RFR: integer overflow in marking code for large object arrays
Per Liden
per.liden at oracle.com
Mon Feb 12 19:33:32 UTC 2018
Looks good!
Should we maybe keep the arrayOop.hpp part as an upstream patch?
/Per
On 2018-02-12 17:10, Stefan Karlsson wrote:
> Hi all,
>
> Please review this patch to fix an integer overflow bug in the marking
> code for large object arrays.
>
> http://cr.openjdk.java.net/~stefank/zgc/zLargeObjectArrayMarkingBug/webrev.01/
>
>
> This bug was found with a micro stress tests (externally reported - not
> open), which stresses the marking code for large object arrays.
>
> With gc+marking=trace the overflow bug could be seen:
>
> [12,763s][trace][gc,marking] GC(1) Array follow large:
> 0x0000040005600018-0x00000400055ffff8 (18446744073709551584), middle:
> 0x0000040005601000-0x00000400055ff000 (18446744073709543424)
>
> where the size (18446744073709551584), or more easily read
> 0xffffffffffffffe0, is an unexpectedly large value for this code.
>
> The patch adds a new assert that catches this kind of problems. The
> following program doesn't reproduce the original crash, but it triggers
> the added assert:
>
> $ java -Xlog:gc*,gc+stats=off -XX:+UseZGC -Xmx20g -Xms20g -cp .
> TestLargeObjectArray 2147483644
>
> public class TestLargeObjectArray {
> public static void main(String [] args) {
> Object [] object = new Object[Integer.parseInt(args[0])];
> System.gc();
> }
> }
>
> Thanks,
> StefanK
More information about the zgc-dev
mailing list