RFR: JDK-8160354: uninitialized value warning and VM crash are occurred with GCC 6
Kim Barrett
kim.barrett at oracle.com
Mon Jun 27 22:12:23 UTC 2016
> On Jun 27, 2016, at 10:29 AM, Yasumasa Suenaga <yasuenag at gmail.com> wrote:
>
> Hi all,
>
> This review request relates to JDK-8160310: HotSpot cannot be built with GCC 6 .
>
> I encountered 2 compiler warnings and 2 VM crashes when I compiled OpenJDK 9 with
> GCC 6 on Fedora 24 x64.
> I think these error should be fixed.
>
> I uploaded webrev.
> Could you review it?
>
> http://cr.openjdk.java.net/~ysuenaga/JDK-8160354/webrev.00/
------------------------------------------------------------------------------
src/share/vm/c1/c1_Instruction.hpp
The problems here are similar to those JDK-8160357, e.g. casting
uninitialized memory to a pointer to class type and treating it as
such, without having first called the constructor. That's undefined
behavior.
The workaround is to use -fno-lifetime-dse when building with gcc 6.
The code to do that seems to have been broken though.
------------------------------------------------------------------------------
src/cpu/x86/vm/assembler_x86.cpp
191 RelocationHolder rspec = (disp_reloc == relocInfo::none)
192 ? RelocationHolder::none
193 : rspec = Relocation::spec_simple(disp_reloc);
I have no idea what is being attempted by this change, but I really
doubt this is correct. The precedence of ?: is higher than the
precedence of =.
I think I see what might be going wrong with the original code.
RelocationHolder has a _relocbuf member, which is really just storage
for a Relocation object. The constructors for RelocationHolder are
both problematic, but the no-arg constructor is the one at fault here.
RelocationHolder::RelocationHolder() {
new(*this) Relocation();
}
This is constructing a different object over the current, which is
undefined behavior, so gcc 6 is perhaps eliding it, leading to the
failure. What this should actually be doing is using the start of the
_relocbuf member as the placement new location.
I suspect this is another case that would have been suppressed by the
missing gcc6-specific build options.
For the record, the other constructor is
RelocationHolder::RelocationHolder(Relocation* r) {
// wordwise copy from r (ok if it copies garbage after r)
for (int i = 0; i < _relocbuf_size; i++) {
_relocbuf[i] = ((void**)r)[i];
}
}
and that comment is just wrong, since the actual object could have
been allocated close to the end of accessible memory, with a read
beyond its real end potentially resulting in some kind of memory
fault.
I filed a bug for the RelocationHolder constructors:
https://bugs.openjdk.java.net/browse/JDK-8160404
------------------------------------------------------------------------------
src/share/vm/code/relocInfo.hpp
495 void* _relocbuf[ _relocbuf_size ] = {0};
I'm not sure why this might be needed, but I don't think this is valid
C++98 code. I think this is actually using a C++14 feature.
More information about the hotspot-dev
mailing list