Wed, 01 May 2019 22:02:48 +0530
8202414: Unsafe write after primitive array creation may result in array length change
Summary: Avoided collecting unaligned stores in Initialize node by making can_capture_store return false for same
Reviewed-by: dlong, kvn, vlivanov
rraghavan@9686 | 1 | /* |
rraghavan@9686 | 2 | * Copyright (c) 2019, Huawei Technologies Co. Ltd. All rights reserved. |
rraghavan@9686 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
rraghavan@9686 | 4 | * |
rraghavan@9686 | 5 | * This code is free software; you can redistribute it and/or modify it |
rraghavan@9686 | 6 | * under the terms of the GNU General Public License version 2 only, as |
rraghavan@9686 | 7 | * published by the Free Software Foundation. |
rraghavan@9686 | 8 | * |
rraghavan@9686 | 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
rraghavan@9686 | 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
rraghavan@9686 | 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
rraghavan@9686 | 12 | * version 2 for more details (a copy is included in the LICENSE file that |
rraghavan@9686 | 13 | * accompanied this code). |
rraghavan@9686 | 14 | * |
rraghavan@9686 | 15 | * You should have received a copy of the GNU General Public License version |
rraghavan@9686 | 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
rraghavan@9686 | 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
rraghavan@9686 | 18 | * |
rraghavan@9686 | 19 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
rraghavan@9686 | 20 | * or visit www.oracle.com if you need additional information or have any |
rraghavan@9686 | 21 | * questions. |
rraghavan@9686 | 22 | */ |
rraghavan@9686 | 23 | |
rraghavan@9686 | 24 | /** |
rraghavan@9686 | 25 | * @test |
rraghavan@9686 | 26 | * @bug 8202414 |
rraghavan@9686 | 27 | * @summary Unsafe write after primitive array creation may result in array length change |
rraghavan@9686 | 28 | * @requires (os.arch != "sparc") & (os.arch != "sparcv9") |
rraghavan@9686 | 29 | * @run main/othervm compiler.c2.Test8202414 |
rraghavan@9686 | 30 | */ |
rraghavan@9686 | 31 | |
rraghavan@9686 | 32 | package compiler.c2; |
rraghavan@9686 | 33 | |
rraghavan@9686 | 34 | import sun.misc.Unsafe; |
rraghavan@9686 | 35 | import java.lang.reflect.Field; |
rraghavan@9686 | 36 | import java.security.AccessController; |
rraghavan@9686 | 37 | import java.security.PrivilegedAction; |
rraghavan@9686 | 38 | |
rraghavan@9686 | 39 | public class Test8202414 { |
rraghavan@9686 | 40 | |
rraghavan@9686 | 41 | public static void main(String[] args) { |
rraghavan@9686 | 42 | System.err.close(); |
rraghavan@9686 | 43 | int count = 0; |
rraghavan@9686 | 44 | while (count++ < 120000) { |
rraghavan@9686 | 45 | test(); |
rraghavan@9686 | 46 | } |
rraghavan@9686 | 47 | } |
rraghavan@9686 | 48 | |
rraghavan@9686 | 49 | public static void test() { |
rraghavan@9686 | 50 | byte[] newBufb = serByte(397); |
rraghavan@9686 | 51 | short[] newBufs = serShort(397); |
rraghavan@9686 | 52 | int[] newBufi = serInt(397); |
rraghavan@9686 | 53 | long[] newBufl = serLong(397); |
rraghavan@9686 | 54 | if (newBufb.length != 397 || newBufs.length != 397 |
rraghavan@9686 | 55 | || newBufi.length != 397 || newBufl.length != 397) { |
