RFR: 8368997: AIX allows reading from address zero which leads to several ubsan findings
Martin Doerr
mdoerr at openjdk.org
Tue Oct 7 13:57:38 UTC 2025
On Wed, 1 Oct 2025 14:08:08 GMT, Joachim Kern <jkern at openjdk.org> wrote:
> In _SafeFetchXX_internal() a pointer is checked for readability before using. It returns false if this is not the case. The implementation tries to read from the pointer if this is not feasible the signal handler comes into place jumping back to the function via longjmp, so the _SafeFetchXX_internal() itself can return with a false and a null as pseudo content of the address. If the address was readable the function returns true and provides the content of the address.
> Because AIX allows reading from address zero, _SafeFetchXX_internal() returns true and follow up functions using the address are called. All these functions end up in an UBSAN finding regarding reading from zero.
> The solution could be to manually code that also AIX behaves like other operating systems and returns false and the content zero in case of address zero. Then no UBSAN finding occur.
I think this is fine. Hotspot should never read from address 0, so returning false should be ok. This essentially emulates the behavior of other operating systems.
Should we only catch `adr == nullptr` or all addresses within the first memory page?
-------------
Marked as reviewed by mdoerr (Reviewer).
PR Review: https://git.openjdk.org/jdk/pull/27591#pullrequestreview-3310247930
More information about the hotspot-runtime-dev
mailing list