6799693: Server compiler leads to data corruption when expression throws an Exception
authorkvn
Thu, 05 Feb 2009 14:43:58 -0800
changeset 2029 4ba79339bc0c
parent 2028 04fa713b25f9
child 2030 39d55e4534b4
6799693: Server compiler leads to data corruption when expression throws an Exception Summary: Use merged memory state for an allocation's slow path. Reviewed-by: never
hotspot/src/share/vm/opto/graphKit.cpp
hotspot/src/share/vm/opto/macro.cpp
hotspot/test/compiler/6795161/Test.java
hotspot/test/compiler/6799693/Test.java
--- a/hotspot/src/share/vm/opto/graphKit.cpp	Thu Feb 05 13:38:52 2009 -0800
+++ b/hotspot/src/share/vm/opto/graphKit.cpp	Thu Feb 05 14:43:58 2009 -0800
@@ -2942,16 +2942,10 @@
 
   // Now generate allocation code
 
-  // With escape analysis, the entire memory state is needed to be able to
-  // eliminate the allocation.  If the allocations cannot be eliminated, this
-  // will be optimized to the raw slice when the allocation is expanded.
-  Node *mem;
-  if (C->do_escape_analysis()) {
-    mem = reset_memory();
-    set_all_memory(mem);
-  } else {
-    mem = memory(Compile::AliasIdxRaw);
-  }
+  // The entire memory state is needed for slow path of the allocation
+  // since GC and deoptimization can happened.
+  Node *mem = reset_memory();
+  set_all_memory(mem); // Create new memory state
 
   AllocateNode* alloc
     = new (C, AllocateNode::ParmLimit)
@@ -3088,16 +3082,10 @@
 
   // Now generate allocation code
 
-  // With escape analysis, the entire memory state is needed to be able to
-  // eliminate the allocation.  If the allocations cannot be eliminated, this
-  // will be optimized to the raw slice when the allocation is expanded.
-  Node *mem;
-  if (C->do_escape_analysis()) {
-    mem = reset_memory();
-    set_all_memory(mem);
-  } else {
-    mem = memory(Compile::AliasIdxRaw);
-  }
+  // The entire memory state is needed for slow path of the allocation
+  // since GC and deoptimization can happened.
+  Node *mem = reset_memory();
+  set_all_memory(mem); // Create new memory state
 
   // Create the AllocateArrayNode and its result projections
   AllocateArrayNode* alloc
--- a/hotspot/src/share/vm/opto/macro.cpp	Thu Feb 05 13:38:52 2009 -0800
+++ b/hotspot/src/share/vm/opto/macro.cpp	Thu Feb 05 14:43:58 2009 -0800
@@ -952,13 +952,6 @@
   Node* klass_node        = alloc->in(AllocateNode::KlassNode);
   Node* initial_slow_test = alloc->in(AllocateNode::InitialTest);
 
-  // With escape analysis, the entire memory state was needed to be able to
-  // eliminate the allocation.  Since the allocations cannot be eliminated,
-  // optimize it to the raw slice.
-  if (mem->is_MergeMem()) {
-    mem = mem->as_MergeMem()->memory_at(Compile::AliasIdxRaw);
-  }
-
   assert(ctrl != NULL, "must have control");
   // We need a Region and corresponding Phi's to merge the slow-path and fast-path results.
   // they will not be used if "always_slow" is set
@@ -1016,6 +1009,11 @@
   Node *slow_mem = mem;  // save the current memory state for slow path
   // generate the fast allocation code unless we know that the initial test will always go slow
   if (!always_slow) {
+    // Fast path modifies only raw memory.
+    if (mem->is_MergeMem()) {
+      mem = mem->as_MergeMem()->memory_at(Compile::AliasIdxRaw);
+    }
+
     Node* eden_top_adr;
     Node* eden_end_adr;
 
@@ -1239,8 +1237,6 @@
     }
   }
 
-  mem = result_phi_rawmem;
-
   // An allocate node has separate i_o projections for the uses on the control and i_o paths
   // Replace uses of the control i_o projection with result_phi_i_o (unless we are only generating a slow call)
   if (_ioproj_fallthrough == NULL) {
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/6795161/Test.java	Thu Feb 05 14:43:58 2009 -0800
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 6795161
+ * @summary Escape analysis leads to data corruption
+ * @run main/othervm -server -Xcomp -XX:CompileOnly=Test -XX:+DoEscapeAnalysis Test
+ */
+
+class Test_Class_1 {
+    static String var_1;
+
+    static void badFunc(int size)
+    {
+        try {
+          for (int i = 0; i < 1; (new byte[size-i])[0] = 0, i++) {}
+        } catch (Exception e) {
+          // don't comment it out, it will lead to correct results ;)
+          //System.out.println("Got exception: " + e);
+        }
+    }
+}
+
+public class Test {
+    static String var_1_copy = Test_Class_1.var_1;
+
+    static byte var_check;
+
+    public static void main(String[] args)
+    {
+        var_check = 1;
+
+        Test_Class_1.badFunc(-1);
+
+        System.out.println("EATester.var_check = " + Test.var_check + " (expected 1)\n");
+    }
+}
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/6799693/Test.java	Thu Feb 05 14:43:58 2009 -0800
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
+ * CA 95054 USA or visit www.sun.com if you need additional information or
+ * have any questions.
+ *
+ */
+
+/*
+ * @test
+ * @bug 6799693
+ * @summary Server compiler leads to data corruption when expression throws an Exception
+ * @run main/othervm -Xcomp -XX:CompileOnly=Test Test
+ */
+
+public class Test {
+   static int var_bad = 1;
+
+   public static void main(String[] args)
+   {
+      var_bad++;
+
+      try {
+         for (int i = 0; i < 10; i++) (new byte[((byte)-1 << i)])[0]  = 0;
+      }
+      catch (Exception e) { System.out.println("Got " + e); }
+
+      System.out.println("Test.var_bad = " +  var_bad + " (expected 2)\n");
+   }
+}
+