| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-2117235 | 1.4.2 | Michael Paleczny | P3 | Resolved | Fixed | beta |
| JDK-2117234 | 1.4.0 | Michael Paleczny | P3 | Resolved | Fixed | beta |
Test case is attached to this bug
You'll have to download xerces from the apache website.
This is a bug in the C2 compiler
The java source code that leads to the problem
can be found in method scanSystemLiteral() in file
XMLDTDScanner.java. The problem is with the save and restore
of instance field fScannerState. The method changes this
field as follows:
int previousState = setScannerState(SCANNER_STATE_SYSTEMLITERAL);
This should set the private instance field fScannerState to
the value SCANNER_STATE_SYSTEMLITERAL (0x3b) and return the
old value (0x33). At the end of the method, the original
value is restored by a call to restoreScannerState().
If you try putting a println of the value of previousState
into method scanSystemLiteral() just after calling
setScannerState(), it will display 0x33 and the code will
work correctly. If you instead put the println just before
the call to restoreScannerState(), then you will see that it
claims the value in previousState is 0x3b and the observed
error occurs.
Here is the generated inline SPARC for the unmodified
(failing case):
mov 0x3b, %l2
st %l2, [%i0+0x68] // location of fScannerState
And here is the code that appears to call restoreScannerState():
mov 0x3b, %o1
mov %i0, %o0
mov %o1, %l0
call 0xeb0012a0
nop
This is appallingly bad.
With the printf in place, here is the inlined code for
setScannerState():
ld [%i1+0x68], %l2 // Current value of fScannerState
mov 0x3b, %l1
st %l1, [%i1+0x68] // Update
Then later, to restore it (%l2 has not been modified at any
time in between):
mov %i1, %o0
mov %l2, %o1
call 0xeb0012a0
nop
This is fine.
Looks like some over-enthusiastic and completely
inappropriate optimization.
Further analysis of this problem reveals that it is triggered
in the Deutsch-Schiffman inlining code in the hotspot
compiler. Turning off Deutsch-Schiffman inlining (by use of
the -XX:-UseTypeProfile java command line option) corrects
the problem. SetScannerState() still gets inlined inside
method scanSystemLiteral() but the Deutsch-Schiffman analysis
is not applied.
The error is
/opt/java-1.3.1b15/bin/java -server -classpath . -Xint EvilJVMTest
....[ debug output deleted ]...
Okay!
/opt/java-1.3.1b15/bin/java -server -classpath . -Xbatch EvilJVMTest
....[debug output deleted ]...
Exception in thread "main" java.lang.RuntimeException: FWK004
cannot happen 18 18 at
org.apache.xerces.framework.XMLParser.parse(XMLParser.java:965)
at EvilJVMTest.main(EvilJVMTest.java:32)
make: *** [evil] Error 1
You'll have to download xerces from the apache website.
This is a bug in the C2 compiler
The java source code that leads to the problem
can be found in method scanSystemLiteral() in file
XMLDTDScanner.java. The problem is with the save and restore
of instance field fScannerState. The method changes this
field as follows:
int previousState = setScannerState(SCANNER_STATE_SYSTEMLITERAL);
This should set the private instance field fScannerState to
the value SCANNER_STATE_SYSTEMLITERAL (0x3b) and return the
old value (0x33). At the end of the method, the original
value is restored by a call to restoreScannerState().
If you try putting a println of the value of previousState
into method scanSystemLiteral() just after calling
setScannerState(), it will display 0x33 and the code will
work correctly. If you instead put the println just before
the call to restoreScannerState(), then you will see that it
claims the value in previousState is 0x3b and the observed
error occurs.
Here is the generated inline SPARC for the unmodified
(failing case):
mov 0x3b, %l2
st %l2, [%i0+0x68] // location of fScannerState
And here is the code that appears to call restoreScannerState():
mov 0x3b, %o1
mov %i0, %o0
mov %o1, %l0
call 0xeb0012a0
nop
This is appallingly bad.
With the printf in place, here is the inlined code for
setScannerState():
ld [%i1+0x68], %l2 // Current value of fScannerState
mov 0x3b, %l1
st %l1, [%i1+0x68] // Update
Then later, to restore it (%l2 has not been modified at any
time in between):
mov %i1, %o0
mov %l2, %o1
call 0xeb0012a0
nop
This is fine.
Looks like some over-enthusiastic and completely
inappropriate optimization.
Further analysis of this problem reveals that it is triggered
in the Deutsch-Schiffman inlining code in the hotspot
compiler. Turning off Deutsch-Schiffman inlining (by use of
the -XX:-UseTypeProfile java command line option) corrects
the problem. SetScannerState() still gets inlined inside
method scanSystemLiteral() but the Deutsch-Schiffman analysis
is not applied.
The error is
/opt/java-1.3.1b15/bin/java -server -classpath . -Xint EvilJVMTest
....[ debug output deleted ]...
Okay!
/opt/java-1.3.1b15/bin/java -server -classpath . -Xbatch EvilJVMTest
....[debug output deleted ]...
Exception in thread "main" java.lang.RuntimeException: FWK004
cannot happen 18 18 at
org.apache.xerces.framework.XMLParser.parse(XMLParser.java:965)
at EvilJVMTest.main(EvilJVMTest.java:32)
make: *** [evil] Error 1
- backported by
-
JDK-2117234 Deutsch-Schiffman inlining problem in 1.3.1RC
-
- Resolved
-
-
-
- Resolved
-