JDK-6250767 : segv running AsyncGetCallTrace
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 6
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: x86
  • Submitted: 2005-04-05
  • Updated: 2016-11-18
  • Resolved: 2005-09-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6
6 b37Fixed
Related Reports
Relates :  
JDK-8169941 - CodeBlob::is_frame_complete_at() does not honor CodeOffsets::frame_never_safe
Relates :  
JDK-8168445 - make pd_get_top_frame_for_profiling more robust
Description
Running Dan D's stress tester on x86 I saw the following segv traceback

  ---- called from signal handler with signal 11 (SIGSEGV) ------
=>[11] frame::sender(this = ???, map = ???, cb = ???) (optimized), at 0xdee0b680 (line ~242) in "frame_i486.cpp"
  [12] vframeStreamForte::forte_next(this = ???) (optimized), at 0xdee01606 (line ~355) in "forte.cpp"
  [13] forte_fill_call_trace_given_top(thd = ???, trace = ???, depth = ???, top_frame = CLASS) (optimized), at 0xdee01d00 (line ~702) in "forte.cpp"
  [14] AsyncGetCallTrace(trace = ???, depth = ???, ucontext = ???) (optimized), at 0xdee01f95 (line ~851) in "forte.cpp"
  [15] profhandler(sig = 29, siginfo = 0xd094f1bc, ucontext = 0xd094efbc), line 171 in "b4757672.c"
  [16] __sighndlr(0x1d, 0xd094f1bc, 0xd094efbc, 0xde9f12d0), at 0xdfb8269f 
  ---- called from signal handler with signal 29 (SIGPROF) ------
  [17] 0xd9257796(0xd094f264, 0x7e0, 0xd094f26c, 0xd112e1f0, 0xd14d6a80, 0xd0c42810), at 0xd9257795 
  [18] 0xd9258040(0x0, 0xd0c42770, 0xd094f30c, 0xd926fdbc, 0xd0c42770, 0x40800000), at 0xd925803f 

investigation reveals that the topmost java frame is at this code:

0xd9257786:     movl     0x00000008(%eax),%ebx
0xd9257789:     jne      0xd90e9ad0     [ 0xd90e9ad0, .-0x16dcb9 ]
0xd925778f:     nop      
0xd9257790:     subl     $0x00000024,%esp

PROF interrupt hit after this instruction completed.

0xd9257796:     movl     %ebp,0x00000020(%esp)
0xd925779a:     leal     0x00000020(%esp),%ebp
0xd925779e:     movl     %eax,0xffffc000(%esp)
0xd92577a5:     pushl    $0x00000000

This is a native wrapper. The sender code exploded because of the creation
order for the frame. This is not safe for the sending code because the
location of saved ebp is not stored until after the frame is extended.
This is particular interrupt point has always be troublesome. 

###@###.### 2005-04-05 16:11:49 GMT
Comments
SUGGESTED FIX buried in this webrev: http://analemma.sfbay.sun.com/net/prt-archiver.sfbay/data/archived_workspaces/main/c2_baseline/2005/20050502135530.sgoldman.6250084/workspace/webrevs/webrev-2005.05.02/index.html
17-08-2005
EVALUATION The problem described by this was fixed. However there are many other chances for AsyncGetCallTrace to fail because it is dangerous piece of code. This particular problem was fixed by recording the range of pc's where it is dangerous to try and walk the stack so the AsyncGetCallTrace will just punt.
17-08-2005