| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2208534 | 7 | Igor Veresov | P3 | Closed | Fixed | b137 |
On Jun 24, 2010, at 7:27 AM, Salter, Thomas A wrote:
I recently managed to get hotspot to generate a RIP-relative address for a location that was more than 2**32 bytes away. The displacement simply got truncated and stored as a 32-bit offset.
This was the offending machine code (taken from a Windows dump):
00000000706A7734 85 05 C6 88 31 8F test dword ptr [0FFFFFFFFFF9C0000h],eax
00000000706A773A C3 ret
After much searching I determined the code originated in c1_LIRAssembler_x86.cpp
// NOTE: the requires that the polling page be reachable else the reloc
// goes to the movq that loads the address and not the faulting instruction
// which breaks the signal handler code
__ test32(rax, polling_page);
__ ret(0);
That code is only used when running client. I think it's actually this code from x86_64.ad:
enc_class enc_safepoint_poll
%{
// testl %rax, off(%rip) // Opcode + ModRM + Disp32 == 6 bytes
// XXX reg_mem doesn't support RIP-relative addressing yet
cbuf.set_inst_mark();
cbuf.relocate(cbuf.inst_mark(), relocInfo::poll_type, 0); // XXX
emit_opcode(cbuf, 0x85); // testl
emit_rm(cbuf, 0x0, RAX_enc, 0x5); // 00 rax 101 == 0x5
// cbuf.inst_mark() is beginning of instruction
emit_d32_reloc(cbuf, os::get_polling_page());
// relocInfo::poll_type,
%}
This version doesn't check reachable and it probably should. Actually for c2 we should just have a poll variant that forces the value into a register if it's not reachable.
I recently managed to get hotspot to generate a RIP-relative address for a location that was more than 2**32 bytes away. The displacement simply got truncated and stored as a 32-bit offset.
This was the offending machine code (taken from a Windows dump):
00000000706A7734 85 05 C6 88 31 8F test dword ptr [0FFFFFFFFFF9C0000h],eax
00000000706A773A C3 ret
After much searching I determined the code originated in c1_LIRAssembler_x86.cpp
// NOTE: the requires that the polling page be reachable else the reloc
// goes to the movq that loads the address and not the faulting instruction
// which breaks the signal handler code
__ test32(rax, polling_page);
__ ret(0);
That code is only used when running client. I think it's actually this code from x86_64.ad:
enc_class enc_safepoint_poll
%{
// testl %rax, off(%rip) // Opcode + ModRM + Disp32 == 6 bytes
// XXX reg_mem doesn't support RIP-relative addressing yet
cbuf.set_inst_mark();
cbuf.relocate(cbuf.inst_mark(), relocInfo::poll_type, 0); // XXX
emit_opcode(cbuf, 0x85); // testl
emit_rm(cbuf, 0x0, RAX_enc, 0x5); // 00 rax 101 == 0x5
// cbuf.inst_mark() is beginning of instruction
emit_d32_reloc(cbuf, os::get_polling_page());
// relocInfo::poll_type,
%}
This version doesn't check reachable and it probably should. Actually for c2 we should just have a poll variant that forces the value into a register if it's not reachable.
- backported by
-
JDK-2208534 c2 should ensure the polling page is reachable on 64 bit
-
- Closed
-
- relates to
-
JDK-7157141 crash in 64 bit with corrupted oops
-
- Closed
-