Optimizing: Do not crash on bad `filled-new-array` opcode. am: e7776615ea am: e0d94b8b18

Original change: https://android-review.googlesource.com/c/platform/art/+/3498404

Change-Id: I19a83c3dccb8fac5688df505725a9717c8f840c2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

1 files changed, 18 insertions, 9 deletions

diff --git a/compiler/optimizing/instruction_builder.cc b/compiler/optimizing/instruction_builder.cc
index f65586f505..1f2628c8ec 100644
--- a/compiler/optimizing/instruction_builder.cc
+++ b/compiler/optimizing/instruction_builder.cc
@@ -2542,9 +2542,9 @@ HNewArray* HInstructionBuilder::BuildNewArray(uint32_t dex_pc,
   return new_array;
 }
 
-HNewArray* HInstructionBuilder::BuildFilledNewArray(uint32_t dex_pc,
-                                                    dex::TypeIndex type_index,
-                                                    const InstructionOperands& operands) {
+bool HInstructionBuilder::BuildFilledNewArray(uint32_t dex_pc,
+                                              dex::TypeIndex type_index,
+                                              const InstructionOperands& operands) {
   const size_t number_of_operands = operands.GetNumberOfOperands();
   HInstruction* length = graph_->GetIntConstant(number_of_operands);
 
@@ -2552,7 +2552,13 @@ HNewArray* HInstructionBuilder::BuildFilledNewArray(uint32_t dex_pc,
   const char* descriptor = dex_file_->GetTypeDescriptor(type_index);
   DCHECK_EQ(descriptor[0], '[') << descriptor;
   char primitive = descriptor[1];
-  DCHECK(primitive == 'I' || primitive == 'L' || primitive == '[') << descriptor;
+  if (primitive != 'I' && primitive != 'L' && primitive != '[') {
+    DCHECK(primitive != 'J' && primitive != 'D');  // Rejected by the verifier.
+    // FIXME: Why do we JIT compile a method with `VERIFY_ERROR_FILLED_NEW_ARRAY` when
+    // `CanCompilerHandleVerificationFailure(VERIFY_ERROR_FILLED_NEW_ARRAY)` returns false?
+    MaybeRecordStat(compilation_stats_, MethodCompilationStat::kNotCompiledMalformedOpcode);
+    return false;
+  }
   bool is_reference_array = (primitive == 'L') || (primitive == '[');
   DataType::Type type = is_reference_array ? DataType::Type::kReference : DataType::Type::kInt32;
 
@@ -2565,7 +2571,8 @@ HNewArray* HInstructionBuilder::BuildFilledNewArray(uint32_t dex_pc,
   }
   latest_result_ = new_array;
 
-  return new_array;
+  BuildConstructorFenceForAllocation(new_array);
+  return true;
 }
 
 template <typename T>
@@ -3718,16 +3725,18 @@ bool HInstructionBuilder::ProcessDexInstruction(const Instruction& instruction,
       uint32_t args[5];
       uint32_t number_of_vreg_arguments = instruction.GetVarArgs(args);
       VarArgsInstructionOperands operands(args, number_of_vreg_arguments);
-      HNewArray* new_array = BuildFilledNewArray(dex_pc, type_index, operands);
-      BuildConstructorFenceForAllocation(new_array);
+      if (!BuildFilledNewArray(dex_pc, type_index, operands)) {
+        return false;
+      }
       break;
     }
 
     case Instruction::FILLED_NEW_ARRAY_RANGE: {
       dex::TypeIndex type_index(instruction.VRegB_3rc());
       RangeInstructionOperands operands(instruction.VRegC_3rc(), instruction.VRegA_3rc());
-      HNewArray* new_array = BuildFilledNewArray(dex_pc, type_index, operands);
-      BuildConstructorFenceForAllocation(new_array);
+      if (!BuildFilledNewArray(dex_pc, type_index, operands)) {
+        return false;
+      }
       break;
     }