[Bug 484] New: Shark jit code block "0xcdcdcdcd" wipeout Sigsegv crash

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Wed May 5 04:56:57 PDT 2010 

http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=484

           Summary: Shark jit code block "0xcdcdcdcd" wipeout Sigsegv crash
           Product: IcedTea
           Version: 6-hg
          Platform: all
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Shark
        AssignedTo: unassigned at icedtea.classpath.org
        ReportedBy: xerxes at zafena.se


Testcase:
cd openjdk/jdk/test/com/sun/media/sound/SoftReceiver
javac Send_NoteOn_AllChannels.java
java -Xcomp Send_NoteOn_AllChannels

Output:
Starting program:
/home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/build/linux-i586/j2sdk-image/bin/java
-Xcomp -XX:+SharkTraceInstalls -XX:+PrintCompilation Send_NoteOn_AllChannels
[Thread debugging using libthread_db enabled]
process 32578 is executing new program:
/home/xerxes/icedtea6-1.8-shark-llvm2.7/openjdk/build/linux-i586/j2sdk-image/bin/java
[Thread debugging using libthread_db enabled]
[New Thread 0xb7fe5b70 (LWP 32608)]
[New Thread 0x93c9ab70 (LWP 32619)]
[New Thread 0x93c19b70 (LWP 32620)]
[New Thread 0x93a98b70 (LWP 32621)]
[New Thread 0x938d1b70 (LWP 32624)]
[New Thread 0x93750b70 (LWP 32625)]
  1   b   java.lang.Thread::<init> (49 bytes)
 [0x3a64010-0x3a6440a): java.lang.Thread::<init> (1018 bytes code)
[New Thread 0x934ffb70 (LWP 32630)]
  2   b   java.lang.System::getProperty (25 bytes)
 [0x3a64460-0x3a646b2): java.lang.System::getProperty (594 bytes code)
... *363 compiled methods later*
365   b   com.sun.media.sound.EmergencySoundbank::<clinit> (885 bytes)
 [0x3ac0d10-0x3ac3abb): com.sun.media.sound.EmergencySoundbank::<clinit> (11691
bytes code)
366   b   com.sun.media.sound.EmergencySoundbank::createSoundbank (4477 bytes) 
 <-------
 [0x3ac3b10-0x3ac3bba): com.sun.media.sound.EmergencySoundbank::createSoundbank
(170 bytes code)
366   made not entrant  com.sun.media.sound.EmergencySoundbank::createSoundbank
(4477 bytes)
367   b   com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
 [0x3ac3c10-0x3ac3e59): com.sun.media.sound.SF2Soundbank::<init> (585 bytes
code)
367   made not entrant  com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
368   b   com.sun.media.sound.SF2Soundbank::setName (6 bytes)
 [0x3ac3eb0-0x3ac3fcb): com.sun.media.sound.SF2Soundbank::setName (283 bytes
code)
... wait a hundered methods later and zombies are aproaching!!!
438   b   com.sun.media.sound.SF2Layer::getRegions (5 bytes)
 [0x3ad8a30-0x3ad8b4d): com.sun.media.sound.SF2Layer::getRegions (285 bytes
code)
439   b   com.sun.media.sound.EmergencySoundbank::new_snare_drum (529 bytes)
 [0x3ad8bf0-0x3adb6b6): com.sun.media.sound.EmergencySoundbank::new_snare_drum
(10950 bytes code)
 10%  b   com.sun.media.sound.FFT::calcF4FE @ 62 (481 bytes)
 [0x3adb710-0x3adc627): com.sun.media.sound.FFT::calcF4FE (3863 bytes code)
389   made zombie  com.sun.media.sound.EmergencySoundbank::ifft (17 bytes)
381   made zombie  java.util.Random::<init> (27 bytes)
378   made zombie  java.util.Random::<clinit> (95 bytes)
372   made zombie  java.lang.Math::sqrt (5 bytes)
371   made zombie  com.sun.media.sound.EmergencySoundbank::new_bass_drum (530
bytes)
367   made zombie  com.sun.media.sound.SF2Soundbank::<init> (125 bytes)
366   made zombie  com.sun.media.sound.EmergencySoundbank::createSoundbank
(4477 bytes) <-------
361   made zombie  sun.misc.URLClassPath$JarLoader::ensureOpen (32 bytes)
349   made zombie  java.util.ArrayList::iterator (10 bytes)
... and sometime a bit later
515   b   com.sun.media.sound.ModelPatch::isPercussion (5 bytes)
 [0x3b1ebd0-0x3b1eced): com.sun.media.sound.ModelPatch::isPercussion (285 bytes
code)
516   b   javax.sound.midi.Patch::getProgram (5 bytes)
 [0x3b1ed50-0x3b1ee6c): javax.sound.midi.Patch::getProgram (284 bytes code)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb7fe5b70 (LWP 32608)]
0x03ac3bb5 in ?? ()
(gdb) disassemble 0x3ac3b10,0x3ac3bba <---------- this are the jit memory
                  region for [0x3ac3b10-0x3ac3bba):
                  com.sun.media.sound.EmergencySoundbank::createSoundbank

Dump of assembler code from 0x3ac3b10 to 0x3ac3bba: 
   0x03ac3b10:  cmp    %bh,%ch
   0x03ac3b12:  stos   %eax,%es:(%edi)
   0x03ac3b13:  add    %esp,%edi
   0x03ac3b15:  inc    %edx
   0x03ac3b16:  lods   %ds:(%esi),%al
   0x03ac3b17:  add    %ebp,%ecx
   0x03ac3b19:  int    $0xcd
   0x03ac3b1b:  int    $0xcd

... (a large chunk of the jited memory region are filled with 0xcdcdcdcd) why?

   0x03ac3bb3:  int    $0xcd
=> 0x03ac3bb5:  int    $0xcd
   0x03ac3bb7:  int    $0xb0
   0x03ac3bb9:  add    %al,(%eax)
End of assembler dump.


-- 
Configure bugmail: http://icedtea.classpath.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the distro-pkg-dev mailing list