2009/4/15 Arthur Huillet <[email protected]>: > I managed to trigger a segfault in fix_invoke when running the following > program : > http://rafb.net/p/fT6n2f27.html > (duplicated below) > > > > + public static int getone() { > + return 1; > + } > + > + public static void testIntegerBigExpression() { > + int a; > + > + a = ((((((1 + getone())+(1 + getone()))+((1 + getone())+(1 + > getone())))+(((1 + getone())+(1 + getone()))+((1 + getone())+(1 + getone())))) > +((((1 + getone())+(1 + getone()))+((1 + getone())+(1 + getone())))+(((1 + > getone())+(1 + getone()))+((1 + getone())+(1 + getone())))))+(((((1 + > getone()) > +(1 + getone()))+((1 + getone())+(1 + getone())))+(((1 + getone())+(1 + getone > ()))+((1 + getone())+(1 + getone()))))+((((1 + getone())+(1 + getone()))+((1 + > getone())+(1 + getone())))+(((1 + getone())+(1 + getone()))+((1 + getone())+(1 > + getone())))))); + > + assertEquals(64, a); > + } > + > public static void main(String[] args) { > testIntegerAddition(); > testIntegerAdditionOverflow(); > @@ -241,6 +253,7 @@ public class IntegerArithmeticTest extends TestCase { > testIntegerBitwiseAnd(); > testIntegerBitwiseExclusiveOr(); > testIntegerIncrementLocalByConstant(); > + testIntegerBigExpression(); > > Runtime.getRuntime().halt(retval); > }
The segfault in fixup_invoke is caused by a memory corruption (the 'next' pointer of trampoline.fixup_site_list gets overwritten) originated in __get_spill_slot() (stack-slot.c:74), below is the responsible snippet: slot = &frame->spill_slots[frame->nr_spill_slots]; slot->index = frame->nr_local_slots + frame->nr_spill_slots; frame->nr_spill_slots exceeds the bounds of frame->spill_slots, so assignment to slot->index causes memory corruption. The crash does not happen if MAX_SPILL_SLOTS is increased to 132. The solution for that is to dynamically allocate spill slots as there's no upper limit for them. -- Tomek Grabiec ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Jatovm-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jatovm-devel
