Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8269795

C2: Out of bounds array load floats above its range check in loop peeling resulting in SEGV

XMLWordPrintable

    • b31
    • Verified

        The attached fuzzer test starts to fail after JDK-8257498.

        Unpack the attached fuzzer test, then run:

        $ ../build/linux-x86_64-server-fastdebug/images/jdk/bin/java -XX:+UnlockDiagnosticVMOptions -XX:+StressGCM -Xcomp -XX:CompileOnly=Test -XX:-TieredCompilation Test

        ...

        #
        # A fatal error has been detected by the Java Runtime Environment:
        #
        # SIGSEGV (0xb) at pc=0x00007fcb890764b2, pid=2545770, tid=2545771
        #
        # JRE version: OpenJDK Runtime Environment (18.0) (fastdebug build 18-internal+0-adhoc.shade.jdk)
        # Java VM: OpenJDK 64-Bit Server VM (fastdebug 18-internal+0-adhoc.shade.jdk, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
        # Problematic frame:
        # J 5 c2 Test.vMeth(I)V (215 bytes) @ 0x00007fcb890764b2 [0x00007fcb89076340+0x0000000000000172]
        #
        # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P %E" (or dumping to /home/shade/trunks/jdk/0024/core.2545770)


        Note it crashes in the generated code (presumably the on unhandled null-ptr / range-check), and seems to only crash with -XX:+StressGCM.

        Bisection shows it started with JDK-8257498, which implies JDK 17 regression.

              chagedorn Christian Hagedorn
              shade Aleksey Shipilev
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: