RFR: 8346916: [REDO] align_up has potential overflow [v3]
Casper Norrbin
cnorrbin at openjdk.org
Fri Feb 28 14:26:13 UTC 2025
On Fri, 28 Feb 2025 14:13:28 GMT, Casper Norrbin <cnorrbin at openjdk.org> wrote:
>> Hi everyone,
>>
>> The `align_up` function can potentially overflow, resulting in undefined behavior. Most use cases rely on the assumption that aligned_result >= original. To address this, I've added an assertion to verify this condition.
>>
>> The original PR (#20808) missed cases where overflow checks already existed, so I've now went through usages of `align_up` and found the places with explicit checks. Most notably, #23168 added `align_up_or_null` to metaspace, but this function is also useful elsewhere. Given this, I relocated it to `align.hpp`, alongside the rest of the alignment functions.
>>
>> Additionally, I've created `align_up_or_min`, which behaves similarly to the original align_up but handles overflows predictably across all integer types. This new function is used in the locations where overflow checks already exist, providing a safer alternative.
>
> Casper Norrbin has updated the pull request incrementally with one additional commit since the last revision:
>
> changed max size of MinHeapDeltaBytes
Of the (previously modified) heap flags, `MinHeapDeltaBytes` is the only problem. The other flags have checks before the `align_up` which crash the vm before reaching that point.
The previous max of `MinHeapDeltaBytes` was `max_uintx`, I lowered it to `max_uintx / 2` (`+1` to have it aligned). Now, if trying to set it to extreme values, we get a more informative error showing the maximum value instad of overflowing. This also means that the test works as expected.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/23711#issuecomment-2690772099
More information about the hotspot-dev
mailing list