RFR: 8339242: Fix overflow issues in AdlArena [v2]

[Thomas Stuefe]

On Mon, 2 Sep 2024 09:36:53 GMT, Casper Norrbin <duke at openjdk.org> wrote:

>> Hi everyone,
>> 
>> This PR addresses an issue in `adlArena` where some allocations lack checks for overflow. This could potentially result in successful allocations when called with unrealistic values.
>> 
>> The fix includes:
>> 
>> - Adding assertions to check for potential overflow.
>> - Reordering some operations to guard against overflow.
>
> Casper Norrbin has updated the pull request incrementally with one additional commit since the last revision:
> 
>   arena realloc overflow check

src/hotspot/share/memory/arena.cpp line 339:

> 337:   // See if we can resize in-place
> 338:   if( (c_old+old_size == _hwm) &&                      // Adjusting recent thing
> 339:       ((size_t)(_max-c_old) >= corrected_new_size) ) { // Still fits where it sits, safe from overflow

This change is correct, but it hides an important finding behind a reshuffling of parameters that someone else may innocently reshape later. It also makes the code less readable. Can we use something like saturated_add()?

I would also add an explicit assert for a reasonable max size. Arena allocations should be small. Nobody should hand in sizes larger than a few MB, so asserting for size >= 2^31 (2g) would make sense. Anything as large as that is almost certainly an error we should trap on.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/20774#discussion_r1740791483