public inbox for java-prs@sourceware.org help / color / mirror / Atom feed
* [Bug libgcj/23367] New: _Jv_FindMethodInCache is not thread-safe @ 2005-08-12 21:09 greenrd at greenrd dot org 2005-08-12 22:04 ` [Bug libgcj/23367] " pinskia at gcc dot gnu dot org 2005-08-22 22:09 ` tromey at gcc dot gnu dot org 0 siblings, 2 replies; 7+ messages in thread From: greenrd at greenrd dot org @ 2005-08-12 21:09 UTC (permalink / raw) To: java-prs _Jv_FindMethodInCache is not thread-safe, because it assumes that the following check is enough to assure thread-safety: _Jv_mcache *mc = method_cache + index; _Jv_Method *m = mc->method; if (mc->klass == klass && m != NULL // thread safe check && _Jv_equalUtf8Consts (m->name, name) && _Jv_equalUtf8Consts (m->signature, signature)) But this is bogus! If mc has already been assigned to, m will not be null, but if it has never been assigned to, m will be null, so it's a useless check. Therefore there is no effective measure for thread safety, so it's not thread-safe. This could cause fairly arbitrary bad behaviour, including NPEs, security violations, and weird hard-to-reproduce bugs. I believe I have seen an NPE caused by this bug, because the symptoms match what would be expected from this bug, and I know of no other plausible cause for these symptoms: Method called with "this" object being of incompatible type, so the method tries to read the "this" object as if it were the expected class, and receives garbage (in this case, 0x0). -- Summary: _Jv_FindMethodInCache is not thread-safe Product: gcc Version: 4.0.2 Status: UNCONFIRMED Severity: critical Priority: P2 Component: libgcj AssignedTo: unassigned at gcc dot gnu dot org ReportedBy: greenrd at greenrd dot org CC: gcc-bugs at gcc dot gnu dot org,java-prs at gcc dot gnu dot org http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe 2005-08-12 21:09 [Bug libgcj/23367] New: _Jv_FindMethodInCache is not thread-safe greenrd at greenrd dot org @ 2005-08-12 22:04 ` pinskia at gcc dot gnu dot org 2005-08-22 22:09 ` tromey at gcc dot gnu dot org 1 sibling, 0 replies; 7+ messages in thread From: pinskia at gcc dot gnu dot org @ 2005-08-12 22:04 UTC (permalink / raw) To: java-prs -- What |Removed |Added ---------------------------------------------------------------------------- Severity|critical |normal http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe 2005-08-12 21:09 [Bug libgcj/23367] New: _Jv_FindMethodInCache is not thread-safe greenrd at greenrd dot org 2005-08-12 22:04 ` [Bug libgcj/23367] " pinskia at gcc dot gnu dot org @ 2005-08-22 22:09 ` tromey at gcc dot gnu dot org 1 sibling, 0 replies; 7+ messages in thread From: tromey at gcc dot gnu dot org @ 2005-08-22 22:09 UTC (permalink / raw) To: java-prs ------- Additional Comments From tromey at gcc dot gnu dot org 2005-08-22 22:09 ------- I have a patch to make this use TLS when it is available. I'm testing it. -- What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|unassigned at gcc dot gnu |tromey at gcc dot gnu dot |dot org |org Status|UNCONFIRMED |ASSIGNED Ever Confirmed| |1 Last reconfirmed|0000-00-00 00:00:00 |2005-08-22 22:09:02 date| | http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <20050812210922.23367.greenrd@gcc.gnu.org>]
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe [not found] <20050812210922.23367.greenrd@gcc.gnu.org> @ 2005-09-27 20:03 ` cvs-commit at gcc dot gnu dot org 2005-09-27 20:04 ` tromey at gcc dot gnu dot org ` (2 subsequent siblings) 3 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu dot org @ 2005-09-27 20:03 UTC (permalink / raw) To: java-prs ------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-09-27 20:03 ------- Subject: Bug 23367 CVSROOT: /cvs/gcc Module name: gcc Changes by: tromey@gcc.gnu.org 2005-09-27 20:03:10 Modified files: libjava : ChangeLog Makefile.in aclocal.m4 configure configure.ac libjava/gcj : Makefile.in libjava/include: Makefile.in config.h.in jvm.h libjava/java/lang: natClass.cc natThread.cc libjava/testsuite: Makefile.in Log message: PR libgcj/23367: * include/jvm.h (_Jv_FreeMethodCache): Declare. * java/lang/natClass.cc (MCACHE_SIZE): Conditional on HAVE_TLS. (struct _Jv_mcache): Likewise. (method_cache): Likewise. (_Jv_FindMethodInCache): Do nothing unless TLS is available. (_Jv_AddMethodToCache): Likewise. (_Jv_FreeMethodCache): New function. * java/lang/natThread.cc (finish_): Call _Jv_FreeMethodCache. * aclocal.m4, configure, include/config.h.in: Rebuilt. * configure.ac: Invoke GCC_CHECK_TLS. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/ChangeLog.diff?cvsroot=gcc&r1=1.3746&r2=1.3747 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/Makefile.in.diff?cvsroot=gcc&r1=1.537&r2=1.538 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/aclocal.m4.diff?cvsroot=gcc&r1=1.65&r2=1.66 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/configure.diff?cvsroot=gcc&r1=1.280&r2=1.281 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/configure.ac.diff?cvsroot=gcc&r1=1.41&r2=1.42 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/gcj/Makefile.in.diff?cvsroot=gcc&r1=1.77&r2=1.78 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/include/Makefile.in.diff?cvsroot=gcc&r1=1.82&r2=1.83 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/include/config.h.in.diff?cvsroot=gcc&r1=1.62&r2=1.63 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/include/jvm.h.diff?cvsroot=gcc&r1=1.89&r2=1.90 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/java/lang/natClass.cc.diff?cvsroot=gcc&r1=1.90&r2=1.91 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/java/lang/natThread.cc.diff?cvsroot=gcc&r1=1.31&r2=1.32 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/testsuite/Makefile.in.diff?cvsroot=gcc&r1=1.89&r2=1.90 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe [not found] <20050812210922.23367.greenrd@gcc.gnu.org> 2005-09-27 20:03 ` cvs-commit at gcc dot gnu dot org @ 2005-09-27 20:04 ` tromey at gcc dot gnu dot org 2005-09-30 21:03 ` cvs-commit at gcc dot gnu dot org 2005-09-30 21:04 ` tromey at gcc dot gnu dot org 3 siblings, 0 replies; 7+ messages in thread From: tromey at gcc dot gnu dot org @ 2005-09-27 20:04 UTC (permalink / raw) To: java-prs ------- Additional Comments From tromey at gcc dot gnu dot org 2005-09-27 20:04 ------- Fixed on trunk; waiting for 4.0 thaw to fix there. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe [not found] <20050812210922.23367.greenrd@gcc.gnu.org> 2005-09-27 20:03 ` cvs-commit at gcc dot gnu dot org 2005-09-27 20:04 ` tromey at gcc dot gnu dot org @ 2005-09-30 21:03 ` cvs-commit at gcc dot gnu dot org 2005-09-30 21:04 ` tromey at gcc dot gnu dot org 3 siblings, 0 replies; 7+ messages in thread From: cvs-commit at gcc dot gnu dot org @ 2005-09-30 21:03 UTC (permalink / raw) To: java-prs ------- Additional Comments From cvs-commit at gcc dot gnu dot org 2005-09-30 21:03 ------- Subject: Bug 23367 CVSROOT: /cvs/gcc Module name: gcc Branch: gcc-4_0-branch Changes by: tromey@gcc.gnu.org 2005-09-30 21:03:46 Modified files: libjava : ChangeLog libjava/java/lang: natClass.cc Log message: Workaround for PR libgcj/23367: * java/lang/natClass.cc (_Jv_FindMethodInCache): Disable. (_Jv_AddMethodToCache): Likewise. (method_cache): Remove. (MCACHE_SIZE): Likewise. (struct _Jv_mcache): Likewise. Patches: http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/ChangeLog.diff?cvsroot=gcc&only_with_tag=gcc-4_0-branch&r1=1.3391.2.100&r2=1.3391.2.101 http://gcc.gnu.org/cgi-bin/cvsweb.cgi/gcc/libjava/java/lang/natClass.cc.diff?cvsroot=gcc&only_with_tag=gcc-4_0-branch&r1=1.84&r2=1.84.2.1 -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
* [Bug libgcj/23367] _Jv_FindMethodInCache is not thread-safe [not found] <20050812210922.23367.greenrd@gcc.gnu.org> ` (2 preceding siblings ...) 2005-09-30 21:03 ` cvs-commit at gcc dot gnu dot org @ 2005-09-30 21:04 ` tromey at gcc dot gnu dot org 3 siblings, 0 replies; 7+ messages in thread From: tromey at gcc dot gnu dot org @ 2005-09-30 21:04 UTC (permalink / raw) To: java-prs ------- Additional Comments From tromey at gcc dot gnu dot org 2005-09-30 21:04 ------- Fix checked in. -- What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED Target Milestone|--- |4.0.3 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=23367 ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-09-30 21:04 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-08-12 21:09 [Bug libgcj/23367] New: _Jv_FindMethodInCache is not thread-safe greenrd at greenrd dot org 2005-08-12 22:04 ` [Bug libgcj/23367] " pinskia at gcc dot gnu dot org 2005-08-22 22:09 ` tromey at gcc dot gnu dot org [not found] <20050812210922.23367.greenrd@gcc.gnu.org> 2005-09-27 20:03 ` cvs-commit at gcc dot gnu dot org 2005-09-27 20:04 ` tromey at gcc dot gnu dot org 2005-09-30 21:03 ` cvs-commit at gcc dot gnu dot org 2005-09-30 21:04 ` tromey at gcc dot gnu dot org
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).