RFR: 8145096: Undefined behaviour in HotSpot

Andrew Haley aph at redhat.com
Thu Dec 10 13:30:10 UTC 2015

I've been tracing through HotSpot with GCC's undefined behaviour
sanitizer, which detects instances of undefined behaviour.  There are
many instances of UB we probably don't want to fix (e.g. unaliged
accesses on x86) but some of them are serious.

This patch fixes the signed integer overflow bugs in HotSpot which are
certainly known to occur.  There are surely many more such bugs but to
begin with I want to concentrate on those.

This patch introduces some functions which perform java-like
arithmetic: java-add, etc.  There is no perfectly portable way to do
this in C++, but one way which is widely supported is known as the
"union trick": put the signed integers in a union with their unsigned
equivalents, do the arithmetic, and return the signed versions.  The
"obvious" way to do this via casts does not work with GCC and probably
does not work with other compilers either.  The union trick is well-
supported by C++ compilers and generates efficient code.  I believe
that we should be able to use it everywhere.

I have tried my utmost to change things as little as possible.  There
are certainly places where we could make things more efficient, but my
goal was to limit the scope of this diff to fixing bugs.

Apart from the undefined behaviour being fixed, this patch should
cause no behavioural changes, except in one case.
AdvancedThresholdPolicy::weight() grossly overflows, so much so that
its result is substantially noise. That's fixed here.



More information about the hotspot-dev mailing list