Tue, 25 Jul 2017 10:10:41 -0400
8178047: Aliasing problem with raw memory accesses
Summary: Require equal bases when unaliasing offsets for raw accesses
Reviewed-by: thartmann, kvn
1.1 --- a/src/share/vm/opto/memnode.cpp Wed Jun 07 13:59:35 2017 -0400 1.2 +++ b/src/share/vm/opto/memnode.cpp Tue Jul 25 10:10:41 2017 -0400 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -55,6 +55,15 @@ 1.11 return calculate_adr_type(adr->bottom_type(), cross_check); 1.12 } 1.13 1.14 +bool MemNode::check_if_adr_maybe_raw(Node* adr) { 1.15 + if (adr != NULL) { 1.16 + if (adr->bottom_type()->base() == Type::RawPtr || adr->bottom_type()->base() == Type::AnyPtr) { 1.17 + return true; 1.18 + } 1.19 + } 1.20 + return false; 1.21 +} 1.22 + 1.23 #ifndef PRODUCT 1.24 void MemNode::dump_spec(outputStream *st) const { 1.25 if (in(Address) == NULL) return; // node is dead 1.26 @@ -503,6 +512,7 @@ 1.27 if (offset == Type::OffsetBot) 1.28 return NULL; // cannot unalias unless there are precise offsets 1.29 1.30 + const bool adr_maybe_raw = check_if_adr_maybe_raw(adr); 1.31 const TypeOopPtr *addr_t = adr->bottom_type()->isa_oopptr(); 1.32 1.33 intptr_t size_in_bytes = memory_size(); 1.34 @@ -519,6 +529,13 @@ 1.35 Node* st_base = AddPNode::Ideal_base_and_offset(st_adr, phase, st_offset); 1.36 if (st_base == NULL) 1.37 break; // inscrutable pointer 1.38 + 1.39 + // For raw accesses it's not enough to prove that constant offsets don't intersect. 1.40 + // We need the bases to be the equal in order for the offset check to make sense. 1.41 + if ((adr_maybe_raw || check_if_adr_maybe_raw(st_adr)) && st_base != base) { 1.42 + break; 1.43 + } 1.44 + 1.45 if (st_offset != offset && st_offset != Type::OffsetBot) { 1.46 const int MAX_STORE = BytesPerLong; 1.47 if (st_offset >= offset + size_in_bytes ||
2.1 --- a/src/share/vm/opto/memnode.hpp Wed Jun 07 13:59:35 2017 -0400 2.2 +++ b/src/share/vm/opto/memnode.hpp Tue Jul 25 10:10:41 2017 -0400 2.3 @@ -1,5 +1,5 @@ 2.4 /* 2.5 - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. 2.6 + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. 2.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 2.8 * 2.9 * This code is free software; you can redistribute it and/or modify it 2.10 @@ -75,6 +75,8 @@ 2.11 debug_only(_adr_type=at; adr_type();) 2.12 } 2.13 2.14 + static bool check_if_adr_maybe_raw(Node* adr); 2.15 + 2.16 public: 2.17 // Helpers for the optimizer. Documented in memnode.cpp. 2.18 static bool detect_ptr_independence(Node* p1, AllocateNode* a1,
3.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 3.2 +++ b/test/compiler/unsafe/TestRawAliasing.java Tue Jul 25 10:10:41 2017 -0400 3.3 @@ -0,0 +1,70 @@ 3.4 +/* 3.5 + * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved. 3.6 + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 3.7 + * 3.8 + * This code is free software; you can redistribute it and/or modify it 3.9 + * under the terms of the GNU General Public License version 2 only, as 3.10 + * published by the Free Software Foundation. 3.11 + * 3.12 + * This code is distributed in the hope that it will be useful, but WITHOUT 3.13 + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 3.14 + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 3.15 + * version 2 for more details (a copy is included in the LICENSE file that 3.16 + * accompanied this code). 3.17 + * 3.18 + * You should have received a copy of the GNU General Public License version 3.19 + * 2 along with this work; if not, write to the Free Software Foundation, 3.20 + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 3.21 + * 3.22 + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 3.23 + * or visit www.oracle.com if you need additional information or have any 3.24 + * questions. 3.25 + */ 3.26 + 3.27 +/* 3.28 + * @test 3.29 + * @bug 8178047 3.30 + * @run main/othervm -XX:CompileCommand=exclude,*.main -XX:-TieredCompilation -XX:-BackgroundCompilation compiler.unsafe.TestRawAliasing 3.31 + */ 3.32 + 3.33 +package compiler.unsafe; 3.34 + 3.35 +import java.lang.reflect.Field; 3.36 + 3.37 +public class TestRawAliasing { 3.38 + static private final sun.misc.Unsafe UNSAFE; 3.39 + static { 3.40 + try { 3.41 + Field f = sun.misc.Unsafe.class.getDeclaredField("theUnsafe"); 3.42 + f.setAccessible(true); 3.43 + UNSAFE = (sun.misc.Unsafe) f.get(null); 3.44 + } catch (Exception e) { 3.45 + throw new RuntimeException("Unable to get Unsafe instance.", e); 3.46 + } 3.47 + } 3.48 + 3.49 + static private final int OFFSET_X = 50; 3.50 + static private final int OFFSET_Y = 100; 3.51 + 3.52 + private static int test(long base_plus_offset_x, long base_plus_offset_y, int magic_value) { 3.53 + // write 0 to a location 3.54 + UNSAFE.putByte(base_plus_offset_x - OFFSET_X, (byte)0); 3.55 + // write unfoldable value to really the same location with another base 3.56 + UNSAFE.putByte(base_plus_offset_y - OFFSET_Y, (byte)magic_value); 3.57 + // read the value back, should be equal to "unfoldable_value" 3.58 + return UNSAFE.getByte(base_plus_offset_x - OFFSET_X); 3.59 + } 3.60 + 3.61 + private static final int OFF_HEAP_AREA_SIZE = 128; 3.62 + private static final byte MAGIC = 123; 3.63 + 3.64 + // main is excluded from compilation since we don't want the test method to inline and make base values fold 3.65 + public static void main(String... args) { 3.66 + long base = UNSAFE.allocateMemory(OFF_HEAP_AREA_SIZE); 3.67 + for (int i = 0; i < 100_000; i++) { 3.68 + if (test(base + OFFSET_X, base + OFFSET_Y, MAGIC) != MAGIC) { 3.69 + throw new RuntimeException("Unexpected magic value"); 3.70 + } 3.71 + } 3.72 + } 3.73 +}