[9] RFR(L) 8158168: SIGSEGV: CollectedHeap::fill_with_objects(HeapWord*, unsigned long, bool)+0xa8 (original) (raw)
dean.long at oracle.com dean.long at oracle.com
Wed Mar 15 21:28:51 UTC 2017
- Previous message: @HotSpotIntrinsicCandidate and native prefixes
- Next message: [9] RFR(L) 8158168: SIGSEGV: CollectedHeap::fill_with_objects(HeapWord*, unsigned long, bool)+0xa8
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
https://bugs.openjdk.java.net/browse/JDK-8158168
http://cr.openjdk.java.net/~dlong/8158168/
This crash is caused by missing array bounds checks on compact string intrinsics. It shows up when unsynchronized access to a StringBuilder object causes inconsistent field values.
To convince myself that all the necessary bounds checks are being done, I put callers into two groups, trusted and untrusted. Untrusted callers are all directed through StringUTF16 methods, so that bounds checks are done in one place and can be tested easily. Trusted callers bypass the bounds checks, so they must do their own checking.
As a safety net, I added asserts around the intrinsic calls, and a try/catch that so any out of bounds exception turns into an assert error as well. Finally, I restored some C2 debug code that was previously removed, and I use it to do bounds checking in debug builds. In a product build C2 will remove all of these.
See the bug report for tests run.
There are some unavoidable performance regressions on micro benchmarks, because now we are doing bounds checks that we weren't before.
dl
- Previous message: @HotSpotIntrinsicCandidate and native prefixes
- Next message: [9] RFR(L) 8158168: SIGSEGV: CollectedHeap::fill_with_objects(HeapWord*, unsigned long, bool)+0xa8
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]