8346916: [REDO] align_up has potential overflow

[caspernorrbin]

Hi everyone,

The align_up function can potentially overflow, resulting in undefined behavior. Most use cases rely on the assumption that aligned_result >= original. To address this, I've added an assertion to verify this condition.

The original PR (#20808) missed cases where overflow checks already existed, so I've now went through usages of align_up and found the places with explicit checks. Most notably, #23168 added align_up_or_null to metaspace, but this function is also useful elsewhere. Given this, I relocated it to align.hpp, alongside the rest of the alignment functions.

Additionally, I've created align_up_or_min, which behaves similarly to the original align_up but handles overflows predictably across all integer types. This new function is used in the locations where overflow checks already exist, providing a safer alternative.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8346916: [REDO] align_up has potential overflow (Bug - P4)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/23711/head:pull/23711
$ git checkout pull/23711

Update a local copy of the PR:
$ git checkout pull/23711
$ git pull https://git.openjdk.org/jdk.git pull/23711/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 23711

View PR using the GUI difftool:
$ git pr show -t 23711

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/23711.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back cnorrbin! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

❗ This change is not yet ready to be integrated.
See the Progress checklist in the description for automated requirements.

[openjdk]

@caspernorrbin The following label will be automatically applied to this pull request:

• hotspot

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 00: Full (c3bd1f1a)

[dean-long]

Can you explain what was wrong with the original fix? The BACKOUT only mentions that tests failed, but doesn't say why.
Also, I fail to see why align_up_or_min is an improvement. It seems to silently mask errors, and the callers are not checking the result. Having a size the overflows size_t seems like an error to me.

[caspernorrbin]

Can you explain what was wrong with the original fix? The BACKOUT only mentions that tests failed, but doesn't say why. Also, I fail to see why align_up_or_min is an improvement. It seems to silently mask errors, and the callers are not checking the result. Having a size the overflows size_t seems like an error to me.

The original fix failed because of tests where overflow was the expected result. In the files changed here, it was either possible to recover from the overflow, or the caller does their own error checking. In both cases, the caller relied on the previous behaviour from align_up, and do check the result from align_up_or_min/align_up_or_null.

[dean-long]

I don't see where we check the return value of align_up_or_min for the changes in src/hotspot/share/gc/shared/gcArguments.cpp. If tests fail because of align_up, maybe the test should be fixed?