RFR: 8262295: C2: Out-of-Bounds Array Load from Clone Source [v3]
Richard Reingruber
rrich at openjdk.java.net
Fri Mar 19 13:19:04 UTC 2021
> This c2 fix makes the optimization of loads from the result array of a
> Object.clone() call dependent on a compile time range check in order to prevent
> out-of-bounds array loads described in JDK-8262295.
>
> Testing: The included reproducer test. The fix passed also our CI testing: JCK
> and JTREG, also in Xcomp mode, SPECjvm2008, SPECjbb2015, SAP specific tests with
> fastdebug and release builds on all platforms.
>
> Alternatively the transformed load could be made dependent on a range check at
> runtime. Based on our automated benchmarking it wouldn't be worth
> it. Our benchmark results include quite a bit of noise though.
Richard Reingruber has updated the pull request incrementally with one additional commit since the last revision:
Avoid overflow in expression sizetype->_lo * elemsize + header
-------------
Changes:
- all: https://git.openjdk.java.net/jdk/pull/2708/files
- new: https://git.openjdk.java.net/jdk/pull/2708/files/f7339066..c6d5c1dc
Webrevs:
- full: https://webrevs.openjdk.java.net/?repo=jdk&pr=2708&range=02
- incr: https://webrevs.openjdk.java.net/?repo=jdk&pr=2708&range=01-02
Stats: 2 lines in 1 file changed: 0 ins; 0 del; 2 mod
Patch: https://git.openjdk.java.net/jdk/pull/2708.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/2708/head:pull/2708
PR: https://git.openjdk.java.net/jdk/pull/2708
More information about the hotspot-compiler-dev
mailing list