RFR: 8355960: JvmtiAgentList::Iterator dtor double free with -fno-elide-constructors [v4]
Alex Menkov
amenkov at openjdk.org
Thu Jul 3 19:15:40 UTC 2025
On Thu, 3 Jul 2025 04:27:13 GMT, David Holmes <dholmes at openjdk.org> wrote:
> Okay - still took me a little while to understand the double-indirection of the "tail ptr" in `add`, but I get it now. So looking at the acquire/release requirements:
>
> * all additions are done with `cmpxchg` which is effectively a release-store
>
> * when you iterate the list all loads of the "next" agent must be a load-acquire, this means
>
> * when you create the iterator you need a load-acquire (which you have when you pass `head()` )
> * In `Iterator::next()` you need a load-acquire on each read of the `_next` field which is most simply done by defining `JvmtiAgent::next()` as a load-acquire and using that in the iterator code instead of direct field access.
>
> * `JvmtiAgent::set_next` should be a release-store though as far as I can see it is not used.
Thank you for the detailed analysis.
Updated as suggested.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/26083#issuecomment-3033349842
More information about the serviceability-dev
mailing list