The class Type has a virtual function "hash()". Many of the subclasses implement this function by performing arithmetic (typically summing) values or hash codes of components.
Some of those implementations combine the components using java_add, which is safe from overflow. (Though this is arguably an abuse of that function. The description of that suite of functions suggests their purpose is to emulate Java operations, not for "general-purpose arithmetic".)
However, many others use ordinary "operator+" or "operator+=" to sum or accumulate values from components, with the values involved being signed integers. Many (all?) of these have the potential to overflow, which is UB. Probably in most or all of these such overflow won't be detected, and the compiler will normally generate code that happens to implicitly wrap. And negative hash codes seem to be okay.
However, enabling UBSAN overflow checking will catch such overflows and complain. And we want to be able to use that sanitizer to help track down real overflow bugs.
So all of these hash functions need to be examined and made overflow-safe.
A case in point: enabling gcc -fsanitize=signed-integer-overflow detects an overflow in TypeLong::hash while building the JDK.
../../src/hotspot/share/opto/type.cpp:2034:19: runtime error: signed integer overflow: 9223372036854775807 + 9223372036854775807 cannot be represented in type 'long int'
[I'm filing this as an enhancement rather than a bug, since I'm pretty sure the potential overflow won't cause any problems for normal builds.]
Some of those implementations combine the components using java_add, which is safe from overflow. (Though this is arguably an abuse of that function. The description of that suite of functions suggests their purpose is to emulate Java operations, not for "general-purpose arithmetic".)
However, many others use ordinary "operator+" or "operator+=" to sum or accumulate values from components, with the values involved being signed integers. Many (all?) of these have the potential to overflow, which is UB. Probably in most or all of these such overflow won't be detected, and the compiler will normally generate code that happens to implicitly wrap. And negative hash codes seem to be okay.
However, enabling UBSAN overflow checking will catch such overflows and complain. And we want to be able to use that sanitizer to help track down real overflow bugs.
So all of these hash functions need to be examined and made overflow-safe.
A case in point: enabling gcc -fsanitize=signed-integer-overflow detects an overflow in TypeLong::hash while building the JDK.
../../src/hotspot/share/opto/type.cpp:2034:19: runtime error: signed integer overflow: 9223372036854775807 + 9223372036854775807 cannot be represented in type 'long int'
[I'm filing this as an enhancement rather than a bug, since I'm pretty sure the potential overflow won't cause any problems for normal builds.]
- duplicates
-
JDK-8300825 UB: Signed integer overflow: 9223372036854775807 + 3 cannot be represented in type 'long'
- Closed
-
JDK-8308975 Fix signed integer overflow in compiler code, part 2
- Resolved
- relates to
-
JDK-8300935 Turn ON runtime sanitizer in clang toolkit to find issues
- Closed