[13] RFR: 8202414: Unsafe write after primitive array creation may result in array length change

Mon Mar 25 19:33:10 UTC 2019

On 3/25/19 2:30 AM, Rahul Raghavan wrote:
> Hi,
> 
> Request help review the following revised fix proposal for JDK-8202414.
> 
> <webrev.01> - http://cr.openjdk.java.net/~rraghavan/8202414/webrev.01/
> 
> Though did not receive comments for earlier '8202414/webrev.00',
> when checked again seems the same to be wrong or too restrictive.
> So tried the revised changes -
> 
> intptr_t InitializeNode::can_capture_store(StoreNode* st, PhaseTransform* phase, bool can_reshape) {
>     const int FAIL = 0;
>     if (st->is_unaligned_access()) {
>       return FAIL;
>     }
> +  if ((st->memory_size() >= BytesPerInt) && ((get_store_offset(st, phase) % BytesPerInt) != 0)) {
> +    return FAIL;
> +  }

Suggestion:

if ((get_store_offset(st, phase) % st->memory_size()) != 0) {

Vladimir


>     if (st->req() != MemNode::ValueIn + 1)
>       return FAIL;                // an inscrutable StoreNode (card mark?)
> 
> Confirmed no issues with reported 8202414 test case.
> Also no issues for hs-tier1 to tier4, hs-precheckin-comp testing.
> Please let me know if missed something here.
> 
> 
> Thanks,
> Rahul
> 
> 
> 
> On 14/03/19 1:54 PM, Rahul Raghavan wrote:
>> Hi,
>>
>> Please review the following fix proposal for JDK-8202414.
>>
>> Webrev - http://cr.openjdk.java.net/~rraghavan/8202414/webrev.00/
>>
>>
>> -- Related links
>>  > https://bugs.openjdk.java.net/browse/JDK-8202414
>>  > http://mail.openjdk.java.net/pipermail/hotspot-compiler-dev/2018-September/030536.html
>>
>>
>> -- As per suggestions in JBS added following change in InitializeNode::can_capture_store() to return false for 
>> unaligned stores.
>> =============
>> diff -r 3086f9259e97 src/hotspot/share/opto/memnode.cpp
>> --- a/src/hotspot/share/opto/memnode.cpp Wed Mar 13 00:48:52 2019 -0400
>> +++ b/src/hotspot/share/opto/memnode.cpp Wed Mar 13 19:50:07 2019 +0530
>> @@ -3541,7 +3541,7 @@
>>   // within the initialized memory.
>>   intptr_t InitializeNode::can_capture_store(StoreNode* st, PhaseTransform* phase, bool can_reshape) {
>>     const int FAIL = 0;
>> -  if (st->is_unaligned_access()) {
>> +  if (st->is_unaligned_access() || ((get_store_offset(st, phase) % BytesPerInt) != 0)) {
>>       return FAIL;
>>     }
>>     if (st->req() != MemNode::ValueIn + 1)
>> ==============
>>
>>
>> -- Added the new jtreg test from the JBS unit test.
>> (test/hotspot/jtreg/compiler/c2/Test8202414.java)
>> Understood the test with unaligned access will not work for Sparc due to hardware restrictions.The test always fails 
>> with SIGBUS crash, with or without above fix. So added
>>     @requires (os.arch != "sparc") & (os.arch != "sparcv9")
>>
>>
>> -- Confirmed the above change solved the original reported 8202414 test case failure. Also no issues far for hs-tier1 
>> to tier4, hs-precheckin-comp testing.
>>
>> -- Could not work out any related additions in LibraryCallKit::inline_unsafe_access().
>> Hope above fix proposal is correct, complete solution for the issue.
>>
>>
>> Thanks,
>> Rahul