Certain GrowableArrays are being allocated with the "C_heap" flag set
to true but without the ResourceObj::C_HEAP flag being passed to
operator new for the GrowableArray object itself. This is a problem
because it is very easy to accidentally allocate the GrowableArray
underneath a ResourceMark which is later cleared, which will cause the
storage for the GrowableArray object itself (including nesting, arena,
and data pointer flags) to be overwritten later. This can cause
crashes in product mode and/or assertion failures in debug mode. In
the absence of assertions that the allocation class of the
GrowableArray matches that of its contained data array, these
allocation sites should be fixed to pass ResourceObj::C_HEAP as
argument to operator new. It is possible that these sites are benign
because the allocation is being done at a point where the ResourceMark
nesting is known, but if we add assertion checking later then these
allocation sites will fail.
When making this change the responsible engineer should be careful not
to introduce new memory leaks. In particular, the following cleanup
sequence for these arrays should be obeyed:
array->clear_and_deallocate();
delete array; // call destructors, but ResourceObj destructor
// doesn't free memory which was allocated in
// the C-heap with malloc
FreeHeap(Array); // ... so use this to free the memory
See Label::free() in assembler.hpp for an example.
The relevant allocation sites for this group's code are attached.
-
-
-
-
-
hotspot/runtime_system:
src/share/vm/runtime/perfData.cpp:537: _set = new(ResourceObj::C_HEAP) PerfDataArray(length, true);
- call clear_and_deallocate and delete
src/share/vm/runtime/unhandledOops.cpp:19: _oop_list = new (ResourceObj::C_HEAP)
- call operator delete for completeness
src/share/vm/utilities/ostream.cpp:319: fileStream* file = new(ResourceObj::C_HEAP) fileStream(try_name);
src/share/vm/utilities/ostream.cpp:330: file = new(ResourceObj::C_HEAP) fileStream(try_name);
src/share/vm/utilities/ostream.cpp:334: xmlStream* xs = new(ResourceObj::C_HEAP) xmlStream(file);
src/share/vm/utilities/ostream.cpp:539: defaultStream::instance = new(ResourceObj::C_HEAP) defaultStream();
src/share/vm/utilities/ostream.cpp:551: fileStream * gclog = new(ResourceObj::C_HEAP)
- call FreeHeap after operator delete
~
to true but without the ResourceObj::C_HEAP flag being passed to
operator new for the GrowableArray object itself. This is a problem
because it is very easy to accidentally allocate the GrowableArray
underneath a ResourceMark which is later cleared, which will cause the
storage for the GrowableArray object itself (including nesting, arena,
and data pointer flags) to be overwritten later. This can cause
crashes in product mode and/or assertion failures in debug mode. In
the absence of assertions that the allocation class of the
GrowableArray matches that of its contained data array, these
allocation sites should be fixed to pass ResourceObj::C_HEAP as
argument to operator new. It is possible that these sites are benign
because the allocation is being done at a point where the ResourceMark
nesting is known, but if we add assertion checking later then these
allocation sites will fail.
When making this change the responsible engineer should be careful not
to introduce new memory leaks. In particular, the following cleanup
sequence for these arrays should be obeyed:
array->clear_and_deallocate();
delete array; // call destructors, but ResourceObj destructor
// doesn't free memory which was allocated in
// the C-heap with malloc
FreeHeap(Array); // ... so use this to free the memory
See Label::free() in assembler.hpp for an example.
The relevant allocation sites for this group's code are attached.
-
-
-
-
-
hotspot/runtime_system:
src/share/vm/runtime/perfData.cpp:537: _set = new(ResourceObj::C_HEAP) PerfDataArray(length, true);
- call clear_and_deallocate and delete
src/share/vm/runtime/unhandledOops.cpp:19: _oop_list = new (ResourceObj::C_HEAP)
- call operator delete for completeness
src/share/vm/utilities/ostream.cpp:319: fileStream* file = new(ResourceObj::C_HEAP) fileStream(try_name);
src/share/vm/utilities/ostream.cpp:330: file = new(ResourceObj::C_HEAP) fileStream(try_name);
src/share/vm/utilities/ostream.cpp:334: xmlStream* xs = new(ResourceObj::C_HEAP) xmlStream(file);
src/share/vm/utilities/ostream.cpp:539: defaultStream::instance = new(ResourceObj::C_HEAP) defaultStream();
src/share/vm/utilities/ostream.cpp:551: fileStream * gclog = new(ResourceObj::C_HEAP)
- call FreeHeap after operator delete
~
- relates to
-
JDK-6306738 Memory leaks of C-heap allocated ResourceObjs
-
- Resolved
-
-
-
- Resolved
-
-
-
- Resolved
-