-
Bug
-
Resolution: Cannot Reproduce
-
P3
-
None
-
1.3.1_06
-
sparc
-
solaris_8
A customer faces with the following crash.
OS : Solaris 8
VM : HotSpot Server VM 1.3.1_06
Some portions of tack Trace information
---------------------------------------------
.....
#8 <signal handler called>
#9 0xfecc335c in void PhaseIdealLoop::build_loop_late(Node*,VectorSet&,Node_List&,const
PhaseIdealLoop*)
(0x436f5d, 0x436f5c, 0x8294b0, 0x515f7c, 0xc2b7f340, 0xc2b7f350)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#10 0xfecc3080 in void PhaseIdealLoop::build_loop_late(Node*,VectorSet&,Node_List&,const
PhaseIdealLoop*)
(0xc2b7f340, 0x0, 0x827c64, 0x319bbc, 0xc2b7f340, 0xc2b7f4a4)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#11 0xfed9f3a4 in PhaseIdealLoop::PhaseIdealLoop(PhaseIterGVN&,const PhaseIdealLoop*) (0xc2b7f128,
0x4981dc, 0x1, 0x2ce738, 0x800, 0xdda180)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#12 0xfedd8e14 in void Compile::Optimize()
(0xff190f78, 0xc2b7f7f8, 0xdd1af4, 0xc2b7f9c0, 0x0, 0xc2b7f61c)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#13 0xfedd7ba0 in Compile::Compile(ciEnv*,ciScope*,ciMethod*,int,long,long)
(0xff190f78, 0xc2b7fa68, 0x720364, 0xff190fb0, 0xc2b7f81c, 0xc2b7fb08)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
........
---------------------------------------------
There are 3 src code information which seems related to our crash.
According to our investigation, the cause of crash seems to occur as follows.
CUSTOMERS SCENARIO :
The variable n becomes NULL at (c) in the loopnode.hpp and
SIGSEGV occurs at "n->in(0)" of (d).
The above causes abnormal termination.
(In a little bit more detail,
when "legal" variable becomes RootNode,
source code goes to "legal = idom(legal->_idx)" of (b) in loopnode.cpp
and then to "idom_no_update( uint idx ) const { " in loopnode.hpp.
Here, the variable n becomes NULL at (c) in the loopnode.hpp and
SIGSEGV occurs at "n->in(0)" of (d). )
== Source Code Information ====
./src/share/vm/opto/loopnode.cpp:
---------------------------------------------
void PhaseIdealLoop::build_loop_late( Node *n, VectorSet &visited, Node_List &worklist, const
PhaseIdealLoop *verify_me ) {
.......
// Do I have a "safe range" I can select over?
Node *early = get_ctrl(n->_idx);// Early location already computed ......(1)
// Compute latest point this Node can go
Node *LCA = get_late_ctrl( n ); ......(*)
assert( LCA != C->_top_node, "no dead nodes" );
Node *legal = LCA; // Walk 'legal' up the IDOM chain ......(2)
Node *least = legal; // Best legal position so far
while( early != legal ) { // While not at earliest legal ......(a)
// Find least loop nesting depth
legal = idom(legal->_idx); // Bump up the IDOM tree ......(b)
// Check for lower nesting depth
if( get_loop(legal)->_nest < get_loop(least)->_nest )
least = legal; ......(3)
}
........
---------------------------------------------
./src/share/vm/opto/loopnode.hpp:
---------------------------------------------
........
Node *idom_no_update( uint idx ) const {
assert( idx < _idom_size, "" );
Node *n = _idom[idx]; ......(c)
while( !n->in(0) ) // Skip dead CFG nodes
n = n->in(1); ......(d)
return n;
}
Node *idom( uint idx ) const {
Node *n = idom_no_update(idx); _idom[idx] = n; return n; }
.........
---------------------------------------------
---------------------------------------------
! legal = idom(legal->idx);
fecc3348 ld [%i2 + 0x10], %i1
fecc334c ld [%o1 + 0x10], %g2 ! %g2:legal->_idx
fecc3350 ld [%i4 + 0x38], %g3 ! %i4:PhaseIdealLoop,%g3:_idom[]
fecc3354 sll %g2, 0x2, %o0
fecc3358 ld [%g3 + %o0], %o3 ! %o3: n = _idom[idx];
* fecc335c ld [%o3 + 0x4], %o1 ! %o1: _in[] <=== Crash point!!
fecc3360 ld [%o1], %g2
fecc3364 cmp %g2, 0x0
---------------------------------------------
KNOWN INFORMATION :
The above SCENARIO is based on the following 6 information
gotten by customer's investigation.
- "legal" was RootNodes on abnormal termination
---------------------------------------------
Variable on SIGSEGV : legal
[%o1]0x004981b0
(gdb) x/8x 0x004981b0
0x4981b0: 0xff187044 0x004378ac 0x00000015 0x00000030
0x4981c0: 0x00000000 0x00000001 0x00001966 0x004981b0
(gdb) x 0xff187044
0xff187044 <RootNode::__vtbl>: 0xff1070b8
---------------------------------------------
(The dump list that we use to track the node information from RootNodes
is "cnode.dump" attached file. )
- Dump information of PhaseIdealLoop::_idom[]
---------------------------------------------
PhaseIdealLoop :
...
(gdb) p/x $i4
$2 = 0xc2b7f340
(gdb) x/16x 0xc2b7f340
0xc2b7f340: 0xff18be48 0x0000000f 0xc2b7f9c0 0x00126440
0xc2b7f350: 0x00126440 0x00001000 0x00dd6180 0x00126440
0xc2b7f360: 0x00001000 0x002d28e8 0xc2b7f384 0x00dda180
0xc2b7f370: 0x00dda1b8 0x00000fb0 0x00dc6180 0x00dca040
^^_idom_size ^^_idom
(gdb) x 0xff18be48
0xff18be48 <PhaseIdealLoop::__vtbl>: 0xff10c320
(The dump informaiton of PhaseIdealLoop:_idom[0xfb0] is idom_dump.txt)
- The first arg. of PhaseIdealLoop::build_loop_late(), n(Node) was MergeMemNode.
---------------------------------------------
n(Node) ( the first arg. of PhaseIdealLoop::build_loop_late() ) :
...
(gdb) p/x $i2
$12 = 0x8294b0
(gdb) x/8x 0x8294b0
0x8294b0: 0xff18e544 0x008294c8 0x00000021 0x00000021
0x8294c0: 0x00000e74 0x000003d0 0x00000000 0x008277b4
(gdb) x 0xff18e544
0xff18e544 <MergeMemNode::__vtbl>: 0xff10d790
---------------------------------------------
- The variable "early" defined at (1) and det at (a) was RegionNode
---------------------------------------------
variable "early" :
...
(gdb) p/x $i1
$13 = 0x436f5c
(gdb) x/8x 0x436f5c
0x436f5c: 0xff1800ec 0x00436f74 0x00000003 0x00000003
0x436f6c: 0x00000c34 0x00000000 0x00436f5c 0x004395ac
(gdb) x 0xff1800ec
0xff1800ec <RegionNode::__vtbl>: 0xff103938
---------------------------------------------
- The variable "least" seems set to IfFalseNode at (3)
---------------------------------------------
variable "least" on SIGSEGV :
....
(gdb) p/x $i3
$15 = 0x515f7c
(gdb) x/8x 0x515f7c
0x515f7c: 0xff180810 0x00515f78 0x00000001 0x00000001
0x515f8c: 0x00000494 0x0000005b 0x00000000 0xff1800ec
(gdb) x 0xff180810
0xff180810 <IfFalseNode::__vtbl>: 0xff103cb0
---------------------------------------------
- LCA which is set at (2) did not remain in any register.
###@###.### 2005-1-27 09:21:18 GMT
OS : Solaris 8
VM : HotSpot Server VM 1.3.1_06
Some portions of tack Trace information
---------------------------------------------
.....
#8 <signal handler called>
#9 0xfecc335c in void PhaseIdealLoop::build_loop_late(Node*,VectorSet&,Node_List&,const
PhaseIdealLoop*)
(0x436f5d, 0x436f5c, 0x8294b0, 0x515f7c, 0xc2b7f340, 0xc2b7f350)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#10 0xfecc3080 in void PhaseIdealLoop::build_loop_late(Node*,VectorSet&,Node_List&,const
PhaseIdealLoop*)
(0xc2b7f340, 0x0, 0x827c64, 0x319bbc, 0xc2b7f340, 0xc2b7f4a4)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#11 0xfed9f3a4 in PhaseIdealLoop::PhaseIdealLoop(PhaseIterGVN&,const PhaseIdealLoop*) (0xc2b7f128,
0x4981dc, 0x1, 0x2ce738, 0x800, 0xdda180)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#12 0xfedd8e14 in void Compile::Optimize()
(0xff190f78, 0xc2b7f7f8, 0xdd1af4, 0xc2b7f9c0, 0x0, 0xc2b7f61c)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
#13 0xfedd7ba0 in Compile::Compile(ciEnv*,ciScope*,ciMethod*,int,long,long)
(0xff190f78, 0xc2b7fa68, 0x720364, 0xff190fb0, 0xc2b7f81c, 0xc2b7fb08)
from root/opt/FJSVawjbk/jdk13/jre/lib/sparc/fjvm/libjvm.so
........
---------------------------------------------
There are 3 src code information which seems related to our crash.
According to our investigation, the cause of crash seems to occur as follows.
CUSTOMERS SCENARIO :
The variable n becomes NULL at (c) in the loopnode.hpp and
SIGSEGV occurs at "n->in(0)" of (d).
The above causes abnormal termination.
(In a little bit more detail,
when "legal" variable becomes RootNode,
source code goes to "legal = idom(legal->_idx)" of (b) in loopnode.cpp
and then to "idom_no_update( uint idx ) const { " in loopnode.hpp.
Here, the variable n becomes NULL at (c) in the loopnode.hpp and
SIGSEGV occurs at "n->in(0)" of (d). )
== Source Code Information ====
./src/share/vm/opto/loopnode.cpp:
---------------------------------------------
void PhaseIdealLoop::build_loop_late( Node *n, VectorSet &visited, Node_List &worklist, const
PhaseIdealLoop *verify_me ) {
.......
// Do I have a "safe range" I can select over?
Node *early = get_ctrl(n->_idx);// Early location already computed ......(1)
// Compute latest point this Node can go
Node *LCA = get_late_ctrl( n ); ......(*)
assert( LCA != C->_top_node, "no dead nodes" );
Node *legal = LCA; // Walk 'legal' up the IDOM chain ......(2)
Node *least = legal; // Best legal position so far
while( early != legal ) { // While not at earliest legal ......(a)
// Find least loop nesting depth
legal = idom(legal->_idx); // Bump up the IDOM tree ......(b)
// Check for lower nesting depth
if( get_loop(legal)->_nest < get_loop(least)->_nest )
least = legal; ......(3)
}
........
---------------------------------------------
./src/share/vm/opto/loopnode.hpp:
---------------------------------------------
........
Node *idom_no_update( uint idx ) const {
assert( idx < _idom_size, "" );
Node *n = _idom[idx]; ......(c)
while( !n->in(0) ) // Skip dead CFG nodes
n = n->in(1); ......(d)
return n;
}
Node *idom( uint idx ) const {
Node *n = idom_no_update(idx); _idom[idx] = n; return n; }
.........
---------------------------------------------
---------------------------------------------
! legal = idom(legal->idx);
fecc3348 ld [%i2 + 0x10], %i1
fecc334c ld [%o1 + 0x10], %g2 ! %g2:legal->_idx
fecc3350 ld [%i4 + 0x38], %g3 ! %i4:PhaseIdealLoop,%g3:_idom[]
fecc3354 sll %g2, 0x2, %o0
fecc3358 ld [%g3 + %o0], %o3 ! %o3: n = _idom[idx];
* fecc335c ld [%o3 + 0x4], %o1 ! %o1: _in[] <=== Crash point!!
fecc3360 ld [%o1], %g2
fecc3364 cmp %g2, 0x0
---------------------------------------------
KNOWN INFORMATION :
The above SCENARIO is based on the following 6 information
gotten by customer's investigation.
- "legal" was RootNodes on abnormal termination
---------------------------------------------
Variable on SIGSEGV : legal
[%o1]0x004981b0
(gdb) x/8x 0x004981b0
0x4981b0: 0xff187044 0x004378ac 0x00000015 0x00000030
0x4981c0: 0x00000000 0x00000001 0x00001966 0x004981b0
(gdb) x 0xff187044
0xff187044 <RootNode::__vtbl>: 0xff1070b8
---------------------------------------------
(The dump list that we use to track the node information from RootNodes
is "cnode.dump" attached file. )
- Dump information of PhaseIdealLoop::_idom[]
---------------------------------------------
PhaseIdealLoop :
...
(gdb) p/x $i4
$2 = 0xc2b7f340
(gdb) x/16x 0xc2b7f340
0xc2b7f340: 0xff18be48 0x0000000f 0xc2b7f9c0 0x00126440
0xc2b7f350: 0x00126440 0x00001000 0x00dd6180 0x00126440
0xc2b7f360: 0x00001000 0x002d28e8 0xc2b7f384 0x00dda180
0xc2b7f370: 0x00dda1b8 0x00000fb0 0x00dc6180 0x00dca040
^^_idom_size ^^_idom
(gdb) x 0xff18be48
0xff18be48 <PhaseIdealLoop::__vtbl>: 0xff10c320
(The dump informaiton of PhaseIdealLoop:_idom[0xfb0] is idom_dump.txt)
- The first arg. of PhaseIdealLoop::build_loop_late(), n(Node) was MergeMemNode.
---------------------------------------------
n(Node) ( the first arg. of PhaseIdealLoop::build_loop_late() ) :
...
(gdb) p/x $i2
$12 = 0x8294b0
(gdb) x/8x 0x8294b0
0x8294b0: 0xff18e544 0x008294c8 0x00000021 0x00000021
0x8294c0: 0x00000e74 0x000003d0 0x00000000 0x008277b4
(gdb) x 0xff18e544
0xff18e544 <MergeMemNode::__vtbl>: 0xff10d790
---------------------------------------------
- The variable "early" defined at (1) and det at (a) was RegionNode
---------------------------------------------
variable "early" :
...
(gdb) p/x $i1
$13 = 0x436f5c
(gdb) x/8x 0x436f5c
0x436f5c: 0xff1800ec 0x00436f74 0x00000003 0x00000003
0x436f6c: 0x00000c34 0x00000000 0x00436f5c 0x004395ac
(gdb) x 0xff1800ec
0xff1800ec <RegionNode::__vtbl>: 0xff103938
---------------------------------------------
- The variable "least" seems set to IfFalseNode at (3)
---------------------------------------------
variable "least" on SIGSEGV :
....
(gdb) p/x $i3
$15 = 0x515f7c
(gdb) x/8x 0x515f7c
0x515f7c: 0xff180810 0x00515f78 0x00000001 0x00000001
0x515f8c: 0x00000494 0x0000005b 0x00000000 0xff1800ec
(gdb) x 0xff180810
0xff180810 <IfFalseNode::__vtbl>: 0xff103cb0
---------------------------------------------
- LCA which is set at (2) did not remain in any register.
###@###.### 2005-1-27 09:21:18 GMT