8173151: Code heap corruption due to incorrect inclusion test
Change inclusion test to use CodeBlob::code_begin() for AOT methods and start of CodeBlob otherwise. Added regression test. Reviewed-by: thartmann, dlong, kvn
This commit is contained in:
parent
7b93ee904b
commit
ecee7fc84b
@ -240,6 +240,11 @@ public:
|
|||||||
assert(result == CodeHeap::contains(p), "");
|
assert(result == CodeHeap::contains(p), "");
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool contains_blob(const CodeBlob* blob) const {
|
||||||
|
return CodeHeap::contains(blob->code_begin());
|
||||||
|
}
|
||||||
|
|
||||||
AOTCompiledMethod* find_aot(address p) const;
|
AOTCompiledMethod* find_aot(address p) const;
|
||||||
|
|
||||||
virtual void* find_start(void* p) const;
|
virtual void* find_start(void* p) const;
|
||||||
|
@ -417,7 +417,7 @@ void CodeCache::add_heap(ReservedSpace rs, const char* name, int code_blob_type)
|
|||||||
CodeHeap* CodeCache::get_code_heap(const CodeBlob* cb) {
|
CodeHeap* CodeCache::get_code_heap(const CodeBlob* cb) {
|
||||||
assert(cb != NULL, "CodeBlob is null");
|
assert(cb != NULL, "CodeBlob is null");
|
||||||
FOR_ALL_HEAPS(heap) {
|
FOR_ALL_HEAPS(heap) {
|
||||||
if ((*heap)->contains(cb->code_begin())) {
|
if ((*heap)->contains_blob(cb)) {
|
||||||
return *heap;
|
return *heap;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -304,11 +304,10 @@ template <class T, class Filter> class CodeBlobIterator : public StackObj {
|
|||||||
// If set to NULL, initialized by first call to next()
|
// If set to NULL, initialized by first call to next()
|
||||||
_code_blob = (CodeBlob*)nm;
|
_code_blob = (CodeBlob*)nm;
|
||||||
if (nm != NULL) {
|
if (nm != NULL) {
|
||||||
address start = nm->code_begin();
|
while(!(*_heap)->contains_blob(_code_blob)) {
|
||||||
while(!(*_heap)->contains(start)) {
|
|
||||||
++_heap;
|
++_heap;
|
||||||
}
|
}
|
||||||
assert((*_heap)->contains(start), "match not found");
|
assert((*_heap)->contains_blob(_code_blob), "match not found");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -190,6 +190,10 @@ void* CodeHeap::allocate(size_t instance_size) {
|
|||||||
if (block != NULL) {
|
if (block != NULL) {
|
||||||
assert(block->length() >= number_of_segments && block->length() < number_of_segments + CodeCacheMinBlockLength, "sanity check");
|
assert(block->length() >= number_of_segments && block->length() < number_of_segments + CodeCacheMinBlockLength, "sanity check");
|
||||||
assert(!block->free(), "must be marked free");
|
assert(!block->free(), "must be marked free");
|
||||||
|
guarantee((char*) block >= _memory.low_boundary() && (char*) block < _memory.high(),
|
||||||
|
"The newly allocated block " INTPTR_FORMAT " is not within the heap "
|
||||||
|
"starting with " INTPTR_FORMAT " and ending with " INTPTR_FORMAT,
|
||||||
|
p2i(block), p2i(_memory.low_boundary()), p2i(_memory.high()));
|
||||||
DEBUG_ONLY(memset((void*)block->allocated_space(), badCodeHeapNewVal, instance_size));
|
DEBUG_ONLY(memset((void*)block->allocated_space(), badCodeHeapNewVal, instance_size));
|
||||||
_max_allocated_capacity = MAX2(_max_allocated_capacity, allocated_capacity());
|
_max_allocated_capacity = MAX2(_max_allocated_capacity, allocated_capacity());
|
||||||
_blob_count++;
|
_blob_count++;
|
||||||
@ -204,6 +208,10 @@ void* CodeHeap::allocate(size_t instance_size) {
|
|||||||
HeapBlock* b = block_at(_next_segment);
|
HeapBlock* b = block_at(_next_segment);
|
||||||
b->initialize(number_of_segments);
|
b->initialize(number_of_segments);
|
||||||
_next_segment += number_of_segments;
|
_next_segment += number_of_segments;
|
||||||
|
guarantee((char*) b >= _memory.low_boundary() && (char*) block < _memory.high(),
|
||||||
|
"The newly allocated block " INTPTR_FORMAT " is not within the heap "
|
||||||
|
"starting with " INTPTR_FORMAT " and ending with " INTPTR_FORMAT,
|
||||||
|
p2i(b), p2i(_memory.low_boundary()), p2i(_memory.high()));
|
||||||
DEBUG_ONLY(memset((void *)b->allocated_space(), badCodeHeapNewVal, instance_size));
|
DEBUG_ONLY(memset((void *)b->allocated_space(), badCodeHeapNewVal, instance_size));
|
||||||
_max_allocated_capacity = MAX2(_max_allocated_capacity, allocated_capacity());
|
_max_allocated_capacity = MAX2(_max_allocated_capacity, allocated_capacity());
|
||||||
_blob_count++;
|
_blob_count++;
|
||||||
@ -219,6 +227,10 @@ void CodeHeap::deallocate(void* p) {
|
|||||||
// Find start of HeapBlock
|
// Find start of HeapBlock
|
||||||
HeapBlock* b = (((HeapBlock *)p) - 1);
|
HeapBlock* b = (((HeapBlock *)p) - 1);
|
||||||
assert(b->allocated_space() == p, "sanity check");
|
assert(b->allocated_space() == p, "sanity check");
|
||||||
|
guarantee((char*) b >= _memory.low_boundary() && (char*) b < _memory.high(),
|
||||||
|
"The block to be deallocated " INTPTR_FORMAT " is not within the heap "
|
||||||
|
"starting with " INTPTR_FORMAT " and ending with " INTPTR_FORMAT,
|
||||||
|
p2i(b), p2i(_memory.low_boundary()), p2i(_memory.high()));
|
||||||
DEBUG_ONLY(memset((void *)b->allocated_space(), badCodeHeapFreeVal,
|
DEBUG_ONLY(memset((void *)b->allocated_space(), badCodeHeapFreeVal,
|
||||||
segments_to_size(b->length()) - sizeof(HeapBlock)));
|
segments_to_size(b->length()) - sizeof(HeapBlock)));
|
||||||
add_to_freelist(b);
|
add_to_freelist(b);
|
||||||
|
@ -154,6 +154,8 @@ class CodeHeap : public CHeapObj<mtCode> {
|
|||||||
char* high_boundary() const { return _memory.high_boundary(); }
|
char* high_boundary() const { return _memory.high_boundary(); }
|
||||||
|
|
||||||
virtual bool contains(const void* p) const { return low_boundary() <= p && p < high(); }
|
virtual bool contains(const void* p) const { return low_boundary() <= p && p < high(); }
|
||||||
|
virtual bool contains_blob(const CodeBlob* blob) const { return low_boundary() <= (char*) blob && (char*) blob < high(); }
|
||||||
|
|
||||||
virtual void* find_start(void* p) const; // returns the block containing p or NULL
|
virtual void* find_start(void* p) const; // returns the block containing p or NULL
|
||||||
virtual CodeBlob* find_blob_unsafe(void* start) const;
|
virtual CodeBlob* find_blob_unsafe(void* start) const;
|
||||||
size_t alignment_unit() const; // alignment of any block
|
size_t alignment_unit() const; // alignment of any block
|
||||||
|
@ -3374,7 +3374,7 @@ public:
|
|||||||
"Code cache expansion size (in bytes)") \
|
"Code cache expansion size (in bytes)") \
|
||||||
range(0, max_uintx) \
|
range(0, max_uintx) \
|
||||||
\
|
\
|
||||||
develop_pd(uintx, CodeCacheMinBlockLength, \
|
diagnostic_pd(uintx, CodeCacheMinBlockLength, \
|
||||||
"Minimum number of segments in a code cache block") \
|
"Minimum number of segments in a code cache block") \
|
||||||
range(1, 100) \
|
range(1, 100) \
|
||||||
\
|
\
|
||||||
|
@ -0,0 +1,89 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
|
||||||
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||||
|
*
|
||||||
|
* This code is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License version 2 only, as
|
||||||
|
* published by the Free Software Foundation.
|
||||||
|
*
|
||||||
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
||||||
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
||||||
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* version 2 for more details (a copy is included in the LICENSE file that
|
||||||
|
* accompanied this code).
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License version
|
||||||
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
||||||
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
*
|
||||||
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
||||||
|
* or visit www.oracle.com if you need additional information or have any
|
||||||
|
* questions.
|
||||||
|
*/
|
||||||
|
|
||||||
|
/*
|
||||||
|
* @test ReturnBlobToWrongHeapTest
|
||||||
|
* @key stress
|
||||||
|
* @summary Test if VM attempts to return code blobs to an incorrect code heap or to outside of the code cache.
|
||||||
|
* @library /test/lib /
|
||||||
|
* @modules java.base/jdk.internal.misc
|
||||||
|
* java.management
|
||||||
|
*
|
||||||
|
* @build sun.hotspot.WhiteBox
|
||||||
|
* @run driver ClassFileInstaller sun.hotspot.WhiteBox
|
||||||
|
* sun.hotspot.WhiteBox$WhiteBoxPermission
|
||||||
|
* @run main/othervm -Xbootclasspath/a:. -XX:+UnlockDiagnosticVMOptions
|
||||||
|
* -XX:+WhiteBoxAPI
|
||||||
|
* -XX:CompileCommand=dontinline,compiler.codecache.stress.Helper$TestCase::method
|
||||||
|
* -XX:+SegmentedCodeCache
|
||||||
|
* -XX:ReservedCodeCacheSize=16M
|
||||||
|
* -XX:CodeCacheMinBlockLength=1
|
||||||
|
* compiler.codecache.stress.ReturnBlobToWrongHeapTest
|
||||||
|
*/
|
||||||
|
|
||||||
|
package compiler.codecache.stress;
|
||||||
|
|
||||||
|
import sun.hotspot.code.BlobType;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
|
||||||
|
public class ReturnBlobToWrongHeapTest {
|
||||||
|
private static final long largeBlobSize = Helper.WHITE_BOX.getUintxVMFlag("ReservedCodeCacheSize") >> 6;
|
||||||
|
private static final long codeCacheMinBlockLength = Helper.WHITE_BOX.getUintxVMFlag("CodeCacheMinBlockLength");
|
||||||
|
private static final BlobType[] BLOB_TYPES = BlobType.getAvailable().toArray(new BlobType[0]);
|
||||||
|
|
||||||
|
// Allocate blob in first code heap (the code heap with index 0).
|
||||||
|
private static long allocate(int size) {
|
||||||
|
return Helper.WHITE_BOX.allocateCodeBlob(size, BLOB_TYPES[0].id);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Free blob.
|
||||||
|
private static void free(long address) {
|
||||||
|
Helper.WHITE_BOX.freeCodeBlob(address);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void main(String[] args) {
|
||||||
|
if (codeCacheMinBlockLength == 1) {
|
||||||
|
// Fill first code heap with large blobs until allocation fails.
|
||||||
|
long address;
|
||||||
|
while ((address = allocate((int)largeBlobSize)) != 0) {
|
||||||
|
}
|
||||||
|
|
||||||
|
// Allocate segment-sized blocks in first code heap.
|
||||||
|
long lastSegmentSizedAddress = 0; // Address of the last segment-sized blob allocated
|
||||||
|
while ((address = allocate(0)) != 0) {
|
||||||
|
lastSegmentSizedAddress = address;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (lastSegmentSizedAddress == 0) {
|
||||||
|
throw new RuntimeException("Test failed: Not possible to allocate segment-sized blob");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Remove last segment-sized block from the first code heap.
|
||||||
|
free(lastSegmentSizedAddress);
|
||||||
|
} else {
|
||||||
|
throw new RuntimeException("Test requires CodeCacheMinBlockLength==1; CodeCacheMinBlockLength is " +
|
||||||
|
codeCacheMinBlockLength);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
Loading…
x
Reference in New Issue
Block a user