8027751: C1 crashes in Weblogic with G1 enabled
Summary: Keep T_OBJECT operands in registers for logical operations on x64
Reviewed-by: kvn, roland
--- a/hotspot/src/share/vm/c1/c1_LinearScan.cpp Mon Nov 04 21:59:54 2013 +0100
+++ b/hotspot/src/share/vm/c1/c1_LinearScan.cpp Tue Nov 05 00:59:30 2013 -0800
@@ -1138,8 +1138,10 @@
}
}
}
-
- } else if (opr_type != T_LONG) {
+ // We want to sometimes use logical operations on pointers, in particular in GC barriers.
+ // Since 64bit logical operations do not current support operands on stack, we have to make sure
+ // T_OBJECT doesn't get spilled along with T_LONG.
+ } else if (opr_type != T_LONG LP64_ONLY(&& opr_type != T_OBJECT)) {
// integer instruction (note: long operands must always be in register)
switch (op->code()) {
case lir_cmp:
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/regalloc/C1ObjectSpillInLogicOp.java Tue Nov 05 00:59:30 2013 -0800
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8027751
+ * @summary C1 crashes generating G1 post-barrier in Unsafe.getAndSetObject() intrinsic because of the new value spill
+ * @run main/othervm -XX:+UseG1GC C1ObjectSpillInLogicOp
+ *
+ * G1 barriers use logical operators (xor) on T_OBJECT mixed with T_LONG or T_INT.
+ * The current implementation of logical operations on x86 in C1 doesn't allow for long operands to be on stack.
+ * There is a special code in the register allocator that forces long arguments in registers on x86. However T_OBJECT
+ * can be spilled just fine, and in that case the xor emission will fail.
+ */
+
+import java.util.concurrent.atomic.*;
+class C1ObjectSpillInLogicOp {
+ static public void main(String[] args) {
+ AtomicReferenceArray<Integer> x = new AtomicReferenceArray(128);
+ Integer y = new Integer(0);
+ for (int i = 0; i < 50000; i++) {
+ x.getAndSet(i % x.length(), y);
+ }
+ }
+}