commit cec26f6ae3347d5ab3d60de02caca2e47151c6b2
author Ben Cheng <bccheng@android.com> Fri Jan 15 15:29:33 2010 -0800
committer Ben Cheng <bccheng@android.com> Fri Jan 15 15:29:33 2010 -0800
tree 77ac678d7568c94069c7dc235e5de1a7846b3a0c
parent 44758206a5694fceb3859846f05eb9823ed65ec7

Fix chaining offset mis-calculation for translations w/ large switch statements.

Bug: 2369821

There are 12 bytes of additional code after the 65th chaining cell. So if a
switch statement with more than that many cases is translated by the JIT, it
will run fine until the next unchaining event, which will patch the wrong code
and lead to all kinds of unexpected crashes.

vm/compiler/CompilerIR.h

diff --git a/vm/compiler/CompilerIR.h b/vm/compiler/CompilerIR.h
index 24e9b37..f5178d8 100644
--- a/vm/compiler/CompilerIR.h
+++ b/vm/compiler/CompilerIR.h
@@ -51,7 +51,9 @@
     kChainingCellInvokeSingleton,
     kChainingCellInvokePredicted,
     kChainingCellBackwardBranch,
-    kChainingCellLast,
+    kChainingCellGap,
+    /* Don't insert new fields between Gap and Last */
+    kChainingCellLast = kChainingCellGap + 1,
     kEntryBlock,
     kDalvikByteCode,
     kExitBlock,
@@ -61,7 +63,7 @@
 
 typedef struct ChainCellCounts {
     union {
-        u1 count[kChainingCellLast];
+        u1 count[kChainingCellLast]; /* include one more space for the gap # */
         u4 dummyForAlignment;
     } u;
 } ChainCellCounts;
@@ -149,8 +151,9 @@
     bool halveInstCount;
     bool executionCount;                // Add code to count trace executions
     bool hasLoop;
-    int numChainingCells[kChainingCellLast];
-    LIR *firstChainingLIR[kChainingCellLast];
+    int numChainingCells[kChainingCellGap];
+    LIR *firstChainingLIR[kChainingCellGap];
+    LIR *chainingCellBottom;
     struct RegisterPool *regPool;
     int optRound;                       // round number to tell an LIR's age
     JitInstructionSetType instructionSet;