Mon, 13 Nov 2017 15:49:42 +0800
#5963 wrong frame offset (SP) in StackOverflowError handler
Summary: push/pop before/after bang_stack_with_offset is removed. compiler/6865265/StackOverflowBug.java passed.
This patch also includes code cleanup and code style fix.
1 /*
2 * Copyright (c) 1997, 2014, Oracle and/or its affiliates. All rights reserved.
3 * Copyright (c) 2015, 2016, Loongson Technology. All rights reserved.
4 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
5 *
6 * This code is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License version 2 only, as
8 * published by the Free Software Foundation.
9 *
10 * This code is distributed in the hope that it will be useful, but WITHOUT
11 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
12 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13 * version 2 for more details (a copy is included in the LICENSE file that
14 * accompanied this code).
15 *
16 * You should have received a copy of the GNU General Public License version
17 * 2 along with this work; if not, write to the Free Software Foundation,
18 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
21 * or visit www.oracle.com if you need additional information or have any
22 * questions.
23 *
24 */
26 #include "precompiled.hpp"
27 #include "interpreter/interpreter.hpp"
28 #include "memory/resourceArea.hpp"
29 #include "oops/markOop.hpp"
30 #include "oops/method.hpp"
31 #include "oops/oop.inline.hpp"
32 #include "prims/methodHandles.hpp"
33 #include "runtime/frame.inline.hpp"
34 #include "runtime/handles.inline.hpp"
35 #include "runtime/javaCalls.hpp"
36 #include "runtime/monitorChunk.hpp"
37 #include "runtime/signature.hpp"
38 #include "runtime/stubCodeGenerator.hpp"
39 #include "runtime/stubRoutines.hpp"
40 #include "vmreg_mips.inline.hpp"
41 #ifdef COMPILER1
42 #include "c1/c1_Runtime1.hpp"
43 #include "runtime/vframeArray.hpp"
44 #endif
46 #ifdef ASSERT
47 void RegisterMap::check_location_valid() {
48 }
49 #endif
52 // Profiling/safepoint support
53 // for Profiling - acting on another frame. walks sender frames
54 // if valid.
55 // frame profile_find_Java_sender_frame(JavaThread *thread);
57 bool frame::safe_for_sender(JavaThread *thread) {
58 address sp = (address)_sp;
59 address fp = (address)_fp;
60 bool sp_safe = (sp != NULL &&
61 (sp <= thread->stack_base()) &&
62 (sp >= thread->stack_base() - thread->stack_size()));
63 bool fp_safe = (fp != NULL &&
64 (fp <= thread->stack_base()) &&
65 (fp >= thread->stack_base() - thread->stack_size()));
66 if (sp_safe && fp_safe) {
67 CodeBlob *cb = CodeCache::find_blob_unsafe(_pc);
68 // First check if frame is complete and tester is reliable
69 // Unfortunately we can only check frame complete for runtime stubs and nmethod
70 // other generic buffer blobs are more problematic so we just assume they are
71 // ok. adapter blobs never have a frame complete and are never ok.
72 if (cb != NULL && !cb->is_frame_complete_at(_pc)) {
73 if (cb->is_nmethod() || cb->is_adapter_blob() || cb->is_runtime_stub()) {
74 return false;
75 }
76 }
77 return true;
78 }
79 // Note: fp == NULL is not really a prerequisite for this to be safe to
80 // walk for c2. However we've modified the code such that if we get
81 // a failure with fp != NULL that we then try with FP == NULL.
82 // This is basically to mimic what a last_frame would look like if
83 // c2 had generated it.
84 if (sp_safe && fp == NULL) {
85 CodeBlob *cb = CodeCache::find_blob_unsafe(_pc);
86 // frame must be complete if fp == NULL as fp == NULL is only sensible
87 // if we are looking at a nmethod and frame complete assures us of that.
88 if (cb != NULL && cb->is_frame_complete_at(_pc) && cb->is_compiled_by_c2()) {
89 return true;
90 }
91 }
92 return false;
93 }
96 void frame::patch_pc(Thread* thread, address pc) {
97 if (TracePcPatching) {
98 tty->print_cr("patch_pc at address 0x%x [0x%x -> 0x%x] ", &((address *)_sp)[-1], ((address *)_sp)[-1], pc);
99 }
101 RegisterMap map((JavaThread *)thread, false);
102 frame check = ((JavaThread *)thread)->last_frame();
103 if (id() != check.id())
104 {
105 while (id() != check.sender(&map).id()) {
106 check = check.sender(&map);
107 }
108 if (check.is_interpreted_frame())
109 *(check.fp() + 1) = (intptr_t)pc;
110 else
111 ((address *)_sp)[-1] = pc;
112 }
114 _cb = CodeCache::find_blob(pc);
115 if (_cb != NULL && _cb->is_nmethod() && ((nmethod*)_cb)->is_deopt_pc(_pc)) {
116 address orig = (((nmethod*)_cb)->get_original_pc(this));
117 assert(orig == _pc, "expected original to be stored before patching");
118 _deopt_state = is_deoptimized;
119 // leave _pc as is
120 } else {
121 _deopt_state = not_deoptimized;
122 _pc = pc;
123 }
124 }
126 bool frame::is_interpreted_frame() const {
127 return Interpreter::contains(pc());
128 }
130 int frame::frame_size(RegisterMap* map) const {
131 frame sender = this->sender(map);
132 return sender.sp() - sp();
133 }
135 intptr_t* frame::entry_frame_argument_at(int offset) const {
136 // convert offset to index to deal with tsi
137 int index = (Interpreter::expr_offset_in_bytes(offset)/wordSize);
138 // Entry frame's arguments are always in relation to unextended_sp()
139 return &unextended_sp()[index];
140 }
142 // sender_sp
143 #ifdef CC_INTERP
144 intptr_t* frame::interpreter_frame_sender_sp() const {
145 assert(is_interpreted_frame(), "interpreted frame expected");
146 // QQQ why does this specialize method exist if frame::sender_sp() does same thing?
147 // seems odd and if we always know interpreted vs. non then sender_sp() is really
148 // doing too much work.
149 return get_interpreterState()->sender_sp();
150 }
152 // monitor elements
154 BasicObjectLock* frame::interpreter_frame_monitor_begin() const {
155 return get_interpreterState()->monitor_base();
156 }
158 BasicObjectLock* frame::interpreter_frame_monitor_end() const {
159 return (BasicObjectLock*) get_interpreterState()->stack_base();
160 }
162 #else // CC_INTERP
164 intptr_t* frame::interpreter_frame_sender_sp() const {
165 assert(is_interpreted_frame(), "interpreted frame expected");
166 return (intptr_t*) at(interpreter_frame_sender_sp_offset);
167 }
169 void frame::set_interpreter_frame_sender_sp(intptr_t* sender_sp) {
170 assert(is_interpreted_frame(), "interpreted frame expected");
171 int_at_put(interpreter_frame_sender_sp_offset, (intptr_t) sender_sp);
172 }
175 // monitor elements
177 BasicObjectLock* frame::interpreter_frame_monitor_begin() const {
178 return (BasicObjectLock*) addr_at(interpreter_frame_monitor_block_bottom_offset);
179 }
181 BasicObjectLock* frame::interpreter_frame_monitor_end() const {
182 BasicObjectLock* result = (BasicObjectLock*) *addr_at(interpreter_frame_monitor_block_top_offset);
183 // make sure the pointer points inside the frame
184 assert((intptr_t) fp() > (intptr_t) result, "result must < than frame pointer");
185 assert((intptr_t) sp() <= (intptr_t) result, "result must >= than stack pointer");
186 return result;
187 }
189 void frame::interpreter_frame_set_monitor_end(BasicObjectLock* value) {
190 *((BasicObjectLock**)addr_at(interpreter_frame_monitor_block_top_offset)) = value;
191 }
193 // Used by template based interpreter deoptimization
194 void frame::interpreter_frame_set_last_sp(intptr_t* sp) {
195 *((intptr_t**)addr_at(interpreter_frame_last_sp_offset)) = sp;
196 }
197 #endif // CC_INTERP
199 frame frame::sender_for_entry_frame(RegisterMap* map) const {
200 assert(map != NULL, "map must be set");
201 // Java frame called from C; skip all C frames and return top C
202 // frame of that chunk as the sender
203 JavaFrameAnchor* jfa = entry_frame_call_wrapper()->anchor();
204 assert(!entry_frame_is_first(), "next Java fp must be non zero");
205 assert(jfa->last_Java_sp() > sp(), "must be above this frame on stack");
206 map->clear();
207 assert(map->include_argument_oops(), "should be set by clear");
208 if (jfa->last_Java_pc() != NULL ) {
209 frame fr(jfa->last_Java_sp(), jfa->last_Java_fp(), jfa->last_Java_pc());
210 return fr;
211 }
212 frame fr(jfa->last_Java_sp(), jfa->last_Java_fp());
213 return fr;
214 }
216 frame frame::sender_for_interpreter_frame(RegisterMap* map) const {
217 // sp is the raw sp from the sender after adapter or interpreter extension
218 //intptr_t* sp = (intptr_t*) addr_at(sender_sp_offset);
219 intptr_t* sp = (intptr_t*) at(interpreter_frame_sender_sp_offset);
221 // This is the sp before any possible extension (adapter/locals).
222 //intptr_t* unextended_sp = interpreter_frame_sender_sp();
224 // The interpreter and compiler(s) always save EBP/RBP in a known
225 // location on entry. We must record where that location is
226 // so this if EBP/RBP was live on callout from c2 we can find
227 // the saved copy no matter what it called.
229 // Since the interpreter always saves EBP/RBP if we record where it is then
230 // we don't have to always save EBP/RBP on entry and exit to c2 compiled
231 // code, on entry will be enough.
232 #ifdef COMPILER2
233 //FIXME aoqi
234 if (map->update_map()) {
235 map->set_location(FP->as_VMReg(), (address) addr_at(link_offset));
236 }
237 #endif /* COMPILER2 */
238 return frame(sp, link(), sender_pc());
239 }
242 //------------------------------------------------------------------------------
243 // frame::verify_deopt_original_pc
244 //
245 // Verifies the calculated original PC of a deoptimization PC for the
246 // given unextended SP. The unextended SP might also be the saved SP
247 // for MethodHandle call sites.
248 #ifdef ASSERT
249 void frame::verify_deopt_original_pc(nmethod* nm, intptr_t* unextended_sp, bool is_method_handle_return) {
250 frame fr;
252 // This is ugly but it's better than to change {get,set}_original_pc
253 // to take an SP value as argument. And it's only a debugging
254 // method anyway.
255 fr._unextended_sp = unextended_sp;
257 address original_pc = nm->get_original_pc(&fr);
258 assert(nm->insts_contains(original_pc), "original PC must be in nmethod");
259 assert(nm->is_method_handle_return(original_pc) == is_method_handle_return, "must be");
260 }
261 #endif
264 //------------------------------------------------------------------------------
265 // frame::adjust_unextended_sp
266 void frame::adjust_unextended_sp() {
267 // If we are returning to a compiled MethodHandle call site, the
268 // saved_fp will in fact be a saved value of the unextended SP. The
269 // simplest way to tell whether we are returning to such a call site
270 // is as follows:
272 nmethod* sender_nm = (_cb == NULL) ? NULL : _cb->as_nmethod_or_null();
273 if (sender_nm != NULL) {
274 // If the sender PC is a deoptimization point, get the original
275 // PC. For MethodHandle call site the unextended_sp is stored in
276 // saved_fp.
277 if (sender_nm->is_deopt_mh_entry(_pc)) {
278 DEBUG_ONLY(verify_deopt_mh_original_pc(sender_nm, _fp));
279 _unextended_sp = _fp;
280 }
281 else if (sender_nm->is_deopt_entry(_pc)) {
282 DEBUG_ONLY(verify_deopt_original_pc(sender_nm, _unextended_sp));
283 }
284 else if (sender_nm->is_method_handle_return(_pc)) {
285 _unextended_sp = _fp;
286 }
287 }
288 }
290 //------------------------------sender_for_compiled_frame-----------------------
291 frame frame::sender_for_compiled_frame(RegisterMap* map) const {
292 assert(map != NULL, "map must be set");
294 // frame owned by optimizing compiler
295 assert(_cb->frame_size() >= 0, "must have non-zero frame size");
297 intptr_t* sender_sp = sender_sp = sp() + _cb->frame_size();
298 #ifdef ASSERT
299 const bool c1_compiled = _cb->is_compiled_by_c1();
300 bool native = _cb->is_nmethod() && ((nmethod*)_cb)->is_native_method();
301 if (c1_compiled && native) {
302 assert(sender_sp == fp() + frame::sender_sp_offset, "incorrect frame size");
303 }
304 #endif // ASSERT
305 // On Intel the return_address is always the word on the stack
306 // the fp in compiler points to sender fp, but in interpreter, fp points to return address,
307 // so getting sender for compiled frame is not same as interpreter frame.
308 // we hard code here temporarily
309 // spark
310 address sender_pc = (address) *(sender_sp-1);
312 intptr_t** saved_fp_addr = (intptr_t**) (sender_sp - frame::sender_sp_offset);
314 if (map->update_map()) {
315 // Tell GC to use argument oopmaps for some runtime stubs that need it.
316 // For C1, the runtime stub might not have oop maps, so set this flag
317 // outside of update_register_map.
318 map->set_include_argument_oops(_cb->caller_must_gc_arguments(map->thread()));
319 if (_cb->oop_maps() != NULL) {
320 OopMapSet::update_register_map(this, map);
321 }
323 // Since the prolog does the save and restore of epb there is no oopmap
324 // for it so we must fill in its location as if there was an oopmap entry
325 // since if our caller was compiled code there could be live jvm state in it.
326 map->set_location(FP->as_VMReg(), (address) saved_fp_addr);
327 }
328 assert(sender_sp != sp(), "must have changed");
329 return frame(sender_sp, *saved_fp_addr, sender_pc);
330 }
332 frame frame::sender(RegisterMap* map) const {
333 // Default is we done have to follow them. The sender_for_xxx will
334 // update it accordingly
335 map->set_include_argument_oops(false);
337 if (is_entry_frame()) return sender_for_entry_frame(map);
338 if (is_interpreted_frame()) return sender_for_interpreter_frame(map);
339 assert(_cb == CodeCache::find_blob(pc()),"Must be the same");
341 if (_cb != NULL) {
342 return sender_for_compiled_frame(map);
343 }
344 // Must be native-compiled frame, i.e. the marshaling code for native
345 // methods that exists in the core system.
346 return frame(sender_sp(), link(), sender_pc());
347 }
350 bool frame::interpreter_frame_equals_unpacked_fp(intptr_t* fp) {
351 assert(is_interpreted_frame(), "must be interpreter frame");
352 Method* method = interpreter_frame_method();
353 // When unpacking an optimized frame the frame pointer is
354 // adjusted with:
355 int diff = (method->max_locals() - method->size_of_parameters()) *
356 Interpreter::stackElementWords;
357 printf("^^^^^^^^^^^^^^^adjust fp in deopt fp = 0%x \n", (intptr_t)(fp - diff));
358 return _fp == (fp - diff);
359 }
361 void frame::pd_gc_epilog() {
362 // nothing done here now
363 }
365 bool frame::is_interpreted_frame_valid(JavaThread* thread) const {
366 // QQQ
367 #ifdef CC_INTERP
368 #else
369 assert(is_interpreted_frame(), "Not an interpreted frame");
370 // These are reasonable sanity checks
371 if (fp() == 0 || (intptr_t(fp()) & (wordSize-1)) != 0) {
372 return false;
373 }
374 if (sp() == 0 || (intptr_t(sp()) & (wordSize-1)) != 0) {
375 return false;
376 }
377 if (fp() + interpreter_frame_initial_sp_offset < sp()) {
378 return false;
379 }
380 // These are hacks to keep us out of trouble.
381 // The problem with these is that they mask other problems
382 if (fp() <= sp()) { // this attempts to deal with unsigned comparison above
383 return false;
384 }
386 // do some validation of frame elements
388 // first the method
390 Method* m = *interpreter_frame_method_addr();
392 // validate the method we'd find in this potential sender
393 if (!m->is_valid_method()) return false;
395 // stack frames shouldn't be much larger than max_stack elements
397 //if (fp() - sp() > 1024 + m->max_stack()*Interpreter::stackElementSize()) {
398 if (fp() - sp() > 4096) { // stack frames shouldn't be large.
399 return false;
400 }
402 // validate bci/bcx
404 intptr_t bcx = interpreter_frame_bcx();
405 if (m->validate_bci_from_bcx(bcx) < 0) {
406 return false;
407 }
409 // validate ConstantPoolCache*
411 ConstantPoolCache* cp = *interpreter_frame_cache_addr();
413 if (cp == NULL || !cp->is_metaspace_object()) return false;
415 // validate locals
417 address locals = (address) *interpreter_frame_locals_addr();
419 if (locals > thread->stack_base() || locals < (address) fp()) return false;
421 // We'd have to be pretty unlucky to be mislead at this point
423 #endif // CC_INTERP
424 return true;
425 }
427 BasicType frame::interpreter_frame_result(oop* oop_result, jvalue* value_result) {
428 #ifdef CC_INTERP
429 // Needed for JVMTI. The result should always be in the interpreterState object
430 assert(false, "NYI");
431 interpreterState istate = get_interpreterState();
432 #endif // CC_INTERP
433 assert(is_interpreted_frame(), "interpreted frame expected");
434 Method* method = interpreter_frame_method();
435 BasicType type = method->result_type();
437 intptr_t* tos_addr;
438 if (method->is_native()) {
439 // Prior to calling into the runtime to report the method_exit the possible
440 // return value is pushed to the native stack. If the result is a jfloat/jdouble
441 // then ST0 is saved before EAX/EDX. See the note in generate_native_result
442 tos_addr = (intptr_t*)sp();
443 if (type == T_FLOAT || type == T_DOUBLE) {
444 // QQQ seems like this code is equivalent on the two platforms
445 #ifdef AMD64
446 // This is times two because we do a push(ltos) after pushing XMM0
447 // and that takes two interpreter stack slots.
448 tos_addr += 2 * Interpreter::stackElementWords();
449 #else
450 tos_addr += 2;
451 #endif // AMD64
452 }
453 } else {
454 tos_addr = (intptr_t*)interpreter_frame_tos_address();
455 }
457 switch (type) {
458 case T_OBJECT :
459 case T_ARRAY : {
460 oop obj;
461 if (method->is_native()) {
462 #ifdef CC_INTERP
463 obj = istate->_oop_temp;
464 #else
465 obj = cast_to_oop(at(interpreter_frame_oop_temp_offset));
466 #endif // CC_INTERP
467 } else {
468 oop* obj_p = (oop*)tos_addr;
469 obj = (obj_p == NULL) ? (oop)NULL : *obj_p;
470 }
471 assert(obj == NULL || Universe::heap()->is_in(obj), "sanity check");
472 *oop_result = obj;
473 break;
474 }
475 case T_BOOLEAN : value_result->z = *(jboolean*)tos_addr; break;
476 case T_BYTE : value_result->b = *(jbyte*)tos_addr; break;
477 case T_CHAR : value_result->c = *(jchar*)tos_addr; break;
478 case T_SHORT : value_result->s = *(jshort*)tos_addr; break;
479 case T_INT : value_result->i = *(jint*)tos_addr; break;
480 case T_LONG : value_result->j = *(jlong*)tos_addr; break;
481 case T_FLOAT : {
482 #ifdef AMD64
483 value_result->f = *(jfloat*)tos_addr;
484 #else
485 if (method->is_native()) {
486 jdouble d = *(jdouble*)tos_addr; // Result was in ST0 so need to convert to jfloat
487 value_result->f = (jfloat)d;
488 } else {
489 value_result->f = *(jfloat*)tos_addr;
490 }
491 #endif // AMD64
492 break;
493 }
494 case T_DOUBLE : value_result->d = *(jdouble*)tos_addr; break;
495 case T_VOID : /* Nothing to do */ break;
496 default : ShouldNotReachHere();
497 }
499 return type;
500 }
503 intptr_t* frame::interpreter_frame_tos_at(jint offset) const {
504 int index = (Interpreter::expr_offset_in_bytes(offset)/wordSize);
505 return &interpreter_frame_tos_address()[index];
506 }
508 #ifndef PRODUCT
510 #define DESCRIBE_FP_OFFSET(name) \
511 values.describe(frame_no, fp() + frame::name##_offset, #name)
513 void frame::describe_pd(FrameValues& values, int frame_no) {
514 if (is_interpreted_frame()) {
515 DESCRIBE_FP_OFFSET(interpreter_frame_sender_sp);
516 DESCRIBE_FP_OFFSET(interpreter_frame_last_sp);
517 DESCRIBE_FP_OFFSET(interpreter_frame_method);
518 DESCRIBE_FP_OFFSET(interpreter_frame_mdx);
519 DESCRIBE_FP_OFFSET(interpreter_frame_cache);
520 DESCRIBE_FP_OFFSET(interpreter_frame_locals);
521 DESCRIBE_FP_OFFSET(interpreter_frame_bcx);
522 DESCRIBE_FP_OFFSET(interpreter_frame_initial_sp);
523 }
524 }
525 #endif
527 intptr_t *frame::initial_deoptimization_info() {
528 // used to reset the saved FP
529 return fp();
530 }
532 intptr_t* frame::real_fp() const {
533 if (_cb != NULL) {
534 // use the frame size if valid
535 int size = _cb->frame_size();
536 if (size > 0) {
537 return unextended_sp() + size;
538 }
539 }
540 // else rely on fp()
541 assert(! is_compiled_frame(), "unknown compiled frame size");
542 return fp();
543 }
545 #ifndef PRODUCT
546 // This is a generic constructor which is only used by pns() in debug.cpp.
547 frame::frame(void* sp, void* fp, void* pc) {
548 init((intptr_t*)sp, (intptr_t*)fp, (address)pc);
549 }
550 #endif