Skip to content

Conversation

jcking
Copy link
Contributor

@jcking jcking commented Oct 10, 2025

Fix JDK-8369506 by adding STLR when updating the bytecode. Additionally I added a quick debug only check which verifies the field offset we get from ResolvedFieldEntry in TemplateTable::fast_* will not clobber the header or Klass pointer. The added STLR, a long with the already existing DMB ISHLD in InterpreterMacroAssembler::load_field_entry, guarantees that the fully filled out ResolvedFieldEntry is observable if the patched bytecode is observable. We do not need to add LDAR for bytecode loading or LDAR in TemplateTable::fast_* for that reason. If another observer happens to observe a 0 field offset, its guaranteed then that they will also observe the non-patched bytecode which will ultimately end up doing the resolution again, which is okay.


Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue
  • Change must be properly reviewed (2 reviews required, with at least 1 Reviewer, 1 Author)

Issue

  • JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64 (Bug - P2)

Reviewers

Contributors

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/27748/head:pull/27748
$ git checkout pull/27748

Update a local copy of the PR:
$ git checkout pull/27748
$ git pull https://git.openjdk.org/jdk.git pull/27748/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 27748

View PR using the GUI difftool:
$ git pr show -t 27748

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/27748.diff

Using Webrev

Link to Webrev Comment

@bridgekeeper
Copy link

bridgekeeper bot commented Oct 10, 2025

👋 Welcome back jcking! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk
Copy link

openjdk bot commented Oct 10, 2025

@jcking This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8369506: Bytecode rewriting causes Java heap corruption on AArch64

Co-authored-by: Man Cao <[email protected]>
Co-authored-by: Chuck Rasbold <[email protected]>
Reviewed-by: shade, aph, manc

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 2 new commits pushed to the master branch:

  • c9cbd31: 8307495: Specialize atomic bitset functions for aix-ppc
  • bfe6937: 8369444: JavaFrameAnchor on PPC64 has unnecessary barriers

Please see this link for an up-to-date comparison between the source branch of this pull request and the master branch.
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

@openjdk openjdk bot changed the title JDK-8369506: Bytecode rewriting causes Java heap corruption on AArch64 8369506: Bytecode rewriting causes Java heap corruption on AArch64 Oct 10, 2025
@openjdk
Copy link

openjdk bot commented Oct 10, 2025

@jcking The following label will be automatically applied to this pull request:

  • hotspot-compiler

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

@jcking
Copy link
Contributor Author

jcking commented Oct 10, 2025

/contributor add manc

@jcking
Copy link
Contributor Author

jcking commented Oct 10, 2025

/contributor add rasbold

@openjdk
Copy link

openjdk bot commented Oct 10, 2025

@jcking
Contributor Man Cao <[email protected]> successfully added.

@openjdk
Copy link

openjdk bot commented Oct 10, 2025

@jcking
Contributor Chuck Rasbold <[email protected]> successfully added.

@jcking jcking force-pushed the aarch64-rewrite-bytecodes branch from cd74eac to 5b5087e Compare October 10, 2025 16:51
@theRealAph
Copy link
Contributor

Fix JDK-8369506 by adding STLR when updating the bytecode. Additionally I added a quick debug only check which verifies the field offset we get from ResolvedFieldEntry in TemplateTable::fast_* will not clobber the header or Klass pointer. The added STLR guarantees that the fully filled out ResolvedFieldEntry is observable if the patched bytecode is observable. We do not need to add LDAR for bytecode loading or LDAR in TemplateTable::fast_* for that reason.

How does this follow? We need some sort of happens-before relationship on the reader side to make sure that the resolved field entry is observed. I guess this PR relies on a control dependency between reading the patched bytecode and executing the code that reads the resolved field entry.

@jcking
Copy link
Contributor Author

jcking commented Oct 12, 2025

Fix JDK-8369506 by adding STLR when updating the bytecode. Additionally I added a quick debug only check which verifies the field offset we get from ResolvedFieldEntry in TemplateTable::fast_* will not clobber the header or Klass pointer. The added STLR guarantees that the fully filled out ResolvedFieldEntry is observable if the patched bytecode is observable. We do not need to add LDAR for bytecode loading or LDAR in TemplateTable::fast_* for that reason.

How does this follow? We need some sort of happens-before relationship on the reader side to make sure that the resolved field entry is observed. I guess this PR relies on a control dependency between reading the patched bytecode and executing the code that reads the resolved field entry.

Yes, that is what the PR relies upon. However we are still discussing internally on whether that is enough as we would rather not have a repeat N years down the line as hardware advances. I left this in draft until we figure it out and will poke you once we are more confident.

The AArch64 docs are not super clear. It does have this sentence: A store-release guarantees that all earlier memory accesses are visible before the store-release becomes visible and that the store is visible to all parts of the system capable of storing cached data at the same time. Which to me, a long with other terminology, seems to imply the two STLRs are enough. But I wouldn't bet money on it.

@theRealAph
Copy link
Contributor

But I wouldn't bet money on it.

B2.3.6, Dependency relations, Control dependency, gives you what you need on the reader side.

@jcking
Copy link
Contributor Author

jcking commented Oct 15, 2025

Based on conversations in https://bugs.openjdk.org/browse/JDK-8369506 and herd7 models, it is believed that this patch is sufficient for AArch64. Marking as ready.

@jcking jcking marked this pull request as ready for review October 15, 2025 13:24
@jcking
Copy link
Contributor Author

jcking commented Oct 15, 2025

@shipilev PTAL as well.

@jcking jcking requested a review from theRealAph October 15, 2025 13:25
@openjdk openjdk bot added the rfr Pull request is ready for review label Oct 15, 2025
@mlbridge
Copy link

mlbridge bot commented Oct 15, 2025

Webrevs

Copy link
Member

@shipilev shipilev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I agree this is sufficient. I have only cosmetic comments:

@shipilev
Copy link
Member

/reviewers 2

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Oct 15, 2025
@openjdk
Copy link

openjdk bot commented Oct 15, 2025

@shipilev
The total number of required reviews for this PR (including the jcheck configuration and the last /reviewers command) is now set to 2 (with at least 1 Reviewer, 1 Author).

@openjdk openjdk bot removed the ready Pull request is ready to be integrated label Oct 15, 2025
Signed-off-by: Justin King <[email protected]>
@jcking jcking requested a review from shipilev October 15, 2025 14:32
@shipilev
Copy link
Member

shipilev commented Oct 15, 2025

Now running tests in my Graviton 3 instance to make sure the new verification code is not barfing up anywhere.

PR patch applies with fuzz, BTW, consider merging from mainline:

% patch -p1 < 27748.diff 
patching file src/hotspot/cpu/aarch64/interp_masm_aarch64.cpp
patching file src/hotspot/cpu/aarch64/interp_masm_aarch64.hpp
patching file src/hotspot/cpu/aarch64/templateTable_aarch64.cpp
Hunk #3 succeeded at 3098 (offset 15 lines).
Hunk #4 succeeded at 3188 (offset 15 lines).
Hunk #5 succeeded at 3256 (offset 15 lines).

@jcking
Copy link
Contributor Author

jcking commented Oct 15, 2025

PR patch applies with fuzz, BTW, consider merging from mainline:

Merged.

@shipilev
Copy link
Member

Linux AArch64 server fastdebug, make test TEST=all has no new problems here.

Copy link
Contributor

@theRealAph theRealAph left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. Please make sure that this has bug reports for PPC and RISCV, and announce them to hotspot-dev.

@openjdk openjdk bot added the ready Pull request is ready to be integrated label Oct 15, 2025
@jcking
Copy link
Contributor Author

jcking commented Oct 15, 2025

OK. Please make sure that this has bug reports for PPC and RISCV, and announce them to hotspot-dev.

When you talk about announce, are you just referring to sending a somewhat short and sweet email to hotspot-dev calling out the 3 issues (RISCV and PPC bugs to be created) and that they can result in Java heap corruption? Just want to make sure I am not annoying people. I'll file the RISCV and PPC bugs shortly or tomorrow morning, integrate this after, and pursue a backport to JDK 25. There was a code change in this path before JDK 25, IIRC, so the fix would have to be validated again for JDKs before that.

Copy link
Contributor

@caoman caoman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shipilev
Copy link
Member

shipilev commented Oct 16, 2025

When you talk about announce, are you just referring to sending a somewhat short and sweet email to hotspot-dev calling out the 3 issues (RISCV and PPC bugs to be created) and that they can result in Java heap corruption?

There is no need to announce on hotspot-dev.

I looked through the other arches, so:

@shipilev
Copy link
Member

LG, but with a question about hoisting the member(LoadLoad):

One can, but then you'll have to remember to put it in every TemplateTable::fast_* that might be accessing RFE. So putting it near RFE access itself looks more reliable, even though not exactly on point.

@shipilev
Copy link
Member

@theRealAph -- oddly, I have GH notifications about some of your recent suggestions in comments, but I do not see them in PR itself. Maybe you need to "publish" the review?

@theRealAph
Copy link
Contributor

@theRealAph -- oddly, I have GH notifications about some of your recent suggestions in comments, but I do not see them in PR itself. Maybe you need to "publish" the review?

No, I made some mistakes so deleted the comments.

@jcking
Copy link
Contributor Author

jcking commented Oct 16, 2025

/integrate

@openjdk
Copy link

openjdk bot commented Oct 16, 2025

Going to push as commit 18fd047.
Since your change was applied there have been 32 commits pushed to the master branch:

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot added the integrated Pull request has been integrated label Oct 16, 2025
@openjdk openjdk bot closed this Oct 16, 2025
@openjdk openjdk bot removed ready Pull request is ready to be integrated rfr Pull request is ready for review labels Oct 16, 2025
@openjdk
Copy link

openjdk bot commented Oct 16, 2025

@jcking Pushed as commit 18fd047.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

hotspot-compiler [email protected] integrated Pull request has been integrated

Development

Successfully merging this pull request may close these issues.

4 participants