sablevm-bugs Mailing List for SableVM (Page 5)
Brought to you by:
egagnon
Menu
▾
▴
sablevm-bugs — SableVM bugs mailing list
You can subscribe to this list here.
| 2000 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
(2) |
Nov
(4) |
Dec
(8) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2001 |
Jan
(1) |
Feb
|
Mar
|
Apr
|
May
(7) |
Jun
(5) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(16) |
Sep
(10) |
Oct
|
Nov
(2) |
Dec
(7) |
| 2003 |
Jan
(14) |
Feb
(11) |
Mar
(59) |
Apr
(3) |
May
(1) |
Jun
(7) |
Jul
(8) |
Aug
(2) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2004 |
Jan
|
Feb
|
Mar
(26) |
Apr
|
May
|
Jun
(1) |
Jul
(12) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
|
From: SourceForge.net <no...@so...> - 2003-03-16 00:11:47
|
Bugs item #704301, was opened at 2003-03-15 17:52 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=704301&group_id=5523 Category: Execution Problem Group: SableVM >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Etienne M. Gagnon (egagnon) Assigned to: Etienne M. Gagnon (egagnon) Summary: Interface methods missing from abstact class virtual table Initial Comment: Using the attached Test.java example, running sablevm gives: $ sablevm -Y Test Segmentation fault $ ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=704301&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-15 22:40:23
|
Bugs item #704301, was opened at 2003-03-15 17:52 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=704301&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Etienne M. Gagnon (egagnon) Assigned to: Etienne M. Gagnon (egagnon) Summary: Interface methods missing from abstact class virtual table Initial Comment: Using the attached Test.java example, running sablevm gives: $ sablevm -Y Test Segmentation fault $ ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=704301&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:19
|
Bugs item #692638, was opened at 2003-02-24 20:08 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=692638&group_id=5523 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: David Bélanger (davidbelanger) >Assigned to: Etienne M. Gagnon (egagnon) Summary: bug jni getFieldID and others Initial Comment: Hi, I'm not a JNI expert but from what I understand GetFieldID (file: native_interface.m4.c) should return NULL on error and then the programmer knows he/she should check for any exception raised. However, it does not always return NULL on error because of this conditional: if (field == NULL || _svmf_is_set_flag (field->access_flags, SVM_ACC_STATIC)) { _svmf_error_NoSuchFieldError (env); goto end; } Field may be non-null and the 2nd expr may be true. So a non-null field id is returned. Suggested fix: if (field == NULL || _svmf_is_set_flag (field->access_flags, SVM_ACC_STATIC)) { _svmf_error_NoSuchFieldError (env); + field = NULL; goto end; } Functions affected: Get{Field,Method}ID GetStatic{Field,Method}ID and maybe others David ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=692638&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:19
|
Bugs item #694790, was opened at 2003-02-27 20:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=694790&group_id=5523 Category: Execution Problem Group: SablePath Status: Open Resolution: None Priority: 5 Submitted By: Daniel Bonniot (bonniot) >Assigned to: Etienne M. Gagnon (egagnon) Summary: Incorrect NullPointerException in java.io.File.listFiles Initial Comment: The following code fails at runtime, while it works with Sun's java 1.3 and gij. The code just tries to list the files in an empty, but existing directory: import java.io.*; class Bug { public static void main(String[] args) { File f = new File("/tmp/Empty"); f.listFiles(); } } Make sure /tmp/Empty is an existing, empty directory. $ javac Bug.java $ java Bug $ sablevm Bug SableVM version 1.0.6 Copyright (C) 2000-2002 Etienne M. Gagnon <eti...@uq...> and others. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. To get the name of all copyright holders and detailed license information, type "sablevm --license" or look in the directory "/usr/share/sablevm". The SableVM web site is located at http://www.sablevm.org/ . java.lang.NullPointerException at java.io.File.listFiles(File.java:1289) at java.io.File.listFiles(File.java:1259) at Bug.main(Bug.java:8) at java.lang.VirtualMachine.invokeMain(VirtualMachine.java) at java.lang.VirtualMachine.main(VirtualMachine.java:88) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=694790&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:18
|
