[Bug 3533] [IcedTea8] HotSpot generates code with unaligned stack, crashes on SSE operations

bugzilla-daemon at icedtea.classpath.org bugzilla-daemon at icedtea.classpath.org
Sun Jun 10 16:31:48 UTC 2018 

https://icedtea.classpath.org/bugzilla/show_bug.cgi?id=3533

--- Comment #36 from Maciej S. Szmigiero <mail at maciej.szmigiero.name> ---
I have dug out the i386 setup where the problem is present and tried to
build icedtea-3.8.0 there and well... it crashed at a SSE operation as usual.

Specifically the JVM entry function that is missing the stack realignment code
is InterpreterRuntime::resolve_invoke(JavaThread*, Bytecodes::Code) from
interpreterRuntime.cpp:
#0  0xf7d72232 in pthread_cond_wait () from /lib/libpthread.so.0
#1  0xf7547e8f in os::PlatformEvent::park (this=0xa3f8dc00) at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/os/linux/vm/os_linux.cpp:5860
#2  0xf752fa07 in ObjectMonitor::wait (this=0xa3c014c4, millis=0,
interruptible=interruptible at entry=false,
__the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/objectMonitor.cpp:1555
#3  0xf764d0cd in ObjectSynchronizer::waitUninterruptibly (obj=..., millis=0,
__the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/synchronizer.cpp:406
#4  0xf72be6b2 in ObjectLocker::waitUninterruptibly (__the_thread__=0xa3f8d400,
this=0xa3efec90)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/synchronizer.hpp:161
#5  InstanceKlass::initialize_impl (this_oop=this_oop at entry=...,
__the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/oops/instanceKlass.cpp:851
#6  0xf72bee5d in InstanceKlass::initialize (this=0xa42d8340,
__the_thread__=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/oops/instanceKlass.cpp:569
#7  0xf7430fb1 in LinkResolver::resolve_static_call (result=...,
resolved_klass=..., method_name=0xa6c380f8, method_signature=0xa6c286e8,
current_klass=..., 
    check_access=check_access at entry=true,
initialize_class=initialize_class at entry=true,
__the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/interpreter/linkResolver.cpp:868
#8  0xf74314b5 in LinkResolver::resolve_invokestatic (result=..., pool=...,
index=index at entry=7, __the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/interpreter/linkResolver.cpp:1532
#9  0xf7432601 in LinkResolver::resolve_invoke (result=..., recv=..., pool=...,
index=index at entry=7, byte=byte at entry=Bytecodes::_invokestatic, 
    __the_thread__=__the_thread__ at entry=0xa3f8d400) at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/interpreter/linkResolver.cpp:1504
#10 0xf72ed216 in InterpreterRuntime::resolve_invoke (thread=0xa3f8d400,
bytecode=Bytecodes::_invokestatic)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp:719
#11 0xe78e7b5f in ?? ()
#12 0xe78d0499 in ?? ()
#13 0xf72f67db in JavaCalls::call_helper (result=0xa3eff244, m=0xa3eff13c,
args=0xa3eff1b8, __the_thread__=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/javaCalls.cpp:397
#14 0xf72f418f in JavaCalls::call (__the_thread__=0xa3f8d400, args=0xa3eff1b8,
method=..., result=0xa3eff244)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/javaCalls.cpp:307
#15 JavaCalls::call_virtual (result=result at entry=0xa3eff244, spec_klass=...,
spec_klass at entry=..., name=name at entry=0xa6c26470,
signature=signature at entry=0xa6c27b30, 
    args=args at entry=0xa3eff1b8, __the_thread__=__the_thread__ at entry=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/javaCalls.cpp:204
#16 0xf72f46a4 in JavaCalls::call_virtual (result=result at entry=0xa3eff244,
receiver=..., spec_klass=..., name=0xa6c26470, signature=0xa6c27b30, 
    __the_thread__=__the_thread__ at entry=0xa3f8d400) at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/javaCalls.cpp:210
#17 0xf7343567 in thread_entry (thread=0xa3f8d400, __the_thread__=0xa3f8d400)
    at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/prims/jvm.cpp:3014
#18 0xf768b40e in JavaThread::thread_main_inner (this=0xa3f8d400) at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/runtime/thread.cpp:1699
#19 0xf7542c1a in java_start (thread=0xa3f8d400) at
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/os/linux/vm/os_linux.cpp:794
#20 0xf7d6a9fc in start_thread () from /lib/libpthread.so.0
#21 0xf7ebdd06 in clone () from /lib/libc.so.6

Disassembly of this function confirms that the stack realignment
code is missing:
Dump of assembler code for function
InterpreterRuntime::resolve_invoke(JavaThread*, Bytecodes::Code):
   0xf72ecf00 <+0>:     push   %ebp
   0xf72ecf01 <+1>:     mov    %esp,%ebp
   0xf72ecf03 <+3>:     push   %edi
   0xf72ecf04 <+4>:     push   %esi
   0xf72ecf05 <+5>:     push   %ebx
   0xf72ecf06 <+6>:     sub    $0x10dc,%esp
   0xf72ecf0c <+12>:    orl    $0x0,(%esp)
   0xf72ecf10 <+16>:    add    $0x1010,%esp
   0xf72ecf16 <+22>:    xor    %edx,%edx
   0xf72ecf18 <+24>:    call   0xf6e36ea1 <__x86.get_pc_thunk.ax>

Note the lack of a AND operation on the stack pointer.

The interpreterRuntime.cpp file does actually get compiled with
"-mstackrealign" as it is supposed to:
/usr/bin/g++ -DLINUX -D_GNU_SOURCE -DIA32 -DPRODUCT 
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/prims
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/precompiled
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/cpu/x86/vm
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/os_cpu/linux_x86/vm
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/os/linux/vm
-I/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/os/posix/vm
-I../generated -DHOTSPOT_RELEASE_VERSION="\"25.171-b11\""
-DHOTSPOT_BUILD_TARGET="\"product\"" -DHOTSPOT_BUILD_USER="\"portage\""
-DHOTSPOT_LIB_ARCH=\"i386\" -DHOTSPOT_VM_DISTRO="\"OpenJDK\""
-DDERIVATIVE_ID="\"IcedTea 3.8.0\"" -DDISTRIBUTION_ID="\"NAME=Gentoo, package
Gentoo icedtea-3.8.0\""  -DTARGET_OS_FAMILY_linux -DTARGET_ARCH_x86
-DTARGET_ARCH_MODEL_x86_32 -DTARGET_OS_ARCH_linux_x86
-DTARGET_OS_ARCH_MODEL_linux_x86_32 -DTARGET_COMPILER_gcc -DCOMPILER2
-DCOMPILER1 -DDONT_USE_PRECOMPILED_HEADER -fPIC -fno-rtti -fno-exceptions
-D_REENTRANT -fcheck-new -fvisibility=hidden -m32 -march=i586 -pipe
-fno-strict-aliasing  -g -fno-omit-frame-pointer -O3  -DVM_LITTLE_ENDIAN 
-Wpointer-arith -Wsign-compare -Wundef -Wunused-function -Wunused-value
-Wreturn-type   -O2 -march=pentium-m -pipe -fno-delete-null-pointer-checks
-fno-lifetime-dse -std=gnu++98 -mstackrealign -DDTRACE_ENABLED -c -MMD -MP -MF
../generated/dependencies/interpreterRuntime.o.d -fpch-deps -o
interpreterRuntime.o
/var/tmp/portage/dev-java/icedtea-3.8.0/work/icedtea-3.8.0/openjdk-boot/hotspot/src/share/vm/interpreter/interpreterRuntime.cpp 

If I add "-mincoming-stack-boundary=2" to compiler flags the generated code
looks like this instead:
0000af90 <InterpreterRuntime::resolve_invoke(JavaThread*, Bytecodes::Code)>:
    af90:       55                      push   %ebp
    af91:       89 e5                   mov    %esp,%ebp
    af93:       57                      push   %edi
    af94:       56                      push   %esi
    af95:       53                      push   %ebx
    af96:       83 e4 f0                and    $0xfffffff0,%esp
    af99:       81 ec d0 10 00 00       sub    $0x10d0,%esp
    af9f:       83 0c 24 00             orl    $0x0,(%esp)
    afa3:       81 c4 10 10 00 00       add    $0x1010,%esp
    afa9:       e8 fc ff ff ff          call   afaa
<InterpreterRuntime::resolve_invoke(JavaThread*, Bytecodes::Code)+0x1a>

Notice the added AND operation on the stack pointer.
Unsurprisingly, after adding this flag back IcedTea is able to build
successfully.

Once again I would like to ask you to try compiling the simple example from
comment 23 with "-mstackrealign" only.
If the compiler version you are using adds the stack realigning instruction
in that case that would explain the difference we are seeing.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/distro-pkg-dev/attachments/20180610/04512157/attachment.html>

More information about the distro-pkg-dev mailing list