[11u] RFR: 8247691: [aarch64] Incorrect handling of VM exceptions in C1 deopt stub/traps

Feilong Jiang jiangfeilong at huawei.com
Fri Jan 22 06:22:46 UTC 2021 

Hi,

I'm also working on the backporting of JDK-8247691 [0] and I've had the same crash when `make install` fastdebug JDK.
Turns out that the crash was releated to the `BiasedLock`, which has been deprecated since JDK 15 but still enabled and availabe on JDK 11 [1].
According to the stacktrace, the crash happens in the function `Thread::check_for_valid_safepoint_state` (in hotspot/share/runtime/thread.cpp),
On OpenJDK 11, the statement `if (is_Java_thread() && ((JavaThread*)this)->thread_state() != _thread_in_vm)` returns true.

Since we removed the `JRT_ENTRY` of `patch_code` in Aarch64, it will not make/enable a VM transition when calling `target`.
So during the calling of the `Deopmitization::deoptimize` and it's sub routines, the thread state will always be `_thread_in_Java` (it should be `_thread_in_VM` when calling `revoke_biases_of_monitors`),
which leads to the fatal error `LEAF method calling lock?`.

The following fix works for me on OpenJDK 11u:

```
diff --git a/src/hotspot/cpu/aarch64/c1_Runtime1_aarch64.cpp b/src/hotspot/cpu/aarch64/c1_Runtime1_aarch64.cpp
index 2344e0be3c..402fe20dd2 100644
--- a/src/hotspot/cpu/aarch64/c1_Runtime1_aarch64.cpp
+++ b/src/hotspot/cpu/aarch64/c1_Runtime1_aarch64.cpp
@@ -577,7 +577,8 @@ OopMapSet* Runtime1::generate_patching(StubAssembler* sasm, address target) {
     __ verify_not_null_oop(r0);

     // load throwing pc: this is the return address of the stub
-    __ mov(r3, lr);
+    // Note that lr register has been destroyed by the call.
+    __ ldr(r3, Address(rfp, wordSize));

 #ifdef ASSERT
     // check that fields in JavaThread for exception oop and issuing pc are empty
```

Since `lr` has been destroyed by the previous call, so we could not load throwing pc from the link register directly. It could be loaded from the stack which is located at `rfp + wordSize`.


Best regards

Feilong Jiang

----

[0]: [aarch64] Incorrect handling of VM exceptions in C1 deopt stub/traps (https://bugs.openjdk.java.net/browse/JDK-8247691)
[1]: JEP 374: Disable and Deprecate Biased Locking (https://bugs.openjdk.java.net/browse/JDK-8235256)


> From martin.doerr at sap.com  Thu Jan 21 10:26:42 2021
> From: martin.doerr at sap.com (Doerr, Martin)
> Date: Thu, 21 Jan 2021 10:26:42 +0000
> Subject: [11u] RFR: 8247691: [aarch64] Incorrect handling of VM exceptions
> in C1 deopt stub/traps
> In-Reply-To: <AM4PR02MB3057E0F28320A6558C3D81279AA20 at AM4PR02MB3057.eurprd02.prod.outlook.com>
> References: <AM4PR02MB3057E0F28320A6558C3D81279AA20 at AM4PR02MB3057.eurprd02.prod.outlook.com>
> Message-ID: <AM4PR02MB3057FC293ED98B88977EB0779AA10 at AM4PR02MB3057.eurprd02.prod.outlook.com>
>
> This change doesn't seem to be ready for backport, yet.
> I've added a comment to the bug.
>
> Best regards,
> Martin

More information about the jdk-updates-dev mailing list