-
Bug
-
Resolution: Fixed
-
P3
-
8, openjdk8u292
-
b05
-
aarch64
-
generic
8u aarch64 jvm (debug build from latest jdk8u-dev repo) crashes when executing the following test:
$ jtreg -othervm jdk/test/jdk/jfr/event/gc/configuration/TestGCHeapConfigurationEventWithHeapBasedOops.sh
1. Crash log:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/yangfei/openjdk8u-dev/hotspot/src/share/vm/asm/codeBuffer.hpp:177), pid=57263, tid=0x0000ffffbe1921f0
# assert(allocates2(pc)) failed: not in CodeBuffer memory: 0x0000ffffb04e5d80 <= 0x0000ffffb04e5e34 <= 0x0000ffffb04e5e30
#
# JRE version: OpenJDK Runtime Environment (8.0) (build 1.8.0-internal-debug-yangfei_2021_02_20_11_24-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.71-b00-debug mixed mode linux-aarch64 compressed oops)
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- T H R E A D ---------------
Current thread (0x0000ffffb800e800): JavaThread "main" [_thread_in_vm, id=57264, stack(0x0000ffffbdf93000,0x0000ffffbe193000)]
Stack: [0x0000ffffbdf93000,0x0000ffffbe193000], sp=0x0000ffffbe18ce30, free space=2023k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0xd154bc] VMError::report_and_die()+0x4dc
V [libjvm.so+0x5e9aec] report_vm_error(char const*, int, char const*, char const*)+0x84
V [libjvm.so+0x26e1d8] CodeSection::set_end(unsigned char*)+0xbc
V [libjvm.so+0x26e294] CodeSection::emit_int32(int)+0x3c
V [libjvm.so+0x26e814] AbstractAssembler::emit_int32(int)+0x20
V [libjvm.so+0x26fa30] Assembler::emit_long(int)+0x4c
V [libjvm.so+0x26fcb4] Assembler::emit()+0x28
V [libjvm.so+0x277a84] Instruction_aarch64::~Instruction_aarch64()+0x18
V [libjvm.so+0x270004] Assembler::add(RegisterImpl*, RegisterImpl*, unsigned int)+0x58
V [libjvm.so+0xa331a4] MacroAssembler::wrap_add_sub_imm_insn(RegisterImpl*, RegisterImpl*, unsigned int, void (MacroAssembler::*)(RegisterImpl*,
RegisterImpl*, unsigned int), void (MacroAssembler::*)(RegisterImpl*, RegisterImpl*, RegisterImpl*, Assembler::shift_kind, unsigned int))+0xe0
V [libjvm.so+0x27924c] MacroAssembler::add(RegisterImpl*, RegisterImpl*, unsigned int)+0x44
V [libjvm.so+0xa2ce0c] MacroAssembler::far_jump(Address, CodeBuffer*, RegisterImpl*)+0xec
V [libjvm.so+0xd4fb78] VtableStubs::create_itable_stub(int)+0x4e4
V [libjvm.so+0xd4e860] VtableStubs::find_stub(bool, int)+0x8c
V [libjvm.so+0x584b3c] VtableStubs::find_itable_stub(int)+0x18
V [libjvm.so+0x582108] CompiledIC::set_to_megamorphic(CallInfo*, Bytecodes::Code, Thread*)+0x1bc
V [libjvm.so+0xc07328] SharedRuntime::handle_ic_miss_helper(JavaThread*, Thread*)+0x6f4
V [libjvm.so+0xc05e44] SharedRuntime::handle_wrong_method_ic_miss(JavaThread*)+0x26c
v ~RuntimeStub::ic_miss_stub
2. The itable stub in this case looks like:
Dump of assembler code from 0xffffb04e5d80 to 0xffffb04e5e30:
0x0000ffffb04e5d80: ldr x12, [x9, #16]
0x0000ffffb04e5d84: ldr x16, [x9, #8]
0x0000ffffb04e5d88: ldr w10, [x1, #8]
0x0000ffffb04e5d8c: mov x27, #0xa2000000 // #2717908992
0x0000ffffb04e5d90: movk x27, #0xfff6, lsl #32
0x0000ffffb04e5d94: add x10, x27, x10
0x0000ffffb04e5d98: mov x27, #0xf000 // #61440
0x0000ffffb04e5d9c: movk x27, #0xefff, lsl #16
0x0000ffffb04e5da0: movk x27, #0xfff7, lsl #32 <================== extra instruction emitted
0x0000ffffb04e5da4: ldr w11, [x10, #296]
0x0000ffffb04e5da8: add x11, x10, x11, uxtx #3
0x0000ffffb04e5dac: add x11, x11, #0x1c8
0x0000ffffb04e5db0: ldr x10, [x11]
0x0000ffffb04e5db4: cmp x12, x10
0x0000ffffb04e5db8: b.eq 0xffffb04e5dd0 // b.none
0x0000ffffb04e5dbc: cbz x10, 0xffffb04e5e2c
0x0000ffffb04e5dc0: add x11, x11, #0x10
0x0000ffffb04e5dc4: ldr x10, [x11]
0x0000ffffb04e5dc8: cmp x12, x10
0x0000ffffb04e5dcc: b.ne 0xffffb04e5dbc // b.any
0x0000ffffb04e5dd0: ldr w10, [x1, #8]
0x0000ffffb04e5dd4: mov x27, #0xa2000000 // #2717908992
0x0000ffffb04e5dd8: movk x27, #0xfff6, lsl #32
0x0000ffffb04e5ddc: add x10, x27, x10
0x0000ffffb04e5de0: mov x27, #0xf000 // #61440
0x0000ffffb04e5de4: movk x27, #0xefff, lsl #16
0x0000ffffb04e5de8: movk x27, #0xfff7, lsl #32 <================= extra instruction emitted
0x0000ffffb04e5dec: ldr w11, [x10, #296]
0x0000ffffb04e5df0: add x11, x10, x11, uxtx #3
0x0000ffffb04e5df4: add x11, x11, #0x1c8
0x0000ffffb04e5df8: add x10, x10, #0x10
0x0000ffffb04e5dfc: ldr x12, [x11]
0x0000ffffb04e5e00: cmp x16, x12
0x0000ffffb04e5e04: b.eq 0xffffb04e5e1c // b.none
0x0000ffffb04e5e08: cbz x12, 0xffffb04e5e2c
0x0000ffffb04e5e0c: add x11, x11, #0x10
0x0000ffffb04e5e10: ldr x12, [x11]
0x0000ffffb04e5e14: cmp x16, x12
0x0000ffffb04e5e18: b.ne 0xffffb04e5e08 // b.any
0x0000ffffb04e5e1c: ldr w11, [x11, #8]
0x0000ffffb04e5e20: ldr x12, [x10, w11, uxtw]
0x0000ffffb04e5e24: ldr x8, [x12, #80]
0x0000ffffb04e5e28: br x8
0x0000ffffb04e5e2c: adrp x8, 0xffffb0074000
End of assembler dump.
3. This issue is not there for upstream as this part has reworked by: https://bugs.openjdk.java.net/browse/JDK-8207343
And this fix has been backported to 11u.
4. Proposed fix for 8u:
diff -r d644ac8583fd src/cpu/aarch64/vm/vtableStubs_aarch64.cpp
--- a/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp Wed Feb 17 12:44:59 2021 +0300
+++ b/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp Sat Feb 20 10:50:05 2021 +0800
@@ -94,6 +94,7 @@
__ lookup_virtual_method(r16, vtable_index, rmethod);
+#ifndef PRODUCT
if (DebugVtables) {
Label L;
__ cbz(rmethod, L);
@@ -102,6 +103,8 @@
__ stop("Vtable entry is NULL");
__ bind(L);
}
+#endif // PRODUCT
+
// r0: receiver klass
// rmethod: Method*
// r2: receiver
@@ -139,7 +142,7 @@
__ lea(r10, ExternalAddress((address) SharedRuntime::nof_megamorphic_calls_addr()));
__ incrementw(Address(r10));
}
-#endif
+#endif // PRODUCT
// Entry arguments:
// rscratch2: CompiledICHolder
@@ -182,7 +185,7 @@
// method (rmethod): Method*
// j_rarg0: receiver
-#ifdef ASSERT
+#ifndef PRODUCT
if (DebugVtables) {
Label L2;
__ cbz(rmethod, L2);
@@ -191,7 +194,7 @@
__ stop("compiler entrypoint is null");
__ bind(L2);
}
-#endif // ASSERT
+#endif // PRODUCT
// rmethod: Method*
// j_rarg0: receiver
@@ -218,14 +221,10 @@
int VtableStub::pd_code_size_limit(bool is_vtable_stub) {
- int size = DebugVtables ? 216 : 0;
- if (CountCompiledCalls)
- size += 6 * 4;
- // FIXME: vtable stubs only need 36 bytes
- if (is_vtable_stub)
- size += 52;
- else
- size += 176;
+ if (TraceJumps || DebugVtables || CountCompiledCalls || VerifyOops) {
+ return 1000;
+ }
+ int size = is_vtable_stub ? 60 : 192; // Plain + safety
