-
Bug
-
Resolution: Unresolved
-
P4
-
11.0.17
-
x86_64
-
linux_ubuntu
ADDITIONAL SYSTEM INFORMATION :
Arch: x86_64
OS: Ubuntu 20.04.4 LTS
HotSpot
- openjdk version "11.0.17-internal" 2022-10-18
- OpenJDK Runtime Environment (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u)
- OpenJDK 64-Bit Server VM (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u, mixed mode)
javac: javac 11.0.17-internal
A DESCRIPTION OF THE PROBLEM :
The problem was found in the repo https://github.com/openjdk/jdk11u-dev (commit f915a327), OpenJDK 11.0.17 (internal). However, we cannot reproduce on 11.0.15.
**Note**
1. The given test may take **~1min** to make HotSpot crash. So please be patient.
2. Sorry, we cannot reduce the test further otherwise it cannot be reproduced.
The following is part of the log:
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/zdata/congli/my-jdk11u/src/hotspot/share/opto/parse1.cpp:1529), pid=269206, tid=269218
# assert(!have_se || stopped() || failing() || (sp() - pre_bc_sp) == depth) failed: incorrect depth prediction: sp=0, pre_bc_sp=3, depth=-2
#
# JRE version: OpenJDK Runtime Environment (11.0.17) (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.17-internal+0-adhoc.congli.my-jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -Xmx1G -Xbatch Test
Host: amdsuplus3.inf.ethz.ch, AMD Ryzen Threadripper 3990X 64-Core Processor, 128 cores, 251G, Ubuntu 20.04.4 LTS
Time: Wed Jun 15 15:20:09 2022 CEST elapsed time: 1.083212 seconds (0d 0h 0m 1s)
--------------- T H R E A D ---------------
Current thread (0x00007f5de06ed800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=269218, stack(0x00007f5dad422000,0x00007f5dad523000)]
Current CompileTask:
C2: 1083 306 !b 4 Test::vMeth (37 bytes)
Stack: [0x00007f5dad422000,0x00007f5dad523000], sp=0x00007f5dad51ecc0, free space=1011k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1a756ca] VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long)+0x1ca
V [libjvm.so+0x1a76835] VMError::report_and_die(Thread*, void*, char const*, int, char const*, char const*, __va_list_tag*)+0x35
V [libjvm.so+0xc3626a] report_vm_error(char const*, int, char const*, char const*, ...)+0x10a
V [libjvm.so+0x16fc811] Parse::do_one_block()+0x6f1
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xd4419a] Parse::do_call()+0x3ea
V [libjvm.so+0x17116e8] Parse::do_one_bytecode()+0x21e8
V [libjvm.so+0x16fc785] Parse::do_one_block()+0x665
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xd4419a] Parse::do_call()+0x3ea
V [libjvm.so+0x17116e8] Parse::do_one_bytecode()+0x21e8
V [libjvm.so+0x16fc785] Parse::do_one_block()+0x665
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xb4b5ab] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, bool, DirectiveSet*)+0xfbb
V [libjvm.so+0x91bfc4] C2Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x334
V [libjvm.so+0xb5d210] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x540
V [libjvm.so+0xb5e8b8] CompileBroker::compiler_thread_loop()+0x678
V [libjvm.so+0x19ab8d2] JavaThread::thread_main_inner()+0x252
V [libjvm.so+0x19a42ab] Thread::call_run()+0x7b
V [libjvm.so+0x169a5b6] thread_native_entry(Thread*)+0x106
```
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. javac Test.java
2. java -Xbatch -Xmx1G Test
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No crashes
ACTUAL -
Crashed
---------- BEGIN SOURCE ----------
import java.util.ArrayList;
import java.util.List;
class Test {
int N;
void vMeth(int i, int i1) {
try {
int ax$22 = 0x80018001;
List ax$21 = new ArrayList();
ax$21.set(ax$22, Boolean.TRUE);
} catch (Throwable ax$25) {
} finally {
}
}
int iMeth(float f1) {
int iArr2[] = new int[N];
for (int ax$26 = 0; ax$26 < 8154; ) vMeth(177294371, 475509554);
long meth_res = FuzzerUtils.checkSum(iArr2);
return (int) meth_res;
}
void mainTest(String[] strArr1) {
float f = 2.828F;
f = iMeth(f);
}
public static void main(String[] strArr) {
Test _instance = new Test();
_instance.mainTest(strArr);
}
}
---------- END SOURCE ----------
FREQUENCY : always
Arch: x86_64
OS: Ubuntu 20.04.4 LTS
HotSpot
- openjdk version "11.0.17-internal" 2022-10-18
- OpenJDK Runtime Environment (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u)
- OpenJDK 64-Bit Server VM (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u, mixed mode)
javac: javac 11.0.17-internal
A DESCRIPTION OF THE PROBLEM :
The problem was found in the repo https://github.com/openjdk/jdk11u-dev (commit f915a327), OpenJDK 11.0.17 (internal). However, we cannot reproduce on 11.0.15.
**Note**
1. The given test may take **~1min** to make HotSpot crash. So please be patient.
2. Sorry, we cannot reduce the test further otherwise it cannot be reproduced.
The following is part of the log:
```
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/zdata/congli/my-jdk11u/src/hotspot/share/opto/parse1.cpp:1529), pid=269206, tid=269218
# assert(!have_se || stopped() || failing() || (sp() - pre_bc_sp) == depth) failed: incorrect depth prediction: sp=0, pre_bc_sp=3, depth=-2
#
# JRE version: OpenJDK Runtime Environment (11.0.17) (fastdebug build 11.0.17-internal+0-adhoc.congli.my-jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.17-internal+0-adhoc.congli.my-jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: -Xmx1G -Xbatch Test
Host: amdsuplus3.inf.ethz.ch, AMD Ryzen Threadripper 3990X 64-Core Processor, 128 cores, 251G, Ubuntu 20.04.4 LTS
Time: Wed Jun 15 15:20:09 2022 CEST elapsed time: 1.083212 seconds (0d 0h 0m 1s)
--------------- T H R E A D ---------------
Current thread (0x00007f5de06ed800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=269218, stack(0x00007f5dad422000,0x00007f5dad523000)]
Current CompileTask:
C2: 1083 306 !b 4 Test::vMeth (37 bytes)
Stack: [0x00007f5dad422000,0x00007f5dad523000], sp=0x00007f5dad51ecc0, free space=1011k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1a756ca] VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long)+0x1ca
V [libjvm.so+0x1a76835] VMError::report_and_die(Thread*, void*, char const*, int, char const*, char const*, __va_list_tag*)+0x35
V [libjvm.so+0xc3626a] report_vm_error(char const*, int, char const*, char const*, ...)+0x10a
V [libjvm.so+0x16fc811] Parse::do_one_block()+0x6f1
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xd4419a] Parse::do_call()+0x3ea
V [libjvm.so+0x17116e8] Parse::do_one_bytecode()+0x21e8
V [libjvm.so+0x16fc785] Parse::do_one_block()+0x665
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xd4419a] Parse::do_call()+0x3ea
V [libjvm.so+0x17116e8] Parse::do_one_bytecode()+0x21e8
V [libjvm.so+0x16fc785] Parse::do_one_block()+0x665
V [libjvm.so+0x16fce04] Parse::do_all_blocks()+0xf4
V [libjvm.so+0x16ff1b6] Parse::Parse(JVMState*, ciMethod*, float)+0xc26
V [libjvm.so+0x91de3a] ParseGenerator::generate(JVMState*)+0x12a
V [libjvm.so+0xb4b5ab] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, bool, DirectiveSet*)+0xfbb
V [libjvm.so+0x91bfc4] C2Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x334
V [libjvm.so+0xb5d210] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x540
V [libjvm.so+0xb5e8b8] CompileBroker::compiler_thread_loop()+0x678
V [libjvm.so+0x19ab8d2] JavaThread::thread_main_inner()+0x252
V [libjvm.so+0x19a42ab] Thread::call_run()+0x7b
V [libjvm.so+0x169a5b6] thread_native_entry(Thread*)+0x106
```
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. javac Test.java
2. java -Xbatch -Xmx1G Test
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
No crashes
ACTUAL -
Crashed
---------- BEGIN SOURCE ----------
import java.util.ArrayList;
import java.util.List;
class Test {
int N;
void vMeth(int i, int i1) {
try {
int ax$22 = 0x80018001;
List ax$21 = new ArrayList();
ax$21.set(ax$22, Boolean.TRUE);
} catch (Throwable ax$25) {
} finally {
}
}
int iMeth(float f1) {
int iArr2[] = new int[N];
for (int ax$26 = 0; ax$26 < 8154; ) vMeth(177294371, 475509554);
long meth_res = FuzzerUtils.checkSum(iArr2);
return (int) meth_res;
}
void mainTest(String[] strArr1) {
float f = 2.828F;
f = iMeth(f);
}
public static void main(String[] strArr) {
Test _instance = new Test();
_instance.mainTest(strArr);
}
}
---------- END SOURCE ----------
FREQUENCY : always