rraghavan@9686 | 56 | System.out.println("array length internal error"); |
rraghavan@9686 | 57 | throw new RuntimeException("Test failed"); |
rraghavan@9686 | 58 | } |
rraghavan@9686 | 59 | |
rraghavan@9686 | 60 | } |
rraghavan@9686 | 61 | |
rraghavan@9686 | 62 | public static byte[] serByte(int bufLen) { |
rraghavan@9686 | 63 | byte[] buf = new byte[bufLen]; |
rraghavan@9686 | 64 | THE_UNSAFE.putByte(buf, BYTE_ARRAY_BASE_OFFSET + 1, (byte) buf.length); |
rraghavan@9686 | 65 | System.err.println("ref " + buf); |
rraghavan@9686 | 66 | return buf; |
rraghavan@9686 | 67 | } |
rraghavan@9686 | 68 | |
rraghavan@9686 | 69 | public static short[] serShort(int bufLen) { |
rraghavan@9686 | 70 | short[] buf = new short[bufLen]; |
rraghavan@9686 | 71 | THE_UNSAFE.putShort(buf, SHORT_ARRAY_BASE_OFFSET + 1, (short) buf.length); |
rraghavan@9686 | 72 | System.err.println("ref " + buf); |
rraghavan@9686 | 73 | return buf; |
rraghavan@9686 | 74 | } |
rraghavan@9686 | 75 | |
rraghavan@9686 | 76 | public static int[] serInt(int bufLen) { |
rraghavan@9686 | 77 | int[] buf = new int[bufLen]; |
rraghavan@9686 | 78 | THE_UNSAFE.putInt(buf, INT_ARRAY_BASE_OFFSET + 1, buf.length); |
rraghavan@9686 | 79 | System.err.println("ref " + buf); |
rraghavan@9686 | 80 | return buf; |
rraghavan@9686 | 81 | } |
rraghavan@9686 | 82 | |
rraghavan@9686 | 83 | public static long[] serLong(int bufLen) { |
rraghavan@9686 | 84 | long[] buf = new long[bufLen]; |
rraghavan@9686 | 85 | THE_UNSAFE.putLong(buf, LONG_ARRAY_BASE_OFFSET + 1, buf.length); |
rraghavan@9686 | 86 | System.err.println("ref " + buf); |
rraghavan@9686 | 87 | return buf; |
rraghavan@9686 | 88 | } |
rraghavan@9686 | 89 | |
rraghavan@9686 | 90 | /* Unsafe fields and initialization |
rraghavan@9686 | 91 | */ |
rraghavan@9686 | 92 | static final Unsafe THE_UNSAFE; |
rraghavan@9686 | 93 | static final long BYTE_ARRAY_BASE_OFFSET; |
rraghavan@9686 | 94 | static final long SHORT_ARRAY_BASE_OFFSET; |
rraghavan@9686 | 95 | static final long INT_ARRAY_BASE_OFFSET; |
rraghavan@9686 | 96 | static final long LONG_ARRAY_BASE_OFFSET; |
rraghavan@9686 | 97 | static { |
rraghavan@9686 | 98 | THE_UNSAFE = (Unsafe) AccessController.doPrivileged ( |
rraghavan@9686 | 99 | new PrivilegedAction<Object>() { |
rraghavan@9686 | 100 | @Override |
rraghavan@9686 | 101 | public Object run() { |
rraghavan@9686 | 102 | try { |
rraghavan@9686 | 103 | Field f = Unsafe.class.getDeclaredField("theUnsafe"); |
rraghavan@9686 | 104 | f.setAccessible(true); |
rraghavan@9686 | 105 | return f.get(null); |
rraghavan@9686 | 106 | } catch (NoSuchFieldException | IllegalAccessException e) { |
rraghavan@9686 | 107 | throw new Error(); |
rraghavan@9686 | 108 | } |
rraghavan@9686 | 109 | } |
rraghavan@9686 | 110 | } |
rraghavan@9686 | 111 | ); |
rraghavan@9686 | 112 | BYTE_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(byte[].class); |
rraghavan@9686 | 113 | SHORT_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(short[].class); |
rraghavan@9686 | 114 | INT_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(int[].class); |
rraghavan@9686 | 115 | LONG_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(long[].class); |
rraghavan@9686 | 116 | } |
rraghavan@9686 | 117 | } |