--- old/src/hotspot/share/ci/ciMethod.cpp 2019-05-31 11:12:02.563562410 +0800 +++ new/src/hotspot/share/ci/ciMethod.cpp 2019-05-31 11:12:02.347554933 +0800 @@ -462,6 +462,26 @@ // ------------------------------------------------------------------ +// ciMethod::saturated_add +// +// Update profile counters with saturating addition +// Wil check and handle the overflow condition +template +int ciMethod::saturated_add(L a, R b) { + jlong src1 = a; + jlong src2 = b; + jlong sum = src1 + src2; + if (sum > max_jint) { + sum = max_jint; + } else if (sum < min_jint) { + sum = min_jint; + } + + return (int)sum; +} + + +// ------------------------------------------------------------------ // ciMethod::call_profile_at_bci // // Get the ciCallProfile for the invocation of this method. @@ -502,9 +522,9 @@ for (uint i = 0; i < call->row_limit(); i++) { ciKlass* receiver = call->receiver(i); if (receiver == NULL) continue; - int rcount = call->receiver_count(i) + epsilon; + int rcount = saturated_add(call->receiver_count(i), epsilon); if (rcount == 0) rcount = 1; // Should be valid value - receivers_count_total += rcount; + receivers_count_total = saturated_add(receivers_count_total, rcount); // Add the receiver to result data. result.add_receiver(receiver, rcount); // If we extend profiling to record methods, @@ -534,7 +554,7 @@ // do nothing. Otherwise, increase count to be the sum of all // receiver's counts. if (count >= 0) { - count += receivers_count_total; + count = saturated_add(count, receivers_count_total); } } result._count = count; --- old/src/hotspot/share/ci/ciMethod.hpp 2019-05-31 11:12:02.991577227 +0800 +++ new/src/hotspot/share/ci/ciMethod.hpp 2019-05-31 11:12:02.767569472 +0800 @@ -126,6 +126,9 @@ void assert_virtual_call_type_ok(int bci); void assert_call_type_ok(int bci); + // Update profile counters with saturating addition + template int saturated_add(L a, R b); + public: void check_is_loaded() const { assert(is_loaded(), "not loaded"); } --- old/src/hotspot/share/oops/methodData.hpp 2019-05-31 11:12:03.383590775 +0800 +++ new/src/hotspot/share/oops/methodData.hpp 2019-05-31 11:12:03.163583172 +0800 @@ -558,8 +558,14 @@ } // Direct accessor - uint count() const { - return uint_at(count_off); + int count() const { + intptr_t raw_data = intptr_at(count_off); + if (raw_data > max_jint) { + raw_data = max_jint; + } else if (raw_data < min_jint) { + raw_data = min_jint; + } + return int(raw_data); } // Code generation support @@ -570,8 +576,8 @@ return cell_offset(counter_cell_count); } - void set_count(uint count) { - set_uint_at(count_off, count); + void set_count(int count) { + set_int_at(count_off, count); } void print_data_on(outputStream* st, const char* extra = NULL) const; --- /dev/null 2019-05-28 09:32:16.297090531 +0800 +++ new/test/hotspot/jtreg/compiler/profiling/TestProfileCounterOverflow.java 2019-05-31 11:12:03.579597548 +0800 @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2019, Loongson Technology Co. Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8224162 + * @summary Profile counter for a call site may overflow. + * @run main/othervm -Xbatch -XX:-UseOnStackReplacement -XX:MaxTrivialSize=0 compiler.profiling.TestProfileCounterOverflow + */ + +package compiler.profiling; + +public class TestProfileCounterOverflow { + public static void test(long iterations) { + for (long j = 0; j < iterations; j++) { + call(); + } + } + + public static void call() {} + + public static void main(String[] args) { + // trigger profiling on tier3 + for (int i = 0; i < 500; i++) { + test(1); + } + + test(Integer.MAX_VALUE + 10000L); // overflow call counter + + // trigger c2 compilation + for (int i = 0; i < 10_000; i++) { + test(1); + } + System.out.println("TEST PASSED"); + } +}