JDK-8265682 : G1: Mutex::_name dangling in HeapRegionRemSet references after JDK-8264146
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 17
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2021-04-21
  • Updated: 2021-05-04
  • Resolved: 2021-04-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17
17 b20Fixed
Related Reports
Duplicate :  
JDK-8265921 - Mutex name may point to garbage after JDK-8264146
Relates :  
JDK-8264146 - Make Mutex point to rather than embed _name
Relates :  
JDK-8265326 - Strange Characters in G1GC GC Log
Description
In JDK-8264146 the _name member of Mutex of HeapRegionRemSet has been made a reference to the passed string (description) instead of a copy.

The code in the HeapRegionRemSet constructor has not been adapted, so that passed reference is now a dangling reference pointing somewhere into the stack.

Fix this.
Comments
Changeset: 222f9f07 Author: Coleen Phillimore <coleenp@openjdk.org> Date: 2021-04-26 14:23:08 +0000 URL: https://git.openjdk.java.net/jdk/commit/222f9f07
26-04-2021
Moved to runtime subcomponent, since this turned out to be more widespread than just a single occurrence in gc code.
23-04-2021
There are other breakages too: oopStorage.cpp: static Mutex* make_oopstorage_mutex(const char* storage_name, const char* kind, int rank) { char name[256]; os::snprintf(name, sizeof(name), "%s %s lock", storage_name, kind); return new PaddedMutex(rank, name, true, Mutex::_safepoint_check_never); } again this leaves the Mutex name pointing into random stack space. Also this is potentially problematic, but there don't seem to be any current uses: WorkGangBarrierSync::WorkGangBarrierSync(uint n_workers, const char* name) : _monitor(Mutex::safepoint, name, true, Monitor::_safepoint_check_never), _n_workers(n_workers), _n_completed(0), _should_reset(false), _aborted(false) { } Also in events.hpp: EventLogBase<T>(const char* name, const char* handle, int length = LogEventsBufferEntries): _mutex(Mutex::event, name, true, Mutex::_safepoint_check_never), all current uses pass a string literal, but that could easily change.
21-04-2021