return size;
// In order to tune these parameters, run the JVM with VM options
$ jtreg -othervm jdk/test/jdk/jfr/event/gc/configuration/TestGCHeapConfigurationEventWithHeapBasedOops.sh
1. Crash log:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/yangfei/openjdk8u-dev/hotspot/src/share/vm/asm/codeBuffer.hpp:177), pid=57263, tid=0x0000ffffbe1921f0
# assert(allocates2(pc)) failed: not in CodeBuffer memory: 0x0000ffffb04e5d80 <= 0x0000ffffb04e5e34 <= 0x0000ffffb04e5e30
#
# JRE version: OpenJDK Runtime Environment (8.0) (build 1.8.0-internal-debug-yangfei_2021_02_20_11_24-b00)
# Java VM: OpenJDK 64-Bit Server VM (25.71-b00-debug mixed mode linux-aarch64 compressed oops)
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- T H R E A D ---------------
Current thread (0x0000ffffb800e800): JavaThread "main" [_thread_in_vm, id=57264, stack(0x0000ffffbdf93000,0x0000ffffbe193000)]
Stack: [0x0000ffffbdf93000,0x0000ffffbe193000], sp=0x0000ffffbe18ce30, free space=2023k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0xd154bc] VMError::report_and_die()+0x4dc
V [libjvm.so+0x5e9aec] report_vm_error(char const*, int, char const*, char const*)+0x84
V [libjvm.so+0x26e1d8] CodeSection::set_end(unsigned char*)+0xbc
V [libjvm.so+0x26e294] CodeSection::emit_int32(int)+0x3c
V [libjvm.so+0x26e814] AbstractAssembler::emit_int32(int)+0x20
V [libjvm.so+0x26fa30] Assembler::emit_long(int)+0x4c
V [libjvm.so+0x26fcb4] Assembler::emit()+0x28
V [libjvm.so+0x277a84] Instruction_aarch64::~Instruction_aarch64()+0x18
V [libjvm.so+0x270004] Assembler::add(RegisterImpl*, RegisterImpl*, unsigned int)+0x58
V [libjvm.so+0xa331a4] MacroAssembler::wrap_add_sub_imm_insn(RegisterImpl*, RegisterImpl*, unsigned int, void (MacroAssembler::*)(RegisterImpl*,
RegisterImpl*, unsigned int), void (MacroAssembler::*)(RegisterImpl*, RegisterImpl*, RegisterImpl*, Assembler::shift_kind, unsigned int))+0xe0
V [libjvm.so+0x27924c] MacroAssembler::add(RegisterImpl*, RegisterImpl*, unsigned int)+0x44
V [libjvm.so+0xa2ce0c] MacroAssembler::far_jump(Address, CodeBuffer*, RegisterImpl*)+0xec
V [libjvm.so+0xd4fb78] VtableStubs::create_itable_stub(int)+0x4e4
V [libjvm.so+0xd4e860] VtableStubs::find_stub(bool, int)+0x8c
V [libjvm.so+0x584b3c] VtableStubs::find_itable_stub(int)+0x18
V [libjvm.so+0x582108] CompiledIC::set_to_megamorphic(CallInfo*, Bytecodes::Code, Thread*)+0x1bc
V [libjvm.so+0xc07328] SharedRuntime::handle_ic_miss_helper(JavaThread*, Thread*)+0x6f4
V [libjvm.so+0xc05e44] SharedRuntime::handle_wrong_method_ic_miss(JavaThread*)+0x26c
v ~RuntimeStub::ic_miss_stub
2. The itable stub in this case looks like:
Dump of assembler code from 0xffffb04e5d80 to 0xffffb04e5e30:
0x0000ffffb04e5d80: ldr x12, [x9, #16]
0x0000ffffb04e5d84: ldr x16, [x9, #8]
0x0000ffffb04e5d88: ldr w10, [x1, #8]
0x0000ffffb04e5d8c: mov x27, #0xa2000000 // #2717908992
0x0000ffffb04e5d90: movk x27, #0xfff6, lsl #32
0x0000ffffb04e5d94: add x10, x27, x10
0x0000ffffb04e5d98: mov x27, #0xf000 // #61440
0x0000ffffb04e5d9c: movk x27, #0xefff, lsl #16
0x0000ffffb04e5da0: movk x27, #0xfff7, lsl #32 <================== extra instruction emitted
0x0000ffffb04e5da4: ldr w11, [x10, #296]
