Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8027388: JVM crashes with SIGSEGV (0xb) at pc=0x00000001077cbbf6
authoriveresov
Thu, 26 Dec 2013 21:00:23 -0800
changeset 22213 8b6e8f6a38ab
parent 22212 77e68eb88237
child 22214 c551021e75b2
8027388: JVM crashes with SIGSEGV (0xb) at pc=0x00000001077cbbf6 Summary: Make object non-scalarizable if it has field with multiple bases one of which is null Reviewed-by: kvn, twisti
hotspot/src/share/vm/opto/escape.cpp file | annotate | diff | comparison | revisions 
--- a/hotspot/src/share/vm/opto/escape.cpp	Fri Dec 20 10:31:14 2013 +0100
+++ b/hotspot/src/share/vm/opto/escape.cpp	Thu Dec 26 21:00:23 2013 -0800
@@ -1579,9 +1579,20 @@
         jobj->set_scalar_replaceable(false);
         return;
       }
+      // 2. An object is not scalar replaceable if the field into which it is
+      // stored has multiple bases one of which is null.
+      if (field->base_count() > 1) {
+        for (BaseIterator i(field); i.has_next(); i.next()) {
+          PointsToNode* base = i.get();
+          if (base == null_obj) {
+            jobj->set_scalar_replaceable(false);
+            return;
+          }
+        }
+      }
     }
     assert(use->is_Field() || use->is_LocalVar(), "sanity");
-    // 2. An object is not scalar replaceable if it is merged with other objects.
+    // 3. An object is not scalar replaceable if it is merged with other objects.
     for (EdgeIterator j(use); j.has_next(); j.next()) {
       PointsToNode* ptn = j.get();
       if (ptn->is_JavaObject() && ptn != jobj) {
@@ -1600,13 +1611,13 @@
     FieldNode* field = j.get()->as_Field();
     int offset = field->as_Field()->offset();
 
-    // 3. An object is not scalar replaceable if it has a field with unknown
+    // 4. An object is not scalar replaceable if it has a field with unknown
     // offset (array's element is accessed in loop).
     if (offset == Type::OffsetBot) {
       jobj->set_scalar_replaceable(false);
       return;
     }
-    // 4. Currently an object is not scalar replaceable if a LoadStore node
+    // 5. Currently an object is not scalar replaceable if a LoadStore node
     // access its field since the field value is unknown after it.
     //
     Node* n = field->ideal_node();
@@ -1617,7 +1628,7 @@
       }
     }
 
-    // 5. Or the address may point to more then one object. This may produce
+    // 6. Or the address may point to more then one object. This may produce
     // the false positive result (set not scalar replaceable)
     // since the flow-insensitive escape analysis can't separate
     // the case when stores overwrite the field's value from the case
jdk-sandbox