Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

8258382: Fix optimization-unstable code involving pointer overflow #1886

Closed
wants to merge 2 commits into from
Closed

8258382: Fix optimization-unstable code involving pointer overflow #1886

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ca1fbae
8258382: Fix optimization-unstable code
shqking Dec 15, 2020
4fc7949
Fix unstable code involving pointer overflow only
shqking Dec 25, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 4 additions & 4 deletions src/hotspot/share/gc/parallel/psPromotionLAB.hpp
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -118,9 +118,9 @@ class PSOldPromotionLAB : public PSPromotionLAB {
// assert(_state != flushed, "Sanity");
assert(_start_array != NULL, "Sanity");
HeapWord* obj = top();
HeapWord* new_top = obj + size;
// The 'new_top>obj' check is needed to detect overflow of obj+size.
if (new_top > obj && new_top <= end()) {
// Pointer overflow check is needed here.
shqking marked this conversation as resolved.
Show resolved Hide resolved
if (end() >= obj && size <= (size_t) (end() - obj)) {
shqking marked this conversation as resolved.
Show resolved Hide resolved
HeapWord* new_top = obj + size;
set_top(new_top);
assert(is_object_aligned(obj) && is_object_aligned(new_top),
"checking alignment");
Expand Down
8 changes: 4 additions & 4 deletions src/hotspot/share/gc/parallel/psPromotionLAB.inline.hpp
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -33,9 +33,9 @@ HeapWord* PSYoungPromotionLAB::allocate(size_t size) {
// Can't assert this, when young fills, we keep the LAB around, but flushed.
// assert(_state != flushed, "Sanity");
HeapWord* obj = top();
HeapWord* new_top = obj + size;
// The 'new_top>obj' check is needed to detect overflow of obj+size.
if (new_top > obj && new_top <= end()) {
// Pointer overflow check is needed here.
if (end() >= obj && size <= (size_t)(end() - obj)) {
shqking marked this conversation as resolved.
Show resolved Hide resolved
HeapWord* new_top = obj + size;
set_top(new_top);
assert(is_object_aligned(new_top), "checking alignment");
return obj;
Expand Down
6 changes: 3 additions & 3 deletions src/hotspot/share/opto/ifnode.cpp
View file
Open in desktop
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
Expand Down Expand Up @@ -631,15 +631,15 @@ const TypeInt* IfNode::filtered_int_type(PhaseGVN* gvn, Node* val, Node* if_proj
return cmp2_t;
case BoolTest::lt:
lo = TypeInt::INT->_lo;
if (hi - 1 < hi) {
if (hi != min_jint) {
hi = hi - 1;
}
break;
case BoolTest::le:
lo = TypeInt::INT->_lo;
break;
case BoolTest::gt:
if (lo + 1 > lo) {
if (lo != max_jint) {
lo = lo + 1;
}
hi = TypeInt::INT->_hi;
Expand Down
8 changes: 4 additions & 4 deletions src/hotspot/share/opto/loopTransform.cpp
View file
Open in desktop
Expand Up @@ -912,12 +912,12 @@ bool IdealLoopTree::policy_unroll(PhaseIdealLoop *phase) {
const TypeInt* iv_type = phase->_igvn.type(phi)->is_int();
int next_stride = stride_con * 2; // stride after this unroll
if (next_stride > 0) {
if (iv_type->_lo + next_stride <= iv_type->_lo || // overflow
if (iv_type->_lo > max_jint - next_stride || // overflow
iv_type->_lo + next_stride > iv_type->_hi) {
return false; // over-unrolling
}
} else if (next_stride < 0) {
if (iv_type->_hi + next_stride >= iv_type->_hi || // overflow
if (iv_type->_hi < min_jint - next_stride || // overflow
iv_type->_hi + next_stride < iv_type->_lo) {
return false; // over-unrolling
}
Expand All @@ -928,8 +928,8 @@ bool IdealLoopTree::policy_unroll(PhaseIdealLoop *phase) {
// After unroll limit will be adjusted: new_limit = limit-stride.
// Bailout if adjustment overflow.
const TypeInt* limit_type = phase->_igvn.type(limit_n)->is_int();
if ((stride_con > 0 && ((limit_type->_hi - stride_con) >= limit_type->_hi)) ||
(stride_con < 0 && ((limit_type->_lo - stride_con) <= limit_type->_lo)))
if ((stride_con > 0 && ((min_jint + stride_con) > limit_type->_hi)) ||
(stride_con < 0 && ((max_jint + stride_con) < limit_type->_lo)))
return false; // overflow

// Adjust body_size to determine if we unroll or not
Expand Down
2 changes: 1 addition & 1 deletion src/hotspot/share/opto/parse2.cpp
View file
Open in desktop
Expand Up @@ -536,7 +536,7 @@ void Parse::do_lookupswitch() {
}
prev = match_int+1;
}
if (prev-1 != max_jint) {
if (prev != min_jint) {
defaults += (float)max_jint - prev + 1;
}
float default_cnt = 1;
Expand Down