8027751: C1 crashes in Weblogic with G1 enabled
authoriveresov
Tue, 05 Nov 2013 00:59:30 -0800
changeset 21525 7ff7fc8b5382
parent 21523 49c80d56e5e3
child 21526 03b4acedb351
8027751: C1 crashes in Weblogic with G1 enabled Summary: Keep T_OBJECT operands in registers for logical operations on x64 Reviewed-by: kvn, roland
hotspot/src/share/vm/c1/c1_LinearScan.cpp
hotspot/test/compiler/regalloc/C1ObjectSpillInLogicOp.java
--- a/hotspot/src/share/vm/c1/c1_LinearScan.cpp	Mon Nov 04 21:59:54 2013 +0100
+++ b/hotspot/src/share/vm/c1/c1_LinearScan.cpp	Tue Nov 05 00:59:30 2013 -0800
@@ -1138,8 +1138,10 @@
         }
       }
     }
-
-  } else if (opr_type != T_LONG) {
+    // We want to sometimes use logical operations on pointers, in particular in GC barriers.
+    // Since 64bit logical operations do not current support operands on stack, we have to make sure
+    // T_OBJECT doesn't get spilled along with T_LONG.
+  } else if (opr_type != T_LONG LP64_ONLY(&& opr_type != T_OBJECT)) {
     // integer instruction (note: long operands must always be in register)
     switch (op->code()) {
       case lir_cmp:
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/regalloc/C1ObjectSpillInLogicOp.java	Tue Nov 05 00:59:30 2013 -0800
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8027751
+ * @summary C1 crashes generating G1 post-barrier in Unsafe.getAndSetObject() intrinsic because of the new value spill
+ * @run main/othervm -XX:+UseG1GC C1ObjectSpillInLogicOp
+ *
+ * G1 barriers use logical operators (xor) on T_OBJECT mixed with T_LONG or T_INT.
+ * The current implementation of logical operations on x86 in C1 doesn't allow for long operands to be on stack.
+ * There is a special code in the register allocator that forces long arguments in registers on x86. However T_OBJECT
+ * can be spilled just fine, and in that case the xor emission will fail.
+ */
+
+import java.util.concurrent.atomic.*;
+class C1ObjectSpillInLogicOp {
+  static public void main(String[] args) {
+    AtomicReferenceArray<Integer> x = new AtomicReferenceArray(128);
+    Integer y = new Integer(0);
+    for (int i = 0; i < 50000; i++) {
+      x.getAndSet(i % x.length(), y);
+    }
+  }
+}