JDK-8050978 : Fix bad field access check in C1 and C2
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8u20,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-07-17
  • Updated: 2017-08-07
  • Resolved: 2014-07-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u20Fixed 9 b26Fixed
Description
JCK8 test vm/constantpool/accessControl/accessControl004/accessControl00402m3/accessControl00402m3.html fails with -Xbatch -Xcomp due to bad field access check in C1 and C2

Precondition:
-------------

Consider the following class hierarchy:

    A
  /   \
 B1   B2

A declares a field "aa" which both B1 and B2 inherit.

Despite aa is declared in a super class of B1, methods in B1 might not access the field aa of an object of class B2:

class B1 extends A {
  m(B2 b2) {
    ...
    x = b2.aa; // !!! Access not allowed
  }
}

This is checked by the test mentioned above.


Problem:
--------

ciField::will_link() used by C1 and C2 does the access check using the canonical_holder (which is A in this case) and thus the access erroneously succeeds.


Fix:
----

In ciField::ciField(), just before the canonical holder is stored into the _holder variable (and which is used by ciField::will_link()) perform an additional access check with the holder declared in the class file. If this check fails, store the declared holder instead and ciField::will_link() will bail out compilation for this field later on. Then, the interpreter will throw an PrivilegedAccessException at runtime.


Ways to reproduce:
------------------

Run the above JCK test with

C2 only: -XX:-TieredCompilation -Xbatch -Xcomp

or

with C1: -XX:-Inline -Xbatch -Xcomp

Evaluation
---------------

We consider this fix critical as access control is broken. Fields can be accessed errornously.


Comments
The valid test accessControl00402m3.html isn't candidate to be excluded in JCK 8 - There is a workaround to pass it: -Xbatch -Xcomp
24-07-2014

This issue is still tck-red against 8u20. Please open the back port issue for 8u20.
23-07-2014

JDK 8u20 b23 and 8 fcs (b132): Test failed with "-XX:-TieredCompilation -Xbatch -Xcomp" Test failed with "-Xbatch -Xcomp -XX:-Inline" Test passed with "-Xbatch -Xcomp" JDK 7u71 b05: Test passed with all 3 sets of options.
23-07-2014

Test passed with "-Xbatch -Xcomp" options.
23-07-2014

Test failed for jdk 8u20 b23 with attached log.
23-07-2014

http://cr.openjdk.java.net/~goetz/webrevs/8050978-fieldCheck/webrev-01/
23-07-2014

ILW=incorrect behavior, failed jck test;Xcomp;none=HMH=P1
21-07-2014