Merge

Author: jerboaa

hotspot/src/share/vm/opto/loopnode.cpp

@@ -1220,7 +1220,7 @@ Node *LoopLimitNode::Ideal(PhaseGVN *phase, bool can_reshape) {
 
   const TypeInt* init_t  = phase->type(in(Init) )->is_int();
   const TypeInt* limit_t = phase->type(in(Limit))->is_int();
-  int stride_p;
+  jlong stride_p;
   jlong lim, ini;
   julong max;
   if (stride_con > 0) {
@@ -1229,10 +1229,10 @@ Node *LoopLimitNode::Ideal(PhaseGVN *phase, bool can_reshape) {
     ini = init_t->_lo;
     max = (julong)max_jint;
   } else {
-    stride_p = -stride_con;
+    stride_p = -(jlong)stride_con;
     lim = init_t->_hi;
     ini = limit_t->_lo;
-    max = (julong)min_jint;
+    max = (julong)(juint)min_jint; // double cast to get 0x0000000080000000, not 0xffffffff80000000
   }
   julong range = lim - ini + stride_p;
   if (range <= max) {

hotspot/src/share/vm/opto/superword.cpp

@@ -452,18 +452,63 @@ class SuperWord : public ResourceObj {
 
 //------------------------------SWPointer---------------------------
 // Information about an address for dependence checking and vector alignment
+//
+// We parse and represent pointers of the simple form:
+//
+//   pointer   = adr + offset + invar + scale * ConvI2L(iv)
+//
+// Where:
+//
+//   adr: the base address of an array (base = adr)
+//        OR
+//        some address to off-heap memory (base = TOP)
+//
+//   offset: a constant offset
+//   invar:  a runtime variable, which is invariant during the loop
+//   scale:  scaling factor
+//   iv:     loop induction variable
+//
+// But more precisely, we parse the composite-long-int form:
+//
+//   pointer   = adr + long_offset + long_invar + long_scale * ConvI2L(int_offset + inv_invar + int_scale * iv)
+//
+//   pointer   = adr + long_offset + long_invar + long_scale * ConvI2L(int_index)
+//   int_index =       int_offset  + int_invar  + int_scale  * iv
+//
+// However, for aliasing and adjacency checks (e.g. SWPointer::cmp()) we always use the simple form to make
+// decisions. Hence, we must make sure to only create a "valid" SWPointer if the optimisations based on the
+// simple form produce the same result as the compound-long-int form would. Intuitively, this depends on
+// if the int_index overflows, but the precise conditions are given in SWPointer::is_safe_to_use_as_simple_form().
+//
+//   ConvI2L(int_index) = ConvI2L(int_offset  + int_invar  + int_scale  * iv)
+//                      = Convi2L(int_offset) + ConvI2L(int_invar) + ConvI2L(int_scale) * ConvI2L(iv)
+//
+//   scale  = long_scale * ConvI2L(int_scale)
+//   offset = long_offset + long_scale * ConvI2L(int_offset)
+//   invar  = long_invar  + long_scale * ConvI2L(int_invar)
+//
+//   pointer   = adr + offset + invar + scale * ConvI2L(iv)
+//
 class SWPointer VALUE_OBJ_CLASS_SPEC {
  protected:
   MemNode*   _mem;     // My memory reference node
   SuperWord* _slp;     // SuperWord class
 
-  Node* _base;         // NULL if unsafe nonheap reference
-  Node* _adr;          // address pointer
+  // Components of the simple form:
+  Node* _base;               // Base address of an array OR NULL if some off-heap memory.
+  Node* _adr;                // Same as _base if an array pointer OR some off-heap memory pointer.
   jint  _scale;        // multiplier for iv (in bytes), 0 if no loop iv
   jint  _offset;       // constant offset (in bytes)
   Node* _invar;        // invariant offset (in bytes), NULL if none
   bool  _negate_invar; // if true then use: (0 - _invar)
 
+  // The int_index components of the compound-long-int form. Used to decide if it is safe to use the
+  // simple form rather than the compound-long-int form that was parsed.
+  bool  _has_int_index_after_convI2L;
+  int   _int_index_after_convI2L_offset;
+  Node* _int_index_after_convI2L_invar;
+  int   _int_index_after_convI2L_scale;
+
   PhaseIdealLoop* phase() { return _slp->phase(); }
   IdealLoopTree*  lpt()   { return _slp->lpt(); }
   PhiNode*        iv()    { return _slp->iv();  } // Induction var
@@ -480,6 +525,8 @@ class SWPointer VALUE_OBJ_CLASS_SPEC {
   // Match: offset is (k [+/- invariant])
   bool offset_plus_k(Node* n, bool negate = false);
 
