United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6563987 api/org_ietf/jgss/GSSContext/index.html#SetGetTests: VM Crash JDK 6u2 since b03 with -server -Xcomp
JDK-6563987 : api/org_ietf/jgss/GSSContext/index.html#SetGetTests: VM Crash JDK 6u2 since b03 with -server -Xcomp

Details
Type:
Bug
Submit Date:
2007-05-31
Status:
Closed
Updated Date:
2011-03-07
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
hotspot
OS:
solaris_10
Sub-Component:
compiler
CPU:
sparc
Priority:
P1
Resolution:
Fixed
Affected Versions:
6u2
Fixed Versions:
hs10 (b14)

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
JCK            : JCK6.0 b36
J2SE           : FAIL - 6u2 b03, PASS 6u2 b02
Platform[s]    : FAIL - Solaris10-sparc
switch/Mode    : FAIL - -server -Xcomp

Test api/org_ietf/jgss/GSSContext/index.html#SetGetTests causes VM to crash on 
solaris10-sparc.

                                    

Comments
EVALUATION

New arraycopy stubs code introduced in 6498658 changes and
in additional fix 6547163 crashes in few cases.

Based on the bug report I modified the test program I added
for 6547163 so that it tests arraycopy stubs for different array
sizes ranged from 8 bytes to 80 bytes with 1 byte step.
It found 3 failed cases including the reported one:

1. After 6547163 fix for sparc aligned arraycopy stubs code will
call copy_16_bytes_forward_with_shift() when arrays are misaligned
by 4 bytes in 32-bits VM. But this method works only when length
>= 16 bytes. There is the comment before the method call:
 // The compare above (count >= 23) guarantes 'count' >= 16 bytes.

But for aligned arrays the compare is ('count' >= 12).
It causes 'count' became negative after the method call.
The loop which copy an array's tail decrements and compares
'count' with 0:
__ brx(Assembler::notZero, false, Assembler::pt, L_copy_byte_loop);
It will copy past an array until SEGV when 'count' is negative.

2. The sparc stubs for conjoint_byte_copy and conjoint_short_copy
incorrectly assumes that end of arrays are also aligned
when arrays itself are aligned. It cases SIGBUS when ldx/stx
instruction is executed on not aligned address of array's end.

3. Small (<4 bytes) arracopy is not executed for aligned conjoint
copy on x86 (32-bits VM) since the code is incorrectly
guarded by the !aligned check.
                                     
2007-06-01
SUGGESTED FIX

Solution:
1. Use the same arraycopy short length check for aligned and unaligned copy.
2. Always align end of arrays for conjoint arraycopy.
3. Remove the incorrect !aligned check for aligned conjoint copy on x86.

Added the regression test to check arraycopy for different array sizes.

Webrev:                 http://prt-web.sfbay.sun.com/net/prt-archiver.sfbay/data/archived_workspaces/main/c2_baseline/2007/20070604115147.kvn.6563987/workspace/webrevs/webrev-2007.06.04/index.html
                                     
2007-06-04



Hardware and Software, Engineered to Work Together