RFR: 8360941: [ubsan] MemRegion::end() shows runtime error: applying non-zero offset 8388608 to null pointer [v5]

Fri Jul 18 17:00:06 UTC 2025

On Fri, 18 Jul 2025 08:21:48 GMT, Matthias Baesken <mbaesken at openjdk.org> wrote:

>> When running HS test
>> gtest/GTestWrapper.java
>> with ubsan-enabled binaries on macOS aarch64, the following error is reported (did not see this so far on Linux but there we use gcc and it seems the gcc/ubsan checks are a bit more limited).
>> 
>> test/hotspot/gtest/gc/g1/test_freeRegionList.cpp:37: Failure
>> Death test: child_G1FreeRegionList_length_()
>>     Result: died but not with expected exit code:
>>             Terminated by signal 6 (core dumped)
>> Actual msg:
>> 
>> [  DEATH   ] /jdk/src/hotspot/share/memory/memRegion.hpp:66:43: runtime error: applying non-zero offset 8388608 to null pointer
>> [  DEATH   ]     #0 0x108afd6f4 in MemRegion::end() const+0x84 (libjvm.dylib:arm64+0x16556f4)
>> [  DEATH   ]     #1 0x1075c68a0 in G1FreeRegionList_length_other_vm_Test::TestBody()+0x380 (libjvm.dylib:arm64+0x11e8a0)
>> [  DEATH   ]     #2 0x1090f3bb0 in testing::Test::Run()+0xc0 (libjvm.dylib:arm64+0x1c4bbb0)
>> [  DEATH   ]     #3 0x1090f4d94 in testing::TestInfo::Run()+0x1e4 (libjvm.dylib:arm64+0x1c4cd94)
>> [  DEATH   ]     #4 0x1090f6754 in testing::TestSuite::Run()+0x43c (libjvm.dylib:arm64+0x1c4e754)
>> [  DEATH   ]     #5 0x109103ca0 in testing::internal::UnitTestImpl::RunAllTests()+0x48c (libjvm.dylib:arm64+0x1c5bca0)
>> [  DEATH   ]     #6 0x109103588 in testing::UnitTest::Run()+0x78 (libjvm.dylib:arm64+0x1c5b588)
>> [  DEATH   ]     #7 0x1074a9ac0 in runUnitTestsInner(int, char**)+0x724 (libjvm.dylib:arm64+0x1ac0)
>> [  DEATH   ]     #8 0x102dc3f18 in main+0x2c (gtestLauncher:arm64+0x100003f18)
>> [  DEATH   ]     #9 0x196fea0dc  (<unknown module>)
>> [  DEATH   ] 
>> [  DEATH   ] SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /jdk/src/hotspot/share/memory/memRegion.hpp:66:43 in 
>> [  DEATH   ] 
>> 
>> 
>> 
>> Seems the test_freeRegionList.cpp uses a special MemRegion starting at nullptr ; but this causes a bit of trouble when adding to start == nullptr .
>> So far I see this issue just in the gtest, seems other MemRegion objects do not start at nullptr .
>
> Matthias Baesken has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Simplify test coding

test/hotspot/gtest/gc/g1/test_freeRegionList.cpp line 50:

> 48:   HeapWord* ptr = align_up(&val, os::vm_page_size());
> 49: 
> 50:   MemRegion heap(ptr, num_regions_in_test * G1HeapRegion::GrainWords);

I would not do it this way. The test should not write into the region, but if someone does mess up and does it, you get weird crashes. Possibly in other threads, because MemRegion is larger than your stack, and your stack may border on other stacks. Easier to just crash right on accessing uncommitted memory:

Suggestion:

  const size_t szw = num_regions_in_test * G1HeapRegion::GrainWords;
  const size_t sz = szw * BytePerWord;
  char* addr = os::reserve_memory(sz, mtTest);
  MemRegion heap((HeapWord*)ptr, szw);

and then after the test release it: `os::release_memory(addr, szw);`

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/26216#discussion_r2216370697