Avoid UB by left shift of negative values.

2015-09-12 16:56:47 +00:00 · 2015-09-12 16:56:47 +00:00 · 79c51de91f
commit 79c51de91f
parent 815a232339
6 changed files with 80 additions and 2 deletions
--- a/lang/openjdk7/distinfo
+++ b/lang/openjdk7/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.84 2015/06/09 15:03:43 tnn Exp $
+$NetBSD: distinfo,v 1.85 2015/09/12 16:56:47 joerg Exp $

 SHA1 (openjdk7/apache-ant-1.9.4-bin.tar.bz2) = 99bff3c702dd79076f4e705e3541f7e35bbb4306
 RMD160 (openjdk7/apache-ant-1.9.4-bin.tar.bz2) = 7f4263d617bbf40a15eab401369d18a755f8d260
@ -97,6 +97,8 @@ SHA1 (patch-hotspot_src_os_solaris_dtrace_jhelper.d) = 43ae9934ce7cf477f7968bcf9
 SHA1 (patch-hotspot_src_os_solaris_vm_decoder__solaris.cpp) = 3be8a96525ead1df18a40b18dccfad4ef2765d47
 SHA1 (patch-hotspot_src_os_solaris_vm_os__solaris.cpp) = ea09ffd080fcf4c12b0b69cb622ee3945000cb68
 SHA1 (patch-hotspot_src_os_solaris_vm_perfMemory__solaris.cpp) = 1bc67dd849eec122162b71f21d204e5489555738
+SHA1 (patch-hotspot_src_share_vm_oops_klass.hpp) = 8f25f2df28e4d644cd0408cc6c198d6e9d8b9155
+SHA1 (patch-hotspot_src_share_vm_opto_library__call.cpp) = 86ba7f86ba769a444484f3c586e8b039079d2456
 SHA1 (patch-hotspot_src_share_vm_opto_node.cpp) = 869d8ec9dc6dae6e0b8a23fe44f2583747059553
 SHA1 (patch-hotspot_src_share_vm_runtime_os.cpp) = c7a33e791e3b5fec5cca9a5343c6d1f685e0cd4b
 SHA1 (patch-hotspot_src_share_vm_utilities_globalDefinitions__gcc.hpp) = 1935e8225e08870fd912737de6dee3d599d260ab
--- a/lang/openjdk7/patches/patch-hotspot_src_share_vm_oops_klass.hpp
+++ b/lang/openjdk7/patches/patch-hotspot_src_share_vm_oops_klass.hpp
@ -0,0 +1,20 @@
+$NetBSD: patch-hotspot_src_share_vm_oops_klass.hpp,v 1.1 2015/09/12 16:56:48 joerg Exp $
+
+Left shift of negative values is UB.
+
+--- hotspot/src/share/vm/oops/klass.hpp.orig	2015-06-09 13:46:56.000000000 +0000
+++ hotspot/src/share/vm/oops/klass.hpp
+@@ -419,11 +419,11 @@ class Klass : public Klass_vtbl {
+   }
+   static bool layout_helper_is_typeArray(jint lh) {
+     // _lh_array_tag_type_value == (lh >> _lh_array_tag_shift);
+-    return (juint)lh >= (juint)(_lh_array_tag_type_value << _lh_array_tag_shift);
+    return (juint)lh >= ((juint)_lh_array_tag_type_value << _lh_array_tag_shift);
+   }
+   static bool layout_helper_is_objArray(jint lh) {
+     // _lh_array_tag_obj_value == (lh >> _lh_array_tag_shift);
+-    return (jint)lh < (jint)(_lh_array_tag_type_value << _lh_array_tag_shift);
+    return (jint)lh < (jint)((juint)_lh_array_tag_type_value << _lh_array_tag_shift);
+   }
+   static int layout_helper_header_size(jint lh) {
+     assert(lh < (jint)_lh_neutral_value, "must be array");
--- a/lang/openjdk7/patches/patch-hotspot_src_share_vm_opto_library__call.cpp
+++ b/lang/openjdk7/patches/patch-hotspot_src_share_vm_opto_library__call.cpp
@ -0,0 +1,17 @@
+$NetBSD: patch-hotspot_src_share_vm_opto_library__call.cpp,v 1.1 2015/09/12 16:56:48 joerg Exp $
+
+Left shift of negative values is UB.
+
+--- hotspot/src/share/vm/opto/library_call.cpp.orig	2015-06-09 13:47:01.000000000 +0000
+++ hotspot/src/share/vm/opto/library_call.cpp
+@@ -3454,8 +3454,8 @@ Node* LibraryCallKit::generate_array_gua
+   }
+   // Now test the correct condition.
+   jint  nval = (obj_array
+-                ? ((jint)Klass::_lh_array_tag_type_value
+-                   <<    Klass::_lh_array_tag_shift)
+                ? (jint)((juint)Klass::_lh_array_tag_type_value
+                         <<    Klass::_lh_array_tag_shift)
+                 : Klass::_lh_neutral_value);
+   Node* cmp = _gvn.transform( new(C) CmpINode(layout_val, intcon(nval)) );
+   BoolTest::mask btest = BoolTest::lt;  // correct for testing is_[obj]array
--- a/lang/openjdk8/distinfo
+++ b/lang/openjdk8/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.25 2015/08/27 19:03:59 joerg Exp $
+$NetBSD: distinfo,v 1.26 2015/09/12 16:56:48 joerg Exp $

