RFR: integer overflow in marking code for large object arrays

Stefan Karlsson stefan.karlsson at oracle.com
Mon Feb 12 21:05:47 UTC 2018


On 2018-02-12 20:33, Per Liden wrote:
> Looks good!

Thanks.

>
> Should we maybe keep the arrayOop.hpp part as an upstream patch?

Yes. I have them as two separate patches in my patch queue.

StefanK
>
> /Per
>
> On 2018-02-12 17:10, Stefan Karlsson wrote:
>> Hi all,
>>
>> Please review this patch to fix an integer overflow bug in the 
>> marking code for large object arrays.
>>
>> http://cr.openjdk.java.net/~stefank/zgc/zLargeObjectArrayMarkingBug/webrev.01/ 
>>
>>
>> This bug was found with a micro stress tests (externally reported - 
>> not open), which stresses the marking code for large object arrays.
>>
>> With gc+marking=trace the overflow bug could be seen:
>>
>> [12,763s][trace][gc,marking] GC(1) Array follow large: 
>> 0x0000040005600018-0x00000400055ffff8 (18446744073709551584), middle: 
>> 0x0000040005601000-0x00000400055ff000 (18446744073709543424)
>>
>> where the size (18446744073709551584), or more easily read 
>> 0xffffffffffffffe0, is an unexpectedly large value for this code.
>>
>> The patch adds a new assert that catches this kind of problems. The 
>> following program doesn't reproduce the original crash, but it 
>> triggers the added assert:
>>
>> $ java -Xlog:gc*,gc+stats=off -XX:+UseZGC -Xmx20g -Xms20g -cp . 
>> TestLargeObjectArray 2147483644
>>
>> public class TestLargeObjectArray {
>>    public static void main(String [] args) {
>>      Object [] object = new Object[Integer.parseInt(args[0])];
>>      System.gc();
>>    }
>> }
>>
>> Thanks,
>> StefanK




More information about the zgc-dev mailing list