Fri, 01 Feb 2019 10:47:30 +0100
8145096: Undefined behaviour in HotSpot
Summary: Fix some integer overflows
Reviewed-by: jrose, kvn, kbarrett, adinn, iklam
1.1 --- a/src/os/posix/vm/os_posix.cpp Wed Jan 30 17:32:47 2019 +0000 1.2 +++ b/src/os/posix/vm/os_posix.cpp Fri Feb 01 10:47:30 2019 +0100 1.3 @@ -604,7 +604,11 @@ 1.4 strncpy(buffer, "none", size); 1.5 1.6 const struct { 1.7 - int i; 1.8 + // NB: i is an unsigned int here because SA_RESETHAND is on some 1.9 + // systems 0x80000000, which is implicitly unsigned. Assignining 1.10 + // it to an int field would be an overflow in unsigned-to-signed 1.11 + // conversion. 1.12 + unsigned int i; 1.13 const char* s; 1.14 } flaginfo [] = { 1.15 { SA_NOCLDSTOP, "SA_NOCLDSTOP" },
2.1 --- a/src/share/vm/opto/addnode.cpp Wed Jan 30 17:32:47 2019 +0000 2.2 +++ b/src/share/vm/opto/addnode.cpp Fri Feb 01 10:47:30 2019 +0100 2.3 @@ -344,8 +344,8 @@ 2.4 const Type *AddINode::add_ring( const Type *t0, const Type *t1 ) const { 2.5 const TypeInt *r0 = t0->is_int(); // Handy access 2.6 const TypeInt *r1 = t1->is_int(); 2.7 - int lo = r0->_lo + r1->_lo; 2.8 - int hi = r0->_hi + r1->_hi; 2.9 + int lo = java_add(r0->_lo, r1->_lo); 2.10 + int hi = java_add(r0->_hi, r1->_hi); 2.11 if( !(r0->is_con() && r1->is_con()) ) { 2.12 // Not both constants, compute approximate result 2.13 if( (r0->_lo & r1->_lo) < 0 && lo >= 0 ) { 2.14 @@ -462,8 +462,8 @@ 2.15 const Type *AddLNode::add_ring( const Type *t0, const Type *t1 ) const { 2.16 const TypeLong *r0 = t0->is_long(); // Handy access 2.17 const TypeLong *r1 = t1->is_long(); 2.18 - jlong lo = r0->_lo + r1->_lo; 2.19 - jlong hi = r0->_hi + r1->_hi; 2.20 + jlong lo = java_add(r0->_lo, r1->_lo); 2.21 + jlong hi = java_add(r0->_hi, r1->_hi); 2.22 if( !(r0->is_con() && r1->is_con()) ) { 2.23 // Not both constants, compute approximate result 2.24 if( (r0->_lo & r1->_lo) < 0 && lo >= 0 ) {
3.1 --- a/src/share/vm/opto/loopTransform.cpp Wed Jan 30 17:32:47 2019 +0000 3.2 +++ b/src/share/vm/opto/loopTransform.cpp Fri Feb 01 10:47:30 2019 +0100 3.3 @@ -1310,8 +1310,8 @@ 3.4 limit = new (C) Opaque2Node( C, limit ); 3.5 register_new_node( limit, opaq_ctrl ); 3.6 } 3.7 - if (stride_con > 0 && ((limit_type->_lo - stride_con) < limit_type->_lo) || 3.8 - stride_con < 0 && ((limit_type->_hi - stride_con) > limit_type->_hi)) { 3.9 + if (stride_con > 0 && (java_subtract(limit_type->_lo, stride_con) < limit_type->_lo) || 3.10 + stride_con < 0 && (java_subtract(limit_type->_hi, stride_con) > limit_type->_hi)) { 3.11 // No underflow. 3.12 new_limit = new (C) SubINode(limit, stride); 3.13 } else {
4.1 --- a/src/share/vm/opto/mulnode.cpp Wed Jan 30 17:32:47 2019 +0000 4.2 +++ b/src/share/vm/opto/mulnode.cpp Fri Feb 01 10:47:30 2019 +0100 4.3 @@ -244,13 +244,13 @@ 4.4 double d = (double)hi1; 4.5 4.6 // Compute all endpoints & check for overflow 4.7 - int32 A = lo0*lo1; 4.8 + int32 A = java_multiply(lo0, lo1); 4.9 if( (double)A != a*c ) return TypeInt::INT; // Overflow? 4.10 - int32 B = lo0*hi1; 4.11 + int32 B = java_multiply(lo0, hi1); 4.12 if( (double)B != a*d ) return TypeInt::INT; // Overflow? 4.13 - int32 C = hi0*lo1; 4.14 + int32 C = java_multiply(hi0, lo1); 4.15 if( (double)C != b*c ) return TypeInt::INT; // Overflow? 4.16 - int32 D = hi0*hi1; 4.17 + int32 D = java_multiply(hi0, hi1); 4.18 if( (double)D != b*d ) return TypeInt::INT; // Overflow? 4.19 4.20 if( A < B ) { lo0 = A; hi0 = B; } // Sort range endpoints 4.21 @@ -340,13 +340,13 @@ 4.22 double d = (double)hi1; 4.23 4.24 // Compute all endpoints & check for overflow 4.25 - jlong A = lo0*lo1; 4.26 + jlong A = java_multiply(lo0, lo1); 4.27 if( (double)A != a*c ) return TypeLong::LONG; // Overflow? 4.28 - jlong B = lo0*hi1; 4.29 + jlong B = java_multiply(lo0, hi1); 4.30 if( (double)B != a*d ) return TypeLong::LONG; // Overflow? 4.31 - jlong C = hi0*lo1; 4.32 + jlong C = java_multiply(hi0, lo1); 4.33 if( (double)C != b*c ) return TypeLong::LONG; // Overflow? 4.34 - jlong D = hi0*hi1; 4.35 + jlong D = java_multiply(hi0, hi1); 4.36 if( (double)D != b*d ) return TypeLong::LONG; // Overflow? 4.37 4.38 if( A < B ) { lo0 = A; hi0 = B; } // Sort range endpoints 4.39 @@ -573,7 +573,8 @@ 4.40 // Masking off high bits which are always zero is useless. 4.41 const TypeLong* t1 = phase->type( in(1) )->isa_long(); 4.42 if (t1 != NULL && t1->_lo >= 0) { 4.43 - jlong t1_support = ((jlong)1 << (1 + log2_long(t1->_hi))) - 1; 4.44 + int bit_count = log2_long(t1->_hi) + 1; 4.45 + jlong t1_support = jlong(max_julong >> (BitsPerJavaLong - bit_count)); 4.46 if ((t1_support & con) == t1_support) 4.47 return usr; 4.48 } 4.49 @@ -801,7 +802,7 @@ 4.50 4.51 // Check for ((x & ((CONST64(1)<<(64-c0))-1)) << c0) which ANDs off high bits 4.52 // before shifting them away. 4.53 - const jlong bits_mask = ((jlong)CONST64(1) << (jlong)(BitsPerJavaLong - con)) - CONST64(1); 4.54 + const jlong bits_mask = jlong(max_julong >> con); 4.55 if( add1_op == Op_AndL && 4.56 phase->type(add1->in(2)) == TypeLong::make( bits_mask ) ) 4.57 return new (phase->C) LShiftLNode( add1->in(1), in(2) ); 4.58 @@ -1253,7 +1254,7 @@ 4.59 if ( con == 0 ) return NULL; // let Identity() handle a 0 shift count 4.60 // note: mask computation below does not work for 0 shift count 4.61 // We'll be wanting the right-shift amount as a mask of that many bits 4.62 - const jlong mask = (((jlong)CONST64(1) << (jlong)(BitsPerJavaLong - con)) -1); 4.63 + const jlong mask = jlong(max_julong >> con); 4.64 4.65 // Check for ((x << z) + Y) >>> z. Replace with x + con>>>z 4.66 // The idiom for rounding to a power of 2 is "(Q+(2^z-1)) >>> z".
5.1 --- a/src/share/vm/opto/subnode.cpp Wed Jan 30 17:32:47 2019 +0000 5.2 +++ b/src/share/vm/opto/subnode.cpp Fri Feb 01 10:47:30 2019 +0100 5.3 @@ -252,8 +252,8 @@ 5.4 const Type *SubINode::sub( const Type *t1, const Type *t2 ) const { 5.5 const TypeInt *r0 = t1->is_int(); // Handy access 5.6 const TypeInt *r1 = t2->is_int(); 5.7 - int32 lo = r0->_lo - r1->_hi; 5.8 - int32 hi = r0->_hi - r1->_lo; 5.9 + int32 lo = java_subtract(r0->_lo, r1->_hi); 5.10 + int32 hi = java_subtract(r0->_hi, r1->_lo); 5.11 5.12 // We next check for 32-bit overflow. 5.13 // If that happens, we just assume all integers are possible. 5.14 @@ -361,8 +361,8 @@ 5.15 const Type *SubLNode::sub( const Type *t1, const Type *t2 ) const { 5.16 const TypeLong *r0 = t1->is_long(); // Handy access 5.17 const TypeLong *r1 = t2->is_long(); 5.18 - jlong lo = r0->_lo - r1->_hi; 5.19 - jlong hi = r0->_hi - r1->_lo; 5.20 + jlong lo = java_subtract(r0->_lo, r1->_hi); 5.21 + jlong hi = java_subtract(r0->_hi, r1->_lo); 5.22 5.23 // We next check for 32-bit overflow. 5.24 // If that happens, we just assume all integers are possible.
6.1 --- a/src/share/vm/opto/type.cpp Wed Jan 30 17:32:47 2019 +0000 6.2 +++ b/src/share/vm/opto/type.cpp Fri Feb 01 10:47:30 2019 +0100 6.3 @@ -1329,8 +1329,8 @@ 6.4 6.5 // The new type narrows the old type, so look for a "death march". 6.6 // See comments on PhaseTransform::saturate. 6.7 - juint nrange = _hi - _lo; 6.8 - juint orange = ohi - olo; 6.9 + juint nrange = (juint)_hi - _lo; 6.10 + juint orange = (juint)ohi - olo; 6.11 if (nrange < max_juint - 1 && nrange > (orange >> 1) + (SMALLINT*2)) { 6.12 // Use the new type only if the range shrinks a lot. 6.13 // We do not want the optimizer computing 2^31 point by point. 6.14 @@ -1363,7 +1363,7 @@ 6.15 //------------------------------hash------------------------------------------- 6.16 // Type-specific hashing function. 6.17 int TypeInt::hash(void) const { 6.18 - return _lo+_hi+_widen+(int)Type::Int; 6.19 + return java_add(java_add(_lo, _hi), java_add(_widen, (int)Type::Int)); 6.20 } 6.21 6.22 //------------------------------is_finite-------------------------------------- 6.23 @@ -1544,7 +1544,7 @@ 6.24 // If neither endpoint is extremal yet, push out the endpoint 6.25 // which is closer to its respective limit. 6.26 if (_lo >= 0 || // easy common case 6.27 - (julong)(_lo - min) >= (julong)(max - _hi)) { 6.28 + ((julong)_lo - min) >= ((julong)max - _hi)) { 6.29 // Try to widen to an unsigned range type of 32/63 bits: 6.30 if (max >= max_juint && _hi < max_juint) 6.31 return make(_lo, max_juint, WidenMax); 6.32 @@ -2314,7 +2314,7 @@ 6.33 //------------------------------hash------------------------------------------- 6.34 // Type-specific hashing function. 6.35 int TypePtr::hash(void) const { 6.36 - return _ptr + _offset; 6.37 + return java_add(_ptr, _offset); 6.38 } 6.39 6.40 //------------------------------dump2------------------------------------------ 6.41 @@ -2904,12 +2904,8 @@ 6.42 // Type-specific hashing function. 6.43 int TypeOopPtr::hash(void) const { 6.44 return 6.45 - (const_oop() ? const_oop()->hash() : 0) + 6.46 - _klass_is_exact + 6.47 - _instance_id + 6.48 - hash_speculative() + 6.49 - _inline_depth + 6.50 - TypePtr::hash(); 6.51 + java_add(java_add(java_add(const_oop() ? const_oop()->hash() : 0, _klass_is_exact), 6.52 + java_add(_instance_id , hash_speculative())), java_add(_inline_depth , TypePtr::hash())); 6.53 } 6.54 6.55 //------------------------------dump2------------------------------------------ 6.56 @@ -3635,7 +3631,7 @@ 6.57 //------------------------------hash------------------------------------------- 6.58 // Type-specific hashing function. 6.59 int TypeInstPtr::hash(void) const { 6.60 - int hash = klass()->hash() + TypeOopPtr::hash(); 6.61 + int hash = java_add(klass()->hash(), TypeOopPtr::hash()); 6.62 return hash; 6.63 } 6.64 6.65 @@ -4530,7 +4526,7 @@ 6.66 //------------------------------hash------------------------------------------- 6.67 // Type-specific hashing function. 6.68 int TypeKlassPtr::hash(void) const { 6.69 - return klass()->hash() + TypePtr::hash(); 6.70 + return java_add(klass()->hash(), TypePtr::hash()); 6.71 } 6.72 6.73 //------------------------------singleton--------------------------------------
7.1 --- a/src/share/vm/runtime/advancedThresholdPolicy.cpp Wed Jan 30 17:32:47 2019 +0000 7.2 +++ b/src/share/vm/runtime/advancedThresholdPolicy.cpp Fri Feb 01 10:47:30 2019 +0100 7.3 @@ -131,7 +131,8 @@ 7.4 } 7.5 7.6 double AdvancedThresholdPolicy::weight(Method* method) { 7.7 - return (method->rate() + 1) * ((method->invocation_count() + 1) * (method->backedge_count() + 1)); 7.8 + return (double)(method->rate() + 1) * 7.9 + (method->invocation_count() + 1) * (method->backedge_count() + 1); 7.10 } 7.11 7.12 // Apply heuristics and return true if x should be compiled before y
8.1 --- a/src/share/vm/utilities/globalDefinitions.hpp Wed Jan 30 17:32:47 2019 +0000 8.2 +++ b/src/share/vm/utilities/globalDefinitions.hpp Fri Feb 01 10:47:30 2019 +0100 8.3 @@ -1403,6 +1403,32 @@ 8.4 8.5 #define ARRAY_SIZE(array) (sizeof(array)/sizeof((array)[0])) 8.6 8.7 +//---------------------------------------------------------------------------------------------------- 8.8 +// Sum and product which can never overflow: they wrap, just like the 8.9 +// Java operations. Note that we don't intend these to be used for 8.10 +// general-purpose arithmetic: their purpose is to emulate Java 8.11 +// operations. 8.12 + 8.13 +// The goal of this code to avoid undefined or implementation-defined 8.14 +// behaviour. The use of an lvalue to reference cast is explicitly 8.15 +// permitted by Lvalues and rvalues [basic.lval]. [Section 3.10 Para 8.16 +// 15 in C++03] 8.17 +#define JAVA_INTEGER_OP(OP, NAME, TYPE, UNSIGNED_TYPE) \ 8.18 +inline TYPE NAME (TYPE in1, TYPE in2) { \ 8.19 + UNSIGNED_TYPE ures = static_cast<UNSIGNED_TYPE>(in1); \ 8.20 + ures OP ## = static_cast<UNSIGNED_TYPE>(in2); \ 8.21 + return reinterpret_cast<TYPE&>(ures); \ 8.22 +} 8.23 + 8.24 +JAVA_INTEGER_OP(+, java_add, jint, juint) 8.25 +JAVA_INTEGER_OP(-, java_subtract, jint, juint) 8.26 +JAVA_INTEGER_OP(*, java_multiply, jint, juint) 8.27 +JAVA_INTEGER_OP(+, java_add, jlong, julong) 8.28 +JAVA_INTEGER_OP(-, java_subtract, jlong, julong) 8.29 +JAVA_INTEGER_OP(*, java_multiply, jlong, julong) 8.30 + 8.31 +#undef JAVA_INTEGER_OP 8.32 + 8.33 // Dereference vptr 8.34 // All C++ compilers that we know of have the vtbl pointer in the first 8.35 // word. If there are exceptions, this function needs to be made compiler