RFR(XS) 8160411: SIGSEGV in frame::safe_for_sender on incomplete DeoptimizationBlob frame
dean.long at oracle.com
dean.long at oracle.com
Thu Oct 20 22:47:39 UTC 2016
https://bugs.openjdk.java.net/browse/JDK-8160411
http://cr.openjdk.java.net/~dlong/8160411/webrev/
I have only observed this crash on solaris x64 so far, but I have
included aarch64 in the fix since it uses similar code to x64. This
crash happens when we call pd_get_top_frame_for_profiling() and the top
frame is executing in the deopt stub, but hasn't finished pushing all
the registers yet. If we add cb->frame_size() at this point, we can end
up with a sender_sp that is past the stack base. The fix is to add a
range check for sender_sp before using it.
Tested by hand on linux x64 by forcing a SEGV in the deopt stub, then
calling pd_get_top_frame_for_profiling() and safe_for_sender() in the
signal handler.
dl
More information about the hotspot-dev
mailing list