Withdrawn: 8311010: C1 array access causes SIGSEGV due to lack of range check
Yi Yang
yyang at openjdk.org
Wed Jun 28 11:23:13 UTC 2023
On Wed, 28 Jun 2023 09:02:10 GMT, Yi Yang <yyang at openjdk.org> wrote:
> int[] a = { 11 } ;
> for (int i = -1; i <= 0; i++) {
> // Insert deopt check
> if (2147483646 * i >=1) { goto deopt_stub;}
> for (int j = -3; j <= 2147483646 * i - 3; j++) {
> b += a[j + 3];
> }
> }
>
> C1 eliminates range check before accessing array and inserts a deoptimization check before loop header, because he did the following deduction:
>
> lower - const <= x <= upper - const
> lower <= x + const <= upper
>
> This is wrong, because (lower - const + const) and (upper - const + const) may overflow/underflow, e.g.
>
> -3 <= x <= min_jint - 3
> 0 <= x + 3 <= min_jint (wrong)
>
> The proposed change is to assume the worst case whenever upper or lower is found, which may be somewhat conservative.
This pull request has been closed without being integrated.
-------------
PR: https://git.openjdk.org/jdk/pull/14689
More information about the hotspot-compiler-dev
mailing list