Bug in Jitter
Godmar Back
gback at cs.utah.edu
Tue Jul 7 02:20:08 PDT 1998
Hi, I modified Laurent's test case somewhat and found a bug in the jitter
that I don't know how to fix. Basically, the jitter forgets to save
a register, then a null pointer exception happens, the exception is
caught, but the register contents are unavailable. The register in
question happens to contain the return address for a RET instruction.
I suspect the proper fix would be to ensure that all live registers are
written to memory whenever an exception, including a null pointer exception,
may occur.
- Godmar
Here is the example:
---- begin of ft.java ----
import java.io.*;
public class ft {
public static void main(String[] args) {
new ft();
}
public ft() {
System.out.println(tryfinally());
}
public String tryfinally()
{
String yuck = null;
try {
return "I can handle that";
}
finally {
try {
/* this triggers a null pointer exception */
String x = yuck.toLowerCase();
}
/* the exception is caught, and we should return from the finally
* clause. Kaffe's jitter loses local register 4 in which the ret addr
* is kept.
*/
catch (Exception e) {}
}
}
}
---- end of ft.java ----
The bytecode looks like this:
Method java.lang.String tryfinally()
0 aconst_null
1 astore_1
2 ldc #1 <String "I can handle that">
4 astore_2
5 jsr 16
8 aload_2
9 areturn
10 astore_3
11 jsr 16
14 aload_3
15 athrow
16 astore 4
18 aload_1
19 invokevirtual #12 <Method java.lang.String toLowerCase()>
22 pop
23 goto 27
26 pop
27 ret 4
Exception table:
from to target type
2 10 10 any
18 23 26 <Class java.lang.Exception>
Here is what Kaffe jits - I only show the part starting from instruction 16:
Note that there are five locals, with offsets -84, -80, -76, -72, and -68.
Local register four has offset -68. The top of the stack has offset -64.
# astore 4
8e: movl -64(ebp),ebx # that's the ASTORE 4 instruction
90: movl ebx,esi # the value of local register 4 is now in esi
#
# if an exception happens now, the exception handler (instruction 26/27)
# will look for local register 4 in -68(ebp) -- but we haven't written it
# there!
#
# aload_1
96: movl -80(ebp),edi
98: movl edi,ebx
# invokevirtual <Method java.lang.String toLowerCase()>
9a: movl (ebx),eax # here, a null pointer exception is triggered.
a0: movl 156(eax),ecx # it is caught at instruction 26
a2: pushl ebx
a8: movl esi,-68(ebp) # esi is written to the stack, but it's too late
ae: movl eax,-56(ebp)
b0: call ecx
b6: addl 4,esp
# pop
# goto 27
bb: jmpl ?
# pop
# exception handler prologue
c9: movl ebp,esp
c9: subl #?,esp
c9: subl #3*SLOTSIZE,esp
# ret 4
cf: movl -68(ebp),edx # we look for the value of local reg 4
d1: jmp (edx) # in -68(ebp), but it was never written there
More information about the kaffe
mailing list