8148752: Compiled StringBuilder code throws StringIndexOutOfBoundsException
authorthartmann
Wed, 10 Feb 2016 07:54:26 +0100
changeset 35846 f5a8b47778ef
parent 35845 30025047885d
child 35951 eb6971bc8c95
child 36057 867e857daf84
child 36058 caff909b4e1f
8148752: Compiled StringBuilder code throws StringIndexOutOfBoundsException Summary: Fixed handling of long/double MH arguments in GraphBuilder::try_method_handle_inline(). Reviewed-by: roland, shade, vlivanov, kvn, twisti
hotspot/src/share/vm/opto/callGenerator.cpp
hotspot/test/compiler/jsr292/LongReferenceCastingTest.java
--- a/hotspot/src/share/vm/opto/callGenerator.cpp	Mon Feb 08 18:52:03 2016 +0100
+++ b/hotspot/src/share/vm/opto/callGenerator.cpp	Wed Feb 10 07:54:26 2016 +0100
@@ -867,17 +867,18 @@
           }
         }
         // Cast reference arguments to its type.
-        for (int i = 0; i < signature->count(); i++) {
+        for (int i = 0, j = 0; i < signature->count(); i++) {
           ciType* t = signature->type_at(i);
           if (t->is_klass()) {
-            Node* arg = kit.argument(receiver_skip + i);
+            Node* arg = kit.argument(receiver_skip + j);
             const TypeOopPtr* arg_type = arg->bottom_type()->isa_oopptr();
             const Type*       sig_type = TypeOopPtr::make_from_klass(t->as_klass());
             if (arg_type != NULL && !arg_type->higher_equal(sig_type)) {
               Node* cast_obj = gvn.transform(new CheckCastPPNode(kit.control(), arg, sig_type));
-              kit.set_argument(receiver_skip + i, cast_obj);
+              kit.set_argument(receiver_skip + j, cast_obj);
             }
           }
+          j += t->size();  // long and double take two slots
         }
 
         // Try to get the most accurate receiver type
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/hotspot/test/compiler/jsr292/LongReferenceCastingTest.java	Wed Feb 10 07:54:26 2016 +0100
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ *
+ */
+
+import java.lang.invoke.*;
+
+/**
+ * @test
+ * @bug 8148752
+ * @summary Test correct casting of MH arguments during inlining.
+ * @run main LongReferenceCastingTest
+ */
+public class LongReferenceCastingTest {
+    static final String MY_STRING = "myString";
+    static final MethodHandle MH;
+
+    static {
+        try {
+            MethodHandles.Lookup lookup = MethodHandles.lookup();
+            MethodType mt = MethodType.methodType(String.class, long.class, Object.class, String.class);
+            MH = lookup.findVirtual(LongReferenceCastingTest.class, "myMethod", mt);
+        } catch (Exception e) {
+            throw new Error(e);
+        }
+    }
+
+    public String myMethod(long l, Object o, String s) {
+        // The long argument occupies two stack slots, causing C2 to treat it as
+        // two arguments and casting the fist one two long and the second one to Object.
+        // As a result, Object o is casted to String and the o.toString() call is
+        // inlined as String::toString(). We fail at runtime because 'o' is not a String.
+        return o.toString();
+    }
+
+    public String toString() {
+        return MY_STRING;
+    }
+
+    public static void main(String[] args) throws Exception {
+        LongReferenceCastingTest test = new LongReferenceCastingTest();
+        try {
+            for (int i = 0; i < 20_000; ++i) {
+                if (!test.invoke().equals(MY_STRING)) {
+                    throw new RuntimeException("Invalid string");
+                }
+            }
+        } catch (Throwable t) {
+            throw new RuntimeException("Test failed", t);
+        }
+    }
+
+    public String invoke() throws Throwable {
+        return (String) MH.invokeExact(this, 0L, (Object)this, MY_STRING);
+    }
+}