openjdk-1.8.0/8203196.patch

From 3607951c82cbfb387b071bdbbcf24e0a48344f36 Mon Sep 17 00:00:00 2001
Date: Fri, 22 Jan 2021 15:28:34 +0800
Subject: 8203196: C1 emits incorrect code due to integer
 overflow in _tableswitch keys

Summary: <c1>: C1 emits incorrect code due to integer overflow in _tableswitch keys
LLT: NA
Bug url: https://bugs.openjdk.java.net/browse/JDK-8203196
---
 hotspot/src/share/vm/c1/c1_Instruction.hpp  |  4 +-
 hotspot/src/share/vm/c1/c1_LIRGenerator.cpp |  2 +-
 hotspot/test/compiler/c1/SwitchTest.java    | 46 +++++++++++++++++++++
 3 files changed, 49 insertions(+), 3 deletions(-)
 create mode 100644 hotspot/test/compiler/c1/SwitchTest.java

diff --git a/hotspot/src/share/vm/c1/c1_Instruction.hpp b/hotspot/src/share/vm/c1/c1_Instruction.hpp
index 789dba62b..ee4adbc48 100644
--- a/hotspot/src/share/vm/c1/c1_Instruction.hpp
+++ b/hotspot/src/share/vm/c1/c1_Instruction.hpp
@@ -2124,11 +2124,11 @@ LEAF(TableSwitch, Switch)
   // creation
   TableSwitch(Value tag, BlockList* sux, int lo_key, ValueStack* state_before, bool is_safepoint)
     : Switch(tag, sux, state_before, is_safepoint)
-  , _lo_key(lo_key) {}
+  , _lo_key(lo_key) { assert(_lo_key <= hi_key(), "integer overflow"); }
 
   // accessors
   int lo_key() const                             { return _lo_key; }
-  int hi_key() const                             { return _lo_key + length() - 1; }
+  int hi_key() const                             { return _lo_key + (length() - 1); }
 };
 
 
diff --git a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp
index 8cfda1b3f..5d47231ca 100644
--- a/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp
+++ b/hotspot/src/share/vm/c1/c1_LIRGenerator.cpp
@@ -2574,8 +2574,8 @@ void LIRGenerator::do_TableSwitch(TableSwitch* x) {
   move_to_phi(x->state());
 
   int lo_key = x->lo_key();
-  int hi_key = x->hi_key();
   int len = x->length();
+  assert(lo_key <= (lo_key + (len - 1)), "integer overflow");
   LIR_Opr value = tag.result();
   if (UseTableRanges) {
     do_SwitchRanges(create_lookup_ranges(x), value, x->default_sux());
diff --git a/hotspot/test/compiler/c1/SwitchTest.java b/hotspot/test/compiler/c1/SwitchTest.java
new file mode 100644
index 000000000..d18eccc0f
--- /dev/null
+++ b/hotspot/test/compiler/c1/SwitchTest.java
@@ -0,0 +1,46 @@
+/*
+ * @test
+ * @bug 8203196
+ * @summary C1 emits incorrect code due to integer overflow in _tableswitch keys
+ * @run main/othervm -Xcomp SwitchTest
+ */
+public class SwitchTest {
+    public static void main(String args[]) throws Exception {
+        int test2 = 2147483647;
+        int check2 = 0;
+        switch (test2) {
+            case 2147483640:
+                check2 = 2147483640;
+                break;
+            case 2147483641:
+                check2 = 2147483641;
+                break;
+            case 2147483642:
+                check2 = 2147483642;
+                break;
+            case 2147483643:
+                check2 = 2147483643;
+                break;
+            case 2147483644:
+                check2 = 2147483644;
+                break;
+            case 2147483645:
+                check2 = 2147483645;
+                break;
+            case 2147483646:
+                check2 = 2147483646;
+                break;
+            case 2147483647:
+                check2 = 2147483647;
+                break;
+            default:
+                check2 = 123456;
+                break;
+        }
+        if (check2 != test2) {
+            System.out.println("choose a wrong case");
+            throw new Exception();
+        }
+
+    }
+}
\ No newline at end of file
-- 
2.19.0