RFR: 8311010: C1 array access causes SIGSEGV due to lack of range check
Yi Yang
yyang at openjdk.org
Wed Jun 28 09:09:15 UTC 2023
int[] a = { 11 } ;
for (int i = -1; i <= 0; i++) {
for (int j = -3; j <= 2147483646 * i - 3; j++) {
b += a[j + 3];
}
}
C1 eliminates range check before accessing array, because he did the following deduction:
lower - const <= x <= upper - const
lower <= x + const <= upper
This is wrong, because (lower - const + const) and (upper - const + const) may overflow/underflow, e.g.
-3 <= x <= min_jint - 3
0 <= x + 3 <= min_jint (wrong)
The proposed change is to assume the worst case whenever upper or lower is found, which may be somewhat conservative.
-------------
Commit messages:
- 8311010 C1 array access causes SIGSEGV due to lack of range check
Changes: https://git.openjdk.org/jdk/pull/14689/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=14689&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8311010
Stats: 71 lines in 2 files changed: 69 ins; 0 del; 2 mod
Patch: https://git.openjdk.org/jdk/pull/14689.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/14689/head:pull/14689
PR: https://git.openjdk.org/jdk/pull/14689
More information about the hotspot-compiler-dev
mailing list