RFR: integer overflow in marking code for large object arrays
Stefan Karlsson
stefan.karlsson at oracle.com
Mon Feb 12 21:05:47 UTC 2018
On 2018-02-12 20:33, Per Liden wrote:
> Looks good!
Thanks.
>
> Should we maybe keep the arrayOop.hpp part as an upstream patch?
Yes. I have them as two separate patches in my patch queue.
StefanK
>
> /Per
>
> On 2018-02-12 17:10, Stefan Karlsson wrote:
>> Hi all,
>>
>> Please review this patch to fix an integer overflow bug in the
>> marking code for large object arrays.
>>
>> http://cr.openjdk.java.net/~stefank/zgc/zLargeObjectArrayMarkingBug/webrev.01/
>>
>>
>> This bug was found with a micro stress tests (externally reported -
>> not open), which stresses the marking code for large object arrays.
>>
>> With gc+marking=trace the overflow bug could be seen:
>>
>> [12,763s][trace][gc,marking] GC(1) Array follow large:
>> 0x0000040005600018-0x00000400055ffff8 (18446744073709551584), middle:
>> 0x0000040005601000-0x00000400055ff000 (18446744073709543424)
>>
>> where the size (18446744073709551584), or more easily read
>> 0xffffffffffffffe0, is an unexpectedly large value for this code.
>>
>> The patch adds a new assert that catches this kind of problems. The
>> following program doesn't reproduce the original crash, but it
>> triggers the added assert:
>>
>> $ java -Xlog:gc*,gc+stats=off -XX:+UseZGC -Xmx20g -Xms20g -cp .
>> TestLargeObjectArray 2147483644
>>
>> public class TestLargeObjectArray {
>> public static void main(String [] args) {
>> Object [] object = new Object[Integer.parseInt(args[0])];
>> System.gc();
>> }
>> }
>>
>> Thanks,
>> StefanK
More information about the zgc-dev
mailing list