Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8158913

aarch64: SEGV running Spark terasort

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: 9
    • Fix Version/s: 9
    • Component/s: hotspot
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b126
    • CPU:
      aarch64
    • OS:
      linux

      Backports

        Description

        One of our partners has reported SEGV running Spark Terasort.

        The problem occurs in gen_write_ref_array_post_barrier in the following code

                  __ BIND(L_loop);
                  __ strb(zr, Address(start, count));
                  __ subs(count, count, 1);
                  __ br(Assembler::HS, L_loop);

        which, when given a count of 0 will continue zeroing memory beyond the end of the byte map because of the use of unsigned comparison.

        Here is the partners report

        "
            I find that in certain cases StubRoutines::_generic_arraycopy can be passed an element count of zero.
            And this zero element count may be further passed to StubRoutines::_arrayof_oop_disjoint_arraycopy.
            In that case, it will trigger a segmentation fault in native code generated by gen_write_ref_array_post_barrier.
            The reason is that we got a zero count before entering the following loop, but we are using unsigned compare here to check the loop condition.
            710 __ BIND(L_loop);
            711 __ strb(zr, Address(start, count));
            712 __ subs(count, count, 1);
            713 __ br(Assembler::HS, L_loop);
            714 }

            I checked X86 and Sparc port, they both use signed compare with zero here.

            Patch was generated from the the latest jdk9 hs-comp repo:

        diff -r 7f42e988b083 src/cpu/aarch64/vm/stubGenerator_aarch64.cpp
        --- a/src/cpu/aarch64/vm/stubGenerator_aarch64.cpp Thu Jun 02 17:52:42 2016 +0000
        +++ b/src/cpu/aarch64/vm/stubGenerator_aarch64.cpp Mon Jun 06 13:51:51 2016 +0800
        @@ -710,7 +710,7 @@
                   __ BIND(L_loop);
                   __ strb(zr, Address(start, count));
                   __ subs(count, count, 1);
        - __ br(Assembler::HS, L_loop);
        + __ br(Assembler::GE, L_loop);
                 }
                 break;
               default:
        "

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                enevill Ed Nevill
                Reporter:
                enevill Ed Nevill
                Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved: