JDK-8150821 : Crash with assert(!((nmethod*)_cb)->is_deopt_pc(_pc)) failed: invariant broken
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 9
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • CPU: sparc
  • Submitted: 2016-02-29
  • Updated: 2017-08-14
  • Resolved: 2016-03-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b114Fixed
Related Reports
Relates :  
JDK-8046936 - JEP 270: Reserved Stack Areas for Critical Sections
Relates :  
JDK-8156659 - assert(CodeCache::find_blob_unsafe(_pc) == _cb) failed: inconsistent
Relates :  
JDK-8029441 - assert(!((nmethod*)_cb)->is_deopt_pc(_pc)) failed: invariant broken
Description
We hit the following assert on Sparc with different stack traces:

#  Internal Error (/opt/jprt/T/P1/212300.cthaling/s/hotspot/src/cpu/sparc/vm/frame_sparc.cpp:363), pid=6522, tid=33
#  assert(!((nmethod*)_cb)->is_deopt_pc(_pc)) failed: invariant broken

This failure is similar to JDK-8029441 but happens without the JFR.
Comments
We crash on SPARC in the frame constructor called for compiled code in os::Solaris::get_frame_at_stack_banging_point() (line 280). This code was introduced by "JEP 270: Reserved Stack Areas for Critical Sections" to get the stack banging Java frame and scan the call stack for methods that are annotated with ReservedStackAccess (those are allowed to continue execution). The StackOverflowException we are handling was thrown here: Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x14d8cc4] JVM_handle_solaris_signal+0x4f4 V [libjvm.so+0x14d18c4] signalHandler+0x24 C [libc.so.1+0xe26b4] __sighndlr+0x14 C [libc.so.1+0xd5ce8] call_user_handler+0x36c C [libc.so.1+0xd5f18] sigacthandler+0x64 J 277 C1 java.lang.Throwable.fillInStackTrace()Ljava/lang/Throwable; (54 bytes) @ 0xffffffff690cfdec [0xffffffff690cfda0+0x000000000000004c] J 1535 C1 java.lang.ReflectiveOperationException.<init>(Ljava/lang/Throwable;)V (6 bytes) @ 0xffffffff69448d90 [0xffffffff69448d00+0x0000000000000090] J 1534 C2 java.lang.reflect.InvocationTargetException.<init>(Ljava/lang/Throwable;)V (14 bytes) @ 0xffffffff704afe3c [0xffffffff704afe00+0x000000000000003c] j sun.reflect.GeneratedMethodAccessor1.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+69 J 826 C2 sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (10 bytes) @ 0xffffffff7045d5b8 [0xffffffff7045d560+0x0000000000000058] J 817 C1 java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (62 bytes) @ 0xffffffff692353f4 [0xffffffff692352c0+0x0000000000000134] J 1532 C2 sun.reflect.GeneratedMethodAccessor1.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (73 bytes) @ 0xffffffff704af838 [0xffffffff704af7a0+0x0000000000000098] J 826 C2 sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object; (10 bytes) @ 0xffffffff7045d5b8 [0xffffffff7045d560+0x0000000000000058] [...] The offending frame returned by os::fetch_frame_from_ucontext() in line 279 is "java.lang.Throwable::fillInStackTrace()". In line 280, we try to create the sender frame "java.lang.ReflectiveOperationException::<init>()" by using the deficient frame constructor. We hit the assert in frame::init() because the frame was deoptimized and the PC was patched. The frame was deoptimized because we run with -XX:+DeoptimizeALot. For deoptimized frames we use nm->get_original_pc(frame) to get the original/unpatched PC. In contrast to x86, on SPARC the saved PC is stored at a variable distance from the SP (see comment in frame_sparc.hpp). To determine the original PC for a deoptimized frame, we need information about the sender frame: nmethod::orig_pc_addr() is using the original SP "frame::unextended_sp()" (before any extension by an interpreted callee) which depends on "Frame::_sp_adjustment_by_callee". This value is not set by the constructor because there is no information about the callee frame. I fixed this by using a different constructor that fully initializes the frame: http://cr.openjdk.java.net/~thartmann/8150821/webrev.00/
23-03-2016
ILW = Assert in debug build, rare and only on SPARC, no workaround = MMH = P3
29-02-2016