0x0000ffffb04e5da8: add x11, x10, x11, uxtx #3
0x0000ffffb04e5dac: add x11, x11, #0x1c8
0x0000ffffb04e5db0: ldr x10, [x11]
0x0000ffffb04e5db4: cmp x12, x10
0x0000ffffb04e5db8: b.eq 0xffffb04e5dd0 // b.none
0x0000ffffb04e5dbc: cbz x10, 0xffffb04e5e2c
0x0000ffffb04e5dc0: add x11, x11, #0x10
0x0000ffffb04e5dc4: ldr x10, [x11]
0x0000ffffb04e5dc8: cmp x12, x10
0x0000ffffb04e5dcc: b.ne 0xffffb04e5dbc // b.any
0x0000ffffb04e5dd0: ldr w10, [x1, #8]
0x0000ffffb04e5dd4: mov x27, #0xa2000000 // #2717908992
0x0000ffffb04e5dd8: movk x27, #0xfff6, lsl #32
0x0000ffffb04e5ddc: add x10, x27, x10
0x0000ffffb04e5de0: mov x27, #0xf000 // #61440
0x0000ffffb04e5de4: movk x27, #0xefff, lsl #16
0x0000ffffb04e5de8: movk x27, #0xfff7, lsl #32 <================= extra instruction emitted
0x0000ffffb04e5dec: ldr w11, [x10, #296]
0x0000ffffb04e5df0: add x11, x10, x11, uxtx #3
0x0000ffffb04e5df4: add x11, x11, #0x1c8
0x0000ffffb04e5df8: add x10, x10, #0x10
0x0000ffffb04e5dfc: ldr x12, [x11]
0x0000ffffb04e5e00: cmp x16, x12
0x0000ffffb04e5e04: b.eq 0xffffb04e5e1c // b.none
0x0000ffffb04e5e08: cbz x12, 0xffffb04e5e2c
0x0000ffffb04e5e0c: add x11, x11, #0x10
0x0000ffffb04e5e10: ldr x12, [x11]
0x0000ffffb04e5e14: cmp x16, x12
0x0000ffffb04e5e18: b.ne 0xffffb04e5e08 // b.any
0x0000ffffb04e5e1c: ldr w11, [x11, #8]
0x0000ffffb04e5e20: ldr x12, [x10, w11, uxtw]
0x0000ffffb04e5e24: ldr x8, [x12, #80]
0x0000ffffb04e5e28: br x8
0x0000ffffb04e5e2c: adrp x8, 0xffffb0074000
End of assembler dump.
3. This issue is not there for upstream as this part has reworked by: https://bugs.openjdk.java.net/browse/JDK-8207343
And this fix has been backported to 11u.
4. Proposed fix for 8u:
diff -r d644ac8583fd src/cpu/aarch64/vm/vtableStubs_aarch64.cpp
--- a/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp Wed Feb 17 12:44:59 2021 +0300
+++ b/src/cpu/aarch64/vm/vtableStubs_aarch64.cpp Sat Feb 20 10:50:05 2021 +0800
@@ -94,6 +94,7 @@
__ lookup_virtual_method(r16, vtable_index, rmethod);
+#ifndef PRODUCT
if (DebugVtables) {
Label L;
__ cbz(rmethod, L);
@@ -102,6 +103,8 @@
__ stop("Vtable entry is NULL");
__ bind(L);
}
+#endif // PRODUCT
+
// r0: receiver klass
// rmethod: Method*
// r2: receiver
@@ -139,7 +142,7 @@
__ lea(r10, ExternalAddress((address) SharedRuntime::nof_megamorphic_calls_addr()));
__ incrementw(Address(r10));
}
-#endif
+#endif // PRODUCT
// Entry arguments:
// rscratch2: CompiledICHolder
@@ -182,7 +185,7 @@
// method (rmethod): Method*
// j_rarg0: receiver
-#ifdef ASSERT
+#ifndef PRODUCT
if (DebugVtables) {
Label L2;
__ cbz(rmethod, L2);
@@ -191,7 +194,7 @@
__ stop("compiler entrypoint is null");
__ bind(L2);
}
-#endif // ASSERT
+#endif // PRODUCT
// rmethod: Method*
// j_rarg0: receiver
@@ -218,14 +221,10 @@
int VtableStub::pd_code_size_limit(bool is_vtable_stub) {
- int size = DebugVtables ? 216 : 0;
- if (CountCompiledCalls)
- size += 6 * 4;
- // FIXME: vtable stubs only need 36 bytes
- if (is_vtable_stub)
- size += 52;
- else
- size += 176;
+ if (TraceJumps || DebugVtables || CountCompiledCalls || VerifyOops) {
+ return 1000;
+ }
+ int size = is_vtable_stub ? 60 : 192; // Plain + safety
return size;
// In order to tune these parameters, run the JVM with VM options