JDK-4294942 : method with many locals crashes HotSpot in compiled mode
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 1.3.0,1.4.0
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic,windows_nt
  • CPU: x86
  • Submitted: 1999-11-29
  • Updated: 2001-06-13
  • Resolved: 2001-06-05
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.0 beta2Fixed
Related Reports
Duplicate :  
JDK-4463776 - JCK13a vm/concepts/exceptions/exceptions031 core file on c1 & c1 Xcomp on X86
Relates :  
JDK-4245436 - 1.3c1: IE5 on NT system crashes when running vm/instr/astore_w/astore_w004/astor
Relates :  
JDK-4477785 - method with many locals crashes vm in 64-bit mode
Relates :  
JDK-4244976 - 1.3c1: IE5 on WinNT system will crash if hotspot is used when running the JCK te
Relates :  
JDK-4322419 - [sparc/win32/c2] Compiler2 fails astore_w00401 test.
Description

Name: ipC94532			Date: 11/29/99



Java HotSpot Client VM build 1.3-P in compiled mode (-Xcomp option) crashes without 
notification while running test  vm/instr/astore_w/astore_w004/astore_w00401 
from  jck1.3 i.e. at invocation of method with large number of locals.
 
This is observed on winNT.

To reproduce the bug run do.bat (source text bellow)

Test passed on the classic VM  and on HotSpot Client VM in mixed mode (witout options)
and in interpreted mode (-Xint)

Test was improved (The catching of StackOverflowError and OutOfMemoryError
was addeed in the test. See bug #4280626). 

Running under winNT the do.bat outputs:

>do.bat
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-P)
Java HotSpot(TM) Client VM (build 1.3-P, mixed mode)
----95----

>do.bat -Xcomp 
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-P)
Java HotSpot(TM) Client VM (build 1.3-P, compiled mode)
----128----

>do.bat -Xint 
java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-P)
Java HotSpot(TM) Client VM (build 1.3-P, interpreted mode)
----95----

Sources:
---------------------- do.bat --------------------------------
@echo off

set CLASSPATH= <Your path to classes of tests>

java %1 -version
java %1  -Xfuture javasoft.sqe.tests.vm.astore_w.astore_w004.astore_w00401.astore_w00401

echo ----%errorlevel%----

-------------------- end of do.bat ------------------------


-------------------- astore_w00401.jasm ------------------------
//File: @(#)astore_w00401.jasm 1.4 99/10/13 
//Copyright 10/13/99 Sun Microsystems, Inc.  All Rights Reserved

package javasoft/sqe/tests/vm/astore_w/astore_w004/astore_w00401;

public class  astore_w00401 {

public static Method run:"([Ljava/lang/String;Ljava/io/PrintStream;)I"
	stack 3 locals 3
{
		try t7, t10;
		invokestatic	Method run1:"()I";
		istore_2;
		endtry t7, t10;
		goto	L10;
		catch t7 java/lang/StackOverflowError;
		astore_2;
		goto	L10;
		catch t10 java/lang/OutOfMemoryError;
		astore_2;

	L10:	iconst_0;
		ireturn;

}

public static Method run1:"()I"
	stack 2 locals 65535
{
		aconst_null;
		astore_w  65534;
		iconst_0;
		ireturn;
}


public static Method main:"([Ljava/lang/String;)V"
	stack 2 locals 2
{
	aload_0;
	getstatic	Field java/lang/System.out:"Ljava/io/PrintStream;";
	invokestatic	Method run:"([Ljava/lang/String;Ljava/io/PrintStream;)I";
		bipush	95/*STATUS_TEMP*/;	
		iadd;
	invokestatic	Method java/lang/System.exit:"(I)V";
	return;
}

} // end Class astore_w00401 
-------------------- end of astore_w00401.jasm ------------------------

======================================================================
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: merlin-beta2 FIXED IN: merlin-beta2 INTEGRATED IN: merlin-beta2
14-06-2004
EVALUATION Robert, this is the same as 4256603, 4256091, 4245436. All of which are closeds. Still is a stack banging bug. You may want to close it as a duplicate of the other open stack overflow problems. --- I gave tried the doit.bat in bugs/<bug_id> for this bug in the modes java/java_g -Xmixed/-Xint/-Xcomp and cannot reproduce any crashes or problems. Please double-check this is the correct test and re-file a bug if necessary (and adjust the test). Corresponding bug directory courtesy of Moe G. robert.griesemer@Eng 1999-11-30 --- 01 Dec 1999: --- Eugene I. Latkin <###@###.###> --- by request of Igor Pyankov <###@###.###> Robert, the file doit.bat in the in the directory: /net/sqesvr/vsn/GammaBase/Bugs/4294942 looks incorrect for me. Please, try my doit.bat in the directory: /net/sqesvr/vsn/GammaBase/Bugs/4294942.1 -- it does reproduce the failure. Eugene; I cannot reproduce the bug. I went into the directory /net/sqesvr/vsn/GammaBase/Bugs/4294942.1 and called jasm manually on the file with all your options. I am running the latest JDK1.3P. robert.griesemer@Eng 1999-12-06 Name: ipC94532 Date: 12/09/99 New version of "doit.bat" is in /net/sqesvr/vsn/GammaBase/Bugs/4294942.1 which does reproduce the failure. See also its source below. Please note that test crashes VM and returns errorelevel code 128 (not 97). I am going to reopen this bug. -------------Source of new doit.bat: ----------------------- @echo off echo . echo . Assuming that G: is mapped to \\grinder\local-java, echo . adjust PATH to HS 1.3-fcsP: echo . set PATH=F:\jdk1.3\win32\bin PATH echo . echo . Compile astore_w00401: echo . mkdir classes java -cp G:\sqe-tools2.0\asmtools.jar javasoft.sqe.jasm.Main -d ./classes astore_w00401.jasm echo . echo . Execute the test: set CLASSPATH=.\classes java -Xcomp -version java -Xcomp -Xfuture javasoft.sqe.tests.vm.astore_w.astore_w004.astore_w00401.astore_w00401 if not errorlevel 128 goto L97 echo VM CRASHED !!! goto END :L97 if not errorlevel 97 goto L95 echo Test failed goto END :L95 if not errorlevel 95 goto L_other echo Test passed goto END :L_other echo Other problems - not compiled may be :END -------------end of source of new doit.bat ----------------------- ====================================================================== Dave, this maybe a variation on the bug you are looking at.... mohammad.gharahgouzloo@Eng 2001-04-08 ====================================================================== The problem occurs because on x86, C1 sets the stack pointer for a frame before probing memory to see if the frame will fit. In this test, the frame for atore_w00401.run1 does not fit and the vm can't recover because esp is entirely beyond the thread's stack. By performing the stack banging for a new frame before decrementing esp by the frame's size, the problem is fixed. david.cox@Eng 2001-05-15
15-05-2001
SUGGESTED FIX Perform the stack banging for a new C1 frame before decrementing esp by the frame's size. ------- c1_CodePatterns_i486.cpp ------- *** /tmp/sccs.kWaqGN Tue May 15 16:50:11 2001 --- c1_CodePatterns_i486.cpp Tue May 15 16:24:21 2001 *************** *** 48,88 **** void C1_CodePatterns::build_frame(bool must_bang_stack, bool has_synchronization, int frame_size_in_bytes) { enter(); - decrement(esp, frame_size_in_bytes); // does not emit code for frame_size == 0 ! if (!UseStackBanging) return; ! // Write to each page of our new frame to force OS mapping. ! // If we decrement stack pointer more than one page ! // the OS may not map an intervening page into our space ! // and may fault on a memory access to interior of our frame. ! int page_size = os::vm_page_size(); ! assert(page_size != 0, "Must have been initialized"); ! // do extra bangs to ensure sufficient stack space for exception handling ! int end = -os::bang_stack_size_for_exceptions(); ! // reserve an extra page for slow-path monitorenter and monitorexit ! if (has_synchronization) end -= page_size; ! if (must_bang_stack && end == 0) { ! bang_stack(); ! return; ! } ! // Disabled code: excessive stack banging causes significant performance penalty. ! // Clarify if the code is needed. ! NEEDS_CLEANUP ! // The initial probe offset is usually (frame size - page size); the loop then ! // leaves a region of size (frame size % page size) untouched at the end of ! // the stack. Ensure the untouched region is < StackBangSkipMax. ! // int page_ofs = frame_size_in_bytes & (page_size - 1); ! // int offset = frame_size_in_bytes - ! // (page_ofs < StackBangSkipMax ? page_size : page_ofs); ! // for ( /* empty */; offset >= end; offset -= page_size ) { ! // bang_stack_with_offset(offset); ! // } ! // assert(offset + page_size - end <= StackBangSkipMax, "must bang more stack"); } --- 48,79 ---- void C1_CodePatterns::build_frame(bool must_bang_stack, bool has_synchronization, int frame_size_in_bytes) { enter(); ! // Make sure there is enough stack space for execution of this method. ! if (UseStackBanging) { ! int page_size = os::vm_page_size(); ! assert(page_size != 0, "Must have been initialized"); ! // Ensure extra stack space for exception handling. ! int extra = os::bang_stack_size_for_exceptions(); ! // Ensure extra space to execute the slow cases of monitorenter or monitorexit. ! if (has_synchronization) extra = MAX2(extra, page_size); ! // Ensure extra space if told to do so. ! if (must_bang_stack) extra = MAX2(extra, page_size); ! // Don't allow this frame to extend so far into the yellow pages ! // that vm code which unprotects the yellow pages cannot execute. ! if (frame_size_in_bytes > (page_size / 4)) extra = MAX2(extra, page_size); ! // Write into the required memory pages to ensure they are mapped by the OS. ! int limit = -(frame_size_in_bytes + extra); ! for (int offset = -page_size; offset >= limit; offset -= page_size ) { ! movl(Address(ebp, offset), eax); ! } ! } ! decrement(esp, frame_size_in_bytes); // does not emit code for frame_size == 0 } david.cox@Eng 2001-05-15
15-05-2001