JDK-8325672 : C2: allocate PhaseIdealLoop::_loop_or_ctrl from C->comp_arena()
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 21,22,23
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-02-12
  • Updated: 2025-09-25
  • Resolved: 2024-02-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 21 JDK 22 JDK 23
21.0.3Fixed 22.0.1Fixed 23 b10Fixed
Related Reports
Relates :  
JDK-8337015 - Revisit resource arena allocations in C2
Relates :  
JDK-8302670 - use-after-free related to PhaseIterGVN interaction with Unique_Node_List and Node_Stack
Relates :  
JDK-8366990 - C2: Compilation stuck when verifying loop opts in Split-If code
Description
If we don't do that, then this array is ResourceArea allocated. That means we can get in trouble with ResourceMarks inside the PhaseIdealLoop. If the array is updated because of new nodes, and this grows the area in a ResourceMark scope, then the data behind _loop_or_ctrl becomes invalid, and we get use-after-free memory corruption bugs.

The array was added in JDK-8302670, hence this is a fix to that regression. We should backport down to JDK21.

I don't yet have a reproducer. But this triggered with my patch for JDK-8325589.
Comments
A pull request was submitted for review. URL: https://git.openjdk.org/jdk22u/pull/72 Date: 2024-02-28 06:38:28 +0000
28-02-2024
Fix Request (JDK 22u) Potential use-after-free in C2 code. Regression in JDK 21, the fix was already backported to JDK 21u. The fix is low risk because it only changes the location some data is allocated in. Tested with tier1,tier2,tier3,hs-comp-stress,hs-precheckin-comp. Applies cleanly.
28-02-2024
[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Simple fix to resolve C2 use-after-free bug introduced in JDK 21. Applies cleanly. Testing passes. The usual risk for C2 changes applies, but the error looks real and fix is simple.
15-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/261 Date: 2024-02-14 09:29:26 +0000
14-02-2024
Changeset: 74b90aa8 Author: Emanuel Peter <epeter@openjdk.org> Date: 2024-02-13 16:09:09 +0000 URL: https://git.openjdk.org/jdk/commit/74b90aa87e7cfa52ac09bf2e57258d792f740f00
13-02-2024
ILW = Potential use-after-free memory corruption bug, never observed, no workaround but disable compilation of affected method = HLM = P3
13-02-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17814 Date: 2024-02-12 17:54:14 +0000
12-02-2024