[9] RFR (S): 8181872: C1: possible overflow when strength reducing integer multiply by constant
Vladimir Ivanov
vladimir.x.ivanov at oracle.com
Thu Jun 15 09:53:14 UTC 2017
http://cr.openjdk.java.net/~vlivanov/8181872/webrev.00
https://bugs.openjdk.java.net/browse/JDK-8181872
LIRGenerator tries to strength reduce integer multiply and replace it
with a shift when the constant has 2^n - 1, 2^n, or 2^n + 1 shape.
The problem is that there's only c > 0 check, but since signed integer
overflow is undefined in C/C++, is_power_of_2(c+1) can become true for c
== max_jint.
The fix is to always check the constant to be in bounds (0 < c <
max_jint) before detecting 2^n - 1, 2^n, 2^n + 1 shapes.
The problem is C++ compiler-specific: it was only observed on MacOS with
clang 8.1.0 and I wasn't able to reproduce it with 8.0.0 (or earlier). I
don't see official jdk9 build platforms to be affected, but it seems
safer to fix it in 9.
Testing: regression test, JPRT, RBT (hs-tier0-comp).
Thanks!
Best regards,
Vladimir Ivanov
More information about the hotspot-compiler-dev
mailing list