Yet another XLC bug: wrong handling of array new operator with default arguments

Volker Simonis volker.simonis at gmail.com
Thu Jun 6 09:47:51 PDT 2013 

Hi Steve,

during the merge with the latest HotSpot version Goetz found yet another
bug in XLC.

I managed to break it down into the following minimal C++ program
('array_new.cpp' - see attachment).

In the example, the size of a Foo<Buffer> obejct should be 42 bytes and
consequently the size of an array of 10 Foo<Buffer> obejcts should always
be 420 bytes. However in the first allocation of the example program, the
array new allocator of Foo gets called with a size argument of 10 (which is
the arity of the array to allocate) instead of its size (which would be
420). This is wrong, because it allocates to few storage for the array.
This leads to crashes if the array will be accessed later on.

$ xlc++ array_new.cpp
$ ./a.out
sizeof(Foo<Buffer>[10]) = 420
*Foo::new [](size=10, foo=0)*
Foo::new [](size=420, foo=123)
sizeof(Foo<Buf>[10]) = 420
Foo::new [](size=420, foo=0)
Foo::new [](size=420, foo=123)

Notice that all the other allocations are successful because they either
explicitly specify the default argument of the array new operator or
because  they use POD data type (struct 'Buf' which has no constructor
instead of struct 'Buffer') as template argument for Foo.

The error occurs with both XLC 12:

IBM XL C/C++ for AIX, V12.1 (5765-J02, 5725-C72)
Version: 12.01.0000.0003

and XLC 10:

IBM XL C/C++ for AIX, V10.1
Version: 10.01.0000.0015

Could you please open a bug report for this issue and urge your XLC
colleagues to fix this issue as fast as possible because this is a
show-stopper for our current plan to merge our PPC/AIX HotSpot port into
the the master repository.

Thank you and best regards,
Volker

PS: in HotSpot this issue appears in
http://hg.openjdk.java.net/hsx/hotspot-main/hotspot/file/tip/src/share/vm/utilities/events.hpp
where the event loggers are initialized:

       88   EventLogBase<T>(const char* name, int length =
LogEventsBufferEntries):
       89     _name(name),
       90     _length(length),
       91     _count(0),
       92     _index(0),
       93     _mutex(Mutex::event, name) {
 *      94     _records = new EventRecord<T>[length];*
       95   }

because 'EventLogBase' is derived from 'CHeapObj' which has an array new
operator with an additional default argument. It finally leads to crashes
in various places where the loggers are used during runtime.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/attachments/20130606/796ce2ae/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: array_new.cpp
Type: text/x-c++src
Size: 1340 bytes
Desc: not available
Url : http://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/attachments/20130606/796ce2ae/array_new.cpp

More information about the ppc-aix-port-dev mailing list