JDK-6397754 : Missing check in implicit null code path for C1
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 5.0
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2006-03-13
  • Updated: 2010-05-09
  • Resolved: 2006-05-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0u8 b01Fixed
Description
###@###.### discovered a bug in the implicit null handling path rewritten in 5.0 under 4826722. In the case where a monomorphic inline cache call site in C1-generated code dispatching to an interpreted method through the ientries gets a null receiver, the SEGV will be taken in the ientries code and mishandled by SharedRuntime::continuation_for_implicit_exception. It turns out that we usually get lucky and consider this fault to be in the inline cache check of an nmethod, but since the code blob we're dealing with isn't an nmethod this is prone to failure at any point.

Comments
EVALUATION The fix is very small and self-contained and is similar to preexisting code for C2 handling NPEs in C2IAdapters.
21-03-2006

SUGGESTED FIX *** /tmp/geta10791 Mon Mar 13 14:39:09 2006 --- sharedRuntime.cpp Mon Mar 13 14:39:06 2006 *************** *** 436,441 **** --- 436,450 ---- } #endif // COMPILER2 + #ifdef COMPILER1 + if (!cb->is_nmethod()) { + guarantee(Runtime1::blob_for(Runtime1::interpreter_entries_id)->contains(pc), + "exception happened outside interpreter, nmethods, vtable stubs and ientries"); + // There is no handler here, so we will simply unwind. + return StubRoutines::throw_NullPointerException_at_call_entry(); + } + #endif + // Otherwise, it's an nmethod. Consult its exception handlers. nmethod* nm = (nmethod*)cb; if (nm->inlinecache_check_contains(pc)) {
13-03-2006