Bus Error on CMPXCHG in Scala 3 new lazy vals

[szymon-rd]

Describe the issue
The problem is occurring in the current implementation of LazyVals in Scala 3.3.0-RC2. I managed to minimize it into a snippet of Java code:

import sun.misc.Unsafe;
import java.lang.reflect.Field;

class Evaluating {
}

class FoooBar {
   volatile static Object foo;
}

class FoooBarMain {
   public static void main(String... args) throws Exception { 
      Field f = Unsafe.class.getDeclaredField("theUnsafe");
      f.setAccessible(true);
      Unsafe unsafe = (Unsafe) f.get(null);
      
      Evaluating evaluating = new Evaluating();
      long offset = unsafe.staticFieldOffset(FoooBar.class.getDeclaredField("foo"));
      System.out.println(unsafe.compareAndSwapObject(FoooBar.class, offset, null, evaluating));
      System.out.println(FoooBar.foo);
    }
}

After running it, a segfault occurs. When run with GDB, it shows a Bus error. I investigated it a bit, and I found that the failing instruction is:

lock cmpxchg %esi,0x1b71e0(%r14)

Stepping after this instruction results in Thread 2 received signal SIGBUS, Bus error.
I am providing a minimized example that generates a slightly different assembly. But it is compiled from a similar bytecode and results in the same error. In our case, I investigated it a bit further and found that the address of the destination of cmpxchg is wrong and does not correspond to the storage we want to operate on.

It only fails for static fields - therefore, only objects in Scala suffer from this. Classes generate non-static fields that use Unsafe functions for non-static fields, and all addresses are correct.

Steps to reproduce the issue
Please include both build steps as well as run steps

1. Create a java class like the above one and call it ReproJava.java,
2. Compile it: javac ReproJava.java -d javaout,
3. Generate the native image: native-image -g -cp javaout FoooBarMain,
4. Execute the native image: ./foobarmain

Describe GraalVM and your environment:

• java --version:

java 11.0.18 2023-01-17 LTS
Java(TM) SE Runtime Environment GraalVM EE 22.3.1 (build 11.0.18+9-LTS-jvmci-22.3-b11)
Java HotSpot(TM) 64-Bit Server VM GraalVM EE 22.3.1 (build 11.0.18+9-LTS-jvmci-22.3-b11, mixed mode, sharing)

• native-image --version:

GraalVM 22.3.1 Java 11 EE (Java Version 11.0.18+9-LTS-jvmci-22.3-b11)

• OS: macOS 11 with Intel. Reproduced also on macOS with ARM and Ubuntu.

[oubidar-Abderrahim]

Thank you for reporting this, we'll take a look into it shortly.

[oubidar-Abderrahim]

Tracked internally on GR 44061

[christianwimmer]

The example code is wrong, and happens to just accidentally work when running on the HotSpot VM: when accessing a static field with Unsafe, it is required that the accessed object is coming from staticFieldBase.

So the correct code is

      Evaluating evaluating = new Evaluating();
      long offset = unsafe.staticFieldOffset(FoooBar.class.getDeclaredField("foo"));
      System.out.println(unsafe.compareAndSwapObject(unsafe.staticFieldBase(FoooBar.class), offset, null, evaluating));
      System.out.println(FoooBar.foo);