Add tracking of sun.misc.Unsafe#allocateInstance and jdk.internal.misc.Unsafe#allocateInstance to DynamicAccessDetectionPhase

Author: jormundur00

compiler/src/jdk.graal.compiler/src/jdk/graal/compiler/hotspot/meta/HotSpotGraphBuilderPlugins.java

@@ -587,9 +587,9 @@ public boolean apply(GraphBuilderContext b, ResolvedJavaMethod targetMethod, Rec
                 b.add(new KlassFullyInitializedCheckNode(clazzLegal));
 
                 if (b.currentBlockCatchesOOME()) {
-                    b.addPush(JavaKind.Object, new DynamicNewInstanceWithExceptionNode(clazzLegal, true));
+                    b.addPush(JavaKind.Object, new DynamicNewInstanceWithExceptionNode(clazzLegal, true, true));
                 } else {
-                    b.addPush(JavaKind.Object, new DynamicNewInstanceNode(clazzLegal, true));
+                    b.addPush(JavaKind.Object, new DynamicNewInstanceNode(clazzLegal, true, true));
                 }
                 return true;
             }

compiler/src/jdk.graal.compiler/src/jdk/graal/compiler/nodes/java/DynamicNewInstanceNode.java

@@ -45,17 +45,27 @@ public final class DynamicNewInstanceNode extends AbstractNewObjectNode implemen
     public static final NodeClass<DynamicNewInstanceNode> TYPE = NodeClass.create(DynamicNewInstanceNode.class);
 
     @Input ValueNode clazz;
+    private final boolean originUnsafeAllocateInstance;
 
     public DynamicNewInstanceNode(ValueNode clazz, boolean fillContents) {
+        this(clazz, fillContents, false);
+    }
+
+    public DynamicNewInstanceNode(ValueNode clazz, boolean fillContents, boolean originUnsafeAllocateInstance) {
         super(TYPE, StampFactory.objectNonNull(), fillContents, null);
         this.clazz = clazz;
+        this.originUnsafeAllocateInstance = originUnsafeAllocateInstance;
         assert ((ObjectStamp) clazz.stamp(NodeView.DEFAULT)).nonNull();
     }
 
     public ValueNode getInstanceType() {
         return clazz;
     }
 
+    public boolean isOriginUnsafeAllocateInstance() {
+        return originUnsafeAllocateInstance;
+    }
+
     static ResolvedJavaType tryConvertToNonDynamic(ValueNode clazz, CoreProviders tool) {
         if (clazz.isConstant()) {
             ResolvedJavaType type = tool.getConstantReflection().asJavaType(clazz.asConstant());

compiler/src/jdk.graal.compiler/src/jdk/graal/compiler/nodes/java/DynamicNewInstanceWithExceptionNode.java

@@ -44,17 +44,27 @@ public class DynamicNewInstanceWithExceptionNode extends AllocateWithExceptionNo
 
     @Input ValueNode clazz;
     protected boolean fillContents;
+    private final boolean originUnsafeAllocateInstance;
 
     public DynamicNewInstanceWithExceptionNode(ValueNode clazz, boolean fillContents) {
+        this(clazz, fillContents, false);
+    }
+
+    public DynamicNewInstanceWithExceptionNode(ValueNode clazz, boolean fillContents, boolean originUnsafeAllocateInstance) {
         super(TYPE, StampFactory.objectNonNull());
         this.fillContents = fillContents;
         this.clazz = clazz;
+        this.originUnsafeAllocateInstance = originUnsafeAllocateInstance;
     }
 
     public ValueNode getInstanceType() {
         return clazz;
     }
 
+    public boolean isOriginUnsafeAllocateInstance() {
+        return originUnsafeAllocateInstance;
+    }
+
     @Override
     public Node canonical(CanonicalizerTool tool) {
         ResolvedJavaType type = tryConvertToNonDynamic(clazz, tool);
@@ -67,7 +77,7 @@ public Node canonical(CanonicalizerTool tool) {
     @Override
     public FixedNode replaceWithNonThrowing() {
         killExceptionEdge();
-        DynamicNewInstanceNode newInstance = graph().add(new DynamicNewInstanceNode(clazz, fillContents));
+        DynamicNewInstanceNode newInstance = graph().add(new DynamicNewInstanceNode(clazz, fillContents, originUnsafeAllocateInstance));
         newInstance.setStateBefore(stateBefore);
         graph().replaceSplitWithFixed(this, newInstance, this.next());
         // copy across any original node source position

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/phases/DynamicAccessDetectionPhase.java

@@ -53,6 +53,10 @@
 import java.util.Objects;
 import java.util.Set;
 
+import com.oracle.svm.util.ReflectionUtil;
+import jdk.graal.compiler.graph.Node;
+import jdk.graal.compiler.nodes.java.DynamicNewInstanceNode;
+import jdk.graal.compiler.nodes.java.DynamicNewInstanceWithExceptionNode;
 import org.graalvm.collections.EconomicMap;
 import org.graalvm.collections.EconomicSet;
 
@@ -183,6 +187,13 @@ public record MethodInfo(DynamicAccessKind accessKind, String signature) {
                         new MethodSignature("resolveConstantDesc", MethodHandles.Lookup.class)));
         reflectionMethodSignatures.put(MethodHandleProxies.class, Set.of(
                         new MethodSignature("asInterfaceInstance", Class.class, MethodHandle.class)));
+        reflectionMethodSignatures.put(jdk.internal.misc.Unsafe.class, Set.of(
+                        new MethodSignature("allocateInstance", Class.class)));
+        if (ModuleLayer.boot().findModule("jdk.unsupported").isPresent()) {
+            Class<?> sunMiscUnsafeClass = ReflectionUtil.lookupClass("sun.misc.Unsafe");
+            reflectionMethodSignatures.put(sunMiscUnsafeClass, Set.of(
+                            new MethodSignature("allocateInstance", Class.class)));
+        }
 
         reflectionMethodSignatures.put(ObjectOutputStream.class, Set.of(
                         new MethodSignature("writeObject", Object.class),
@@ -210,6 +221,7 @@ public record MethodInfo(DynamicAccessKind accessKind, String signature) {
                         new MethodSignature("getResourceAsStream", String.class)));
         resourceMethodSignatures.put(Class.class, Set.of(
                         new MethodSignature("getResource", String.class),
+
                         new MethodSignature("getResourceAsStream", String.class)));
 
         foreignMethodSignatures.put(Linker.class, Set.of(
@@ -224,18 +236,45 @@ public DynamicAccessDetectionPhase() {
 
     @Override
     protected void run(StructuredGraph graph, CoreProviders context) {
-        List<MethodCallTargetNode> callTargetNodes = graph.getNodes(MethodCallTargetNode.TYPE).snapshot();
-        for (MethodCallTargetNode callTarget : callTargetNodes) {
-            AnalysisType callerClass = (AnalysisType) graph.method().getDeclaringClass();
-            String sourceEntry = getSourceEntry(callerClass);
-            MethodInfo methodInfo = getMethodInfo(callTarget.targetMethod());
-
-            if (methodInfo != null && sourceEntry != null) {
-                NodeSourcePosition nspToShow = callTarget.getNodeSourcePosition();
-                if (nspToShow != null && !dynamicAccessDetectionFeature.containsFoldEntry(nspToShow.getBCI(), nspToShow.getMethod())) {
-                    String callLocation = nspToShow.getMethod().asStackTraceElement(nspToShow.getBCI()).toString();
-                    dynamicAccessDetectionFeature.addCall(sourceEntry, methodInfo.accessKind(), methodInfo.signature(), callLocation);
-                }
+        AnalysisType callerClass = (AnalysisType) graph.method().getDeclaringClass();
+        String sourceEntry = getSourceEntry(callerClass);
+        if (sourceEntry == null) {
+            return;
+        }
+
+        for (Node node : graph.getNodes()) {
+            ResolvedJavaMethod targetMethod = null;
+            NodeSourcePosition invokeLocation = null;
+            if (node instanceof MethodCallTargetNode callTarget) {
+                targetMethod = callTarget.targetMethod();
+                invokeLocation = callTarget.getNodeSourcePosition();
+            } else if (node instanceof DynamicNewInstanceNode unsafeNode && unsafeNode.getNodeSourcePosition() != null && unsafeNode.isOriginUnsafeAllocateInstance()) {
+                /*
+                 * Match only DynamicNewInstanceNode intrinsified from Unsafe#allocateInstance. The
+                 * NodeSourcePosition of the node preserves both the intrinsified method
+                 * (getMethod()) and its original caller (getCaller()).
+                 */
+                targetMethod = unsafeNode.getNodeSourcePosition().getMethod();
+                invokeLocation = unsafeNode.getNodeSourcePosition().getCaller();
+            } else if (node instanceof DynamicNewInstanceWithExceptionNode unsafeNodeEx && unsafeNodeEx.getNodeSourcePosition() != null && unsafeNodeEx.isOriginUnsafeAllocateInstance()) {
+                /*
+                 * Match only DynamicNewInstanceWithExceptionNode intrinsified from
+                 * Unsafe#allocateInstance. The NodeSourcePosition of the node preserves both the
+                 * intrinsified method (getMethod()) and its original caller (getCaller()).
+                 */
+                targetMethod = unsafeNodeEx.getNodeSourcePosition().getMethod();
+                invokeLocation = unsafeNodeEx.getNodeSourcePosition().getCaller();
+            }
+            registerDynamicAccessCall(invokeLocation, targetMethod, sourceEntry);
+        }
+    }
+
+    private void registerDynamicAccessCall(NodeSourcePosition invokeLocation, ResolvedJavaMethod targetMethod, String sourceEntry) {
+        if (invokeLocation != null && !dynamicAccessDetectionFeature.containsFoldEntry(invokeLocation.getBCI(), invokeLocation.getMethod())) {
+            MethodInfo dynamicAccessMethodInfo = lookupDynamicAccessMethod(targetMethod);
+            if (dynamicAccessMethodInfo != null) {
+                String callLocation = invokeLocation.getMethod().asStackTraceElement(invokeLocation.getBCI()).toString();
+                dynamicAccessDetectionFeature.addCall(sourceEntry, dynamicAccessMethodInfo.accessKind(), dynamicAccessMethodInfo.signature(), callLocation);
             }
         }
     }
@@ -245,33 +284,31 @@ protected void run(StructuredGraph graph, CoreProviders context) {
      * method if it exists in the predetermined set, based on its graph and MethodCallTargetNode;
      * otherwise, returns null.
      */
-    private static MethodInfo getMethodInfo(ResolvedJavaMethod method) {
+    private static MethodInfo lookupDynamicAccessMethod(ResolvedJavaMethod method) {
         Class<?> declaringClass = OriginalClassProvider.getJavaClass(method.getDeclaringClass());
-        if (!reflectionMethodSignatures.containsKey(declaringClass) &&
-                        !resourceMethodSignatures.containsKey(declaringClass) &&
-                        !foreignMethodSignatures.containsKey(declaringClass)) {
-            return null;
+
+        Set<MethodSignature> reflectionSignatures = reflectionMethodSignatures.get(declaringClass);
+        if (reflectionSignatures != null) {
+            MethodSignature methodSignature = new MethodSignature(method);
+            if (reflectionSignatures.contains(methodSignature)) {
+                return new MethodInfo(DynamicAccessKind.Reflection, getClassName(declaringClass) + "#" + methodSignature);
+            }
         }
 
-        String methodName = method.getName();
-        Signature signature = method.getSignature();
-        List<Class<?>> paramList = new ArrayList<>();
-        for (int i = 0; i < signature.getParameterCount(false); i++) {
-            JavaType type = signature.getParameterType(i, method.getDeclaringClass());
-            paramList.add(OriginalClassProvider.getJavaClass(type));
+        Set<MethodSignature> resourceSignatures = resourceMethodSignatures.get(declaringClass);
+        if (resourceSignatures != null) {
+            MethodSignature methodSignature = new MethodSignature(method);
+            if (resourceSignatures.contains(methodSignature)) {
+                return new MethodInfo(DynamicAccessKind.Resource, getClassName(declaringClass) + "#" + methodSignature);
+            }
         }
-        Class<?>[] paramTypes = paramList.toArray(new Class<?>[0]);
-        MethodSignature methodSignature = new MethodSignature(methodName, paramTypes);
-
-        if (reflectionMethodSignatures.containsKey(declaringClass) &&
-                        reflectionMethodSignatures.get(declaringClass).contains(methodSignature)) {
-            return new MethodInfo(DynamicAccessKind.Reflection, getClassName(declaringClass) + "#" + methodSignature);
-        } else if (resourceMethodSignatures.containsKey(declaringClass) &&
-                        resourceMethodSignatures.get(declaringClass).contains(methodSignature)) {
-            return new MethodInfo(DynamicAccessKind.Resource, getClassName(declaringClass) + "#" + methodSignature);
-        } else if (foreignMethodSignatures.containsKey(declaringClass) &&
-                        foreignMethodSignatures.get(declaringClass).contains(methodSignature)) {
-            return new MethodInfo(DynamicAccessKind.Foreign, getClassName(declaringClass) + "#" + methodSignature);
+
+        Set<MethodSignature> foreignSignatures = foreignMethodSignatures.get(declaringClass);
+        if (foreignSignatures != null) {
+            MethodSignature methodSignature = new MethodSignature(method);
+            if (foreignSignatures.contains(methodSignature)) {
+                return new MethodInfo(DynamicAccessKind.Foreign, getClassName(declaringClass) + "#" + methodSignature);
+            }
         }
 
         return null;
@@ -332,6 +369,17 @@ private static class MethodSignature {
             this.paramTypes = paramTypes;
         }
 
+        MethodSignature(ResolvedJavaMethod method) {
+            this.name = method.getName();
+            Signature signature = method.getSignature();
+            List<Class<?>> paramList = new ArrayList<>();
+            for (int i = 0; i < signature.getParameterCount(false); i++) {
+                JavaType type = signature.getParameterType(i, method.getDeclaringClass());
+                paramList.add(OriginalClassProvider.getJavaClass(type));
+            }
+            paramTypes = paramList.toArray(new Class<?>[0]);
+        }
+
         @Override
         public boolean equals(Object o) {
             if (this == o) {

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/snippets/SubstrateGraphBuilderPlugins.java

@@ -844,9 +844,9 @@ public boolean apply(GraphBuilderContext b, ResolvedJavaMethod targetMethod, Rec
 
                 ValidateNewInstanceClassNode clazzLegal = b.add(new ValidateNewInstanceClassNode(clazzNonNull));
                 if (b.currentBlockCatchesOOME()) {
-                    b.addPush(JavaKind.Object, new DynamicNewInstanceWithExceptionNode(clazzLegal, true));
+                    b.addPush(JavaKind.Object, new DynamicNewInstanceWithExceptionNode(clazzLegal, true, true));
                 } else {
-                    b.addPush(JavaKind.Object, new DynamicNewInstanceNode(clazzLegal, true));
+                    b.addPush(JavaKind.Object, new DynamicNewInstanceNode(clazzLegal, true, true));
                 }
                 return true;
             }