Mercurial > jdk8-mips64-public > hotspot / changeset

changeset

8202414: Unsafe write after primitive array creation may result in array length change

Wed, 01 May 2019 22:02:48 +0530

author
rraghavan
date
Wed, 01 May 2019 22:02:48 +0530
changeset 9686
025ce746a942
parent 9685
9f0ea552da23
child 9687
846245a33793

8202414: Unsafe write after primitive array creation may result in array length change
Summary: Avoided collecting unaligned stores in Initialize node by making can_capture_store return false for same
Reviewed-by: dlong, kvn, vlivanov

src/share/vm/opto/memnode.cpp file | annotate | diff | comparison | revisions
test/compiler/c2/Test8202414.java file | annotate | diff | comparison | revisions 
     1.1 --- a/src/share/vm/opto/memnode.cpp	Tue May 28 18:50:44 2019 +0200
     1.2 +++ b/src/share/vm/opto/memnode.cpp	Wed May 01 22:02:48 2019 +0530
     1.3 @@ -3353,9 +3353,6 @@
     1.4  // within the initialized memory.
     1.5  intptr_t InitializeNode::can_capture_store(StoreNode* st, PhaseTransform* phase, bool can_reshape) {
     1.6    const int FAIL = 0;
     1.7 -  if (st->is_unaligned_access()) {
     1.8 -    return FAIL;
     1.9 -  }
    1.10    if (st->req() != MemNode::ValueIn + 1)
    1.11      return FAIL;                // an inscrutable StoreNode (card mark?)
    1.12    Node* ctl = st->in(MemNode::Control);
    1.13 @@ -3371,6 +3368,10 @@
    1.14      return FAIL;                // inscrutable address
    1.15    if (alloc != allocation())
    1.16      return FAIL;                // wrong allocation!  (store needs to float up)
    1.17 +  int size_in_bytes = st->memory_size();
    1.18 +  if ((size_in_bytes != 0) && (offset % size_in_bytes) != 0) {
    1.19 +    return FAIL;                // mismatched access
    1.20 +  }
    1.21    Node* val = st->in(MemNode::ValueIn);
    1.22    int complexity_count = 0;
    1.23    if (!detect_init_independence(val, complexity_count))

