at [0x000000004001a168] Lorg/jikesrvm/mm/mmtk/ScanBootImage; processChunk(Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/mmtk/plan/TraceLocal;)V at line 140
at [0x000000004001a248] Lorg/jikesrvm/mm/mmtk/ScanBootImage; scanBootImage(Lorg/mmtk/plan/TraceLocal;)V at line 79
at [0x000000004001a308] Lorg/jikesrvm/mm/mmtk/Scanning; computeBootImageRoots(Lorg/mmtk/plan/TraceLocal;)V at line 333

So, I think there's a very good chance that the problem is that the code that is building up references from the encoded bootimage map is not correct on 64 bit platforms. There are a couple of suspicious 4's and int/word conversions in org.jikesrvm.mm.mmtk.ScanBootImage.

With 2 virtual processors, it reliably dies in the first major GC with the above stack trace.

Both tests on a prototype image.

Some info:

The LOS references on the failed stacks are probably red herrings given that traceObject will throw high addresses at the PLOS, so if the address were corrupted high it would end up in the LOS code.

It seems that the code is dereferencing a mis-aligned 8 byte address (30cc7c5800000000).

It seems that this is happening during boot image scanning, and therefore is most likely happening due to one of two bugs:
a) the boot image contains a mis-aligned pointer (which the scanning code is correctly passing on)
b) the scanning code is out by four and thus seeing a misaligned value

For b) to happen, it seems that the value would have to be misaligned back at line 129 and earlier of ScanBootImage, since after that point it is only incremented by BYTES_IN_ADDRESS. However, we don't fail on line 131, which suggestes that if b) is true, we're getting a little lucky (perhaps reading zero at 129?).

It would be a good idea to throw a few assertions into ScanBootImage.processChunk(). When I get the chance I'll do that. I'm still underwater right now though.

Dave mentioned that the system ran OK with one virtual processor, but would reliably fail with > 1 virtual processor using the same build. This suggests that the boot image and map are correctly built, but who knows.

[excalibur:/homes/excalibur/dgrove/SPECjvm98] ../buildit/rvm-trunk/dist/prototype_ppc64-aix/rvm -X:processors=2 -X:verbose -verbose:gc SpecApplication -s100 -m5 -M5 -a _213_javac
JikesRVM: loading from "../buildit/rvm-trunk/dist/prototype_ppc64-aix/RVM.data.image"
JikesRVM: loading from "../buildit/rvm-trunk/dist/prototype_ppc64-aix/RVM.code.image"
JikesRVM: loading from "../buildit/rvm-trunk/dist/prototype_ppc64-aix/RVM.rmap.image"
JikesRVM: setting linkage
JikesRVM: boot record contents:
bootImageDataStart: 0000000030000000
bootImageDataEnd: 0000000031ba1000
bootImageCodeStart: 0000000034000000
bootImageCodeEnd: 00000000343e5000
bootImageRMapStart: 0000000037000000
bootImageRMapEnd: 000000003704f000
initialHeapSize: 0000000001400000
maximumHeapSize: 0000000006400000
tiRegister: 0000000000040000
spRegister: 0000000030c9f148
ipRegister: 0000000034231c90
tocRegister: 0000000030040500
sysConsoleWriteCharIP:0000000110009790
Testing faulting-address location
save->except[0]=00000000dead1234
Done testing faulting-address location
JikesRVM: calling boot thread: jtoc = 0000000030040500 pr = 00000000310a1670 tid = 262144 fp = 0000000030c9f130
JikesRVM: sysPthreadSelf: thread 1
JikesRVM: pthread_create 0x00000102
JikesRVM: sysVirtualProcessorStartup: pr=0x0000000040000040 ip=0x00000000341b78c0 fp=0x000000004148f010
JikesRVM: sysPthreadSelf: thread 258
Using a time-slice of 10 ms
Speed will be 100
Will run each benchmark at least 5 times
Will run each benchmark at most 5 times
[Forced GC][GC 1 Start 1.79 s 10720KB -> 9736KB 880.14 ms]
Caching Off Speed = 100 Auto run mode

======= _213_javac Starting =======
Run 0 start. Total memory=20971520 free memory=10899456
Javac benchmark starting...
[GC 2 Start 4.43 s 15608KB -> 11884KB 312.68 ms]
[GC 3 Start 6.31 s 16288KB -> 13136KB 233.22 ms]
[GC 4 Start 7.89 s 16856KB -> 14868KB 399.03 ms]
[GC 5 Start 9.30 s 17728KB -> 16404KB 316.50 ms]
[GC 6 Start 10.36 s 18496KB -> 17516KB 196.34 ms]
[GC 7 Start 11.10 s 19020KB -> 18324KB 175.39 ms]
[GC 8 Start 11.61 s 19432KB -> 19068KB 116.10 ms]
[GC 9 Start 11.96 s 19788KB -> 19552KB 80.59 ms]
[GC 10 Start 12.20 s 20048KB -> 19916KB 79.64 ms]
[Full heap][GC 11 Start 12.28 s 19916KB save->except[0]=30ca19bffffffff0
mem=30ca19bffffffff0
fp=000000004000ea60
pr=00000000310a1670
trap/exception: type=Segmentation fault
ip=0000000034334570
instr=0x7c64182a
exn_handler=0000000034023af8
lr=0000000034297264
pthread_self=0000000000000001
JikesRVM: internal error trap
JikesRVM: unknown seg fault

Fatal error: Unknown hardware trap within uninterruptible region.
Died in GC:
Exiting virtual machine due to uninterruptibility violation.

– Stack –
at [0x000000004000e958] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2043
at [0x000000004000e988] Lorg/jikesrvm/runtime/VM_Runtime; deliverHardwareException(II)V at line 773
at [0x000000004000ea48] <hardware trap>
at [0x000000004000ea60] Lorg/jikesrvm/objectmodel/VM_JavaHeader; readAvailableBitsWord(Ljava/lang/Object;)Lorg/vmmagic/unboxed/Word; at line 617
at [0x000000004000ea98] Lorg/jikesrvm/objectmodel/VM_ObjectModel; readAvailableBitsWord(Ljava/lang/Object;)Lorg/vmmagic/unboxed/Word; at line 504
at [0x000000004000eac8] Lorg/jikesrvm/mm/mmtk/ObjectModel; readAvailableBitsWord(Lorg/vmmagic/unboxed/ObjectReference;)Lorg/vmmagic/unboxed/Word; at line 358
at [0x000000004000eb08] Lorg/mmtk/policy/LargeObjectSpace; isInNursery(Lorg/vmmagic/unboxed/ObjectReference;)Z at line 258
at [0x000000004000eb50] Lorg/mmtk/policy/LargeObjectSpace; traceObject(Lorg/mmtk/plan/TransitiveClosure;Lorg/vmmagic/unboxed/ObjectReference;)Lorg/vmmagic/unboxed/ObjectReference; at line 166
at [0x000000004000ebc0] Lorg/mmtk/plan/generational/GenMatureTraceLocal; traceObject(Lorg/vmmagic/unboxed/ObjectReference;)Lorg/vmmagic/unboxed/ObjectReference; at line 116
at [0x000000004000ec18] Lorg/mmtk/plan/generational/marksweep/GenMSMatureTraceLocal; traceObject(Lorg/vmmagic/unboxed/ObjectReference;)Lorg/vmmagic/unboxed/ObjectReference; at line 55
at [0x000000004000ec68] Lorg/mmtk/plan/TraceLocal; traceObject(Lorg/vmmagic/unboxed/ObjectReference;Z)Lorg/vmmagic/unboxed/ObjectReference; at line 301
at [0x000000004000ecc0] Lorg/mmtk/plan/TraceLocal; processRootEdge(Lorg/vmmagic/unboxed/Address;Z)V at line 123
at [0x000000004000ed40] Lorg/jikesrvm/mm/mmtk/ScanBootImage; processChunk(Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/mmtk/plan/TraceLocal;)V at line 142
at [0x000000004000ee20] Lorg/jikesrvm/mm/mmtk/ScanBootImage; scanBootImage(Lorg/mmtk/plan/TraceLocal;)V at line 79
at [0x000000004000eee0] Lorg/jikesrvm/mm/mmtk/Scanning; computeBootImageRoots(Lorg/mmtk/plan/TraceLocal;)V at line 333
at [0x000000004000ef20] Lorg/mmtk/plan/generational/GenCollector; collectionPhase(SZ)V at line 99
at [0x000000004000ef80] Lorg/mmtk/plan/generational/marksweep/GenMSCollector; collectionPhase(SZ)V at line 143
at [0x000000004000efe0] Lorg/mmtk/plan/Phase; processPhaseStack(Z)Z at line 477
at [0x000000004000f0f0] Lorg/mmtk/plan/Phase; beginNewPhaseStack(I)Z at line 390
at [0x000000004000f138] Lorg/mmtk/plan/StopTheWorldCollector; collect()V at line 39
at [0x000000004000f168] Lorg/jikesrvm/memorymanagers/mminterface/VM_CollectorThread; run()V at line 385
at [0x000000004000f2f8] Lorg/jikesrvm/scheduler/VM_Thread; startoff()V at line 617

It seems that in the case of the stack trace which includes the boot image, only three things could now have happened (since we know the slot was aligned and yet the contents of it is misaligned when used a little while later):

a) *slot has bad stuff inside it
b) *slot is not correctly read from memory for some reason (it gets screwed up during slot.loadAddress())
c) the value gets screwed up by the ObjectReference.toObject() conversion.

I can try throwing in a few more assertions to narrow this down further.

--Steve

[excalibur:/homes/excalibur/dgrove/SPECjvm98] ../buildit/rvm-trunk/dist/BaseBaseSemiSpace_ppc64-aix/rvm -verbose:gc -X:processors=2 SpecApplication -s100 -m5 -M5 -a _213_javac
Speed will be 100
Will run each benchmark at least 5 times
Will run each benchmark at most 5 times
[Forced GC][GC 1 Start 1.67 s 10460KB validRef: REF outside heap, ref = 0x30c8974000000000
Key: (I)mmortal (N)onmoving (D)iscontiguous (E)xtent (F)raction
HEAP_START 0x0000000030000000
AVAILABLE_START 0x0000000035800000
boot IN 0x0000000030000000->0x000000003fffffff E 0x0000000010000000
immortal IND [0x0000000040000000->0x00000000403fffff]
meta ND [0x0000000042000000->0x00000000423fffff]
los ND [0x0000000041400000->0x00000000417fffff]
plos N 0x00000000c5000000->0x00000000cfffffff F 0.07
sanity ND []
non-moving ND [0x0000000041000000->0x00000000413fffff]
sm-code ND [0x0000000040800000->0x0000000040bfffff]
lg-code ND [0x0000000040c00000->0x0000000040ffffff]
ss0 D [0x0000000041800000->0x0000000041bfffff, 0x0000000040400000->0x00000000407fffff]
ss1 D [0x0000000041c00000->0x0000000041ffffff]
AVAILABLE_END 0x00000000d0000000
HEAP_END 0x00000000d0000000
Died in GC:
vm internal error at:

– Stack –
at [0x0000000040019870] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2043
at [0x00000000400198a0] Lorg/jikesrvm/VM; _assertionFailure(Ljava/lang/String;Ljava/lang/String;)V at line 551
at [0x00000000400198f8] Lorg/jikesrvm/VM; _assert(ZLjava/lang/String;Ljava/lang/String;)V at line 534
at [0x0000000040019950] Lorg/jikesrvm/VM; _assert(Z)V at line 512
at [0x0000000040019990] Lorg/jikesrvm/mm/mmtk/ScanBootImage; processChunk(Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/mmtk/plan/TraceLocal;)V at line 140
at [0x0000000040019a70] Lorg/jikesrvm/mm/mmtk/ScanBootImage; scanBootImage(Lorg/mmtk/plan/TraceLocal;)V at line 80
at [0x0000000040019b30] Lorg/jikesrvm/mm/mmtk/Scanning; computeBootImageRoots(Lorg/mmtk/plan/TraceLocal;)V at line 333
at [0x0000000040019b70] Lorg/mmtk/plan/SimpleCollector; collectionPhase(SZ)V at line 87
at [0x0000000040019bd0] Lorg/mmtk/plan/semispace/SSCollector; collectionPhase(SZ)V at line 140
at [0x0000000040019c30] Lorg/mmtk/plan/Phase; processPhaseStack(Z)Z at line 477
at [0x0000000040019d40] Lorg/mmtk/plan/Phase; beginNewPhaseStack(I)Z at line 390
at [0x0000000040019d88] Lorg/mmtk/plan/StopTheWorldCollector; collect()V at line 39
at [0x0000000040019db8] Lorg/jikesrvm/memorymanagers/mminterface/VM_CollectorThread; run()V at line 385
at [0x0000000040019f48] Lorg/jikesrvm/scheduler/VM_Thread; startoff()V at line 617
Virtual machine state:

– Processors –
Processor 1 running thread4-daemon-collector-RUNNABLE
system thread id 1
transferQueue:
readyQueue:
ioQueue:
processWaitQueue:
idleQueue:Proc 2: Thread 5: VM.sysFail(): We're in a (likely) recursive call to VM.sysFail(), 2 deep
sysFail was called with the message: vm internal error at:
Died in GC:
vm internal error at:

– Stack –
at [0x0000000040019488] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2043
at [0x00000000400194b8] Lorg/jikesrvm/VM; _assertionFailure(Ljava/lang/String;Ljava/lang/String;)V at line 551
at [0x0000000040019510] Lorg/jikesrvm/VM; _assert(ZLjava/lang/String;Ljava/lang/String;)V at line 534
at [0x0000000040019568] Lorg/jikesrvm/VM; _assert(Z)V at line 512
at [0x00000000400195a8] Lorg/jikesrvm/scheduler/VM_Thread; getIndex()I at line 1143
at [0x00000000400195e0] Lorg/jikesrvm/scheduler/VM_Thread; dump([CI)I at line 1936
at [0x0000000040019660] Lorg/jikesrvm/scheduler/VM_Thread; dump([C)I at line 1978
at [0x00000000400196b0] Lorg/jikesrvm/scheduler/VM_Thread; dump(I)V at line 1904
at [0x0000000040019718] Lorg/jikesrvm/scheduler/VM_Thread; dump()V at line 1869
at [0x0000000040019750] Lorg/jikesrvm/scheduler/greenthreads/VM_GreenThreadQueue; dump()V at line 244
at [0x00000000400197a0] Lorg/jikesrvm/scheduler/greenthreads/VM_GreenProcessor; dumpProcessorState()V at line 603
at [0x00000000400197e8] Lorg/jikesrvm/scheduler/greenthreads/VM_GreenScheduler; dumpVirtualMachineInternal()V at line 457
at [0x0000000040019850] Lorg/jikesrvm/scheduler/VM_Scheduler; dumpVirtualMachine()V at line 239
at [0x0000000040019870] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2045
at [0x00000000400198a0] Lorg/jikesrvm/VM; _assertionFailure(Ljava/lang/String;Ljava/lang/String;)V at line 551
at [0x00000000400198f8] Lorg/jikesrvm/VM; _assert(ZLjava/lang/String;Ljava/lang/String;)V at line 534
at [0x0000000040019950] Lorg/jikesrvm/VM; _assert(Z)V at line 512
at [0x0000000040019990] Lorg/jikesrvm/mm/mmtk/ScanBootImage; processChunk(Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/mmtk/plan/TraceLocal;)V at line 140
at [0x0000000040019a70] Lorg/jikesrvm/mm/mmtk/ScanBootImage; scanBootImage(Lorg/mmtk/plan/TraceLocal;)V at line 80
at [0x0000000040019b30] Lorg/jikesrvm/mm/mmtk/Scanning; computeBootImageRoots(Lorg/mmtk/plan/TraceLocal;)V at line 333
at [0x0000000040019b70] Lorg/mmtk/plan/SimpleCollector; collectionPhase(SZ)V at line 87
at [0x0000000040019bd0] Lorg/mmtk/plan/semispace/SSCollector; collectionPhase(SZ)V at line 140
at [0x0000000040019c30] Lorg/mmtk/plan/Phase; processPhaseStack(Z)Z at line 477
at [0x0000000040019d40] Lorg/mmtk/plan/Phase; beginNewPhaseStack(I)Z at line 390
at [0x0000000040019d88] Lorg/mmtk/plan/StopTheWorldCollector; collect()V at line 39
at [0x0000000040019db8] Lorg/jikesrvm/memorymanagers/mminterface/VM_CollectorThread; run()V at line 385
at [0x0000000040019f48] Lorg/jikesrvm/scheduler/VM_Thread; startoff()V at line 617
Virtual machine state:

[excalibur:/homes/excalibur/dgrove/SPECjvm98] ../buildit/rvm-trunk/dist/BaseBaseMarkSweep_ppc64-aix/rvm -verbose:gc -X:processors=2 SpecApplication -s100 -m5 -M5 -a _213_javac
Speed will be 100
Will run each benchmark at least 5 times
Will run each benchmark at most 5 times
[Forced GC][GC 1 Start 1.88 s 12008KB validRef: REF outside heap, ref = 0x30c81e6000000000
Key: (I)mmortal (N)onmoving (D)iscontiguous (E)xtent (F)raction
HEAP_START 0x0000000030000000
AVAILABLE_START 0x0000000035800000
boot IN 0x0000000030000000->0x000000003fffffff E 0x0000000010000000
immortal IND [0x0000000040000000->0x00000000403fffff]
meta ND [0x0000000042000000->0x00000000423fffff]
los ND [0x0000000041400000->0x00000000417fffff]
plos N 0x00000000c5000000->0x00000000cfffffff F 0.07
sanity ND []
non-moving ND [0x0000000041000000->0x00000000413fffff]
sm-code ND [0x0000000040800000->0x0000000040bfffff]
lg-code ND [0x0000000040c00000->0x0000000040ffffff]
ms ND [0x0000000041c00000->0x0000000041ffffff, 0x0000000041800000->0x0000000041bfffff, 0x0000000040400000->0x00000000407fffff]
AVAILABLE_END 0x00000000d0000000
HEAP_END 0x00000000d0000000
Died in GC:
vm internal error at:

– Stack –
at [0x0000000040019da0] Lorg/jikesrvm/VM; sysFail(Ljava/lang/String;)V at line 2043
at [0x0000000040019dd0] Lorg/jikesrvm/VM; _assertionFailure(Ljava/lang/String;Ljava/lang/String;)V at line 551
at [0x0000000040019e28] Lorg/jikesrvm/VM; _assert(ZLjava/lang/String;Ljava/lang/String;)V at line 534
at [0x0000000040019e80] Lorg/jikesrvm/VM; _assert(Z)V at line 512
at [0x0000000040019ec0] Lorg/jikesrvm/mm/mmtk/ScanBootImage; processChunk(Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/vmmagic/unboxed/Address;Lorg/mmtk/plan/TraceLocal;)V at line 141
at [0x0000000040019fa0] Lorg/jikesrvm/mm/mmtk/ScanBootImage; scanBootImage(Lorg/mmtk/plan/TraceLocal;)V at line 80
at [0x000000004001a060] Lorg/jikesrvm/mm/mmtk/Scanning; computeBootImageRoots(Lorg/mmtk/plan/TraceLocal;)V at line 333
at [0x000000004001a0a0] Lorg/mmtk/plan/SimpleCollector; collectionPhase(SZ)V at line 87
at [0x000000004001a100] Lorg/mmtk/plan/marksweep/MSCollector; collectionPhase(SZ)V at line 96
at [0x000000004001a160] Lorg/mmtk/plan/Phase; processPhaseStack(Z)Z at line 477
at [0x000000004001a270] Lorg/mmtk/plan/Phase; beginNewPhaseStack(I)Z at line 390
at [0x000000004001a2b8] Lorg/mmtk/plan/StopTheWorldCollector; collect()V at line 39
at [0x000000004001a2e8] Lorg/jikesrvm/memorymanagers/mminterface/VM_CollectorThread; run()V at line 385
at [0x000000004001a478] Lorg/jikesrvm/scheduler/VM_Thread; startoff()V at line 617
Virtual machine state:

in the BaseBaseMarkSweep image:
68166 0x0000000000002918 literal 0x0000000030c81e60 "gc thread transfer"

and in the BaseBaseSemiSpace image:
68170 0x0000000000002928 literal 0x0000000030c89740 "gc thread transfer"

private void transferThread(VM_GreenThread t) {
if (t.isGCThread()) {
collectorThreadMutex.lock("gc thread transfer");
if (verbose>0) VM.sysWriteln("setting collectorThread to ",t.getIndex()," in GP.transferThread for ",id);
collectorThread = t;

Wonder if perhaps a magic being used to manipulate the mutex isn't right in 64 bits. Seems really far fetched but it might explain why the crash only shows up when we have more than 1 virtual processor in the mix.

private final String[] lockReasons = VM.VerifyAssertions ? new String[100] : null;

public void registerLock(String reason) { VM_Magic.setObjectAtOffset(lockReasons, Offset.fromIntSignExtend(lockCount<<2), reason); lockCount ++; }

Thanks for the help Steve. Once it became clear from the assertions you added that the problem was that value in the bootimage itself was wrong, I had the idea of looking at RVM.map and then got lucky....

I left the 14230 assertions in place; not sure if you wanted to pull them back out or leave them in.