Bugs item #688788, was opened at 2003-02-18 12:51 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=688788&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: Assertion failure in prepare_code.c Initial Comment: I'm trying to use Soot with SableVM 1.0.5 and getting an assertion failure. Here is my test program: ----------------------------------------- import soot.*; import soot.jimple.*; import java.util.*; public class x { public static void main(String[] args) throws Exception { SootClass c = Scene.v().loadClassAndSupport("java.lang.String"); c.setApplicationClass(); for (Iterator i = c.methodIterator(); i.hasNext(); ) { SootMethod m = (SootMethod)i.next(); Body body = (JimpleBody)m.retrieveActiveBody(); Scene.v().getPack("jtp").apply(body); Scene.v().getPack("jop").apply(body); } } } ------------------------------------------ Note that the "java.lang.String" class that is being processed is the one that comes with SableVM. Other classes process OK but this one seems to cause problems.. perhaps there is some bytecode sequence that SableVM can't handle or is invalid? Here is the failure: $ sablevm x assertion "instruction->stack_and_local_map->stack_size >= 0" failed: file "prepare_code.c", line 1088 Abort(core dumped) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=688788&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:18
|
Bugs item #679970, was opened at 2003-02-03 21:27 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=679970&group_id=5523 Category: Configuration Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: MessageDigest.getInstance() fails Initial Comment: MessageDigest.getInstance("MD5") fails. There are two things that need to be fixed for this to work. (1) The file "resource/java/security/classpath.security" in the Classpath distribution needs to be installed into the /usr/local/lib/sablevm/lib/security directory during installation. I suspect there are other properties files that also need to be installed. (2) SableVM needs to define some default values for certain well-known System properties, such as "java.home", etc. See: http://java.sun.com/j2se/1.4/docs/api/java/lang/System.html#getProperties() for a list of these properties. Attached s a simple test program (stolen from kaffe). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=679970&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #677672, was opened at 2003-01-30 14:17 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=677672&group_id=5523 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: VM does not check for array alloc overflow Initial Comment: Here is the bug: $ cat ArrayOverflow.java public class ArrayOverflow { public static void main(String[] args) { double[] array = new double[0x20000000]; array[0x1000000] = 1.0; } } $ sablevm ArrayOverflow sablevm: INTERNAL ERROR (source file "error.c", line 86): unexpected segmentation fault Abort(core dumped) The problem is that when allocating the array, SableVM does not check for 32 bit overflow. In this example, the array length fits within 32 bits but the array length multiplied by the size of each array element does not. As a result, the total size overflows (to zero!) and a zero length array is allocated. SableVM should verify that the total array size does not overflow a "size_t" variable (SIZE_T_MAX). ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-03-03 12:32 Message: Logged In: YES user_id=99943 System.arraycopy() has a similar bug. I suspect there are other places where array bounds don't check that off + length > 0. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=677672&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #668113, was opened at 2003-01-14 15:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668113&group_id=5523 Category: Other Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: _svmt_interned_string is unused Initial Comment: It doesn't appear that the '_svmt_interned_string' type is used anywhere. Can it be removed? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668113&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #668271, was opened at 2003-01-14 21:16 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668271&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) >Summary: vm->threads.array is one entry too short Initial Comment: The vm->threads.array array is allocated with SVM_MAX_THREAD_ID entries. in the array. However, it's possible for entry #SVM_MAX_THREAD_ID to be used (see Java_java_lang_Thread_nativeStart). Entry zero is not used of course. So SVM_MAX_THREAD_ID + 1 entries should be allocated instead. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668271&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #668112, was opened at 2003-01-14 15:24 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668112&group_id=5523 Category: Other Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: _svmt_bootstrap_classloader_struct.current_class_file Initial Comment: It seems like the 'current_class_file' field of the 'struct _svmt_bootstrap_classloader_struct' structure is unnecessary, as it's only used in _svmf_bootcl_derive_class(), and there's no way that this function can be called recursively with 'current_class_file' non-empty, so it could be replaced with a local variable in that function. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668112&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #668111, was opened at 2003-01-14 15:22 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668111&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: Threads are leaked Initial Comment: When a thread exits, the memory associated with the thread is not freed. In addition, the thread is not put back on the free threads list associated with the VM. So the thread and its associated memory is leaked. In addition, the finalize() method is not overridden in java.lang.Thread. Guess that would be the logical place to free the memory and/or add the thread to the free list. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=668111&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #663270, was opened at 2003-01-06 14:16 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=663270&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: [jni: fatal error (Local reference capacity exceeded)] Initial Comment: I'm trying to run an application that uses Soot. If I try to process too many classfiles at once, I get this error plus a core dump: [jni: fatal error (Local reference capacity exceeded)] This makes SableVM suddenly look like a "toy" Java VM when we know it's really better than that :-) SableVM should handle this situation more gracefully, even if it means an 'escape' mechanism that's slower than normal or whatever. ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-02-20 13:02 Message: Logged In: YES user_id=99943 Actually, a simpler way to fix this than using EnsureCapacity() is to use DeleteLocalRef() after assigning each parameter in the array. DeleteLocalRef() is already unimplemented. See attached patch. ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-02-15 21:02 Message: Logged In: YES user_id=99943 I think the 'correct' way to fix this is: - Implement the JNI method EnsureCapacity() - In sablevm.c, call (*env)->EnsureCapacity() to guarantee there will be at least as many local native references available as there are parameters to main(). ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-01-11 20:30 Message: Logged In: YES user_id=99943 Note: this happens if you give Sablevm more than 12 arguments on the command line. For example: $ sablevm 1 2 3 4 5 6 7 8 9 10 11 12 13 [jni: fatal error (Local reference capacity exceeded)] This seems like a real bug, rather than an JNI limitation or Classpath screwup.. (?) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=663270&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:17
|
Bugs item #660598, was opened at 2002-12-31 22:20 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=660598&group_id=5523 Category: Execution Problem Group: SablePath Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) >Summary: String.getBytes("UTF8") is broken Initial Comment: There is a bug in the class gnu/java/io/encode/Encoder.java. If a String has a non-zero offset into its char[] array then things get screwey. The attached file UTF8.java demonstrates the bug. It generates this output: $ sablevm UTF8 bytes.length=20 bytes: 61 62 63 64 31 32 33 34 0 0 0 0 0 0 0 0 0 0 0 0 Other possibilities include the first byte being zero (!). ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-01-01 21:03 Message: Logged In: YES user_id=99943 Previous patch is incomplete, new patch added. I've also submitted this bug to the classpath.org bug db. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=660598&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:16
|
Bugs item #653551, was opened at 2002-12-13 20:27 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653551&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: assertion failure running soot-1.2.4 Initial Comment: I can consistently reproduce an assertion faiulre with SableVM 1.0.5. This happens on both FreeBSD and Linux. You must use the debug version of SableVM to get the assertion failure (obviously), othewise you get a SEGV core dump or other weird error. Environment: soot-1.2.4 classes are in the classpath. Contents of ~/.sablevm are attached. Also, two class files are attached, along with source files. jikes-1.15 was used to generate them. Here's the failure: $ sablevm-debug --verbose-gc soot.Main --jimple Test [verbose gc: allocating fixed size heap (2 * 16777216 bytes)] Soot started on Fri Dec 13 17:21:16 GMT-08:00 2002 [verbose gc: previously allocated 16765808 bytes, surviving 3822924 bytes, new heap is 16777216 bytes, gc time = 0 sec 87391 usec] [verbose gc: previously allocated 16767540 bytes, surviving 6648540 bytes, new heap is 16777216 bytes, gc time = 0 sec 133278 usec] Transforming Test... sablevm-debug: util2.c:161: _svmf_is_assignable_from: Assertion `T != ((void *)0)' failed. Abort I've also gotten these assertion failures instead: sablevm-debug: instructions_switch.c:15982: _svmf_interpreter: Assertion `_svmf_is_assignable_from (env, instance->vtable->type, _svmf_cast_type_class (method->class_info))' failed. sablevm: INTERNAL ERROR (source file "error.c", line 170): unhandled segmentation fault It appears that memory is being corrupted somehow. ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2002-12-16 18:20 Message: Logged In: YES user_id=99943 Here is a much simpler way I've found to reproduce this problem. Just compile and run this program: public class Bar { public static void main(String[] args) { new soot.jimple.internal.JimpleLocalBox(null).setValue(null); } } ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653551&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:15
