[9] RFR (S): 8159431: C1 arraycopy intrinsic type checks missing

Zoltán Majó zoltan.majo at oracle.com
Mon Jun 27 18:20:18 UTC 2016

Hi Vladimir,

thank you for the feedback!

On 06/25/2016 12:56 AM, Vladimir Kozlov wrote:
> Zoltan, check that klass is not j.l.Object is not enough.
> See next code in stub generators how to check for arrays (similar code 
> exists on all platforms):
> http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/file/ff0c5aa32086/src/cpu/x86/vm/stubGenerator_x86_64.cpp#l2649 

right, thank you for catching that!

Here is the updated webrev:

Testing: JPRT (testset hotspot).

Thank you!

Best regards,


> Thanks,
> Vladimir
> On 6/24/16 9:05 AM, Zoltán Majó wrote:
>> Hi,
>> please review the patch for 8159431.
>> https://bugs.openjdk.java.net/browse/JDK-8159431
>> Problem: The C1 intrinsic for
>> java.lang.System.arraycopy(Object src, int srcPos, Object dest, int 
>> destPos, int length)
>> does not verify that 'src' or 'dest' is a "proper" array. As a 
>> result, the intrinsic reads the non-existing 'length' field from 
>> java.lang.Object (i.e., the intrinsic reads past the end of the
>> java.lang.Object instance), which is incorrect.
>> Also, the intrinsic only checks if 'src' is a subclass of 'dest' 
>> before writing into 'dest' without checking the special case 
>> 'dest'==java.lang.Object. That can result in data being written to a
>> random heap location instead of the required ArrayStoreException 
>> being thrown.
>> Solution: Check the type of 'src' and 'dest' at runtime if the 
>> compiler was not able to prove at compile-time that 'src' and 'dest' 
>> are "proper" arrays.
>> Webrev:
>> http://cr.openjdk.java.net/~zmajo/8159431/webrev.00/
>> Testing: JPRT (testset hotspot).
>> I'll do an RBT run once the code is close to its final shape.
>> The problem was originally reported by Xiang Yuan from Linaro. Once 
>> the code is reviewed, I plan to push the patch with Xiang and myself 
>> as contributors.
>> The open arm port and ppc are also likely to be affected. I'll file 
>> bugs for those architectures and notify persons working on the 
>> appropriate ports.
>> Thank you!
>> Best regards,
>> Zoltan

More information about the hotspot-compiler-dev mailing list