[PATCH] Fix SIGSEGV in cp_to_object_index on arm-sflt fastdebug builds

Jakub Vaněk linuxtardis at gmail.com
Mon Dec 10 17:10:05 UTC 2018 

Hi all,

I have recently tried to compile OpenJDK 11 with debugging symbols
enabled. The compilation succeeded, but the resulting Arm binary was
crashing everywhere - on QEMU-user, QEMU-system and on the real
hardware too. Any action triggered the crash - even java --version or
java --help. This is what I have found:

* Something calls InterpreterRuntime::resolve_ldc.
* When ASSERT is enabled, this function calls
ConstantPool::cp_to_object_index on costants() of the calling bytecode
method.
* This function calls this->reference_map() to get access to some
cache.

The problematic thing is that cp_to_object_index doesn't check if the
returned pointer is not NULL. For some reason, the calling (bytecode?)
method has constants()->_cache->_reference_map set to NULL. This causes
a segmentation fault when the function tries to find the specified
cp_index in that map.

To fix this problem, I added a null check to cp_to_object_index. If the
returned map is null, _no_index_sentinel is returned. However I'm only
guessing that this is the right thing to do. I'm basing my guess on
what is returned when the index wasn't found in an existing map.

I don't know the reason why the reference map is null, if it is
expected or if it is also a bug. This patch however fixes the issue and
makes it possible again to debug HotSpot using gdb on arm-sflt.

I have not tested if the same issue is present in JDK12 as well (i.e.
if _reference_map is still being set to NULL), but the null check is
still missing.

Thanks,

Jakub

# HG changeset patch
# User Jakub Vaněk <linuxtardis at gmail.com>
# Date 1544311444 -3600
#      Sun Dec 09 00:24:04 2018 +0100
# Node ID 87425963180285bfee8170afa07fb3989abeb1a1
# Parent  f94276ccc9fc9d6c5b00cf9bafa77d708e9c2e6b
Fix crash on arm-sflt debug builds

diff --git a/src/hotspot/share/oops/constantPool.cpp b/src/hotspot/share/oops/constantPool.cpp
--- a/src/hotspot/share/oops/constantPool.cpp
+++ b/src/hotspot/share/oops/constantPool.cpp
@@ -406,8 +406,12 @@
 }
 
 int ConstantPool::cp_to_object_index(int cp_index) {
+  Array<u2> *map = reference_map();
+  if (map == NULL)
+    return _no_index_sentinel;
+
   // this is harder don't do this so much.
-  int i = reference_map()->find(cp_index);
+  int i = map->find(cp_index);
   // We might not find the index for jsr292 call.
   return (i < 0) ? _no_index_sentinel : i;
 }

More information about the hotspot-runtime-dev mailing list