-
Bug
-
Resolution: Fixed
-
P2
-
8, 9, 10, 11, 12
-
b27
-
Verified
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8216342 | 13 | Roland Westrelin | P2 | Resolved | Fixed | b03 |
JDK-8216133 | 12.0.1 | Roland Westrelin | P2 | Resolved | Fixed | master |
JDK-8227519 | 11.0.6-oracle | Roland Westrelin | P2 | Closed | Fixed | b01 |
JDK-8227147 | 11.0.5 | Roland Westrelin | P2 | Resolved | Fixed | b01 |
JDK-8230097 | openjdk8u232 | Roland Westrelin | P2 | Resolved | Fixed | b05 |
JDK-8245031 | 8u271 | Roland Westrelin | P2 | Closed | Fixed | b01 |
JDK-8251596 | emb-8u271 | Roland Westrelin | P2 | Resolved | Fixed | team |
JDK-8245312 | 7u281 | Roland Westrelin | P2 | Closed | Fixed | b01 |
JDK-8255507 | openjdk7u | Roland Westrelin | P2 | Resolved | Fixed | master |
import java.util.Arrays;
public class RangeCheckEliminationScaleNotOne {
public static void main(String[] args) {
{
int[] array = new int[199];
boolean[] flags = new boolean[100];
Arrays.fill(flags, true);
flags[0] = false;
flags[1] = false;
for (int i = 0; i < 20_000; i++) {
test1(100, array, 0, flags);
}
boolean ex = false;
try {
test1(100, array, -5, flags);
} catch (ArrayIndexOutOfBoundsException aie) {
ex = true;
}
if (!ex) {
throw new RuntimeException("no AIOOB exception");
}
}
}
private static int test1(int stop, int[] array, int offset, boolean[] flags) {
if (array == null) {}
int res = 0;
for (int i = 0; i < stop; i++) {
if (flags[i]) {
res += array[2 * i + offset];
}
}
return res;
}
}
ran with:
java -XX:-BackgroundCompilation -XX:-TieredCompilation -XX:-UseOnStackReplacement -XX:CompileOnly=RangeCheckEliminationScaleNotOne::test1 -XX:LoopMaxUnroll=1 -XX:-UseLoopPredicate RangeCheckEliminationScaleNotOne
either:
- fails with same error as
or with fix suggested:
https://bugs.openjdk.java.net/browse/JDK-8211698?focusedCommentId=14229219&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-14229219
- segfaults because of an out of bound access
Given how old this code is, and while I haven't verified, it's likely to affect all versions since at least 8.
- backported by
-
JDK-8216133 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8216342 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8227147 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8230097 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8251596 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8255507 C2: range check elimination may allow illegal out of bound access
- Resolved
-
JDK-8227519 C2: range check elimination may allow illegal out of bound access
- Closed
-
JDK-8245031 C2: range check elimination may allow illegal out of bound access
- Closed
-
JDK-8245312 C2: range check elimination may allow illegal out of bound access
- Closed
- relates to
-
JDK-8211698 Crash in C2 compiled code during execution of double array heavy processing code
- Closed
-
JDK-8249452 compiler/rangechecks/RangeCheckEliminationScaleNotOne.java fails in 32-bit with UseLoopPredicate flag
- Closed
-
JDK-8216135 C2 assert(!had_error) failed: bad dominance
- Closed