RFR: integer overflow in marking code for large object arrays
Stefan Karlsson
stefan.karlsson at oracle.com
Mon Feb 12 16:10:16 UTC 2018
Hi all,
Please review this patch to fix an integer overflow bug in the marking
code for large object arrays.
http://cr.openjdk.java.net/~stefank/zgc/zLargeObjectArrayMarkingBug/webrev.01/
This bug was found with a micro stress tests (externally reported - not
open), which stresses the marking code for large object arrays.
With gc+marking=trace the overflow bug could be seen:
[12,763s][trace][gc,marking] GC(1) Array follow large:
0x0000040005600018-0x00000400055ffff8 (18446744073709551584), middle:
0x0000040005601000-0x00000400055ff000 (18446744073709543424)
where the size (18446744073709551584), or more easily read
0xffffffffffffffe0, is an unexpectedly large value for this code.
The patch adds a new assert that catches this kind of problems. The
following program doesn't reproduce the original crash, but it triggers
the added assert:
$ java -Xlog:gc*,gc+stats=off -XX:+UseZGC -Xmx20g -Xms20g -cp .
TestLargeObjectArray 2147483644
public class TestLargeObjectArray {
public static void main(String [] args) {
Object [] object = new Object[Integer.parseInt(args[0])];
System.gc();
}
}
Thanks,
StefanK
More information about the zgc-dev
mailing list