Skip to content

Safer type casting #363

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
zhengyu123 wants to merge 13 commits into
base: main
Choose a base branch
from
Open

Safer type casting #363

zhengyu123 wants to merge 13 commits into from
+277 −185

Conversation

@zhengyu123
Copy link
Contributor

@zhengyu123 zhengyu123 commented Feb 10, 2026
edited
Loading

What does this PR do?:

  • Capture uninitialized field offsets
  • Capture invalid memory accesses
  • Capture bad type castings
  • Cleanup, remove unused code
  • Renamed some classes to avoid name collisions with JVM, this improves debugability.

Motivation:
Profiler code heavily depends on vmStructs to decode hotspot JVM internal data structures, but vmStructs evolves version-by-version, that can results in misinterpreting the data structures and leads to crashes.

This PR is intended to capture the problem early, by:

  • check for uninitialized field offsets - likely due to vmStructs name changes, etc.
  • check underlaid memory is mapped before access.
  • check memory range that covers the destination type, is valid before casts to destination type.
  • cleanup: removed unused code, such as:
    permGen - no long presented in supported JVM
    CollectedHeap - no use
  • use macro to generate type declarations and corresponding initializations to avoid boilerplate code.

Additional Notes:
This PR also provides a way to mitigate the tedious tasks to define cast function for a type, which you have to:

  • define a type size variable
  • initialize the size variable
  • populate the size from vmStructs
  • define cast and load_then_cast functions for the type

This PR introduces a macro:

#define DECL_TYPES_DO(f) \
    f(VMClassLoaderData,    MATCH_SYMBOLS("ClassLoaderData")) \
    f(VMConstantPool,       MATCH_SYMBOLS("ConstantPool")) \
    f(VMConstMethod,        MATCH_SYMBOLS("ConstMethod")) \
    f(VMFlag,               MATCH_SYMBOLS("JVMFlag", "Flag")) \
    f(VMJavaFrameAnchor,    MATCH_SYMBOLS("JavaFrameAnchor")) \
    f(VMKlass,              MATCH_SYMBOLS("Klass")) \
    f(VMMethod,             MATCH_SYMBOLS("Method")) \
    f(VMNMethod,            MATCH_SYMBOLS("nmethod")) \
    f(VMSymbol,             MATCH_SYMBOLS("Symbol")) \
    f(VMThread,             MATCH_SYMBOLS("Thread"))

For each row, it defines a type and the symbol(s) used in vmStructs to populate type size. Notice, there can be more than one symbol for the type, due to different JVM versions that export the same value under different names.

To add a new type, you only need to add a row, then use following macros to define the type in profiler, e.g.

DECL_TYPE(VMClassLoaderData)
....
DECL_TYPE_END

The definition automatically creates three methods, with safety checks:

        // size of the type - sizeof(T)
        static uint64_t type_size();
        // cast from a pointer
        static name * cast(const void* ptr); 
        // load a pointer from given location, then cast the pointer
        static name * load_then_cast(const void* ptr);

How to test the change?:
Running tests on different version of JDKs, make sure that newly added checks do not fail.

For Datadog employees:

  • If this PR touches code that signs or publishes builds or packages, or handles
    credentials of any kind, I've requested a review from @DataDog/security-design-and-guidance.
  • This PR doesn't touch any of that.
  • JIRA: PROF-13721

Unsure? Have a question? Request a review!

@dd-octo-sts
Copy link

dd-octo-sts bot commented Feb 10, 2026
edited
Loading

Scan-Build Report

User:runner@runnervmwffz4
Working Directory:/home/runner/work/java-profiler/java-profiler/ddprof-lib/src/test/make
Command Line:make -j4 all
Clang Version:Ubuntu clang version 18.1.3 (1ubuntu1)
Date:Thu Feb 12 14:05:01 2026

Bug Summary

Bug TypeQuantityDisplay?
All Bugs1
Unused code
Dead assignment1

Reports

Bug Group Bug Type ▾ File Function/Method Line Path Length
Unused codeDead assignmentlibraryPatcher_linux.cpppatch_library_unlocked941

@pr-commenter
Copy link

pr-commenter bot commented Feb 10, 2026
edited
Loading

Integration Tests

All 32 integration tests passed

📊 Dashboard · 👷 Pipeline · 📦 9b576012

@pr-commenter
Copy link

pr-commenter bot commented Feb 10, 2026
edited
Loading

Benchmarks [aarch64 memleak,alloc]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes memleak,alloc memleak,alloc
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@dd-octo-sts
Copy link

dd-octo-sts bot commented Feb 10, 2026
edited
Loading

CI Test Results

Run: #21949711057 | Commit: c1900bb | Duration: 20m 36s (longest job)

All 40 test jobs passed

Status Overview

JDK glibc-aarch64/debug glibc-amd64/debug musl-aarch64/debug musl-amd64/debug
8 - - -
8-ibm - - -
8-j9 - -
8-librca - -
8-orcl - - -
8-zing - -
11 - - -
11-j9 - -
11-librca - -
11-zing - -
17 - -
17-graal - -
17-j9 - -
17-librca - -
17-zing - -
21 - -
21-graal - -
21-librca - -
21-zing - -
25 - -
25-graal - -
25-librca - -

Legend: ✅ passed | ❌ failed | ⚪ skipped | 🚫 cancelled

Summary: Total: 40 | Passed: 40 | Failed: 0

Updated: 2026-02-12 14:27:37 UTC

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 cpu,wall,alloc,memleak]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes cpu,wall,alloc,memleak cpu,wall,alloc,memleak
wall on on

Summary

Found 1 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 23 unstable metrics.

scenario Δ mean execution_time Δ mean rss
scenario:renaissance:scala-doku better
[-889.952ms; -446.048ms] or [-3.412%; -1.710%]		 unstable
[-254.860MB; +257.112MB] or [-22.665%; +22.865%]

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 wall]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes wall wall
wall on on

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 15 metrics, 23 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 cpu,wall]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes cpu,wall cpu,wall
wall on on

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 24 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 cpu]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes cpu cpu
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 24 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 alloc]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes alloc alloc
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 wall]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes wall wall
wall on on

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 15 metrics, 23 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 cpu,wall,alloc,memleak]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes cpu,wall,alloc,memleak cpu,wall,alloc,memleak
wall on on

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 cpu,wall]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes cpu,wall cpu,wall
wall on on

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 15 metrics, 23 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 memleak,alloc]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes memleak,alloc memleak,alloc
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 14 metrics, 24 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 cpu]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu on on
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes cpu cpu
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 alloc]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc on on
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak off off
modes alloc alloc
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [aarch64 memleak]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes memleak memleak
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 15 metrics, 23 unstable metrics.

@pr-commenter
Copy link

pr-commenter bot commented Feb 11, 2026

Benchmarks [x86_64 memleak]

Parameters

Baseline Candidate
config baseline candidate
ddprof 1.37.0 1.38.0-zgu_vmstruct_safety-SNAPSHOT
See matching parameters
Baseline Candidate
alloc off off
cpu off off
iterations 5 5
java "11.0.28" "11.0.28"
memleak on on
modes memleak memleak
wall off off

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 16 metrics, 22 unstable metrics.

@zhengyu123 zhengyu123 changed the title WIP: WIP: Safer type casting Feb 11, 2026
@zhengyu123 zhengyu123 changed the title WIP: Safer type casting Safer type casting Feb 12, 2026
@zhengyu123 zhengyu123 marked this pull request as ready for review February 12, 2026 00:24
@zhengyu123 zhengyu123 requested a review from a team as a code owner February 12, 2026 00:24
jbachorik
jbachorik requested changes Feb 12, 2026
View reviewed changes
jbachorik
jbachorik requested changes Feb 12, 2026
View reviewed changes
Copy link
Collaborator

@jbachorik jbachorik left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good effort to get the vmstructs more organized. I wonder, if we can get to a state where the VMStructs class does not need to hold all possible offset holders.

I would really appreciate more cleanup before requesting review. There was a bunch of low-hanging typos and miss-spels here :/

@zhengyu123 zhengyu123 requested a review from rkennke February 12, 2026 13:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbachorik jbachorik jbachorik requested changes

@rkennke rkennke Awaiting requested review from rkennke

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zhengyu123 @jbachorik