[Bug libgcj/50053] New: [4.7 regression] SIGSEGV in natClass.cc:651

[Bug libgcj/50053] New: [4.7 regression] SIGSEGV in natClass.cc:651

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

             Bug #: 50053
           Summary: [4.7 regression] SIGSEGV in natClass.cc:651
    Classification: Unclassified
           Product: gcc
           Version: 4.7.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libgcj
        AssignedTo: unassigned@gcc.gnu.org
        ReportedBy: jojelino@gmail.com


Created attachment 24989
  --> http://gcc.gnu.org/bugzilla/attachment.cgi?id=24989
testcase,class file using -target 1.1

Reading symbols from /usr/i686-pc-mingw32/java/bin/i686-pc-mingw32-gij...done.
(gdb) r
Starting program: /usr/i686-pc-mingw32/java/bin/i686-pc-mingw32-gij -cp .
foobar -v
[New Thread 11168.0x2234]
[New Thread 11168.0x3824]

Program received signal SIGSEGV, Segmentation fault.
java::lang::Class::newInstance (this=0x1)
    at ../.././libjava/java/lang/natClass.cc:651
651       if (isPrimitive ()
(gdb) disass
Dump of assembler code for function java::lang::Class::newInstance():
   0x696c5cb0 <+0>:     push   %ebp
   0x696c5cb1 <+1>:     mov    %esp,%ebp
   0x696c5cb3 <+3>:     push   %esi
   0x696c5cb4 <+4>:     push   %ebx
   0x696c5cb5 <+5>:     mov    %ecx,%ebx
   0x696c5cb7 <+7>:     sub    $0x10,%esp
   0x696c5cba <+10>:    movl   $0x0,(%esp)
   0x696c5cc1 <+17>:    call   0x696d64a0
<java.lang.Class.memberAccessCheck(int)void>
   0x696c5cc6 <+22>:    sub    $0x4,%esp
=> 0x696c5cc9 <+25>:    cmpl   $0xffffffff,0x34(%ebx)

(gdb) bt
#0  java::lang::Class::newInstance (this=0x1)
    at ../.././libjava/java/lang/natClass.cc:651
#1  0x69d0b567 in ffi_call_win32 () at ../.././libffi/src/x86/win32.S:424
#2  0x69d0b525 in ffi_raw_call (cif=0xbf0a0c,
    fn=0x696c5cb0 <java::lang::Class::newInstance()>, rvalue=0x22f8ac,
    fake_avalue=0x22f6d0) at ../.././libffi/src/x86/ffi.c:647
#3  0x6969d056 in _Jv_InterpMethod::run (retp=0x22fa14, args=0x22fa34,
    meth=0xe12f60) at ../.././libjava/interpret-run.cc:611
#4  0x69d0b715 in ffi_closure_raw_SYSV () at ../.././libffi/src/x86/win32.S:695
#5  0x69d0b567 in ffi_call_win32 () at ../.././libffi/src/x86/win32.S:424
#6  0x69d0b525 in ffi_raw_call (cif=0xbf0b24, fn=0xe30098, rvalue=0x22fc98,
    fake_avalue=0x22fab0) at ../.././libffi/src/x86/ffi.c:647
#7  0x6969d056 in _Jv_InterpMethod::run (retp=0x22fe00, args=0x22fe20,
    meth=0xab8e60) at ../.././libjava/interpret-run.cc:611
#8  0x69d0b715 in ffi_closure_raw_SYSV () at ../.././libffi/src/x86/win32.S:695
#9  0x696bdd22 in gnu::java::lang::MainThread::call_main (this=0xbfcf60)
    at ../.././libjava/gnu/java/lang/natMainThread.cc:54
#10 0x696fb636 in gnu.java.lang.MainThread.run()void (this=@bfcf60)
    at /tmp/gcc/libjava/gnu/java/lang/MainThread.java:106
#11 0x696cc6a2 in _Jv_ThreadRun (thread=0xbfcf60)
    at ../.././libjava/java/lang/natThread.cc:335
#12 0x69684040 in _Jv_RunMain (vm_args=0x22ff30, klass=0x0,
    name=0x3d8925 "foobar", argc=0x2, argv=0x3d89f4, is_jar=0x0)
---Type <return> to continue, or q <return> to quit---
    at ../.././libjava/prims.cc:1789
#13 0x66bc6d2a in main (argc=0x5, argv=0x3d89e8) at ../.././libjava/gij.cc:333
#14 0x004010fd in __mingw_CRTStartup () at ../../.././winsup/mingw/crt1.c:244
#15 0x00000408 in ?? ()
#16 0x7ffde000 in ?? ()
#17 0x00000000 in ?? ()
(gdb) i r
eax            0x0      0x0
ecx            0x69e8d040       0x69e8d040
edx            0x0      0x0
ebx            0x1      0x1
esp            0x22f628 0x22f628
ebp            0x22f640 0x22f640
esi            0x696c5cb0       0x696c5cb0
edi            0x22f6d0 0x22f6d0
eip            0x696c5cc9       0x696c5cc9
<java::lang::Class::newInstance()+25>
eflags         0x10206  [ PF IF RF ]
cs             0x1b     0x1b
ss             0x23     0x23
ds             0x23     0x23
es             0x23     0x23
fs             0x3b     0x3b
gs             0x0      0x0
(gdb)


it is class member function, so %ecx is considered as `this`, 
but caller doesn't seem to assign `this` to %ecx.

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #1 from Richard Guenther <rguenth at gcc dot gnu.org> 2011-08-12 08:27:30 UTC ---
Try to build everything with -fno-ipa-sra -fno-ipa-cp.

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Target Milestone|---                         |4.7.0

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #2 from gee <jojelino at gmail dot com> 2011-08-12 08:59:41 UTC ---
(In reply to comment #1)
> Try to build everything with -fno-ipa-sra -fno-ipa-cp.
I understand what you meant is "append -fno-ipa-sra -fno-ipa-cp to
{C,CXX,GCJ}FLAGS when building libgcj"

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #3 from gee <jojelino at gmail dot com> 2011-08-12 11:44:58 UTC ---
using only '-fno-ipa-sra -fno-ipa-cp' didn't work too.

Reading symbols from /usr/i686-pc-mingw32/java/bin/i686-pc-mingw32-gij...done.
(gdb) r
Starting program: /usr/i686-pc-mingw32/java/bin/i686-pc-mingw32-gij -cp .
foobar --verbose
[New Thread 9260.0x2b18]
[New Thread 9260.0x3634]

Program received signal SIGSEGV, Segmentation fault.
0x6a45d594 in java::lang::Class::isPrimitive (this=0x1)
    at ../.././libjava/java/lang/Class.h:428
428           return vtable == JV_PRIMITIVE_VTABLE;
(gdb) bt
#0  0x6a45d594 in java::lang::Class::isPrimitive (this=0x1)
    at ../.././libjava/java/lang/Class.h:428
#1  0x696ca56f in java::lang::Class::newInstance (this=0x1)
    at ../.././libjava/java/lang/natClass.cc:651
#2  0x6a432d37 in ffi_call_win32 () at ../.././libffi/src/x86/win32.S:424
#3  0x6a432d13 in ffi_raw_call (cif=0xbf0a0c,
    fn=0x696ca546 <java::lang::Class::newInstance()>, rvalue=0x22e8c4,
    fake_avalue=0x22e5a0) at ../.././libffi/src/x86/ffi.c:647
#4  0x696a351f in _Jv_InterpMethod::run (retp=0x22f104, args=0x22f124,
    meth=0xe12f60) at ../.././libjava/interpret-run.cc:611
#5  0x696a2251 in _Jv_InterpMethod::run_normal (ret=0x22f104, args=0x22f124,
    __this=0xe12f60) at ../.././libjava/interpret.cc:358
#6  0x6a432ee5 in ffi_closure_raw_SYSV () at ../.././libffi/src/x86/win32.S:695
#7  0x6a432d37 in ffi_call_win32 () at ../.././libffi/src/x86/win32.S:424
#8  0x6a432d13 in ffi_raw_call (cif=0xbf0b24, fn=0xe30098, rvalue=0x22f4e0,
    fake_avalue=0x22f1c0) at ../.././libffi/src/x86/ffi.c:647
#9  0x696a351f in _Jv_InterpMethod::run (retp=0x22fd20, args=0x22fd40,
    meth=0xab8e60) at ../.././libjava/interpret-run.cc:611
#10 0x696a237a in _Jv_InterpMethod::run_class (ret=0x22fd20, args=0x22fd40,
    __this=0xab8e60) at ../.././libjava/interpret.cc:407
#11 0x6a432ee5 in ffi_closure_raw_SYSV () at ../.././libffi/src/x86/win32.S:695
#12 0x696c282c in gnu::java::lang::MainThread::call_main (this=0xbfdf60)
    at ../.././libjava/gnu/java/lang/natMainThread.cc:54
---Type <return> to continue, or q <return> to quit---
#13 0x6973c37d in gnu.java.lang.MainThread.run()void (this=@bfdf60)
    at /tmp/gcc/libjava/gnu/java/lang/MainThread.java:106
#14 0x696d4d4d in _Jv_ThreadRun (thread=0xbfdf60)
    at ../.././libjava/java/lang/natThread.cc:335
#15 0x69684e9b in _Jv_RunMain (vm_args=0x22fef4, klass=0x0,
    name=0x3d8925 "foobar", argc=0x2, argv=0x3d89fc, is_jar=0x0)
    at ../.././libjava/prims.cc:1789
#16 0x66bc24b0 in _fu0___ZN3gcj13verifyClassesE ()
    at ../.././libjava/gij.cc:333
#17 0x004010fd in __mingw_CRTStartup () at ../../.././winsup/mingw/crt1.c:244
#18 0x00000408 in ?? ()
#19 0x7ffda000 in ?? ()
#20 0x00000000 in ?? ()
(gdb) Quit
(gdb) down
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb)
Bottom (innermost) frame selected; you cannot go down.
(gdb) print vtable
Cannot access memory at address 0x35
(gdb) print this
$1 = (java::lang::Class * const) 0x1
(gdb) i r
eax            0x1      0x1
ecx            0x1      0x1
edx            0x0      0x0
ebx            0x696ca546       0x696ca546
esp            0x22e4a8 0x22e4a8
ebp            0x22e4c0 0x22e4c0
esi            0xe300bc 0xe300bc
edi            0x22e5a4 0x22e5a4
eip            0x6a45d594       0x6a45d594
<java::lang::Class::isPrimitive()+12>
eflags         0x10212  [ AF IF RF ]
cs             0x1b     0x1b
ss             0x23     0x23
ds             0x23     0x23
es             0x23     0x23
fs             0x3b     0x3b
gs             0x0      0x0
(gdb) disass
Dump of assembler code for function java::lang::Class::isPrimitive():
   0x6a45d588 <+0>:     push   %ebp
   0x6a45d589 <+1>:     mov    %esp,%ebp
   0x6a45d58b <+3>:     sub    $0x18,%esp
   0x6a45d58e <+6>:     mov    %ecx,-0xc(%ebp)
   0x6a45d591 <+9>:     mov    -0xc(%ebp),%eax
=> 0x6a45d594 <+12>:    mov    0x34(%eax),%eax
   0x6a45d597 <+15>:    cmp    $0xffffffff,%eax
   0x6a45d59a <+18>:    sete   %al
   0x6a45d59d <+21>:    leave
   0x6a45d59e <+22>:    ret
End of assembler dump.
(gdb) up
#1  0x696ca56f in java::lang::Class::newInstance (this=0x1)
    at ../.././libjava/java/lang/natClass.cc:651
651       if (isPrimitive ()
(gdb) disass
Dump of assembler code for function java::lang::Class::newInstance():
   0x696ca546 <+0>:     push   %ebp
   0x696ca547 <+1>:     mov    %esp,%ebp
   0x696ca549 <+3>:     push   %esi
   0x696ca54a <+4>:     push   %ebx
   0x696ca54b <+5>:     sub    $0x30,%esp
   0x696ca54e <+8>:     mov    %ecx,-0x1c(%ebp)
   0x696ca551 <+11>:    mov    -0x1c(%ebp),%eax
   0x696ca554 <+14>:    movl   $0x0,(%esp)
   0x696ca55b <+21>:    mov    %eax,%ecx
   0x696ca55d <+23>:    call   0x696e0e14
<java.lang.Class.memberAccessCheck(int)void>
   0x696ca562 <+28>:    sub    $0x4,%esp
   0x696ca565 <+31>:    mov    -0x1c(%ebp),%eax
   0x696ca568 <+34>:    mov    %eax,%ecx
   0x696ca56a <+36>:    call   0x6a45d588 <java::lang::Class::isPrimitive()>
=> 0x696ca56f <+41>:    test   %al,%al
   0x696ca571 <+43>:    jne    0x696ca5a5 <java::lang::Class::newInstance()+95>
   0x696ca573 <+45>:    mov    -0x1c(%ebp),%eax
   0x696ca576 <+48>:    mov    %eax,%ecx
   0x696ca578 <+50>:    call   0x6a45d568 <java::lang::Class::isInterface()>
   0x696ca57d <+55>:    test   %al,%al
   0x696ca57f <+57>:    jne    0x696ca5a5 <java::lang::Class::newInstance()+95>
---Type <return> to continue, or q <return> to quit---q
Quit
(gdb)

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[rguenth at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

Richard Guenther <rguenth at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P3                          |P4

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #4 from gee <jojelino at gmail dot com> 2011-10-22 19:33:19 UTC ---
;;
;; Full RTL generated for this function:
;;
(note 1 0 4 NOTE_INSN_DELETED)

(note 4 1 2 2 [bb 2] NOTE_INSN_BASIC_BLOCK)

(insn 2 4 3 2 (set (reg/f:SI 61 [ this ])
        (reg:SI 2 cx [ this ]))
/tmp/gcc/libjava/gnu/gcj/convert/Input_8859_1.java:19 -1
     (nil))

cx again, maybe it would be related to
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50725 except that it is compiled
without -mtune=core2 -mstackrealign.

[Bug libgcj/50053] [4.7 regression] SIGSEGV in natClass.cc:651

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #5 from gee <jojelino at gmail dot com> 2011-10-23 13:42:43 UTC ---
maybe this is related to x86_this_parameter in gcc/config/i386/i386.c
it might tell why caller push parameter to stack, whereas function prologue
treats first parameter is in %ecx when MS_ABI is default.

[Bug libgcj/50053] [4.7 regression] jc1 doesn't emit static initializer or initializer code for super class without -findirect-dispatch.

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

gee <jojelino at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[4.7 regression] SIGSEGV in |[4.7 regression] jc1
                   |natClass.cc:651             |doesn't emit static
                   |                            |initializer or initializer
                   |                            |code for super class
                   |                            |without
                   |                            |-findirect-dispatch.

--- Comment #9 from gee <jojelino at gmail dot com> 2011-12-08 19:12:48 UTC ---
;; Function () (_ZN3gnu3gcj7convert10Input_UTF8C1Ev, funcdef_no=47,
decl_uid=4320, cgraph_uid=94)

() (struct gnu.gcj.convert.Input_UTF8 * this)
{
<bb 2>:
  # DEBUG D.4331 => &gnu.gcj.convert.Input_UTF8.class$$
  # DEBUG D.4333 => &_CD_gnu_gcj_convert_Input_UTF8
  # DEBUG D.4335 => this_3(D)
  # DEBUG this => this_3(D)
  # DEBUG D.10917 => &gnu.gcj.convert.BytesToUnicode.class$$
  # DEBUG D.10918 => &_CD_gnu_gcj_convert_BytesToUnicode
  # DEBUG D.10919 => this_3(D)
  # DEBUG this => this_3(D)
  # DEBUG D.10911 => &gnu.gcj.convert.IOConverter.class$$
  # DEBUG D.10921 => &_CD_gnu_gcj_convert_IOConverter
  # DEBUG D.10913 => this_3(D)
   (this_3(D));
  # DEBUG D.4339 => this_3(D)
  this_3(D)->partial = 0;
  # DEBUG D.4342 => this_3(D)
  this_3(D)->partial_bytes_expected = 0;
  return;

}

we can see there isn't any code for {static} initializer of super classes,
isn't it design flaw?

[Bug libgcj/50053] [4.7 regression] jc1 doesn't emit static initializer or initializer code for super class without -findirect-dispatch.

[jojelino at gmail dot com]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #10 from gee <jojelino at gmail dot com> 2011-12-08 19:15:47 UTC ---
(In reply to comment #9)
whereas with -findirect-dispatch, initializer code isn't omitted. 

;; Function () (_ZN3gnu3gcj7convert10Input_UTF8C1Ev, funcdef_no=47,
decl_uid=3185, cgraph_uid=94)

() (struct gnu.gcj.convert.Input_UTF8 * this)
{
  int D.9476;
  struct java.lang.Object * D.3210;
  int #slot#2#4;
  struct java.lang.Object * D.3207;
  void * #ref#1#2;
  struct java.lang.Object * D.3203;
  void * #ref#0#0;
  int * D.9474;
  sizetype D.9473;
  int D.9472;
  void * _ref_1_2.1045;
  int * iftmp.1044;
  int * D.9467;
  sizetype D.9466;
  int D.9465;
  void * _ref_1_2.1043;
  int * iftmp.1042;
  void gnu.gcj.convert.BytesToUnicode::<T12d> (struct
gnu.gcj.convert.BytesToUnicode *) * D.9460;
  void * D.9459;
  void * _ref_1_2.1041;

<bb 2>:
  D.3203_2 = this_1(D);
  #ref#1#2_3 = D.3203_2;
  _ref_1_2.1041_4 = #ref#1#2_3;
  D.9459_5 = _atable_gnu_gcj_convert_Input_UTF8[1];
  D.9460_6 = (void gnu.gcj.convert.BytesToUnicode::<T12d> (struct
gnu.gcj.convert.BytesToUnicode *) *) D.9459_5;
  D.9460_6 (_ref_1_2.1041_4);
  D.3207_7 = this_1(D);
  #ref#1#2_8 = D.3207_7;
  #slot#2#4_9 = 0;
  _ref_1_2.1043_10 = #ref#1#2_8;
  if (_ref_1_2.1043_10 == 0B)
    goto <bb 3>;
  else
    goto <bb 4>;

<bb 3>:
  _Jv_ThrowNullPointerException ();

<bb 4>:
  iftmp.1042_11 = _ref_1_2.1043_10;
  D.9465_12 = _otable_gnu_gcj_convert_Input_UTF8[1];
  D.9466_13 = (sizetype) D.9465_12;
  D.9467_14 = iftmp.1042_11 + D.9466_13;
  *D.9467_14 = #slot#2#4_9;
  D.3210_15 = this_1(D);
  #ref#1#2_16 = D.3210_15;
  #slot#2#4_17 = 0;
  _ref_1_2.1045_18 = #ref#1#2_16;
  if (_ref_1_2.1045_18 == 0B)
    goto <bb 5>;
  else
    goto <bb 6>;

<bb 5>:
  _Jv_ThrowNullPointerException ();

<bb 6>:
  iftmp.1044_19 = _ref_1_2.1045_18;
  D.9476_20 = _otable_gnu_gcj_convert_Input_UTF8[2];
  D.9472_21 = D.9476_20;
  D.9473_22 = (sizetype) D.9472_21;
  D.9474_23 = iftmp.1044_19 + D.9473_22;
  *D.9474_23 = #slot#2#4_17;

<L4>:
  return;

}

[Bug libgcj/50053] [4.7 regression] jc1 doesn't emit static initializer or initializer code for super class without -findirect-dispatch.

[ktietz at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

Kai Tietz <ktietz at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2011-12-09
                 CC|                            |ktietz at gcc dot gnu.org
     Ever Confirmed|0                           |1

--- Comment #11 from Kai Tietz <ktietz at gcc dot gnu.org> 2011-12-09 21:27:02 UTC ---
Suggested patch for this issue (together with the pending patch for PR/51135
for C++) is:

Index: natClass.cc
===================================================================
--- natClass.cc (revision 182092)
+++ natClass.cc (working copy)
@@ -661,7 +661,7 @@
     throw new java::lang::InstantiationException (getName());

   jobject r = _Jv_AllocObject (this);
-  ((void (*) (jobject)) meth->ncode) (r);
+  ((void (__thiscall *) (jobject)) meth->ncode) (r);
   return r;
 }

It would be kind, if somebody could confirm that it fixes this issue.  I will
prepare then a final variant of this patch.

[Bug libgcj/50053] [4.7 regression] jc1 doesn't emit static initializer or initializer code for super class without -findirect-dispatch.

[ktietz at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

--- Comment #13 from Kai Tietz <ktietz at gcc dot gnu.org> 2011-12-12 10:40:32 UTC ---
Author: ktietz
Date: Mon Dec 12 10:40:27 2011
New Revision: 182225

URL: http://gcc.gnu.org/viewcvs?root=gcc&view=rev&rev=182225
Log:
        PR libgcj/50053
        * java/lang/natClass.cc (java::lang::Class::newInstance): Special case
        member-call for 32-bit IA native Window target.


Modified:
    trunk/libjava/ChangeLog
    trunk/libjava/java/lang/natClass.cc

[Bug libgcj/50053] [4.7 regression] jc1 doesn't emit static initializer or initializer code for super class without -findirect-dispatch.

[ktietz at gcc dot gnu.org]

http://gcc.gnu.org/bugzilla/show_bug.cgi?id=50053

Kai Tietz <ktietz at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED

--- Comment #14 from Kai Tietz <ktietz at gcc dot gnu.org> 2011-12-12 10:42:02 UTC ---
Fixed at revision 182225.