RFR(S): 8221083: [ppc64] Wrong oop compare in C1-generated code
Volker Simonis
volker.simonis at gmail.com
Tue Mar 19 18:54:28 UTC 2019
Hi,
can I please have a review for the following small ppc64-only C1 patch
which fixes a nasty, day-one problem which only recently popped up
more frequently:
http://cr.openjdk.java.net/~simonis/webrevs/2019/8221083/
https://bugs.openjdk.java.net/browse/JDK-8221083
The C1 generated code for comparing two oops erroneously emits a
32-bit instead of an 64-bit compare instruction. Because oops are only
compared for equality/inequality, this bug only becomes manifests for
oops which are equal in their 32 least-significant bits but unequal
otherwise. This means the two oops have to be exactly 4GB apart from
each other in the heap or their 32 least significant bits have to be
zero when compared to 'null'.
This makes the occurrence of this bug extremely unlikely, but when it
happens, the consequences are usually a semantically wrong program
execution and not a crash, which makes it very hard to detect.
The regression test reproduces the issue by allocation an object at an
address with the 32-bit least significant bits being zero and comperes
it with another null object.
The fix also removes some adjacent code which has never been used (and
tested) until now.
Thank you and best regards,
Volker
More information about the hotspot-compiler-dev
mailing list