First Last Prev Next    This bug is not in your last search results.
Bug 484 - Shark jit code block "0xcdcdcdcd" zombie wipeout Sigsegv crash
: Shark jit code block "0xcdcdcdcd" zombie wipeout Sigsegv crash
Status: RESOLVED FIXED
Product: IcedTea
Classification: Unclassified
Component: Shark
: 6-hg
: all Linux
: P2 normal
: 6-1.9.0
Assigned To: Chris Phillips @ TO
Depends on:
Blocks:
  Show dependency tree / graph
 
Reported: 2010-05-05 11:56 UTC by Xerxes Rånby
Modified: 2011-10-13 15:38 UTC (History)
1 user (show)

See Also:

Attachments
hs_err_pid32578.log crash log (18.76 KB, text/plain)
2010-05-05 12:08 UTC, Xerxes Rånby 		Details
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xerxes Rånby 2010-05-05 11:56:52 UTC 
Testcase:
cd openjdk/jdk/test/com/sun/media/sound/SoftReceiver
javac Send_NoteOn_AllChannels.java
java -Xcomp Send_NoteOn_AllChannels

Output:
Starting program: /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/build/linux-i586/j2sdk-image/bin/java -Xcomp -XX:+SharkTraceInstalls -XX:+PrintCompilation Send_NoteOn_AllChannels
[Thread debugging using libthread_db enabled]
process 32578 is executing new program: /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/build/linux-i586/j2sdk-image/bin/java
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fe5b70 (LWP 32608)]
[New Thread 0x93c9ab70 (LWP 32619)]
[New Thread 0x93c19b70 (LWP 32620)]
[New Thread 0x93a98b70 (LWP 32621)]
[New Thread 0x938d1b70 (LWP 32624)]
[New Thread 0x93750b70 (LWP 32625)]
  1   b   java.lang.Thread::<init> (49 bytes)
 [0x3a64010-0x3a6440a): java.lang.Thread::<init> (1018 bytes code)
[New Thread 0x934ffb70 (LWP 32630)]
  2   b   java.lang.System::getProperty (25 bytes)
 [0x3a64460-0x3a646b2): java.lang.System::getProperty (594 bytes code)
... *363 compiled methods later*
365   b   com.sun.media.sound.EmergencySoundbank::<clinit> (885 bytes)
 [0x3ac0d10-0x3ac3abb): com.sun.media.sound.EmergencySoundbank::<clinit> (11691 bytes code)
366   b   com.sun.media.sound.EmergencySoundbank::createSoundbank (4477 bytes)   <-------
 [0x3ac3b10-0x3ac3bba): com.sun.media.sound.EmergencySoundbank::createSoundbank (170 bytes code)
366   made not entrant  com.sun.media.sound.EmergencySoundbank::createSoundbank (4477 bytes)
367   b   com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
 [0x3ac3c10-0x3ac3e59): com.sun.media.sound.SF2Soundbank::<init> (585 bytes code)
367   made not entrant  com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
368   b   com.sun.media.sound.SF2Soundbank::setName (6 bytes)
 [0x3ac3eb0-0x3ac3fcb): com.sun.media.sound.SF2Soundbank::setName (283 bytes code)
... wait a hundered methods later and zombies are aproaching!!!
438   b   com.sun.media.sound.SF2Layer::getRegions (5 bytes)
 [0x3ad8a30-0x3ad8b4d): com.sun.media.sound.SF2Layer::getRegions (285 bytes code)
439   b   com.sun.media.sound.EmergencySoundbank::new_snare_drum (529 bytes)
 [0x3ad8bf0-0x3adb6b6): com.sun.media.sound.EmergencySoundbank::new_snare_drum (10950 bytes code)
 10%  b   com.sun.media.sound.FFT::calcF4FE @ 62 (481 bytes)
 [0x3adb710-0x3adc627): com.sun.media.sound.FFT::calcF4FE (3863 bytes code)
389   made zombie  com.sun.media.sound.EmergencySoundbank::ifft (17 bytes)
381   made zombie  java.util.Random::<init> (27 bytes)
378   made zombie  java.util.Random::<clinit> (95 bytes)
372   made zombie  java.lang.Math::sqrt (5 bytes)
371   made zombie  com.sun.media.sound.EmergencySoundbank::new_bass_drum (530 bytes)
367   made zombie  com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
366   made zombie  com.sun.media.sound.EmergencySoundbank::createSoundbank (4477 bytes) <-------
361   made zombie  sun.misc.URLClassPath$JarLoader::ensureOpen (32 bytes)
349   made zombie  java.util.ArrayList::iterator (10 bytes)
... and sometime a bit later
515   b   com.sun.media.sound.ModelPatch::isPercussion (5 bytes)
 [0x3b1ebd0-0x3b1eced): com.sun.media.sound.ModelPatch::isPercussion (285 bytes code)
516   b   javax.sound.midi.Patch::getProgram (5 bytes)
 [0x3b1ed50-0x3b1ee6c): javax.sound.midi.Patch::getProgram (284 bytes code)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7fe5b70 (LWP 32608)]
0x03ac3bb5 in ?? ()
(gdb) disassemble 0x3ac3b10,0x3ac3bba <---------- this are the jit memory
                  region for [0x3ac3b10-0x3ac3bba):
                  com.sun.media.sound.EmergencySoundbank::createSoundbank

Dump of assembler code from 0x3ac3b10 to 0x3ac3bba: 
   0x03ac3b10:	cmp    %bh,%ch
   0x03ac3b12:	stos   %eax,%es:(%edi)
   0x03ac3b13:	add    %esp,%edi
   0x03ac3b15:	inc    %edx
   0x03ac3b16:	lods   %ds:(%esi),%al
   0x03ac3b17:	add    %ebp,%ecx
   0x03ac3b19:	int    $0xcd
   0x03ac3b1b:	int    $0xcd

... (a large chunk of the jited memory region are filled with 0xcdcdcdcd) why?

   0x03ac3bb3:	int    $0xcd
=> 0x03ac3bb5:	int    $0xcd
   0x03ac3bb7:	int    $0xb0
   0x03ac3bb9:	add    %al,(%eax)
End of assembler dump.
Comment 1 Xerxes Rånby 2010-05-05 12:03:34 UTC 
backtrace on ia32
(gdb) bt
#0  0x03ac3bb5 in ?? ()
#1  0x003b68c7 in ZeroEntry::invoke (recurse=0, __the_thread__=0x17b4290) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/entry_zero.hpp:54
#2  Interpreter::invoke_method (recurse=0, __the_thread__=0x17b4290) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/interpreter_zero.hpp:28
#3  CppInterpreter::main_loop (recurse=0, __the_thread__=0x17b4290) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp:110
#4  0x003b6adc in CppInterpreter::normal_entry (method=0xb402ee70, UNUSED=24727876, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp:60
#5  0x03a9110d in com.sun.media.sound.SoftSynthesizer_3A__3A_openStream ()
#6  0x003b68c7 in ZeroEntry::invoke (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/entry_zero.hpp:54
#7  Interpreter::invoke_method (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/interpreter_zero.hpp:28
#8  CppInterpreter::main_loop (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp:110
#9  0x005879f3 in SharkRuntime::uncommon_trap (thread=0x8070d80, trap_request=47) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/shark/sharkRuntime.cpp:233
#10 0x03a9001f in ?? ()
#11 0x003b68c7 in ZeroEntry::invoke (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/entry_zero.hpp:54
#12 Interpreter::invoke_method (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/interpreter_zero.hpp:28
#13 CppInterpreter::main_loop (recurse=0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/cppInterpreter_zero.cpp:110
#14 0x005879f3 in SharkRuntime::uncommon_trap (thread=0x8070d80, trap_request=7) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/shark/sharkRuntime.cpp:233
#15 0x03a8b59b in ?? ()
#16 0x005a35a5 in ZeroEntry::invoke (call_wrapper=0xb7fe50cc, result=0xb7fe52f0, result_type=T_INT, method=0xb401f9e8, 
    entry_point=0x93e93848 "\"*`\234\254)\315?F\216\366\004C(\276?\254{\233\310\370\377\263\277\327n\337\302\366Mʿ\206#\352\340S\316ǿ菕N2v\276\277\230g6\t(?\262\277\314\064CY#t\235?p\265\224NY\223\304?\302\327\071\352Ը\301?\004\201\317\304", <incomplete sequence \355>, parameters=0xb7fe51c4, parameter_words=1, __the_thread__=0x17d1810) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/entry_zero.hpp:54
#17 Interpreter::invoke_method (call_wrapper=0xb7fe50cc, result=0xb7fe52f0, result_type=T_INT, method=0xb401f9e8, 
    entry_point=0x93e93848 "\"*`\234\254)\315?F\216\366\004C(\276?\254{\233\310\370\377\263\277\327n\337\302\366Mʿ\206#\352\340S\316ǿ菕N2v\276\277\230g6\t(?\262\277\314\064CY#t\235?p\265\224NY\223\304?\302\327\071\352Ը\301?\004\201\317\304", <incomplete sequence \355>, parameters=0xb7fe51c4, parameter_words=1, __the_thread__=0x17d1810) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/interpreter_zero.hpp:28
#18 StubGenerator::call_stub (call_wrapper=0xb7fe50cc, result=0xb7fe52f0, result_type=T_INT, method=0xb401f9e8, 
    entry_point=0x93e93848 "\"*`\234\254)\315?F\216\366\004C(\276?\254{\233\310\370\377\263\277\327n\337\302\366Mʿ\206#\352\340S\316ǿ菕N2v\276\277\230g6\t(?\262\277\314\064CY#t\235?p\265\224NY\223\304?\302\327\071\352Ը\301?\004\201\317\304", <incomplete sequence \355>, parameters=0xb7fe51c4, parameter_words=1, __the_thread__=0x17d1810) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/cpu/zero/vm/stubGenerator_zero.cpp:67
#19 0x00441fa7 in JavaCalls::call_helper (result=0xb7fe52ec, m=0xb7fe5174, args=0xb7fe51c0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/runtime/javaCalls.cpp:387
#20 0x00516e34 in os::os_exception_wrapper (f=0x441d10 <JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)>, value=0xb7fe52ec, method=0xb7fe5174, args=0xb7fe51c0, thread=0x8070d80)
    at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/os/linux/vm/os_linux.cpp:4035
#21 0x00440d9c in JavaCalls::call (result=0xb7fe52ec, method=..., args=0xb7fe51c0, __the_thread__=0x8070d80) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/runtime/javaCalls.cpp:293
#22 0x0044d9d1 in jni_invoke_static (env=<value optimized out>, result=<value optimized out>, receiver=0x0, call_type=JNI_STATIC, method_id=0x80c04f8, args=0xb7fe52c0, __the_thread__=0x8070d80)
    at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/prims/jni.cpp:1008
#23 0x0045c080 in jni_CallStaticVoidMethod (env=0x8070e8c, cls=0x8073104, methodID=0x80c04f8) at /home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/hotspot/src/share/vm/prims/jni.cpp:1580
#24 0x0804b12d in JavaMain (_args=0xbfffc190) at ../../../../src/share/bin/java.c:614
#25 0x0014796e in start_thread (arg=0xb7fe5b70) at pthread_create.c:300
#26 0x00232a0e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
(gdb)
Comment 2 Xerxes Rånby 2010-05-05 12:08:48 UTC 
Created attachment 334 [details]
hs_err_pid32578.log crash log
Comment 3 Xerxes Rånby 2010-05-05 15:08:39 UTC 
The problem are that a method still in use can be marked as a zombie.

The sigsegv happens when shark jumps to a method that have been marked as a zombie and flushed by the jvm.

Workaround:
run shark with the 
-XX:-MethodFlushing JVM option
Comment 4 Gary Benson 2010-05-06 09:12:15 UTC 
Ok, I know what this is:

  void SharkTopLevelBlock::do_trap(int trap_request) {
    decache_for_trap();
    builder()->CreateCall2(
      builder()->uncommon_trap(),
      thread(),
      LLVMValue::jint_constant(trap_request));
    builder()->CreateRetVoid();
  }

When the method is deoptimized, SharkRuntime::uncommon_trap (the method referenced here by builder()->uncommon_trap() calls the interpreter, which does not return until the method itself does.  builder()->uncommon_trap() does not return until the interpreter does, so the Shark compiled method does not return until builder()->uncommon_trap() does.  The LLVM-compiled code is live, but invisible to HotSpot.
Comment 5 Gary Benson 2010-05-06 14:07:10 UTC 
icedtea.classpath.org/hg/shark/hotspot/rev/e29b8494af09 fixes this.  It will break the ARM interpreter though, so it can't be backported to icedtea6 right away.
Comment 6 Gary Benson 2010-05-14 12:58:10 UTC 
Fixed in icedtea6-d2cf98636cb7
Comment 7 Xerxes Rånby 2010-05-21 08:24:38 UTC 
*** Bug 457 has been marked as a duplicate of this bug. ***
First Last Prev Next    This bug is not in your last search results.

Related searches:
thread icedtea openjdk hotspot method
gipoco.com is neither affiliated with the authors of this page nor responsible for its contents. This is a safe-cache copy of the original web site.