[Kaffe] Illegal Instruction generated by kaffe JIT?

Godmar Back gback at cs.utah.edu
Wed Mar 31 10:06:24 PST 1999 

> 
> On Mar 29, 1999, Moses DeJong <dejong at cs.umn.edu> wrote:
> 
> > findNat 0x200020
> > Cannot access memory at address 0x1c.
> 
> > findNat 0x2b283c
> > tcl/lang/ArrayObject.dereferenceArrayDims;(Ltcl/lang/Interp;Ljava/lang/Object;ILtcl/lang/TclObject;
> > )Ljava/lang/Object;: 2b27f0 2b2f18
> 
> > So it seems like the problem is in the JIT compiled version of the
> > tcl/lang/ArrayObject.dereferenceArrayDims() method. Here is the
> > implementation in Java.
> 
> Either that or the method at 0x200020 was inadvertently garbage
> collected (unlikely, but possible).  You may run it with -verbosejit
> and check whether any method is JIT compiled into that address.  BTW,
> is the error reproducible or it's a Heisenbug?
> 

My guess is that we have a case of register corruption here.
0x200020 is a String "  ".  The other case Moses showed was the same.

> 
> > Does anyone know how I can focus the jit problem down to the Java
> > command that is compiled into the illegal instruction? 
> 
> You may disassemble the region around the error in the failing frame,
> and the whole caller method, to try to figure out where's the problem:
> 
> disassemble 0x200000 0x200080
> disass 0x2b27f0 0x2b2f18

If that doesn't work, use
x/<n>i 0x2b27f0
where n is a sufficiently large number.

> 
> > Is there some sort of "jit debug" option that will include this info
> > into the executable so that gdb can read it?
> 
> Unfortunately not.  This is one of the long-standing issues in my
> to-do list, but that I've never got the opportunity to start thinking
> of :-(
> 

Well, there's a jit debug option that shows the emitted code.
Try -vmdebug list for a list.  You'll see a lot of output, though.

Btw, I briefly looked at it and the code it emitted seemed right to me.
I would not be surprised if the bug is of the kind we've seen with
exception handling and signals on the x86.  Namely, a register gets
clobbered due to something, and then we do a jmp [%l7] or something
like that.

For instance, I saw a sequence
	<initialize %l7 with addr a>
	ld	[%l7], %l7
	jmp	%l7

The value of *a was correct, yet it had jumped in the middle of nowhere. 

	- Godmar

More information about the kaffe mailing list