[9] RFR(L) 8158168: SIGSEGV: CollectedHeap::fill_with_objects(HeapWord*, unsigned long, bool)+0xa8
dean.long at oracle.com
dean.long at oracle.com
Wed Mar 15 21:28:51 UTC 2017
https://bugs.openjdk.java.net/browse/JDK-8158168
http://cr.openjdk.java.net/~dlong/8158168/
This crash is caused by missing array bounds checks on compact string
intrinsics. It shows up when unsynchronized access to a StringBuilder
object causes inconsistent field values.
To convince myself that all the necessary bounds checks are being done,
I put callers into two groups, trusted and untrusted. Untrusted callers
are all directed through StringUTF16 methods, so that bounds checks are
done in one place and can be tested easily. Trusted callers bypass the
bounds checks, so they must do their own checking.
As a safety net, I added asserts around the intrinsic calls, and a
try/catch that so any out of bounds exception turns into an assert error
as well. Finally, I restored some C2 debug code that was previously
removed, and I use it to do bounds checking in debug builds. In a
product build C2 will remove all of these.
See the bug report for tests run.
There are some unavoidable performance regressions on micro benchmarks,
because now we are doing bounds checks that we weren't before.
dl
More information about the hotspot-compiler-dev
mailing list