Skip to content
This repository has been archived by the owner on Feb 2, 2023. It is now read-only.


Browse files Browse the repository at this point in the history
8283408: Fix a C2 crash when filling arrays with unsafe
Backport-of: a6740c010b7d37f991c8547be6ea72b198e9094f
  • Loading branch information
TobiHartmann committed Apr 4, 2022
1 parent c9b8589 commit 29c7f1c
Show file tree
Hide file tree
Showing 2 changed files with 73 additions and 3 deletions.
13 changes: 10 additions & 3 deletions src/hotspot/share/opto/loopTransform.cpp
Expand Up @@ -3924,10 +3924,17 @@ bool PhaseIdealLoop::intrinsify_fill(IdealLoopTree* lpt) {
index = new LShiftXNode(index, shift->in(2));
index = new AddPNode(base, base, index);
Node* from = new AddPNode(base, index, offset);
Node* from = new AddPNode(base, base, index);
// For normal array fills, C2 uses two AddP nodes for array element
// addressing. But for array fills with Unsafe call, there's only one
// AddP node adding an absolute offset, so we do a NULL check here.
assert(offset != NULL || C->has_unsafe_access(),
"Only array fills with unsafe have no extra offset");
if (offset != NULL) {
from = new AddPNode(base, from, offset);
// Compute the number of elements to copy
Node* len = new SubINode(head->limit(), head->init_trip());
Expand Down
63 changes: 63 additions & 0 deletions test/hotspot/jtreg/compiler/loopopts/
@@ -0,0 +1,63 @@
* Copyright (c) 2022, Arm Limited. All rights reserved.
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit if you need additional information or have any
* questions.

* @test
* @bug 8283408
* @summary Fill a byte array with Java Unsafe API
* @run main/othervm -XX:+OptimizeFill compiler.loopopts.FillArrayWithUnsafe

package compiler.loopopts;

import java.lang.reflect.Field;

import sun.misc.Unsafe;

public class FillArrayWithUnsafe {

private static Unsafe unsafe;

public static void main(String[] args) throws Exception {
Class klass = Unsafe.class;
Field field = klass.getDeclaredField("theUnsafe");
unsafe = (Unsafe) field.get(null);

byte[] buffer;
// Make sure method newByteArray is compiled by C2
for (int i = 0; i < 50000; i++) {
buffer = newByteArray(100, (byte) 0x80);

public static byte[] newByteArray(int size, byte val) {
byte[] arr = new byte[size];
int offset = unsafe.arrayBaseOffset(byte[].class);
for (int i = offset; i < offset + size; i++) {
unsafe.putByte(arr, i, val);
return arr;

1 comment on commit 29c7f1c

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.