RFR(S): 8215265: C2: range check elimination may allow illegal out of bound access
tobias.hartmann at oracle.com
Mon Dec 17 12:52:39 UTC 2018
but like this, you may unnecessarily increase the number of iterations of the pre-loop, right?
On 17.12.18 10:28, Roland Westrelin wrote:
> In the test case, for the loop in test1, the limit for the pre loop is
> computed by range check elimination to be, for offset = -5:
> (0 - (-5)) / 2 = 2
> So main loop starts executing with i = 2, but 2 * 2 - 5 = -1 and is out
> of bound.
> For the loop in test2, the limit for the pre loop is, for offset = 203:
> (199 - (203+1)) / -2 = 2
> and main loop starts at i = 2, but 203 - 4 = 199 is out of bound.
> In both cases, the root cause is that integer division rounds the limit
> of the pre loop down. The fix I propose is to add 1 to the limit of the
> pre loop in both cases.
> I thought the same problem would apply to the limit of the main loop in
> some cases but couldn't write a test case or find a scale/offset pair
> that would allow an out of bound array access.
More information about the hotspot-compiler-dev