[jmm-dev] ECOOP, JVMLS
Aleksey Shipilev
aleksey.shipilev at oracle.com
Sun Aug 3 12:48:36 UTC 2014
On 08/03/2014 05:36 AM, Doug Lea wrote:
> * Someone (other than Hans!) reminded me that something like the
> reachabilityFence included in the never-shipped Fences API
> (http://gee.cs.oswego.edu/dl/jsr166/dist/docs/java/util/concurrent/atomic/Fences.html)
Yes, and I forgot to mention this use case highlighted to us at JVMLS.
Basically, have a Java class which points to naked memory addresses
(think DirectByteBuffer-like implementation). Your method takes that
Java instance as the method argument, pulls the native memory address
from its field and starts working with it. At some later point during
the execution of that method, you hit safepoint, and VM figures the
enclosing instance is not needed anymore (e.g. dataflow suggests no uses
for that local in future) -- which arguably lets VM to run the cleanup
mechanics, freeing up the referenced memory. VM resumes from GC,
continues in the same method, boom, use-after-free.
Thanks,
-Aleksey.
More information about the jmm-dev
mailing list