Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8263425

AArch64: two potential bugs in C1 LIRGenerator::generate_address()

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b14
    • CPU:
      aarch64

      Backports

        Description

        Around line 177 we have:

        LIR_Opr tmp = new_pointer_register();
              if (Assembler::operand_valid_for_add_sub_immediate(large_disp)) {
                __ add(tmp, tmp, LIR_OprFact::intptrConst(large_disp)); <---
                index = tmp;
              } else {

        This is supposed to be calculating "tmp = index + large_disp" but it actually does "large_disp = tmp + tmp".

        On line 157 if index is a constant we add it to large_disp and set index to LIR_OprFact::illegalOpr. Then on line 194:

          // at this point we either have base + index or base + displacement
          if (large_disp == 0) {
            return new LIR_Address(base, index, type); <----
          } else {

        If the displacement and constant index sum to zero we end up passing an illegal value into LIR_Address, triggering an assert.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                ngasson Nick Gasson
                Reporter:
                ngasson Nick Gasson
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: