With current logic after JDK-8213199, we allow implicit null-checks in the offset range [-cell_header_size;vm_page_size). When using Shenandoah, cell_header_size is -8, so we allow [-8;vm_page_size). Unfortunately, this disables explicit null-checks on -1 which is used as placeholder for offsets to be patched in C1. This results in weird asserts later and may actually crash if offset is outside of legal range for implicit null-checks. We need to force explicit null checks on -1.