# HG changeset patch # User iveresov # Date 1388120423 28800 # Node ID 8b6e8f6a38ab979f2772314d3b32af08c911dc4a # Parent 77e68eb882375da45df40e567e8f0ad37f9c6ac9 8027388: JVM crashes with SIGSEGV (0xb) at pc=0x00000001077cbbf6 Summary: Make object non-scalarizable if it has field with multiple bases one of which is null Reviewed-by: kvn, twisti diff -r 77e68eb88237 -r 8b6e8f6a38ab hotspot/src/share/vm/opto/escape.cpp --- a/hotspot/src/share/vm/opto/escape.cpp Fri Dec 20 10:31:14 2013 +0100 +++ b/hotspot/src/share/vm/opto/escape.cpp Thu Dec 26 21:00:23 2013 -0800 @@ -1579,9 +1579,20 @@ jobj->set_scalar_replaceable(false); return; } + // 2. An object is not scalar replaceable if the field into which it is + // stored has multiple bases one of which is null. + if (field->base_count() > 1) { + for (BaseIterator i(field); i.has_next(); i.next()) { + PointsToNode* base = i.get(); + if (base == null_obj) { + jobj->set_scalar_replaceable(false); + return; + } + } + } } assert(use->is_Field() || use->is_LocalVar(), "sanity"); - // 2. An object is not scalar replaceable if it is merged with other objects. + // 3. An object is not scalar replaceable if it is merged with other objects. for (EdgeIterator j(use); j.has_next(); j.next()) { PointsToNode* ptn = j.get(); if (ptn->is_JavaObject() && ptn != jobj) { @@ -1600,13 +1611,13 @@ FieldNode* field = j.get()->as_Field(); int offset = field->as_Field()->offset(); - // 3. An object is not scalar replaceable if it has a field with unknown + // 4. An object is not scalar replaceable if it has a field with unknown // offset (array's element is accessed in loop). if (offset == Type::OffsetBot) { jobj->set_scalar_replaceable(false); return; } - // 4. Currently an object is not scalar replaceable if a LoadStore node + // 5. Currently an object is not scalar replaceable if a LoadStore node // access its field since the field value is unknown after it. // Node* n = field->ideal_node(); @@ -1617,7 +1628,7 @@ } } - // 5. Or the address may point to more then one object. This may produce + // 6. Or the address may point to more then one object. This may produce // the false positive result (set not scalar replaceable) // since the flow-insensitive escape analysis can't separate // the case when stores overwrite the field's value from the case