stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8223923: C2: Missing interference with mismatched unsafe accesses

Browse Source 
Reviewed-by: thartmann
This commit is contained in:
Vladimir Ivanov 2021-08-20 12:41:20 +00:00
parent c701f6e538
commit 86add21a85
2 changed files with 82 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/hotspot/share/opto/memnode.cpp
View File

@ -596,7 +596,7 @@ Node* LoadNode::find_previous_arraycopy(PhaseTransform* phase, Node* ld_alloc, N
ArrayCopyNode* MemNode::find_array_copy_clone(PhaseTransform* phase, Node* ld_alloc, Node* mem) const { ArrayCopyNode* MemNode::find_array_copy_clone(PhaseTransform* phase, Node* ld_alloc, Node* mem) const {
if (mem->is_Proj() && mem->in(0) != NULL && (mem->in(0)->Opcode() == Op_MemBarStoreStore || if (mem->is_Proj() && mem->in(0) != NULL && (mem->in(0)->Opcode() == Op_MemBarStoreStore ||
mem->in(0)->Opcode() == Op_MemBarCPUOrder)) { mem->in(0)->Opcode() == Op_MemBarCPUOrder)) {
if (ld_alloc != NULL) { if (ld_alloc != NULL) {
// Check if there is an array copy for a clone // Check if there is an array copy for a clone
Node* mb = mem->in(0); Node* mb = mem->in(0);
@ -1061,7 +1061,6 @@ Node* MemNode::can_see_stored_value(Node* st, PhaseTransform* phase) const {
// This is more general than load from boxing objects. // This is more general than load from boxing objects.
if (skip_through_membars(atp, tp, phase->C->eliminate_boxing())) { if (skip_through_membars(atp, tp, phase->C->eliminate_boxing())) {
uint alias_idx = atp->index(); uint alias_idx = atp->index();
bool final = !atp->is_rewritable();
Node* result = NULL; Node* result = NULL;
Node* current = st; Node* current = st;
// Skip through chains of MemBarNodes checking the MergeMems for // Skip through chains of MemBarNodes checking the MergeMems for
@ -1069,17 +1068,19 @@ Node* MemNode::can_see_stored_value(Node* st, PhaseTransform* phase) const {
// kind of node is encountered. Loads from final memory can skip // kind of node is encountered. Loads from final memory can skip
// through any kind of MemBar but normal loads shouldn't skip // through any kind of MemBar but normal loads shouldn't skip
// through MemBarAcquire since the could allow them to move out of // through MemBarAcquire since the could allow them to move out of
// a synchronized region. // a synchronized region. It is not safe to step over MemBarCPUOrder,
// because alias info above them may be inaccurate (e.g., due to
// mixed/mismatched unsafe accesses).
bool is_final_mem = !atp->is_rewritable();
while (current->is_Proj()) { while (current->is_Proj()) {
int opc = current->in(0)->Opcode(); int opc = current->in(0)->Opcode();
if ((final && (opc == Op_MemBarAcquire || if ((is_final_mem && (opc == Op_MemBarAcquire ||
opc == Op_MemBarAcquireLock || opc == Op_MemBarAcquireLock ||
opc == Op_LoadFence)) || opc == Op_LoadFence)) ||
opc == Op_MemBarRelease || opc == Op_MemBarRelease ||
opc == Op_StoreFence || opc == Op_StoreFence ||
opc == Op_MemBarReleaseLock || opc == Op_MemBarReleaseLock ||
opc == Op_MemBarStoreStore || opc == Op_MemBarStoreStore) {
opc == Op_MemBarCPUOrder) {
Node* mem = current->in(0)->in(TypeFunc::Memory); Node* mem = current->in(0)->in(TypeFunc::Memory);
if (mem->is_MergeMem()) { if (mem->is_MergeMem()) {
MergeMemNode* merge = mem->as_MergeMem(); MergeMemNode* merge = mem->as_MergeMem();

73
test/hotspot/jtreg/compiler/unsafe/MismatchedUnsafeAccessTest.java Normal file
View File

@ -0,0 +1,73 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @bug 8223923
* @modules java.base/jdk.internal.misc
* @run main/othervm -Xbatch compiler.unsafe.MismatchedUnsafeAccessTest
*/
package compiler.unsafe;
import jdk.internal.misc.Unsafe;
public class MismatchedUnsafeAccessTest {
private static final Unsafe UNSAFE = Unsafe.getUnsafe();
public static class Test {
public int x = 0;
public int y = 0;
public static final long offsetX;
public static final long offsetY;
static {
try {
offsetX = UNSAFE.objectFieldOffset(Test.class.getField("x"));
offsetY = UNSAFE.objectFieldOffset(Test.class.getField("y"));
} catch (NoSuchFieldException e) {
throw new InternalError(e);
}
// Validate offsets
if (offsetX >= offsetY || offsetY - offsetX != 4) {
throw new InternalError("Wrong offsets: " + offsetX + " " + offsetY);
}
}
}
public static int test(long l) {
Test a = new Test();
UNSAFE.putLong(a, Test.offsetX, l); // mismatched access; interferes with subsequent load
return UNSAFE.getInt(a, Test.offsetY);
}
public static void main(String[] args) {
for (int i = 0; i < 20_000; i++) {
int res = test(-1L);
if (res != -1) {
throw new AssertionError("Wrong result: " + res);
}
}
System.out.println("TEST PASSED");
}
}