United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7143038 SIGSEGV in assert_equal / LinearScan::assign_reg_num
JDK-7143038 : SIGSEGV in assert_equal / LinearScan::assign_reg_num

Details
Type:
Bug
Submit Date:
2012-02-06
Status:
Closed
Updated Date:
2012-03-24
Project Name:
JDK
Resolved Date:
2012-03-24
Component:
hotspot
OS:
solaris,linux,generic
Sub-Component:
compiler
CPU:
x86,generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
hs22,hs23
Fixed Versions:
hs23 (b16)

Related Reports
Backport:
Backport:
Duplicate:
Duplicate:

Sub Tasks

Description
VM fails with crash. The failure is in C1.

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x74736163, pid=3409, tid=2366823312
#
# JRE version: 7.0_04-b08
# Java VM: Java HotSpot(TM) Server VM (23.0-b12-internal-201201260130.bvandett.hotspot-fastdebug compiled mode linux-x86 )
# Problematic frame:
# C  0x74736163

Stack: [0x8d0ad000,0x8d12e000],  sp=0x8d12c7dc,  free space=509k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
C  0x74736163
V  [libjvm.so+0x346d3d]  assert_equal(IRScopeDebugInfo*, IRScopeDebugInfo*)+0x18d
V  [libjvm.so+0x363fa0]  LinearScan::assign_reg_num(LIR_OpList*, IntervalWalker*)+0x3a0
V  [libjvm.so+0x364327]  LinearScan::assign_reg_num()+0xe7
V  [libjvm.so+0x3645b0]  LinearScan::do_linear_scan()+0x230
V  [libjvm.so+0x2ce3d1]  Compilation::emit_lir()+0x271
V  [libjvm.so+0x2cf981]  Compilation::compile_java_method()+0x181
V  [libjvm.so+0x2cfb23]  Compilation::compile_method()+0x63
V  [libjvm.so+0x2cfed4]  Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*)+0x214
V  [libjvm.so+0x2d1058]  Compiler::compile_method(ciEnv*, ciMethod*, int)+0x108
V  [libjvm.so+0x485d6e]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x55e
V  [libjvm.so+0x486c4b]  CompileBroker::compiler_thread_loop()+0x5bb
V  [libjvm.so+0xa9b07f]  compiler_thread_entry(JavaThread*, Thread*)+0x4f
V  [libjvm.so+0xaa9139]  JavaThread::thread_main_inner()+0x1b9
V  [libjvm.so+0xaa944e]  JavaThread::run()+0x26e
V  [libjvm.so+0x929791]  java_start(Thread*)+0x111
C  [libpthread.so.0+0x5869]  abort@@GLIBC_2.0+0x5869


Current CompileTask:
C1:  21927 1762   !b  3       java.lang.ThreadGroup::remove (94 bytes)

                                    

Comments
EVALUATION

glibc's exit is called through jvmti which triggers the call of destructors for global variables such as:
LocationValue         _illegal_value = LocationValue(Location());

An example call stack:

#8  0x01056b7f in LocationValue::~LocationValue() (this=0x1a07470)
   at /tmp/roland/hotspot/src/share/vm/ci/ciConstant.hpp:73
#9  0x01039b42 in __tcf_5 ()
   at /tmp/roland/hotspot/src/share/vm/c1/c1_LinearScan.cpp:2472
#10 0x007ca209 in exit () from /lib/i686/nosegneg/libc.so.6
#11 0x0011f6c2 in forceExit (exit_code=15)
   at ../../../src/share/back/debugInit.c:635
#12 0x0011c7e8 in doExit (in=0x8d549edc, out=0x8d549d7c)
   at ../../../src/share/back/VirtualMachineImpl.c:624
#13 0x00122643 in debugLoop_run () at ../../../src/share/back/debugLoop.c:172
#14 0x00136d8f in connectionInitiated (t=0x485e50)
   at ../../../src/share/back/transport.c:261
#15 0x00136dd0 in attachThread (jvmti_env=0x830dc1c, jni_env=0x84a2940,
   arg=0x485e50) at ../../../src/share/back/transport.c:334
#16 0x0141c1fb in JvmtiAgentThread::call_start_function (this=0x84a2800)
   at /tmp/roland/hotspot/src/share/vm/prims/jvmtiImpl.cpp:90
#17 0x0141c2ad in JvmtiAgentThread::start_function_wrapper (thread=0x84a2800,
   __the_thread__=0x84a2800)
   at /tmp/roland/hotspot/src/share/vm/prims/jvmtiImpl.cpp:84
#18 0x016811b7 in JavaThread::thread_main_inner() ()
   at /tmp/roland/hotspot/src/share/vm/runtime/thread.cpp:1546
#19 0x01683cfb in JavaThread::run (this=0x84a2800)
   at /tmp/roland/hotspot/src/share/vm/runtime/thread.cpp:1523
#20 0x0154c7fb in java_start (thread=0x84a2800)
   at /tmp/roland/hotspot/src/os/linux/vm/os_linux.cpp:887
#21 0x00933869 in start_thread () from /lib/i686/nosegneg/libpthread.so.0
#22 0x0087213e in clone () from /lib/i686/nosegneg/libc.so.6

The virtual table pointers of the C++ objects are updated to the one of ResourceObj. A compilation may still be in progress at the same time and perform a virtual call on one of the global objects, leading to a call to an erroneous address and a crash.
                                     
2012-02-15
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-comp/hotspot/rev/c7401dcad8bf
                                     
2012-02-16
EVALUATION

http://hg.openjdk.java.net/hsx/hotspot-gc/hotspot/rev/c7401dcad8bf
                                     
2012-02-18
EVALUATION

http://hg.openjdk.java.net/lambda/lambda/hotspot/rev/c7401dcad8bf
                                     
2012-03-22



Hardware and Software, Engineered to Work Together