8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510

[MBaesken]

When building with ubsan, we see a number of overflows at this code location :

/jdk/src/hotspot/share/utilities/copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510
#0 0x10b70896d in Copy::conjoint_words_to_higher(HeapWordImpl* const*, HeapWordImpl**, unsigned long) copy.hpp:218
#1 0x10c4f78f1 in Node_Array::insert(unsigned int, Node*) node.cpp:2783
#2 0x10b8a1386 in Block::insert_node(Node*, unsigned int) block.hpp:134
#3 0x10c556630 in PhaseOutput::fill_buffer(C2_MacroAssembler*, unsigned int*) output.cpp:1792
#4 0x10c552f6b in PhaseOutput::Output() output.cpp:367
#5 0x10b9ba859 in Compile::Code_Gen() compile.cpp:3035
#6 0x10b9b7cb1 in Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*) compile.cpp:896
#7 0x10b859912 in C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*) c2compiler.cpp:142
#8 0x10b9dd4f1 in CompileBroker::invoke_compiler_on_method(CompileTask*) compileBroker.cpp:2305
#9 0x10b9dc345 in CompileBroker::compiler_thread_loop() compileBroker.cpp:1963
#10 0x10bfd5ebf in JavaThread::thread_main_inner() javaThread.cpp:760
#11 0x10bfd5b62 in JavaThread::run() javaThread.cpp:745
#12 0x10c9310d6 in Thread::call_run() thread.cpp:221
#13 0x10c53ece4 in thread_native_entry(Thread*) os_bsd.cpp:598

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510 (Bug - P4)

Reviewers

• Vladimir Kozlov (@vnkozlov - Reviewer) ⚠️ Review applies to 1f8ea858
• Christoph Langer (@RealCLanger - Reviewer) ⚠️ Review applies to 1f8ea858

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/19541/head:pull/19541
$ git checkout pull/19541

Update a local copy of the PR:
$ git checkout pull/19541
$ git pull https://git.openjdk.org/jdk.git pull/19541/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 19541

View PR using the GUI difftool:
$ git pr show -t 19541

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/19541.diff

Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back mbaesken! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@MBaesken This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8331854: ubsan: copy.hpp:218:10: runtime error: addition of unsigned offset to 0x7fc2b4024518 overflowed to 0x7fc2b4024510

Reviewed-by: kvn, clanger

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 17 new commits pushed to the master branch:

• 3944e67: 8312132: Add tracking of multiple address spaces in NMT
• d0052c0: 8333326: Linux Alpine build fails after 8302744
• 4369856: 8333130: MakeJAR2.sh uses hard-coded JDK version
• 1f09467: 8327368: javac crash when computing exhaustiveness checks
• 7dbd033: 8332499: Gtest codestrings.validate_vm fail on linux x64 when hsdis is present
• 9db7c95: 8332750: Broken link in CatalogFeatures.html
• d826127: 8333462: Performance regression of new DecimalFormat() when compare to jdk11
• 67b9a08: 8333586: Improve syntax of @see tags in javax.lang.model
• 244f6ac: 8307824: Clean up Finalizable.java and finalize terminology in vmTestbase/nsk/share
• a706e35: 8332039: Cannot invoke "com.sun.source.util.DocTreePath.getTreePath()" because "path" is null
• ... and 7 more: https://git.openjdk.org/jdk/compare/8d3de45f4dfd60dc4e2f210cb0c085fcf6efb8e2...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[openjdk]

@MBaesken The following label will be automatically applied to this pull request:

• hotspot

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (70d09108)
• 00: Full (1f8ea858)

[vnkozlov]

Good. I read through comments in bug report and this fix makes sense.

[albertnetymk]

I wonder if using for-loop works here. (Since #iterations is known, for-loop seems more natural.)

  for (size_t i = 0; i < count; ++i) {
    to[count - 1 - i] = from[count - 1 - i];
  }

[dean-long]

@albertnetymk, that rewrite seems fine, but at least to me it's less obvious what it does, and I wonder if the C++ compiler generates equivalent code.

If we are going to change the loop, here's another alternative:

    from += count;
    to   += count;
    while (count-- > 0) {
      *--to = *--from;
}

[stefank]

FWIW, I was also thinking that this could be written in another way, but I held of because didn't want to derail yet another ubsan review. :)

The reasons why I would have preferred if this were written another way are:

1. The inserted bail-out is placed just before the assert block. This makes the function have a different structure compared to the other functions that palace the invariant checks first. I prefer to keep code consistent.

2. I'm really not a fan of if statements with returns to the right. It makes it much harder to see the return, IMHO. It's as if we want to hide the return instead of showing it prominently.

Now that people have been given alternatives, I can say that I first considered @dean-long's version. It has a drawback that the from and to names are slightly off given that they point to one beyond the current from and to elements. (With that said, this function already uses count as both the count and a loop variable, so I'm not sure that would be worse).

@albertnetymk's version is interesting, but I agree with Dean that it is less obvious. I wonder if this could be written something like this:

while (count-- > 0) {
  to[count] = from[count]
}

[MBaesken]

The inserted bail-out is placed just before the assert block. This makes the function have a different structure compared to the other functions that palace the invariant checks first. I prefer to keep code consistent.

Moved the check after the asserts.
A loop improvement can be done in a separate PR (maybe another loop is more or less efficient, might need more testing) .

[albertnetymk]

A loop improvement can be done in a separate PR

Given there is no consensus on how the new loop should look, it makes sense to defer that.

I also think not placing return on its own line complicates the code unnecessarily. Ofc, this is super subjective.

[MBaesken]

/integrate

[openjdk]

Going to push as commit 2c1b311.
Since your change was applied there have been 20 commits pushed to the master branch:

• 765ad0e: 8331947: Preview creates checkbox for JEP-less preview feature
• 8e903ee: 8331896: JFR: Improve check for JDK classes
• 3cbdf8d: 8333554: Parallel: Remove unused PSParallelCompact::is_in
• 3944e67: 8312132: Add tracking of multiple address spaces in NMT
• d0052c0: 8333326: Linux Alpine build fails after 8302744
• 4369856: 8333130: MakeJAR2.sh uses hard-coded JDK version
• 1f09467: 8327368: javac crash when computing exhaustiveness checks
• 7dbd033: 8332499: Gtest codestrings.validate_vm fail on linux x64 when hsdis is present
• 9db7c95: 8332750: Broken link in CatalogFeatures.html
• d826127: 8333462: Performance regression of new DecimalFormat() when compare to jdk11
• ... and 10 more: https://git.openjdk.org/jdk/compare/8d3de45f4dfd60dc4e2f210cb0c085fcf6efb8e2...master

Your commit was automatically rebased without conflicts.

[openjdk]

@MBaesken Pushed as commit 2c1b311.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.