RFR(XS): 8073796: assert(check_obj_alignment(result)) failed: address not aligned: ...
roland.westrelin at oracle.com
Wed Feb 25 13:25:29 UTC 2015
In the Arrays.copyOf intrinsic, when deoptimization happens between the array allocation and the array copy itself, a non initialized array can become visible to the GC (the array copy does the initialization). The array is not referenced for anywhere so this failure is specific to CMS. The fix consists in moving the allocation after the uncommon traps.
A follow up to this fix is the realization that the fix for the similar issue:
8064703: crash running specjvm98's javac following 8060252
that makes deoptimization in arraycopy restart execution at the tightly coupled allocation is not robust enough. It leaves an uninitialized unreferenced array in the heap. That could break with CMS. As pointed to me by GC folks, VerifyGC or anything that walks the entire heap could break as well. So we need to either disabled the optimization that looks for tightly coupled allocations with CMS + VerifyGC etc. or find another way to fix the problem (do the zeroing right before the uncommon trap? In the deoptimization code? Move the guards before the allocation?)
More information about the hotspot-compiler-dev