-
Bug
-
Resolution: Fixed
-
P4
-
port-stage-aarch32-8, port-stage-aarch32-9
-
None
-
aarch32
-
linux
Bug description:
JTreg test fail: hotspot/test/compiler/7116216/StackOverflow.java, with
error "assert(false) failed: DEBUG MESSAGE: no r13 to peel back"
The testcase aims to test when the callee have a lot of locals, if we've
got enough room on the stack for it. In the function
InterpreterGenerator::generate_stack_overflow_check in the source file
templateInterpreter_aarch32.cpp, we can see how it is done. First check if
the frame is greater than one page in size. If not, we finish checking, if
so, then we will use max_pages * page_size to expand the stack, and check
if the sp is out of the limit stack scope. If not, we finish checking, if
so, we will go to generate_throw_exception to throw a stackoverflow
exception. But at present, it left with “__ stop("no r13 to peel back");”
before going to generate_throw_exception which will stop JVM and cause fail
“assert(false)”.
At the same time, we find a bug in the function generate_throw_exception in
the source file stubGenerator_aarch32.cpp, where we generate the
stackoverflow exception. The assembly it produces like this:
push {fp, lr}
add fp, sp, #4
sub sp, fp, #0
add r9, pc, #0
str r9, [r8, #324]
…
“add fp, sp, #4” makes the fp point to lr in the stack. “sub sp, fp,
#0” makes the sp and fp point to the same place(lr). It would destroy the
stack. The sp should point to fp in the stack.
Bug solution:
For the first problem, We should delete the “__ stop("no r13 to peel
back");”. And let it go on.
For the second, I delete the c++ code which generated the assembly “sub
sp, fp, #0”. It will not have the stack trample problem.
Bug patch:
diff -r 06eed0568597 src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp
--- a/src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp Tue Jan 05
09:17:02 2016 +0000
+++ b/src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp Mon Jan 11
11:09:16 2016 +0800
@@ -518,8 +518,8 @@
// unnecessary because the sender SP in r13 is always aligned, but
// it doesn't hurt.
//__ bic(sp, r13, 7);
- __ stop("no r13 to peel back");
// Note: the restored frame is not necessarily interpreted.
// Use the shared runtime version of the StackOverflowError.
assert(StubRoutines::throw_StackOverflowError_entry() != NULL, "stub not
yet generated");
diff -r 06eed0568597 src/cpu/aarch32/vm/stubGenerator_aarch32.cpp
--- a/src/cpu/aarch32/vm/stubGenerator_aarch32.cpp Tue Jan 05 09:17:02
2016 +0000
+++ b/src/cpu/aarch32/vm/stubGenerator_aarch32.cpp Mon Jan 11 15:03:17
2016 +0800
@@ -1640,7 +1640,7 @@
assert(is_even(framesize/2), "sp not 16-byte aligned");
// lr and fp are already in place
- __ sub(sp, rfp, ((unsigned)framesize-4) << LogBytesPerInt); // prolog
int frame_complete = __ pc() - start;
JTreg test fail: hotspot/test/compiler/7116216/StackOverflow.java, with
error "assert(false) failed: DEBUG MESSAGE: no r13 to peel back"
The testcase aims to test when the callee have a lot of locals, if we've
got enough room on the stack for it. In the function
InterpreterGenerator::generate_stack_overflow_check in the source file
templateInterpreter_aarch32.cpp, we can see how it is done. First check if
the frame is greater than one page in size. If not, we finish checking, if
so, then we will use max_pages * page_size to expand the stack, and check
if the sp is out of the limit stack scope. If not, we finish checking, if
so, we will go to generate_throw_exception to throw a stackoverflow
exception. But at present, it left with “__ stop("no r13 to peel back");”
before going to generate_throw_exception which will stop JVM and cause fail
“assert(false)”.
At the same time, we find a bug in the function generate_throw_exception in
the source file stubGenerator_aarch32.cpp, where we generate the
stackoverflow exception. The assembly it produces like this:
push {fp, lr}
add fp, sp, #4
sub sp, fp, #0
add r9, pc, #0
str r9, [r8, #324]
…
“add fp, sp, #4” makes the fp point to lr in the stack. “sub sp, fp,
#0” makes the sp and fp point to the same place(lr). It would destroy the
stack. The sp should point to fp in the stack.
Bug solution:
For the first problem, We should delete the “__ stop("no r13 to peel
back");”. And let it go on.
For the second, I delete the c++ code which generated the assembly “sub
sp, fp, #0”. It will not have the stack trample problem.
Bug patch:
diff -r 06eed0568597 src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp
--- a/src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp Tue Jan 05
09:17:02 2016 +0000
+++ b/src/cpu/aarch32/vm/templateInterpreter_aarch32.cpp Mon Jan 11
11:09:16 2016 +0800
@@ -518,8 +518,8 @@
// unnecessary because the sender SP in r13 is always aligned, but
// it doesn't hurt.
//__ bic(sp, r13, 7);
- __ stop("no r13 to peel back");
// Note: the restored frame is not necessarily interpreted.
// Use the shared runtime version of the StackOverflowError.
assert(StubRoutines::throw_StackOverflowError_entry() != NULL, "stub not
yet generated");
diff -r 06eed0568597 src/cpu/aarch32/vm/stubGenerator_aarch32.cpp
--- a/src/cpu/aarch32/vm/stubGenerator_aarch32.cpp Tue Jan 05 09:17:02
2016 +0000
+++ b/src/cpu/aarch32/vm/stubGenerator_aarch32.cpp Mon Jan 11 15:03:17
2016 +0800
@@ -1640,7 +1640,7 @@
assert(is_even(framesize/2), "sp not 16-byte aligned");
// lr and fp are already in place
- __ sub(sp, rfp, ((unsigned)framesize-4) << LogBytesPerInt); // prolog
int frame_complete = __ pc() - start;