BZ #69: segfault in replace_create_replacement_points

Status fields:

creation_ts:2008-05-19 14:48
component:jit
version:default branch
rep_platform:x86_64
op_sys:Linux
bug_status:RESOLVED
resolution:FIXED
reporter:twisti@complang.tuwien.ac.at 
This changeset breaks replacement-point generation:

http://mips.complang.tuwien.ac.at/hg/cacao/rev/3497103d748b

I think the actual failing changeset is this:

http://mips.complang.tuwien.ac.at/hg/cacao/rev/3224e4058498

but it does not build.

Configure options are:

./configure --enable-maintainer-mode --with-classpath-
prefix=/home/cthalinger/install/classpath --enable-disassembler --enable-inlining
--enable-memcheck --enable-replacement --enable-profiling --enable-ssa --enable-
statistics

Here is the backtrace:

(gdb) bt
#0  0x00002b8ed329d1d5 in raise () from /lib/libc.so.6
#1  0x00002b8ed329e680 in abort () from /lib/libc.so.6
#2  0x00002b8ed36376e3 in system_abort () at ../../src/vmcore/system.h:90
#3  0x00002b8ed36376d8 in vm_abort (text=0x2b8ed36d0318 "Exiting...") at vm.c:2033
#4  0x00002b8ed363f47d in methodtree_find (pc=0x2b8ed364678b) at methodtree.c:204
#5  0x00002b8ed3661cd3 in md_codegen_get_pv_from_pc (ra=0x2b8ed364678b) at
../../../src/vm/jit/x86_64/md.h:72
#6  0x00002b8ed3661b85 in stacktrace_stackframeinfo_add (sfi=0x7fffd87bce80, pv=0x0,
sp=0x7fffd87bd3b0 "�{�\177",
    ra=0x2b8ed364678b "\213@P;E�\177�\213\205p���H\213@\030H\211E�H\213\205p���\213@\024
Hc�\211��\002H\001��\003H\003E�H\211E�\213\205|���\211E�213\205|���\211E��\003",
    xpc=0x2b8ed364678b "\213@P;E�\177�\213\205p���H\213@\030H\211E�H\213\205p���\213@\02
4Hc�\211��\002H\001��\003H\003E�H\211E�\213\205|���\211E�213\205|���\211E��\003") at
stacktrace.c:120
#7  0x00002b8ed3663d67 in trap_handle (type=0, val=0, pv=0x0, sp=0x7fffd87bd3b0,
ra=0x2b8ed364678b, xpc=0x2b8ed364678b, context=0x7fffd87bcf70) at trap.c:143
#8  0x00002b8ed36ac432 in md_signal_handler_sigsegv (sig=11, siginfo=0x7fffd87bd0a0,
_p=0x7fffd87bcf70) at md-os.c:184
#9  <signal handler called>
#10 0x00002b8ed364678b in replace_create_replacement_points (jd=0xa3cc80) at
replace.c:464
#11 0x00002b8ed3697f97 in codegen_emit (jd=0xa3cc80) at codegen.c:303
#12 0x00002b8ed363a331 in codegen_generate (jd=0xa3cc80) at codegen-common.c:274
#13 0x00002b8ed363e8e6 in jit_compile_intern (jd=0xa3cc80) at jit.c:834
#14 0x00002b8ed363e160 in jit_compile (m=0x9d0760) at jit.c:413
#15 0x00002b8ed363893f in vm_call_method_valist (m=0x9d0760, o=0x654f80,
ap=0x7fffd87bd7a0) at vm.c:2497
#16 0x00002b8ed363850e in vm_call_method (m=0x9d0760, o=0x654f80) at vm.c:2459
#17 0x00002b8ed36245c9 in thread_create_object (t=0x643e00, name=0x650f28,
group=0x64ff88) at thread.c:279
#18 0x00002b8ed3624733 in thread_create_initial_thread () at thread.c:452
#19 0x00002b8ed3624500 in threads_init () at thread.c:212
#20 0x00002b8ed3636e2a in vm_create (vm_args=0x602010) at vm.c:1530
#21 0x00002b8ed3635fec in vm_createjvm (p_vm=0x7fffd87bda08, p_env=0x7fffd87bda00,
vm_args=0x602010) at vm.c:720
#22 0x0000000000400b51 in main (argc=1, argv=0x7fffd87bdb38) at cacao.c:161

Comment #1 by twisti@complang.tuwien.ac.at on 2008-05-19 14:51:45

--disable-ssa "fixes" the problem.

Comment #2 by twisti@complang.tuwien.ac.at on 2008-05-28 10:13:36

Peter, I assign this one to you.

Comment #3 by pm@complang.tuwien.ac.at on 2008-06-01 17:38:57

Fixed in http://mips.complang.tuwien.ac.at/hg/cacao/rev/76f979c4a7dc (changeset 8191).