From a46bc7c3c1cc8b56b226328b9ccce0fb6dc7be8c Mon Sep 17 00:00:00 2001
From: iveresov <unknown>
Date: Wed, 8 Dec 2010 02:36:36 -0800
Subject: [PATCH] 7005241: C1: SEGV in
 java.util.concurrent.LinkedTransferQueue.xfer() with compressed oops Summary:
 Implementation of the CAS primitive for x64 compressed oops was incorrect. It
 kills rscratch2 register (r11), which is allocatable in C1. Also, we don't
 need to restore cmpval as it's never used after that, so we need only one
 temporary register, which can be scratch1. Reviewed-by: kvn, never

---
 src/cpu/x86/vm/c1_LIRAssembler_x86.cpp | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp b/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp
index 25596b2c0..724d8411b 100644
--- a/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp
+++ b/src/cpu/x86/vm/c1_LIRAssembler_x86.cpp
@@ -1993,15 +1993,14 @@ void LIR_Assembler::emit_compare_and_swap(LIR_OpCompareAndSwap* op) {
     if ( op->code() == lir_cas_obj) {
 #ifdef _LP64
       if (UseCompressedOops) {
-        __ mov(rscratch1, cmpval);
         __ encode_heap_oop(cmpval);
-        __ mov(rscratch2, newval);
-        __ encode_heap_oop(rscratch2);
+        __ mov(rscratch1, newval);
+        __ encode_heap_oop(rscratch1);
         if (os::is_MP()) {
           __ lock();
         }
-        __ cmpxchgl(rscratch2, Address(addr, 0));
-        __ mov(cmpval, rscratch1);
+        // cmpval (rax) is implicitly used by this instruction
+        __ cmpxchgl(rscratch1, Address(addr, 0));
       } else
 #endif
       {
-- 
GitLab