RFR: 8337958: Out-of-bounds array access in secondary_super_cache
Aleksey Shipilev
shade at openjdk.org
Wed Aug 7 17:24:31 UTC 2024
On Tue, 6 Aug 2024 23:35:55 GMT, Andrew Haley <aph at openjdk.org> wrote:
> The fix for [JDK-8180450](https://bugs.openjdk.org/browse/JDK-8180450), secondary_super_cache does not scale well, has a rare (and benign) out-of-bounds array access. While this bug is very unlikely ever to cause a failure, it should be fixed.
src/hotspot/cpu/aarch64/macroAssembler_aarch64.cpp line 1734:
> 1732: assert(Klass::SECONDARY_SUPERS_BITMAP_FULL == ~uintx(0), "");
> 1733: cmpw(r_array_length, (u1)(Klass::SECONDARY_SUPERS_TABLE_SIZE - 2));
> 1734: br(GT, L_huge);
Silly questions:
1. Why is it `(u1)`, when we are comparing with `cmpw` (4 bytes)? Also, should it really be unsigned? x86 code uses signed `int32_t`.
2. I was trying to see if there is anything special about `-2` here. Would it be a bit cleaner to say `GE` `Klass::SECONDARY_SUPERS_TABLE_SIZE - 1`?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20483#discussion_r1707498103
More information about the hotspot-dev
mailing list