JVMPI RequestEvent shall check the input argument before dereferencing it as
an oop.
VM crashes when dereferencing a bad pointer as an oop. We ran into this problem
when running hprof with different test cases, including:
- specjbb
- DrawIMGPerf (see 4414956)
- SwingSet2 (see 4414956, 4423831)
Jean has identified a fix while she were testing specjbb with hprof.
------- jvmpi.cpp -------
2269a2271,2277
> {
> oop obj = (oop)arg;
> if (obj == NULL ||
> (!obj->is_instance() && !obj->is_array() && !obj->is_klass())) {
> return JVMPI_NOT_AVAILABLE;
> }
> }
With this fix (without the hprof fix for 4423831),
java -Xrunhprof -cp SwingSet2.jar:. SwingSet2 still fails.
Since obj is non-null and has correct alignment, we are able to dereference
obj and get the value of _mark and _klass field. VM will crash if _klass
is a bad pointer and so it fails to get blueprint().
We shall work on a better way (complete way if possible) to detect if
the input argument is a bad pointer to dereference.
The agent could also request event for an unloaded class or freed object.
The input argument might be a valid heap pointer. If the freed memory has been
reused for new oop, then it's okay to continue. The agent should have
received OBJECT_ALLOC event for that new oop.
We need a way to catch if the input argument points to a beginning of a valid oop. Note that the memory could have been reused for something else or
part of an oop.
an oop.
VM crashes when dereferencing a bad pointer as an oop. We ran into this problem
when running hprof with different test cases, including:
- specjbb
- DrawIMGPerf (see 4414956)
- SwingSet2 (see 4414956, 4423831)
Jean has identified a fix while she were testing specjbb with hprof.
------- jvmpi.cpp -------
2269a2271,2277
> {
> oop obj = (oop)arg;
> if (obj == NULL ||
> (!obj->is_instance() && !obj->is_array() && !obj->is_klass())) {
> return JVMPI_NOT_AVAILABLE;
> }
> }
With this fix (without the hprof fix for 4423831),
java -Xrunhprof -cp SwingSet2.jar:. SwingSet2 still fails.
Since obj is non-null and has correct alignment, we are able to dereference
obj and get the value of _mark and _klass field. VM will crash if _klass
is a bad pointer and so it fails to get blueprint().
We shall work on a better way (complete way if possible) to detect if
the input argument is a bad pointer to dereference.
The agent could also request event for an unloaded class or freed object.
The input argument might be a valid heap pointer. If the freed memory has been
reused for new oop, then it's okay to continue. The agent should have
received OBJECT_ALLOC event for that new oop.
We need a way to catch if the input argument points to a beginning of a valid oop. Note that the memory could have been reused for something else or
part of an oop.
- relates to
-
JDK-4414956 Hotspot crashes running DrawIMGPerf with hprof on Solaris
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-