--- old/src/hotspot/share/ci/ciMethod.cpp 2019-05-31 20:41:47.503554416 +0800 +++ new/src/hotspot/share/ci/ciMethod.cpp 2019-05-31 20:41:47.275554015 +0800 @@ -462,6 +462,52 @@ // ------------------------------------------------------------------ +// ciMethod::saturated_add +// +// Update profile counters with saturating addition +// Wil check and handle the overflow condition +template +int ciMethod::saturated_add(L a, R b) { + jlong src1 = a; + jlong src2 = b; + jlong sum = src1 + src2; + if (sum > max_jint) { + sum = max_jint; + } else if (sum < min_jint) { + sum = min_jint; + } + + return (int)sum; +} + + +// ------------------------------------------------------------------ +// ciMethod::check_overflow +// +// Check whether the profile counter is overflow and update it if true. +// For invoke* it will turn negative values into max_jint, +// and for checkcast/aastore/instanceof turn positive values into min_jint. +int ciMethod::check_overflow(int c, int bci) { + check_is_loaded(); + VM_ENTRY_MARK; + + BytecodeStream bcs(methodHandle(THREAD, get_Method()), bci); + Bytecodes::Code code = bcs.next(); + + if (Bytecodes::is_invoke(code)) { + return c < 0 ? max_jint : c; + } else { + switch (code) { + case Bytecodes::_aastore: // fall-through + case Bytecodes::_checkcast: // fall-through + case Bytecodes::_instanceof: return c > 0 ? min_jint : c; + default: return c; + } + } +} + + +// ------------------------------------------------------------------ // ciMethod::call_profile_at_bci // // Get the ciCallProfile for the invocation of this method. @@ -473,7 +519,7 @@ ciProfileData* data = method_data()->bci_to_data(bci); if (data != NULL && data->is_CounterData()) { // Every profiled call site has a counter. - int count = data->as_CounterData()->count(); + int count = check_overflow(data->as_CounterData()->count(), bci); if (!data->is_ReceiverTypeData()) { result._receiver_count[0] = 0; // that's a definite zero @@ -502,9 +548,9 @@ for (uint i = 0; i < call->row_limit(); i++) { ciKlass* receiver = call->receiver(i); if (receiver == NULL) continue; - int rcount = call->receiver_count(i) + epsilon; + int rcount = saturated_add(call->receiver_count(i), epsilon); if (rcount == 0) rcount = 1; // Should be valid value - receivers_count_total += rcount; + receivers_count_total = saturated_add(receivers_count_total, rcount); // Add the receiver to result data. result.add_receiver(receiver, rcount); // If we extend profiling to record methods, @@ -534,7 +580,7 @@ // do nothing. Otherwise, increase count to be the sum of all // receiver's counts. if (count >= 0) { - count += receivers_count_total; + count = saturated_add(count, receivers_count_total); } } result._count = count; --- old/src/hotspot/share/ci/ciMethod.hpp 2019-05-31 20:41:47.935555177 +0800 +++ new/src/hotspot/share/ci/ciMethod.hpp 2019-05-31 20:41:47.699554761 +0800 @@ -126,6 +126,12 @@ void assert_virtual_call_type_ok(int bci); void assert_call_type_ok(int bci); + // Update profile counters with saturating addition + template int saturated_add(L a, R b); + + // Check and update the profile counter in case of overflow + int check_overflow(int c, int bci); + public: void check_is_loaded() const { assert(is_loaded(), "not loaded"); } --- old/src/hotspot/share/oops/methodData.hpp 2019-05-31 20:41:48.335555880 +0800 +++ new/src/hotspot/share/oops/methodData.hpp 2019-05-31 20:41:48.103555472 +0800 @@ -558,8 +558,14 @@ } // Direct accessor - uint count() const { - return uint_at(count_off); + int count() const { + intptr_t raw_data = intptr_at(count_off); + if (raw_data > max_jint) { + raw_data = max_jint; + } else if (raw_data < min_jint) { + raw_data = min_jint; + } + return int(raw_data); } // Code generation support @@ -570,8 +576,8 @@ return cell_offset(counter_cell_count); } - void set_count(uint count) { - set_uint_at(count_off, count); + void set_count(int count) { + set_int_at(count_off, count); } void print_data_on(outputStream* st, const char* extra = NULL) const; --- /dev/null 2019-05-28 09:32:16.297090531 +0800 +++ new/test/hotspot/jtreg/compiler/profiling/TestProfileCounterOverflow.java 2019-05-31 20:41:48.495556161 +0800 @@ -0,0 +1,56 @@ +/* + * Copyright (c) 2019, Loongson Technology Co. Ltd. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8224162 + * @summary Profile counter for a call site may overflow. + * @run main/othervm -Xbatch -XX:-UseOnStackReplacement -XX:MaxTrivialSize=0 compiler.profiling.TestProfileCounterOverflow + */ + +package compiler.profiling; + +public class TestProfileCounterOverflow { + public static void test(long iterations) { + for (long j = 0; j < iterations; j++) { + call(); + } + } + + public static void call() {} + + public static void main(String[] args) { + // trigger profiling on tier3 + for (int i = 0; i < 500; i++) { + test(1); + } + + test(Integer.MAX_VALUE + 10000L); // overflow call counter + + // trigger c2 compilation + for (int i = 0; i < 10_000; i++) { + test(1); + } + System.out.println("TEST PASSED"); + } +}