1 /*
  2  * Copyright (c) 2000, 2024, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.
  8  *
  9  * This code is distributed in the hope that it will be useful, but WITHOUT
 10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 12  * version 2 for more details (a copy is included in the LICENSE file that
 13  * accompanied this code).
 14  *
 15  * You should have received a copy of the GNU General Public License version
 16  * 2 along with this work; if not, write to the Free Software Foundation,
 17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 18  *
 19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 20  * or visit www.oracle.com if you need additional information or have any
 21  * questions.
 22  *
 23  */
 24 
 25 #include "precompiled.hpp"
 26 #include "classfile/classFileStream.hpp"
 27 #include "classfile/classLoader.hpp"
 28 #include "classfile/classLoadInfo.hpp"
 29 #include "classfile/javaClasses.inline.hpp"
 30 #include "classfile/systemDictionary.hpp"
 31 #include "classfile/vmSymbols.hpp"
 32 #include "jfr/jfrEvents.hpp"
 33 #include "jni.h"
 34 #include "jvm.h"
 35 #include "memory/allocation.inline.hpp"
 36 #include "memory/resourceArea.hpp"
 37 #include "oops/access.inline.hpp"
 38 #include "oops/fieldStreams.inline.hpp"
 39 #include "oops/instanceKlass.inline.hpp"
 40 #include "oops/klass.inline.hpp"
 41 #include "oops/objArrayOop.inline.hpp"
 42 #include "oops/oop.inline.hpp"
 43 #include "oops/typeArrayOop.inline.hpp"
 44 #include "prims/jvmtiExport.hpp"
 45 #include "prims/unsafe.hpp"
 46 #include "runtime/globals.hpp"
 47 #include "runtime/handles.inline.hpp"
 48 #include "runtime/interfaceSupport.inline.hpp"
 49 #include "runtime/javaThread.inline.hpp"
 50 #include "runtime/jniHandles.inline.hpp"
 51 #include "runtime/orderAccess.hpp"
 52 #include "runtime/reflection.hpp"
 53 #include "runtime/sharedRuntime.hpp"
 54 #include "runtime/stubRoutines.hpp"
 55 #include "runtime/threadSMR.hpp"
 56 #include "runtime/vmOperations.hpp"
 57 #include "runtime/vm_version.hpp"
 58 #include "sanitizers/ub.hpp"
 59 #include "services/threadService.hpp"
 60 #include "utilities/align.hpp"
 61 #include "utilities/copy.hpp"
 62 #include "utilities/dtrace.hpp"
 63 #include "utilities/macros.hpp"
 64 
 65 /**
 66  * Implementation of the jdk.internal.misc.Unsafe class
 67  */
 68 
 69 
 70 #define MAX_OBJECT_SIZE \
 71   ( arrayOopDesc::base_offset_in_bytes(T_DOUBLE) \
 72     + ((julong)max_jint * sizeof(double)) )
 73 
 74 #define UNSAFE_ENTRY(result_type, header) \
 75   JVM_ENTRY(static result_type, header)
 76 
 77 #define UNSAFE_LEAF(result_type, header) \
 78   JVM_LEAF(static result_type, header)
 79 
 80 // All memory access methods (e.g. getInt, copyMemory) must use this macro.
 81 // We call these methods "scoped" methods, as access to these methods is
 82 // typically governed by a "scope" (a MemorySessionImpl object), and no
 83 // access is allowed when the scope is no longer alive.
 84 //
 85 // Closing a scope object (cf. scopedMemoryAccess.cpp) can install
 86 // an async exception during a safepoint. When that happens,
 87 // scoped methods are not allowed to touch the underlying memory (as that
 88 // memory might have been released). Therefore, when entering a scoped method
 89 // we check if an async exception has been installed, and return immediately
 90 // if that is the case.
 91 //
 92 // As a rule, we disallow safepoints in the middle of a scoped method.
 93 // If an async exception handshake were installed in such a safepoint,
 94 // memory access might still occur before the handshake is honored by
 95 // the accessing thread.
 96 //
 97 // Corollary: as threads in native state are considered to be at a safepoint,
 98 // scoped methods must NOT be executed while in the native thread state.
 99 // Because of this, there can be no UNSAFE_LEAF_SCOPED.
100 #define UNSAFE_ENTRY_SCOPED(result_type, header) \
101   JVM_ENTRY(static result_type, header) \
102   if (thread->has_async_exception_condition()) {return (result_type)0;}
103 
104 #define UNSAFE_END JVM_END
105 
106 
107 static inline void* addr_from_java(jlong addr) {
108   // This assert fails in a variety of ways on 32-bit systems.
109   // It is impossible to predict whether native code that converts
110   // pointers to longs will sign-extend or zero-extend the addresses.
111   //assert(addr == (uintptr_t)addr, "must not be odd high bits");
112   return (void*)(uintptr_t)addr;
113 }
114 
115 static inline jlong addr_to_java(void* p) {
116   assert(p == (void*)(uintptr_t)p, "must not be odd high bits");
117   return (uintptr_t)p;
118 }
119 
120 
121 // Note: The VM's obj_field and related accessors use byte-scaled
122 // ("unscaled") offsets, just as the unsafe methods do.
123 
124 // However, the method Unsafe.fieldOffset explicitly declines to
125 // guarantee this.  The field offset values manipulated by the Java user
126 // through the Unsafe API are opaque cookies that just happen to be byte
127 // offsets.  We represent this state of affairs by passing the cookies
128 // through conversion functions when going between the VM and the Unsafe API.
129 // The conversion functions just happen to be no-ops at present.
130 
131 static inline jlong field_offset_to_byte_offset(jlong field_offset) {
132   return field_offset;
133 }
134 
135 static inline int field_offset_from_byte_offset(int byte_offset) {
136   return byte_offset;
137 }
138 
139 static inline void assert_field_offset_sane(oop p, jlong field_offset) {
140 #ifdef ASSERT
141   jlong byte_offset = field_offset_to_byte_offset(field_offset);
142 
143   if (p != nullptr) {
144     assert(byte_offset >= 0 && byte_offset <= (jlong)MAX_OBJECT_SIZE, "sane offset");
145     if (byte_offset == (jint)byte_offset) {
146       void* ptr_plus_disp = cast_from_oop<address>(p) + byte_offset;
147       assert(p->field_addr<void>((jint)byte_offset) == ptr_plus_disp,
148              "raw [ptr+disp] must be consistent with oop::field_addr");
149     }
150     jlong p_size = HeapWordSize * (jlong)(p->size());
151     assert(byte_offset < p_size, "Unsafe access: offset " INT64_FORMAT " > object's size " INT64_FORMAT, (int64_t)byte_offset, (int64_t)p_size);
152   }
153 #endif
154 }
155 
156 static inline void* index_oop_from_field_offset_long(oop p, jlong field_offset) {
157   assert_field_offset_sane(p, field_offset);
158   uintptr_t base_address = cast_from_oop<uintptr_t>(p);
159   uintptr_t byte_offset  = (uintptr_t)field_offset_to_byte_offset(field_offset);
160   return (void*)(base_address + byte_offset);
161 }
162 
163 // Externally callable versions:
164 // (Use these in compiler intrinsics which emulate unsafe primitives.)
165 jlong Unsafe_field_offset_to_byte_offset(jlong field_offset) {
166   return field_offset;
167 }
168 jlong Unsafe_field_offset_from_byte_offset(jlong byte_offset) {
169   return byte_offset;
170 }
171 
172 
173 ///// Data read/writes on the Java heap and in native (off-heap) memory
174 
175 /**
176  * Helper class to wrap memory accesses in JavaThread::doing_unsafe_access()
177  */
178 class GuardUnsafeAccess {
179   JavaThread* _thread;
180 
181 public:
182   GuardUnsafeAccess(JavaThread* thread) : _thread(thread) {
183     // native/off-heap access which may raise SIGBUS if accessing
184     // memory mapped file data in a region of the file which has
185     // been truncated and is now invalid.
186     _thread->set_doing_unsafe_access(true);
187   }
188 
189   ~GuardUnsafeAccess() {
190     _thread->set_doing_unsafe_access(false);
191   }
192 };
193 
194 /**
195  * Helper class for accessing memory.
196  *
197  * Normalizes values and wraps accesses in
198  * JavaThread::doing_unsafe_access() if needed.
199  */
200 template <typename T>
201 class MemoryAccess : StackObj {
202   JavaThread* _thread;
203   oop _obj;
204   ptrdiff_t _offset;
205 
206   // Resolves and returns the address of the memory access.
207   // This raw memory access may fault, so we make sure it happens within the
208   // guarded scope by making the access volatile at least. Since the store
209   // of Thread::set_doing_unsafe_access() is also volatile, these accesses
210   // can not be reordered by the compiler. Therefore, if the access triggers
211   // a fault, we will know that Thread::doing_unsafe_access() returns true.
212   volatile T* addr() {
213     void* addr = index_oop_from_field_offset_long(_obj, _offset);
214     return static_cast<volatile T*>(addr);
215   }
216 
217   template <typename U>
218   U normalize_for_write(U x) {
219     return x;
220   }
221 
222   jboolean normalize_for_write(jboolean x) {
223     return x & 1;
224   }
225 
226   template <typename U>
227   U normalize_for_read(U x) {
228     return x;
229   }
230 
231   jboolean normalize_for_read(jboolean x) {
232     return x != 0;
233   }
234 
235 public:
236   MemoryAccess(JavaThread* thread, jobject obj, jlong offset)
237     : _thread(thread), _obj(JNIHandles::resolve(obj)), _offset((ptrdiff_t)offset) {
238     assert_field_offset_sane(_obj, offset);
239   }
240 
241   T get() {
242     GuardUnsafeAccess guard(_thread);
243     return normalize_for_read(*addr());
244   }
245 
246   // we use this method at some places for writing to 0 e.g. to cause a crash;
247   // ubsan does not know that this is the desired behavior
248   ATTRIBUTE_NO_UBSAN
249   void put(T x) {
250     GuardUnsafeAccess guard(_thread);
251     *addr() = normalize_for_write(x);
252   }
253 
254 
255   T get_volatile() {
256     GuardUnsafeAccess guard(_thread);
257     volatile T ret = RawAccess<MO_SEQ_CST>::load(addr());
258     return normalize_for_read(ret);
259   }
260 
261   void put_volatile(T x) {
262     GuardUnsafeAccess guard(_thread);
263     RawAccess<MO_SEQ_CST>::store(addr(), normalize_for_write(x));
264   }
265 };
266 
267 // These functions allow a null base pointer with an arbitrary address.
268 // But if the base pointer is non-null, the offset should make some sense.
269 // That is, it should be in the range [0, MAX_OBJECT_SIZE].
270 UNSAFE_ENTRY(jobject, Unsafe_GetReference(JNIEnv *env, jobject unsafe, jobject obj, jlong offset)) {
271   oop p = JNIHandles::resolve(obj);
272   assert_field_offset_sane(p, offset);
273   oop v = HeapAccess<ON_UNKNOWN_OOP_REF>::oop_load_at(p, offset);
274   return JNIHandles::make_local(THREAD, v);
275 } UNSAFE_END
276 
277 UNSAFE_ENTRY(void, Unsafe_PutReference(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jobject x_h)) {
278   oop x = JNIHandles::resolve(x_h);
279   oop p = JNIHandles::resolve(obj);
280   assert_field_offset_sane(p, offset);
281   HeapAccess<ON_UNKNOWN_OOP_REF>::oop_store_at(p, offset, x);
282 } UNSAFE_END
283 
284 UNSAFE_ENTRY(jobject, Unsafe_GetReferenceVolatile(JNIEnv *env, jobject unsafe, jobject obj, jlong offset)) {
285   oop p = JNIHandles::resolve(obj);
286   assert_field_offset_sane(p, offset);
287   oop v = HeapAccess<MO_SEQ_CST | ON_UNKNOWN_OOP_REF>::oop_load_at(p, offset);
288   return JNIHandles::make_local(THREAD, v);
289 } UNSAFE_END
290 
291 UNSAFE_ENTRY(void, Unsafe_PutReferenceVolatile(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jobject x_h)) {
292   oop x = JNIHandles::resolve(x_h);
293   oop p = JNIHandles::resolve(obj);
294   assert_field_offset_sane(p, offset);
295   HeapAccess<MO_SEQ_CST | ON_UNKNOWN_OOP_REF>::oop_store_at(p, offset, x);
296 } UNSAFE_END
297 
298 UNSAFE_ENTRY(jobject, Unsafe_GetUncompressedObject(JNIEnv *env, jobject unsafe, jlong addr)) {
299   oop v = *(oop*) (address) addr;
300   return JNIHandles::make_local(THREAD, v);
301 } UNSAFE_END
302 
303 #define DEFINE_GETSETOOP(java_type, Type) \
304  \
305 UNSAFE_ENTRY_SCOPED(java_type, Unsafe_Get##Type(JNIEnv *env, jobject unsafe, jobject obj, jlong offset)) { \
306   return MemoryAccess<java_type>(thread, obj, offset).get(); \
307 } UNSAFE_END \
308  \
309 UNSAFE_ENTRY_SCOPED(void, Unsafe_Put##Type(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, java_type x)) { \
310   MemoryAccess<java_type>(thread, obj, offset).put(x); \
311 } UNSAFE_END \
312  \
313 // END DEFINE_GETSETOOP.
314 
315 DEFINE_GETSETOOP(jboolean, Boolean)
316 DEFINE_GETSETOOP(jbyte, Byte)
317 DEFINE_GETSETOOP(jshort, Short);
318 DEFINE_GETSETOOP(jchar, Char);
319 DEFINE_GETSETOOP(jint, Int);
320 DEFINE_GETSETOOP(jlong, Long);
321 DEFINE_GETSETOOP(jfloat, Float);
322 DEFINE_GETSETOOP(jdouble, Double);
323 
324 #undef DEFINE_GETSETOOP
325 
326 #define DEFINE_GETSETOOP_VOLATILE(java_type, Type) \
327  \
328 UNSAFE_ENTRY_SCOPED(java_type, Unsafe_Get##Type##Volatile(JNIEnv *env, jobject unsafe, jobject obj, jlong offset)) { \
329   return MemoryAccess<java_type>(thread, obj, offset).get_volatile(); \
330 } UNSAFE_END \
331  \
332 UNSAFE_ENTRY_SCOPED(void, Unsafe_Put##Type##Volatile(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, java_type x)) { \
333   MemoryAccess<java_type>(thread, obj, offset).put_volatile(x); \
334 } UNSAFE_END \
335  \
336 // END DEFINE_GETSETOOP_VOLATILE.
337 
338 DEFINE_GETSETOOP_VOLATILE(jboolean, Boolean)
339 DEFINE_GETSETOOP_VOLATILE(jbyte, Byte)
340 DEFINE_GETSETOOP_VOLATILE(jshort, Short);
341 DEFINE_GETSETOOP_VOLATILE(jchar, Char);
342 DEFINE_GETSETOOP_VOLATILE(jint, Int);
343 DEFINE_GETSETOOP_VOLATILE(jlong, Long);
344 DEFINE_GETSETOOP_VOLATILE(jfloat, Float);
345 DEFINE_GETSETOOP_VOLATILE(jdouble, Double);
346 
347 #undef DEFINE_GETSETOOP_VOLATILE
348 
349 UNSAFE_LEAF(void, Unsafe_FullFence(JNIEnv *env, jobject unsafe)) {
350   OrderAccess::fence();
351 } UNSAFE_END
352 
353 ////// Allocation requests
354 
355 UNSAFE_ENTRY(jobject, Unsafe_AllocateInstance(JNIEnv *env, jobject unsafe, jclass cls)) {
356   JvmtiVMObjectAllocEventCollector oam;
357   instanceOop i = InstanceKlass::allocate_instance(JNIHandles::resolve_non_null(cls), CHECK_NULL);
358   return JNIHandles::make_local(THREAD, i);
359 } UNSAFE_END
360 
361 UNSAFE_LEAF(jlong, Unsafe_AllocateMemory0(JNIEnv *env, jobject unsafe, jlong size)) {
362   size_t sz = (size_t)size;
363 
364   assert(is_aligned(sz, HeapWordSize), "sz not aligned");
365 
366   void* x = os::malloc(sz, mtOther);
367 
368   return addr_to_java(x);
369 } UNSAFE_END
370 
371 UNSAFE_LEAF(jlong, Unsafe_ReallocateMemory0(JNIEnv *env, jobject unsafe, jlong addr, jlong size)) {
372   void* p = addr_from_java(addr);
373   size_t sz = (size_t)size;
374 
375   assert(is_aligned(sz, HeapWordSize), "sz not aligned");
376 
377   void* x = os::realloc(p, sz, mtOther);
378 
379   return addr_to_java(x);
380 } UNSAFE_END
381 
382 UNSAFE_LEAF(void, Unsafe_FreeMemory0(JNIEnv *env, jobject unsafe, jlong addr)) {
383   void* p = addr_from_java(addr);
384 
385   os::free(p);
386 } UNSAFE_END
387 
388 UNSAFE_ENTRY_SCOPED(void, Unsafe_SetMemory0(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jlong size, jbyte value)) {
389   size_t sz = (size_t)size;
390 
391   oop base = JNIHandles::resolve(obj);
392   void* p = index_oop_from_field_offset_long(base, offset);
393 
394   {
395     GuardUnsafeAccess guard(thread);
396     if (StubRoutines::unsafe_setmemory() != nullptr) {
397       MACOS_AARCH64_ONLY(ThreadWXEnable wx(WXExec, thread));
398       StubRoutines::UnsafeSetMemory_stub()(p, sz, value);
399     } else {
400       Copy::fill_to_memory_atomic(p, sz, value);
401     }
402   }
403 } UNSAFE_END
404 
405 UNSAFE_ENTRY_SCOPED(void, Unsafe_CopyMemory0(JNIEnv *env, jobject unsafe, jobject srcObj, jlong srcOffset, jobject dstObj, jlong dstOffset, jlong size)) {
406   size_t sz = (size_t)size;
407 
408   oop srcp = JNIHandles::resolve(srcObj);
409   oop dstp = JNIHandles::resolve(dstObj);
410 
411   void* src = index_oop_from_field_offset_long(srcp, srcOffset);
412   void* dst = index_oop_from_field_offset_long(dstp, dstOffset);
413   {
414     GuardUnsafeAccess guard(thread);
415     if (StubRoutines::unsafe_arraycopy() != nullptr) {
416       MACOS_AARCH64_ONLY(ThreadWXEnable wx(WXExec, thread));
417       StubRoutines::UnsafeArrayCopy_stub()(src, dst, sz);
418     } else {
419       Copy::conjoint_memory_atomic(src, dst, sz);
420     }
421   }
422 } UNSAFE_END
423 
424 UNSAFE_ENTRY_SCOPED(void, Unsafe_CopySwapMemory0(JNIEnv *env, jobject unsafe, jobject srcObj, jlong srcOffset, jobject dstObj, jlong dstOffset, jlong size, jlong elemSize)) {
425   size_t sz = (size_t)size;
426   size_t esz = (size_t)elemSize;
427 
428   oop srcp = JNIHandles::resolve(srcObj);
429   oop dstp = JNIHandles::resolve(dstObj);
430 
431   address src = (address)index_oop_from_field_offset_long(srcp, srcOffset);
432   address dst = (address)index_oop_from_field_offset_long(dstp, dstOffset);
433 
434   {
435     GuardUnsafeAccess guard(thread);
436     Copy::conjoint_swap(src, dst, sz, esz);
437   }
438 } UNSAFE_END
439 
440 UNSAFE_LEAF (void, Unsafe_WriteBack0(JNIEnv *env, jobject unsafe, jlong line)) {
441   assert(VM_Version::supports_data_cache_line_flush(), "should not get here");
442 #ifdef ASSERT
443   if (TraceMemoryWriteback) {
444     tty->print_cr("Unsafe: writeback 0x%p", addr_from_java(line));
445   }
446 #endif
447 
448   MACOS_AARCH64_ONLY(ThreadWXEnable wx(WXExec, Thread::current()));
449   assert(StubRoutines::data_cache_writeback() != nullptr, "sanity");
450   (StubRoutines::DataCacheWriteback_stub())(addr_from_java(line));
451 } UNSAFE_END
452 
453 static void doWriteBackSync0(bool is_pre)
454 {
455   MACOS_AARCH64_ONLY(ThreadWXEnable wx(WXExec, Thread::current()));
456   assert(StubRoutines::data_cache_writeback_sync() != nullptr, "sanity");
457   (StubRoutines::DataCacheWritebackSync_stub())(is_pre);
458 }
459 
460 UNSAFE_LEAF (void, Unsafe_WriteBackPreSync0(JNIEnv *env, jobject unsafe)) {
461   assert(VM_Version::supports_data_cache_line_flush(), "should not get here");
462 #ifdef ASSERT
463   if (TraceMemoryWriteback) {
464       tty->print_cr("Unsafe: writeback pre-sync");
465   }
466 #endif
467 
468   doWriteBackSync0(true);
469 } UNSAFE_END
470 
471 UNSAFE_LEAF (void, Unsafe_WriteBackPostSync0(JNIEnv *env, jobject unsafe)) {
472   assert(VM_Version::supports_data_cache_line_flush(), "should not get here");
473 #ifdef ASSERT
474   if (TraceMemoryWriteback) {
475     tty->print_cr("Unsafe: writeback pre-sync");
476   }
477 #endif
478 
479   doWriteBackSync0(false);
480 } UNSAFE_END
481 
482 ////// Random queries
483 
484 static jlong find_field_offset(jclass clazz, jstring name, TRAPS) {
485   assert(clazz != nullptr, "clazz must not be null");
486   assert(name != nullptr, "name must not be null");
487 
488   ResourceMark rm(THREAD);
489   char *utf_name = java_lang_String::as_utf8_string(JNIHandles::resolve_non_null(name));
490 
491   InstanceKlass* k = InstanceKlass::cast(java_lang_Class::as_Klass(JNIHandles::resolve_non_null(clazz)));
492 
493   jint offset = -1;
494   for (JavaFieldStream fs(k); !fs.done(); fs.next()) {
495     Symbol *name = fs.name();
496     if (name->equals(utf_name)) {
497       offset = fs.offset();
498       break;
499     }
500   }
501   if (offset < 0) {
502     THROW_0(vmSymbols::java_lang_InternalError());
503   }
504   return field_offset_from_byte_offset(offset);
505 }
506 
507 static jlong find_field_offset(jobject field, int must_be_static, TRAPS) {
508   assert(field != nullptr, "field must not be null");
509 
510   oop reflected   = JNIHandles::resolve_non_null(field);
511   oop mirror      = java_lang_reflect_Field::clazz(reflected);
512   Klass* k        = java_lang_Class::as_Klass(mirror);
513   int slot        = java_lang_reflect_Field::slot(reflected);
514   int modifiers   = java_lang_reflect_Field::modifiers(reflected);
515 
516   if (must_be_static >= 0) {
517     int really_is_static = ((modifiers & JVM_ACC_STATIC) != 0);
518     if (must_be_static != really_is_static) {
519       THROW_0(vmSymbols::java_lang_IllegalArgumentException());
520     }
521   }
522 
523   int offset = InstanceKlass::cast(k)->field_offset(slot);
524   return field_offset_from_byte_offset(offset);
525 }
526 
527 UNSAFE_ENTRY(jlong, Unsafe_ObjectFieldOffset0(JNIEnv *env, jobject unsafe, jobject field)) {
528   return find_field_offset(field, 0, THREAD);
529 } UNSAFE_END
530 
531 UNSAFE_ENTRY(jlong, Unsafe_ObjectFieldOffset1(JNIEnv *env, jobject unsafe, jclass c, jstring name)) {
532   return find_field_offset(c, name, THREAD);
533 } UNSAFE_END
534 
535 UNSAFE_ENTRY(jlong, Unsafe_StaticFieldOffset0(JNIEnv *env, jobject unsafe, jobject field)) {
536   return find_field_offset(field, 1, THREAD);
537 } UNSAFE_END
538 
539 UNSAFE_ENTRY(jobject, Unsafe_StaticFieldBase0(JNIEnv *env, jobject unsafe, jobject field)) {
540   assert(field != nullptr, "field must not be null");
541 
542   // Note:  In this VM implementation, a field address is always a short
543   // offset from the base of a klass metaobject.  Thus, the full dynamic
544   // range of the return type is never used.  However, some implementations
545   // might put the static field inside an array shared by many classes,
546   // or even at a fixed address, in which case the address could be quite
547   // large.  In that last case, this function would return null, since
548   // the address would operate alone, without any base pointer.