|
Bugs item #653460, was opened at 2002-12-13 16:10 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653460&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) >Summary: propery "sablevm.stack.size.max" ignored Initial Comment: There is no check for a thread's stack growing beyond the value set by the sablevm.stack.size.max property. See attached patch. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653460&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:15
|
Bugs item #653360, was opened at 2002-12-13 12:45 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653360&group_id=5523 Category: Configuration Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: --enable-debug should comple w/ symbols Initial Comment: Enhancement request: The --enable-debugging configuration option should do two more things besides what it already does: (a) Add the '-g' flag to all gcc compilations so that symbols are included with all objects (b) Remove the '-s' flag from all 'install' commands so that symbols are not stripped when the libraries and binaries are installed Having symbols included makes debugging a lot easier :-) Thanks. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=653360&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:14
|
Bugs item #652416, was opened at 2002-12-11 20:21 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=652416&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) >Assigned to: Etienne M. Gagnon (egagnon) Summary: Minor optimization for new object alloc. Initial Comment: Why not this patch? memset() is often a lot faster than loops, as the compiler may know how to optimize specially for it... if so this patch should speed up every new object allocation. --- src/libsablevm/gc_copying.c.orig Tue Dec 10 11:51:13 2002 +++ src/libsablevm/gc_copying.c Tue Dec 10 11:51:34 2002 @@ -1054,14 +1054,7 @@ return JNI_ERR; } - { - size_t i; - - for (i = 0; i < instance_size; i++) - { - ((char *) result)[i] = 0; - } - } + memset(result, 0, instance_size); *pinstance = result; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=652416&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-09 05:07:14
|
Bugs item #651250, was opened at 2002-12-09 22:21 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=651250&group_id=5523 Category: Execution Problem Group: SablePath Status: Open Resolution: None Priority: 5 Submitted By: Nobody/Anonymous (nobody) >Assigned to: Etienne M. Gagnon (egagnon) Summary: Bug in LineNumberReader.java Initial Comment: I was trying to run an app and got an exception that looked like this: java.io.IOException: Pushback buffer is full at java.io.PushbackReader.unread(PushbackReader.java:319) at java.io.LineNumberReader.read(LineNumberReader.java:246) ... This appears to be a bug in LineNumberReader.java, which the patch below seems to fix. --- work/sablevm-class-library-1.0.5/src/java/io/LineNumberReader.java.orig Mon Dec 9 19:12:35 2002 +++ work/sablevm-class-library-1.0.5/src/java/io/LineNumberReader.java Mon Dec 9 19:12:02 2002 @@ -115,7 +115,7 @@ public LineNumberReader(Reader in, int size) { - super(new PushbackReader(in), size); + super(in, size); } /*************************************************************************/ @@ -243,7 +243,7 @@ int extra_char_read = super.read(); if ((extra_char_read != '\n') && (extra_char_read != -1)) - ((PushbackReader)in).unread(extra_char_read); + pos--; char_read = '\n'; ++line_number; ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=651250&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-03-03 17:22:36
|
