RFR(S): 8159611: C2: ArrayCopy elimination skips required parameter checks
Volker Simonis
volker.simonis at gmail.com
Fri Aug 12 19:13:53 UTC 2016
Hi,
can I please have a review and sponsor for the following fix:
http://cr.openjdk.java.net/~simonis/webrevs/2016/8159611
https://bugs.openjdk.java.net/browse/JDK-8159611
We are inserting several checks for the arguments of
System.arraycopy() in LibraryCallKit::inline_arraycopy() before
intensifying the call in LibraryCallKit::inline_arraycopy. However the
check for the 'length' argument of arracopy is postponed to the macro
expansion phase in PhaseMacroExpand::generate_arraycopy().
But if we are running with EscapeAnalysis and EliminateAllocations,
the array allocations inside a call to System.arraycopy() may get
eliminated and thus the complete call to System.arraycopy() will be
removed (see PhaseMacroExpand::process_users_of_allocation). In this
case the extra 'length' check won't be added by
PhaseMacroExpand::generate_arraycopy() any more because macro
expansion happens after the elimination of macro nodes.
In such a case it may happen that System.arraycopy() will silently
accept an invalid (i.e. negative) 'length' parameter, although it
should actually throw an ArrayOutOfBounds exception.
The fix is simple: also insert a check for the length field in
LibraryCallKit::inline_arraycopy() if we are running with
EliminateAllocations.
Regards,
Volker
More information about the hotspot-compiler-dev
mailing list