8159244: Partially initialized string object created by C2's string concat optimization may escape
authorthartmann
Wed, 15 Jun 2016 07:58:56 +0200
changeset 39418 6b03cc6f758a
parent 39417 0022da077e1e
child 39419 cc993a4ab581
8159244: Partially initialized string object created by C2's string concat optimization may escape Summary: Emit release barrier after String creation to prevent partially initialized object from escaping. Reviewed-by: kvn
hotspot/src/share/vm/opto/stringopts.cpp
hotspot/test/compiler/stringopts/TestStringObjectInitialization.java
--- a/hotspot/src/share/vm/opto/stringopts.cpp	Tue Jun 14 18:07:41 2016 -0700
+++ b/hotspot/src/share/vm/opto/stringopts.cpp	Wed Jun 15 07:58:56 2016 +0200
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -1958,6 +1958,12 @@
     // Initialize the string
     kit.store_String_value(kit.control(), result, dst_array);
     kit.store_String_coder(kit.control(), result, coder);
+
+    // The value field is final. Emit a barrier here to ensure that the effect
+    // of the initialization is committed to memory before any code publishes
+    // a reference to the newly constructed object (see Parse::do_exits()).
+    assert(AllocateNode::Ideal_allocation(result, _gvn) != NULL, "should be newly allocated");
+    kit.insert_mem_bar(Op_MemBarRelease, result);
   } else {
     result = C->top();
   }
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/stringopts/TestStringObjectInitialization.java	Wed Jun 15 07:58:56 2016 +0200
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+
+import java.util.Arrays;
+
+/*
+ * @test
+ * @bug 8159244
+ * @requires vm.gc == "Parallel" | vm.gc == "null"
+ * @summary Verifies that no partially initialized String object escapes from
+ *          C2's String concat optimization in a highly concurrent setting.
+ *          This test triggers the bug in about 1 out of 10 runs.
+ * @compile -XDstringConcat=inline TestStringObjectInitialization.java
+ * @run main/othervm/timeout=300 -XX:+IgnoreUnrecognizedVMOptions -XX:-UseCompressedOops -XX:-CompactStrings
+ *                               -XX:-UseG1GC -XX:+UseParallelGC TestStringObjectInitialization
+ */
+public class TestStringObjectInitialization {
+
+    String myString;
+
+    public static void main(String[] args) throws Exception {
+        TestStringObjectInitialization t = new TestStringObjectInitialization();
+        // Create some threads that concurrently update 'myString'
+        for (int i = 0; i < 100; ++i) {
+            (new Thread(new Runner(t))).start();
+        }
+        Thread last = new Thread(new Runner(t));
+        last.start();
+        last.join();
+    }
+
+    private void add(String message) {
+        // String escapes to other threads here
+        myString += message;
+    }
+
+    public void run(String s, String[] sArray) {
+        // Trigger C2's string concatenation optimization
+        add(s + Arrays.toString(sArray) + " const ");
+    }
+}
+
+class Runner implements Runnable {
+    private TestStringObjectInitialization test;
+
+    public Runner(TestStringObjectInitialization t) {
+        test = t;
+    }
+
+    public void run(){
+        String[] array = {"a", "b", "c"};
+        for (int i = 0; i < 10000; ++i) {
+            test.run("a", array);
+        }
+    }
+}
+