47 } |
47 } |
48 #endif // ASSERT |
48 #endif // ASSERT |
49 |
49 |
50 bool frame::safe_for_sender(JavaThread *thread) { |
50 bool frame::safe_for_sender(JavaThread *thread) { |
51 bool safe = false; |
51 bool safe = false; |
52 address cursp = (address)sp(); |
52 address sp = (address)_sp; |
53 address curfp = (address)fp(); |
53 address fp = (address)_fp; |
54 if ((cursp != NULL && curfp != NULL && |
54 address unextended_sp = (address)_unextended_sp; |
55 (cursp <= thread->stack_base() && cursp >= thread->stack_base() - thread->stack_size())) && |
55 |
56 (curfp <= thread->stack_base() && curfp >= thread->stack_base() - thread->stack_size())) { |
56 // Consider stack guards when trying to determine "safe" stack pointers |
57 safe = true; |
57 static size_t stack_guard_size = os::uses_stack_guard_pages() ? |
58 } |
58 JavaThread::stack_red_zone_size() + JavaThread::stack_yellow_reserved_zone_size() : 0; |
59 return safe; |
59 size_t usable_stack_size = thread->stack_size() - stack_guard_size; |
|
60 |
|
61 // sp must be within the usable part of the stack (not in guards) |
|
62 bool sp_safe = (sp < thread->stack_base()) && |
|
63 (sp >= thread->stack_base() - usable_stack_size); |
|
64 |
|
65 |
|
66 if (!sp_safe) { |
|
67 return false; |
|
68 } |
|
69 |
|
70 // Unextended sp must be within the stack and above or equal sp |
|
71 bool unextended_sp_safe = (unextended_sp < thread->stack_base()) && (unextended_sp >= sp); |
|
72 |
|
73 if (!unextended_sp_safe) { |
|
74 return false; |
|
75 } |
|
76 |
|
77 // An fp must be within the stack and above (but not equal) sp. |
|
78 bool fp_safe = (fp <= thread->stack_base()) && (fp > sp); |
|
79 // an interpreter fp must be within the stack and above (but not equal) sp |
|
80 bool fp_interp_safe = (fp <= thread->stack_base()) && (fp > sp) && |
|
81 ((fp - sp) >= (ijava_state_size + top_ijava_frame_abi_size)); |
|
82 |
|
83 // We know sp/unextended_sp are safe, only fp is questionable here |
|
84 |
|
85 // If the current frame is known to the code cache then we can attempt to |
|
86 // to construct the sender and do some validation of it. This goes a long way |
|
87 // toward eliminating issues when we get in frame construction code |
|
88 |
|
89 if (_cb != NULL ){ |
|
90 // Entry frame checks |
|
91 if (is_entry_frame()) { |
|
92 // An entry frame must have a valid fp. |
|
93 return fp_safe && is_entry_frame_valid(thread); |
|
94 } |
|
95 |
|
96 // Now check if the frame is complete and the test is |
|
97 // reliable. Unfortunately we can only check frame completeness for |
|
98 // runtime stubs and nmethods. Other generic buffer blobs are more |
|
99 // problematic so we just assume they are OK. Adapter blobs never have a |
|
100 // complete frame and are never OK |
|
101 if (!_cb->is_frame_complete_at(_pc)) { |
|
102 if (_cb->is_compiled() || _cb->is_adapter_blob() || _cb->is_runtime_stub()) { |
|
103 return false; |
|
104 } |
|
105 } |
|
106 |
|
107 // Could just be some random pointer within the codeBlob. |
|
108 if (!_cb->code_contains(_pc)) { |
|
109 return false; |
|
110 } |
|
111 |
|
112 if (is_interpreted_frame() && !fp_interp_safe) { |
|
113 return false; |
|
114 } |
|
115 |
|
116 abi_minframe* sender_abi = (abi_minframe*) fp; |
|
117 intptr_t* sender_sp = (intptr_t*) fp; |
|
118 address sender_pc = (address) sender_abi->lr;; |
|
119 |
|
120 // We must always be able to find a recognizable pc. |
|
121 CodeBlob* sender_blob = CodeCache::find_blob_unsafe(sender_pc); |
|
122 if (sender_blob == NULL) { |
|
123 return false; |
|
124 } |
|
125 |
|
126 // Could be a zombie method |
|
127 if (sender_blob->is_zombie() || sender_blob->is_unloaded()) { |
|
128 return false; |
|
129 } |
|
130 |
|
131 // It should be safe to construct the sender though it might not be valid. |
|
132 |
|
133 frame sender(sender_sp, sender_pc); |
|
134 |
|
135 // Do we have a valid fp? |
|
136 address sender_fp = (address) sender.fp(); |
|
137 |
|
138 // sender_fp must be within the stack and above (but not |
|
139 // equal) current frame's fp. |
|
140 if (sender_fp > thread->stack_base() || sender_fp <= fp) { |
|
141 return false; |
|
142 } |
|
143 |
|
144 // If the potential sender is the interpreter then we can do some more checking. |
|
145 if (Interpreter::contains(sender_pc)) { |
|
146 return sender.is_interpreted_frame_valid(thread); |
|
147 } |
|
148 |
|
149 // Could just be some random pointer within the codeBlob. |
|
150 if (!sender.cb()->code_contains(sender_pc)) { |
|
151 return false; |
|
152 } |
|
153 |
|
154 // We should never be able to see an adapter if the current frame is something from code cache. |
|
155 if (sender_blob->is_adapter_blob()) { |
|
156 return false; |
|
157 } |
|
158 |
|
159 if (sender.is_entry_frame()) { |
|
160 return sender.is_entry_frame_valid(thread); |
|
161 } |
|
162 |
|
163 // Frame size is always greater than zero. If the sender frame size is zero or less, |
|
164 // something is really weird and we better give up. |
|
165 if (sender_blob->frame_size() <= 0) { |
|
166 return false; |
|
167 } |
|
168 |
|
169 return true; |
|
170 } |
|
171 |
|
172 // Must be native-compiled frame. Since sender will try and use fp to find |
|
173 // linkages it must be safe |
|
174 |
|
175 if (!fp_safe) { |
|
176 return false; |
|
177 } |
|
178 |
|
179 return true; |
60 } |
180 } |
61 |
181 |
62 bool frame::is_interpreted_frame() const { |
182 bool frame::is_interpreted_frame() const { |
63 return Interpreter::contains(pc()); |
183 return Interpreter::contains(pc()); |
64 } |
184 } |