549 
550   oop reflected   = JNIHandles::resolve_non_null(field);
551   oop mirror      = java_lang_reflect_Field::clazz(reflected);
552   int modifiers   = java_lang_reflect_Field::modifiers(reflected);
553 
554   if ((modifiers & JVM_ACC_STATIC) == 0) {
555     THROW_NULL(vmSymbols::java_lang_IllegalArgumentException());
556   }
557 
558   return JNIHandles::make_local(THREAD, mirror);
559 } UNSAFE_END
560 
561 UNSAFE_ENTRY(void, Unsafe_EnsureClassInitialized0(JNIEnv *env, jobject unsafe, jobject clazz)) {
562   assert(clazz != nullptr, "clazz must not be null");
563 
564   oop mirror = JNIHandles::resolve_non_null(clazz);
565 
566   Klass* klass = java_lang_Class::as_Klass(mirror);
567   if (klass != nullptr && klass->should_be_initialized()) {
568     InstanceKlass* k = InstanceKlass::cast(klass);
569     k->initialize(CHECK);
570   }
571 }
572 UNSAFE_END
573 
574 UNSAFE_ENTRY(jboolean, Unsafe_ShouldBeInitialized0(JNIEnv *env, jobject unsafe, jobject clazz)) {
575   assert(clazz != nullptr, "clazz must not be null");
576 
577   oop mirror = JNIHandles::resolve_non_null(clazz);
578   Klass* klass = java_lang_Class::as_Klass(mirror);
579 
580   if (klass != nullptr && klass->should_be_initialized()) {
581     return true;
582   }
583 
584   return false;
585 }
586 UNSAFE_END
587 
588 static void getBaseAndScale(int& base, int& scale, jclass clazz, TRAPS) {
589   assert(clazz != nullptr, "clazz must not be null");
590 
591   oop mirror = JNIHandles::resolve_non_null(clazz);
592   Klass* k = java_lang_Class::as_Klass(mirror);
593 
594   if (k == nullptr || !k->is_array_klass()) {
595     THROW(vmSymbols::java_lang_InvalidClassException());
596   } else if (k->is_objArray_klass()) {
597     base  = arrayOopDesc::base_offset_in_bytes(T_OBJECT);
598     scale = heapOopSize;
599   } else if (k->is_typeArray_klass()) {
600     TypeArrayKlass* tak = TypeArrayKlass::cast(k);
601     base  = tak->array_header_in_bytes();
602     assert(base == arrayOopDesc::base_offset_in_bytes(tak->element_type()), "array_header_size semantics ok");
603     scale = (1 << tak->log2_element_size());
604   } else {
605     ShouldNotReachHere();
606   }
607 }
608 
609 UNSAFE_ENTRY(jint, Unsafe_ArrayBaseOffset0(JNIEnv *env, jobject unsafe, jclass clazz)) {
610   int base = 0, scale = 0;
611   getBaseAndScale(base, scale, clazz, CHECK_0);
612 
613   return field_offset_from_byte_offset(base);
614 } UNSAFE_END
615 
616 
617 UNSAFE_ENTRY(jint, Unsafe_ArrayIndexScale0(JNIEnv *env, jobject unsafe, jclass clazz)) {
618   int base = 0, scale = 0;
619   getBaseAndScale(base, scale, clazz, CHECK_0);
620 
621   // This VM packs both fields and array elements down to the byte.
622   // But watch out:  If this changes, so that array references for
623   // a given primitive type (say, T_BOOLEAN) use different memory units
624   // than fields, this method MUST return zero for such arrays.
625   // For example, the VM used to store sub-word sized fields in full
626   // words in the object layout, so that accessors like getByte(Object,int)
627   // did not really do what one might expect for arrays.  Therefore,
628   // this function used to report a zero scale factor, so that the user
629   // would know not to attempt to access sub-word array elements.
630   // // Code for unpacked fields:
631   // if (scale < wordSize)  return 0;
632 
633   // The following allows for a pretty general fieldOffset cookie scheme,
634   // but requires it to be linear in byte offset.
635   return field_offset_from_byte_offset(scale) - field_offset_from_byte_offset(0);
636 } UNSAFE_END
637 
638 
639 static inline void throw_new(JNIEnv *env, const char *ename) {
640   jclass cls = env->FindClass(ename);
641   if (env->ExceptionCheck()) {
642     env->ExceptionClear();
643     tty->print_cr("Unsafe: cannot throw %s because FindClass has failed", ename);
644     return;
645   }
646 
647   env->ThrowNew(cls, nullptr);
648 }
649 
650 static jclass Unsafe_DefineClass_impl(JNIEnv *env, jstring name, jbyteArray data, int offset, int length, jobject loader, jobject pd) {
651   // Code lifted from JDK 1.3 ClassLoader.c
652 
653   jbyte *body;
654   char *utfName = nullptr;
655   jclass result = nullptr;
656   char buf[128];
657 
658   assert(data != nullptr, "Class bytes must not be null");
659   assert(length >= 0, "length must not be negative: %d", length);
660 
661   if (UsePerfData) {
662     ClassLoader::unsafe_defineClassCallCounter()->inc();
663   }
664 
665   body = NEW_C_HEAP_ARRAY_RETURN_NULL(jbyte, length, mtInternal);
666   if (body == nullptr) {
667     throw_new(env, "java/lang/OutOfMemoryError");
668     return nullptr;
669   }
670 
671   env->GetByteArrayRegion(data, offset, length, body);
672   if (env->ExceptionCheck()) {
673     goto free_body;
674   }
675 
676   if (name != nullptr) {
677     uint len = env->GetStringUTFLength(name);
678     int unicode_len = env->GetStringLength(name);
679 
680     if (len >= sizeof(buf)) {
681       utfName = NEW_C_HEAP_ARRAY_RETURN_NULL(char, len + 1, mtInternal);
682       if (utfName == nullptr) {
683         throw_new(env, "java/lang/OutOfMemoryError");
684         goto free_body;
685       }
686     } else {
687       utfName = buf;
688     }
689 
690     env->GetStringUTFRegion(name, 0, unicode_len, utfName);
691 
692     for (uint i = 0; i < len; i++) {
693       if (utfName[i] == '.')   utfName[i] = '/';
694     }
695   }
696 
697   result = JVM_DefineClass(env, utfName, loader, body, length, pd);
698 
699   if (utfName && utfName != buf) {
700     FREE_C_HEAP_ARRAY(char, utfName);
701   }
702 
703  free_body:
704   FREE_C_HEAP_ARRAY(jbyte, body);
705   return result;
706 }
707 
708 
709 UNSAFE_ENTRY(jclass, Unsafe_DefineClass0(JNIEnv *env, jobject unsafe, jstring name, jbyteArray data, int offset, int length, jobject loader, jobject pd)) {
710   ThreadToNativeFromVM ttnfv(thread);
711 
712   return Unsafe_DefineClass_impl(env, name, data, offset, length, loader, pd);
713 } UNSAFE_END
714 
715 
716 UNSAFE_ENTRY(void, Unsafe_ThrowException(JNIEnv *env, jobject unsafe, jthrowable thr)) {
717   ThreadToNativeFromVM ttnfv(thread);
718   env->Throw(thr);
719 } UNSAFE_END
720 
721 // JSR166 ------------------------------------------------------------------
722 
723 UNSAFE_ENTRY(jobject, Unsafe_CompareAndExchangeReference(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jobject e_h, jobject x_h)) {
724   oop x = JNIHandles::resolve(x_h);
725   oop e = JNIHandles::resolve(e_h);
726   oop p = JNIHandles::resolve(obj);
727   assert_field_offset_sane(p, offset);
728   oop res = HeapAccess<ON_UNKNOWN_OOP_REF>::oop_atomic_cmpxchg_at(p, (ptrdiff_t)offset, e, x);
729   return JNIHandles::make_local(THREAD, res);
730 } UNSAFE_END
731 
732 UNSAFE_ENTRY_SCOPED(jint, Unsafe_CompareAndExchangeInt(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jint e, jint x)) {
733   oop p = JNIHandles::resolve(obj);
734   volatile jint* addr = (volatile jint*)index_oop_from_field_offset_long(p, offset);
735   return Atomic::cmpxchg(addr, e, x);
736 } UNSAFE_END
737 
738 UNSAFE_ENTRY_SCOPED(jlong, Unsafe_CompareAndExchangeLong(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jlong e, jlong x)) {
739   oop p = JNIHandles::resolve(obj);
740   volatile jlong* addr = (volatile jlong*)index_oop_from_field_offset_long(p, offset);
741   return Atomic::cmpxchg(addr, e, x);
742 } UNSAFE_END
743 
744 UNSAFE_ENTRY(jboolean, Unsafe_CompareAndSetReference(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jobject e_h, jobject x_h)) {
745   oop x = JNIHandles::resolve(x_h);
746   oop e = JNIHandles::resolve(e_h);
747   oop p = JNIHandles::resolve(obj);
748   assert_field_offset_sane(p, offset);
749   oop ret = HeapAccess<ON_UNKNOWN_OOP_REF>::oop_atomic_cmpxchg_at(p, (ptrdiff_t)offset, e, x);
750   return ret == e;
751 } UNSAFE_END
752 
753 UNSAFE_ENTRY_SCOPED(jboolean, Unsafe_CompareAndSetInt(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jint e, jint x)) {
754   oop p = JNIHandles::resolve(obj);
755   volatile jint* addr = (volatile jint*)index_oop_from_field_offset_long(p, offset);
756   return Atomic::cmpxchg(addr, e, x) == e;
757 } UNSAFE_END
758 
759 UNSAFE_ENTRY_SCOPED(jboolean, Unsafe_CompareAndSetLong(JNIEnv *env, jobject unsafe, jobject obj, jlong offset, jlong e, jlong x)) {
760   oop p = JNIHandles::resolve(obj);
761   volatile jlong* addr = (volatile jlong*)index_oop_from_field_offset_long(p, offset);
762   return Atomic::cmpxchg(addr, e, x) == e;
763 } UNSAFE_END
764 
765 static void post_thread_park_event(EventThreadPark* event, const oop obj, jlong timeout_nanos, jlong until_epoch_millis) {
766   assert(event != nullptr, "invariant");
767   event->set_parkedClass((obj != nullptr) ? obj->klass() : nullptr);
768   event->set_timeout(timeout_nanos);
769   event->set_until(until_epoch_millis);
770   event->set_address((obj != nullptr) ? (u8)cast_from_oop<uintptr_t>(obj) : 0);
771   event->commit();
772 }
773 
774 UNSAFE_ENTRY(void, Unsafe_Park(JNIEnv *env, jobject unsafe, jboolean isAbsolute, jlong time)) {
775   HOTSPOT_THREAD_PARK_BEGIN((uintptr_t) thread->parker(), (int) isAbsolute, time);
776   EventThreadPark event;
777 
778   JavaThreadParkedState jtps(thread, time != 0);
779   thread->parker()->park(isAbsolute != 0, time);
780   if (event.should_commit()) {
781     const oop obj = thread->current_park_blocker();
782     if (time == 0) {
783       post_thread_park_event(&event, obj, min_jlong, min_jlong);
784     } else {
785       if (isAbsolute != 0) {
786         post_thread_park_event(&event, obj, min_jlong, time);
787       } else {
788         post_thread_park_event(&event, obj, time, min_jlong);
789       }
790     }
791   }
792   HOTSPOT_THREAD_PARK_END((uintptr_t) thread->parker());
793 } UNSAFE_END
794 
795 UNSAFE_ENTRY(void, Unsafe_Unpark(JNIEnv *env, jobject unsafe, jobject jthread)) {
796   if (jthread != nullptr) {
797     oop thread_oop = JNIHandles::resolve_non_null(jthread);
798     // Get the JavaThread* stored in the java.lang.Thread object _before_
799     // the embedded ThreadsListHandle is constructed so we know if the
800     // early life stage of the JavaThread* is protected. We use acquire
801     // here to ensure that if we see a non-nullptr value, then we also
802     // see the main ThreadsList updates from the JavaThread* being added.
803     FastThreadsListHandle ftlh(thread_oop, java_lang_Thread::thread_acquire(thread_oop));
804     JavaThread* thr = ftlh.protected_java_thread();
805     if (thr != nullptr) {
806       // The still live JavaThread* is protected by the FastThreadsListHandle
807       // so it is safe to access.
808       Parker* p = thr->parker();
809       HOTSPOT_THREAD_UNPARK((uintptr_t) p);
810       p->unpark();
811     }
812   } // FastThreadsListHandle is destroyed here.
813 } UNSAFE_END
814 
815 UNSAFE_ENTRY(jint, Unsafe_GetLoadAverage0(JNIEnv *env, jobject unsafe, jdoubleArray loadavg, jint nelem)) {
816   const int max_nelem = 3;
817   double la[max_nelem];
818   jint ret;
819 
820   typeArrayOop a = typeArrayOop(JNIHandles::resolve_non_null(loadavg));
821   assert(a->is_typeArray(), "must be type array");
822 
823   ret = os::loadavg(la, nelem);
824   if (ret == -1) {
825     return -1;
826   }
827 
828   // if successful, ret is the number of samples actually retrieved.
829   assert(ret >= 0 && ret <= max_nelem, "Unexpected loadavg return value");
830   switch(ret) {
831     case 3: a->double_at_put(2, (jdouble)la[2]); // fall through
832     case 2: a->double_at_put(1, (jdouble)la[1]); // fall through
833     case 1: a->double_at_put(0, (jdouble)la[0]); break;
834   }
835 
836   return ret;
837 } UNSAFE_END
838 
839 
840 /// JVM_RegisterUnsafeMethods
841 
842 #define ADR "J"
843 
844 #define LANG "Ljava/lang/"
845 
846 #define OBJ LANG "Object;"
847 #define CLS LANG "Class;"
848 #define FLD LANG "reflect/Field;"
849 #define THR LANG "Throwable;"
850 
851 #define DC_Args  LANG "String;[BII" LANG "ClassLoader;" "Ljava/security/ProtectionDomain;"
852 #define DAC_Args CLS "[B[" OBJ
853 
854 #define CC (char*)  /*cast a literal from (const char*)*/
855 #define FN_PTR(f) CAST_FROM_FN_PTR(void*, &f)
856 
857 #define DECLARE_GETPUTOOP(Type, Desc) \
858     {CC "get" #Type,      CC "(" OBJ "J)" #Desc,       FN_PTR(Unsafe_Get##Type)}, \
859     {CC "put" #Type,      CC "(" OBJ "J" #Desc ")V",   FN_PTR(Unsafe_Put##Type)}, \
860     {CC "get" #Type "Volatile",      CC "(" OBJ "J)" #Desc,       FN_PTR(Unsafe_Get##Type##Volatile)}, \
861     {CC "put" #Type "Volatile",      CC "(" OBJ "J" #Desc ")V",   FN_PTR(Unsafe_Put##Type##Volatile)}
862 
863 
864 static JNINativeMethod jdk_internal_misc_Unsafe_methods[] = {
865     {CC "getReference",         CC "(" OBJ "J)" OBJ "",   FN_PTR(Unsafe_GetReference)},
866     {CC "putReference",         CC "(" OBJ "J" OBJ ")V",  FN_PTR(Unsafe_PutReference)},
867     {CC "getReferenceVolatile", CC "(" OBJ "J)" OBJ,      FN_PTR(Unsafe_GetReferenceVolatile)},
868     {CC "putReferenceVolatile", CC "(" OBJ "J" OBJ ")V",  FN_PTR(Unsafe_PutReferenceVolatile)},
869 
870     {CC "getUncompressedObject", CC "(" ADR ")" OBJ,  FN_PTR(Unsafe_GetUncompressedObject)},
871 
872     DECLARE_GETPUTOOP(Boolean, Z),
873     DECLARE_GETPUTOOP(Byte, B),
874     DECLARE_GETPUTOOP(Short, S),
875     DECLARE_GETPUTOOP(Char, C),
876     DECLARE_GETPUTOOP(Int, I),
877     DECLARE_GETPUTOOP(Long, J),
878     DECLARE_GETPUTOOP(Float, F),
879     DECLARE_GETPUTOOP(Double, D),
880 
881     {CC "allocateMemory0",    CC "(J)" ADR,              FN_PTR(Unsafe_AllocateMemory0)},
882     {CC "reallocateMemory0",  CC "(" ADR "J)" ADR,       FN_PTR(Unsafe_ReallocateMemory0)},
883     {CC "freeMemory0",        CC "(" ADR ")V",           FN_PTR(Unsafe_FreeMemory0)},
884 
885     {CC "objectFieldOffset0", CC "(" FLD ")J",           FN_PTR(Unsafe_ObjectFieldOffset0)},
886     {CC "objectFieldOffset1", CC "(" CLS LANG "String;)J", FN_PTR(Unsafe_ObjectFieldOffset1)},
887     {CC "staticFieldOffset0", CC "(" FLD ")J",           FN_PTR(Unsafe_StaticFieldOffset0)},
888     {CC "staticFieldBase0",   CC "(" FLD ")" OBJ,        FN_PTR(Unsafe_StaticFieldBase0)},
889     {CC "ensureClassInitialized0", CC "(" CLS ")V",      FN_PTR(Unsafe_EnsureClassInitialized0)},
890     {CC "arrayBaseOffset0",   CC "(" CLS ")I",           FN_PTR(Unsafe_ArrayBaseOffset0)},
891     {CC "arrayIndexScale0",   CC "(" CLS ")I",           FN_PTR(Unsafe_ArrayIndexScale0)},
892 
893     {CC "defineClass0",       CC "(" DC_Args ")" CLS,    FN_PTR(Unsafe_DefineClass0)},
894     {CC "allocateInstance",   CC "(" CLS ")" OBJ,        FN_PTR(Unsafe_AllocateInstance)},
895     {CC "throwException",     CC "(" THR ")V",           FN_PTR(Unsafe_ThrowException)},
896     {CC "compareAndSetReference",CC "(" OBJ "J" OBJ "" OBJ ")Z", FN_PTR(Unsafe_CompareAndSetReference)},
897     {CC "compareAndSetInt",   CC "(" OBJ "J""I""I"")Z",  FN_PTR(Unsafe_CompareAndSetInt)},
898     {CC "compareAndSetLong",  CC "(" OBJ "J""J""J"")Z",  FN_PTR(Unsafe_CompareAndSetLong)},
899     {CC "compareAndExchangeReference", CC "(" OBJ "J" OBJ "" OBJ ")" OBJ, FN_PTR(Unsafe_CompareAndExchangeReference)},
900     {CC "compareAndExchangeInt",  CC "(" OBJ "J""I""I"")I", FN_PTR(Unsafe_CompareAndExchangeInt)},
901     {CC "compareAndExchangeLong", CC "(" OBJ "J""J""J"")J", FN_PTR(Unsafe_CompareAndExchangeLong)},
902 
903     {CC "park",               CC "(ZJ)V",                FN_PTR(Unsafe_Park)},
904     {CC "unpark",             CC "(" OBJ ")V",           FN_PTR(Unsafe_Unpark)},
905 
906     {CC "getLoadAverage0",    CC "([DI)I",               FN_PTR(Unsafe_GetLoadAverage0)},
907 
908     {CC "copyMemory0",        CC "(" OBJ "J" OBJ "JJ)V", FN_PTR(Unsafe_CopyMemory0)},
909     {CC "copySwapMemory0",    CC "(" OBJ "J" OBJ "JJJ)V", FN_PTR(Unsafe_CopySwapMemory0)},
910     {CC "writeback0",         CC "(" "J" ")V",           FN_PTR(Unsafe_WriteBack0)},
911     {CC "writebackPreSync0",  CC "()V",                  FN_PTR(Unsafe_WriteBackPreSync0)},
912     {CC "writebackPostSync0", CC "()V",                  FN_PTR(Unsafe_WriteBackPostSync0)},
913     {CC "setMemory0",         CC "(" OBJ "JJB)V",        FN_PTR(Unsafe_SetMemory0)},
914 
915     {CC "shouldBeInitialized0", CC "(" CLS ")Z",         FN_PTR(Unsafe_ShouldBeInitialized0)},
916 
917     {CC "fullFence",          CC "()V",                  FN_PTR(Unsafe_FullFence)},
918 };
919 
920 #undef CC
921 #undef FN_PTR
922 
923 #undef ADR
924 #undef LANG
925 #undef OBJ
926 #undef CLS
927 #undef FLD
928 #undef THR
929 #undef DC_Args
930 #undef DAC_Args
931 
932 #undef DECLARE_GETPUTOOP
933 
934 
935 // This function is exported, used by NativeLookup.
936 // The Unsafe_xxx functions above are called only from the interpreter.
937 // The optimizer looks at names and signatures to recognize
938 // individual functions.
939 
940 JVM_ENTRY(void, JVM_RegisterJDKInternalMiscUnsafeMethods(JNIEnv *env, jclass unsafeclass)) {
941   ThreadToNativeFromVM ttnfv(thread);
942 
943   int ok = env->RegisterNatives(unsafeclass, jdk_internal_misc_Unsafe_methods, sizeof(jdk_internal_misc_Unsafe_methods)/sizeof(JNINativeMethod));
944   guarantee(ok == 0, "register jdk.internal.misc.Unsafe natives");
945 } JVM_END