[9] RFR (S): 8159431: C1 arraycopy intrinsic type checks missing
Zoltán Majó
zoltan.majo at oracle.com
Mon Jun 27 18:20:18 UTC 2016
Hi Vladimir,
thank you for the feedback!
On 06/25/2016 12:56 AM, Vladimir Kozlov wrote:
> Zoltan, check that klass is not j.l.Object is not enough.
> See next code in stub generators how to check for arrays (similar code
> exists on all platforms):
>
> http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/file/ff0c5aa32086/src/cpu/x86/vm/stubGenerator_x86_64.cpp#l2649
>
right, thank you for catching that!
Here is the updated webrev:
http://cr.openjdk.java.net/~zmajo/8159431/webrev.01/
Testing: JPRT (testset hotspot).
Thank you!
Best regards,
Zoltan
>
> Thanks,
> Vladimir
>
> On 6/24/16 9:05 AM, Zoltán Majó wrote:
>> Hi,
>>
>>
>> please review the patch for 8159431.
>>
>> https://bugs.openjdk.java.net/browse/JDK-8159431
>>
>> Problem: The C1 intrinsic for
>> java.lang.System.arraycopy(Object src, int srcPos, Object dest, int
>> destPos, int length)
>>
>> does not verify that 'src' or 'dest' is a "proper" array. As a
>> result, the intrinsic reads the non-existing 'length' field from
>> java.lang.Object (i.e., the intrinsic reads past the end of the
>> java.lang.Object instance), which is incorrect.
>>
>> Also, the intrinsic only checks if 'src' is a subclass of 'dest'
>> before writing into 'dest' without checking the special case
>> 'dest'==java.lang.Object. That can result in data being written to a
>> random heap location instead of the required ArrayStoreException
>> being thrown.
>>
>> Solution: Check the type of 'src' and 'dest' at runtime if the
>> compiler was not able to prove at compile-time that 'src' and 'dest'
>> are "proper" arrays.
>>
>> Webrev:
>> http://cr.openjdk.java.net/~zmajo/8159431/webrev.00/
>>
>> Testing: JPRT (testset hotspot).
>>
>> I'll do an RBT run once the code is close to its final shape.
>>
>> The problem was originally reported by Xiang Yuan from Linaro. Once
>> the code is reviewed, I plan to push the patch with Xiang and myself
>> as contributors.
>>
>> The open arm port and ppc are also likely to be affected. I'll file
>> bugs for those architectures and notify persons working on the
>> appropriate ports.
>>
>> Thank you!
>>
>> Best regards,
>>
>>
>> Zoltan
>>
More information about the hotspot-compiler-dev
mailing list