RFR: JDK-8275320: NMT should perform buffer overrun checks [v2]

Zhengyu Gu zgu at openjdk.java.net
Thu Nov 18 14:30:44 UTC 2021 

On Thu, 18 Nov 2021 14:14:17 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:

>> src/hotspot/share/services/mallocTracker.cpp line 174:
>> 
>>> 172:   // we check here are the bare minimum of what we know will malloc() give us
>>> 173:   // (which is 64-bit even on 32-bit platforms).
>>> 174:   if (!is_aligned(this, sizeof(uint64_t))) {
>> 
>> Where does this information come from? As far as I can see, the man-page of `malloc()` only mentions:
>> 
>>> "malloc returns a pointer which is suitably aligned for any built-in  type"
>> 
>> Why is this 64 bit on a 32-bit platform?
>
> We know that the alignment has to be *at least* 64-bit since we know we have 64-bit inbuilt types on both 64-bit and 32-bit platforms (`uint64_t`). From experience, I know it is probably more, 16 or 32 bytes. This makes sense since there exist scalar data types larger than 64-bit.
> 
> But this code tests the *minimal* necessary alignment only and I wanted to prevent false positives. Let's say, in case we happen to run with a libc whose malloc implementation returns only 64-bit aligned pointers. That also could happen if someone put a weird malloc() implementation below us (malloc hooks or LD_PRELOAD). I think the assumption that everything malloc() returns is at least 64-bit aligned is pretty safe though.
> 
> Ideally, we would have a clear definition of malloc alignment somewhere in `globalDefinitions.hpp`. In hotspot, there are a range of places where such alignment is implicitly assumed. The NMT header size, for instance, or metaspace allocation size, hotspot arena allocation alignment etc. Basically, everywhere where one either marshalls malloc'ed blocks or implements some sort of general purpose allocator. C++ has `std::max_align_t` for that. Maybe we could use that one. But that's a topic for another RFE.
> 
> I try to improve the comment.

> Where does this information come from? As far as I can see, the man-page of `malloc()` only mentions:
> 
> > "malloc returns a pointer which is suitably aligned for any built-in  type"
> 
> Why is this 64 bit on a 32-bit platform?

NMT always assumes (from experiments on various platforms) that malloc memory is 2-machine-word aligned, so it is 64-bit align on a 32-bit platform.

-------------

PR: https://git.openjdk.java.net/jdk/pull/5952

More information about the hotspot-dev mailing list