Request for reviews (S): 6998985: faulty generic arraycopy on windows x86_64: 4th arg overwritten with oop
christian.thalinger at oracle.com
Wed Dec 1 04:30:07 PST 2010
On Nov 18, 2010, at 5:12 PM, Christian Thalinger wrote:
> JPRT found a bug. I have to look what goes wrong. -- Christian
The changes of the previous webrev revealed a pre-existing bug in generic_arraycopy. When the arrays to be copied are object arrays with a different element class, generic_arraycopy dispatches to checkcast_copy_entry to do the copying. Since checkcast_copy is a normal method to be called from JIT code, generic_arraycopy needs to set up the arguments for checkcast_copy.
On Win64 the 5th argument is passed on the stack, that is the destination array element class for checkcast_copy and the element count for generic_arraycopy which is an int.
generic_arraycopy stores the destination array element class into the stack slot of the 5th argument overwriting the integer argument with a class pointer and that results in IndexOutOfBoundsExceptions.
The fix is to change the checkcast_copy_entry point and setup the argument registers before dispatching to that entry.
Tested with runThese and a full JPRT run.
More information about the hotspot-compiler-dev