MacroAssembler::verify_heapbase only emits code on x86/x86_64 debug build. The reason we bring this up because encode/decode_heap_oop are common. we may speed up fast/slow debugbuild and therefore accelerate the QA cycle.
Here is an example code sequence to do r12_heapbase verification on x86_64. We expect to save 2 instructions (push %r10 and pop %r10) in debug build.
0x00007f362446d7c3: push %r10
0x00007f362446d7c5: cmp 0x55463b4(%rip),%r12 # 0x00007f36299b3b80
; {external_word}
0x00007f362446d7cc: je 0x00007f362446d7e6
;; MacroAssembler::decode_heap_oop: heap base corrupted?
0x00007f362446d7d2: movabs $0x7f36291794d0,%rdi ; {external_word}
0x00007f362446d7dc: and $0xfffffffffffffff0,%rsp
0x00007f362446d7e0: callq 0x00007f36287ddc9c ; {runtime_call MacroAssembler::debug64(char*, long, long*)}
0x00007f362446d7e5: hlt
0x00007f362446d7e6: pop %r10
In MacroAssembler::verify_heapbase, cmpptr(Register src1, AddressLiteral src2) is selected in static time.
push(rscratch1); // cmpptr trashes rscratch1
cmpptr(r12_heapbase, ExternalAddress((address)CompressedOops::ptrs_base_addr()));
...
pop(rscratch1);
src2= ExternalAddress((address)CompressedOops::ptrs_base_addr()) is a special external address. Hotspot will only tamper with rscratch1 if reachable(src2) is false, which means $rip + 32-bit offset(disp) can't reach the heapbase address. In real case, it rarely happens.
We expect code sequence as follows in common case.
cmp 0x55463b4(%rip),%r12 # 0x00007f36299b3b80
; {external_word}
je 0x00007f362446d7e6
;; MacroAssembler::decode_heap_oop: heap base corrupted?
movabs $0x7f36291794d0,%rdi ; {external_word}
and $0xfffffffffffffff0,%rsp
callq 0x00007f36287ddc9c ; {runtime_call
hlt
Here is an example code sequence to do r12_heapbase verification on x86_64. We expect to save 2 instructions (push %r10 and pop %r10) in debug build.
0x00007f362446d7c3: push %r10
0x00007f362446d7c5: cmp 0x55463b4(%rip),%r12 # 0x00007f36299b3b80
; {external_word}
0x00007f362446d7cc: je 0x00007f362446d7e6
;; MacroAssembler::decode_heap_oop: heap base corrupted?
0x00007f362446d7d2: movabs $0x7f36291794d0,%rdi ; {external_word}
0x00007f362446d7dc: and $0xfffffffffffffff0,%rsp
0x00007f362446d7e0: callq 0x00007f36287ddc9c ; {runtime_call MacroAssembler::debug64(char*, long, long*)}
0x00007f362446d7e5: hlt
0x00007f362446d7e6: pop %r10
In MacroAssembler::verify_heapbase, cmpptr(Register src1, AddressLiteral src2) is selected in static time.
push(rscratch1); // cmpptr trashes rscratch1
cmpptr(r12_heapbase, ExternalAddress((address)CompressedOops::ptrs_base_addr()));
...
pop(rscratch1);
src2= ExternalAddress((address)CompressedOops::ptrs_base_addr()) is a special external address. Hotspot will only tamper with rscratch1 if reachable(src2) is false, which means $rip + 32-bit offset(disp) can't reach the heapbase address. In real case, it rarely happens.
We expect code sequence as follows in common case.
cmp 0x55463b4(%rip),%r12 # 0x00007f36299b3b80
; {external_word}
je 0x00007f362446d7e6
;; MacroAssembler::decode_heap_oop: heap base corrupted?
movabs $0x7f36291794d0,%rdi ; {external_word}
and $0xfffffffffffffff0,%rsp
callq 0x00007f36287ddc9c ; {runtime_call
hlt