Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 23
Affects Version/s: 21, 22, 23
Component/s: hotspot
Labels:

Subcomponent:
compiler
Introduced In Build:
b25
Introduced In Version:

21
Resolved In Build:
b10

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8327193	22.0.1	Tobias Hartmann	P3	Resolved	Fixed	b07
JDK-8326504	21.0.4-oracle	Tobias Hartmann	P3	Resolved	Fixed	b01
JDK-8326134	21.0.3	Aleksey Shipilev	P3	Resolved	Fixed	b04

If we don't do that, then this array is ResourceArea allocated. That means we can get in trouble with ResourceMarks inside the PhaseIdealLoop. If the array is updated because of new nodes, and this grows the area in a ResourceMark scope, then the data behind _loop_or_ctrl becomes invalid, and we get use-after-free memory corruption bugs.

The array was added in ~~JDK-8302670~~, hence this is a fix to that regression. We should backport down to JDK21.

I don't yet have a reproducer. But this triggered with my patch for ~~JDK-8325589~~.

backported by

JDK-8326134 C2: allocate PhaseIdealLoop::_loop_or_ctrl from C->comp_arena()

Resolved

JDK-8326504 C2: allocate PhaseIdealLoop::_loop_or_ctrl from C->comp_arena()

Resolved

JDK-8327193 C2: allocate PhaseIdealLoop::_loop_or_ctrl from C->comp_arena()

Resolved

relates to

JDK-8337015 Revisit resource arena allocations in C2

Open

JDK-8302670 use-after-free related to PhaseIterGVN interaction with Unique_Node_List and Node_Stack

Resolved

links to

Commit openjdk/jdk21u-dev/93be33ca

Commit openjdk/jdk22u/78df8c1e

Commit openjdk/jdk/74b90aa8

Review openjdk/jdk21u-dev/261

Review openjdk/jdk22u/72

Review openjdk/jdk/17814

(6 links to)

Assignee:: Emanuel Peter

Reporter:: Emanuel Peter

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2024-02-12 09:50

Updated:: 2024-07-23 04:58

Resolved:: 2024-02-13 08:11

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates