RFR: 8369506: Bytecode rewriting causes Java heap corruption on AArch64 [v2]
Aleksey Shipilev
shade at openjdk.org
Wed Oct 15 14:43:00 UTC 2025
On Wed, 15 Oct 2025 14:32:05 GMT, Justin King <jcking at openjdk.org> wrote:
>> Fix JDK-8369506 by adding `STLR` when updating the bytecode. Additionally I added a quick debug only check which verifies the field offset we get from `ResolvedFieldEntry` in `TemplateTable::fast_*` will not clobber the header or Klass pointer. The added `STLR`, a long with the already existing `DMB ISHLD` in `InterpreterMacroAssembler::load_field_entry`, guarantees that the fully filled out `ResolvedFieldEntry` is observable if the patched bytecode is observable. We do not need to add `LDAR` for bytecode loading or `LDAR` in `TemplateTable::fast_*` for that reason. If another observer happens to observe a `0` field offset, its guaranteed then that they will also observe the non-patched bytecode which will ultimately end up doing the resolution again, which is okay.
>
> Justin King has updated the pull request incrementally with one additional commit since the last revision:
>
> Suggestions from shipilev
>
> Signed-off-by: Justin King <jcking at google.com>
Now running tests in my Graviton 3 instance to make sure the new verification code is not barfing up anywhere.
PR patch applies with fuzz, BTW, consider merging from mainline:
% patch -p1 < 27748.diff
patching file src/hotspot/cpu/aarch64/interp_masm_aarch64.cpp
patching file src/hotspot/cpu/aarch64/interp_masm_aarch64.hpp
patching file src/hotspot/cpu/aarch64/templateTable_aarch64.cpp
Hunk #3 succeeded at 3098 (offset 15 lines).
Hunk #4 succeeded at 3188 (offset 15 lines).
Hunk #5 succeeded at 3256 (offset 15 lines).
-------------
PR Comment: https://git.openjdk.org/jdk/pull/27748#issuecomment-3406799934
More information about the hotspot-compiler-dev
mailing list