RFR: 8262295: C2: Out-of-Bounds Array Load from Clone Source
Vladimir Kozlov
kvn at openjdk.java.net
Wed Mar 17 16:47:49 UTC 2021
On Wed, 24 Feb 2021 17:35:18 GMT, Richard Reingruber <rrich at openjdk.org> wrote:
> This c2 fix makes the optimization of loads from the result array of a
> Object.clone() call dependent on a compile time range check in order to prevent
> out-of-bounds array loads described in JDK-8262295.
>
> Testing: The included reproducer test. The fix passed also our CI testing: JCK
> and JTREG, also in Xcomp mode, SPECjvm2008, SPECjbb2015, SAP specific tests with
> fastdebug and release builds on all platforms.
>
> Alternatively the transformed load could be made dependent on a range check at
> runtime. Based on our automated benchmarking it wouldn't be worth
> it. Our benchmark results include quite a bit of noise though.
Changes requested by kvn (Reviewer).
src/hotspot/share/opto/memnode.cpp line 536:
> 534: ArrayCopyNode* ac = find_array_copy_clone(phase, ld_alloc, mem);
> 535: if (ac != NULL) {
> 536: Node* ld_addp = in(MemNode::Address);
I think you need to check (ld_addp->is_AddP()) as at line #560.
src/hotspot/share/opto/memnode.cpp line 541:
> 539: const TypeAryPtr* ary_t = phase->type(src)->isa_aryptr();
> 540:
> 541: if (ary_t != NULL) {
Needs Comment explaining what code does.
test/hotspot/jtreg/compiler/arraycopy/TestOutOfBoundsArrayLoad.java line 39:
> 37: * @build sun.hotspot.WhiteBox
> 38: * @run driver jdk.test.lib.helpers.ClassFileInstaller sun.hotspot.WhiteBox
> 39: * @run main/othervm -XX:+UseSerialGC -Xmx128m
Add `* @requires vm.gc.Serial` to avoid conflict when testing env specifies different GC.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2708
More information about the hotspot-compiler-dev
mailing list