From 0e8b56655778da1200e06bb7138f86f8d395aec5 Mon Sep 17 00:00:00 2001 From: wangkaihui Date: Sat, 28 Dec 2019 12:41:30 +0000 Subject: [PATCH] 8203196: C1 emits incorrect code due to integer overflow in _tableswitch keys Summary: : C1 emits incorrect code due to integer overflow in _tableswitch keys LLT: NA Patch Type: backport Bug url: https://bugs.openjdk.java.net/browse/JDK-8203196 --- hotspot/src/share/vm/c1/c1_Instruction.hpp | 4 +-- hotspot/src/share/vm/c1/c1_LIRGenerator.cpp | 2 +- hotspot/test/compiler/c1/SwitchTest.java | 46 +++++++++++++++++++++++++++++ 3 files changed, 49 insertions(+), 3 deletions(-) create mode 100644 hotspot/test/compiler/c1/SwitchTest.java diff --git a/hotspot/src/share/vm/c1/c1_Instruction.hpp b/hotspot/src/share/vm/c1/c1_Instruction.hpp index 789dba62b2..ee4adbc483 100644 --- a/hotspot/src/share/vm/c1/c1_Instruction.hpp +++ b/hotspot/src/share/vm/c1/c1_Instruction.hpp @@ -2124,11 +2124,11 @@ LEAF(TableSwitch, Switch) // creation TableSwitch(Value tag, BlockList* sux, int lo_key, ValueStack* state_before, bool is_safepoint) : Switch(tag, sux, state_before, is_safepoint) - , _lo_key(lo_key) {} + , _lo_key(lo_key) { assert(_lo_key <= hi_key(), "integer overflow"); } // accessors int lo_key() const { return _lo_key; } - int hi_key() const { return _lo_key + length() - 1; } + int hi_key() const { return _lo_key + (length() - 1); } }; diff --git a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp index 1cf9f0e8c4..3a48de9eb0 100644 --- a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp +++ b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp @@ -2602,8 +2602,8 @@ void LIRGenerator::do_TableSwitch(TableSwitch* x) { move_to_phi(x->state()); int lo_key = x->lo_key(); - int hi_key = x->hi_key(); int len = x->length(); + assert(lo_key <= (lo_key + (len - 1)), "integer overflow"); LIR_Opr value = tag.result(); if (UseTableRanges) { do_SwitchRanges(create_lookup_ranges(x), value, x->default_sux()); diff --git a/hotspot/test/compiler/c1/SwitchTest.java b/hotspot/test/compiler/c1/SwitchTest.java new file mode 100644 index 0000000000..d18eccc0fb --- /dev/null +++ b/hotspot/test/compiler/c1/SwitchTest.java @@ -0,0 +1,46 @@ +/* + * @test + * @bug 8203196 + * @summary C1 emits incorrect code due to integer overflow in _tableswitch keys + * @run main/othervm -Xcomp SwitchTest + */ +public class SwitchTest { + public static void main(String args[]) throws Exception { + int test2 = 2147483647; + int check2 = 0; + switch (test2) { + case 2147483640: + check2 = 2147483640; + break; + case 2147483641: + check2 = 2147483641; + break; + case 2147483642: + check2 = 2147483642; + break; + case 2147483643: + check2 = 2147483643; + break; + case 2147483644: + check2 = 2147483644; + break; + case 2147483645: + check2 = 2147483645; + break; + case 2147483646: + check2 = 2147483646; + break; + case 2147483647: + check2 = 2147483647; + break; + default: + check2 = 123456; + break; + } + if (check2 != test2) { + System.out.println("choose a wrong case"); + throw new Exception(); + } + + } +} \ No newline at end of file -- 2.12.3