Tue, 03 Dec 2019 20:13:16 +0300
8231430: C2: Memory stomp in max_array_length() for T_ILLEGAL type
Reviewed-by: kvn, thartmann
1.1 --- a/src/share/vm/opto/type.cpp Thu Feb 20 06:28:18 2020 +0000 1.2 +++ b/src/share/vm/opto/type.cpp Tue Dec 03 20:13:16 2019 +0300 1.3 @@ -3753,29 +3753,22 @@ 1.4 return make(_ptr, const_oop(), _ary, klass(), _klass_is_exact, _offset, instance_id, _speculative, _inline_depth); 1.5 } 1.6 1.7 +//-----------------------------max_array_length------------------------------- 1.8 +// A wrapper around arrayOopDesc::max_array_length(etype) with some input normalization. 1.9 +jint TypeAryPtr::max_array_length(BasicType etype) { 1.10 + if (!is_java_primitive(etype) && !is_reference_type(etype)) { 1.11 + if (etype == T_NARROWOOP) { 1.12 + etype = T_OBJECT; 1.13 + } else if (etype == T_ILLEGAL) { // bottom[] 1.14 + etype = T_BYTE; // will produce conservatively high value 1.15 + } else { 1.16 + fatal(err_msg("not an element type: %s", type2name(etype))); 1.17 + } 1.18 + } 1.19 + return arrayOopDesc::max_array_length(etype); 1.20 +} 1.21 + 1.22 //-----------------------------narrow_size_type------------------------------- 1.23 -// Local cache for arrayOopDesc::max_array_length(etype), 1.24 -// which is kind of slow (and cached elsewhere by other users). 1.25 -static jint max_array_length_cache[T_CONFLICT+1]; 1.26 -static jint max_array_length(BasicType etype) { 1.27 - jint& cache = max_array_length_cache[etype]; 1.28 - jint res = cache; 1.29 - if (res == 0) { 1.30 - switch (etype) { 1.31 - case T_NARROWOOP: 1.32 - etype = T_OBJECT; 1.33 - break; 1.34 - case T_NARROWKLASS: 1.35 - case T_CONFLICT: 1.36 - case T_ILLEGAL: 1.37 - case T_VOID: 1.38 - etype = T_BYTE; // will produce conservatively high value 1.39 - } 1.40 - cache = res = arrayOopDesc::max_array_length(etype); 1.41 - } 1.42 - return res; 1.43 -} 1.44 - 1.45 // Narrow the given size type to the index range for the given array base type. 1.46 // Return NULL if the resulting int type becomes empty. 1.47 const TypeInt* TypeAryPtr::narrow_size_type(const TypeInt* size) const {
2.1 --- a/src/share/vm/opto/type.hpp Thu Feb 20 06:28:18 2020 +0000 2.2 +++ b/src/share/vm/opto/type.hpp Tue Dec 03 20:13:16 2019 +0300 2.3 @@ -433,7 +433,6 @@ 2.4 2.5 private: 2.6 // support arrays 2.7 - static const BasicType _basic_type[]; 2.8 static const Type* _zero_type[T_CONFLICT+1]; 2.9 static const Type* _const_basic_type[T_CONFLICT+1]; 2.10 }; 2.11 @@ -1154,6 +1153,8 @@ 2.12 const TypeAryPtr* cast_to_stable(bool stable, int stable_dimension = 1) const; 2.13 int stable_dimension() const; 2.14 2.15 + static jint max_array_length(BasicType etype) ; 2.16 + 2.17 // Convenience common pre-built types. 2.18 static const TypeAryPtr *RANGE; 2.19 static const TypeAryPtr *OOPS;
3.1 --- a/src/share/vm/utilities/globalDefinitions.hpp Thu Feb 20 06:28:18 2020 +0000 3.2 +++ b/src/share/vm/utilities/globalDefinitions.hpp Tue Dec 03 20:13:16 2019 +0300 3.3 @@ -644,6 +644,10 @@ 3.4 return (t == T_BYTE || t == T_SHORT); 3.5 } 3.6 3.7 +inline bool is_reference_type(BasicType t) { 3.8 + return (t == T_OBJECT || t == T_ARRAY); 3.9 +} 3.10 + 3.11 // Convert a char from a classfile signature to a BasicType 3.12 inline BasicType char2type(char c) { 3.13 switch( c ) {