Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8224539: C2 compilation fails during ArrayCopyNode optimizations with assert(i < _max) failed: oob: i=1, _max=1
authorthartmann
Thu, 23 May 2019 08:57:37 +0200
changeset 55003 bec1bb783c7e
parent 55002 da9840e2f7da
child 55004 4645b6d57f54
8224539: C2 compilation fails during ArrayCopyNode optimizations with assert(i < _max) failed: oob: i=1, _max=1 Summary: Bail out if src_offset or dst_offset is top. Reviewed-by: roland, vlivanov, kvn
src/hotspot/share/opto/arraycopynode.cpp file | annotate | diff | comparison | revisions
test/hotspot/jtreg/compiler/arraycopy/TestArrayCopyWithBadOffset.java file | annotate | diff | comparison | revisions 
--- a/src/hotspot/share/opto/arraycopynode.cpp	Thu May 23 08:09:29 2019 +0200
+++ b/src/hotspot/share/opto/arraycopynode.cpp	Thu May 23 08:57:37 2019 +0200
@@ -296,6 +296,10 @@
 
     src_offset = Compile::conv_I2X_index(phase, src_offset, ary_src->size());
     dest_offset = Compile::conv_I2X_index(phase, dest_offset, ary_dest->size());
+    if (src_offset->is_top() || dest_offset->is_top()) {
+      // Offset is out of bounds (the ArrayCopyNode will be removed)
+      return false;
+    }
 
     Node* src_scale = phase->transform(new LShiftXNode(src_offset, phase->intcon(shift)));
     Node* dest_scale = phase->transform(new LShiftXNode(dest_offset, phase->intcon(shift)));
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/hotspot/jtreg/compiler/arraycopy/TestArrayCopyWithBadOffset.java	Thu May 23 08:57:37 2019 +0200
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8224539
+ * @summary Test arraycopy optimizations with bad src/dst array offsets.
+ * @run main/othervm -Xbatch -XX:+AlwaysIncrementalInline
+ *                   compiler.arraycopy.TestArrayCopyWithBadOffset
+ */
+
+package compiler.arraycopy;
+
+public class TestArrayCopyWithBadOffset {
+
+    public static byte[] getSrc() {
+        return new byte[5];
+    }
+
+    // Test bad src offset
+    public static void test1(byte[] dst) {
+        byte[] src = getSrc();
+        try {
+            System.arraycopy(src, Integer.MAX_VALUE-1, dst, 0, src.length);
+        } catch (Exception e) {
+            // Expected
+        }
+    }
+
+    public static byte[] getDst() {
+        return new byte[5];
+    }
+
+    // Test bad dst offset
+    public static void test2(byte[] src) {
+        byte[] dst = getDst();
+        try {
+            System.arraycopy(src, 0, dst, Integer.MAX_VALUE-1, dst.length);
+        } catch (Exception e) {
+            // Expected
+        }
+    }
+
+    public static void main(String[] args) {
+        byte[] array = new byte[5];
+        for (int i = 0; i < 10_000; ++i) {
+            test1(array);
+            test2(array);
+        }
+    }
+}
jdk-sandbox