JDK-6606675 : Crash in CodeBuffer resize in 1.4.2_15
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 1.4.2_15,1.4.2_18
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: solaris_8,solaris_9
  • CPU: sparc
  • Submitted: 2007-09-19
  • Updated: 2010-07-29
  • Resolved: 2008-06-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other Other Other
1.4.2_18-rev b07Fixed 1.4.2_19Fixed 5.0u17Fixed
Related Reports
Duplicate :  
JDK-6757035 - Compiler crash in Compute::Output
Relates :  
JDK-6174443 - VM crashes with core on Solaris 9 during hotspot compilation (1.4.2_04)
Relates :  
JDK-4925292 - Running codecache out of space can cause vm abort.
Relates :  
JDK-6487381 - Additional path for 5.0 jvm crash on exhaustion of CodeBuffer
Description
1.4.2_15 still crashes on Sol8 trying to call CodeBuffer::resize. 

(dbx) thread t@16
t@16 (l@16) stopped in __lwp_kill at 0xff2c1adc
0xff2c1adc: __lwp_kill+0x0008:  bcc,a,pt  %icc,__lwp_kill+0x18  ! 0xff2c1aec
(dbx) where -h -l
current thread: t@16
  [1] libc.so.1:__lwp_kill(0x0, 0x6, 0xfed23ca8, 0xaa1a0, 0xff2ed2d8, 0x0), at 0xff2c1adc
  [2] libc.so.1:raise(0x6, 0x0, 0xff2ee390, 0xfecbd5c4, 0xffffffff, 0x6), at 0xff260040
  [3] libc.so.1:abort(0xfed9b438, 0x1, 0xfed23ca8, 0xaa1a0, 0xff2ed2d8, 0x0), at 0xff240218
  [4] libjvm.so:os::abort(0x1, 0xfed84f05, 0x1, 0x80808080, 0xff0000, 0x80808080), at 0xfecbd5c4
  [5] libjvm.so:VMError::report_and_die(0xfed9b438, 0xfed9b447, 0xfed9b457, 0xff360884, 0xa8d7e940, 0xa8d7e688), at 0xfed23ca8
  [6] libjvm.so:JVM_handle_solaris_signal(0xff360884, 0xff360884, 0xfed84a09, 0x1, 0xfe663400, 0xa8d7e688), at 0xfe9db9b4
  [7] libc.so.1:__sighndlr(0xb, 0xa8d7e940, 0xa8d7e688, 0xfe9daf68, 0x0, 0x1), at 0xff2c0a14
  ---- called from signal handler with signal 11 (SIGSEGV) ------
  [8] libc_psr.so.1:_memcpy(0xfb7f0180, 0x7800, 0x80a0c005, 0x1000000, 0xc0238003, 0x210000d1), at 0xff360884
=>[9] libjvm.so:Compile::Fill_buffer(0x0, 0xfb7f01a0, 0x0, 0x3c00, 0x480fe60, 0x0), at 0xfe9d6b08
  [10] libjvm.so:CodeBuffer::resize(0x1cdaa4c, 0x7800, 0x18d8, 0x400, 0x1280, 0x36), at 0xfe9d2978
  [11] libjvm.so:Compile::Fill_buffer(0x2288354, 0x0, 0x18aea9c, 0x2f8, 0x3800, 0x3b4c), at 0xfe9d6b08
  [12] libjvm.so:Compile::Output(0x6, 0xe25774, 0x4, 0x0, 0x0, 0x0), at 0xfe9dc310
  [13] libjvm.so:Compile::Code_Gen(0xa8d7f500, 0xfed5fe10, 0xa8d7f414, 0xfeda0000, 0x0, 0x0), at 0xfe9d53bc
  [14] libjvm.so:Compile::Compile(0xfed5fc45, 0x10be68c, 0x26346a4, 0x1031b18, 0xffffffff, 0x1), at 0xfea0340c
  [15] libjvm.so:C2Compiler::compile_method(0x36350, 0xa8d7fd1c, 0x0, 0x9fed10, 0xffffffff, 0x0), at 0xfe9ffb6c
  [16] libjvm.so:CompileBroker::invoke_compiler_on_method(0x1bcb, 0x0, 0xffffffff, 0xfeddf8b0, 0xfeded018, 0x13bd98), at 0xfe9ff330
  [17] libjvm.so:CompileBroker::compiler_thread_loop(0xfed60498, 0xfeddfc9c, 0x13bd98, 0x13c350, 0x3335cc, 0xfea6c998), at 0xfeaaf984
  [18] libjvm.so:JavaThread::run(0x13bd98, 0x10, 0x40, 0x0, 0x40, 0x0), at 0xfea6c9c0
  [19] libjvm.so:java_start(0x13bd98, 0xa8d80000, 0x0, 0x0, 0xfecbca34, 0x1), at 0xfecbcb68

(dbx) frame 9
0xfe9d6b08: Fill_buffer+0x0b6c: call     resize ! 0xfeae59b4

(dbx)  dis 0xfe9d6ac0/20
0xfe9d6ac0: Fill_buffer+0x0b24: ld       [%g4 + 24], %g2
0xfe9d6ac4: Fill_buffer+0x0b28: ld       [%g4 + 28], %g3
0xfe9d6ac8: Fill_buffer+0x0b2c: inc      128, %g2
0xfe9d6acc: Fill_buffer+0x0b30: cmp      %g2, %g3
0xfe9d6ad0: Fill_buffer+0x0b34: bcc,pt   %icc,Fill_buffer+0xb6c ! 0xfe9d6b08
0xfe9d6ad4: Fill_buffer+0x0b38: nop
0xfe9d6ad8: Fill_buffer+0x0b3c: ld       [%g4 + 56], %g2
0xfe9d6adc: Fill_buffer+0x0b40: ld       [%g4 + 60], %g3
0xfe9d6ae0: Fill_buffer+0x0b44: inc      128, %g2
0xfe9d6ae4: Fill_buffer+0x0b48: cmp      %g2, %g3
0xfe9d6ae8: Fill_buffer+0x0b4c: bcc,pt   %icc,Fill_buffer+0xb6c ! 0xfe9d6b08
0xfe9d6aec: Fill_buffer+0x0b50: nop
0xfe9d6af0: Fill_buffer+0x0b54: ld       [%g4 + 84], %g2
0xfe9d6af4: Fill_buffer+0x0b58: ld       [%g4 + 64], %g3
0xfe9d6af8: Fill_buffer+0x0b5c: inc      128, %g2
0xfe9d6afc: Fill_buffer+0x0b60: cmp      %g2, %g3
0xfe9d6b00: Fill_buffer+0x0b64: bcs,a,pt  %icc,Fill_buffer+0xb7c        ! 0xfe9d6b18
0xfe9d6b04: Fill_buffer+0x0b68: ld       [%g4 + 8], %g2
0xfe9d6b08: Fill_buffer+0x0b6c: call     resize ! 0xfeae59b4
0xfe9d6b0c: Fill_buffer+0x0b70: mov      %g4, %o0

(dbx) regs
current thread: t@16
current frame:  [9]
g0-g3    0x00000000 0x00000004 0xfb7f3da0 0xfb7f01a0
g4-g7    0x0000435f 0x00000000 0x00000000 0xfe663400
o0-o3    0xfb7f0180 0x00007800 0x80a0c005 0x01000000
o4-o7    0xc0238003 0x210000d1 0xa8d7e9c0 0xfe9d6b08
l0-l3    0x00000000 0x00000000 0x00000000 0x00000000
l4-l7    0x00003c00 0x01cdaa4c 0x00000000 0x00000086
i0-i3    0x00000000 0xfb7f01a0 0x00000000 0x00003c00
i4-i7    0x0480fe60 0x00000000 0xa8d7ea20 0xfe9d2978
y        0x00000000
psr      0xfe401007
pc       0xfe9d6b08:Fill_buffer+0xb6c   call     resize ! 0xfeae59b4
npc      0xff360888:_memcpy+0x440       stxa     %o3, [%i0 + 8] %asi

(dbx) frame 11
0xfe9d6b08: Fill_buffer+0x0b6c: call     resize ! 0xfeae59b4
(dbx) regs
current thread: t@16
current frame:  [11]
g0-g3    0x00000000 0x00000004 0xfb7f3da0 0xfb7f01a0
g4-g7    0x0000435f 0x00000000 0x00000000 0xfe663400
o0-o3    0x01cdaa4c 0x00007800 0x000018d8 0x00000400
o4-o7    0x00001280 0x00000036 0xa8d7eb50 0xfe9d6b08
l0-l3    0xfe9495cc 0xa8d7f500 0x00000000 0x00000000
l4-l7    0x00003c00 0x00000000 0x00ac6410 0x00000086
i0-i3    0x02288354 0x00000000 0x018aea9c 0x000002f8
i4-i7    0x00003800 0x00003b4c 0xa8d7ed18 0xfe9dc310
y        0x00000000
psr      0xfe401007
pc       0xfe9d6b08:Fill_buffer+0xb6c   call     resize ! 0xfeae59b4
npc      0xff360888:_memcpy+0x440       stxa     %o3, [%i0 + 8] %asi

(dbx)
(dbx) mainargs
main's fp =  0xffbff7f0
argc =  40
argv =  0xffbff854
envp = 0xffbff8f8
Arguments:
0xffbff988:     "/u01/asapp_1/10.1.2/jdk/bin/java"
0xffbff9a9:     "-server"
0xffbff9b1:     "-Djava.security.policy=/u01/asapp_1/10.1.2/j2ee/web_risk_extra/config/java2.polic y"
0xffbffa04:     "-Djava.awt.headless=true"
0xffbffa1d:     "-Doracle.jdbc.V8Compatible=true"
0xffbffa3d:     "-Doracle.jdbc.V8Compatible=true"
0xffbffa5d:     "-Xms256M"
0xffbffa66:     "-Xmx1024M"
0xffbffa70:     "-Xss128k"
0xffbffa79:     "-XX:+UseParNewGC"
0xffbffa8a:     "-verbose:gc"
0xffbffa96:     "-XX:PermSize=64m"
0xffbffaa7:     "-XX:MaxPermSize=256m"
0xffbffabc:     "-XX:+HeapDumpOnOutOfMemoryError"
0xffbffadc:     "-XX:SurvivorRatio=4"
0xffbffaf0:     "-XX:+PrintGCDetails"
0xffbffb04:     "-XX:+PrintGCTimeStamps"
0xffbffb1b:     "-XX:ParallelGCThreads=8"
0xffbffb33:     "-Xconcurrentio"
0xffbffb42:     "-Dperformasure.debug=0"
0xffbffb59:     "-Xbootclasspath/p:/opt/foglight-client/config/J2EEAgent/SunOS/bootstrap/-u01-app- j2sdk1.4.2_15.jar"
0xffbffbbc:     "-Doracle.ons.oraclehome=/u01/asapp_1/10.1.2"
0xffbffbe8:     "-Doracle.home=/u01/asapp_1/10.1.2"
0xffbffc0a:     "-Doracle.ons.oracleconfighome=/u01/asapp_1/10.1.2"
0xffbffc3c:     "-Doracle.ons.clustername=C_11.100.6.171.17d5d2a.11369b04636.-8000"
0xffbffc7e:     "-Doracle.ons.instancename=asapp01.k003ht-0061.network.ad.tsa.gov"
0xffbffcbf:     "-Dopmn.compatible=904"
0xffbffcd5:     "-Doracle.ons.indexid=web_risk_extra.default_island.1"
0xffbffd0a:     "-Doracle.ons.uid=965542037"
0xffbffd25:     "-Doracle.oc4j.instancename=web_risk_extra"
0xffbffd4f:     "-Doracle.oc4j.islandname=default_island"
0xffbffd77:     "-DOPMN=true"
0xffbffd83:     "-jar"
0xffbffd88:     "oc4j.jar"
0xffbffd91:     "-config"
0xffbffd99:     "/u01/asapp_1/10.1.2/j2ee/web_risk_extra/config/server.xml"
0xffbffdd3:     "-properties"
0xffbffddf:     "-properties"
0xffbffdeb:     "-ports"
0xffbffdf2:     "ajp:12507,rmi:12407,jms:12607" 

source/ws/hotspot/src/share/vm/opto/output.cpp?v=Java_1.4.2_15

1131   // Cache the code buffer pointer
1132   CodeBuffer *cb = _code_buffer;
1133 
1134   // Emit the exception handler code
1135   cb->set_exception_offset(cb->code_size());
1136   emit_exception_handler(*cb);
1137 
1138   // Generate the relocation info for stubs, where reloc info was out-of-line
1139   cb->relocate_stubs();
1140 
1141   // Resize the code buffer to the required size, if the size was not
1142   // already computed
1143   if( labels_not_set )
1144     cb->resize( cb->code_size(), cb->stub_size(), cb->ctable_size(), cb->locs_size() );
1145   // Have we run out of code space?
1146   if (cb->code_capacity() == 0) {
1147     out_of_CodeBuffer_space();
1148     return;
1149   }
Comments
SUGGESTED FIX *************** *** 562,571 **** --- 562,575 ---- } // Create a new (temporary) code buffer to hold all the new data CodeBuffer cb(new_code_size, new_locs_size, new_stub_size, new_ctable_size, 0, oop_recorder() != NULL, NULL, NULL, NULL, true, oop_recorder(), _blob->name(), true, true); + if (cb.code_capacity() == 0) { + _instsStart = _instsOverflow; + return; + } // Get the Cpu-Specific Data cb.getCpuData(this); // Copy the non-relocation info
25-10-2007
EVALUATION Yet another path via resize where codeBuffer space can be exhausted. Need to check after we resize. See suggested fix. Applies to 5.0 also.
25-10-2007