Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8054478

C2: Incorrectly compiled char[] array access crashes JVM

    Details

    • Subcomponent:
    • Resolved In Build:
      b42
    • CPU:
      x86_64
    • Verification:
      Verified

      Backports

        Description

        The following test case demonstrates the problem.
        Run java -XX:CompileOnly=CharArrayCrash CharArrayCrash

        The program crashes in mixed or -Xcomp mode. Works fine with -Xint.
        Also works well on 6u37. Crashes on 7u67 and 8u11.
        The issue can be reproduced on amd64 only.


        public class CharArrayCrash {
            static char[] pattern0 = {0};
            static char[] pattern1 = {1};

            static void test(char[] array) {
                if (pattern1 == null) return;

                int i = 0;
                int pos = 0;
                char c = array[pos];

                while (i >= 0 && (c == pattern0[i] || c == pattern1[i])) {
                    i--;
                    pos--;
                    if (pos != -1) {
                        c = array[pos];
                    }
                }
            }

            public static void main(String[] args) {
                for (int i = 0; i < 1000000; i++) {
                    test(new char[1]);
                }
            }
        }


        hs_err.log attached.
        The ACCESS_VIOLATION happens at
            movzx r11d,WORD PTR [rdx+r8*2+0x10]
        that stands for `caload` bytecode.
        `rdx` here is a valid char[] oop, but the offset is illegal: `r8` = 0xffffffff

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  roland Roland Westrelin
                  Reporter:
                  apangin Andrei Pangin
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: