Bug fixes for IcedTea 1.6 (ARM interpreter)

Mon Aug 24 06:39:18 PDT 2009

Hi,

I see that the ARM interpreter has made it into the 1.6 release which is good news!.

However, I have 4 bug fixes which I had not checked in because I did not realise it was
going into the release.

Attached below is a diff file for the 4 bug fixes.

Bug 1:
	When run to a branch safe point the Java program counter is left pointing at the
	branch destination, rather than the branch instruction. This is a theoretical bug
	only, I only found it through assertion testing. I have never observered it occur
	in real life. It will only matter if GC cares about the fact that the program
	counter saved in the interpreter state points at the destination rather than
	the branch. However, the interface is that it is supposed to run to the safe
	point which is the branch, not the branch destination.
	Note: There is a second related problem with this bug in that if for some reason
	an exception is thrown by SafepointSynchronize (eg. Out of Memory) then the
	exception would be thrown at the branch destination rather than the branch.
	The fix is to ajdust the jpc back at the branch, do the safe point and then
	update the jpc and refetch the opcode. This is done in the 1st diff at line
	1744.
Bug 2:
	The branch safe point handling code does not restore the constpool pointer.
	This is a definite bug observed during assertion testing.
	The fix is to load the constpool pointer. See 1st diff at line 1744.
Bug 3:
	wide astore does not pop the stack. A definite but rare bug.
	Fix is to make wide astore behave the same as wide fstore or wide istore
	(previously it called BytecodeInterpreter::astore but this does nothing
	special for astore). See line 3066
Bug 4:
	Native entry fails to save r6. Again a theoretical bug only observed on reading
	the code. If the caller does not need the contents of r6 then there is no
	problem.
	Fix: save r6 on entry and exit. Note the change starting at line 3709 adds
	r6 to the list of registers to be saved, but removes r3 from the list of registers.
	The reason is that r3 is not required to be saved (it is a caller save reg on ARM).
	However the stack is required to be 8 byte aligned on ARM so r3 was added to the
	register list, now that r6 is added r3 must be remove to keep the arg list
	a multiple of 8 bytes).

Note: There is at least one more known bug in the ARM interpreter which causes it to segfault
approx every 4th or 5th run of the JCK. I am currently investigating this but it is
proving very elusive.

Regards,
Ed.

--- CUT HERE ----
diff -ruNE icedtea6-1.6~/ports/hotspot/src/cpu/zero/vm/cppInterpreter_arm.S icedtea6-1.6/ports/hotspot/src/cpu/zero/vm/cppInterpreter_arm.S
--- icedtea6-1.6~/ports/hotspot/src/cpu/zero/vm/cppInterpreter_arm.S	2009-08-24 09:42:36.000000000 +0100
+++ icedtea6-1.6/ports/hotspot/src/cpu/zero/vm/cppInterpreter_arm.S	2009-08-24 10:42:26.000000000 +0100
@@ -1744,6 +1744,9 @@
 	cmp	r1, #1
 	bne	branch_no_check
 
+	sub	jpc, jpc, ip		@ Point jpc back at the branch
+	mov	tmp1, ip		@ Save offset in tmp1
+
 	ldr	r3, [istate, #ISTATE_THREAD]
 	mov	r0, sp
 	str	r3, [sp]
@@ -1752,14 +1755,16 @@
 	str	jpc, [istate, #ISTATE_BCP]
 	str	stack, [istate, #ISTATE_STACK]
 	bl	_ZN20SafepointSynchronize5blockEP10JavaThread
+	ldr	constpool, [istate, #ISTATE_CONSTANTS]
 	ldr	r0, [istate, #ISTATE_THREAD]
 	ldr	stack, [istate, #ISTATE_STACK]
+	add	constpool, constpool, #CONST_POOL_OFFSET
 	ldr	r3, [r0, #THREAD_PENDING_EXC]
 	ldr	jpc, [istate, #ISTATE_BCP]
 	cmp	r3, #0
 	ldr	locals, [istate, #ISTATE_LOCALS]
 	bne	handle_exception
-	DISPATCH_START	0
+	DISPATCH_START_REG	tmp1	@ Refetch opcode and update jpc again
 branch_no_check:
 	DISPATCH_BYTECODE
 
@@ -3061,6 +3066,7 @@
 	DISPATCH	4
 case_wide_istore:
 case_wide_fstore:
+case_wide_astore:
 	POP	r2
 	str	r2, [locals, -r1, lsl #2]
 	DISPATCH	4
@@ -3076,13 +3082,6 @@
 	sub	r1, locals, r1, lsl #2
 	stmda	r1, {r2, r3}
 	DISPATCH	4
-case_wide_astore:
-	mov	r3, r1
-	mov	r0, stack
-	mvn	r1, #0
-	mov	r2, locals
-	bl	_ZN19BytecodeInterpreter6astoreEPiiS0_i
-	DISPATCH	4
 do_wide_ret:
 	ldr	r2, [istate, #ISTATE_METHOD]
 	ldr	r2, [r2, #8]
@@ -3709,7 +3708,7 @@
 	ALIGN_CODE
 native_entry:
 	adrl	ip, dispatch_init_adcon
-	stmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, lr}
+	stmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, lr}
 @---
 	ldmia	ip, {dispatch, r7}
 	mov	r11, r0
@@ -3925,7 +3924,7 @@
 	ldr	r2, [r9, #THREAD_ACTIVE_HANDLES]
 	mov	r3, #0			@ ECN: Now that the object is safe on the Java stack
 	str	r3, [r2, #128]		@ stack, with the Thread SP updated, clear the active_handles.
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_return_short:
 	mov	r0, r0, lsl #16
 	mov	r0, r0, asr #16
@@ -3933,29 +3932,29 @@
 	str	r0, [r5, #-4]!
 .native_return_void:
 	str	r5, [r9, #THREAD_JAVA_SP]
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_return_dw:
 	stmdb	r5!, {r0, r1}
 	str	r5, [r9, #THREAD_JAVA_SP]
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_return_byte:
 	mov	r0, r0, lsl #24
 	mov	r0, r0, asr #24
 	str	r0, [r5, #-4]!
 	str	r5, [r9, #THREAD_JAVA_SP]
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_return_char:
 	mov	r0, r0, lsl #16
 	mov	r0, r0, lsr #16
 	str	r0, [r5, #-4]!
 	str	r5, [r9, #THREAD_JAVA_SP]
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_return_bool:
 	ands	r0, r0, #255
 	movne	r0, #1
 	str	r0, [r5, #-4]!
 	str	r5, [r9, #THREAD_JAVA_SP]
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 
 .native_entry_throw_stack_overflow:
 	str	r0, [r9, #THREAD_LAST_JAVA_SP]
@@ -3973,7 +3972,7 @@
 	add	r5, r5, r3, lsl #2
 	str	r5, [r9, #THREAD_JAVA_SP]
 
-	ldmfd	sp!, {r3, r4, r5, r7, r9, r10, r11, pc}
+	ldmfd	sp!, {r4, r5, r6, r7, r9, r10, r11, pc}
 .native_entry_do_special:
 	stmdb	sp!, {r0, r1}
 	mov	r0, r9


