RFR: 8321509: False positive in get_trampoline fast path causes crash
Dean Long
dlong at openjdk.org
Tue Jun 25 06:39:11 UTC 2024
On Wed, 19 Jun 2024 19:15:08 GMT, Dean Long <dlong at openjdk.org> wrote:
> 8321509: False positive in get_trampoline fast path causes crash
AArch64 binds some trampoline call-sites early, thanks to its is_always_within_branch_range() check. This allows a false positive match with a trampoline stub during code buffer expansion in rare situations. To fix this, this PR makes the following changes:
1. Do not call get_trampoline() in Relocation::pd_call_destination or pd_set_call_destination, as they use the destination cannot be trusted during fixup.
2. Restrict NativeCall::get_trampoline() to only operate on nmethods, not CodeBuffers (or BufferBlob)
3. Fixup trampoline stub "owners" (call sites) as late as possible, in new trampoline_stub_Relocation::pd_fix_owner_after_move(), and only if destination is an nmethod.
4. Avoid calling NativeCall::set_destination_mt_safe() during CodeBuffer fixup, which allows assert_lock to also go away
5. Detect self-calls in NativeCall::destination() to avoid unnecessary call to find_blob()
6. Add NativeCall fast paths for pd_call_destination/pd_set_call_destination
-------------
PR Comment: https://git.openjdk.org/jdk/pull/19796#issuecomment-2188094970
More information about the hotspot-compiler-dev
mailing list