8332632: Redundant assert "compiler should always document failure: %s" with possible UB

[eastig]

JDK-8303951 added the following code: https://github.com/openjdk/jdk/pull/13038/files#diff-2e74481e557cbe87170a56a6e592eea33bb59019926e1c32bebcfaf5b571bb53R2280

     if (!ci_env.failing() && !task->is_success()) {
+ assert(ci_env.failure_reason() != nullptr, "expect failure reason");
+ assert(false, "compiler should always document failure: %s", ci_env.failure_reason());

The second assert is redundant because ci_env.failure_reason() != nullptr is always false. It also has possible UB.

A compiler sees if-statement checking !ci_env.failing() which, if it is true, implies ci_env.failure_reason() is nullptr.

Based on this information the compiler can optimize assert(ci_env.failure_reason() != nullptr, "expect failure reason"); to
assert(false, "expect failure reason"); .
The compiler can optimize assert(false, "compiler should always document failure: %s", ci_env.failure_reason()); to assert(false, "compiler should always document failure: %s", nullptr); .

So the original code would be like the following:

if (!ci_env.failing() && !task->is_success()) {
  assert(false, "expect failure reason");
  assert(false, "compiler should always document failure: %s", nullptr);
}

We have an expression where a format string is used. Format strings usually have undefined behavior if nullptr is passed for the character string format specifier. See std::printf for example.

Even the second assert is never executed, it makes the IF-block to have UB. The C++ standard says: correct C++ programs are free of undefined behavior. See https://en.cppreference.com/w/cpp/language/ub and https://en.cppreference.com/w/cpp/language/as_if

Choosing between readability and correctness, I choose correctness.

I think the one assert assert(ci_env.failure_reason() != nullptr, "compiler should always document failure"); meets being self-documented and correct.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8332632: Redundant assert "compiler should always document failure: %s" with possible UB (Enhancement - P5)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19395/head:pull/19395
$ git checkout pull/19395

Update a local copy of the PR:
$ git checkout pull/19395
$ git pull https://git.openjdk.org/jdk.git pull/19395/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 19395

View PR using the GUI difftool:
$ git pr show -t 19395

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19395.diff

Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back eastigeevich! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@eastig The following label will be automatically applied to this pull request:

• hotspot-compiler

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[openjdk]

@eastig Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

[openjdk]

@eastig Please do not rebase or force-push to an active PR as it invalidates existing review comments. Note for future reference, the bots always squash all changes into a single commit automatically as part of the integration. See OpenJDK Developers’ Guide for more information.

[mlbridge]

Webrevs

• 00: Full (08d26b7a)

[vnkozlov]

I think it is typo. This code wants to check and print in these asserts task->_failure_reason which should be set when !task->is_success().
We do miss public accessors to CompileTask::_failure_reason which have to be added.
And may be we should pass the failure to ciEnv too in this code instead of "compile failed".

[bridgekeeper]

@eastig This pull request has been inactive for more than 4 weeks and will be automatically closed if another 4 weeks passes without any activity. To avoid this, simply add a new comment to the pull request. Feel free to ask for assistance if you need help with progressing this pull request towards integration!

[bridgekeeper]

@eastig This pull request has been inactive for more than 8 weeks and will now be automatically closed. If you would like to continue working on this pull request in the future, feel free to reopen it! This can be done using the /open pull request command.