RFR: integer overflow in marking code for large object arrays

Stefan Karlsson stefan.karlsson at oracle.com
Mon Feb 12 16:10:16 UTC 2018

Hi all,

Please review this patch to fix an integer overflow bug in the marking 
code for large object arrays.


This bug was found with a micro stress tests (externally reported - not 
open), which stresses the marking code for large object arrays.

With gc+marking=trace the overflow bug could be seen:

[12,763s][trace][gc,marking] GC(1) Array follow large: 
0x0000040005600018-0x00000400055ffff8 (18446744073709551584), middle: 
0x0000040005601000-0x00000400055ff000 (18446744073709543424)

where the size (18446744073709551584), or more easily read 
0xffffffffffffffe0, is an unexpectedly large value for this code.

The patch adds a new assert that catches this kind of problems. The 
following program doesn't reproduce the original crash, but it triggers 
the added assert:

$ java -Xlog:gc*,gc+stats=off -XX:+UseZGC -Xmx20g -Xms20g -cp . 
TestLargeObjectArray 2147483644

public class TestLargeObjectArray {
   public static void main(String [] args) {
     Object [] object = new Object[Integer.parseInt(args[0])];


More information about the zgc-dev mailing list