8175340: Possible invalid memory accesses due to ciMethodData::bci_to_data() returning NULL

Summary: Check values returned by ciMethodData::bci_to_data() where necessary. Reviewed-by: kvn

8175340: Possible invalid memory accesses due to ciMethodData::bci_to_data() returning NULL
Summary: Check values returned by ciMethodData::bci_to_data() where necessary. Reviewed-by: kvn
99f74d4a · zmajo · 54ee327c · 99f74d4a · 99f74d4a · 99f74d4a
4 changed file
--- a/src/share/vm/c1/c1_GraphBuilder.cpp
+++ b/src/share/vm/c1/c1_GraphBuilder.cpp
@@ -1530,7 +1530,7 @@ void GraphBuilder::method_return(Value x) {
        ciMethod* caller = state()->scope()->method();
        ciMethodData* md = caller->method_data_or_null();
        ciProfileData* data = md->bci_to_data(invoke_bci);
-        if (data->is_CallTypeData() || data->is_VirtualCallTypeData()) {
+        if (data != NULL && (data->is_CallTypeData() || data->is_VirtualCallTypeData())) {
          bool has_return = data->is_CallTypeData() ? ((ciCallTypeData*)data)->has_return() : ((ciVirtualCallTypeData*)data)->has_return();
          // May not be true in case of an inlined call through a method handle intrinsic.
          if (has_return) {
@@ -1747,7 +1747,7 @@ Values* GraphBuilder::args_list_for_profiling(ciMethod* target, int& start, bool
  start = has_receiver ? 1 : 0;
  if (profile_arguments()) {
    ciProfileData* data = method()->method_data()->bci_to_data(bci());
-    if (data->is_CallTypeData() || data->is_VirtualCallTypeData()) {
+    if (data != NULL && (data->is_CallTypeData() || data->is_VirtualCallTypeData())) {
      n = data->is_CallTypeData() ? data->as_CallTypeData()->number_of_arguments() : data->as_VirtualCallTypeData()->number_of_arguments();
    }
  }
@@ -4465,7 +4465,7 @@ void GraphBuilder::profile_return_type(Value ret, ciMethod* callee, ciMethod* m,
  }
  ciMethodData* md = m->method_data_or_null();
  ciProfileData* data = md->bci_to_data(invoke_bci);
-  if (data->is_CallTypeData() || data->is_VirtualCallTypeData()) {
+  if (data != NULL && (data->is_CallTypeData() || data->is_VirtualCallTypeData())) {
    append(new ProfileReturnType(m , invoke_bci, callee, ret));
  }
 }

--- a/src/share/vm/c1/c1_LIRGenerator.cpp
+++ b/src/share/vm/c1/c1_LIRGenerator.cpp
@@ -3185,6 +3185,7 @@ void LIRGenerator::profile_arguments(ProfileCall* x) {
    int bci = x->bci_of_invoke();
    ciMethodData* md = x->method()->method_data_or_null();
    ciProfileData* data = md->bci_to_data(bci);
+    if (data != NULL) {
      if ((data->is_CallTypeData() && data->as_CallTypeData()->has_arguments()) ||
          (data->is_VirtualCallTypeData() && data->as_VirtualCallTypeData()->has_arguments())) {
        ByteSize extra = data->is_CallTypeData() ? CallTypeData::args_data_offset() : VirtualCallTypeData::args_data_offset();
@@ -3231,6 +3232,7 @@ void LIRGenerator::profile_arguments(ProfileCall* x) {
 #endif
      }
    }
+  }
 }

 // profile parameters on entry to an inlined method
@@ -3319,6 +3321,7 @@ void LIRGenerator::do_ProfileReturnType(ProfileReturnType* x) {
  int bci = x->bci_of_invoke();
  ciMethodData* md = x->method()->method_data_or_null();
  ciProfileData* data = md->bci_to_data(bci);
+  if (data != NULL) {
    assert(data->is_CallTypeData() || data->is_VirtualCallTypeData(), "wrong profile data type");
    ciReturnTypeEntry* ret = data->is_CallTypeData() ? ((ciCallTypeData*)data)->ret() : ((ciVirtualCallTypeData*)data)->ret();
    LIR_Opr mdp = LIR_OprFact::illegalOpr;
@@ -3338,6 +3341,7 @@ void LIRGenerator::do_ProfileReturnType(ProfileReturnType* x) {
    if (exact != NULL) {
      md->set_return_type(bci, exact);
    }
+  }
 }

 void LIRGenerator::do_ProfileInvoke(ProfileInvoke* x) {

--- a/src/share/vm/ci/ciMethodData.cpp
+++ b/src/share/vm/ci/ciMethodData.cpp
@@ -391,6 +391,7 @@ void ciMethodData::set_argument_type(int bci, int i, ciKlass* k) {
  MethodData* mdo = get_MethodData();
  if (mdo != NULL) {
    ProfileData* data = mdo->bci_to_data(bci);
+    if (data != NULL) {
      if (data->is_CallTypeData()) {
        data->as_CallTypeData()->set_argument_type(i, k->get_Klass());
      } else {
@@ -398,6 +399,7 @@ void ciMethodData::set_argument_type(int bci, int i, ciKlass* k) {
        data->as_VirtualCallTypeData()->set_argument_type(i, k->get_Klass());
      }
    }
+  }
 }

 void ciMethodData::set_parameter_type(int i, ciKlass* k) {
@@ -413,6 +415,7 @@ void ciMethodData::set_return_type(int bci, ciKlass* k) {
  MethodData* mdo = get_MethodData();
  if (mdo != NULL) {
    ProfileData* data = mdo->bci_to_data(bci);
+    if (data != NULL) {
      if (data->is_CallTypeData()) {
        data->as_CallTypeData()->set_return_type(k->get_Klass());
      } else {
@@ -420,6 +423,7 @@ void ciMethodData::set_return_type(int bci, ciKlass* k) {
        data->as_VirtualCallTypeData()->set_return_type(k->get_Klass());
      }
    }
+  }
 }

 bool ciMethodData::has_escape_info() {

--- a/src/share/vm/opto/parse2.cpp
+++ b/src/share/vm/opto/parse2.cpp
@@ -812,6 +812,9 @@ float Parse::dynamic_branch_prediction(float &cnt, BoolTest::mask btest, Node* t
    ciMethodData* methodData = method()->method_data();
    if (!methodData->is_mature())  return PROB_UNKNOWN;
    ciProfileData* data = methodData->bci_to_data(bci());
+    if (data == NULL) {
+      return PROB_UNKNOWN;
+    }
    if (!data->is_JumpData())  return PROB_UNKNOWN;

    // get taken and not taken values
@@ -903,8 +906,8 @@ float Parse::branch_prediction(float& cnt,
        // of the OSR-ed method, and we want to deopt to gather more stats.
        // If you have ANY counts, then this loop is simply 'cold' relative
        // to the OSR loop.
-        if (data->as_BranchData()->taken() +
-            data->as_BranchData()->not_taken() == 0 ) {
+        if (data == NULL ||
+            (data->as_BranchData()->taken() +  data->as_BranchData()->not_taken() == 0)) {
          // This is the only way to return PROB_UNKNOWN:
          return PROB_UNKNOWN;
        }