JDK-8288719 : [arm32] SafeFetch32 thumb interleaving causes random crashes
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 19,20
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • CPU: aarch32
  • Submitted: 2022-06-20
  • Updated: 2023-08-04
  • Resolved: 2022-06-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17 JDK 20
17.0.9Fixed 20 b04Fixed
Related Reports
Relates :  
JDK-8284997 - arm32 build crashes since JDK-8283326
Description
JDK-8283326 re-implemented SafeFetch as static assembler functions. This broke arm: the VM would crash at random points, usually in Atomic::add(), usually right at startup. In most cases the VM could not even be built correctly, see JDK-8284997.

This was only reproducible if the VM was built natively, on a Raspberry Pi, inside an Ubuntu18-derived container. Buiding natively on Raspberry Pi OS was fine. Cross-building was fine too. The difference is the default instruction set the toolchain uses. We don't explicitly specify `-mthumb` or `-marm`, so we use the toolchain's default. That default seems to depend on how GCC itself was built. Ubuntu ships a GCC that has been built in thumb mode, thus defaulting to `-mthumb`, whereas Rasperry Pi OS and Fedora ship GCCs that default to `-marm`.

So, the VM proper is compiled either to arm or thumb code. The `SafeFetch32` assembly function itself uses arm code always. Why this is I don't know for sure, I assume if I wanted thumb I need to specify `.thumb_func` in the assembly. 

If the VM uses thumb, it needs to call SafeFetch32 with a switching branch instruction (BX). But the compiler-generated BL. The instruction set was not switched upon entering SafeFetch32 and garbage thumb code was executed. VM crashes soon after.

This seems to be a common problem when writing arm assembly by hand, the solution is specify `.type function`. See also [1]: "As of GCC 4.7, the .type directive is pretty much required for functions. Or, rather, it is required if you want ARM and Thumb interworking to work."

A remaining question is whether we should specify the instruction set explicitly when building on arm32, to prevent surprises like this. Preferably with a configure option.
Comments
Fix request (17u): I'd like to backport this to fix arm32 thumb on jdk17 after backport of 8283326. I skip  8285675 intentionally as it was a temporary workaround for the issue.
14-07-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1577 Date: 2023-07-13 11:18:51 +0000
13-07-2023
Changeset: 26c03c18 Author: Thomas Stuefe <stuefe@openjdk.org> Date: 2022-06-23 10:15:05 +0000 URL: https://git.openjdk.org/jdk/commit/26c03c1860c6da450b5cd6a46576c78bea682f96
23-06-2022
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/9213 Date: 2022-06-20 08:24:49 +0000
20-06-2022