JDK-6990192 : VM crashes in ciTypeFlow::get_block_for()
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: hs20
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2010-10-07
  • Updated: 2012-02-01
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u25Fixed 7Fixed hs20Fixed
Related Reports
Relates :  
JDK-6993078 - JSR 292 too many pushes: Lesp points into register window
Relates :  
JDK-6939196 - method handle signatures off the boot class path get linkage errors
Description
hs20-01 in JDK7 b112 crashed in the compiler code:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00002b4c1cfaab00, pid=29009, tid=1109731648
#
# JRE version: 7.0
# Java VM: Java HotSpot(TM) 64-Bit Server VM (20.0-b01 mixed mode linux-amd64 )
# Problematic frame:
# V  [libjvm.so+0x34eb00]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

Instructions: (pc=0x00002b4c1cfaab00)
0x00002b4c1cfaaaf0:   07 48 8b 00 48 89 75 a8 48 89 45 c0 48 8b 47 40
0x00002b4c1cfaab00:   4c 8b 34 f0 4d 85 f6 0f 84 cd 01 00 00 83 7d b4 
;; 00002b4c1cfaaaf0 07                      (bad)  
;; 00002b4c1cfaaaf1 48 8b 00                mov    (%rax),%rax
;; 00002b4c1cfaaaf4 48 89 75 a8             mov    %rsi,0xffffffffffffffa8(%rbp)
;; 00002b4c1cfaaaf8 48 89 45 c0             mov    %rax,0xffffffffffffffc0(%rbp)
;; 00002b4c1cfaaafc 48 8b 47 40             mov    0x40(%rdi),%rax
;; ---------------
;; 00002b4c1cfaab00 4c 8b 34 f0             mov    (%rax,%rsi,8),%r14
;; 00002b4c1cfaab04 4d 85 f6                test   %r14,%r14
;; 00002b4c1cfaab07 0f 84 cd 01 00 00       je     0x00002b4c1cfaacda
;; 00002b4c1cfaab0d 83 7d b4 ff             cmpl   $0xffffffffffffffff,0xffffffffffffffb4(%rbp)
;; 
Stack: [0x0000000042152000,0x0000000042253000],  sp=0x00000000422502d0,  free space=1016k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x34eb00];;  ciTypeFlow::get_block_for(int, ciTypeFlow::JsrSet*, ciTypeFlow::CreateOption)+0x30
V  [libjvm.so+0x351157];;  ciTypeFlow::flow_types()+0xa7
V  [libjvm.so+0x3512c1];;  ciTypeFlow::do_flow()+0x11
V  [libjvm.so+0x337e3c];;  ciMethod::get_flow_analysis()+0x7c
V  [libjvm.so+0x316054];;  ParseGenerator::can_parse(ciMethod*, int)+0x34
V  [libjvm.so+0x316121];;  CallGenerator::for_inline(ciMethod*, float)+0x21
V  [libjvm.so+0x40fd3f];;  Compile::call_generator(ciMethod*, int, bool, JVMState*, bool, float)+0x52f
V  [libjvm.so+0x41070c];;  Parse::do_call()+0x1cc
V  [libjvm.so+0x6af50a];;  Parse::do_one_bytecode()+0x225a
V  [libjvm.so+0x6a4933];;  Parse::do_one_block()+0x283
V  [libjvm.so+0x6a4ab0];;  Parse::do_all_blocks()+0xf0
V  [libjvm.so+0x6a6c1c];;  Parse::Parse(JVMState*, ciMethod*, float)+0x14fc
V  [libjvm.so+0x316208];;  ParseGenerator::generate(JVMState*)+0x88
V  [libjvm.so+0x38e735];;  Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool)+0x8d5
V  [libjvm.so+0x314efb];;  C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0xdb
V  [libjvm.so+0x393914];;  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x294
V  [libjvm.so+0x3940fd];;  CompileBroker::compiler_thread_loop()+0x38d
V  [libjvm.so+0x78c6cd];;  JavaThread::thread_main_inner()+0x6d
V  [libjvm.so+0x687dc0];;  _ZL10java_startP6Thread+0xf0


Current CompileTask:
C2:   3296   1%     <...>.Test.runThread()Z @ 4 (1179 bytes)

Please see comments for details.
