# HG changeset patch
# User Doug Simon <doug.simon@oracle.com>
# Date 1349289824 -7200
# Node ID cc863a159645c80816b2a39506e78ca1a63be199
# Parent  ac3a4ea144a62716729f734a165a6e06dcef3628
fixed subtle bug in TLAB allocation snippet involving unchecked, unsigned integer overflow (bug and fix submitted by Peter Kessler)

diff -r ac3a4ea144a6 -r cc863a159645 graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/snippets/NewObjectSnippets.java
--- a/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/snippets/NewObjectSnippets.java	Wed Oct 03 20:38:40 2012 +0200
+++ b/graal/com.oracle.graal.hotspot/src/com/oracle/graal/hotspot/snippets/NewObjectSnippets.java	Wed Oct 03 20:43:44 2012 +0200
@@ -59,8 +59,9 @@
         Word thread = thread();
         Word top = loadWordFromWord(thread, threadTlabTopOffset());
         Word end = loadWordFromWord(thread, threadTlabEndOffset());
-        Word newTop = top.plus(size);
-        if (newTop.belowOrEqual(end)) {
+        Word available = end.minus(top);
+        if (available.aboveOrEqual(Word.fromInt(size))) {
+            Word newTop = top.plus(size);
             storeObject(thread, 0, threadTlabTopOffset(), newTop);
             return top;
         }