RFR: 8290780: AArch64: Crash in c2 nmethod running RunThese30M.java
Andrew Dinn
adinn at openjdk.org
Fri Jul 22 14:48:57 UTC 2022
On Fri, 22 Jul 2022 13:50:28 GMT, Andrew Haley <aph at openjdk.org> wrote:
> Fix that masks the offsets used when adrp() is passed an unreachable destination. This reloc allows e.g. `adrp; movk; ldr` to access anywhere in the address space.
>
>
> # SIGSEGV (0xb) at pc=0x0000ffff55964edc, pid=2843096, tid=2850366
> #
> # JRE version: Java(TM) SE Runtime Environment (20.0+7) (fastdebug build 20-ea+7-377)
> # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 20-ea+7-377, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
> # Problematic frame:
> # J 91101 c2 java.io.ObjectOutputStream.enableReplaceObject(Z)Z java.base at 20-ea (47 bytes) @ 0x0000ffff55964edc [0x0000ffff55964e80+0x000000000000005c]
src/hotspot/cpu/aarch64/macroAssembler_aarch64.cpp line 342:
> 340: static int adrpMovk_impl(address insn_addr, address &target) {
> 341: Instruction_aarch64::patch(insn_addr + sizeof (uint32_t), 20, 5, (uintptr_t)target >> 32);
> 342: uintptr_t dest = (dest & 0xffffffffULL) | (uintptr_t(insn_addr) & 0xffff00000000ULL);
This does not look right. `dest` is not defined on the rhs of this expression.
-------------
PR: https://git.openjdk.org/jdk/pull/9615
More information about the hotspot-dev
mailing list