Merge branch 'openjdk:master' into backport-sendaoYan-7e068cc8-master

Author: sendaoYan

src/hotspot/cpu/riscv/interp_masm_riscv.cpp

@@ -1937,6 +1937,15 @@ void InterpreterMacroAssembler::load_method_entry(Register cache, Register index
 }
 
 #ifdef ASSERT
+void InterpreterMacroAssembler::verify_field_offset(Register reg) {
+  // Verify the field offset is not in the header, implicitly checks for 0
+  Label L;
+  mv(t0, oopDesc::base_offset_in_bytes());
+  bge(reg, t0, L);
+  stop("bad field offset");
+  bind(L);
+}
+
 void InterpreterMacroAssembler::verify_access_flags(Register access_flags, uint32_t flag,
                                                     const char* msg, bool stop_by_hit) {
   Label L;

src/hotspot/cpu/riscv/interp_masm_riscv.hpp

@@ -300,6 +300,8 @@ class InterpreterMacroAssembler: public MacroAssembler {
   void load_field_entry(Register cache, Register index, int bcp_offset = 1);
   void load_method_entry(Register cache, Register index, int bcp_offset = 1);
 
+  void verify_field_offset(Register reg) NOT_DEBUG_RETURN;
+
 #ifdef ASSERT
   void verify_access_flags(Register access_flags, uint32_t flag,
                            const char* msg, bool stop_by_hit = true);

src/hotspot/cpu/riscv/templateTable_riscv.cpp

@@ -133,6 +133,7 @@ Address TemplateTable::at_bcp(int offset) {
 void TemplateTable::patch_bytecode(Bytecodes::Code bc, Register bc_reg,
                                    Register temp_reg, bool load_bc_into_bc_reg /*=true*/,
                                    int byte_no) {
+  assert_different_registers(bc_reg, temp_reg);
   if (!RewriteBytecodes) { return; }
   Label L_patch_done;
 
@@ -196,7 +197,11 @@ void TemplateTable::patch_bytecode(Bytecodes::Code bc, Register bc_reg,
   __ bind(L_okay);
 #endif
 
-  // patch bytecode
+  // Patch bytecode with release store to coordinate with ResolvedFieldEntry loads
+  // in fast bytecode codelets. load_field_entry has a memory barrier that gains
+  // the needed ordering, together with control dependency on entering the fast codelet
+  // itself.
+  __ membar(MacroAssembler::LoadStore | MacroAssembler::StoreStore);
   __ sb(bc_reg, at_bcp(0));
   __ bind(L_patch_done);
 }
@@ -3017,6 +3022,7 @@ void TemplateTable::fast_storefield(TosState state) {
 
   // X11: field offset, X12: field holder, X13: flags
   load_resolved_field_entry(x12, x12, noreg, x11, x13);
+  __ verify_field_offset(x11);
 
   {
     Label notVolatile;
@@ -3104,6 +3110,8 @@ void TemplateTable::fast_accessfield(TosState state) {
   __ load_field_entry(x12, x11);
 
   __ load_sized_value(x11, Address(x12, in_bytes(ResolvedFieldEntry::field_offset_offset())), sizeof(int), true /*is_signed*/);
+  __ verify_field_offset(x11);
+
   __ load_unsigned_byte(x13, Address(x12, in_bytes(ResolvedFieldEntry::flags_offset())));
 
   // x10: object
@@ -3159,7 +3167,9 @@ void TemplateTable::fast_xaccess(TosState state) {
   __ ld(x10, aaddress(0));
   // access constant pool cache
   __ load_field_entry(x12, x13, 2);
+
   __ load_sized_value(x11, Address(x12, in_bytes(ResolvedFieldEntry::field_offset_offset())), sizeof(int), true /*is_signed*/);
+  __ verify_field_offset(x11);
 
   // make sure exception is reported in correct bcp range (getfield is
   // next instruction)

