JDK-8154592 : Exceptions thrown from unsafe operations should be synchronous
  • Type: Enhancement
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 9
  • Priority: P4
  • Status: Closed
  • Resolution: Won't Fix
  • Submitted: 2016-04-19
  • Updated: 2019-08-20
  • Resolved: 2019-08-20
Related Reports
Relates :  
JDK-8150921 - Update Unsafe getters/setters to use double-register variants
Relates :  
JDK-8153890 - Handle unsafe access error as an asynchronous exception
Relates :  
JDK-8191278 - MappedByteBuffer bulk access memory failures are not handled gracefully
Relates :  
JDK-8153890 - Handle unsafe access error as an asynchronous exception
Description
In certain cases, such as accessing a region of a memory mapped file which has been truncated on unix-style operating systems, a SIGBUS signal will be raised and the VM will handle it by throwing an error.

However, the way this is implemented right now the VM isn't actually throwing the error synchronously. Instead, it is marking the thread as having a pending asynchronous exception, updating the context to skip over the faulting instruction, and then lets the thread continue executing. At specific points in the execution the VM checks if it's time to materialize and throw the error.

Hence, between the time of the faulting instruction and the time when the error is thrown the thread may execute a (large) number of instructions which may or may not depend on the side effects of the faulting instruction. For example, on some platforms load instructions may update base pointers, set flags depending on the loaded value, etc. Since the faulting instruction was skipped over there is a risk that the (lack of) side effects from the skipped over instruction can in itself have unwanted side effects.

The only operations which can access these regions (currently) are jdk.internal.misc.Unsafe (or sun.misc), which read and write single values in memory.

For correctness, these unsafe operations should be handled synchronously. They should made to piggy back on the existing null checking exception infrastructure (but instead of SIGSEGV it's SIGBUS, and instead of a NullPointerException it's an InternalError).
Comments
Runtime Triage: This is not on our current list of priorities. We will consider this feature if we receive additional customer requirements.
20-08-2019
even single value access intrinsified in jit can become bulk access if done in loop ( and loop for ever in error handling if the platform, c1/c2 supports instructions with post increment on access) . so i think even this bug should be priority 3 just like 8191278 [~dlong] [~gtriantafill]ou]
20-11-2017
created a CR for tracking/handling memory failures in multiple value access unsafe routines. JDK-8191278 .
15-11-2017
I forgot it's Microsoft Structured Exception Handling that allows it, not regular C++. You can also do it in g++: http://stackoverflow.com/questions/9225415/linux3-gcc46-fnon-call-exceptions-which-signals-are-trapping-instructions
10-05-2016
Ignoring the question of whether we're ready to start using C++ exceptions in the VM, the problematic accesses will generate a page fault and we will get a signal that has to be handled - so I'm unclear how C++ exceptions would help?
06-05-2016
For the native versions in unsafe.cpp, can we consider using C++ exceptions instead of signal handlers and something like setjmp/longjmp?
06-05-2016
Attaching an embryo of a test which can be used to verify that the logic works as expected.
03-05-2016