Comments
EVALUATION http://hg.openjdk.java.net/jdk7/build/hotspot/rev/87d6a4d1ecbc
04-12-2010
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/87d6a4d1ecbc
20-10-2010
PUBLIC COMMENTS There is a problem in the logic of SystemDictionary::find_method_handle_invoke when the classes of the signature are not on the bootclasspath. In that case the method returns always the newly created method resulting in the assert above. Putting the classes on the bootclasspath makes the testcase work up to a point where it hits another assert: # To suppress the following error report, specify this argument # after -XX: or in .hotspotrc: SuppressErrorAt=/sharedRuntime.cpp:2693 ============================================================================== Unexpected Error ------------------------------------------------------------------------------ Internal Error at sharedRuntime.cpp:2693, pid=23705, tid=68 assert(fr.interpreter_frame_expression_stack_size()==0) failed: only handle empty stacks Do you want to debug the problem? To debug, run 'dbx - 23705'; then switch to thread 68 Enter 'yes' to launch dbx automatically (PATH must include dbx) Otherwise, press RETURN to abort... ============================================================================== (dbx) where current thread: t@68 [1] _waitid(0x0, 0x5d28, 0xb49dd6c0, 0x3), at 0xfdb7af95 [2] _waitpid(0x5d28, 0xb49dd788, 0x0), at 0xfdb293bf [3] waitpid(0x5d28, 0xb49dd788, 0x0), at 0xfdb6c805 =>[4] os::fork_and_exec(cmd = 0xfede9e30 "dbx - 23705"), line 5978 in "os_solaris.cpp" [5] VMError::show_message_box(this = 0xb49dd908, buf = 0xfede9e30 "dbx - 23705", buflen = 2000), line 53 in "vmError_solaris.cpp" [6] VMError::report_and_die(this = 0xb49dd908), line 725 in "vmError.cpp" [7] report_vm_error(file = 0xfebda87a "/home/ct232829/hotspot-comp/6990192/src/share/vm/runtime/sharedRuntime.cpp", line = 2693, error_msg = 0xfebda8c5 "assert(fr.interpreter_frame_expression_stack_size()==0) failed", detail_msg = 0xfebda904 "only handle empty stacks"), line 176 in "debug.cpp" [8] SharedRuntime::OSR_migration_begin(thread = 0x82e4c00), line 2693 in "sharedRuntime.cpp" [9] 0xfa814aa3(0xd52, 0xe60c4088, 0xe60c4088, 0xb49dda54, 0xb67fbf2e, 0xb49dda84), at 0xfa814aa3 [10] 0xfa803173(0x0, 0x0, 0xe60dc0a0, 0xb49dda88, 0xb663ad1b, 0xb49ddab0), at 0xfa803173 [11] 0xfa803ab7(0xe60dc000, 0xfecf2aa0, 0x1f80, 0xfecf2aa0, 0xb49ddc88, 0xb663ad38), at 0xfa803ab7 [12] 0xfa80043e(0xb49ddb34, 0xb49ddd10, 0xa, 0xb663ad38, 0xfa80b980, 0xb49ddc88, 0x1, 0x82e4c00, 0x0, 0x0), at 0xfa80043e [13] JavaCalls::call_helper(result = 0xb49ddd0c, m = 0xb49ddc00, args = 0xb49ddc80, __the_thread__ = 0x82e4c00), line 379 in "javaCalls.cpp" [14] os::os_exception_wrapper(f = 0xfe30c6b0 = &JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*), value = 0xb49ddd0c, method = 0xb49ddc00, args = 0xb49ddc80, thread = 0x82e4c00), line 4083 in "os_solaris.cpp" [15] JavaCalls::call(result = 0xb49ddd0c, method = CLASS, args = 0xb49ddc80, __the_thread__ = 0x82e4c00), line 293 in "javaCalls.cpp" [16] JavaCalls::call_virtual(result = 0xb49ddd0c, spec_klass = CLASS, name = CLASS, signature = CLASS, args = 0xb49ddc80, __the_thread__ = 0x82e4c00), line 190 in "javaCalls.cpp" [17] JavaCalls::call_virtual(result = 0xb49ddd0c, receiver = CLASS, spec_klass = CLASS, name = CLASS, signature = CLASS, __the_thread__ = 0x82e4c00), line 196 in "javaCalls.cpp" [18] thread_entry(thread = 0x82e4c00, __the_thread__ = 0x82e4c00), line 2580 in "jvm.cpp" [19] JavaThread::thread_main_inner(this = 0x82e4c00), line 1429 in "thread.cpp" [20] JavaThread::run(this = 0x82e4c00), line 1413 in "thread.cpp" [21] java_start(thread_addr = 0x82e4c00), line 1010 in "os_solaris.cpp" [22] _thr_setup(0xb5461200), at 0xfdb771d0 [23] _lwp_start(0x0, 0x5d28, 0xb49dd6c0, 0x3, 0xb5461200, 0xfdbee000), at 0xfdb774c0
07-10-2010
PUBLIC COMMENTS Running this testcase with a debug build results in: (dbx) where current thread: t@24 [1] ___nanosleep(0xb57f76b8, 0xb57f76c0), at 0xfdb798b5 [2] _sleep(0x64, 0x0), at 0xfdb6b5d2 =>[3] os::infinite_sleep(), line 3471 in "os_solaris.cpp" [4] VMError::report_and_die(this = 0xb57f77f4), line 751 in "vmError.cpp" [5] report_vm_error(file = 0xfe97dcd8 "/home/ct232829/hotspot-comp/hotspot/src/share/vm/oops/cpCacheOop.hpp", line = 130, error_msg = 0xfe97dd1d "assert(existing_f1 == NULL || existing_f1 == f1) failed", detail_msg = 0xfe97dd55 "illegal field change"), line 176 in "debug.cpp" [6] ConstantPoolCacheEntry::set_f1(this = 0xb68153ec, f1 = 0xb684e0d8), line 130 in "cpCacheOop.hpp" [7] ConstantPoolCacheEntry::set_method(this = 0xb68153ec, invoke_code = _invokedynamic, method = CLASS, vtable_index = -2), line 168 in "cpCacheOop.cpp" [8] InterpreterRuntime::resolve_invokedynamic(thread = 0x829f400), line 730 in "interpreterRuntime.cpp" [9] 0xfa81778d(0x0, 0xe5107890, 0xe5107890, 0xb57f79d4, 0xb684d5ee, 0xb57f7a04), at 0xfa81778d [10] 0xfa803173(0x0, 0x0, 0xe510a390, 0xb57f7a08, 0xb663ad1b, 0xb57f7a30), at 0xfa803173 [11] 0xfa803ab7(0xe510a328, 0xfecf3ef0, 0x1f80, 0xfecf3ef0, 0xb57f7c08, 0xb663ad38), at 0xfa803ab7 [12] 0xfa80043e(0xb57f7ab4, 0xb57f7c90, 0xa, 0xb663ad38, 0xfa80b980, 0xb57f7c08, 0x1, 0x829f400, 0x0, 0x0), at 0xfa80043e [13] JavaCalls::call_helper(result = 0xb57f7c8c, m = 0xb57f7b80, args = 0xb57f7c00, __the_thread__ = 0x829f400), line 379 in "javaCalls.cpp" [14] os::os_exception_wrapper(f = 0xfe30c560 = &JavaCalls::call_helper(JavaValue*,methodHandle*,JavaCallArguments*,Thread*), value = 0xb57f7c8c, method = 0xb57f7b80, args = 0xb57f7c00, thread = 0x829f400), line 4083 in "os_solaris.cpp" [15] JavaCalls::call(result = 0xb57f7c8c, method = CLASS, args = 0xb57f7c00, __the_thread__ = 0x829f400), line 293 in "javaCalls.cpp" [16] JavaCalls::call_virtual(result = 0xb57f7c8c, spec_klass = CLASS, name = CLASS, signature = CLASS, args = 0xb57f7c00, __the_thread__ = 0x829f400), line 190 in "javaCalls.cpp" [17] JavaCalls::call_virtual(result = 0xb57f7c8c, receiver = CLASS, spec_klass = CLASS, name = CLASS, signature = CLASS, __the_thread__ = 0x829f400), line 196 in "javaCalls.cpp" [18] thread_entry(thread = 0x829f400, __the_thread__ = 0x829f400), line 2580 in "jvm.cpp" [19] JavaThread::thread_main_inner(this = 0x829f400), line 1429 in "thread.cpp" [20] JavaThread::run(this = 0x829f400), line 1413 in "thread.cpp" [21] java_start(thread_addr = 0x829f400), line 1010 in "os_solaris.cpp" [22] _thr_setup(0xfa63b200), at 0xfdb771d0 [23] _lwp_start(0xb57f76b8, 0xb57f76c0, 0xfedeb260, 0xfecf3ef0, 0x64, 0x0), at 0xfdb774c0 It seems we have a race here we have to take care about.
07-10-2010