Mercurial > hg > graal-jvmci-8
comparison src/share/vm/c1/c1_LIRGenerator.cpp @ 12000:8d77d02828d9
8016474: Crash in sun.reflect.UnsafeObjectFieldAccessorImpl.get
Summary: C1's GetUnsafeObject G1 pre-barrier uses the wrong type to read the klass pointer.
Reviewed-by: iveresov, kvn
author | twisti |
---|---|
date | Mon, 29 Jul 2013 16:32:38 -0700 |
parents | b800986664f4 |
children | 3cce976666d9 c775af091fe9 |
comparison
equal
deleted
inserted
replaced
11999:79a5283f4595 | 12000:8d77d02828d9 |
---|---|
2293 } | 2293 } |
2294 LIR_Opr src_klass = new_register(T_OBJECT); | 2294 LIR_Opr src_klass = new_register(T_OBJECT); |
2295 if (gen_type_check) { | 2295 if (gen_type_check) { |
2296 // We have determined that offset == referent_offset && src != null. | 2296 // We have determined that offset == referent_offset && src != null. |
2297 // if (src->_klass->_reference_type == REF_NONE) -> continue | 2297 // if (src->_klass->_reference_type == REF_NONE) -> continue |
2298 __ move(new LIR_Address(src.result(), oopDesc::klass_offset_in_bytes(), UseCompressedKlassPointers ? T_OBJECT : T_ADDRESS), src_klass); | 2298 __ move(new LIR_Address(src.result(), oopDesc::klass_offset_in_bytes(), T_ADDRESS), src_klass); |
2299 LIR_Address* reference_type_addr = new LIR_Address(src_klass, in_bytes(InstanceKlass::reference_type_offset()), T_BYTE); | 2299 LIR_Address* reference_type_addr = new LIR_Address(src_klass, in_bytes(InstanceKlass::reference_type_offset()), T_BYTE); |
2300 LIR_Opr reference_type = new_register(T_INT); | 2300 LIR_Opr reference_type = new_register(T_INT); |
2301 __ move(reference_type_addr, reference_type); | 2301 __ move(reference_type_addr, reference_type); |
2302 __ cmp(lir_cond_equal, reference_type, LIR_OprFact::intConst(REF_NONE)); | 2302 __ cmp(lir_cond_equal, reference_type, LIR_OprFact::intConst(REF_NONE)); |
2303 __ branch(lir_cond_equal, T_INT, Lcont->label()); | 2303 __ branch(lir_cond_equal, T_INT, Lcont->label()); |