RFR: 8369506: Bytecode rewriting causes Java heap corruption on AArch64 [v2]
Justin King
jcking at openjdk.org
Wed Oct 15 14:32:05 UTC 2025
> Fix JDK-8369506 by adding `STLR` when updating the bytecode. Additionally I added a quick debug only check which verifies the field offset we get from `ResolvedFieldEntry` in `TemplateTable::fast_*` will not clobber the header or Klass pointer. The added `STLR`, a long with the already existing `DMB ISHLD` in `InterpreterMacroAssembler::load_field_entry`, guarantees that the fully filled out `ResolvedFieldEntry` is observable if the patched bytecode is observable. We do not need to add `LDAR` for bytecode loading or `LDAR` in `TemplateTable::fast_*` for that reason. If another observer happens to observe a `0` field offset, its guaranteed then that they will also observe the non-patched bytecode which will ultimately end up doing the resolution again, which is okay.
Justin King has updated the pull request incrementally with one additional commit since the last revision:
Suggestions from shipilev
Signed-off-by: Justin King <jcking at google.com>
-------------
Changes:
- all: https://git.openjdk.org/jdk/pull/27748/files
- new: https://git.openjdk.org/jdk/pull/27748/files/2f1b5e0a..3575e7ba
Webrevs:
- full: https://webrevs.openjdk.org/?repo=jdk&pr=27748&range=01
- incr: https://webrevs.openjdk.org/?repo=jdk&pr=27748&range=00-01
Stats: 9 lines in 2 files changed: 1 ins; 1 del; 7 mod
Patch: https://git.openjdk.org/jdk/pull/27748.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/27748/head:pull/27748
PR: https://git.openjdk.org/jdk/pull/27748
More information about the hotspot-compiler-dev
mailing list