Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8158260

PPC64: unaligned Unsafe.getInt can lead to the generation of illegal instructions

    Details

    • Subcomponent:
    • Resolved In Build:
      b127
    • CPU:
      ppc
    • Verification:
      Not verified

      Backports

        Description

        Gustavo (gromero@linux.vnet.ibm.com) reported a crash due to an illegal instruction which is caused by an unaligned memory access trough Unsafe.getInt().

          Issue Links

            Activity

            Hide
            simonis Volker Simonis added a comment - - edited
            Attached a nice stand-alone test case (UnalignedUnsafeAccess.java) provided by Hiroshi (HORII@jp.ibm.com) which reproduces the problem. Run as:

            java -Xcomp UnalignedUnsafeAccess

            this will produce the following assertion in a debug build (or a crash due to SIGILL in a product build):

            # A fatal error has been detected by the Java Runtime Environment:
            #
            # Internal Error (/usr/work/d046063/OpenJDK/jdk9-hs-comp/hotspot/src/cpu/ppc/vm/assembler_ppc.hpp:1020), pid=2485, tid=2550
            # assert((x & 0x3) == 0) failed: unaligned offset
            Show
            simonis Volker Simonis added a comment - - edited Attached a nice stand-alone test case (UnalignedUnsafeAccess.java) provided by Hiroshi ( HORII@jp.ibm.com ) which reproduces the problem. Run as: java -Xcomp UnalignedUnsafeAccess this will produce the following assertion in a debug build (or a crash due to SIGILL in a product build): # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/usr/work/d046063/OpenJDK/jdk9-hs-comp/hotspot/src/cpu/ppc/vm/assembler_ppc.hpp:1020), pid=2485, tid=2550 # assert((x & 0x3) == 0) failed: unaligned offset
            Hide
            simonis Volker Simonis added a comment -
            Gustavo provided a good explanation in his mail to the ppc-aix mailing list (http://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/2016-May/002534.html):

            The crash happens when an illegal instruction - 0xea2f0013 - is executed.

            The backtrace shows:

            Stack: [0x00003fff56030000,0x00003fff56430000], sp=0x00003fff5642b8d0, free space=4078k
            Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
            V [libjvm.so+0x162104] loadI2LNode::emit(CodeBuffer&, PhaseRegAlloc*) const+0x194
            V [libjvm.so+0x8ece28] Compile::fill_buffer(CodeBuffer*, unsigned int*)+0x4e8
            V [libjvm.so+0x368e08] Compile::Code_Gen()+0x3c8
            V [libjvm.so+0x369e04] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool)+0xf64
            V [libjvm.so+0x271380] C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0x1f0
            V [libjvm.so+0x3785a4] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xd54
            V [libjvm.so+0x379dc8] CompileBroker::compiler_thread_loop()+0x488
            V [libjvm.so+0xa5de90] compiler_thread_entry(JavaThread*, Thread*)+0x20
            V [libjvm.so+0xa690c8] JavaThread::thread_main_inner()+0x178
            V [libjvm.so+0x8c8c10] java_start(Thread*)+0x170
            C [libpthread.so.0+0x833c] start_thread+0xfc
            C [libc.so.6+0x12b014] clone+0xe4

            loadI2LNode class is generated according to the following ADL code in
            ppc.ad file:

            instruct loadI2L(iRegLdst dst, memory mem) %{
              match(Set dst (ConvI2L (LoadI mem)));
              predicate(_kids[0]->_leaf->as_Load()->is_unordered());
              ins_cost(MEMORY_REF_COST);

              format %{ "LWA $dst, $mem \t// loadI2L" %}
              size(4);
              ins_encode %{
                // TODO: PPC port $archOpcode(ppc64Opcode_lwa);
                int Idisp = $mem$$disp + frame_slots_bias($mem$$base, ra_);
                __ lwa($dst$$Register, Idisp, $mem$$base$$Register);
              %}
              ins_pipe(pipe_class_memory);
            %}

            So the generated illegal instruction comes from:
            lwa 17,17,15 (DS-form: lwa RT, DS, RA)

            As DS field must always be 4-byte aligned (i.e. DS field is always
            concatenated with 0b00), 17 as DS (middle 17 value) is illegal,
            generating the illegal instruction in question:

            11101010000000000000000000000010: LWA
            00000010001000000000000000000000: 17
            00000000000000000000000000010001: 17
            00000000000011110000000000000000: 15
            --------------------------------
            11101010001011110000000000010011: 0xEA2F0013 => Illegal instruction
            Show
            simonis Volker Simonis added a comment - Gustavo provided a good explanation in his mail to the ppc-aix mailing list ( http://mail.openjdk.java.net/pipermail/ppc-aix-port-dev/2016-May/002534.html): The crash happens when an illegal instruction - 0xea2f0013 - is executed. The backtrace shows: Stack: [0x00003fff56030000,0x00003fff56430000], sp=0x00003fff5642b8d0, free space=4078k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x162104] loadI2LNode::emit(CodeBuffer&, PhaseRegAlloc*) const+0x194 V [libjvm.so+0x8ece28] Compile::fill_buffer(CodeBuffer*, unsigned int*)+0x4e8 V [libjvm.so+0x368e08] Compile::Code_Gen()+0x3c8 V [libjvm.so+0x369e04] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool)+0xf64 V [libjvm.so+0x271380] C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0x1f0 V [libjvm.so+0x3785a4] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xd54 V [libjvm.so+0x379dc8] CompileBroker::compiler_thread_loop()+0x488 V [libjvm.so+0xa5de90] compiler_thread_entry(JavaThread*, Thread*)+0x20 V [libjvm.so+0xa690c8] JavaThread::thread_main_inner()+0x178 V [libjvm.so+0x8c8c10] java_start(Thread*)+0x170 C [libpthread.so.0+0x833c] start_thread+0xfc C [libc.so.6+0x12b014] clone+0xe4 loadI2LNode class is generated according to the following ADL code in ppc.ad file: instruct loadI2L(iRegLdst dst, memory mem) %{   match(Set dst (ConvI2L (LoadI mem)));   predicate(_kids[0]->_leaf->as_Load()->is_unordered());   ins_cost(MEMORY_REF_COST);   format %{ "LWA $dst, $mem \t// loadI2L" %}   size(4);   ins_encode %{     // TODO: PPC port $archOpcode(ppc64Opcode_lwa);     int Idisp = $mem$$disp + frame_slots_bias($mem$$base, ra_);     __ lwa($dst$$Register, Idisp, $mem$$base$$Register);   %}   ins_pipe(pipe_class_memory); %} So the generated illegal instruction comes from: lwa 17,17,15 (DS-form: lwa RT, DS, RA) As DS field must always be 4-byte aligned (i.e. DS field is always concatenated with 0b00), 17 as DS (middle 17 value) is illegal, generating the illegal instruction in question: 11101010000000000000000000000010: LWA 00000010001000000000000000000000: 17 00000000000000000000000000010001: 17 00000000000011110000000000000000: 15 -------------------------------- 11101010001011110000000000010011: 0xEA2F0013 => Illegal instruction
            Hide
            ppunegov Pavel Punegov added a comment -
            ILW = crash; Unsafe on PPC; none = HLH = P2
            Show
            ppunegov Pavel Punegov added a comment - ILW = crash; Unsafe on PPC; none = HLH = P2
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/5f3687f2143c
            User: zmajo
            Date: 2016-06-17 12:13:38 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/hs-comp/hotspot/rev/5f3687f2143c User: zmajo Date: 2016-06-17 12:13:38 +0000
            Hide
            hgupdate HG Updates added a comment -
            URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/5f3687f2143c
            User: amurillo
            Date: 2016-07-08 20:16:41 +0000
            Show
            hgupdate HG Updates added a comment - URL: http://hg.openjdk.java.net/jdk9/jdk9/hotspot/rev/5f3687f2143c User: amurillo Date: 2016-07-08 20:16:41 +0000

              People

              • Assignee:
                simonis Volker Simonis
                Reporter:
                simonis Volker Simonis
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: