[11] RFR(S): 8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys
Tobias Hartmann
tobias.hartmann at oracle.com
Tue May 22 06:55:10 UTC 2018
Thanks, Vladimir!
Best regards,
Tobias
On 18.05.2018 20:19, Vladimir Ivanov wrote:
> Looks good.
>
> Best regards,
> Vladimir Ivanov
>
> On 5/18/18 03:02, Tobias Hartmann wrote:
>> Hi,
>>
>> please review the following patch:
>> https://bugs.openjdk.java.net/browse/JDK-8203196
>> http://cr.openjdk.java.net/~thartmann/8203196/webrev.00/
>>
>> C1 incorrectly compiles a _tableswitch instruction due to an integer overflow of x->hi_key() in
>> Canonicalizer::do_TableSwitch():
>> 0 0 i5 2147483647
>> . 2 0 6 tableswitch i5
>> case 2147483647: B1
>> default : B2
>> canonicalized to:
>> . 2 0 7 goto B2
>>
>> We compute hi_key = _lo_key + length() - 1 = INT_MAX + (2 - 1) - 1 = INT_MAX + 1 - 1 which may
>> overflow depending on how the C++ compiler translates it (fails with fastdebug, works with
>> slowdebug). I've added parentheses and an assert for sanity checking.
>>
>> This problem was introduced by the fix for JDK-8200303. Before, we would use an if instead of a
>> switch [1].
>>
>> Thanks,
>> Tobias
>>
>> [1] http://hg.openjdk.java.net/jdk/jdk/rev/d84f06a0cae1#l3.8
>>
More information about the hotspot-compiler-dev
mailing list