IBM Support

IV85454: JAVA JIT - HEAP CORRUPTION DUE TO ARRAYCOPY OF UP TO 8 TIMES TOO MANY BYTES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Error Message: A SIGSEGV is received, but other symptoms are
possible depending on how the corrupted memory is used.
.
Stack Trace: N/A
.
The problem can only occur when using java bytecodes that are
generated by something other then javac. The case that was
reported was using bytecodes generated by Groovy.
The problem occurs when the java bytecode "multianewarray" is
used with the number of dimensions set to 1. This is not
something that javac would ever generate since the same thing
can be accomplished using "anewarray" in a more compact fashion.

Local fix

  • The problem can be avoided by using the following java command
line option:
-Xjit:disableArrayCopyOpts
Use of this option will have an effect on performance but in
most cases it will be very minor.

Problem summary

  • The JIT was assuming that the use of "multianewarray" would
always result in a 2 or more dimensional array with a reference
array that links all the dimension arrays together. When
"mulianewarray" is used to create a one dimensional array there
is no reference array but the JIT would mark it as being a
reference array. If an arraycopy was executed against this array
it would multiply the offsets and length by the size of a
reference potentially resulting memory corruption.

Problem conclusion

  • The JIT was modified so that uses of "multianewarray" for one
dimensional arrays does not mark the resulting array as a
reference array.
.
This APAR will be fixed in the following Java Releases:
   7    SR9 FP50  (7.0.9.50)
   6    SR16 FP30 (6.0.16.30)
   7 R1 SR3 FP50  (7.1.3.50)
   6 R1 SR8 FP30  (6.1.8.30)
   8    SR3 FP10  (8.0.3.10)
.
Contact your IBM Product's Service Team for these Service
Refreshes and Fix Packs.
For those running stand-alone, information about the available
Service Refreshes and Fix Packs can be found at:
           https://www.ibm.com/developerworks/java/jdk/

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IV85454
    • 

  • Reported component name
    JIT
    • 

  • Reported component ID
    620700124
    • 

  • Reported release
    260
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2016-06-03
    • 

  • Closed date
    2016-06-09
    • 

  • Last modified date
    2016-06-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    JIT
    • 

  • Fixed component ID
    620700124
    • 



Applicable component levels


    

  • R260  PSY
       UP
    • 

  • R600  PSY
       UP
    • 

  • R130  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC9HBA","label":"Just In Time (JIT) Compiler"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"260","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            27 June 2016
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback