Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8158913

aarch64: SEGV running Spark terasort

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: hotspot
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b126
    • CPU:
      aarch64
    • OS:
      linux

      Description

      One of our partners has reported SEGV running Spark Terasort.

      The problem occurs in gen_write_ref_array_post_barrier in the following code

                __ BIND(L_loop);
                __ strb(zr, Address(start, count));
                __ subs(count, count, 1);
                __ br(Assembler::HS, L_loop);

      which, when given a count of 0 will continue zeroing memory beyond the end of the byte map because of the use of unsigned comparison.

      Here is the partners report

      "
          I find that in certain cases StubRoutines::_generic_arraycopy can be passed an element count of zero.
          And this zero element count may be further passed to StubRoutines::_arrayof_oop_disjoint_arraycopy.
          In that case, it will trigger a segmentation fault in native code generated by gen_write_ref_array_post_barrier.
          The reason is that we got a zero count before entering the following loop, but we are using unsigned compare here to check the loop condition.
          710 __ BIND(L_loop);
          711 __ strb(zr, Address(start, count));
          712 __ subs(count, count, 1);
          713 __ br(Assembler::HS, L_loop);
          714 }

          I checked X86 and Sparc port, they both use signed compare with zero here.

          Patch was generated from the the latest jdk9 hs-comp repo:

      diff -r 7f42e988b083 src/cpu/aarch64/vm/stubGenerator_aarch64.cpp
      --- a/src/cpu/aarch64/vm/stubGenerator_aarch64.cpp Thu Jun 02 17:52:42 2016 +0000
      +++ b/src/cpu/aarch64/vm/stubGenerator_aarch64.cpp Mon Jun 06 13:51:51 2016 +0800
      @@ -710,7 +710,7 @@
                 __ BIND(L_loop);
                 __ strb(zr, Address(start, count));
                 __ subs(count, count, 1);
      - __ br(Assembler::HS, L_loop);
      + __ br(Assembler::GE, L_loop);
               }
               break;
             default:
      "

        Activity

        Hide
        hgupdate HG Updates added a comment -
        URL: http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/84ff58dfd5e0
        User: enevill
        Date: 2016-06-08 09:05:00 +0000
        Show
        hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/84ff58dfd5e0 User: enevill Date: 2016-06-08 09:05:00 +0000
        Hide
        hgupdate HG Updates added a comment -
        URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/84ff58dfd5e0
        User: lana
        Date: 2016-07-06 20:17:31 +0000
        Show
        hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/84ff58dfd5e0 User: lana Date: 2016-07-06 20:17:31 +0000

          People

          • Assignee:
            enevill Ed Nevill
            Reporter:
            enevill Ed Nevill
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: