Status fields:
| creation_ts: | 2008-06-13 18:07 |
|---|---|
| component: | jit |
| version: | default branch |
| rep_platform: | powerpc |
| op_sys: | Linux |
| bug_status: | RESOLVED |
| resolution: | FIXED |
| reporter: | twisti@complang.tuwien.ac.at |
It works with -O0, but it crashes with -O2. It also depends on the GCC version, but I think it's not a GCC bug. builtin_arraycopy crashes for a length < 0, when it takes the exception path. The actual crash seems to be caused by an invalid return address. To small stacksize in the stub? This one crashes: gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21) But this one works: gcc version 4.0.4 20060904 (prerelease) (Debian 4.0.3-7)
I stepped through the program with GDB and it seems the failing function is not builtin_arraycopy, but builtin_i2f: (gdb) finish Run till exit from #0 0x0fbc0c84 in builtin_i2f (a=<value optimized out>) at builtin.c:1929 RunnerProcess:restart-timer ... and it hangs forever. At least on my PowerBook G4.
cacaojvm.org
I found the problem and it's in builtin_arraycopy. The problem are the range checks
with corner-case values like:
// Regression test for missing check in libgcj.
harness.check (copy (x, 4, y, 4, Integer.MAX_VALUE),
"caught IndexOutOfBoundsException");
Our range checks were simply wrong (missing unsigned casts)! I wonder why this was
possible for such a long time...
This changeset fixes the range checks and I also added a junit testcase so we have a
test even without running Mauve:
http://mips.complang.tuwien.ac.at/hg/cacao/rev/75bfed30df25