[PATCH] 8202414: Unsafe crash in C2
Andy Law
944797358 at qq.com
Mon Sep 10 11:10:51 UTC 2018
This change is only about:
Disabling the un-aligned C2 `clean_memory()` optimization when using Unsafe to write to an unaligned address.
```
java -version
openjdk version "1.8.0-internal-debug"
OpenJDK Runtime Environment (build 1.8.0-internal-debug-***_2018_09_03_19_31-b00)
OpenJDK 64-Bit Server VM (build 25.71-b00-debug, mixed mode)
```
This issue 8202414 is about:
ArrayObjects of -XX:+UseCompressedOops on 64-bit has a 12 bits header and a 4 bits length. So the length address is from 12th to 16th bytes.
If we use Unsafe.putInt() to write at the 17th bit, the C2 `clean_memory()` will mistakenly do `done_offset -= BytesPerInt;`, then `done_offset` will become 13. And then it will clear the address from the 13th bit, make the array length changes to a different value. When a GC happens, it will crash.
I didn’t find the unaligned memory support of `clear_memory()`, so I only do a small fix to make the affect be the least:
When Unsafe.put*() writes to an aligned memory as above, it will cause the assert fail. So when it fails, we don’t do any optimizations instead, and the problem solves.
I don’t know if it is a good solution? It is only 3 lines of code, so please have a look:) Thank you!
Andy
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openjdk-patch-8202414.diff
Type: application/octet-stream
Size: 463 bytes
Desc: not available
URL: <http://mail.openjdk.java.net/pipermail/hotspot-compiler-dev/attachments/20180910/4f45e72e/openjdk-patch-8202414.diff>
More information about the hotspot-compiler-dev
mailing list