8066103: C2's range check smearing allows out of bound array accesses
igor.veresov at oracle.com
Wed Dec 3 04:51:48 UTC 2014
Seems good. You don’t have to prefix every declaration of RangeCheck variable with the “struct” though.
> On Dec 2, 2014, at 4:45 AM, Roland Westrelin <roland.westrelin at oracle.com> wrote:
>> The propose fix is correct. Comments are good.
>> (nb_checks == 0) check and rc0 could be moved before (index1) to avoid duplication on both paths.
>> Add tests with i-c negative constants (and combinations -c and +c) when i starts with > c value.
> Thanks for the review. Here is a new webrev:
>> On 12/1/14 6:46 AM, Roland Westrelin wrote:
>>> Given a list of range checks of the form i + constant <u array.length, Range check smearing adjusts the top 2 dominating range checks to cover all range checks that post dominate. It’s incorrect to adjust the first range check because it allows the accesses that it guards to access out of bounds. If the first range check’s constant is the min of all constants, then it’s sufficient to adjust the second range check to test on the max of all constants. If the first range check’s constant is the max of all constants, then it’s sufficient to adjust the second range check to test on the min of all constants. In the general case, 3 range checks are needed to cover the rest of the series of range checks.
More information about the hotspot-compiler-dev