RFR(S): 8159611: C2: ArrayCopy elimination skips required parameter checks
Zoltán Majó
zoltan.majo at oracle.com
Mon Aug 15 13:35:02 UTC 2016
Hi Volker,
thank you for fixing this issue! Your fix looks good to me.
I'm running some internal testing with your proposed change. I'd be
happy to sponsor it once that's done (unless there are suggestions on
how to further improve it).
Thank you!
Best regards,
Zoltan
On 08/12/2016 09:13 PM, Volker Simonis wrote:
> Hi,
>
> can I please have a review and sponsor for the following fix:
>
> http://cr.openjdk.java.net/~simonis/webrevs/2016/8159611
> https://bugs.openjdk.java.net/browse/JDK-8159611
>
>
> We are inserting several checks for the arguments of
> System.arraycopy() in LibraryCallKit::inline_arraycopy() before
> intensifying the call in LibraryCallKit::inline_arraycopy. However the
> check for the 'length' argument of arracopy is postponed to the macro
> expansion phase in PhaseMacroExpand::generate_arraycopy().
>
> But if we are running with EscapeAnalysis and EliminateAllocations,
> the array allocations inside a call to System.arraycopy() may get
> eliminated and thus the complete call to System.arraycopy() will be
> removed (see PhaseMacroExpand::process_users_of_allocation). In this
> case the extra 'length' check won't be added by
> PhaseMacroExpand::generate_arraycopy() any more because macro
> expansion happens after the elimination of macro nodes.
>
> In such a case it may happen that System.arraycopy() will silently
> accept an invalid (i.e. negative) 'length' parameter, although it
> should actually throw an ArrayOutOfBounds exception.
>
> The fix is simple: also insert a check for the length field in
> LibraryCallKit::inline_arraycopy() if we are running with
> EliminateAllocations.
>
> Regards,
> Volker
More information about the hotspot-compiler-dev
mailing list