United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7053520 JSR292: crash in invokedynamic with C1 using tiered and compressed oops
JDK-7053520 : JSR292: crash in invokedynamic with C1 using tiered and compressed oops

Details
Type:
Bug
Submit Date:
2011-06-10
Status:
Closed
Updated Date:
2014-01-16
Project Name:
JDK
Resolved Date:
2011-06-18
Component:
hotspot
OS:
generic
Sub-Component:
compiler
CPU:
generic
Priority:
P1
Resolution:
Fixed
Affected Versions:
hs21
Fixed Versions:
hs21 (b16)

Related Reports
Backport:
Backport:
Backport:

Sub Tasks

Description
Running JSR 292 test cases with TieredCompilation and UseCompressedOops results in crashes.

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/3275a6560cf7
                                     
2011-06-18
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-rt/hotspot/rev/c8f2186acf6d
                                     
2011-06-18
Verified via a lot of jsr292 tests in comiler nighlies w/ enabled TieredCompilation as well as in promotion after jdk8b102 (JDK-8008938).
Note: COops is enabled by default on many hosts by ergonomics.
                                     
2014-01-16
SUGGESTED FIX

diff -r 642c68c75db9 src/share/vm/c1/c1_LIRGenerator.cpp
--- a/src/share/vm/c1/c1_LIRGenerator.cpp
+++ b/src/share/vm/c1/c1_LIRGenerator.cpp
@@ -2799,7 +2799,7 @@ void LIRGenerator::do_Invoke(Invoke* x) 
 
       // Load CallSite object from constant pool cache.
       __ oop2reg(cpcache->constant_encoding(), tmp);
-      __ load(new LIR_Address(tmp, call_site_offset, T_OBJECT), tmp);
+      __ move_wide(new LIR_Address(tmp, call_site_offset, T_OBJECT), tmp);
 
       // Load target MethodHandle from CallSite object.
       __ load(new LIR_Address(tmp, java_lang_invoke_CallSite::target_offset_in_bytes(), T_OBJECT), receiver);
                                     
2011-06-10
EVALUATION

We are trying to decode the address of the CallSite object stored in constant pool cache as if it were an oop but it's a raw pointer which results in crashes.  The fix is to replace the load instruction with move_wide.
                                     
2011-06-10
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-comp/hotspot/rev/c8f2186acf6d
                                     
2011-06-14
EVALUATION

Fix is to code generated for invokedynamic, which is why the CR is flagged as JSR292-related.
                                     
2011-06-17
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/3275a6560cf7
                                     
2011-06-17



Hardware and Software, Engineered to Work Together