+  bool is_safe_to_use_as_simple_form(Node* base, Node* adr) const;
+
  public:
   enum CMP {
     Less          = 1,
@@ -507,12 +554,45 @@ class SWPointer VALUE_OBJ_CLASS_SPEC {
   int   memory_size()     { return _mem->memory_size(); }
 
   // Comparable?
+  // We compute if and how two SWPointers can alias at runtime, i.e. if the two addressed regions of memory can
+  // ever overlap. There are essentially 3 relevant return states:
+  //  - NotComparable:  Synonymous to "unknown aliasing".
+  //                    We have no information about how the two SWPointers can alias. They could overlap, refer
+  //                    to another location in the same memory object, or point to a completely different object.
+  //                    -> Memory edge required. Aliasing unlikely but possible.
+  //
+  //  - Less / Greater: Synonymous to "never aliasing".
+  //                    The two SWPointers may point into the same memory object, but be non-aliasing (i.e. we
+  //                    know both address regions inside the same memory object, but these regions are non-
+  //                    overlapping), or the SWPointers point to entirely different objects.
+  //                    -> No memory edge required. Aliasing impossible.
+  //
+  //  - Equal:          Synonymous to "overlap, or point to different memory objects".
+  //                    The two SWPointers either overlap on the same memory object, or point to two different
+  //                    memory objects.
+  //                    -> Memory edge required. Aliasing likely.
+  //
+  // In a future refactoring, we can simplify to two states:
+  //  - NeverAlias:     instead of Less / Greater
+  //  - MayAlias:       instead of Equal / NotComparable
+  //
+  // Two SWPointer are "comparable" (Less / Greater / Equal), iff all of these conditions apply:
+  //   1) Both are valid, i.e. expressible in the compound-long-int or simple form.
+  //   2) The adr are identical, or both are array bases of different arrays.
+  //   3) They have identical scale.
+  //   4) They have identical invar.
+  //   5) The difference in offsets is limited: abs(offset0 - offset1) < 2^31.
   int cmp(SWPointer& q) {
     if (valid() && q.valid() &&
         (_adr == q._adr || _base == _adr && q._base == q._adr) &&
         _scale == q._scale   &&
         _invar == q._invar   &&
         _negate_invar == q._negate_invar) {
+      jlong difference = abs(java_subtract((jlong)_offset, (jlong)q._offset));
+      jlong max_diff = (jlong)1 << 31;
+      if (difference >= max_diff) {
+        return NotComparable;
+      }
       bool overlap = q._offset <   _offset +   memory_size() &&
                        _offset < q._offset + q.memory_size();
       return overlap ? Equal : (_offset < q._offset ? Less : Greater);
@@ -529,6 +609,13 @@ class SWPointer VALUE_OBJ_CLASS_SPEC {
   static bool comparable(int cmp) { return cmp < NotComparable; }
 
   void print();
+
+  static bool try_AddI_no_overflow(jint offset1, jint offset2, jint& result);
+  static bool try_SubI_no_overflow(jint offset1, jint offset2, jint& result);
+  static bool try_AddSubI_no_overflow(jint offset1, jint offset2, bool is_sub, jint& result);
+  static bool try_LShiftI_no_overflow(jint offset1, int offset2, jint& result);
+  static bool try_MulI_no_overflow(jint offset1, jint offset2, jint& result);
+
 };
 
 #endif // SHARE_VM_OPTO_SUPERWORD_HPP

hotspot/src/share/vm/opto/superword.hpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2021, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -241,6 +241,10 @@ static Object decodeObject(Attributes attrs)
                 ClassLoader cl = helper.getURLClassLoader(codebases);
                 return deserializeObject((byte[])attr.get(), cl);
             } else if ((attr = attrs.get(JAVA_ATTRIBUTES[REMOTE_LOC])) != null) {
+                 // javaRemoteLocation attribute (RMI stub will be created)
+                 if (!VersionHelper12.isSerialDataAllowed()) {
+                     throw new NamingException("Object deserialization is not allowed");
+                 }
                 // For backward compatibility only
                 return decodeRmiObject(
                     (String)attrs.get(JAVA_ATTRIBUTES[CLASSNAME]).get(),

jdk/src/share/classes/com/sun/jndi/ldap/Obj.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1999, 2020, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1999, 2022, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -40,13 +40,13 @@ final class VersionHelper12 extends VersionHelper {
         "com.sun.jndi.ldap.object.trustURLCodebase";
 
     // System property to control whether classes are allowed to be loaded from
-    // 'javaSerializedData' attribute
+    // 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' attributes.
     private static final String TRUST_SERIAL_DATA_PROPERTY =
         "com.sun.jndi.ldap.object.trustSerialData";
 
     /**
-     * Determines whether objects may be deserialized from the content of
-     * 'javaSerializedData' attribute.
+     * Determines whether objects may be deserialized or reconstructed from a content of
+     * 'javaSerializedData', 'javaRemoteLocation' or 'javaReferenceAddress' LDAP attributes.
      */
     private static final boolean trustSerialData;
 
@@ -56,7 +56,7 @@ final class VersionHelper12 extends VersionHelper {
     static {
         String trust = getPrivilegedProperty(TRUST_URL_CODEBASE_PROPERTY, "false");
         trustURLCodebase = "true".equalsIgnoreCase(trust);
-        String trustSDString = getPrivilegedProperty(TRUST_SERIAL_DATA_PROPERTY, "true");
+        String trustSDString = getPrivilegedProperty(TRUST_SERIAL_DATA_PROPERTY, "false");
         trustSerialData = "true".equalsIgnoreCase(trustSDString);
     }
 
@@ -72,8 +72,9 @@ private static String getPrivilegedProperty(String propertyName, String defaultV
     VersionHelper12() {} // Disallow external from creating one of these.
 
     /**
-     * Returns true if deserialization of objects from 'javaSerializedData'
-     * and 'javaReferenceAddress' LDAP attributes is allowed.
+     * Returns true if deserialization or reconstruction of objects from
+     * 'javaSerializedData', 'javaRemoteLocation' and 'javaReferenceAddress'
+     * LDAP attributes is allowed.
      *
      * @return true if deserialization is allowed; false - otherwise
      */

jdk/src/share/classes/com/sun/jndi/ldap/VersionHelper12.java

@@ -41,7 +41,6 @@
 import sun.security.krb5.*;
 import sun.security.jgss.krb5.Krb5Util;
 import sun.security.krb5.Credentials;
-import sun.misc.HexDumpEncoder;
 
 /**
  * <p> This <code>LoginModule</code> authenticates users using
@@ -786,15 +785,11 @@ private void attemptAuthentication(boolean getPasswdFromSharedState)
 
                 if (debug) {
                     System.out.println("principal is " + principal);
-                    HexDumpEncoder hd = new HexDumpEncoder();
                     if (ktab != null) {
                         System.out.println("Will use keytab");
                     } else if (storeKey) {
                         for (int i = 0; i < encKeys.length; i++) {
-                            System.out.println("EncryptionKey: keyType=" +
-                                encKeys[i].getEType() +
-                                " keyBytes (hex dump)=" +
-                                hd.encodeBuffer(encKeys[i].getBytes()));
+                            System.out.println(encKeys[i].toString());
                         }
                     }
                 }
@@ -895,7 +890,7 @@ private void promptForPass(boolean getPasswdFromSharedState)
             }
             if (debug) {
                 System.out.println
-                    ("password is " + new String(password));
+                    ("Get password from shared state");
             }
             return;
         }

jdk/src/share/classes/com/sun/security/auth/module/Krb5LoginModule.java

@@ -220,6 +220,14 @@ <H2>Misc HTTP properties</H2>
 	      property is defined, then its value will be used a the domain
 	      name.</P>
 	</OL>
+	<LI><P><B>{@systemProperty jdk.http.maxHeaderSize}</B> (default: 393216 or 384kB)<BR>
+	This is the maximum header field section size that a client is prepared to accept.
+	This is computed as the sum of the size of the uncompressed header name, plus
+	the size of the uncompressed header value, plus an overhead of 32 bytes for
+	each field section line. If a peer sends a field section that exceeds this
+	size a {@link java.net.ProtocolException ProtocolException} will be raised.
+	This applies to all versions of the HTTP protocol. A value of zero or a negative
+	value means no limit. If left unspecified, the default value is 393216 bytes.
 </UL>
 <P>All these properties are checked only once at startup.</P>
 <a name="AddressCache"></a>

jdk/src/share/classes/java/net/doc-files/net-properties.html

@@ -41,6 +41,7 @@
 import java.io.InvalidObjectException;
 import java.io.IOException;
 import java.io.ObjectInputStream;
+import java.io.ObjectStreamException;
 import java.text.DecimalFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -960,6 +961,8 @@ public Object[] parse(String source, ParsePosition pos) {
                 maximumArgumentNumber = argumentNumbers[i];
             }
         }
+
+        // Constructors/applyPattern ensure that resultArray.length < MAX_ARGUMENT_INDEX
         Object[] resultArray = new Object[maximumArgumentNumber + 1];
 
         int patternOffset = 0;
@@ -1210,6 +1213,9 @@ protected Object readResolve() throws InvalidObjectException {
      * @serial
      */
     private int[] argumentNumbers = new int[INITIAL_FORMATS];
+    // Implementation limit for ArgumentIndex pattern element. Valid indices must
+    // be less than this value
+    private static final int MAX_ARGUMENT_INDEX = 10000;
 
     /**
      * One less than the number of entries in <code>offsets</code>.  Can also be thought of
@@ -1434,6 +1440,11 @@ private void makeFormat(int position, int offsetNumber,
                                                + argumentNumber);
         }
 
+        if (argumentNumber >= MAX_ARGUMENT_INDEX) {
+            throw new IllegalArgumentException(
+                    argumentNumber + " exceeds the ArgumentIndex implementation limit");
+        }
+
         // resize format information arrays if necessary
         if (offsetNumber >= formats.length) {
             int newLength = formats.length * 2;
@@ -1580,24 +1591,52 @@ private static final void copyAndFixQuotes(String source, int start, int end,
      * @throws InvalidObjectException if the objects read from the stream is invalid.
      */
     private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
-        in.defaultReadObject();
-        boolean isValid = maxOffset >= -1
-                && formats.length > maxOffset
-                && offsets.length > maxOffset
-                && argumentNumbers.length > maxOffset;
+        ObjectInputStream.GetField fields = in.readFields();
+        if (fields.defaulted("argumentNumbers") || fields.defaulted("offsets")
+                || fields.defaulted("formats") || fields.defaulted("locale")
+                || fields.defaulted("pattern") || fields.defaulted("maxOffset")){
+            throw new InvalidObjectException("Stream has missing data");
+        }
+
+        locale = (Locale) fields.get("locale", null);
+        String patt = (String) fields.get("pattern", null);
+        int maxOff = fields.get("maxOffset", -2);
+        int[] argNums = ((int[]) fields.get("argumentNumbers", null)).clone();
+        int[] offs = ((int[]) fields.get("offsets", null)).clone();
+        Format[] fmts = ((Format[]) fields.get("formats", null)).clone();
+
+        // Check arrays/maxOffset have correct value/length
+        boolean isValid = maxOff >= -1 && argNums.length > maxOff
+                && offs.length > maxOff && fmts.length > maxOff;
+
+        // Check the correctness of arguments and offsets
         if (isValid) {
-            int lastOffset = pattern.length() + 1;
-            for (int i = maxOffset; i >= 0; --i) {
-                if ((offsets[i] < 0) || (offsets[i] > lastOffset)) {
+            int lastOffset = patt.length() + 1;
+            for (int i = maxOff; i >= 0; --i) {
+                if (argNums[i] < 0 || argNums[i] >= MAX_ARGUMENT_INDEX
+                        || offs[i] < 0 || offs[i] > lastOffset) {
                     isValid = false;
                     break;
                 } else {
-                    lastOffset = offsets[i];
+                    lastOffset = offs[i];
                 }
             }
         }
+
         if (!isValid) {
-            throw new InvalidObjectException("Could not reconstruct MessageFormat from corrupt stream.");
+            throw new InvalidObjectException("Stream has invalid data");
         }
+        maxOffset = maxOff;
+        pattern = patt;
+        offsets = offs;
+        formats = fmts;
+        argumentNumbers = argNums;
+    }
+
+    /**
+     * Serialization without data not supported for this class.
+     */
+    private void readObjectNoData() throws ObjectStreamException {
+        throw new InvalidObjectException("Deserialized MessageFormat objects need data");
     }
 }

jdk/src/share/classes/java/text/MessageFormat.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -233,9 +233,9 @@ public String toString() {
         if (destroyed) {
             return "Destroyed Principal";
         }
-        return "Kerberos Principal " + principal.toString() +
-                "Key Version " + versionNum +
-                "key "  + key.toString();
+        return "KerberosKey: principal " + principal +
+                ", version " + versionNum +
+                ", key "  + key.toString();
     }
 
     /**