JDK-6859338 : amd64 native unverified entry point pushes values before implicit null check
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: hs16
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_9
  • CPU: sparc
  • Submitted: 2009-07-10
  • Updated: 2010-04-02
  • Resolved: 2009-07-29
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u18Fixed 7Fixed hs16Fixed
Description
This a version of the report for 6789226 which was found with 64-bit client.  Server is exposed to the same problem but it's harder to trigger because of other optimizations.

Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/fe95187e8882
27-07-2009

EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/fe95187e8882
14-07-2009

SUGGESTED FIX diff --git a/src/cpu/x86/vm/sharedRuntime_x86_64.cpp b/src/cpu/x86/vm/sharedRuntime_x86_64.cpp --- a/src/cpu/x86/vm/sharedRuntime_x86_64.cpp +++ b/src/cpu/x86/vm/sharedRuntime_x86_64.cpp @@ -1308,16 +1308,13 @@ nmethod *SharedRuntime::generate_native_ Label exception_pending; __ verify_oop(receiver); - __ push(tmp); // spill (any other registers free here???) - __ load_klass(tmp, receiver); - __ cmpq(ic_reg, tmp); + __ load_klass(rscratch1, receiver); + __ cmpq(ic_reg, rscratch1); __ jcc(Assembler::equal, ok); - __ pop(tmp); __ jump(RuntimeAddress(SharedRuntime::get_ic_miss_stub())); __ bind(ok); - __ pop(tmp); // Verified entry point must be aligned __ align(8);
10-07-2009

EVALUATION From the evaluation of 6789226: The crash with javasoft.sqe.tests.api.java.awt.Image.ComponentSampleModel.ConstructorTest2 is a hotspot 64 bit x86 c1 bug. A compiled method calls a native method that uses a compiled entry point. The call is an IC call. First thing on method entry: do the IC check. The code allocates a new tmp register with a push/pop sequence for this check. When the receiver is NULL the IC check acts as an implicit null check (triggers a SEGV that the runtime will catch and convert to a null pointer exception). But the tmp register allocation changes the stack layout and that's not expected by the runtime when it throws the exception. Will report the failure to HS. The fix is to use rscratch1 as a tmp instead.
10-07-2009