Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8211034

OnStackReplacePercentage option checking has bugs

    Details

    • Subcomponent:
    • Resolved In Build:
      b24
    • CPU:
      generic
    • OS:
      generic

      Backports

        Description

        In OnStackReplacePercentageConstraintFunc, we use

        intx CompileThreshold: [0, INT_MAX >> 3]
        intx InterpreterProfilePercentage: [0, 100]
        intx OnStackReplacePercentage: <constraint function>

        A question is whether OSRP > 100 is permitted. The current code can let that situation pass; I don't know if > 100% is meaningful for this option.

        Irrespective of that, the constraint checking code is subject to multiple overflow problems. For example, in one of the if-branches we have

          (CompileThreshold * OnStackReplacePercentage) << InvocationCounter::count_shift

        where InvocationCounter::count_shift == 3 and we have already verified OSRP >= 0.

        That calculation will be performed with intx types and produce an intx result. We then implicitly narrow (on _LP64, on !_LP64 there is no conversion) the result to int.

        Because there's been no prior upper bound check for OSRP, the initial calculation could have overflowed intx, invoking UB. And even if it didn't overflow intx, the result might not be representable as an int (on _LP64), making the conversion to int implementation defined.

        The result of that conversion to int is then checked for being negative, the intent being to check for overflow of that calculation. But that's a completely inadequate check for that condition.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  jcm Jamsheed C M
                  Reporter:
                  kbarrett Kim Barrett
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: