Java Solaris Communities Sun Store Join SDN My Profile Why Join?
» search tips 
Sun Developer Network
Developers Home > Products & Technologies > Java Technology > Community > Bug Database >
Join SDNWhy Join
 
Bug Database
Bug Detail
Quick Lists
Top 25 Bugs
Top 25 RFE's
Recently Closed Bugs
Printable Page Printable Page


Bug Database
Welcome
 
»  Login
»  Report a Bug
»  FAQs
  Bug Watch List:
» Watch this Bug with its releases
 Bug Votes:
 This bug is Closed.You cannot Vote for it.
Bug ID: 4701709
Votes 0
Synopsis in sparc.ad, missing annul bit in enc_String_Compare causes SEGV
Category hotspot:machine_description
Reported Against hopper-beta
Release Fixed 1.3.1_05, 1.4.0_03(Bug ID:2055582) , 1.4.1(hopper-rc) (Bug ID:2055583)
State 10-Fix Delivered, bug
Priority: 3-Medium
Related Bugs
Submit Date 13-JUN-2002
Description 




Below is part of the enc_String_Compare implementation
from file src/cpu/sparc/vm/sparc.ad .
The branch instruction marked with "set annul" comment
needs to have the annul bit set.  The code is shown
after applying the fix, which is to have the
second argument to br() be true.

 Without the annul bit, the delay slot fetch marked
"SEGV here" can execute a fetch one character past
the end of the "chr1" character array .  If the
chr1 character array is at the end of a memory space
and the next virtual address page is not committed,
a SEGV can result.

    // Compare the rest of the characters
    __ lduh(tmp1_reg, limit_reg, chr1_reg);
    __ bind(Lloop);
    // __ lduh(tmp1_reg, limit_reg, chr1_reg); // hoisted
    __ lduh(tmp2_reg, limit_reg, chr2_reg);
    __ subcc(chr1_reg, chr2_reg, chr1_reg);
    __ br(Assembler::notZero, false, Assembler::pt, Ldone);
    assert(chr1_reg == result_reg, "result must be pre-placed");
    __ delayed()->inccc(limit_reg, sizeof(jchar));
    __ br(Assembler::notZero, true, Assembler::pt, Lloop);  // set annul, gemstone fix 27662
    __ delayed()->lduh(tmp1_reg, limit_reg, chr1_reg); // hoisted  // SEGV here

This problem exists in src/cpu/sparc/vm/sparc.ad
for all of these J2SE versions :
  1.3.1.03
  1.4.0.01
  1.4.1 beta b14

I have not checked 1.2.x sources.
(Review ID: 153413) 
======================================================================
Work Around 




Disable compilation of any methods that would inline compareTo from
java.lang.String
======================================================================
Evaluation 
  xxxxx@xxxxx   2002-06-13

    delayed()->lduh() after a backward branch can access memory after the 
end of the data structure when the loop has finished, possibly causing a SEGV.
Discovered in enc_String_Compare.

  xxxxx@xxxxx   2002-06-14

Fix putback to c2_baseline (mantis)

-----
  xxxxx@xxxxx   2002-07-12

Fix is approved for putback to hopper-rc.
Comments
  
  Include a link with my name & email   

Submitted On 24-JUN-2002
manu4ever 
We've had a production server crash due to this bug. Are you seriously not fixing it until next February? 
Would "exclude String compareTo" in .hotspot_compiler have the required effect?



PLEASE NOTE: JDK6 is formerly known as Project Mustang





About Sun  |  About This Site  |  Newsletters  |  Contact Us  |  Employment
How to Buy  |  Licensing  |  Terms of Use  |  Privacy  |  Trademarks
 

 
Copyright 1994-2008 Sun Microsystems, Inc.
A Sun Developer Network Site

Unless otherwise licensed, code in all technical manuals herein (including articles, FAQs, samples) is provided under this License.
 
XML Content Feeds