RFR: 8369946: Bytecode rewriting causes Java heap corruption on PPC
Richard Reingruber
rrich at openjdk.org
Tue Oct 21 07:43:06 UTC 2025
On Fri, 17 Oct 2025 12:13:52 GMT, Martin Doerr <mdoerr at openjdk.org> wrote:
> Like the aarch64 fix (https://github.com/openjdk/jdk/pull/27748).
> PPC64 has additional requirements:
> - It implements `fast_invokevfinal` which uses `ResolvedMethodEntry`.
> - Speculative loads need to get prevented by memory barrier instructions (even on control dependent paths).
>
> I've refactored `load_field_entry` and `load_method_entry` into a common function and added support for rewritten "fast" Bytecodes. I'm using `isync` instructions because we already have a control dependency (via Bytecode dispatch).
>
> The `isync` instruction is relatively cheap in comparison to other memory barriers, but still introduces some performance loss. SPEC jvm98 with -Xint shows about 5% regression in `compress` sub-benchmark. The other sub-benchmarks are not significantly impacted. However, switching off `RewriteBytecodes` would cause a much higher performance loss.
>
> Note: I had also ported the `verify_field_offset` check and used it in the fastdebug and product build for testing, but couldn't catch any issue. Not included in this PR. I'm not planning to contribute it.
Hi Martin,
nasty bug this is. Thanks for doing the fixing on ppc. And great work by Justin finding it!
I see that we've missed porting previous fixes to ppc that prevent reordering of the bytecode load with loads from ResolvedFieldEntry and -MethodEntry (JDK-8248219 and JDK-8327647). Now this is done in `load_field_or_method_entry()`.
The change is good. The comment could be improved a little bit.
Thanks, Richard.
src/hotspot/cpu/ppc/interp_masm_ppc_64.cpp line 492:
> 490:
> 491: if (for_fast_bytecode) {
> 492: // Prevent loading inconsistent resolved info which may have been written by another thread.
Suggestion:
// Prevent speculative loading from ResolvedFieldEntry/ResolvedMethodEntry as it can miss the info written by another thread.
-------------
Changes requested by rrich (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27867#pullrequestreview-3357882991
PR Review Comment: https://git.openjdk.org/jdk/pull/27867#discussion_r2446088467
More information about the hotspot-compiler-dev
mailing list