JDK-8306544 : Integer arithmetic overflow in hash functions for some Type classes
  • Type: Enhancement
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 21
  • Priority: P3
  • Status: Closed
  • Resolution: Duplicate
  • Submitted: 2023-04-20
  • Updated: 2023-07-10
  • Resolved: 2023-07-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 22
22Resolved
Related Reports
Duplicate :  
JDK-8308975 - Fix signed integer overflow in compiler code, part 2
Duplicate :  
JDK-8300825 - UB: Signed integer overflow: 9223372036854775807 + 3 cannot be represented in type 'long'
Description
The class Type has a virtual function "hash()".  Many of the subclasses implement this function by performing arithmetic (typically summing) values or hash codes of components.

Some of those implementations combine the components using java_add, which is safe from overflow. (Though this is arguably an abuse of that function. The description of that suite of functions suggests their purpose is to emulate Java operations, not for "general-purpose arithmetic".)

However, many others use ordinary "operator+" or "operator+=" to sum or accumulate values from components, with the values involved being signed integers.  Many (all?) of these have the potential to overflow, which is UB.  Probably in most or all of these such overflow won't be detected, and the compiler will normally generate code that happens to implicitly wrap.  And negative hash codes seem to be okay.

However, enabling UBSAN overflow checking will catch such overflows and complain. And we want to be able to use that sanitizer to help track down real overflow bugs.

So all of these hash functions need to be examined and made overflow-safe.

A case in point: enabling gcc -fsanitize=signed-integer-overflow detects an overflow in TypeLong::hash while building the JDK.

../../src/hotspot/share/opto/type.cpp:2034:19: runtime error: signed integer overflow: 9223372036854775807 + 9223372036854775807 cannot be represented in type 'long int'

[I'm filing this as an enhancement rather than a bug, since I'm pretty sure the potential overflow won't cause any problems for normal builds.]
Comments
The fix for issue JDK-8308975 "Fix signed integer overflow in compiler code, part 2" solved this one as well.
10-07-2023
Moving this to JDK 22 for now. Please update the fix version if a patch is ready in time for JDK 21.
03-05-2023
Probably the simplest fix is to make the hash functions deal with unsigned instead of signed values, at least internally.
21-04-2023
Now that we've figured out how to make UBSAN keep going past these, this is no longer blocking anything. Still should be fixed.
21-04-2023
Same problem as JDK-8300825, but with gcc instead of clang, and with some additional details here. Could resolve one as a duplicate of the other. As noted in a comment for JDK-8300825, I think it's current P5 priority is probably too low, since this is a blocker for using the sanitizer to look more broadly for overflow problems that really will bite us, such as JDK-8306331.
20-04-2023