JDK-8233019 : java.lang.Class.isPrimitive() (C1) returns wrong result if Klass* is aligned to 32bit
- Type: Bug
- Component: hotspot
- Sub-Component: compiler
- Affected Version: 9,10,11,12,13,14
- Priority: P3
- Status: Resolved
- Resolution: Fixed
- CPU: x86
- Submitted: 2019-10-25
- Updated: 2023-11-27
- Resolved: 2019-11-05
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| JDK 11 | JDK 13 | JDK 14 | Other |
|---|---|---|---|
| 11.0.7Fixed | 13.0.4Fixed | 14 b22Fixed  |
openjdk8u352Fixed |
Related Reports
|
Relates :
|
|
|
Relates :
|
|
|
Relates :
|
Description
A Klass* allocated at a 32bit aligned address (all lower 32 bits set to zero) may cause jlClass::isPrimitive() to return the wrong value.
The reason is that the C1 intrinsic for jlClass::isPrimitive(), which compares the Klass* address with NULL, does so using a 32bit compare:
-------------
6512 Compiled method (c1) 822 31 1 java.lang.invoke.MethodTypeForm::canonicalize (233 bytes)
..<snip>..
6544 ;; block B2 [9, 13]
6545 0x00007f2ca8e76f3f: mov 0x50(%rsi),%rdi ; implicit exception: dispatches to 0x00007f2ca8e771ec
6546 0x00007f2ca8e76f43: cmp $0x0,%edi <<<< 32bit?
6547 0x00007f2ca8e76f46: mov $0x0,%edi
6548 0x00007f2ca8e76f4b: jne 0x00007f2ca8e76f56
6549 0x00007f2ca8e76f51: mov $0x1,%edi ;*invokevirtual isPrimitive {reexecute=0 rethrow=0 return_oop=0}
6550 ; - java.lang.invoke.MethodTypeForm::canonicalize@10 (line 263)
-------------
Reproduce:
This is not possible to reproduce in the stock VM (though it could happen, albeit with very low probability).
However, in the new metaspace allocator under development for JDK-8221173 chunk headers are removed from metaspace and therefore the very first Klass* ever to be allocated is located directly at class space start, which may be aligned to 32bit.
This very first Klass* usually belongs to boolean[].class.
CDS needs to be off for this to happen.
To reproduce, sync jdk-sandbox, branch "stuefe-new-metaspace-branch".
Then apply the following patch to force class space to a rounded address:
--- a/src/hotspot/share/memory/metaspace.cpp Sat Oct 19 09:26:24 2019 +0200
+++ b/src/hotspot/share/memory/metaspace.cpp Fri Oct 25 15:40:32 2019 +0200
@@ -828,6 +828,8 @@
#ifdef _LP64
if (using_class_space()) {
char* base = (char*)align_up(CompressedOops::end(), _reserve_alignment);
+ base= (char*)0xb00000000ULL;
allocate_metaspace_compressed_klass_ptrs(base, 0);
}
#endif // _LP64
(any address with 32bits set to zero will do).
and build.
Then run the jtreg test "java/util/stream/test/org/openjdk/tests/java/util/stream/StreamCloseTest.java", with CDS disabled. It will show an internal error related to isPrimitive() for boolean[].class being wrong.
Comments
|