8341178: TypeRawPtr::add_offset may be "miscompiled" due to UB #21324
Conversation
|
👋 Welcome back kbarrett! A progress list of the required criteria for merging this PR into |
|
@kimbarrett This change now passes all automated pre-integration checks. ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details. After integration, the commit message for the final commit will be: You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed. At the time when this comment was updated there had been 99 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details. ➡️ To integrate this PR with the above commit message to the |
|
@kimbarrett The following label will be automatically applied to this pull request:
When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command. |
Webrevs
|
src/hotspot/share/opto/type.cpp
Outdated
| @@ -3133,7 +3133,7 @@ const TypeRawPtr *TypeRawPtr::make( enum PTR ptr ) { | |||
| } | |||
|
|
|||
| const TypeRawPtr *TypeRawPtr::make( address bits ) { | |||
| assert( bits, "Use TypePtr for null" ); | |||
| assert( bits != nullptr, "Use TypePtr for null" ); | |||
There was a problem hiding this comment.
Please, remove spaces after open and before close ().
There was a problem hiding this comment.
I'm not fond of those spaces, but they follow the style used throughout this file.
There was a problem hiding this comment.
Although it looks like only 1/3 of the asserts in this file have extra whitespace, including the one being touched
here. So sure, I can remove the extraneous whitespace from this function, since touching it anyway.
|
Side note: please enable GHA testing for your repo. |
|
What about using |
That has more fannout, into code I'm not familiar with. The proposed change fixes the immediate "miscompilation". |
src/hotspot/share/opto/type.cpp
Outdated
| @@ -3223,14 +3223,22 @@ const TypePtr* TypeRawPtr::add_offset(intptr_t offset) const { | |||
| case TypePtr::NotNull: | |||
| return this; | |||
| case TypePtr::Null: | |||
| return make( (address)offset ); | |||
There was a problem hiding this comment.
Shouldn't this assert that _bits == 0? Looking at the code, however, I can't find anywhere that we actually create a TypeRawPtr with TypePtr::Null. We could probably remove this case and let it fall through to the default ShouldNotReachHere().
There was a problem hiding this comment.
Initialization of TypePtr::NULL_PTR here:
jdk/src/hotspot/share/opto/type.cpp
Line 538 in 4d50cbb
There was a problem hiding this comment.
I saw that too, but it creates a TypePtr, not a TypeRawPtr.
There was a problem hiding this comment.
Oh, you are right. And TypeRawPtr::make asserts the PTR is neither Constant nor Null. Which makes
both switch cases under modification here supposedly unreachable. That would explain why I never hit
either after running lots of tests. All of the change proposed here can be eliminated, and instead change
both cases to fall through to the default ShouldNotReachHere(). (And that would be another way to
remove the -Wzero-as-null-pointer-constant warning that was how I got here in the first place. :) )
There was a problem hiding this comment.
There's TypeRawPtr::make(enum PTR ptr) which doesn't allow Constant or Null, but we are using TypeRawPtr::make(address bits) here.
We may need to keep the Constant case. I wouldn't be surprised if there was a way to trigger that path using Unsafe.
There was a problem hiding this comment.
Yeah, keeping it makes sense. I've removed the TypePtr::Null case, allowing that one to default to
ShuoldNotReachHere().
Okay, that's fine with me. |
|
Thanks for reviews, @vnkozlov and @dean-long |
|
/integrate |
|
Going to push as commit 0a57fe1.
Your commit was automatically rebased without conflicts. |
openjdk
bot
removed
ready
|
@kimbarrett Pushed as commit 0a57fe1. 💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored. |
Please review this change to TypeRawPtr::add_offset to prevent a compiler from
inferring things based on prior pointer arithmetic not invoking UB. As noted in
the bug report, clang is actually doing this.
To accomplish this, changed to integral arithmetic. Also added over/underflow
checks.
Also made a couple of minor touchups. Replaced an implicit conversion to bool
with an explicit compare to nullptr (per style guide). Removed a no longer
needed dummy return after a (now) noreturn function.
Testing: mach5 tier1-7
That testing was with calls to "fatal" for the over/underflow cases and the
sum==0 case. There were no hits. I'm not sure how to construct a test that
would hit those.
Progress
Issue
Reviewers
Reviewing
Using
gitCheckout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/21324/head:pull/21324$ git checkout pull/21324Update a local copy of the PR:
$ git checkout pull/21324$ git pull https://git.openjdk.org/jdk.git pull/21324/headUsing Skara CLI tools
Checkout this PR locally:
$ git pr checkout 21324View PR using the GUI difftool:
$ git pr show -t 21324Using diff file
Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/21324.diff
Webrev
Link to Webrev Comment