Bug ID: 7125136 SIGILL on linux amd64 in gc/ArrayJuggle/Juggle29

7125136 : SIGILL on linux amd64 in gc/ArrayJuggle/Juggle29

Details

Type:	Bug	Submit Date:	2011-12-27
Status:	Closed	Updated Date:	2012-03-24
Project Name:	JDK	Resolved Date:	2012-03-24
Component:	hotspot	OS:	linux
Sub-Component:	compiler	CPU:	x86
Priority:	P3
Resolution:	Fixed
Affected Versions:	8
Fixed Versions:	hs23

Related Reports

Backport:	JDK-2221502 - SIGILL on linux amd64 in gc/ArrayJuggle/Juggle29
Backport:	JDK-2221543 - SIGILL on linux amd64 in gc/ArrayJuggle/Juggle29
Relates:	JDK-5082720 - Remove adapter frames

Sub Tasks

Description

SIGILL on linux AMD64 durng nightly testing with fastdebug bits. 
gc/ArrayJuggle/Juggle29. 

http://sqeweb.us.oracle.com/nfs/results/vm/gtee/JDK7/NIGHTLY/VM/2011-12-19/Main_Baseline_fastdebug/

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGILL (0x4) at pc=0x00007fceabbd3361, pid=14278, tid=140525456824064
#
# JRE version: 8.0-b17
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23.0-b09-internal-201112162322.jcoomes.hs23-b09-set-ver-fastdebug mixed mode linux-amd64 compressed oops)
# Problematic frame:
# J  nsk.share.test.ThreadLocalRandom.next(I)I

Comments

EVALUATION http://hg.openjdk.java.net/lambda/lambda/hotspot/rev/fd8114661503
2012-03-22
EVALUATION http://hg.openjdk.java.net/hsx/hotspot-gc/hotspot/rev/fd8114661503
2012-02-18
EVALUATION http://hg.openjdk.java.net/hsx/hotspot-comp/hotspot/rev/fd8114661503
2012-02-16
EVALUATION Saving RBP register on nmethod's entry broke nmethod's verified entry patching when it become non-entrant. There is big comment in MachPrologNode::emit() about first instruction which should be at lest 5 bytes long. And push(rbp) is one byte instruction. VerifyFPU code also broken (first instruction is pushf). The same with C1 generated code with VerifyFPU and C1Breakpoint. The only reason we did not noticed this until now is stack bang instruction is usually generated first and it is big (store to stack with big offset). But C2 does not generated it if compiled stack frame is small and no calls in compiled method. For C2 moved saving EBP after ESP adjustment. And other cleanup in prolog code. For C1 generated stack bang with small offset (-256) first if needed.
2012-02-16
EVALUATION The above code corresponds to verified entry point: [Entry Point] 0x00007f41f9d72400: mov 0x8(%rsi),%r10d 0x00007f41f9d72404: shl $0x3,%r10 0x00007f41f9d72408: cmp %r10,%rax 0x00007f41f9d7240b: jne 0x00007f41f9acdb60 ; {runtime_call} 0x00007f41f9d72411: nop ... [Verified Entry Point] ;; B1: # N32 <- BLOCK HEAD IS JUNK Freq: 1 0x00007f41f9d72420: push %rbp 0x00007f41f9d72421: sub $0x10,%rsp 0x00007f41f9d72425: nop ;*synchronization entry ; - nsk.share.test.ThreadLocalRandom::next@-1 (line 131) 0x00007f41f9d72426: mov $0x30,%ecx 0x00007f41f9d7242b: sub %edx,%ecx 0x00007f41f9d7242d: mov $0xffffffffffff,%r10 But instead of push+sub instructions: 0x00007f41f9d72420: 55 48 83 ec 10 90 it has jmpq instruction which seems patch instruction when method was changed to zombee.
2012-02-13
EVALUATION patch_verified_entry() is not MT safe since it patched 2 instructions instead of one. First instruction (push rbp) could be already executed by a thread when it is patched over by one jmpq instruction.
2012-02-13
EVALUATION Instruction 'jmpq' starts in byte before ( 0x7fceabbd3360) but for some reason code executed from next byte: Instructions: (pc=0x00007fceabbd3361) 0x00007fceabbd3341: 8b 56 08 49 c1 e2 03 49 3b c2 0f 85 cf 65 d6 ff 0x00007fceabbd3351: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 e9 0x00007fceabbd3361: 3b dc c9 ff 90 b9 30 00 00 00 2b ca 49 ba ff ff 0x00007fceabbd3371: ff ff ff ff 00 00 49 bb 6d e6 ec de 05 00 00 00 ;; 00007fceabbd3340 44 8b 56 08 mov 0x8(%rsi),%r10 ;; 00007fceabbd3344 49 c1 e2 03 shl $0x3,%r10 ;; 00007fceabbd3348 49 3b c2 cmp %r10,%rax ;; 00007fceabbd334b 0f 85 cf 65 d6 ff jne 0x00007fceab939930 ;; 00007fceabbd3351 90 nop ... ;; 00007fceabbd335f 90 nop ;; --------------- ;; 00007fceabbd3360 e9 3b dc c9 ff jmpq 0x00007fceab870fa2 ;; 00007fceabbd3365 90 nop ;; 00007fceabbd3366 b9 30 00 00 00 mov $0x30,%ecx ;; 00007fceabbd336b 2b ca sub %edx,%ecx
2012-02-11

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together