Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8159244

Partially initialized string object created by C2's string concat optimization may escape

    XMLWordPrintable

Details

    • b127
    • Verified

    Backports

      Description

        C2's String concatenation optimization replaces a series of StringBuilder.append() calls by creating a single char buffer array (or byte array with Compact Strings) and emitting direct loads/stores to/from this array. The final StringBuilder.toString() call is replaced by a new String allocation which is initialized to the buffer array (see [1] -> [2], CallStaticJava is replaced).
        Depending on the scheduling of instructions, it may happen that a reference to the newly allocated String object escapes before the String.value field is initialized (see [2], '334 StoreP' stores the String object, '514 StoreP' initializes the String.value field). In a highly concurrent setting, another thread may try to dereference String.value from such a partially initialized String object and crash.

        TestStringObjectInitialization.java reproduces this problem with JDK 7, 8 and 9 (see attached hs_err files) in approximately 1 out of 10 runs. I had to disable Indify String Concat, Compressed Oops and G1 to trigger the bug with JDK 9.

        [1] https://bugs.openjdk.java.net/secure/attachment/60305/graph_baseline_before%20SC.png
        [2] https://bugs.openjdk.java.net/secure/attachment/60306/graph_baseline_after_sc.png

        Attachments

          1. JDK9_hs_err_pid383.log
            64 kB
          2. JDK8u_hs_err_pid23015.log
            67 kB
          3. JDK7_hs_err_pid17491.log
            139 kB
          4. graph_fix.png
            graph_fix.png
            54 kB
          5. graph_baseline_before SC.png
            graph_baseline_before SC.png
            21 kB
          6. graph_baseline_after_sc.png
            graph_baseline_after_sc.png
            28 kB
          7. fix.asm
            0.5 kB
          8. baseline.asm
            0.6 kB

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8160499 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8160584 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8160590 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8162089 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8163638 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8167745 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8168167 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8159372 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8159373 Partially initialized string object created by C2's string concat optimization may escape

            • P1 - Blocks development and/or testing work, production could not run.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8160385 Properly fix 8159244 on jdk7

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8160122 Backport of JDK-8159244 used wrong version of the JDK 9 fix

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8166046 [TESTBUG] compiler/stringopts/TestStringObjectInitialization.java fails with OOME

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Activity

              People

                thartmann Tobias Hartmann
                thartmann Tobias Hartmann
                Votes:
                0 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: