JDK-8288719: [arm32] SafeFetch32 thumb interleaving causes random crashes

[tstuefe]

After JDK-8284997 delivered just a bandaid, this is hopefully the real fix.

JDK-8283326 re-implemented SafeFetch as static assembler functions. This broke arm: the VM would crash at random points, usually in Atomic::add(), usually right at startup. In most cases the VM could not even be built correctly, see JDK-8284997.

This was only reproducible if the VM was built natively, on a Raspberry Pi, inside an Ubuntu18-derived container. Buiding natively on Raspberry Pi OS was fine. Cross-building was fine too. The difference is the default instruction set the toolchain uses. We don't explicitly specify -mthumb or -marm, so we use the toolchain's default. That default seems to depend on how GCC itself was built. Ubuntu ships a GCC that has been built in thumb mode, thus defaulting to -mthumb, whereas Raspberry Pi OS and Fedora ship GCCs that default to -marm.

So, the VM proper is compiled either to arm or thumb code. The SafeFetch32 assembly function itself uses arm code always. Why this is I don't know for sure, I assume if I wanted thumb I need to specify .thumb_func in the assembly.

If the VM uses thumb, it needs to call SafeFetch32 with a switching branch instruction (BX). But the compiler-generated BL. The instruction set was not switched upon entering SafeFetch32 and garbage thumb code was executed. VM crashes soon after.

This seems to be a common problem when writing arm assembly by hand, the solution is specify .type function. See also [1]: "As of GCC 4.7, the .type directive is pretty much required for functions. Or, rather, it is required if you want ARM and Thumb interworking to work."

A remaining question is whether we should specify the instruction set explicitly when building on arm32, to prevent surprises like this. Preferably with a configure option.

---

Testing:

• GHAs are green, but that does not say much: they just do the usual cross building without running the executables. Even if they would run, they would be compiled with -marm and not show the default
• Both @marchof and me tested the fix with a native build on Raspberry Pi. I confirmed that the patch fixes the problem. I ran gtests, which also tests SafeFetch

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issues

• JDK-8288719: [arm32] SafeFetch32 thumb interleaving causes random crashes
• JDK-8284997: arm32 build crashes since JDK-8283326

Reviewers

• Sergey Nazarkin (@snazarkin - no project role)
• Xin Liu (@navyxliu - Committer)
• Lutz Schmidt (@RealLucy - Reviewer)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk pull/9213/head:pull/9213
$ git checkout pull/9213

Update a local copy of the PR:
$ git checkout pull/9213
$ git pull https://git.openjdk.org/jdk pull/9213/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 9213

View PR using the GUI difftool:
$ git pr show -t 9213

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/9213.diff

[bridgekeeper]

👋 Welcome back stuefe! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[tstuefe]

/solves JDK-8284997

[openjdk]

@tstuefe
Adding additional issue to solves list: 8284997: arm32 build crashes since JDK-8283326.

[openjdk]

@tstuefe The following label will be automatically applied to this pull request:

• hotspot-runtime

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[tstuefe]

/label aarch32-port

[openjdk]

@tstuefe
The label aarch32-port is not a valid label.
These labels are valid:

• serviceability
• hotspot
• hotspot-compiler
• ide-support
• kulla
• i18n
• shenandoah
• jdk
• javadoc
• security
• hotspot-runtime
• jmx
• build
• nio
• client
• core-libs
• compiler
• net
• hotspot-gc
• hotspot-jfr

[tstuefe]

/label remove hotspot_runtime
/label add hotspot

[openjdk]

@tstuefe
The label hotspot_runtime is not a valid label.
These labels are valid:

• serviceability
• hotspot
• hotspot-compiler
• ide-support
• kulla
• i18n
• shenandoah
• jdk
• javadoc
• security
• hotspot-runtime
• jmx
• build
• nio
• client
• core-libs
• compiler
• net
• hotspot-gc
• hotspot-jfr

[openjdk]

@tstuefe
The hotspot label was successfully added.

[mlbridge]

Webrevs

• 00: Full (26c2edcc)

[snazarkin]

Now I remember jdk8 aarch32 port marks assembly functions specially to handle thumb interworking. AFAIK the bug can be reproduced with overridden C(XX)FLAGS=-mthumb even with crossbuilds.
LGTM

[tstuefe]

Now I remember jdk8 aarch32 port marks assembly functions specially to handle thumb interworking. AFAIK the bug can be reproduced with overridden C(XX)FLAGS=-mthumb even with crossbuilds. LGTM

Thank you, Sergey!

I tried to reproduce this with -mthumb with a crossbuild, but was not able to pass --with-extra-cflags to a devkit crossbuild. I opened https://bugs.openjdk.org/browse/JDK-8288797 to track that.

[navyxliu]

I take a look at linux_arm directory. All functions come in pair(.global and .type function). so it's reasonable. LGTM. I am not a reviewer. we still need other reviewer to approve it.

[navyxliu]

By adding this .type directive, the compiler knows that SafeFetch32_impl is a function.
When static linker resolves it, it will update the correct branch instruction according to its target. In this case, it will use BX on Ubuntu18.04.

Is my understanding correct?

[tstuefe]

By adding this .type directive, the compiler knows that SafeFetch32_impl is a function. When static linker resolves it, it will update the correct branch instruction according to its target. In this case, it will use BX on Ubuntu18.04.

Is my understanding correct?

Correct.

[tstuefe]

I take a look at linux_arm directory. All functions come in pair(.global and .type function). so it's reasonable. LGTM. I am not a reviewer. we still need other reviewer to approve it.

Thank you, Xin!

[RealLucy]

LGTM.

[openjdk]

@tstuefe This change now passes all automated pre-integration checks.

ℹ️ This project also has non-automated pre-integration requirements. Please see the file CONTRIBUTING.md for details.

After integration, the commit message for the final commit will be:

8288719: [arm32] SafeFetch32 thumb interleaving causes random crashes
8284997: arm32 build crashes since JDK-8283326

Reviewed-by: snazarki, xliu, lucy

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 57 new commits pushed to the master branch:

• 5b583e4: Merge
• 6458ebc: 8288988: ProblemList serviceability/jvmti/vthread/ContStackDepthTest/ContStackDepthTest.java in -Xcomp mode
• 6037ccd: 8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only"
• 8fa46c8: 8288840: StructureViolationException should not link to fork method
• 7cf71bc: 8287982: Concurrent implicit attach from native threads crashes VM
• 9e2d9ac: 8288529: broken link in java.xml
• 3b1ec3e: 8288994: Incorrect @SInCE tags for @value update in JDK-8286101
• 58b6937: 8288982: JFR: Log event streaming actions
• 82c77ca: 8288926: make runtime/logging/DeoptStats.java more reliable
• d4de475: 8287868: Localized names update in COMPAT locale provider
• ... and 47 more: https://git.openjdk.org/jdk/compare/7d4df6a83f6333e0e73686b807ee5d4b0ac10cd2...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

➡️ To integrate this PR with the above commit message to the master branch, type /integrate in a new comment.

[tstuefe]

Thanks @snazarkin, @navyxliu and @RealLucy !

/integrate

[openjdk]

Going to push as commit 26c03c1.
Since your change was applied there have been 59 commits pushed to the master branch:

• a802b98: 8287760: --do-not-resolve-by-default gets overwritten if --warn-if-resolved flags is used
• bf0623b: 8286314: Trampoline not created for far runtime targets outside small CodeCache
• 5b583e4: Merge
• 6458ebc: 8288988: ProblemList serviceability/jvmti/vthread/ContStackDepthTest/ContStackDepthTest.java in -Xcomp mode
• 6037ccd: 8288846: misc tests fail "assert(ms < 1000) failed: Un-interruptable sleep, short time use only"
• 8fa46c8: 8288840: StructureViolationException should not link to fork method
• 7cf71bc: 8287982: Concurrent implicit attach from native threads crashes VM
• 9e2d9ac: 8288529: broken link in java.xml
• 3b1ec3e: 8288994: Incorrect @SInCE tags for @value update in JDK-8286101
• 58b6937: 8288982: JFR: Log event streaming actions
• ... and 49 more: https://git.openjdk.org/jdk/compare/7d4df6a83f6333e0e73686b807ee5d4b0ac10cd2...master

Your commit was automatically rebased without conflicts.

[openjdk]

@tstuefe Pushed as commit 26c03c1.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.