RFR: 8369393: NMT: poison the canaries of malloc header under ASAN build [v20]
Thomas Stuefe
stuefe at openjdk.org
Fri Nov 14 11:41:12 UTC 2025
On Fri, 14 Nov 2025 11:17:20 GMT, Thomas Stuefe <stuefe at openjdk.org> wrote:
>> Hm, okay. I refreshed my memory, and yes, we only access the header on malloc and free. But then, what exactly is the purpose of selectively poisoning size and the canary, but leaving the rest unpoisoned? Either we must have perfect coverage - in which case we should poison the whole header - or we are happy with a 99% solution, in which case it's sufficient to poison only the canaries. Either way would be preferable to what the patch does now, which feels a bit arbitrary.
>>
>> Also, since we only access the header on os::malloc/realloc/free, we can move up the RAII unpoisoning helper to those functions and reduce the number of invocations from 16 to three call sites.
>
> I take back what I wrote. From looking into how UNPOISON is implemented, we dive down into libsanitizer for every single call to unpoison, and that function is non-trivial. So I would prefer to protect the malloc header in its whole.
BTW, the argument "the cost of ASAN is already high" is not a good one. We use ASAN in production to find real issues in sometimes large applications that may run a while before hitting an error. Every minute saved here is beneficial.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/27685#discussion_r2527145908
More information about the hotspot-runtime-dev
mailing list