[aarch64-port-dev ] RFR(s): AARCH64: 8147805: C1 segmentation fault due to inline Unsafe::getAndSetObject

Edward Nevill edward.nevill at gmail.com
Wed Jan 20 14:21:25 UTC 2016


On Wed, 2016-01-20 at 21:30 +0800, Hui Shi wrote:
> Hi All,
> 
> Could some one help review this AArch64 C1 issue? Issue happens when inline
> unsafe.getAndSet(data) in C1 and UseCompressedOops flag is true, register
> is compressed for store, but it is not restored into decompressed form.
> Later compressed result is used as reference address and goes wrong.
> 
> Bug:  https://bugs.openjdk.java.net/browse/JDK-8147805
> webrev: http://cr.openjdk.java.net/~hshi/8147805/webrev/
> Small test case in http://cr.openjdk.java.net/~hshi/8147805/TestUnsafe.java
> Crash can be reproduced by java -XX:TieredStopAtLevel=3
> -XX:+TieredCompilation -Xms4G -Xmx4G TestUnsafe

Hi Hui Shi,

Thanks for finding this. Your change looks correct, but if I make suggest the following smaller change which achieves the same.

diff -r 46c1abd5c34d src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp
--- a/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp    Tue Jan 12 14:55:15 2016 +0000
+++ b/src/cpu/aarch64/vm/c1_LIRAssembler_aarch64.cpp    Wed Jan 20 14:16:56 2016 +0000
@@ -3169,7 +3169,8 @@
       Register obj = as_reg(data);
       Register dst = as_reg(dest);
       if (is_oop && UseCompressedOops) {
-        __ encode_heap_oop(obj);
+        __ encode_heap_oop(rscratch1, obj);
+        obj = rscratch1;
       }
       assert_different_registers(obj, addr.base(), tmp, rscratch2, dst);
       Label again;

Regards,
Ed.




More information about the aarch64-port-dev mailing list