RFR: 8329258: TailCall should not use frame pointer register for jump target [v4]

Tobias Hartmann thartmann at openjdk.org
Thu Apr 11 10:31:09 UTC 2024 

> Applying @danielogh's patch (see description of [JDK-8329258](https://bugs.openjdk.org/browse/JDK-8329258)) to enable `StressGCM` / `StressLCM` for stub compilations triggers a crash on AArch64. The problem is that the register allocator uses `R29` (`rfp`) which is usually used for the frame pointer to hold the `TailCall` `exc_target` when generating the `_slow_arraycopy_Java` stub:
> https://github.com/openjdk/jdk/blob/6dfb8120c270a76fcba5a5c3c9ad91da3282d5fa/src/hotspot/share/opto/generateOptoStub.cpp#L258-L264
> 
> With `StressGCM` / `StressLCM` the register initialization is scheduled early and `R29` is corrupted by the `MachEpilogNode` which is opaque to the register allocator and inserted right before the `TailCall`:
> https://github.com/openjdk/jdk/blob/b49ba426a721db5926ac1b45d573d468389d479c/src/hotspot/share/opto/output.cpp#L320-L326 
> 
> 
> 028 mov R29, 0x0000ffff78cc0080 # ptr
> 
> [...]
> 
> 098     # pop frame 16
>         ldp  lr, rfp, [sp,#0]              <- Epilog kills rfp (and lr + sp)
>         add  sp, sp, #16
> 
> [...]
> 
> 0a0 br R29 # R12 holds method
> 
> 
> As a result, we jump to a "garbage" location. See [bad code](https://bugs.openjdk.org/secure/attachment/108835/BAD_slow_arraycopy_Java.txt) vs. [good code](https://bugs.openjdk.org/secure/attachment/108834/GOOD_slow_arraycopy_Java.txt).
> 
> On x86, we use `no_rbp_RegP` instead:
> https://github.com/openjdk/jdk/blob/b49ba426a721db5926ac1b45d573d468389d479c/src/hotspot/cpu/x86/x86_64.ad#L2564-L2566 https://github.com/openjdk/jdk/blob/b49ba426a721db5926ac1b45d573d468389d479c/src/hotspot/cpu/x86/x86_64.ad#L12470
> 
> I implemented the same on AArch64.
> 
> I think other platforms are affected as well but I don't have the hardware to test there. @offamitkumar (S390), @TheRealMDoerr (PPC), @RealFYang (RISC-V), @bulasevich (ARM32), could you please have a look?
> 
> I also wondered if `R29` shouldn't be a callee-save (SOE) register in the C calling convention?
> https://github.com/openjdk/jdk/blob/b49ba426a721db5926ac1b45d573d468389d479c/src/hotspot/cpu/aarch64/aarch64.ad#L139-L140 On x86_64, `RBP` is SOE:
> https://github.com/openjdk/jdk/blob/b49ba426a721db5926ac1b45d573d468389d479c/src/hotspot/cpu/x86/x86_64.ad#L86-L87
> 
> `TestTailCallInArrayCopyStub.java` will only work once [JDK-8330016](https://bugs.openjdk.org/browse/JDK-8330016) is integrated.
> 
> Thanks,
> Tobias

Tobias Hartmann has updated the pull request incrementally with one additional commit since the last revision:

  Comment adjustment

-------------

Changes:
  - all: https://git.openjdk.org/jdk/pull/18716/files
  - new: https://git.openjdk.org/jdk/pull/18716/files/160ea006..7a25848c

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=jdk&pr=18716&range=03
 - incr: https://webrevs.openjdk.org/?repo=jdk&pr=18716&range=02-03

  Stats: 4 lines in 4 files changed: 0 ins; 0 del; 4 mod
  Patch: https://git.openjdk.org/jdk/pull/18716.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/18716/head:pull/18716

PR: https://git.openjdk.org/jdk/pull/18716

More information about the hotspot-compiler-dev mailing list