Integrated: 8256732: Zero: broken +ZeroTLAB exposes badly initialized memory
Aleksey Shipilev
shade at openjdk.java.net
Tue Mar 16 17:01:10 UTC 2021
On Fri, 20 Nov 2020 10:07:39 GMT, Aleksey Shipilev <shade at openjdk.org> wrote:
> Looks like memory is badly initialized when `-XX:+ZeroTLAB` is specified.
>
> Manifests like this:
>
> $ CONF=linux-x86_64-zero-fastdebug make exploded-test TEST=compiler/memoryinitialization/ZeroTLABTest.java
>
> command: main -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> reason: User specified action: run main/othervm -Xcomp -XX:+UseTLAB -XX:+ZeroTLAB compiler.memoryinitialization.ZeroTLABTest
> Mode: othervm [/othervm specified]
> elapsed time (seconds): 0.098
> configuration:
> STDOUT:
> Error occurred during initialization of VM
> java.lang.NullPointerException
> at java.lang.System.getProperty(java.base/System.java:836)
>
> The cause is simple: Zero calls `ThreadLocalAllocBuffer::allocate`:
>
> if (UseTLAB) {
> result = (oop) THREAD->tlab().allocate(obj_size);
> }
>
> ...which actually does mangle the object space in debug builds:
>
> inline HeapWord* ThreadLocalAllocBuffer::allocate(size_t size) {
> invariants();
> HeapWord* obj = top();
> if (pointer_delta(end(), obj) >= size) {
> // successful thread-local allocation
> #ifdef ASSERT
> // Skip mangling the space corresponding to the object header to
> // ensure that the returned space is not considered parsable by
> // any concurrent GC thread.
> size_t hdr_size = oopDesc::header_size();
> Copy::fill_to_words(obj + hdr_size, size - hdr_size, badHeapWordVal);
> #endif // ASSERT
> // This addition is safe because we know that top is
> // at least size below end, so the add can't wrap.
> set_top(obj + size);
>
> invariants();
> return obj;
> }
> return NULL;
> }
>
> So if we do `+ZeroTLAB` in debug builds, Zero skips initializing the object body, and gets scrambled memory for newly allocated object. Then everything breaks.
This pull request has now been integrated.
Changeset: dc93138b
Author: Aleksey Shipilev <shade at openjdk.org>
URL: https://git.openjdk.java.net/jdk/commit/dc93138b
Stats: 31 lines in 1 file changed: 12 ins; 5 del; 14 mod
8256732: Zero: broken +ZeroTLAB exposes badly initialized memory
Reviewed-by: dholmes
-------------
PR: https://git.openjdk.java.net/jdk/pull/1343
More information about the hotspot-runtime-dev
mailing list