RFR: 8256732: Zero: broken +ZeroTLAB exposes badly initialized memory [v4]

Aleksey Shipilev shade at openjdk.java.net
Fri Mar 5 16:04:52 UTC 2021 

> Looks like memory is badly initialized when `-XX:+ZeroTLAB` is specified.
> 
> Manifests like this:
> 
> $ CONF=linux-x86_64-zero-fastdebug make exploded-test TEST=compiler/memoryinitialization/ZeroTLABTest.java
> 
> command: main -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> reason: User specified action: run main/othervm -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> Mode: othervm [/othervm specified]
> elapsed time (seconds): 0.098
> configuration:
> STDOUT:
> Error occurred during initialization of VM
> java.lang.NullPointerException
> at java.lang.System.getProperty(java.base/System.java:836)
> 
> The cause is simple: Zero calls `ThreadLocalAllocBuffer::allocate`:
> 
> if (UseTLAB) {
>   result = (oop) THREAD->tlab().allocate(obj_size);
> }
> 
> ...which actually does mangle the object space in debug builds:
> 
> inline HeapWord* ThreadLocalAllocBuffer::allocate(size_t size) {
>   invariants();
>   HeapWord* obj = top();
>   if (pointer_delta(end(), obj) >= size) {
>     // successful thread-local allocation
> #ifdef ASSERT
>     // Skip mangling the space corresponding to the object header to
>     // ensure that the returned space is not considered parsable by
>     // any concurrent GC thread.
>     size_t hdr_size = oopDesc::header_size();
>     Copy::fill_to_words(obj + hdr_size, size - hdr_size, badHeapWordVal);
> #endif // ASSERT
>     // This addition is safe because we know that top is
>     // at least size below end, so the add can't wrap.
>     set_top(obj + size);
> 
>     invariants();
>     return obj;
>   }
>   return NULL;
> }
> 
> So if we do `+ZeroTLAB` in debug builds, Zero skips initializing the object body, and gets scrambled memory for newly allocated object. Then everything breaks.

Aleksey Shipilev has updated the pull request with a new target base due to a merge or a rebase. The pull request now contains six commits:

 - Refactor TLAB allocation code a bit
 - Adjust for the fact ThreadLocalAllocBuffer can mangle object space
 - Merge branch 'master' into JDK-8256732-zero-zerotlab-broken
 - Merge branch 'master' into JDK-8256732-zero-zerotlab-broken
 - Maintain the body/header initialization order
 - 8256732: Zero: broken +ZeroTLAB exposes badly initialized memory

-------------

Changes: https://git.openjdk.java.net/jdk/pull/1343/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=1343&range=03
  Stats: 31 lines in 1 file changed: 12 ins; 5 del; 14 mod
  Patch: https://git.openjdk.java.net/jdk/pull/1343.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/1343/head:pull/1343

PR: https://git.openjdk.java.net/jdk/pull/1343

More information about the hotspot-runtime-dev mailing list