RFR(XS) 8160411: SIGSEGV in frame::safe_for_sender on incomplete DeoptimizationBlob frame
Daniel D. Daugherty
daniel.daugherty at oracle.com
Fri Oct 21 15:26:44 UTC 2016
On 10/20/16 4:47 PM, dean.long at oracle.com wrote:
> https://bugs.openjdk.java.net/browse/JDK-8160411
>
> http://cr.openjdk.java.net/~dlong/8160411/webrev/
src/cpu/aarch64/vm/frame_aarch64.cpp
No comments.
src/cpu/x86/vm/frame_x86.cpp
No comments.
Thumbs up on both new sanity checks!
Both you and Chris P are fixing bugs in the same functions.
You guys need to coordinate your merges.
Dan
>
> I have only observed this crash on solaris x64 so far, but I have
> included aarch64 in the fix since it uses similar code to x64. This
> crash happens when we call pd_get_top_frame_for_profiling() and the
> top frame is executing in the deopt stub, but hasn't finished pushing
> all the registers yet. If we add cb->frame_size() at this point, we
> can end up with a sender_sp that is past the stack base. The fix is
> to add a range check for sender_sp before using it.
>
> Tested by hand on linux x64 by forcing a SEGV in the deopt stub, then
> calling pd_get_top_frame_for_profiling() and safe_for_sender() in the
> signal handler.
>
> dl
>
>
More information about the hotspot-dev
mailing list