-
Bug
-
Resolution: Fixed
-
P4
-
8, 11, 17, 19, 20, 21
-
b14
This was found by fuzzing (hitting the assert "Missed optimization opportunity in PhaseCCP") when multiplying two longs resulting in a large number. The current logic in MulLNode::mul_ring() tries to cast the longs to doubles to check for overflows. However, when the product is too large (but still small enough to not overflow the 64-bit long range), we could get precision errors and wrongly bottom type even though there is no overflow. This should be fixed.
Moreover, the code in MulLNode::mul_ring() is very similar to MulINode::mul_ring() and should be shared.
Reproduce original fuzzer test:
$ java -XX:-TieredCompilation -XX:+StressCCP -XX:+StressIGVN -XX:StressSeed=1110788490 -Xcomp -XX:CompileOnly=Test Test.java
$ java -XX:-TieredCompilation -Xcomp -XX:CompileOnly=Reduced -XX:CompileCommand=dontinline,*::* Reduced.java
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/opt/mach5/mesos/work_dir/slaves/0c72054a-24ab-4dbb-944f-97f9341a1b96-S94926/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/bf8be942-093f-4c3a-ad5c-419b5b32f8e9/runs/fa071043-b451-4ecc-b392-0071c325cf84/workspace/open/src/hotspot/share/opto/phaseX.cpp:1859), pid=131032, tid=131045
# assert(!failure) failed: Missed optimization opportunity in PhaseCCP
#
# JRE version: Java(TM) SE Runtime Environment (21.0+4) (fastdebug build 21-ea+4-LTS-164)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 21-ea+4-LTS-164, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1796324] PhaseCCP::verify_analyze(Unique_Node_List&)+0x414
Current CompileTask:
C2: 1151 111 b Test::vMeth1 (257 bytes)
Stack: [0x00007f4b3ef19000,0x00007f4b3f019000], sp=0x00007f4b3f013fd0, free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1796324] PhaseCCP::verify_analyze(Unique_Node_List&)+0x414 (phaseX.cpp:1859)
V [libjvm.so+0x179a2f8] PhaseCCP::analyze()+0x3d8
V [libjvm.so+0xafe0c1] Compile::Optimize()+0x701
V [libjvm.so+0xb0294e] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x18ce
V [libjvm.so+0x9167f7] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4e7
V [libjvm.so+0xb0f9dc] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xa7c
V [libjvm.so+0xb10798] CompileBroker::compiler_thread_loop()+0x5d8
V [libjvm.so+0x107cf06] JavaThread::thread_main_inner()+0x206
V [libjvm.so+0x1a72710] Thread::call_run()+0x100
V [libjvm.so+0x1712613] thread_native_entry(Thread*)+0x103
Registers:
Moreover, the code in MulLNode::mul_ring() is very similar to MulINode::mul_ring() and should be shared.
Reproduce original fuzzer test:
$ java -XX:-TieredCompilation -XX:+StressCCP -XX:+StressIGVN -XX:StressSeed=1110788490 -Xcomp -XX:CompileOnly=Test Test.java
$ java -XX:-TieredCompilation -Xcomp -XX:CompileOnly=Reduced -XX:CompileCommand=dontinline,*::* Reduced.java
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/opt/mach5/mesos/work_dir/slaves/0c72054a-24ab-4dbb-944f-97f9341a1b96-S94926/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/bf8be942-093f-4c3a-ad5c-419b5b32f8e9/runs/fa071043-b451-4ecc-b392-0071c325cf84/workspace/open/src/hotspot/share/opto/phaseX.cpp:1859), pid=131032, tid=131045
# assert(!failure) failed: Missed optimization opportunity in PhaseCCP
#
# JRE version: Java(TM) SE Runtime Environment (21.0+4) (fastdebug build 21-ea+4-LTS-164)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 21-ea+4-LTS-164, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1796324] PhaseCCP::verify_analyze(Unique_Node_List&)+0x414
Current CompileTask:
C2: 1151 111 b Test::vMeth1 (257 bytes)
Stack: [0x00007f4b3ef19000,0x00007f4b3f019000], sp=0x00007f4b3f013fd0, free space=1003k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1796324] PhaseCCP::verify_analyze(Unique_Node_List&)+0x414 (phaseX.cpp:1859)
V [libjvm.so+0x179a2f8] PhaseCCP::analyze()+0x3d8
V [libjvm.so+0xafe0c1] Compile::Optimize()+0x701
V [libjvm.so+0xb0294e] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x18ce
V [libjvm.so+0x9167f7] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4e7
V [libjvm.so+0xb0f9dc] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xa7c
V [libjvm.so+0xb10798] CompileBroker::compiler_thread_loop()+0x5d8
V [libjvm.so+0x107cf06] JavaThread::thread_main_inner()+0x206
V [libjvm.so+0x1a72710] Thread::call_run()+0x100
V [libjvm.so+0x1712613] thread_native_entry(Thread*)+0x103
Registers:
- relates to
-
JDK-8257197 Add additional verification code to PhaseCCP
-
- Resolved
-
-
-
- Closed
-
