Integrated: 8256732: Zero: broken +ZeroTLAB exposes badly initialized memory

Aleksey Shipilev shade at openjdk.java.net
Tue Mar 16 17:01:10 UTC 2021 

On Fri, 20 Nov 2020 10:07:39 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:

> Looks like memory is badly initialized when `-XX:+ZeroTLAB` is specified.
> 
> Manifests like this:
> 
> $ CONF=linux-x86_64-zero-fastdebug make exploded-test TEST=compiler/memoryinitialization/ZeroTLABTest.java
> 
> command: main -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> reason: User specified action: run main/othervm -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> Mode: othervm [/othervm specified]
> elapsed time (seconds): 0.098
> configuration:
> STDOUT:
> Error occurred during initialization of VM
> java.lang.NullPointerException
> at java.lang.System.getProperty(java.base/System.java:836)
> 
> The cause is simple: Zero calls `ThreadLocalAllocBuffer::allocate`:
> 
> if (UseTLAB) {
>   result = (oop) THREAD->tlab().allocate(obj_size);
> }
> 
> ...which actually does mangle the object space in debug builds:
> 
> inline HeapWord* ThreadLocalAllocBuffer::allocate(size_t size) {
>   invariants();
>   HeapWord* obj = top();
>   if (pointer_delta(end(), obj) >= size) {
>     // successful thread-local allocation
> #ifdef ASSERT
>     // Skip mangling the space corresponding to the object header to
>     // ensure that the returned space is not considered parsable by
>     // any concurrent GC thread.
>     size_t hdr_size = oopDesc::header_size();
>     Copy::fill_to_words(obj + hdr_size, size - hdr_size, badHeapWordVal);
> #endif // ASSERT
>     // This addition is safe because we know that top is
>     // at least size below end, so the add can't wrap.
>     set_top(obj + size);
> 
>     invariants();
>     return obj;
>   }
>   return NULL;
> }
> 
> So if we do `+ZeroTLAB` in debug builds, Zero skips initializing the object body, and gets scrambled memory for newly allocated object. Then everything breaks.

This pull request has now been integrated.

Changeset: dc93138b
Author:    Aleksey Shipilev <shade at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/dc93138b
Stats:     31 lines in 1 file changed: 12 ins; 5 del; 14 mod

8256732: Zero: broken +ZeroTLAB exposes badly initialized memory

Reviewed-by: dholmes

-------------

PR: https://git.openjdk.java.net/jdk/pull/1343

More information about the hotspot-runtime-dev mailing list