     2.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     2.2 +++ b/test/compiler/c2/Test8202414.java	Wed May 01 22:02:48 2019 +0530
     2.3 @@ -0,0 +1,117 @@
     2.4 +/*
     2.5 + * Copyright (c) 2019, Huawei Technologies Co. Ltd. All rights reserved.
     2.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
     2.7 + *
     2.8 + * This code is free software; you can redistribute it and/or modify it
     2.9 + * under the terms of the GNU General Public License version 2 only, as
    2.10 + * published by the Free Software Foundation.
    2.11 + *
    2.12 + * This code is distributed in the hope that it will be useful, but WITHOUT
    2.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
    2.14 + * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
    2.15 + * version 2 for more details (a copy is included in the LICENSE file that
    2.16 + * accompanied this code).
    2.17 + *
    2.18 + * You should have received a copy of the GNU General Public License version
    2.19 + * 2 along with this work; if not, write to the Free Software Foundation,
    2.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
    2.21 + *
    2.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
    2.23 + * or visit www.oracle.com if you need additional information or have any
    2.24 + * questions.
    2.25 + */
    2.26 +
    2.27 +/**
    2.28 + * @test
    2.29 + * @bug 8202414
    2.30 + * @summary Unsafe write after primitive array creation may result in array length change
    2.31 + * @requires (os.arch != "sparc") & (os.arch != "sparcv9")
    2.32 + * @run main/othervm compiler.c2.Test8202414
    2.33 + */
    2.34 +
    2.35 +package compiler.c2;
    2.36 +
    2.37 +import sun.misc.Unsafe;
    2.38 +import java.lang.reflect.Field;
    2.39 +import java.security.AccessController;
    2.40 +import java.security.PrivilegedAction;
    2.41 +
    2.42 +public class Test8202414 {
    2.43 +
    2.44 +    public static void main(String[] args) {
    2.45 +        System.err.close();
    2.46 +        int count = 0;
    2.47 +        while (count++ < 120000) {
    2.48 +          test();
    2.49 +        }
    2.50 +    }
    2.51 +
    2.52 +    public static void test() {
    2.53 +        byte[] newBufb = serByte(397);
    2.54 +        short[] newBufs = serShort(397);
    2.55 +        int[] newBufi = serInt(397);
    2.56 +        long[] newBufl = serLong(397);
    2.57 +        if (newBufb.length != 397 || newBufs.length != 397
    2.58 +            || newBufi.length != 397 || newBufl.length != 397) {
    2.59 +            System.out.println("array length internal error");
    2.60 +            throw new RuntimeException("Test failed");
    2.61 +        }
    2.62 +
    2.63 +    }
    2.64 +
    2.65 +    public static byte[] serByte(int bufLen) {
    2.66 +        byte[] buf = new byte[bufLen];
    2.67 +        THE_UNSAFE.putByte(buf, BYTE_ARRAY_BASE_OFFSET + 1, (byte) buf.length);
    2.68 +        System.err.println("ref " + buf);
    2.69 +        return buf;
    2.70 +    }
    2.71 +
    2.72 +    public static short[] serShort(int bufLen) {
    2.73 +        short[] buf = new short[bufLen];
    2.74 +        THE_UNSAFE.putShort(buf, SHORT_ARRAY_BASE_OFFSET + 1, (short) buf.length);
    2.75 +        System.err.println("ref " + buf);
    2.76 +        return buf;
    2.77 +    }
    2.78 +
    2.79 +    public static int[] serInt(int bufLen) {
    2.80 +        int[] buf = new int[bufLen];
    2.81 +        THE_UNSAFE.putInt(buf, INT_ARRAY_BASE_OFFSET + 1, buf.length);
    2.82 +        System.err.println("ref " + buf);
    2.83 +        return buf;
    2.84 +    }
    2.85 +
    2.86 +    public static long[] serLong(int bufLen) {
    2.87 +        long[] buf = new long[bufLen];
    2.88 +        THE_UNSAFE.putLong(buf, LONG_ARRAY_BASE_OFFSET + 1, buf.length);
    2.89 +        System.err.println("ref " + buf);
    2.90 +        return buf;
    2.91 +    }
    2.92 +
    2.93 +    /* Unsafe fields and initialization
    2.94 +     */
    2.95 +    static final Unsafe THE_UNSAFE;
    2.96 +    static final long BYTE_ARRAY_BASE_OFFSET;
    2.97 +    static final long SHORT_ARRAY_BASE_OFFSET;
    2.98 +    static final long INT_ARRAY_BASE_OFFSET;
    2.99 +    static final long LONG_ARRAY_BASE_OFFSET;
   2.100 +    static {
   2.101 +        THE_UNSAFE = (Unsafe) AccessController.doPrivileged (
   2.102 +            new PrivilegedAction<Object>() {
   2.103 +                @Override
   2.104 +                public Object run() {
   2.105 +                    try {
   2.106 +                        Field f = Unsafe.class.getDeclaredField("theUnsafe");
   2.107 +                        f.setAccessible(true);
   2.108 +                        return f.get(null);
   2.109 +                    } catch (NoSuchFieldException | IllegalAccessException e) {
   2.110 +                        throw new Error();
   2.111 +                    }
   2.112 +                }
   2.113 +            }
   2.114 +        );
   2.115 +        BYTE_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(byte[].class);
   2.116 +        SHORT_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(short[].class);
   2.117 +        INT_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(int[].class);
   2.118 +        LONG_ARRAY_BASE_OFFSET = THE_UNSAFE.arrayBaseOffset(long[].class);
   2.119 +    }
   2.120 +}

Mercurial Repository: jdk8-mips64-public/hotspot

mercurial