[Bug] Possible SIGSEGV in ASSERT block of InterpreterRuntime::resolve_ldc

christoph.goettschkes at microdoc.com christoph.goettschkes at microdoc.com
Tue Sep 10 10:30:33 UTC 2019 

Hello,

I found a problem in an ASSERT block in the interpreter runtime of the template
interpreter. Could someone please create a bug report for me and help me with
the webrev? I will send a patch as soon as there is a bug report and the tests
are done. Description follows below.

Thanks,
Christoph

The runtime implementation of the ldc bytecodes has an ASSERT block, which does
some sanity checks after the constant has been resolved [1]. The checks include
loading the cached reference of the loaded constant using the
ConstantPool::cp_to_object_index() method. This can fail, if the type of the
loaded constant is not a reference, but a primitive type. This can happen on
32-bit ARM softfp, since double constants are loaded using the runtime
implementation on that platform (see [2]). If no other constants have been
loaded before and there are no cached references, using the
ConstantPool::cp_to_object_index() method crashes HotSpot with a SIGSEGV.
This is the backtrace of a slowdebug build:

#0  0x762f8886 in Array<unsigned short>::length (this=0x0) at src/hotspot/share/oops/array.hpp:106
#1  0x764a1e48 in Array<unsigned short>::index_of (this=0x0, x=@0x761bc9ee: 2) at src/hotspot/share/oops/array.hpp:111
#2  0x764a1b16 in Array<unsigned short>::find (this=0x0, x=@0x761bc9ee: 2) at src/hotspot/share/oops/array.hpp:123
#3  0x7649a7d8 in ConstantPool::cp_to_object_index (this=0x647df840, cp_index=2) at src/hotspot/share/oops/constantPool.cpp:418
#4  0x765e53e6 in InterpreterRuntime::resolve_ldc (thread=0x76017400, bytecode=Bytecodes::_ldc2_w) at src/hotspot/share/interpreter/interpreterRuntime.cpp:205
#5  0x73e5c804 in ?? ()

Sample application:

class Test {
    public static void main(String... args) {
        double x = 4.2;
    }
}

[1] http://hg.openjdk.java.net/jdk/jdk/file/3fee0e6b54f5/src/hotspot/share/interpreter/interpreterRuntime.cpp#l199
[2] http://hg.openjdk.java.net/jdk/jdk/file/3fee0e6b54f5/src/hotspot/cpu/arm/templateTable_arm.cpp#l475

More information about the hotspot-runtime-dev mailing list