RFR: 8270098: ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert
Tobias Hartmann
thartmann at openjdk.java.net
Mon Aug 9 09:50:53 UTC 2021
The fix for [JDK-8268125](https://bugs.openjdk.java.net/browse/JDK-8268125) ([PR 53](https://git.openjdk.java.net/jdk17/pull/53)) assumed that only dead code can have a clone array with an unknown array ptr type at expansion time. As `TestObjectArrayClone::testCloneObject` proves, that is not true because we can invoke `Object::clone` on any object, including arrays.
As a result, invoking `Object::clone` on an Object array leads to triggering the "Guard against surprises" assert in debug and to incorrectly using the `T_LONG` copy stub (without GC barriers) in product. I was not able to trigger a crash in product but a corresponding runtime check (see [patch](https://bugs.openjdk.java.net/secure/attachment/95954/runtime_check.patch)) triggered reliably.
The fix is to fall back to `ZBarrierSetRuntime::clone` if the array ptr type is unknown. I will backport this fix to JDK 17u.
Thanks,
Tobias
-------------
Commit messages:
- 8270098: ZGC: ZBarrierSetC2::clone_at_expansion fails with "Guard against surprises" assert
Changes: https://git.openjdk.java.net/jdk/pull/5048/files
Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5048&range=00
Issue: https://bugs.openjdk.java.net/browse/JDK-8270098
Stats: 106 lines in 2 files changed: 83 ins; 11 del; 12 mod
Patch: https://git.openjdk.java.net/jdk/pull/5048.diff
Fetch: git fetch https://git.openjdk.java.net/jdk pull/5048/head:pull/5048
PR: https://git.openjdk.java.net/jdk/pull/5048
More information about the hotspot-compiler-dev
mailing list