Bugs item #677672, was opened at 2003-01-30 11:17 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=677672&group_id=5523 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) Assigned to: Nobody/Anonymous (nobody) Summary: VM does not check for array alloc overflow Initial Comment: Here is the bug: $ cat ArrayOverflow.java public class ArrayOverflow { public static void main(String[] args) { double[] array = new double[0x20000000]; array[0x1000000] = 1.0; } } $ sablevm ArrayOverflow sablevm: INTERNAL ERROR (source file "error.c", line 86): unexpected segmentation fault Abort(core dumped) The problem is that when allocating the array, SableVM does not check for 32 bit overflow. In this example, the array length fits within 32 bits but the array length multiplied by the size of each array element does not. As a result, the total size overflows (to zero!) and a zero length array is allocated. SableVM should verify that the total array size does not overflow a "size_t" variable (SIZE_T_MAX). ---------------------------------------------------------------------- >Comment By: Archie Cobbs (archiecobbs) Date: 2003-03-03 09:32 Message: Logged In: YES user_id=99943 System.arraycopy() has a similar bug. I suspect there are other places where array bounds don't check that off + length > 0. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=677672&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-28 04:55:40
|
Bugs item #693916, was opened at 2003-02-26 16:38 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=693916&group_id=5523 Category: Other Group: SableVM >Status: Closed >Resolution: Rejected Priority: 5 Submitted By: David Bélanger (davidbelanger) >Assigned to: Etienne M. Gagnon (egagnon) Summary: dead code? Initial Comment: File: global_alloc.m4.c See code at end. Unless nmemb can be negative, size will never be smaller than nmemb. So, if (size < nmemb) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } in the code below will never be executed. static jint _svmh_gzmalloc_instruction_preparation (_svmt_JNIEnv *env, size_t nmemb, _svmt_instruction_preparation ** ptr) { _svmt_instruction_preparation *tmp; size_t size = nmemb * sizeof (_svmt_instruction_preparation); if (size < nmemb) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } tmp = _svmf_calloc (1, size); if (tmp == NULL) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } *ptr = tmp; return JNI_OK; } David ---------------------------------------------------------------------- >Comment By: Etienne M. Gagnon (egagnon) Date: 2003-02-28 00:04 Message: Logged In: YES user_id=15365 The test if (size < nmemb) is used to detect overflow. This is because the C language does not provide an exception mechanism to detect overflow on integer multiplication. As we are dealing with unsigned members, the product will be smaller than nmemb on overflow. Now, is this likely to happen? No, but unless we make a formal proof that nmemb will never grow large enough to cause problesm, we need to keep the check (for security purposes). Etienne ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=693916&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-28 01:06:13
|
Bugs item #694790, was opened at 2003-02-28 02:15 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=694790&group_id=5523 Category: Execution Problem Group: SablePath Status: Open Resolution: None Priority: 5 Submitted By: Daniel Bonniot (bonniot) Assigned to: Nobody/Anonymous (nobody) Summary: Incorrect NullPointerException in java.io.File.listFiles Initial Comment: The following code fails at runtime, while it works with Sun's java 1.3 and gij. The code just tries to list the files in an empty, but existing directory: import java.io.*; class Bug { public static void main(String[] args) { File f = new File("/tmp/Empty"); f.listFiles(); } } Make sure /tmp/Empty is an existing, empty directory. $ javac Bug.java $ java Bug $ sablevm Bug SableVM version 1.0.6 Copyright (C) 2000-2002 Etienne M. Gagnon <eti...@uq...> and others. All rights reserved. This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions. To get the name of all copyright holders and detailed license information, type "sablevm --license" or look in the directory "/usr/share/sablevm". The SableVM web site is located at http://www.sablevm.org/ . java.lang.NullPointerException at java.io.File.listFiles(File.java:1289) at java.io.File.listFiles(File.java:1259) at Bug.main(Bug.java:8) at java.lang.VirtualMachine.invokeMain(VirtualMachine.java) at java.lang.VirtualMachine.main(VirtualMachine.java:88) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=694790&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-26 21:29:16
|
Bugs item #693916, was opened at 2003-02-26 16:38 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=693916&group_id=5523 Category: Other Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: David Bélanger (davidbelanger) Assigned to: Nobody/Anonymous (nobody) Summary: dead code? Initial Comment: File: global_alloc.m4.c See code at end. Unless nmemb can be negative, size will never be smaller than nmemb. So, if (size < nmemb) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } in the code below will never be executed. static jint _svmh_gzmalloc_instruction_preparation (_svmt_JNIEnv *env, size_t nmemb, _svmt_instruction_preparation ** ptr) { _svmt_instruction_preparation *tmp; size_t size = nmemb * sizeof (_svmt_instruction_preparation); if (size < nmemb) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } tmp = _svmf_calloc (1, size); if (tmp == NULL) { _svmf_error_OutOfMemoryError (env); return JNI_ERR; } *ptr = tmp; return JNI_OK; } David ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=693916&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-25 05:05:51
