8151623: Zap freed Metaspace chunks in non-product binaries

Reviewed-by: stefank, jmasa

hotspot/src/share/vm/memory/metachunk.cpp

@@ -30,8 +30,6 @@
 
 class VirtualSpaceNode;
 
-const size_t metadata_chunk_initialize = 0xf7f7f7f7;
-
 size_t Metachunk::object_alignment() {
   // Must align pointers and sizes to 8,
   // so that 64 bit types get correctly aligned.
@@ -58,12 +56,7 @@ Metachunk::Metachunk(size_t word_size,
   _top = initial_top();
 #ifdef ASSERT
   set_is_tagged_free(false);
-  size_t data_word_size = pointer_delta(end(),
+  mangle(uninitMetaWordVal);
-                                        _top,
-                                        sizeof(MetaWord));
-  Copy::fill_to_words((HeapWord*)_top,
-                      data_word_size,
-                      metadata_chunk_initialize);
 #endif
 }
 
@@ -98,12 +91,12 @@ void Metachunk::print_on(outputStream* st) const {
 }
 
 #ifndef PRODUCT
-void Metachunk::mangle() {
+void Metachunk::mangle(juint word_value) {
-  // Mangle the payload of the chunk and not the links that
+  // Overwrite the payload of the chunk and not the links that
   // maintain list of chunks.
-  HeapWord* start = (HeapWord*)(bottom() + overhead());
+  HeapWord* start = (HeapWord*)initial_top();
   size_t size = word_size() - overhead();
-  Copy::fill_to_words(start, size, metadata_chunk_initialize);
+  Copy::fill_to_words(start, size, word_value);
 }
 #endif // PRODUCT
 

hotspot/src/share/vm/memory/metachunk.hpp

@@ -145,7 +145,9 @@ class Metachunk : public Metabase<Metachunk> {
 
   bool contains(const void* ptr) { return bottom() <= ptr && ptr < _top; }
 
-  NOT_PRODUCT(void mangle();)
+#ifndef PRODUCT
+  void mangle(juint word_value);
+#endif
 
   void print_on(outputStream* st) const;
   void verify();

hotspot/src/share/vm/memory/metaspace.cpp

@@ -811,11 +811,6 @@ void VirtualSpaceNode::verify_container_count() {
 BlockFreelist::BlockFreelist() : _dictionary(new BlockTreeDictionary()) {}
 
 BlockFreelist::~BlockFreelist() {
-  LogHandle(gc, metaspace, freelist) log;
-  if (log.is_trace()) {
-    ResourceMark rm;
-    dictionary()->print_free_lists(log.trace_stream());
-  }
   delete _dictionary;
 }
 
@@ -2145,6 +2140,7 @@ void ChunkManager::return_chunks(ChunkIndex index, Metachunk* chunks) {
     // by the call to return_chunk_at_head();
     Metachunk* next = cur->next();
     DEBUG_ONLY(cur->set_is_tagged_free(true);)
+    NOT_PRODUCT(cur->mangle(badMetaWordVal);)
     list->return_chunk_at_head(cur);
     cur = next;
   }
@@ -2169,11 +2165,9 @@ SpaceManager::~SpaceManager() {
     log.trace("~SpaceManager(): " PTR_FORMAT, p2i(this));
     ResourceMark rm;
     locked_print_chunks_in_use_on(log.trace_stream());
+    block_freelists()->print_on(log.trace_stream());
   }
 
-  // Do not mangle freed Metachunks.  The chunk size inside Metachunks
-  // is during the freeing of a VirtualSpaceNodes.
-
   // Have to update before the chunks_in_use lists are emptied
   // below.
   chunk_manager()->inc_free_chunks_total(allocated_chunks_words(),
@@ -2206,9 +2200,8 @@ SpaceManager::~SpaceManager() {
   Metachunk* humongous_chunks = chunks_in_use(HumongousIndex);
 
   while (humongous_chunks != NULL) {
-#ifdef ASSERT
+    DEBUG_ONLY(humongous_chunks->set_is_tagged_free(true);)
-    humongous_chunks->set_is_tagged_free(true);
+    NOT_PRODUCT(humongous_chunks->mangle(badMetaWordVal);)
-#endif
     log.trace(PTR_FORMAT " (" SIZE_FORMAT ") ", p2i(humongous_chunks), humongous_chunks->word_size());
     assert(humongous_chunks->word_size() == (size_t)
            align_size_up(humongous_chunks->word_size(),
@@ -2527,7 +2520,7 @@ void SpaceManager::mangle_freed_chunks() {
     for (Metachunk* curr = chunks_in_use(index);
          curr != NULL;
          curr = curr->next()) {
-      curr->mangle();
+      curr->mangle(uninitMetaWordVal);
     }
   }
 }

hotspot/src/share/vm/utilities/globalDefinitions.hpp

@@ -1056,6 +1056,7 @@ const int      badHandleValue   = 0xBC;                     // value used to zap
 const int      badResourceValue = 0xAB;                     // value used to zap resource area
 const int      freeBlockPad     = 0xBA;                     // value used to pad freed blocks.
 const int      uninitBlockPad   = 0xF1;                     // value used to zap newly malloc'd blocks.
+const juint    uninitMetaWordVal= 0xf7f7f7f7;               // value used to zap newly allocated metachunk
 const intptr_t badJNIHandleVal  = (intptr_t) UCONST64(0xFEFEFEFEFEFEFEFE); // value used to zap jni handle area
 const juint    badHeapWordVal   = 0xBAADBABE;               // value used to zap heap after GC
 const juint    badMetaWordVal   = 0xBAADFADE;               // value used to zap metadata heap after GC