Value Types: crash when System.arrayCopy sets null in null-restricted array

eclipse-openj9 / openj9

Eclipse OpenJ9: A Java Virtual Machine for OpenJDK that's optimized for small footprint, fast start-up, and high throughput. Builds on Eclipse OMR (https://github.com/eclipse/omr) and combines with the Extensions for OpenJDK for OpenJ9 repo.

Other

3.28k stars 721 forks source link

Value Types: crash when System.arrayCopy sets null in null-restricted array #20253

Closed theresa-m closed 1 month ago

theresa-m commented 1 month ago

Related to https://github.com/eclipse-openj9/openj9/issues/20223 I also tried the following to see whether or not I can copy null into a null-restricted array. This test results in a segmentation error.

java --enable-preview --add-exports java.base/jdk.internal.vm.annotation=ALL-UNNAMED --add-exports java.base/jdk.internal.value=ALL-UNNAMED -XX:ValueTypeFlatteningThreshold=99999 -XX:+EnableArrayFlattening -Xint TestNullRestrictedArray

        static private void test1(int x) {
           SomeValueClass1[] array1 = (SomeValueClass1[])ValueClass.newArrayInstance(NullRestrictedCheckedType.of(SomeValueClass1.class), ARRAY_SIZE);
           SomeValueClass1[] array2 = new SomeValueClass1[ARRAY_SIZE];

                for (int i=0; i < ARRAY_SIZE; i++) {
                        array1[i] = new SomeValueClass1(i*x);
                        array2[i] = null;
                }

                System.arraycopy(array2, 0, array1, 0, ARRAY_SIZE);
        }

Changes from https://github.com/eclipse-openj9/openj9/pull/20250 are needed to reproduce this.

github-actions[bot] commented 1 month ago

Issue Number: 20253 Status: Open Recommended Components: comp:vm, comp:test, comp:gc Recommended Assignees: hangshao0, babsingh, gacholio

dmitripivkine commented 1 month ago

Speculating, but please be aware it is possible we do not have proper implementation for some cases for Flattened Arrays copy. Traditional array copy functions might have deal with hardcoded element sizes 1, 2, 4 , 8. Copy of different size element byte by byte might be not sufficient due possible object references embedded to the element. Coping object reference should be done size-atomic. Also it might require triggering of GC barriers. Please do not hesitate to ask if there is one of this cases or you need help with investigation.

hangshao0 commented 1 month ago

There is a comment in the code:

https://github.com/eclipse-openj9/openj9/blob/e425dbfb6065d12ed3c80ee59262160a70aa926d/runtime/vm/createramclass.cpp#L3455-L3458

The flag J9ClassIsFlattened is expected to be removed from nullable array.

theresa-m commented 1 month ago

Oh yea... that was me wasn't it 😅. Thanks, I'll start there.

github-actions[bot] commented 1 month ago

Issue Number: 20253 Status: Closed Actual Components: comp:vm, project:valhalla Actual Assignees: No one :( PR Assignees: theresa-m