search

eclipse-openj9 / openj9

Eclipse OpenJ9: A Java Virtual Machine for OpenJDK that's optimized for small footprint, fast start-up, and high throughput. Builds on Eclipse OMR (https://github.com/eclipse/omr) and combines with the Extensions for OpenJDK for OpenJ9 repo.
Other
3.28k stars 721 forks source link

Segfault in GC_VMThreadStackSlotIterator::scanSlots with vmState=0x0002000f #14698

Closed ehrenjulzert closed 2 years ago

ehrenjulzert commented 2 years ago

Core dump: https://ibm.box.com/s/c5vptm6affrby6hcw1dym2jh9vks5mmz

This seems to be a JIT issue because when I run with -Xint the crash no longer happens

Unhandled exception
Type=Segmentation error vmState=0x0002000f
J9Generic_Signal_Number=00000018 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000080
Handler1=00007F4D102C1790 Handler2=00007F4D100BCE50 InaccessibleAddress=0000000000000000
RDI=50245C8B48FB8B4C RSI=00007F4CF61A547E RAX=0000000000000000 RBX=00007F4CD424C6F0
RCX=0C894C08247C8940 RDX=00000000001207F0 R8=0000000000000000 R9=00000000001207F0
R10=00000000001207F0 R11=AFDC22C1C74A16D8 R12=0000000000000000 R13=0000000000209700
R14=0000000000000000 R15=0000000000000000
RIP=00007F4D103039AA GS=0000 FS=0000 RSP=00007F4CD424C670
EFlags=0000000000010297 CS=0033 RBP=0000000004600002 ERR=0000000000000000
TRAPNO=000000000000000D OLDMASK=0000000000000000 CR2=0000000000000000
xmm0 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm1 00007f4c94001d08 (f: 2483035392.000000, d: 6.915283e-310)
xmm2 00007f4d0b03f9f6 (f: 184809968.000000, d: 6.915381e-310)
xmm3 00007f4d0b0695cc (f: 184980944.000000, d: 6.915381e-310)
xmm4 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm5 0000003000000020 (f: 32.000000, d: 1.018558e-312)
xmm6 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm7 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm8 0063006100760061 (f: 7733345.000000, d: 8.455939e-307)
xmm9 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm10 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm11 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm12 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm13 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm14 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm15 0000000000000000 (f: 0.000000, d: 0.000000e+00)
Module=/root/openj9-openjdk-jdk.valuetypes/build/linux-x86_64-server-release/jdk/lib/default/libj9vm29.so
Module_base_address=00007F4D10282000
Target=2_90_20220309_000000 (Linux 5.4.0-99-generic)
CPU=amd64 (8 logical CPUs) (0x3e8846000 RAM)
----------- Stack Backtrace -----------
walkStackFrames+0x99a (0x00007F4D103039AA [libj9vm29.so+0x819aa])
_ZN28GC_VMThreadStackSlotIterator9scanSlotsEP10J9VMThreadS1_PvPFvP8J9JavaVMPP8J9ObjectS2_P16J9StackWalkStatePKvEbb+0x7a (0x00007F4D0AE8B6DA [libj9gc29.so+0x436da])
_ZN14MM_RootScanner13scanOneThreadEP18MM_EnvironmentBaseP10J9VMThreadPv+0x105 (0x00007F4D0AE832B5 [libj9gc29.so+0x3b2b5])
_ZN14MM_RootScanner11scanThreadsEP18MM_EnvironmentBase+0xbf (0x00007F4D0AE821DF [libj9gc29.so+0x3a1df])
_ZN14MM_RootScanner9scanRootsEP18MM_EnvironmentBase+0x4b (0x00007F4D0AE84D1B [libj9gc29.so+0x3cd1b])
_ZN12MM_Scavenger24workThreadGarbageCollectEP22MM_EnvironmentStandard+0x36b (0x00007F4D0AFC123B [libj9gc29.so+0x17923b])
_ZN21MM_ParallelDispatcher16workerEntryPointEP18MM_EnvironmentBase+0x228 (0x00007F4D0AF6EED8 [libj9gc29.so+0x126ed8])
_Z23dispatcher_thread_proc2P14OMRPortLibraryPv+0x111 (0x00007F4D0AF6E6B1 [libj9gc29.so+0x1266b1])
omrsig_protect+0x2b1 (0x00007F4D100BDC51 [libj9prt29.so+0x29c51])
dispatcher_thread_proc+0x43 (0x00007F4D0AF6E0F3 [libj9gc29.so+0x1260f3])
thread_wrapper+0x187 (0x00007F4D1026CAF7 [libj9thr29.so+0xbaf7])
start_thread+0xd9 (0x00007F4D10544609 [libpthread.so.0+0x8609])
clone+0x43 (0x00007F4D106A0163 [libc.so.6+0x11f163])
---------------------------------------
JVMDUMP039I Processing dump event "gpf", detail "" at 2022/03/09 13:05:07 - please wait.
JVMDUMP032I JVM requested System dump using '/root/Point/core.20220309.130507.835011.0001.dmp' in response to an event
JVMDUMP010I System dump written to /root/Point/core.20220309.130507.835011.0001.dmp
JVMDUMP032I JVM requested Java dump using '/root/Point/javacore.20220309.130507.835011.0002.txt' in response to an event
JVMDUMP010I Java dump written to /root/Point/javacore.20220309.130507.835011.0002.txt
JVMDUMP032I JVM requested Snap dump using '/root/Point/Snap.20220309.130507.835011.0003.trc' in response to an event
JVMDUMP010I Snap dump written to /root/Point/Snap.20220309.130507.835011.0003.trc
JVMDUMP032I JVM requested JIT dump using '/root/Point/jitdump.20220309.130507.835011.0004.dmp' in response to an event
JVMDUMP051I JIT dump occurred in 'GC Worker' thread 0x0000000000209700
JVMDUMP010I JIT dump written to /root/Point/jitdump.20220309.130507.835011.0004.dmp
JVMDUMP013I Processed dump event "gpf", detail "".

Stack trace

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f4d1054cf08 in pthread_kill () from /lib/x86_64-linux-gnu/libpthread.so.0
(gdb) bt
#0  0x00007f4d1054cf08 in pthread_kill () from /lib/x86_64-linux-gnu/libpthread.so.0
#1  0x00007f4d100bc043 in omrdump_create (portLibrary=0x7f4d104e1380 <j9portLibrary>, filename=0x7f4cd4249e10 "/root/Point/", dumpType=<optimized out>, userData=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrosdump.c:188
#2  0x00007f4d0bc2621a in doSystemDump (agent=0x7f4d0c024b20, label=0x7f4cd4249e10 "/root/Point/", context=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/rasdump/dmpagent.c:747
#3  0x00007f4d0bc21ce9 in protectedDumpFunction (portLibrary=portLibrary@entry=0x7f4d104e1380 <j9portLibrary>, userData=userData@entry=0x7f4cd4249d70) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/rasdump/dmpagent.c:2843
#4  0x00007f4d100bdc51 in omrsig_protect (portLibrary=0x7f4d104e1380 <j9portLibrary>, fn=0x7f4d0bc21cd0 <protectedDumpFunction>, fn_arg=0x7f4cd4249d70, handler=0x7f4d0bc21cf0 <signalHandler>, handler_arg=0x0, flags=505, result=0x7f4cd4249d68)
    at /root/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrsignal.c:425
#5  0x00007f4d0bc25694 in runDumpFunction (agent=<optimized out>, label=<optimized out>, context=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/rasdump/dmpagent.c:2821
#6  0x00007f4d0bc25823 in runDumpAgent (vm=vm@entry=0x7f4d0c00f900, agent=agent@entry=0x7f4d0c024b20, context=context@entry=0x7f4cd424a2c0, state=state@entry=0x7f4cd424a2b8, detail=detail@entry=0x7f4cd424a340 "", timeNow=timeNow@entry=1646859907606)
    at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/rasdump/dmpagent.c:2751
#7  0x00007f4d0bc3ceea in triggerDumpAgents (vm=0x7f4d0c00f900, self=0x209700, eventFlags=8192, eventData=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/rasdump/trigger.c:1012
#8  0x00007f4d102c1342 in generateDiagnosticFiles (portLibrary=portLibrary@entry=0x7f4d104e1380 <j9portLibrary>, userData=userData@entry=0x7f4cd424a820) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/gphandle.c:1159
#9  0x00007f4d100bdc51 in omrsig_protect (portLibrary=0x7f4d104e1380 <j9portLibrary>, fn=0x7f4d102c11e0 <generateDiagnosticFiles>, fn_arg=0x7f4cd424a820, handler=0x7f4d102c0890 <recursiveCrashHandler>, handler_arg=0x7f4cd424a7f0, flags=505, 
    result=0x7f4cd424a7e8) at /root/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrsignal.c:425
#10 0x00007f4d102c14df in vmSignalHandler (portLibrary=0x7f4d104e1380 <j9portLibrary>, gpType=24, gpInfo=<optimized out>, userData=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/gphandle.c:833
#11 0x00007f4d100bd085 in mainSynchSignalHandler (signal=11, sigInfo=0x7f4cd424bab0, contextInfo=0x7f4cd424b980) at /root/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrsignal.c:1066
#12 <signal handler called>
#13 walkBytecodeFrame (walkState=0x7f4cd424c6f0) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/swalk.c:972
#14 walkStackFrames (currentThread=<optimized out>, walkState=0x7f4cd424c6f0) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/swalk.c:313
#15 0x00007f4d0ae8b6da in GC_VMThreadStackSlotIterator::scanSlots (vmThread=<optimized out>, walkThread=walkThread@entry=0x1aa00 <pushReflectArguments(J9VMThread*, j9object_t, j9object_t)+2144>, userData=userData@entry=0x7f4cd424c9f0, 
    oSlotIterator=oSlotIterator@entry=0x7f4d0ae839a0 <stackSlotIterator(J9JavaVM*, J9Object**, void*, J9StackWalkState*, void const*)>, includeStackFrameClassReferences=<optimized out>, trackVisibleFrameDepth=<optimized out>)
    at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_structs/VMThreadStackSlotIterator.cpp:114
#16 0x00007f4d0ae832b5 in MM_RootScanner::scanOneThread (this=0x7f4cd424cad0, env=0x7f4c94001d08, walkThread=0x1aa00 <pushReflectArguments(J9VMThread*, j9object_t, j9object_t)+2144>, localData=0x7f4cd424c9f0)
    at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:524
#17 0x00007f4d0ae821df in MM_RootScanner::scanThreads (this=0x7f4cd424cad0, env=0x7f4c94001d08) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:493
#18 0x00007f4d0ae84d1b in MM_RootScanner::scanRoots (this=0x7f4cd424cad0, env=0x7f4c94001d08) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:924
#19 0x00007f4d0afc123b in MM_ScavengerRootScanner::scanRoots (env=0x7f4c94001d08, this=0x7f4cd424cad0) at /root/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_glue_java/ScavengerRootScanner.hpp:200
#20 MM_Scavenger::workThreadGarbageCollect (this=0x7f4d0c080020, env=0x7f4c94001d08) at /root/openj9-openjdk-jdk.valuetypes/omr/gc/base/standard/Scavenger.cpp:2582
#21 0x00007f4d0af6eed8 in MM_ParallelDispatcher::workerEntryPoint (this=0x7f4d0c045e10, env=0x7f4c94001d08) at /root/openj9-openjdk-jdk.valuetypes/omr/gc/base/ParallelDispatcher.cpp:186
#22 0x00007f4d0af6e6b1 in dispatcher_thread_proc2 (portLib=portLib@entry=0x7f4d104e1380 <j9portLibrary>, info=info@entry=0x7f4d105236e0) at /root/openj9-openjdk-jdk.valuetypes/omr/gc/base/ParallelDispatcher.cpp:92
#23 0x00007f4d100bdc51 in omrsig_protect (portLibrary=0x7f4d104e1380 <j9portLibrary>, fn=0x7f4d0af6e5a0 <dispatcher_thread_proc2(OMRPortLibrary*, void*)>, fn_arg=0x7f4d105236e0, handler=0x7f4d102c1790 <structuredSignalHandlerVM>, 
    handler_arg=0x7f4d0c00f900, flags=506, result=0x7f4cd424cdc8) at /root/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrsignal.c:425
#24 0x00007f4d0af6e0f3 in dispatcher_thread_proc (info=<optimized out>) at /root/openj9-openjdk-jdk.valuetypes/omr/gc/base/ParallelDispatcher.cpp:130
#25 0x00007f4d1026caf7 in thread_wrapper (arg=0x7f4d0c6385b0) at /root/openj9-openjdk-jdk.valuetypes/omr/thread/common/omrthread.c:1724
#26 0x00007f4d10544609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#27 0x00007f4d106a0163 in clone () from /lib/x86_64-linux-gnu/libc.so.6

Reproducing

Branches used:

Code used

import jdk.internal.misc.Unsafe;

class Point {
    public static void main(String[] args) throws Throwable {
        Unsafe unsafe = Unsafe.getUnsafe();

        PointPrimitive pp = new PointPrimitive(1, 2);
        long ppOffsetX = unsafe.objectFieldOffset(PointPrimitive.class.getDeclaredField("x"));

        int count = 0;
        for (;;) {
            count++;
            if (count % 1000 == 0) { 
                System.out.println(count);
            }
            unsafe.getValue(pp, ppOffsetX, ValueTypeInt.class);
        }
    }
}

primitive class ValueTypeInt {
    ValueTypeInt(int i) {this.i = i;}
    final int i;
}

primitive class PointPrimitive {
    final ValueTypeInt x, y;

    PointPrimitive(int x, int y) { 
        this.x = new ValueTypeInt(x); 
        this.y = new ValueTypeInt(y); 
    }
}

It should crash once count reaches about 1000000

java arguments

java --add-exports java.base/jdk.internal.misc=ALL-UNNAMED --add-opens java.base/jdk.internal.misc=ALL-UNNAMED -XX:ValueTypeFlatteningThreshold=999999 -XX:+EnableArrayFlattening -Xcompressedrefs

when the -Xint argument is added the crash no longer happens

hangshao0 commented 2 years ago

I see a slightly different stack trace re-running the above test:

#12 <signal handler called>
#13 walkBytecodeFrame (walkState=0x7fedf5683730) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/swalk.c:972
#14 walkStackFrames (currentThread=<optimized out>, walkState=0x7fedf5683730) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/swalk.c:313
#15 0x00007fedf47907b6 in GC_VMThreadStackSlotIterator::scanSlots (vmThread=<optimized out>, walkThread=walkThread@entry=0x1aa00, userData=userData@entry=0x7fedf5683a40,
    oSlotIterator=oSlotIterator@entry=0x7fedf4788c50 <stackSlotIterator(J9JavaVM*, J9Object**, void*, J9StackWalkState*, void const*)>, includeStackFrameClassReferences=<optimized out>,
    trackVisibleFrameDepth=<optimized out>) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_structs/VMThreadStackSlotIterator.cpp:114
#16 0x00007fedf478875d in MM_RootScanner::scanOneThread (this=0x7fedf5683b30, env=0x7fedf0048ea8, walkThread=0x1aa00, localData=0x7fedf5683a40)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:524
#17 0x00007fedf478746f in MM_RootScanner::scanThreads (this=0x7fedf5683b30, env=0x7fedf0048ea8) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:493
#18 0x00007fedf478a032 in MM_RootScanner::scanRoots (this=0x7fedf5683b30, env=0x7fedf0048ea8) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_base/RootScanner.cpp:924
#19 0x00007fedf48d27eb in MM_ScavengerRootScanner::scanRoots (env=0x7fedf0048ea8, this=0x7fedf5683b30)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_glue_java/ScavengerRootScanner.hpp:200
#20 MM_Scavenger::workThreadGarbageCollect (this=0x7fedf0080fd0, env=0x7fedf0048ea8) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/standard/Scavenger.cpp:2582
#21 0x00007fedf487e1ce in MM_ParallelDispatcher::run (this=0x7fedf0046d10, env=0x7fedf0048ea8, task=0x7fedf5683c70, newThreadCount=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/ParallelDispatcher.cpp:588
#22 0x00007fedf48bcc0d in MM_Scavenger::scavenge (this=0x7fedf0080fd0, envBase=0x7fedf0048ea8) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/standard/Scavenger.cpp:580
#23 0x00007fedf48cad95 in MM_Scavenger::mainThreadGarbageCollect (this=0x7fedf0080fd0, envBase=0x7fedf0048ea8, allocDescription=<optimized out>, initMarkMap=<optimized out>, rebuildMarkBits=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/standard/Scavenger.cpp:4223
#24 0x00007fedf48cbed0 in MM_Scavenger::internalGarbageCollect (this=0x7fedf0080fd0, envBase=0x7fedf0048ea8, subSpace=0x7fedf008ce90, allocDescription=0x7fedf5684148)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/standard/Scavenger.cpp:4753
#25 0x00007fedf485b5d6 in MM_Collector::garbageCollect (this=0x7fedf0080fd0, env=0x7fedf0048ea8, callingSubSpace=0x7fedf008ce90, allocateDescription=0x7fedf5684148, gcCode=<optimized out>,
    objectAllocationInterface=0x7fedf00bf780, baseSubSpace=0x7fedf008ce90, context=0x0) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/Collector.cpp:500
#26 0x00007fedf4928b2d in MM_MemorySubSpaceSemiSpace::allocationRequestFailed (this=0x7fedf008ce90, env=0x7fedf0048ea8, allocateDescription=0x7fedf5684148,
    allocationType=MM_MemorySubSpace::ALLOCATION_TYPE_TLH, objectAllocationInterface=0x7fedf00bf780, baseSubSpace=<optimized out>, previousSubSpace=0x7fedf008caf0)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/MemorySubSpaceSemiSpace.cpp:137
#27 0x00007fedf490f1b8 in MM_MemorySubSpaceGeneric::allocateTLH (this=0x7fedf008caf0, env=0x7fedf0048ea8, allocDescription=0x7fedf5684148, objectAllocationInterface=0x7fedf00bf780, baseSubSpace=0x0,
    previousSubSpace=<optimized out>, shouldCollectOnFailure=true) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/MemorySubSpaceGeneric.cpp:377
#28 0x00007fedf48852d5 in MM_TLHAllocationSupport::refresh (this=this@entry=0x7fedf00bf828, env=0x7fedf0048ea8, allocDescription=allocDescription@entry=0x7fedf5684148, shouldCollectOnFailure=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/TLHAllocationSupport.cpp:239
#29 0x00007fedf48854a6 in MM_TLHAllocationSupport::allocateFromTLH (this=0x7fedf00bf828, env=<optimized out>, allocDescription=0x7fedf5684148, shouldCollectOnFailure=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/TLHAllocationSupport.cpp:310
#30 0x00007fedf48845cf in MM_TLHAllocationInterface::allocateObject (this=0x7fedf00bf780, env=0x7fedf0048ea8, allocDescription=0x7fedf5684148, memorySpace=0x7fedf0092810, shouldCollectOnFailure=true)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/TLHAllocationInterface.cpp:194
#31 0x00007fedf488a0fb in MM_AllocateInitialization::allocateAndInitializeObject (omrVMThread=<optimized out>, this=0x7fedf5684130)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/base/AllocateInitialization.hpp:201
#32 OMR_GC_AllocateObject (omrVMThread=<optimized out>, allocator=allocator@entry=0x7fedf5684130) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/gc/startup/omrgcalloc.cpp:39
--Type <RET> for more, q to quit, c to continue without paging--
#33 0x00007fedf4796291 in J9AllocateObject (vmThread=0x1aa00, clazz=0x1d6300, allocateFlags=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/gc_modron_startup/mgcalloc.cpp:414
#34 0x00007fedf5482de8 in VM_ValueTypeHelpersCompressed::getFlattenedFieldAtOffset (fastPath=<optimized out>, srcOffset=<optimized out>, srcObject=<optimized out>, returnObjectClass=0x1d6300,
    objectAllocate=..., objectAccessBarrier=..., currentThread=<optimized out>) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/ValueTypeHelpers.hpp:350
#35 VM_BytecodeInterpreterCompressed::inlUnsafeGetValue (_pc=<optimized out>, _sp=<optimized out>, this=<optimized out>)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/BytecodeInterpreter.hpp:4029
#36 VM_BytecodeInterpreterCompressed::run (this=0x7fedf5684800, vmThread=0x0) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/BytecodeInterpreter.hpp:10352
#37 0x00007fedf546a5a5 in bytecodeLoopCompressed (currentThread=<optimized out>) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/BytecodeInterpreter.inc:112
#38 0x00007fedf5523242 in c_cInterpreter () at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/build/linux-x86_64-server-release/vm/runtime/vm/xcinterp.s:158
#39 0x00007fedf53f38ef in runCallInMethod (env=0x1126b2, receiver=0x0, clazz=0x119190, methodID=0x7fedf0616d38, args=0x7fedf5684d78)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/callin.cpp:1132
#40 0x00007fedf5417919 in gpProtectedRunCallInMethod (entryArg=0x7fedf5684d30) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/jnicsup.cpp:301
#41 0x00007fedf520fc43 in omrsig_protect (portLibrary=0x7fedf5641380 <j9portLibrary>, fn=0x7fedf552e640 <signalProtectAndRunGlue>, fn_arg=0x7fedf5684cd0, handler=0x7fedf5414920 <structuredSignalHandler>,
    handler_arg=0x1aa00, flags=506, result=0x7fedf5684cc8) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/omr/port/unix/omrsignal.c:425
#42 0x00007fedf552e6dc in gpProtectAndRun (function=0x7fedf54178e0 <gpProtectedRunCallInMethod(void*)>, env=0x1aa00, args=0x7fedf5684d30)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/util/jniprotect.c:78
#43 0x00007fedf54192b4 in gpCheckCallin (env=0x1aa00, receiver=receiver@entry=0x0, cls=0x119190, methodID=0x7fedf0616d38, args=args@entry=0x7fedf5684d78)
    at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/jnicsup.cpp:489
#44 0x00007fedf54172ea in callStaticVoidMethod (env=<optimized out>, cls=<optimized out>, methodID=<optimized out>) at /root/CCM/JdkNext/openj9vt/openj9-openjdk-jdk.valuetypes/openj9/runtime/vm/jnicgen.c:384
#45 0x00007fedf58e18b6 in JavaMain (_args=<optimized out>) at src/java.base/share/native/libjli/java.c:551
#46 0x00007fedf58e4829 in ThreadJavaMain (args=<optimized out>) at src/java.base/unix/native/libjli/java_md.c:677
#47 0x00007fedf56a5609 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#48 0x00007fedf5803293 in clone () from /lib/x86_64-linux-gnu/libc.so.6

It happens in the slow path of getFlattenedFieldAtOffset(): https://github.com/eclipse-openj9/openj9/blob/e1e0401e2fc38f0ef2b0307e91318907add666e9/runtime/vm/BytecodeInterpreter.hpp#L4027-L4036

The J9Method looks incorrect:

!J9StackWalkState 0x7fedf5683730
J9StackWalkState at 0x7fedf5683730 {
  Fields for J9StackWalkState:
        0x0: struct J9StackWalkState* previous = !j9stackwalkstate 0x00000000F56838E8
        0x8: struct J9VMThread* walkThread = !j9vmthread 0x000000000001AA00
        0x10: struct J9JavaVM* javaVM = !j9javavm 0x00007FEDF000F010
        0x18: UDATA flags = 0x0000000024600002 (610271234)
        0x20: UDATA* bp = !j9x 0x0000000000119078
        0x28: UDATA* unwindSP = !j9x 0x0000000000000000
        0x30: U8* pc = !j9x 0x00007FEDF55B14A4 // "�"
        0x38: U8* nextPC = !j9x 0x00007FEDF55B14A4 // "�"
        0x40: UDATA* sp = !j9x 0x0000000000119080
        0x48: UDATA* arg0EA = !j9x 0x0000000000119080
        0x50: struct J9Method* literals = !j9method 0x00007FEDD1C74C69 // <FAULT>    < -------------- incorrect
        0x58: UDATA* walkSP = !j9x 0x0000000000119080
        0x60: UDATA argCount = 0x0000000000000000 (0)
        0x68: struct J9ConstantPool* constantPool = !j9constantpool 0x0000009024B48B40 (flags = 0x0)
        0x70: struct J9Method* method = !j9method 0x00007FEDD1C74C69 // <FAULT>    < -------------- incorrect
        0x78: struct J9JITExceptionTable* jitInfo = !j9jitexceptiontable 0x0000000000000000
...

And J9VMThread ->literals is 0x8

!J9VMThread 0x1aa00
J9VMThread at 0x1aa00 {
  Fields for J9VMThread:
        0x0: struct JNINativeInterface_* functions = !jninativeinterface_ 0x00007FEDF55EBAC0
        0x8: struct J9JavaVM* javaVM = !j9javavm 0x00007FEDF000F010
        0x10: UDATA* arg0EA = !j9x 0x0000000000119078
        0x18: UDATA* bytecodes = !j9x 0x0000000000000000
        0x20: UDATA* sp = !j9x 0x0000000000119058
        0x28: U8* pc = !j9x 0x0000000000000001
        0x30: struct J9Method* literals = !j9method 0x0000000000000008 // <FAULT>
        0x38: UDATA jitStackFrameFlags = 0x0000000040000000 (1073741824)
....
hangshao0 commented 2 years ago

So the code built a special frame and update the vm thread, then calls getFlattenedFieldAtOffset() in the slow path

https://github.com/eclipse-openj9/openj9/blob/e1e0401e2fc38f0ef2b0307e91318907add666e9/runtime/vm/BytecodeInterpreter.hpp#L4027-L4036

and then push object in the the special frame before calling J9AllocateObject(). https://github.com/eclipse-openj9/openj9/blob/245cd10a22729c572ceb588b99f884cbddc49cad/runtime/vm/ValueTypeHelpers.hpp#L349-L352

Did you see anything incorrect here ? @tajila

hangshao0 commented 2 years ago

Noticed currentThread->jitStackFrameFlags = 0x0000000040000000 (J9_SSF_JIT_NATIVE_TRANSITION_FRAME), not sure if this matters here.

hangshao0 commented 2 years ago

The incorrect j9method 0x00007FEDD1C74C69 is from: https://github.com/eclipse-openj9/openj9/blob/95981b1352fba3d7eb8787987acf4e9ad1424f34/runtime/vm/BytecodeInterpreter.hpp#L576

The method there is Unsafe.getValue(), which we don't have JIT implementation yet: https://github.com/eclipse-openj9/openj9/issues/13696

hangshao0 commented 2 years ago

@ehrenjulzert I think you should just test with -Xint currently.

tajila commented 2 years ago

@hangshao0 @hzongaro We should find out if the JIT will implement get/putValue themselves or if they would want a fastJNI version. I imagine there are some cases (small fields) where the JIT would be able to do something very optimal, but it might be expensive to cover all cases, so there might be a need for a "fallback" implementation without transitioning to the interpreter.

hangshao0 commented 2 years ago

We can revisit this later, as it currently depends on decisions on the JIT side.

hzongaro commented 2 years ago

We should find out if the JIT will implement get/putValue themselves or if they would want a fastJNI version.

Thanks for the reminder. We will take a look at this