Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8269285

Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998

    XMLWordPrintable

Details

    • b30
    • Verified

    Backports

      Description

        See the thread here: https://www.reddit.com/r/java/comments/o0w953/investigation_jdk15_jit_seems_to_have_bugs

        There is a reproducer that fails on current JDK with:

        $ build/linux-x86_64-server-slowdebug/images/jdk/bin/java -XX:OnError="gdb - %p" Replication
        # To suppress the following error report, specify this argument
        # after -XX: or in .hotspotrc: SuppressErrorAt=/phaseX.cpp:729
        #
        # A fatal error has been detected by the Java Runtime Environment:
        #
        # Internal Error (/home/shade/trunks/jdk/src/hotspot/share/opto/phaseX.cpp:729), pid=3785715, tid=3785728
        # assert(!t->empty() || t == Type::TOP) failed: must not be vacuous range

        The gdb stack points to the code added by JDK-8191998. Reverting that patch makes the test pass.

        I think join_speculative returned an empty type here. This dirty patch also makes the test pass:

        diff --git a/src/hotspot/share/opto/callGenerator.cpp b/src/hotspot/share/opto/callGenerator.cpp
        index ab7f7897797..6f1c8df778a 100644
        --- a/src/hotspot/share/opto/callGenerator.cpp
        +++ b/src/hotspot/share/opto/callGenerator.cpp
        @@ -1152,7 +1152,8 @@ CallGenerator* CallGenerator::for_method_handle_inline(JVMState* jvms, ciMethod*
                   const Type* sig_type = TypeOopPtr::make_from_klass(signature->accessing_klass());
                   if (arg_type != NULL && !arg_type->higher_equal(sig_type)) {
                     const Type* recv_type = arg_type->join_speculative(sig_type); // keep speculative part
        - Node* cast_obj = gvn.transform(new CheckCastPPNode(kit.control(), arg, recv_type));
        + const Type* cast_type = recv_type->empty() ? sig_type : recv_type;
        + Node* cast_obj = gvn.transform(new CheckCastPPNode(kit.control(), arg, cast_type));
                     kit.set_argument(0, cast_obj);
                   }
                 }
        @@ -1165,7 +1166,8 @@ CallGenerator* CallGenerator::for_method_handle_inline(JVMState* jvms, ciMethod*
                     const Type* sig_type = TypeOopPtr::make_from_klass(t->as_klass());
                     if (arg_type != NULL && !arg_type->higher_equal(sig_type)) {
                       const Type* narrowed_arg_type = arg_type->join_speculative(sig_type); // keep speculative part
        - Node* cast_obj = gvn.transform(new CheckCastPPNode(kit.control(), arg, narrowed_arg_type));
        + const Type* cast_type = narrowed_arg_type->empty() ? sig_type : narrowed_arg_type;
        + Node* cast_obj = gvn.transform(new CheckCastPPNode(kit.control(), arg, cast_type));
                       kit.set_argument(receiver_skip + j, cast_obj);
                     }
                   }

        Vladimir, please follow up?

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8269782 Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8270694 Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8293644 Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8293645 Crash/miscompile in CallGenerator::for_method_handle_inline after JDK-8191998

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved
            relates to

            Enhancement - null JDK-8191998 C2: inlining through MH linkers drops speculative part of argument types

            • P3 - Major loss of function.
            • Resolved
            links to

            Commit Commit openjdk/jdk13u-dev/78b30c7e

            Commit Commit openjdk/jdk15u-dev/5e52b384

            Commit Commit openjdk/jdk17/c16d1fc9

            Review Review openjdk/jdk13u-dev/398

            Review Review openjdk/jdk15u-dev/267

            Review Review openjdk/jdk17/169

            Activity

              People

                shade Aleksey Shipilev
                shade Aleksey Shipilev
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: