Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8167200

AArch64: Broken stack pointer adjustment in interpreter

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: P4
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 9
    • Component/s: hotspot
    • Labels:
      None
    • Subcomponent:
    • Resolved In Build:
      b143
    • CPU:
      aarch64

      Activity

      Hide
      aph Andrew Haley added a comment -
      This is a thinko in the template interpreter.

      AArch64 has two stack pointers: the system SP and the expression SP. The expression SP must always point to an address greater than or equal to the system SP.

      When we allocate a new monitor in the interpreter we move the contents of the entire operand stack and then insert a monitor beneath the operand stack. So, we need two more words (the size of a monitor). The expression SP is adjusted to allow for this, and we then do a comparison to see if the system SP needs also to be moved. This is wrong: whenever we allocate a monitor we should also adjust the system SP. The bug here is that we might decide not to allow any more space in the system stack but later push several items onto the expression stack. In this case the expression SP might be lower than the system SP, and method arguments are corrupted.

      The attached test case demonstrates this with a spurious NullPointerException or perhaps a VM crash with a segfault.
      Show
      aph Andrew Haley added a comment - This is a thinko in the template interpreter. AArch64 has two stack pointers: the system SP and the expression SP. The expression SP must always point to an address greater than or equal to the system SP. When we allocate a new monitor in the interpreter we move the contents of the entire operand stack and then insert a monitor beneath the operand stack. So, we need two more words (the size of a monitor). The expression SP is adjusted to allow for this, and we then do a comparison to see if the system SP needs also to be moved. This is wrong: whenever we allocate a monitor we should also adjust the system SP. The bug here is that we might decide not to allow any more space in the system stack but later push several items onto the expression stack. In this case the expression SP might be lower than the system SP, and method arguments are corrupted. The attached test case demonstrates this with a spurious NullPointerException or perhaps a VM crash with a segfault.
      Hide
      hgupdate HG Updates added a comment -
      URL: http://hg.openjdk.java.net/jdk9/hs/hotspot/rev/60a8cbf7030e
      User: aph
      Date: 2016-10-06 09:42:52 +0000
      Show
      hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/hs/hotspot/rev/60a8cbf7030e User: aph Date: 2016-10-06 09:42:52 +0000
      Hide
      hgupdate HG Updates added a comment -
      URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/60a8cbf7030e
      User: lana
      Date: 2016-11-03 02:17:58 +0000
      Show
      hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/60a8cbf7030e User: lana Date: 2016-11-03 02:17:58 +0000

        People

        • Assignee:
          aph Andrew Haley
          Reporter:
          aph Andrew Haley
        • Votes:
          0 Vote for this issue
          Watchers:
          2 Start watching this issue

          Dates

          • Created:
            Updated:
            Resolved: