}
bool CanDoImplicitNullCheckOn(HInstruction* obj) const OVERRIDE {
- return (obj == InputAt(0)) && GetFieldOffset().Uint32Value() < kPageSize;
+ return (obj == InputAt(0)) && art::CanDoImplicitNullCheckOn(GetFieldOffset().Uint32Value());
}
size_t ComputeHashCode() const OVERRIDE {
}
bool CanDoImplicitNullCheckOn(HInstruction* obj) const OVERRIDE {
- return (obj == InputAt(0)) && GetFieldOffset().Uint32Value() < kPageSize;
+ return (obj == InputAt(0)) && art::CanDoImplicitNullCheckOn(GetFieldOffset().Uint32Value());
}
const FieldInfo& GetFieldInfo() const { return field_info_; }
namespace art {
-extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal();
extern "C" void art_quick_throw_stack_overflow();
extern "C" void art_quick_implicit_suspend();
*out_return_pc = (sc->arm_pc + instr_size) | 1;
}
-bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info ATTRIBUTE_UNUSED,
- void* context) {
+bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info, void* context) {
+ if (!IsValidImplicitCheck(info)) {
+ return false;
+ }
// The code that looks for the catch location needs to know the value of the
// ARM PC at the point of call. For Null checks we insert a GC map that is immediately after
// the load/store instruction that might cause the fault. However the mapping table has
uint32_t instr_size = GetInstructionSize(ptr);
sc->arm_lr = (sc->arm_pc + instr_size) | 1; // LR needs to point to gc map location
- sc->arm_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception);
+ sc->arm_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception_from_signal);
+ // Pass the faulting address as the first argument of
+ // art_quick_throw_null_pointer_exception_from_signal.
+ sc->arm_r0 = reinterpret_cast<uintptr_t>(info->si_addr);
VLOG(signals) << "Generating null pointer exception";
return true;
}
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception, artThrowNullPointerExceptionFromCode
/*
+ * Call installed by a signal handler to create and deliver a NullPointerException.
+ */
+ONE_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception_from_signal, artThrowNullPointerExceptionFromSignal
+
+ /*
* Called by managed code to create and deliver an ArithmeticException.
*/
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_div_zero, artThrowDivZeroFromCode
#include "thread-inl.h"
extern "C" void art_quick_throw_stack_overflow();
-extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal();
extern "C" void art_quick_implicit_suspend();
//
*out_return_pc = sc->pc + 4;
}
-bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info ATTRIBUTE_UNUSED,
- void* context) {
+bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info, void* context) {
+ if (!IsValidImplicitCheck(info)) {
+ return false;
+ }
// The code that looks for the catch location needs to know the value of the
// PC at the point of call. For Null checks we insert a GC map that is immediately after
// the load/store instruction that might cause the fault.
sc->regs[30] = sc->pc + 4; // LR needs to point to gc map location
- sc->pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception);
+ sc->pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception_from_signal);
+ // Pass the faulting address as the first argument of
+ // art_quick_throw_null_pointer_exception_from_signal.
+ sc->regs[0] = reinterpret_cast<uintptr_t>(info->si_addr);
VLOG(signals) << "Generating null pointer exception";
return true;
}
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception, artThrowNullPointerExceptionFromCode
/*
+ * Call installed by a signal handler to create and deliver a NullPointerException.
+ */
+ONE_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception_from_signal, artThrowNullPointerExceptionFromSignal
+
+ /*
* Called by managed code to create and deliver an ArithmeticException.
*/
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_div_zero, artThrowDivZeroFromCode
#include "thread-inl.h"
extern "C" void art_quick_throw_stack_overflow();
-extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal();
//
// Mips specific fault handler functions.
*out_return_pc = sc->sc_pc + 4;
}
-bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info ATTRIBUTE_UNUSED,
- void* context) {
+bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info, void* context) {
+ if (!IsValidImplicitCheck(info)) {
+ return false;
+ }
// The code that looks for the catch location needs to know the value of the
// PC at the point of call. For Null checks we insert a GC map that is immediately after
// the load/store instruction that might cause the fault.
struct sigcontext *sc = reinterpret_cast<struct sigcontext*>(&uc->uc_mcontext);
sc->sc_regs[31] = sc->sc_pc + 4; // RA needs to point to gc map location
- sc->sc_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception);
+ sc->sc_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception_from_signal);
sc->sc_regs[25] = sc->sc_pc; // make sure T9 points to the function
+ // Pass the faulting address as the first argument of
+ // art_quick_throw_null_pointer_exception_from_signal.
+ sc->sc_regs[0] = reinterpret_cast<uintptr_t>(info->si_addr);
VLOG(signals) << "Generating null pointer exception";
return true;
}
move $a0, rSELF # pass Thread::Current
END art_quick_throw_null_pointer_exception
+
+ /*
+ * Call installed by a signal handler to create and deliver a NullPointerException.
+ */
+ .extern artThrowNullPointerExceptionFromSignal
+ENTRY art_quick_throw_null_pointer_exception_from_signal
+ SETUP_SAVE_ALL_CALLEE_SAVE_FRAME
+ la $t9, artThrowNullPointerExceptionFromSignal
+ jalr $zero, $t9 # artThrowNullPointerExceptionFromSignal(uintptr_t, Thread*)
+ move $a1, rSELF # pass Thread::Current
+END art_quick_throw_null_pointer_exception_from_signal
+
/*
* Called by managed code to create and deliver an ArithmeticException
*/
#include "thread-inl.h"
extern "C" void art_quick_throw_stack_overflow();
-extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal();
//
// Mips64 specific fault handler functions.
*out_return_pc = sc->sc_pc + 4;
}
-bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info ATTRIBUTE_UNUSED,
- void* context) {
+bool NullPointerHandler::Action(int sig ATTRIBUTE_UNUSED, siginfo_t* info, void* context) {
+ if (!IsValidImplicitCheck(info)) {
+ return false;
+ }
+
// The code that looks for the catch location needs to know the value of the
// PC at the point of call. For Null checks we insert a GC map that is immediately after
// the load/store instruction that might cause the fault.
struct sigcontext *sc = reinterpret_cast<struct sigcontext*>(&uc->uc_mcontext);
sc->sc_regs[31] = sc->sc_pc + 4; // RA needs to point to gc map location
- sc->sc_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception);
+ sc->sc_pc = reinterpret_cast<uintptr_t>(art_quick_throw_null_pointer_exception_from_signal);
sc->sc_regs[25] = sc->sc_pc; // make sure T9 points to the function
+ // Pass the faulting address as the first argument of
+ // art_quick_throw_null_pointer_exception_from_signal.
+ sc->sc_regs[0] = reinterpret_cast<uintptr_t>(info->si_addr);
VLOG(signals) << "Generating null pointer exception";
return true;
}
END art_quick_throw_null_pointer_exception
/*
+ * Call installed by a signal handler to create and deliver a NullPointerException
+ */
+ .extern artThrowNullPointerExceptionFromSignal
+ENTRY art_quick_throw_null_pointer_exception_from_signal
+ SETUP_SAVE_ALL_CALLEE_SAVE_FRAME
+ dla $t9, artThrowNullPointerExceptionFromSignal
+ jalr $zero, $t9 # artThrowNullPointerExceptionFromSignal(uinptr_t, Thread*)
+ move $a1, rSELF # pass Thread::Current
+END art_quick_throw_null_pointer_exception
+
+ /*
* Called by managed code to create and deliver an ArithmeticException
*/
.extern artThrowDivZeroFromCode
#if defined(__APPLE__) && defined(__x86_64__)
// mac symbols have a prefix of _ on x86_64
-extern "C" void _art_quick_throw_null_pointer_exception();
+extern "C" void _art_quick_throw_null_pointer_exception_from_signal();
extern "C" void _art_quick_throw_stack_overflow();
extern "C" void _art_quick_test_suspend();
#define EXT_SYM(sym) _ ## sym
#else
-extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal();
extern "C" void art_quick_throw_stack_overflow();
extern "C" void art_quick_test_suspend();
#define EXT_SYM(sym) sym
*out_return_pc = reinterpret_cast<uintptr_t>(pc + instr_size);
}
-bool NullPointerHandler::Action(int, siginfo_t*, void* context) {
+bool NullPointerHandler::Action(int, siginfo_t* sig, void* context) {
+ if (!IsValidImplicitCheck(sig)) {
+ return false;
+ }
struct ucontext *uc = reinterpret_cast<struct ucontext*>(context);
uint8_t* pc = reinterpret_cast<uint8_t*>(uc->CTX_EIP);
uint8_t* sp = reinterpret_cast<uint8_t*>(uc->CTX_ESP);
*next_sp = retaddr;
uc->CTX_ESP = reinterpret_cast<uintptr_t>(next_sp);
- uc->CTX_EIP = reinterpret_cast<uintptr_t>(EXT_SYM(art_quick_throw_null_pointer_exception));
+ uc->CTX_EIP = reinterpret_cast<uintptr_t>(
+ EXT_SYM(art_quick_throw_null_pointer_exception_from_signal));
+ // Pass the faulting address as the first argument of
+ // art_quick_throw_null_pointer_exception_from_signal.
+#if defined(__x86_64__)
+ uc->CTX_RDI = reinterpret_cast<uintptr_t>(sig->si_addr);
+#else
+ uc->CTX_EAX = reinterpret_cast<uintptr_t>(sig->si_addr);
+#endif
VLOG(signals) << "Generating null pointer exception";
return true;
}
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception, artThrowNullPointerExceptionFromCode
/*
+ * Call installed by a signal handler to create and deliver a NullPointerException.
+ */
+ONE_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception_from_signal, artThrowNullPointerExceptionFromSignal
+
+ /*
* Called by managed code to create and deliver an ArithmeticException.
*/
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_div_zero, artThrowDivZeroFromCode
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception, artThrowNullPointerExceptionFromCode
/*
+ * Call installed by a signal handler to create and deliver a NullPointerException.
+ */
+ONE_ARG_RUNTIME_EXCEPTION art_quick_throw_null_pointer_exception_from_signal, artThrowNullPointerExceptionFromSignal
+
+ /*
* Called by managed code to create and deliver an ArithmeticException.
*/
NO_ARG_RUNTIME_EXCEPTION art_quick_throw_div_zero, artThrowDivZeroFromCode
dex_file, type);
}
-void ThrowNullPointerExceptionFromDexPC() {
+static bool IsValidImplicitCheck(uintptr_t addr, ArtMethod* method, const Instruction& instr)
+ SHARED_REQUIRES(Locks::mutator_lock_) {
+ if (!CanDoImplicitNullCheckOn(addr)) {
+ return false;
+ }
+
+ switch (instr.Opcode()) {
+ case Instruction::INVOKE_DIRECT:
+ case Instruction::INVOKE_DIRECT_RANGE:
+ case Instruction::INVOKE_VIRTUAL:
+ case Instruction::INVOKE_VIRTUAL_RANGE:
+ case Instruction::INVOKE_INTERFACE:
+ case Instruction::INVOKE_INTERFACE_RANGE:
+ case Instruction::INVOKE_VIRTUAL_QUICK:
+ case Instruction::INVOKE_VIRTUAL_RANGE_QUICK: {
+ // Without inlining, we could just check that the offset is the class offset.
+ // However, when inlining, the compiler can (validly) merge the null check with a field access
+ // on the same object. Note that the stack map at the NPE will reflect the invoke's location,
+ // which is the caller.
+ return true;
+ }
+
+ case Instruction::IGET:
+ case Instruction::IGET_WIDE:
+ case Instruction::IGET_OBJECT:
+ case Instruction::IGET_BOOLEAN:
+ case Instruction::IGET_BYTE:
+ case Instruction::IGET_CHAR:
+ case Instruction::IGET_SHORT:
+ case Instruction::IPUT:
+ case Instruction::IPUT_WIDE:
+ case Instruction::IPUT_OBJECT:
+ case Instruction::IPUT_BOOLEAN:
+ case Instruction::IPUT_BYTE:
+ case Instruction::IPUT_CHAR:
+ case Instruction::IPUT_SHORT: {
+ // Check that the fault address is at the offset of the field or null. The compiler
+ // can generate both.
+ ArtField* field =
+ Runtime::Current()->GetClassLinker()->ResolveField(instr.VRegC_22c(), method, false);
+ return (addr == 0) || (addr == field->GetOffset().Uint32Value());
+ }
+
+ case Instruction::IGET_QUICK:
+ case Instruction::IGET_BOOLEAN_QUICK:
+ case Instruction::IGET_BYTE_QUICK:
+ case Instruction::IGET_CHAR_QUICK:
+ case Instruction::IGET_SHORT_QUICK:
+ case Instruction::IGET_WIDE_QUICK:
+ case Instruction::IGET_OBJECT_QUICK:
+ case Instruction::IPUT_QUICK:
+ case Instruction::IPUT_BOOLEAN_QUICK:
+ case Instruction::IPUT_BYTE_QUICK:
+ case Instruction::IPUT_CHAR_QUICK:
+ case Instruction::IPUT_SHORT_QUICK:
+ case Instruction::IPUT_WIDE_QUICK:
+ case Instruction::IPUT_OBJECT_QUICK: {
+ // Check that the fault address is at the offset in the quickened instruction or null.
+ // The compiler can generate both.
+ return (addr == 0u) || (addr == instr.VRegC_22c());
+ }
+
+ case Instruction::AGET:
+ case Instruction::AGET_WIDE:
+ case Instruction::AGET_OBJECT:
+ case Instruction::AGET_BOOLEAN:
+ case Instruction::AGET_BYTE:
+ case Instruction::AGET_CHAR:
+ case Instruction::AGET_SHORT:
+ case Instruction::APUT:
+ case Instruction::APUT_WIDE:
+ case Instruction::APUT_OBJECT:
+ case Instruction::APUT_BOOLEAN:
+ case Instruction::APUT_BYTE:
+ case Instruction::APUT_CHAR:
+ case Instruction::APUT_SHORT: {
+ // The length access should crash. We currently do not do implicit checks on
+ // the array access itself.
+ return (addr == 0u) || (addr == mirror::Array::LengthOffset().Uint32Value());
+ }
+
+ case Instruction::FILL_ARRAY_DATA: {
+ // The length access should crash. We currently do not do implicit checks on
+ // the array access itself.
+ return (addr == 0u) || (addr == mirror::Array::LengthOffset().Uint32Value());
+ }
+
+ case Instruction::ARRAY_LENGTH: {
+ // The length access should crash.
+ return (addr == 0u) || (addr == mirror::Array::LengthOffset().Uint32Value());
+ }
+
+ default: {
+ // We have covered all the cases where an NPE could occur.
+ // Note that this must be kept in sync with the compiler, and adding
+ // any new way to do implicit checks in the compiler should also update
+ // this code.
+ return false;
+ }
+ }
+}
+
+void ThrowNullPointerExceptionFromDexPC(bool check_address, uintptr_t addr) {
uint32_t throw_dex_pc;
ArtMethod* method = Thread::Current()->GetCurrentMethod(&throw_dex_pc);
const DexFile::CodeItem* code = method->GetCodeItem();
CHECK_LT(throw_dex_pc, code->insns_size_in_code_units_);
const Instruction* instr = Instruction::At(&code->insns_[throw_dex_pc]);
+ if (check_address && !IsValidImplicitCheck(addr, method, *instr)) {
+ const DexFile* dex_file = method->GetDeclaringClass()->GetDexCache()->GetDexFile();
+ LOG(FATAL) << "Invalid address for an implicit NullPointerException check: "
+ << "0x" << std::hex << addr << std::dec
+ << ", at "
+ << instr->DumpString(dex_file)
+ << " in "
+ << PrettyMethod(method);
+ }
+
switch (instr->Opcode()) {
case Instruction::INVOKE_DIRECT:
ThrowNullPointerExceptionForMethodAccess(instr->VRegB_35c(), kDirect);
ThrowException("Ljava/lang/NullPointerException;", nullptr,
"Attempt to get length of null array");
break;
+ case Instruction::FILL_ARRAY_DATA: {
+ ThrowException("Ljava/lang/NullPointerException;", nullptr,
+ "Attempt to write to null array");
+ break;
+ }
+ case Instruction::INVOKE_LAMBDA:
+ case Instruction::BOX_LAMBDA:
+ case Instruction::UNBOX_LAMBDA:
+ case Instruction::LIBERATE_VARIABLE: {
+ ThrowException("Ljava/lang/NullPointerException;", nullptr,
+ "Using a null lambda");
+ break;
+ }
default: {
- // TODO: We should have covered all the cases where we expect a NPE above, this
- // message/logging is so we can improve any cases we've missed in the future.
const DexFile* dex_file =
method->GetDeclaringClass()->GetDexCache()->GetDexFile();
- ThrowException("Ljava/lang/NullPointerException;", nullptr,
- StringPrintf("Null pointer exception during instruction '%s'",
- instr->DumpString(dex_file).c_str()).c_str());
+ LOG(FATAL) << "NullPointerException at an unexpected instruction: "
+ << instr->DumpString(dex_file)
+ << " in "
+ << PrettyMethod(method);
break;
}
}
InvokeType type)
SHARED_REQUIRES(Locks::mutator_lock_) COLD_ATTR;
-void ThrowNullPointerExceptionFromDexPC()
+void ThrowNullPointerExceptionFromDexPC(bool check_address = false, uintptr_t addr = 0)
SHARED_REQUIRES(Locks::mutator_lock_) COLD_ATTR;
void ThrowNullPointerException(const char* msg)
extern "C" void art_quick_throw_div_zero();
extern "C" void art_quick_throw_no_such_method(int32_t method_idx);
extern "C" void art_quick_throw_null_pointer_exception();
+extern "C" void art_quick_throw_null_pointer_exception_from_signal(uintptr_t address);
extern "C" void art_quick_throw_stack_overflow(void*);
extern "C" void art_quick_throw_string_bounds(int32_t index, int32_t limit);
extern "C" NO_RETURN void artThrowNullPointerExceptionFromCode(Thread* self)
SHARED_REQUIRES(Locks::mutator_lock_) {
ScopedQuickEntrypointChecks sqec(self);
+ // We come from an explicit check in the generated code. This path is triggered
+ // only if the object is indeed null.
+ ThrowNullPointerExceptionFromDexPC(/* check_address */ false, 0U);
+ self->QuickDeliverException();
+}
+
+// Installed by a signal handler to throw a NPE exception.
+extern "C" NO_RETURN void artThrowNullPointerExceptionFromSignal(uintptr_t addr, Thread* self)
+ SHARED_REQUIRES(Locks::mutator_lock_) {
+ ScopedQuickEntrypointChecks sqec(self);
self->NoteSignalBeingHandled();
- ThrowNullPointerExceptionFromDexPC();
+ ThrowNullPointerExceptionFromDexPC(/* check_address */ true, addr);
self->NoteSignalHandlerDone();
self->QuickDeliverException();
}
bool Action(int sig, siginfo_t* siginfo, void* context) OVERRIDE;
+ static bool IsValidImplicitCheck(siginfo_t* siginfo) {
+ // Our implicit NPE checks always limit the range to a page.
+ // Note that the runtime will do more exhaustive checks (that we cannot
+ // reasonably do in signal processing code) based on the dex instruction
+ // faulting.
+ return CanDoImplicitNullCheckOn(reinterpret_cast<uintptr_t>(siginfo->si_addr));
+ }
+
private:
DISALLOW_COPY_AND_ASSIGN(NullPointerHandler);
};
// compile-time constant so the compiler can generate better code.
static constexpr int kPageSize = 4096;
+// Returns whether the given memory offset can be used for generating
+// an implicit null check.
+static inline bool CanDoImplicitNullCheckOn(uintptr_t offset) {
+ return offset < kPageSize;
+}
+
// Required object alignment
static constexpr size_t kObjectAlignment = 8;
static constexpr size_t kLargeObjectAlignment = kPageSize;
return tlsPtr_.mterp_alt_ibase;
}
+ // Notify that a signal is being handled. This is to protect us from doing recursive
+ // NPE handling after a SIGSEGV.
void NoteSignalBeingHandled() {
if (tls32_.handling_signal_) {
LOG(FATAL) << "Detected signal while processing a signal";
OSDN Git Service