src/hotspot/cpu/x86/templateInterpreterGenerator_x86_64.cpp

@@ -465,13 +465,19 @@ address TemplateInterpreterGenerator::generate_math_entry(AbstractInterpreter::M
       __ call_VM_leaf0(CAST_FROM_FN_PTR(address, SharedRuntime::dtan));
     }
   } else if (kind == Interpreter::java_lang_math_tanh) {
-      assert(StubRoutines::dtanh() != nullptr, "not initialized");
+    if (StubRoutines::dtanh() != nullptr) {
       __ movdbl(xmm0, Address(rsp, wordSize));
       __ call(RuntimeAddress(CAST_FROM_FN_PTR(address, StubRoutines::dtanh())));
+    } else {
+      return nullptr; // Fallback to default implementation
+    }
   } else if (kind == Interpreter::java_lang_math_cbrt) {
-    assert(StubRoutines::dcbrt() != nullptr, "not initialized");
-    __ movdbl(xmm0, Address(rsp, wordSize));
-    __ call(RuntimeAddress(CAST_FROM_FN_PTR(address, StubRoutines::dcbrt())));
+    if (StubRoutines::dcbrt() != nullptr) {
+      __ movdbl(xmm0, Address(rsp, wordSize));
+      __ call(RuntimeAddress(CAST_FROM_FN_PTR(address, StubRoutines::dcbrt())));
+    } else {
+      return nullptr; // Fallback to default implementation
+    }
   } else if (kind == Interpreter::java_lang_math_abs) {
     assert(StubRoutines::x86::double_sign_mask() != nullptr, "not initialized");
     __ movdbl(xmm0, Address(rsp, wordSize));

src/hotspot/share/classfile/stackMapTable.cpp

@@ -132,8 +132,16 @@ bool StackMapTable::match_stackmap(
 }
 
 void StackMapTable::check_jump_target(
-    StackMapFrame* frame, int32_t target, TRAPS) const {
+    StackMapFrame* frame, int bci, int offset, TRAPS) const {
   ErrorContext ctx;
+  // Jump targets must be within the method and the method size is limited. See JVMS 4.11
+  int min_offset = -1 * max_method_code_size;
+  if (offset < min_offset || offset > max_method_code_size) {
+    frame->verifier()->verify_error(ErrorContext::bad_stackmap(bci, frame),
+        "Illegal target of jump or branch (bci %d + offset %d)", bci, offset);
+    return;
+  }
+  int target = bci + offset;
   bool match = match_stackmap(
     frame, target, true, false, &ctx, CHECK_VERIFY(frame->verifier()));
   if (!match || (target < 0 || target >= _code_length)) {

src/hotspot/share/classfile/stackMapTable.hpp

@@ -67,7 +67,7 @@ class StackMapTable : public StackObj {
 
   // Check jump instructions. Make sure there are no uninitialized
   // instances on backward branch.
-  void check_jump_target(StackMapFrame* frame, int32_t target, TRAPS) const;
+  void check_jump_target(StackMapFrame* frame, int bci, int offset, TRAPS) const;
 
   // The following methods are only used inside this class.
 

src/hotspot/share/classfile/verifier.cpp

@@ -781,7 +781,6 @@ void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 
     // Merge with the next instruction
     {
-      int target;
       VerificationType type, type2;
       VerificationType atype;
 
@@ -1606,9 +1605,8 @@ void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
         case Bytecodes::_ifle:
           current_frame.pop_stack(
             VerificationType::integer_type(), CHECK_VERIFY(this));
-          target = bcs.dest();
           stackmap_table.check_jump_target(
-            &current_frame, target, CHECK_VERIFY(this));
+            &current_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
           no_control_flow = false; break;
         case Bytecodes::_if_acmpeq :
         case Bytecodes::_if_acmpne :
@@ -1619,19 +1617,16 @@ void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
         case Bytecodes::_ifnonnull :
           current_frame.pop_stack(
             VerificationType::reference_check(), CHECK_VERIFY(this));
-          target = bcs.dest();
           stackmap_table.check_jump_target
-            (&current_frame, target, CHECK_VERIFY(this));
+            (&current_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
           no_control_flow = false; break;
         case Bytecodes::_goto :
-          target = bcs.dest();
           stackmap_table.check_jump_target(
-            &current_frame, target, CHECK_VERIFY(this));
+            &current_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
           no_control_flow = true; break;
         case Bytecodes::_goto_w :
-          target = bcs.dest_w();
           stackmap_table.check_jump_target(
-            &current_frame, target, CHECK_VERIFY(this));
+            &current_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
           no_control_flow = true; break;
         case Bytecodes::_tableswitch :
         case Bytecodes::_lookupswitch :
@@ -2280,15 +2275,14 @@ void ClassVerifier::verify_switch(
       }
     }
   }
-  int target = bci + default_offset;
-  stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
+  stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
   for (int i = 0; i < keys; i++) {
     // Because check_jump_target() may safepoint, the bytecode could have
     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
-    target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
+    int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
     stackmap_table->check_jump_target(
-      current_frame, target, CHECK_VERIFY(this));
+      current_frame, bci, offset, CHECK_VERIFY(this));
   }
   NOT_PRODUCT(aligned_bcp = nullptr);  // no longer valid at this point
 }
@@ -2549,7 +2543,12 @@ bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
 
       case Bytecodes::_goto:
       case Bytecodes::_goto_w: {
-        int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
+        int offset = (opcode == Bytecodes::_goto ? bcs.get_offset_s2() : bcs.get_offset_s4());
+        int min_offset = -1 * max_method_code_size;
+        // Check offset for overflow
+        if (offset < min_offset || offset > max_method_code_size) return false;
+
+        int target = bci + offset;
         if (visited_branches->contains(bci)) {
           if (bci_stack->is_empty()) {
             if (handler_stack->is_empty()) {
@@ -2607,7 +2606,10 @@ bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
 
           // Push the switch alternatives onto the stack.
           for (int i = 0; i < keys; i++) {
-            int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
+            int min_offset = -1 * max_method_code_size;
+            int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
+            if (offset < min_offset || offset > max_method_code_size) return false;
+            int target = bci + offset;
             if (target > code_length) return false;
             bci_stack->push(target);
           }

src/hotspot/share/classfile/vmIntrinsics.cpp

@@ -289,8 +289,6 @@ bool vmIntrinsics::disabled_by_jvm_flags(vmIntrinsics::ID id) {
   case vmIntrinsics::_dsin:
   case vmIntrinsics::_dcos:
   case vmIntrinsics::_dtan:
-  case vmIntrinsics::_dtanh:
-  case vmIntrinsics::_dcbrt:
   case vmIntrinsics::_dlog:
   case vmIntrinsics::_dexp:
   case vmIntrinsics::_dpow:
@@ -316,6 +314,13 @@ bool vmIntrinsics::disabled_by_jvm_flags(vmIntrinsics::ID id) {
   case vmIntrinsics::_fmaF:
     if (!InlineMathNatives || !UseFMA) return true;
     break;
+  case vmIntrinsics::_dtanh:
+  case vmIntrinsics::_dcbrt:
+    if (!InlineMathNatives || !InlineIntrinsics) return true;
+#if defined(AMD64) && (defined(COMPILER1) || defined(COMPILER2))
+    if (!UseLibmIntrinsic) return true;
+#endif
+    break;
   case vmIntrinsics::_floatToFloat16:
   case vmIntrinsics::_float16ToFloat:
     if (!InlineIntrinsics) return true;

src/hotspot/share/interpreter/bytecodeStream.hpp

@@ -100,8 +100,23 @@ class BaseBytecodeStream: StackObj {
   void            set_next_bci(int bci)          { assert(0 <= bci && bci <= method()->code_size(), "illegal bci"); _next_bci = bci; }
 
   // Bytecode-specific attributes
-  int             dest() const                   { return bci() + bytecode().get_offset_s2(raw_code()); }
-  int             dest_w() const                 { return bci() + bytecode().get_offset_s4(raw_code()); }
+  int get_offset_s2() const { return bytecode().get_offset_s2(raw_code()); }
+  int get_offset_s4() const { return bytecode().get_offset_s4(raw_code()); }
+
+  // These methods are not safe to use before or during verification as they may
+  // have large offsets and cause overflows
+  int dest() const {
+    int min_offset = -1 * max_method_code_size;
+    int offset = bytecode().get_offset_s2(raw_code());
+    guarantee(offset >= min_offset && offset <= max_method_code_size, "must be");
+    return bci() + offset;
+  }
+  int dest_w() const {
+    int min_offset = -1 * max_method_code_size;
+    int offset = bytecode().get_offset_s4(raw_code());
+    guarantee(offset >= min_offset && offset <= max_method_code_size, "must be");
+    return bci() + offset;
+  }
 
   // One-byte indices.
   u1              get_index_u1() const           { assert_raw_index_size(1); return *(jubyte*)(bcp()+1); }

src/hotspot/share/runtime/flags/jvmFlagConstraintsRuntime.cpp

@@ -147,3 +147,13 @@ JVMFlag::Error NUMAInterleaveGranularityConstraintFunc(size_t value, bool verbos
 
   return JVMFlag::SUCCESS;
 }
+
+JVMFlag::Error LargePageSizeInBytesConstraintFunc(size_t value, bool verbose) {
+  if (!is_power_of_2(value)) {
+    JVMFlag::printError(verbose, "LargePageSizeInBytes ( %zu ) must be "
+                        "a power of 2\n",
+                        value);
+    return JVMFlag::VIOLATES_CONSTRAINT;
+  }
+  return JVMFlag::SUCCESS;
+}