@@ -455,7 +455,6 @@ class Type {
 
 private:
   // support arrays
-  static const BasicType _basic_type[];
   static const Type*        _zero_type[T_CONFLICT+1];
   static const Type* _const_basic_type[T_CONFLICT+1];
 };
@@ -1225,6 +1224,8 @@ class TypeAryPtr : public TypeOopPtr {
 
   const TypeAryPtr* cast_to_autobox_cache(bool cache) const;
 
+  static jint max_array_length(BasicType etype) ;
+
   // Convenience common pre-built types.
   static const TypeAryPtr *RANGE;
   static const TypeAryPtr *OOPS;
