8178047: Aliasing problem with raw memory accesses
authoriveresov
Wed, 19 Apr 2017 18:02:26 -0700
changeset 44739 3af2c3740d7b
parent 44738 11431bbc9549
child 44740 8a8cfc348148
8178047: Aliasing problem with raw memory accesses Summary: Require equal bases when unaliasing offsets for raw accesses Reviewed-by: kvn
hotspot/src/share/vm/opto/memnode.cpp
hotspot/src/share/vm/opto/memnode.hpp
hotspot/test/compiler/unsafe/TestRawAliasing.java
--- a/hotspot/src/share/vm/opto/memnode.cpp	Thu Dec 01 14:21:31 2016 -0500
+++ b/hotspot/src/share/vm/opto/memnode.cpp	Wed Apr 19 18:02:26 2017 -0700
@@ -61,6 +61,15 @@
   return calculate_adr_type(adr->bottom_type(), cross_check);
 }
 
+bool MemNode::check_if_adr_maybe_raw(Node* adr) {
+  if (adr != NULL) {
+    if (adr->bottom_type()->base() == Type::RawPtr || adr->bottom_type()->base() == Type::AnyPtr) {
+      return true;
+    }
+  }
+  return false;
+}
+
 #ifndef PRODUCT
 void MemNode::dump_spec(outputStream *st) const {
   if (in(Address) == NULL)  return; // node is dead
@@ -560,6 +569,7 @@
   if (offset == Type::OffsetBot)
     return NULL;            // cannot unalias unless there are precise offsets
 
+  const bool adr_maybe_raw = check_if_adr_maybe_raw(adr);
   const TypeOopPtr *addr_t = adr->bottom_type()->isa_oopptr();
 
   intptr_t size_in_bytes = memory_size();
@@ -577,6 +587,13 @@
       Node* st_base = AddPNode::Ideal_base_and_offset(st_adr, phase, st_offset);
       if (st_base == NULL)
         break;              // inscrutable pointer
+
+      // For raw accesses it's not enough to prove that constant offsets don't intersect.
+      // We need the bases to be the equal in order for the offset check to make sense.
+      if ((adr_maybe_raw || check_if_adr_maybe_raw(st_adr)) && st_base != base) {
+        break;
+      }
+
       if (st_offset != offset && st_offset != Type::OffsetBot) {
         const int MAX_STORE = BytesPerLong;
         if (st_offset >= offset + size_in_bytes ||
--- a/hotspot/src/share/vm/opto/memnode.hpp	Thu Dec 01 14:21:31 2016 -0500
+++ b/hotspot/src/share/vm/opto/memnode.hpp	Wed Apr 19 18:02:26 2017 -0700
@@ -78,6 +78,7 @@
   }
 
   virtual Node* find_previous_arraycopy(PhaseTransform* phase, Node* ld_alloc, Node*& mem, bool can_see_stored_value) const { return NULL; }
+  static bool check_if_adr_maybe_raw(Node* adr);
 
 public:
   // Helpers for the optimizer.  Documented in memnode.cpp.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/unsafe/TestRawAliasing.java	Wed Apr 19 18:02:26 2017 -0700
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8178047
+ * @run main/othervm -XX:CompileCommand=exclude,*.main -XX:-TieredCompilation -XX:-BackgroundCompilation compiler.unsafe.TestRawAliasing
+ * @modules java.base/jdk.internal.misc:+open
+ */
+
+package compiler.unsafe;
+
+import java.lang.reflect.Field;
+
+public class TestRawAliasing {
+    static private final jdk.internal.misc.Unsafe UNSAFE;
+    static {
+        try {
+            Field f = jdk.internal.misc.Unsafe.class.getDeclaredField("theUnsafe");
+            f.setAccessible(true);
+            UNSAFE = (jdk.internal.misc.Unsafe) f.get(null);
+        } catch (Exception e) {
+            throw new RuntimeException("Unable to get Unsafe instance.", e);
+        }
+    }
+
+    static private final int OFFSET_X = 50;
+    static private final int OFFSET_Y = 100;
+
+    private static int test(long base_plus_offset_x, long base_plus_offset_y, int magic_value) {
+        // write 0 to a location
+        UNSAFE.putByte(base_plus_offset_x - OFFSET_X, (byte)0);
+        // write unfoldable value to really the same location with another base
+        UNSAFE.putByte(base_plus_offset_y - OFFSET_Y, (byte)magic_value);
+        // read the value back, should be equal to "unfoldable_value"
+        return UNSAFE.getByte(base_plus_offset_x - OFFSET_X);
+    }
+
+    private static final int OFF_HEAP_AREA_SIZE = 128;
+    private static final byte MAGIC = 123;
+
+    // main is excluded from compilation since we don't want the test method to inline and make base values fold
+    public static void main(String... args) {
+        long base = UNSAFE.allocateMemory(OFF_HEAP_AREA_SIZE);
+        for (int i = 0; i < 100_000; i++) {
+            if (test(base + OFFSET_X, base + OFFSET_Y, MAGIC) != MAGIC) {
+                throw new RuntimeException("Unexpected magic value");
+            }
+        }
+    }
+}