Skip to content
Permalink
Browse files
8223923: C2: Missing interference with mismatched unsafe accesses
Backport-of: 86add21a85ec57de00aecb0a18bc99567a91d0d8
  • Loading branch information
TobiHartmann committed Sep 29, 2021
1 parent 6141fcc commit 7298db5b38aab5fb5c21cf9ec4aa842f25954f0a
Showing 2 changed files with 82 additions and 8 deletions.
@@ -596,7 +596,7 @@ Node* LoadNode::find_previous_arraycopy(PhaseTransform* phase, Node* ld_alloc, N

ArrayCopyNode* MemNode::find_array_copy_clone(PhaseTransform* phase, Node* ld_alloc, Node* mem) const {
if (mem->is_Proj() && mem->in(0) != NULL && (mem->in(0)->Opcode() == Op_MemBarStoreStore ||
mem->in(0)->Opcode() == Op_MemBarCPUOrder)) {
mem->in(0)->Opcode() == Op_MemBarCPUOrder)) {
if (ld_alloc != NULL) {
// Check if there is an array copy for a clone
Node* mb = mem->in(0);
@@ -1061,25 +1061,26 @@ Node* MemNode::can_see_stored_value(Node* st, PhaseTransform* phase) const {
// This is more general than load from boxing objects.
if (skip_through_membars(atp, tp, phase->C->eliminate_boxing())) {
uint alias_idx = atp->index();
bool final = !atp->is_rewritable();
Node* result = NULL;
Node* current = st;
// Skip through chains of MemBarNodes checking the MergeMems for
// new states for the slice of this load. Stop once any other
// kind of node is encountered. Loads from final memory can skip
// through any kind of MemBar but normal loads shouldn't skip
// through MemBarAcquire since the could allow them to move out of
// a synchronized region.
// a synchronized region. It is not safe to step over MemBarCPUOrder,
// because alias info above them may be inaccurate (e.g., due to
// mixed/mismatched unsafe accesses).
bool is_final_mem = !atp->is_rewritable();
while (current->is_Proj()) {
int opc = current->in(0)->Opcode();
if ((final && (opc == Op_MemBarAcquire ||
opc == Op_MemBarAcquireLock ||
opc == Op_LoadFence)) ||
if ((is_final_mem && (opc == Op_MemBarAcquire ||
opc == Op_MemBarAcquireLock ||
opc == Op_LoadFence)) ||
opc == Op_MemBarRelease ||
opc == Op_StoreFence ||
opc == Op_MemBarReleaseLock ||
opc == Op_MemBarStoreStore ||
opc == Op_MemBarCPUOrder) {
opc == Op_MemBarStoreStore) {
Node* mem = current->in(0)->in(TypeFunc::Memory);
if (mem->is_MergeMem()) {
MergeMemNode* merge = mem->as_MergeMem();
@@ -0,0 +1,73 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

/*
* @test
* @bug 8223923
* @modules java.base/jdk.internal.misc
* @run main/othervm -Xbatch compiler.unsafe.MismatchedUnsafeAccessTest
*/
package compiler.unsafe;

import jdk.internal.misc.Unsafe;

public class MismatchedUnsafeAccessTest {
private static final Unsafe UNSAFE = Unsafe.getUnsafe();

public static class Test {
public int x = 0;
public int y = 0;

public static final long offsetX;
public static final long offsetY;

static {
try {
offsetX = UNSAFE.objectFieldOffset(Test.class.getField("x"));
offsetY = UNSAFE.objectFieldOffset(Test.class.getField("y"));
} catch (NoSuchFieldException e) {
throw new InternalError(e);
}
// Validate offsets
if (offsetX >= offsetY || offsetY - offsetX != 4) {
throw new InternalError("Wrong offsets: " + offsetX + " " + offsetY);
}
}
}

public static int test(long l) {
Test a = new Test();
UNSAFE.putLong(a, Test.offsetX, l); // mismatched access; interferes with subsequent load
return UNSAFE.getInt(a, Test.offsetY);
}

public static void main(String[] args) {
for (int i = 0; i < 20_000; i++) {
int res = test(-1L);
if (res != -1) {
throw new AssertionError("Wrong result: " + res);
}
}
System.out.println("TEST PASSED");
}
}

1 comment on commit 7298db5

@openjdk-notifier
Copy link

@openjdk-notifier openjdk-notifier bot commented on 7298db5 Sep 29, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.