|
Bugs item #688936, was opened at 2003-02-18 14:22 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=688936&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Etienne M. Gagnon (egagnon) Assigned to: Etienne M. Gagnon (egagnon) Summary: Missing call to _svmf_set_current_env Initial Comment: While starting a new thread (in _svmf_thread_start), _svmf_set_current_env should be called to store the _svmt_JNIEnv pointer in the a thread-specific global variable. As it stands, now, when a signal handler is activated on any thread other than the main thread, SableVM aborts complaining about an unhandled signal in error.c line 170. ---------------------------------------------------------------------- Comment By: Chris Pickett (ihatemcgill) Date: 2003-02-25 00:14 Message: Logged In: YES user_id=630752 Suggested fix: change _svmf_thread_start in thread.c from containing: env->thread.pthread = pthread_self (); _svmm_invoke_static_virtualmachine_runthread (env); to env->thread.pthread = pthread_self (); + _svmf_set_current_env (env); _svmm_invoke_static_virtualmachine_runthread (env); This needs testing. The point is to fix multiprocessor support but I can't currently get SableVM working on a multiprocessor. P.S. My id / general online alias is just an old stand-by from when I was an undergraduate at McGill in biochemistry ;) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=688936&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-25 00:59:07
|
Bugs item #692638, was opened at 2003-02-24 20:08 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=692638&group_id=5523 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: David Bélanger (davidbelanger) Assigned to: Nobody/Anonymous (nobody) Summary: bug jni getFieldID and others Initial Comment: Hi, I'm not a JNI expert but from what I understand GetFieldID (file: native_interface.m4.c) should return NULL on error and then the programmer knows he/she should check for any exception raised. However, it does not always return NULL on error because of this conditional: if (field == NULL || _svmf_is_set_flag (field->access_flags, SVM_ACC_STATIC)) { _svmf_error_NoSuchFieldError (env); goto end; } Field may be non-null and the 2nd expr may be true. So a non-null field id is returned. Suggested fix: if (field == NULL || _svmf_is_set_flag (field->access_flags, SVM_ACC_STATIC)) { _svmf_error_NoSuchFieldError (env); + field = NULL; goto end; } Functions affected: Get{Field,Method}ID GetStatic{Field,Method}ID and maybe others David ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=692638&group_id=5523 |
|
From: SourceForge.net <no...@so...> - 2003-02-20 17:53:48
|
Bugs item #663270, was opened at 2003-01-06 11:16 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=663270&group_id=5523 Category: Execution Problem Group: SableVM Status: Open Resolution: None Priority: 5 Submitted By: Archie Cobbs (archiecobbs) Assigned to: Nobody/Anonymous (nobody) Summary: [jni: fatal error (Local reference capacity exceeded)] Initial Comment: I'm trying to run an application that uses Soot. If I try to process too many classfiles at once, I get this error plus a core dump: [jni: fatal error (Local reference capacity exceeded)] This makes SableVM suddenly look like a "toy" Java VM when we know it's really better than that :-) SableVM should handle this situation more gracefully, even if it means an 'escape' mechanism that's slower than normal or whatever. ---------------------------------------------------------------------- >Comment By: Archie Cobbs (archiecobbs) Date: 2003-02-20 10:02 Message: Logged In: YES user_id=99943 Actually, a simpler way to fix this than using EnsureCapacity() is to use DeleteLocalRef() after assigning each parameter in the array. DeleteLocalRef() is already unimplemented. See attached patch. ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-02-15 18:02 Message: Logged In: YES user_id=99943 I think the 'correct' way to fix this is: - Implement the JNI method EnsureCapacity() - In sablevm.c, call (*env)->EnsureCapacity() to guarantee there will be at least as many local native references available as there are parameters to main(). ---------------------------------------------------------------------- Comment By: Archie Cobbs (archiecobbs) Date: 2003-01-11 17:30 Message: Logged In: YES user_id=99943 Note: this happens if you give Sablevm more than 12 arguments on the command line. For example: $ sablevm 1 2 3 4 5 6 7 8 9 10 11 12 13 [jni: fatal error (Local reference capacity exceeded)] This seems like a real bug, rather than an JNI limitation or Classpath screwup.. (?) ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=105523&aid=663270&group_id=5523 |
