8258382: Fix optimization-unstable code involving pointer overflow

Reviewed-by: kbarrett

src/hotspot/share/gc/parallel/psPromotionLAB.hpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -118,9 +118,8 @@ class PSOldPromotionLAB : public PSPromotionLAB {
     // assert(_state != flushed, "Sanity");
     assert(_start_array != NULL, "Sanity");
     HeapWord* obj = top();
-    HeapWord* new_top = obj + size;
-    // The 'new_top>obj' check is needed to detect overflow of obj+size.
-    if (new_top > obj && new_top <= end()) {
+    if (size <= pointer_delta(end(), obj)) {
+      HeapWord* new_top = obj + size;
       set_top(new_top);
       assert(is_object_aligned(obj) && is_object_aligned(new_top),
              "checking alignment");

src/hotspot/share/gc/parallel/psPromotionLAB.inline.hpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -33,9 +33,8 @@ HeapWord* PSYoungPromotionLAB::allocate(size_t size) {
   // Can't assert this, when young fills, we keep the LAB around, but flushed.
   // assert(_state != flushed, "Sanity");
   HeapWord* obj = top();
-  HeapWord* new_top = obj + size;
-  // The 'new_top>obj' check is needed to detect overflow of obj+size.
-  if (new_top > obj && new_top <= end()) {
+  if (size <= pointer_delta(end(), obj)) {
+    HeapWord* new_top = obj + size;
     set_top(new_top);
     assert(is_object_aligned(new_top), "checking alignment");
     return obj;