P4
From Juergen Kreileder (###@###.###):
I just lost an hour by searching for a bug in the x86-64 compiler.
Finally I checked the i486 version and it has the same problem with
+VerifyStackAtCalls.
The offending generated code (on i486) is:
,----
| 000 PUSH 0xBADB100D # Majik cookie for stack depth check
push cookie
(ESP -= 4)
| MOV [ESP+-4096],EAX # Bang stack
| MOV [ESP+-8192],EAX # Bang stack
| MOV [ESP+-12288],EAX # Bang stack
| MOV EBX,ESP # move old ESP to temp
| AND ESP,-8 # Round ESP to even
| PUSH EBX # Old ESP for EVEN alignment
push old sp
(ESP -= 4)
[This should save EBX+wordSize instead of EBX if VerifyStackAtCalls is enabled]
| SUB ESP,8 # Create frame
ESP -= 8;
| 023 MOV [ESP + #0],EBP
| MOV [ESP + #4],EDI
| 02a CALL *[EAX+compiled_code_entry_point_offset] // compiled code
| # runtime stub
| # ESI=Callers_ESI [0]=Callers_EBP [4]=Callers_EDI
| 03d MOV EBP,[ESP + #0]
| MOV EDI,[ESP + #4]
| 044 ADD ESP,12 # Destroy frame
ESP += 12 => saved sp is gone
[MachEpilogNode should only add framesize-wordSize to ESP in the
Op_StartI2C/Op_StartOSR case when VerifyStackAtCalls is enabled]
| POP ESP # Recover prior ESP
will pop the cookie instead of the saved sp (which would be off by 4 anyhow)
| 048 RET
trys to pop return address from 0xBADB100D ==> BOOM!
| 048
`----
I just lost an hour by searching for a bug in the x86-64 compiler.
Finally I checked the i486 version and it has the same problem with
+VerifyStackAtCalls.
The offending generated code (on i486) is:
,----
| 000 PUSH 0xBADB100D # Majik cookie for stack depth check
push cookie
(ESP -= 4)
| MOV [ESP+-4096],EAX # Bang stack
| MOV [ESP+-8192],EAX # Bang stack
| MOV [ESP+-12288],EAX # Bang stack
| MOV EBX,ESP # move old ESP to temp
| AND ESP,-8 # Round ESP to even
| PUSH EBX # Old ESP for EVEN alignment
push old sp
(ESP -= 4)
[This should save EBX+wordSize instead of EBX if VerifyStackAtCalls is enabled]
| SUB ESP,8 # Create frame
ESP -= 8;
| 023 MOV [ESP + #0],EBP
| MOV [ESP + #4],EDI
| 02a CALL *[EAX+compiled_code_entry_point_offset] // compiled code
| # runtime stub
| # ESI=Callers_ESI [0]=Callers_EBP [4]=Callers_EDI
| 03d MOV EBP,[ESP + #0]
| MOV EDI,[ESP + #4]
| 044 ADD ESP,12 # Destroy frame
ESP += 12 => saved sp is gone
[MachEpilogNode should only add framesize-wordSize to ESP in the
Op_StartI2C/Op_StartOSR case when VerifyStackAtCalls is enabled]
| POP ESP # Recover prior ESP
will pop the cookie instead of the saved sp (which would be off by 4 anyhow)
| 048 RET
trys to pop return address from 0xBADB100D ==> BOOM!
| 048
`----
- duplicates
-
JDK-4840318 +VerifyStackAtCalls fails to restore SP correctly
-
- Resolved
-