 SHA1 (openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz) = 7408f52d3bbe35c2b14bbd3215cbf60f1335d334
 RMD160 (openjdk7/bootstrap-jdk-1.7.76-freebsd-10-amd64-20150301.tar.xz) = 24f1577b5fc86d137f070aedb4610c8c89e45815
@ -83,6 +83,8 @@ SHA1 (patch-hotspot_src_os_solaris_vm_os__solaris.cpp) = c8840633681c01d4a911e32
 SHA1 (patch-hotspot_src_os_solaris_vm_perfMemory__solaris.cpp) = 589bf0707023b9f799caf2cafe5aeba89af46b05
 SHA1 (patch-hotspot_src_share_vm_ci_ciTypeFlow.cpp) = 2d827ade6fcf0ba08fcd0390472cda17772bc0c5
 SHA1 (patch-hotspot_src_share_vm_interpreter_interpreterRuntime.cpp) = d2eaaae414810ab460ced512fdfc07385d60f4b8
+SHA1 (patch-hotspot_src_share_vm_oops_klass.hpp) = 2a728aa8fb04976195ebf58549a544b97e56b329
+SHA1 (patch-hotspot_src_share_vm_opto_library__call.cpp) = 4654248e3fdf9a1be8ef5563e50b12dcd59aa1aa
 SHA1 (patch-hotspot_src_share_vm_opto_node.cpp) = aacb4e03f62f1a6f9b38de39a966c318b70b1293
 SHA1 (patch-hotspot_src_share_vm_runtime_arguments.cpp) = 80265396c62de95b0937d770c1dba0e8a53daa80
 SHA1 (patch-hotspot_src_share_vm_utilities_globalDefinitions__gcc.hpp) = f35b8c1a1841f1239aa25d58d0b8749bb7b29ad2
--- a/lang/openjdk8/patches/patch-hotspot_src_share_vm_oops_klass.hpp
+++ b/lang/openjdk8/patches/patch-hotspot_src_share_vm_oops_klass.hpp
@ -0,0 +1,20 @@
+$NetBSD: patch-hotspot_src_share_vm_oops_klass.hpp,v 1.1 2015/09/12 16:56:48 joerg Exp $
+
+Left shift of negative values is UB.
+
+--- hotspot/src/share/vm/oops/klass.hpp.orig	2015-09-03 15:25:36.000000000 +0000
+++ hotspot/src/share/vm/oops/klass.hpp
+@@ -352,11 +352,11 @@ protected:
+   }
+   static bool layout_helper_is_typeArray(jint lh) {
+     // _lh_array_tag_type_value == (lh >> _lh_array_tag_shift);
+-    return (juint)lh >= (juint)(_lh_array_tag_type_value << _lh_array_tag_shift);
+    return (juint)lh >= ((juint)_lh_array_tag_type_value << _lh_array_tag_shift);
+   }
+   static bool layout_helper_is_objArray(jint lh) {
+     // _lh_array_tag_obj_value == (lh >> _lh_array_tag_shift);
+-    return (jint)lh < (jint)(_lh_array_tag_type_value << _lh_array_tag_shift);
+    return (jint)lh < (jint)((juint)_lh_array_tag_type_value << _lh_array_tag_shift);
+   }
+   static int layout_helper_header_size(jint lh) {
+     assert(lh < (jint)_lh_neutral_value, "must be array");
--- a/lang/openjdk8/patches/patch-hotspot_src_share_vm_opto_library__call.cpp
+++ b/lang/openjdk8/patches/patch-hotspot_src_share_vm_opto_library__call.cpp
@ -0,0 +1,17 @@
+$NetBSD: patch-hotspot_src_share_vm_opto_library__call.cpp,v 1.1 2015/09/12 16:56:48 joerg Exp $
+
+Left shift of negative values is UB.
+
+--- hotspot/src/share/vm/opto/library_call.cpp.orig	2015-09-03 15:27:49.000000000 +0000
+++ hotspot/src/share/vm/opto/library_call.cpp
+@@ -3750,8 +3750,8 @@ Node* LibraryCallKit::generate_array_gua
+   }
+   // Now test the correct condition.
+   jint  nval = (obj_array
+-                ? ((jint)Klass::_lh_array_tag_type_value
+-                   <<    Klass::_lh_array_tag_shift)
+                ? (jint)((juint)Klass::_lh_array_tag_type_value
+                         <<    Klass::_lh_array_tag_shift)
+                 : Klass::_lh_neutral_value);
+   Node* cmp = _gvn.transform(new(C) CmpINode(layout_val, intcon(nval)));
+   BoolTest::mask btest = BoolTest::lt;  // correct for testing is_[obj]array