[PATCH] Fix SIGSEGV in cp_to_object_index on arm-sflt fastdebug builds

David Holmes david.holmes at oracle.com
Mon Dec 10 21:54:04 UTC 2018 

Hi Jakub,

This needs to be checked and fixed in mainline jdk/jdk first, and then a 
backport request made for 11u.

Thanks,
David

On 11/12/2018 3:10 am, Jakub Vaněk wrote:
> Hi all,
> 
> I have recently tried to compile OpenJDK 11 with debugging symbols
> enabled. The compilation succeeded, but the resulting Arm binary was
> crashing everywhere - on QEMU-user, QEMU-system and on the real
> hardware too. Any action triggered the crash - even java --version or
> java --help. This is what I have found:
> 
> * Something calls InterpreterRuntime::resolve_ldc.
> * When ASSERT is enabled, this function calls
> ConstantPool::cp_to_object_index on costants() of the calling bytecode
> method.
> * This function calls this->reference_map() to get access to some
> cache.
> 
> The problematic thing is that cp_to_object_index doesn't check if the
> returned pointer is not NULL. For some reason, the calling (bytecode?)
> method has constants()->_cache->_reference_map set to NULL. This causes
> a segmentation fault when the function tries to find the specified
> cp_index in that map.
> 
> To fix this problem, I added a null check to cp_to_object_index. If the
> returned map is null, _no_index_sentinel is returned. However I'm only
> guessing that this is the right thing to do. I'm basing my guess on
> what is returned when the index wasn't found in an existing map.
> 
> I don't know the reason why the reference map is null, if it is
> expected or if it is also a bug. This patch however fixes the issue and
> makes it possible again to debug HotSpot using gdb on arm-sflt.
> 
> I have not tested if the same issue is present in JDK12 as well (i.e.
> if _reference_map is still being set to NULL), but the null check is
> still missing.
> 
> Thanks,
> 
> Jakub
> 
> # HG changeset patch
> # User Jakub Vaněk <linuxtardis at gmail.com>
> # Date 1544311444 -3600
> #      Sun Dec 09 00:24:04 2018 +0100
> # Node ID 87425963180285bfee8170afa07fb3989abeb1a1
> # Parent  f94276ccc9fc9d6c5b00cf9bafa77d708e9c2e6b
> Fix crash on arm-sflt debug builds
> 
> diff --git a/src/hotspot/share/oops/constantPool.cpp b/src/hotspot/share/oops/constantPool.cpp
> --- a/src/hotspot/share/oops/constantPool.cpp
> +++ b/src/hotspot/share/oops/constantPool.cpp
> @@ -406,8 +406,12 @@
>   }
>   
>   int ConstantPool::cp_to_object_index(int cp_index) {
> +  Array<u2> *map = reference_map();
> +  if (map == NULL)
> +    return _no_index_sentinel;
> +
>     // this is harder don't do this so much.
> -  int i = reference_map()->find(cp_index);
> +  int i = map->find(cp_index);
>     // We might not find the index for jsr292 call.
>     return (i < 0) ? _no_index_sentinel : i;
>   }
>

More information about the hotspot-runtime-dev mailing list