8300079: SIGSEGV in LibraryCallKit::inline_string_copy due to constant NULL src argument

Reviewed-by: mdoerr
Backport-of: 45e4e00981ef8b4bf143afce0889698319273c1d

Author: GoeLin

src/hotspot/share/opto/library_call.cpp

@@ -1288,10 +1288,13 @@ bool LibraryCallKit::inline_string_copy(bool compress) {
   AllocateArrayNode* alloc = tightly_coupled_allocation(dst);
 
   // Figure out the size and type of the elements we will be copying.
-  const Type* src_type = src->Value(&_gvn);
-  const Type* dst_type = dst->Value(&_gvn);
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType dst_elem = dst_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  const TypeAryPtr* src_type = src->Value(&_gvn)->isa_aryptr();
+  const TypeAryPtr* dst_type = dst->Value(&_gvn)->isa_aryptr();
+  if (src_type == nullptr || dst_type == nullptr) {
+    return false;
+  }
+  BasicType src_elem = src_type->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType dst_elem = dst_type->klass()->as_array_klass()->element_type()->basic_type();
   assert((compress && dst_elem == T_BYTE && (src_elem == T_BYTE || src_elem == T_CHAR)) ||
          (!compress && src_elem == T_BYTE && (dst_elem == T_BYTE || dst_elem == T_CHAR)),
          "Unsupported array types for inline_string_copy");
@@ -4943,8 +4946,8 @@ bool LibraryCallKit::inline_encodeISOArray(bool ascii) {
   }
 
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType dst_elem = dst_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType dst_elem = top_dest->klass()->as_array_klass()->element_type()->basic_type();
   if (!((src_elem == T_CHAR) || (src_elem== T_BYTE)) || dst_elem != T_BYTE) {
     return false;
   }
@@ -4997,8 +5000,8 @@ bool LibraryCallKit::inline_multiplyToLen() {
     return false;
   }
 
-  BasicType x_elem = x_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType y_elem = y_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType x_elem = top_x->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType y_elem = top_y->klass()->as_array_klass()->element_type()->basic_type();
   if (x_elem != T_INT || y_elem != T_INT) {
     return false;
   }
@@ -5105,8 +5108,8 @@ bool LibraryCallKit::inline_squareToLen() {
     return false;
   }
 
-  BasicType x_elem = x_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType z_elem = z_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType x_elem = top_x->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType z_elem = top_z->klass()->as_array_klass()->element_type()->basic_type();
   if (x_elem != T_INT || z_elem != T_INT) {
     return false;
   }
@@ -5154,8 +5157,8 @@ bool LibraryCallKit::inline_mulAdd() {
     return false;
   }
 
-  BasicType out_elem = out_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType in_elem = in_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType out_elem = top_out->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType in_elem = top_in->klass()->as_array_klass()->element_type()->basic_type();
   if (out_elem != T_INT || in_elem != T_INT) {
     return false;
   }
@@ -5209,10 +5212,10 @@ bool LibraryCallKit::inline_montgomeryMultiply() {
     return false;
   }
 
-  BasicType a_elem = a_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType b_elem = b_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType n_elem = n_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType m_elem = m_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType a_elem = top_a->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType b_elem = top_b->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType n_elem = top_n->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType m_elem = top_m->klass()->as_array_klass()->element_type()->basic_type();
   if (a_elem != T_INT || b_elem != T_INT || n_elem != T_INT || m_elem != T_INT) {
     return false;
   }
@@ -5265,9 +5268,9 @@ bool LibraryCallKit::inline_montgomerySquare() {
     return false;
   }
 
-  BasicType a_elem = a_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType n_elem = n_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType m_elem = m_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType a_elem = top_a->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType n_elem = top_n->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType m_elem = top_m->klass()->as_array_klass()->element_type()->basic_type();
   if (a_elem != T_INT || n_elem != T_INT || m_elem != T_INT) {
     return false;
   }
@@ -5317,8 +5320,8 @@ bool LibraryCallKit::inline_bigIntegerShift(bool isRightShift) {
     return false;
   }
 
-  BasicType newArr_elem = newArr_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
-  BasicType oldArr_elem = oldArr_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType newArr_elem = top_newArr->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType oldArr_elem = top_oldArr->klass()->as_array_klass()->element_type()->basic_type();
   if (newArr_elem != T_INT || oldArr_elem != T_INT) {
     return false;
   }
@@ -5531,7 +5534,7 @@ bool LibraryCallKit::inline_updateBytesCRC32() {
   }
 
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
   if (src_elem != T_BYTE) {
     return false;
   }
@@ -5620,7 +5623,7 @@ bool LibraryCallKit::inline_updateBytesCRC32C() {
   }
 
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
   if (src_elem != T_BYTE) {
     return false;
   }
@@ -5713,7 +5716,7 @@ bool LibraryCallKit::inline_updateBytesAdler32() {
   }
 
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
   if (src_elem != T_BYTE) {
     return false;
   }
@@ -6550,7 +6553,7 @@ bool LibraryCallKit::inline_digestBase_implCompress(vmIntrinsics::ID id) {
     return false;
   }
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
   if (src_elem != T_BYTE) {
     return false;
   }
@@ -6642,7 +6645,7 @@ bool LibraryCallKit::inline_digestBase_implCompressMB(int predicate) {
     return false;
   }
   // Figure out the size and type of the elements we will be copying.
-  BasicType src_elem = src_type->isa_aryptr()->klass()->as_array_klass()->element_type()->basic_type();
+  BasicType src_elem = top_src->klass()->as_array_klass()->element_type()->basic_type();
   if (src_elem != T_BYTE) {
     return false;
   }

test/hotspot/jtreg/compiler/intrinsics/string/TestCopyValueOf.java

@@ -0,0 +1,58 @@
+/*
+ * Copyright (c) 2023, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8300079
+ * @summary Verify that String.copyValueOf properly handles null input with intrinsified helper methods.
+ * @run main/othervm -XX:-TieredCompilation -Xcomp
+ *                   -XX:CompileCommand=compileonly,compiler.intrinsics.string.TestCopyValueOf::test
+ *                   -XX:CompileCommand=dontinline,java.lang.String::rangeCheck
+ *                   compiler.intrinsics.string.TestCopyValueOf
+ */
+
+package compiler.intrinsics.string;
+
+public class TestCopyValueOf {
+
+    public static boolean test() {
+        try {
+            String.copyValueOf(null, 42, 43);
+        } catch (NullPointerException e) {
+            return true;
+        }
+        return false;
+    }
+
+    public static void main(String[] args) {
+        // Warmup
+        char data[] = {42};
+        String.copyValueOf(data, 0, 1);
+
+        if (!test()) {
+            throw new RuntimeException("Unexpected result");
+        }
+    }
+}