Details
-
Bug
-
Resolution: Fixed
-
P4
-
17, 18
-
b06
-
other
-
linux
Description
when I do a peephole optimization like this:
peephole %{
peepmatch (storeI loadI storeI loadI);
peepconstraint (0.src == 1.dst, 2.src == 3.dst, 1.mem == 3.mem);
peepreplace ( storeII(0.mem 0.mem 2.mem 1.mem 0.src));
%}
It crashed on mips64 arch and error infomation are:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x000000fff5143800, pid=24601, tid=24614
#
# JRE version: OpenJDK Runtime Environment (17.0) (build 17-internal+0-adhoc.sunguoyun.jdk-ls-release)
# Java VM: OpenJDK 64-Bit Server VM (17-internal+0-adhoc.sunguoyun.jdk-ls-release, compiled mode, compressed oops, compressed class ptrs, g1 gc, linux-mips64)
# Problematic frame:
# V [libjvm.so+0x2d7800] OopFlow::build_oop_map(Node*, int, PhaseRegAlloc*, int*)+0x238
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
x86_64 maybe have the same issue:
The nodes (storeI loadI storeI loadI) will be removed after peephole optimization, but the regs of these node be set lived in do_liveness() of buildOopMap.cpp.
//src/hotspot/share/opto/phaseX.cpp
2026 void PhasePeephole::do_transform() {
...
2073 for( ; (instruction_index > safe_instruction_index); --instruction_index ) {
2074 block->remove_node( instruction_index );
2075 }
...
//src/hotspot/share/opto/buildOopMap.cpp
404 static void do_liveness(PhaseRegAlloc* regalloc, PhaseCFG* cfg, Block_List* worklist, int max_reg_ints, Arena* A, Dict* safehash) {
...
464 for( uint l=1; l<n->req(); l++ ) {
465 Node *def = n->in(l); //include removed peephole loadI
466 assert(def != 0, "input edge required");
467 int first = regalloc->get_reg_first(def);
468 int second = regalloc->get_reg_second(def);
469 if( OptoReg::is_valid(first) ) set_live_bit(tmp_live,first);
470 if( OptoReg::is_valid(second) ) set_live_bit(tmp_live,second);
but block`s _defs[] index not include peephole loadI
//src/hotspot/share/opto/buildOopMap.cpp
111 void OopFlow::compute_reach( PhaseRegAlloc *regalloc, int max_reg, Dict *safehash ) {
112
113 for( uint i=0; i<_b->number_of_nodes(); i++ ) {
114 Node *n = _b->get_node(i);
...
131 _defs[first] = n;
132 _defs[second] = n;
if the blocks before contained-MachSafePoint have no used the same reg for loadI , _defs[reg] will be null in build_oop_map() ,so cause crash
//src/hotspot/share/opto/buildOopMap.cpp
210 OopMap *OopFlow::build_oop_map( Node *n, int max_reg, PhaseRegAlloc *regalloc, int* live ) {
...
239 Node *def = _defs[reg]; ---------------->maybe NULL
240 assert( def, "since live better have reaching def" );
243 const Type *t = def->bottom_type(); --->crash here
peephole %{
peepmatch (storeI loadI storeI loadI);
peepconstraint (0.src == 1.dst, 2.src == 3.dst, 1.mem == 3.mem);
peepreplace ( storeII(0.mem 0.mem 2.mem 1.mem 0.src));
%}
It crashed on mips64 arch and error infomation are:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x000000fff5143800, pid=24601, tid=24614
#
# JRE version: OpenJDK Runtime Environment (17.0) (build 17-internal+0-adhoc.sunguoyun.jdk-ls-release)
# Java VM: OpenJDK 64-Bit Server VM (17-internal+0-adhoc.sunguoyun.jdk-ls-release, compiled mode, compressed oops, compressed class ptrs, g1 gc, linux-mips64)
# Problematic frame:
# V [libjvm.so+0x2d7800] OopFlow::build_oop_map(Node*, int, PhaseRegAlloc*, int*)+0x238
#
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
x86_64 maybe have the same issue:
The nodes (storeI loadI storeI loadI) will be removed after peephole optimization, but the regs of these node be set lived in do_liveness() of buildOopMap.cpp.
//src/hotspot/share/opto/phaseX.cpp
2026 void PhasePeephole::do_transform() {
...
2073 for( ; (instruction_index > safe_instruction_index); --instruction_index ) {
2074 block->remove_node( instruction_index );
2075 }
...
//src/hotspot/share/opto/buildOopMap.cpp
404 static void do_liveness(PhaseRegAlloc* regalloc, PhaseCFG* cfg, Block_List* worklist, int max_reg_ints, Arena* A, Dict* safehash) {
...
464 for( uint l=1; l<n->req(); l++ ) {
465 Node *def = n->in(l); //include removed peephole loadI
466 assert(def != 0, "input edge required");
467 int first = regalloc->get_reg_first(def);
468 int second = regalloc->get_reg_second(def);
469 if( OptoReg::is_valid(first) ) set_live_bit(tmp_live,first);
470 if( OptoReg::is_valid(second) ) set_live_bit(tmp_live,second);
but block`s _defs[] index not include peephole loadI
//src/hotspot/share/opto/buildOopMap.cpp
111 void OopFlow::compute_reach( PhaseRegAlloc *regalloc, int max_reg, Dict *safehash ) {
112
113 for( uint i=0; i<_b->number_of_nodes(); i++ ) {
114 Node *n = _b->get_node(i);
...
131 _defs[first] = n;
132 _defs[second] = n;
if the blocks before contained-MachSafePoint have no used the same reg for loadI , _defs[reg] will be null in build_oop_map() ,so cause crash
//src/hotspot/share/opto/buildOopMap.cpp
210 OopMap *OopFlow::build_oop_map( Node *n, int max_reg, PhaseRegAlloc *regalloc, int* live ) {
...
239 Node *def = _defs[reg]; ---------------->maybe NULL
240 assert( def, "since live better have reaching def" );
243 const Type *t = def->bottom_type(); --->crash here
