RFR(XS): JDK-8068655 frame::safe_for_sender() computes incorrect sender_sp value for interpreted frames
frederic.parain at oracle.com
Fri Jan 30 08:48:00 UTC 2015
On 01/30/2015 05:01 AM, David Holmes wrote:
> Hi Fred,
> On 30/01/2015 1:05 AM, Frederic Parain wrote:
>> Hi Dean,
>> When unextended_sp is not specified, it is set to the sp value.
>> However, after your question, I realized that my fix was not
>> correct but worked because the is_interpreted_frame_valid() had
>> a bug too, it uses sp() where unextended_sp() should be used.
> Just wondering what the implications of this bug would be? What code
> would be wrong, how would it manifest?
The effect of this bug is that is_interpreted_frame_valid() could
return false in some cases where the frame is valid. It impacts all
assertions relying on safe_for_sender() and also profilers and JFR
which are also relying on safe_for_sender to decide if it is safe
or not to walk the stack.
In many cases, the bug doesn't show up, but of the callee method
is interpreted and has a huge number of local variables (see
test in hotspot/test/compiler/uncommontrap/TestStackBangMonitorOwned.java)
then is_interpreted_frame_valid() returns an invalid result.
>> Checking the history of these files, is_interpreted_frame_valid() has
>> been written before the distinction between raw sp and unextended sp
>> has been introduced in the frame class. Unfortunately, when
>> unextended_sp was added, is_interpreted_frame_valid() has not been
>> Here's a new webrev where safe_for_sender computes both raw_sp and
>> unextended_sp, and is_interpreted_frame_valid() checks the frame
>> size using unextended_sp instead of raw sp.
>> I also added more comments.
>> Note that I only modify one test in is_interpreted_frame_valid().
>> Use of sp() or unextended_sp() could be discussed for each test,
>> but in their current form they are wrong.
>> On 26/01/2015 20:40, Dean Long wrote:
>>> In sender_for_interpreter_frame(), we set the raw sender_sp but also
>>> unextended_sp. Should
>>> safe_for_sender() be doing the same?
>>> On 1/26/2015 6:40 AM, Frederic Parain wrote:
>>>> Please review this small fix in the frame verification code.
>>>> The bug report includes a detailed description of the issue.
Frederic Parain - Oracle
Grenoble Engineering Center - France
Phone: +33 4 76 18 81 17
Email: Frederic.Parain at oracle.com
More information about the hotspot-runtime-dev