Add verification for invoke receiver types

Christian Wimmer · Christian Wimmer · commit 1bfa68bb56ff · 2021-09-22T22:41:33.000-07:00
diff --git a/compiler/src/org.graalvm.compiler.graph/src/org/graalvm/compiler/graph/Graph.java b/compiler/src/org.graalvm.compiler.graph/src/org/graalvm/compiler/graph/Graph.java
@@ -517,7 +517,7 @@ private final class AddInputsFilter extends Node.EdgeVisitor {
         @Override
         public Node apply(Node self, Node input) {
             if (!input.isAlive()) {
-                assert !input.isDeleted();
+                assert !input.isDeleted() : input;
                 return addOrUniqueWithInputs(input);
             } else {
                 return input;
diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/SubstrateOptions.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/SubstrateOptions.java
@@ -620,4 +620,7 @@ protected void onValueUpdate(EconomicMap<OptionKey<?>, Object> values, String ol
     @APIOption(name = "configure-reflection-metadata")//
     @Option(help = "Limit method reflection metadata to configuration entries instead of including it for all reachable methods")//
     public static final HostedOptionKey<Boolean> ConfigureReflectionMetadata = new HostedOptionKey<>(true);
+
+    @Option(help = "Verify type states computed by the static analysis at run time", type = Debug)//
+    public static final HostedOptionKey<Boolean> VerifyTypes = new HostedOptionKey<>(true);
 }
diff --git a/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/graal/snippets/NonSnippetLowerings.java b/substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/graal/snippets/NonSnippetLowerings.java
@@ -33,15 +33,19 @@
 import org.graalvm.compiler.api.replacements.SnippetReflectionProvider;
 import org.graalvm.compiler.core.common.spi.ForeignCallDescriptor;
 import org.graalvm.compiler.core.common.type.StampPair;
+import org.graalvm.compiler.core.common.type.TypeReference;
 import org.graalvm.compiler.debug.DebugHandlersFactory;
 import org.graalvm.compiler.graph.Node;
 import org.graalvm.compiler.graph.NodeInputList;
+import org.graalvm.compiler.nodes.BeginNode;
 import org.graalvm.compiler.nodes.CallTargetNode;
 import org.graalvm.compiler.nodes.CallTargetNode.InvokeKind;
 import org.graalvm.compiler.nodes.ConstantNode;
 import org.graalvm.compiler.nodes.DirectCallTargetNode;
 import org.graalvm.compiler.nodes.FixedGuardNode;
 import org.graalvm.compiler.nodes.FixedNode;
+import org.graalvm.compiler.nodes.FixedWithNextNode;
+import org.graalvm.compiler.nodes.IfNode;
 import org.graalvm.compiler.nodes.IndirectCallTargetNode;
 import org.graalvm.compiler.nodes.Invoke;
 import org.graalvm.compiler.nodes.InvokeNode;
@@ -54,11 +58,15 @@
 import org.graalvm.compiler.nodes.StructuredGraph;
 import org.graalvm.compiler.nodes.ValueNode;
 import org.graalvm.compiler.nodes.calc.IsNullNode;
+import org.graalvm.compiler.nodes.extended.BranchProbabilityNode;
 import org.graalvm.compiler.nodes.extended.BytecodeExceptionNode;
 import org.graalvm.compiler.nodes.extended.BytecodeExceptionNode.BytecodeExceptionKind;
+import org.graalvm.compiler.nodes.extended.FixedValueAnchorNode;
 import org.graalvm.compiler.nodes.extended.ForeignCallNode;
 import org.graalvm.compiler.nodes.extended.GetClassNode;
 import org.graalvm.compiler.nodes.extended.LoadHubNode;
+import org.graalvm.compiler.nodes.extended.OpaqueNode;
+import org.graalvm.compiler.nodes.java.InstanceOfNode;
 import org.graalvm.compiler.nodes.java.MethodCallTargetNode;
 import org.graalvm.compiler.nodes.memory.OnHeapMemoryAccess.BarrierType;
 import org.graalvm.compiler.nodes.memory.ReadNode;
@@ -73,6 +81,8 @@
 import org.graalvm.word.LocationIdentity;
 
 import com.oracle.svm.core.FrameAccess;
+import com.oracle.svm.core.SubstrateOptions;
+import com.oracle.svm.core.SubstrateUtil;
 import com.oracle.svm.core.code.CodeInfoTable;
 import com.oracle.svm.core.graal.code.SubstrateBackend;
 import com.oracle.svm.core.graal.meta.RuntimeConfiguration;
@@ -81,6 +91,8 @@
 import com.oracle.svm.core.meta.SharedMethod;
 import com.oracle.svm.core.meta.SubstrateObjectConstant;
 import com.oracle.svm.core.snippets.ImplicitExceptions;
+import com.oracle.svm.core.snippets.SnippetRuntime;
+import com.oracle.svm.core.snippets.SubstrateForeignCallTarget;
 import com.oracle.svm.core.util.VMError;
 
 import jdk.vm.ci.code.CallingConvention;
@@ -93,9 +105,14 @@
 
 public abstract class NonSnippetLowerings {
 
+    public static final SnippetRuntime.SubstrateForeignCallDescriptor REPORT_VERIFY_TYPES_ERROR = SnippetRuntime.findForeignCall(
+                    NonSnippetLowerings.class, "reportVerifyTypesError", false, LocationIdentity.any());
+
     private final RuntimeConfiguration runtimeConfig;
     private final Predicate<ResolvedJavaMethod> mustNotAllocatePredicate;
 
+    final boolean verifyTypes = SubstrateOptions.VerifyTypes.getValue();
+
     @SuppressWarnings("unused")
     protected NonSnippetLowerings(RuntimeConfiguration runtimeConfig, Predicate<ResolvedJavaMethod> mustNotAllocatePredicate, OptionValues options, Iterable<DebugHandlersFactory> factories,
                     Providers providers, SnippetReflectionProvider snippetReflection, Map<Class<? extends Node>, NodeLoweringProvider<?>> lowerings) {
@@ -250,12 +267,53 @@ public void lower(FixedNode node, LoweringTool tool) {
                 SharedMethod method = (SharedMethod) callTarget.targetMethod();
                 JavaType[] signature = method.getSignature().toParameterTypes(callTarget.isStatic() ? null : method.getDeclaringClass());
                 CallingConvention.Type callType = method.getCallingConventionKind().toType(true);
-
                 InvokeKind invokeKind = callTarget.invokeKind();
                 SharedMethod[] implementations = method.getImplementations();
+
+                if (verifyTypes && !callTarget.isStatic() && receiver.getStackKind() == JavaKind.Object && !((SharedMethod) graph.method()).isUninterruptible()) {
+                    /*
+                     * Verify that the receiver is an instance of the class that declares the call
+                     * target method. To avoid that the new type check floats above a deoptimization
+                     * entry point, we need to anchor the receiver to the control flow. To avoid
+                     * that Graal optimizes away the InstanceOfNode immediately, we need an
+                     * OpaqueNode that removes all type information from the receiver. Then we wire
+                     * up an IfNode that leads to a ForeignCallNode in case the verification fails.
+                     */
+                    FixedValueAnchorNode anchoredReceiver = graph.add(new FixedValueAnchorNode(receiver));
+                    graph.addBeforeFixed(node, anchoredReceiver);
+                    ValueNode opaqueReceiver = graph.unique(new OpaqueNode(anchoredReceiver));
+                    TypeReference declaringClass = TypeReference.createTrustedWithoutAssumptions(method.getDeclaringClass());
+                    LogicNode instanceOf = graph.addOrUniqueWithInputs(InstanceOfNode.create(declaringClass, opaqueReceiver));
+                    BeginNode passingBegin = graph.add(new BeginNode());
+                    BeginNode failingBegin = graph.add(new BeginNode());
+                    IfNode ifNode = graph.add(new IfNode(instanceOf, passingBegin, failingBegin, BranchProbabilityNode.EXTREMELY_FAST_PATH_PROFILE));
+
+                    ((FixedWithNextNode) node.predecessor()).setNext(ifNode);
+                    passingBegin.setNext(node);
+
+                    String errorMessage;
+                    if (SubstrateUtil.HOSTED) {
+                        errorMessage = "Invoke " + invokeKind + " of " + method.format("%H.%n(%p)%r");
+                        errorMessage += System.lineSeparator() + "  declaringClass = " + declaringClass;
+                        if (implementations.length == 0 || implementations.length > 10) {
+                            errorMessage += System.lineSeparator() + "  implementations.length = " + implementations.length;
+                        } else {
+                            for (int i = 0; i < implementations.length; i++) {
+                                errorMessage += System.lineSeparator() + "  implementations[" + i + "] = " + implementations[i].format("%H.%n(%p)%r");
+                            }
+                        }
+                    } else {
+                        errorMessage = "Invoke (method name not added because message must be a compile-time constant)";
+                    }
+                    ConstantNode errorConstant = ConstantNode.forConstant(tool.getConstantReflection().forString(errorMessage), tool.getMetaAccess(), graph);
+                    ForeignCallNode reportError = graph.add(new ForeignCallNode(REPORT_VERIFY_TYPES_ERROR, opaqueReceiver, errorConstant));
+                    reportError.setStateAfter(invoke.stateAfter().duplicateModifiedDuringCall(invoke.bci(), node.getStackKind()));
+                    failingBegin.setNext(reportError);
+                    reportError.setNext(graph.add(new LoweredDeadEndNode()));
+                }
+
                 LoadHubNode hub = null;
                 CallTargetNode loweredCallTarget;
-
                 if (invokeKind.isDirect() || implementations.length == 1) {
                     SharedMethod targetMethod = method;
                     if (!invokeKind.isDirect()) {
@@ -352,4 +410,8 @@ private CallTargetNode createUnreachableCallTarget(LoweringTool tool, FixedNode
         }
     }
 
+    @SubstrateForeignCallTarget(stubCallingConvention = true)
+    private static void reportVerifyTypesError(Object object, String message) {
+        throw VMError.shouldNotReachHere("VerifyTypes found a type error for object " + (object == null ? "null" : object.getClass().getTypeName()) + ": " + message);
+    }
 }
diff --git a/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/snippets/ImplicitExceptionsFeature.java b/substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/snippets/ImplicitExceptionsFeature.java
@@ -25,9 +25,11 @@
 package com.oracle.svm.hosted.snippets;
 
 import com.oracle.graal.pointsto.meta.AnalysisMethod;
+import com.oracle.svm.core.SubstrateOptions;
 import com.oracle.svm.core.annotate.AutomaticFeature;
 import com.oracle.svm.core.graal.GraalFeature;
 import com.oracle.svm.core.graal.meta.SubstrateForeignCallsProvider;
+import com.oracle.svm.core.graal.snippets.NonSnippetLowerings;
 import com.oracle.svm.core.snippets.ExceptionUnwind;
 import com.oracle.svm.core.snippets.ImplicitExceptions;
 import com.oracle.svm.core.snippets.SnippetRuntime.SubstrateForeignCallDescriptor;
@@ -46,11 +48,17 @@ public void beforeAnalysis(BeforeAnalysisAccess a) {
         for (SubstrateForeignCallDescriptor descriptor : ExceptionUnwind.FOREIGN_CALLS) {
             access.getBigBang().addRootMethod((AnalysisMethod) descriptor.findMethod(access.getMetaAccess()));
         }
+        if (SubstrateOptions.VerifyTypes.getValue()) {
+            access.getBigBang().addRootMethod((AnalysisMethod) NonSnippetLowerings.REPORT_VERIFY_TYPES_ERROR.findMethod(access.getMetaAccess()));
+        }
     }
 
     @Override
     public void registerForeignCalls(SubstrateForeignCallsProvider foreignCalls) {
         foreignCalls.register(ImplicitExceptions.FOREIGN_CALLS);
         foreignCalls.register(ExceptionUnwind.FOREIGN_CALLS);
+        if (SubstrateOptions.VerifyTypes.getValue()) {
+            foreignCalls.register(NonSnippetLowerings.REPORT_VERIFY_TYPES_ERROR);
+        }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -620,4 +620,7 @@ protected void onValueUpdate(EconomicMap<OptionKey<?>, Object> values, String ol`
`620`	`620`	`@APIOption(name = "configure-reflection-metadata")//`
`621`	`621`	`@Option(help = "Limit method reflection metadata to configuration entries instead of including it for all reachable methods")//`
`622`	`622`	`public static final HostedOptionKey<Boolean> ConfigureReflectionMetadata = new HostedOptionKey<>(true);`
	`623`	`+`
	`624`	`+ @Option(help = "Verify type states computed by the static analysis at run time", type = Debug)//`
	`625`	`+ public static final HostedOptionKey<Boolean> VerifyTypes = new HostedOptionKey<>(true);`
`623`	`626`	`}`