8366794: [lworld] "assert(!is_null(v)) failed: narrow klass value can never be zero" with -Xint and COH

coleenp · coleenp · commit 0817750d4344 · 2025-09-10T02:05:04.000Z
Reviewed-by: fparain
diff --git a/src/hotspot/share/oops/flatArrayKlass.cpp b/src/hotspot/share/oops/flatArrayKlass.cpp
@@ -169,9 +169,13 @@ jint FlatArrayKlass::array_layout_helper(InlineKlass* vk, LayoutKind lk) {
 }
 
 size_t FlatArrayKlass::oop_size(oop obj) const {
-  assert(obj->klass()->is_flatArray_klass(),"must be an flat array");
+  // In this assert, we cannot safely access the Klass* with compact headers,
+  // because size_given_klass() calls oop_size() on objects that might be
+  // concurrently forwarded, which would overwrite the Klass*.
+  // Also, why we need to pass this layout_helper() to flatArrayOop::object_size.
+  assert(UseCompactObjectHeaders || obj->is_flatArray(),"must be an flat array");
   flatArrayOop array = flatArrayOop(obj);
-  return array->object_size();
+  return array->object_size(layout_helper());
 }
 
 // For now return the maximum number of array elements that will not exceed:
diff --git a/src/hotspot/share/oops/flatArrayOop.hpp b/src/hotspot/share/oops/flatArrayOop.hpp
@@ -59,7 +59,7 @@ class flatArrayOopDesc : public objArrayOopDesc {
     return align_object_size((intptr_t)size_in_words);
   }
 
-  int object_size() const;
+  int object_size(int lh) const;
 
 };
 
diff --git a/src/hotspot/share/oops/flatArrayOop.inline.hpp b/src/hotspot/share/oops/flatArrayOop.inline.hpp
@@ -42,8 +42,8 @@ inline void* flatArrayOopDesc::value_at_addr(int index, jint lh) const {
   return (void*) addr;
 }
 
-inline int flatArrayOopDesc::object_size() const {
-  return object_size(klass()->layout_helper(), length());
+inline int flatArrayOopDesc::object_size(int lh) const {
+  return object_size(lh, length());
 }
 
 inline oop flatArrayOopDesc::obj_at(int index) const {
diff --git a/src/hotspot/share/oops/objArrayKlass.cpp b/src/hotspot/share/oops/objArrayKlass.cpp
@@ -149,7 +149,7 @@ size_t ObjArrayKlass::oop_size(oop obj) const {
   // concurrently forwarded, which would overwrite the Klass*.
   assert(UseCompactObjectHeaders || obj->is_objArray(), "must be object array");
   // return objArrayOop(obj)->object_size();
-  return obj->is_flatArray() ? flatArrayOop(obj)->object_size() : refArrayOop(obj)->object_size();
+  return obj->is_flatArray() ? flatArrayOop(obj)->object_size(layout_helper()) : refArrayOop(obj)->object_size();
 }
 
 ArrayDescription ObjArrayKlass::array_layout_selection(Klass* element, ArrayProperties properties) {

Original file line number	Diff line number	Diff line change
`@@ -169,9 +169,13 @@ jint FlatArrayKlass::array_layout_helper(InlineKlass* vk, LayoutKind lk) {`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`size_t FlatArrayKlass::oop_size(oop obj) const {`
`172`		`- assert(obj->klass()->is_flatArray_klass(),"must be an flat array");`
	`172`	`+ // In this assert, we cannot safely access the Klass* with compact headers,`
	`173`	`+ // because size_given_klass() calls oop_size() on objects that might be`
	`174`	`+ // concurrently forwarded, which would overwrite the Klass*.`
	`175`	`+ // Also, why we need to pass this layout_helper() to flatArrayOop::object_size.`
	`176`	`+ assert(UseCompactObjectHeaders \|\| obj->is_flatArray(),"must be an flat array");`
`173`	`177`	`flatArrayOop array = flatArrayOop(obj);`
`174`		`- return array->object_size();`
	`178`	`+ return array->object_size(layout_helper());`
`175`	`179`	`}`
`176`	`180`
`177`	`181`	`// For now return the maximum number of array elements that will not exceed:`
Original file line number	Diff line number	Diff line change
`@@ -59,7 +59,7 @@ class flatArrayOopDesc : public objArrayOopDesc {`
`59`	`59`	`return align_object_size((intptr_t)size_in_words);`
`60`	`60`	`}`
`61`	`61`
`62`		`- int object_size() const;`
	`62`	`+ int object_size(int lh) const;`
`63`	`63`
`64`	`64`	`};`
`65`	`65`
Original file line number	Diff line number	Diff line change
`@@ -42,8 +42,8 @@ inline void* flatArrayOopDesc::value_at_addr(int index, jint lh) const {`
`42`	`42`	`return (void*) addr;`
`43`	`43`	`}`
`44`	`44`
`45`		`-inline int flatArrayOopDesc::object_size() const {`
`46`		`- return object_size(klass()->layout_helper(), length());`
	`45`	`+inline int flatArrayOopDesc::object_size(int lh) const {`
	`46`	`+ return object_size(lh, length());`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`inline oop flatArrayOopDesc::obj_at(int index) const {`
Original file line number	Diff line number	Diff line change
`@@ -149,7 +149,7 @@ size_t ObjArrayKlass::oop_size(oop obj) const {`
`149`	`149`	`// concurrently forwarded, which would overwrite the Klass*.`
`150`	`150`	`assert(UseCompactObjectHeaders \|\| obj->is_objArray(), "must be object array");`
`151`	`151`	`// return objArrayOop(obj)->object_size();`
`152`		`- return obj->is_flatArray() ? flatArrayOop(obj)->object_size() : refArrayOop(obj)->object_size();`
	`152`	`+ return obj->is_flatArray() ? flatArrayOop(obj)->object_size(layout_helper()) : refArrayOop(obj)->object_size();`
`153`	`153`	`}`
`154`	`154`
`155`	`155`	`ArrayDescription ObjArrayKlass::array_layout_selection(Klass* element, ArrayProperties properties) {`