[v0.53.0] Defer generating dereference of vft-symbol in JProfilingValue #22055
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In the process of finding values to profile, the method TR_JProfilingValue::cleanUpAndAddProfilingCandidates would insert calls to the jProfileValueWithNullCHK non-helper for instanceof and checkcast operations, with the child of each call being an indirect load of the <vft-symbol> for the value that is to be profiled. During TR_JProfilingValue::addProfilingTrees, those calls would be transformed to guard the dereference of the indirect load with a test of whether the value is a null reference. However, if generation of profiling trees is halted early during TR_JProfilingValue::lowerCalls, any value beneath the jProfileValueWithNullCHK will simply be left anchored in its original position, unguarded. This can result in a segmentation fault if the value that was to be profiled was a null reference. This change delays introducing the indirect load of the <vft-symbol> until TR_JProfilingValue::lowerCalls, so that the indirect load is properly guarded. If generation of profiling trees is halted early, the original value will be left behind anchored, allowing it be properly evaluated in its original relative position. Signed-off-by: Henry Zongaro <[email protected]>
If the operation that's being profiled is instanceof or checkcast, the code in the quickTest block and the helper call block should test the result of the load of the vft-symbol for profiling. The previous change only added the indirect load of the vft-symbol in the IL generated for the helper call. This change adds the missing load of the vft-symbol to the quickTest block as well. Signed-off-by: Henry Zongaro <[email protected]>
|
I would wait until Monday after the head stream change has gone through nightly and other builds. |
pshipton
approved these changes
Jun 9, 2025
This was referenced Jun 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In the process of finding values to profile, the method
TR_JProfilingValue::cleanUpAndAddProfilingCandidateswould insert calls to thejProfileValueWithNullCHKnon-helper forinstanceofandcheckcastoperations, with the child of each call being an indirect load of the<vft-symbol>for the value that is to be profiled.During
TR_JProfilingValue::addProfilingTrees, those calls would be transformed to guard the dereference of the indirect load with a test of whether the value is a null reference.However, if generation of profiling trees is halted early during
TR_JProfilingValue::lowerCalls, any value beneath thejProfileValueWithNullCHKwill simply be left anchored in its original position, unguarded. This can result in a segmentation fault if the value that was to be profiled was a null reference.This change delays introducing the indirect load of the
<vft-symbol>untilTR_JProfilingValue::lowerCalls, so that the indirect load is properly guarded. If generation of profiling trees is halted early, the original value will be left behind anchored, allowing it be properly evaluated in its original relative position.Fixes: #21822
Port of pull request #22028 to v0.53.0-release branch.