Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8328702

C2: Crash during parsing because sub type check is not folded

XMLWordPrintable

    • b05
    • 21
    • b17
    • Verified

        Attached Crash.java triggers a crash during C2 compilation.

        java -XX:-TieredCompilation -Xbatch -XX:CompileCommand=compileonly,Crash::* Crash.java

        # A fatal error has been detected by the Java Runtime Environment:
        #
        # Internal Error (/workspace/open/src/hotspot/share/opto/graphKit.hpp:369), pid=2866297, tid=2866311
        # assert(argument(0)->bottom_type()->isa_ptr()) failed: must be
        #
        # JRE version: Java(TM) SE Runtime Environment (23.0+14) (fastdebug build 23-ea+14-1026)
        # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-ea+14-1026, mixed mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
        # Problematic frame:
        # V [libjvm.so+0x1221fc3] LibraryCallKit::inline_native_getClass()+0x133

        Current CompileTask:
        C2:2232 110 b Crash::compileRoot (19 bytes)

        Stack: [0x00007f2101bfc000,0x00007f2101cfd000], sp=0x00007f2101cf8b30, free space=1010k
        Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
        V [libjvm.so+0x1221fc3] LibraryCallKit::inline_native_getClass()+0x133 (graphKit.hpp:369)
        V [libjvm.so+0x1242284] LibraryIntrinsic::generate(JVMState*)+0x1e4
        V [libjvm.so+0xb8dc42] Parse::do_call()+0x602
        V [libjvm.so+0x151d778] Parse::do_one_bytecode()+0x328
        V [libjvm.so+0x150b38a] Parse::do_one_block()+0x20a
        V [libjvm.so+0x150c846] Parse::do_all_blocks()+0x136
        V [libjvm.so+0x1510b85] Parse::Parse(JVMState*, ciMethod*, float)+0xb15
        V [libjvm.so+0x84be49] ParseGenerator::generate(JVMState*)+0x169
        V [libjvm.so+0xb8dc42] Parse::do_call()+0x602
        V [libjvm.so+0x151d778] Parse::do_one_bytecode()+0x328
        V [libjvm.so+0x150b38a] Parse::do_one_block()+0x20a
        V [libjvm.so+0x150c846] Parse::do_all_blocks()+0x136
        V [libjvm.so+0x1510b85] Parse::Parse(JVMState*, ciMethod*, float)+0xb15
        V [libjvm.so+0x84be49] ParseGenerator::generate(JVMState*)+0x169
        V [libjvm.so+0x9f542e] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x163e
        V [libjvm.so+0x8498a5] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x1d5
        V [libjvm.so+0xa016d8] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x928
        V [libjvm.so+0xa02368] CompileBroker::compiler_thread_loop()+0x478
        V [libjvm.so+0xebfccc] JavaThread::thread_main_inner()+0xcc
        V [libjvm.so+0x17b9e66] Thread::call_run()+0xb6
        V [libjvm.so+0x14bdb47] thread_native_entry(Thread*)+0x127

        It's a regression from JDK-8297933 in JDK 21 b05. The problem is that a node in the C2 IR is replaced by TOP. We assert in debug or crash during compilation in product.

        #3 0x00007f27b716f804 in LibraryCallKit::inline_native_getClass (this=0x7f279b3f7cd0) at /oracle/valhalla/open/src/hotspot/share/opto/library_call.cpp:4948
        4948 set_result(load_mirror_from_klass(load_object_klass(obj)));
        (rr) p obj->dump(1)
           0 Root === 0 70 106 [[ 0 1 3 20 21 22 33 38 53 56 65 76 97 101 ]]
           1 Con === 0 [[ ]] #top

        The underlying issue is that after JDK-8297933, C2's type system is able to determine that the instanceof check in Crash::typeCheck is always false when called from Crash::compileRoot and thus the type 'i' is replaced by TOP (= no possible type). However, C2 is not able to fold the corresponding subtype check, leading to an inconsistent intermediate representation.

        The problem is not specific to the Object.getClass() intrinsic. We just end up crashing when trying to intrinsify that method and encountering TOP. Using 'i.hashCode()' instead of 'getClass' will result in a different failure mode.

          1. replay_pid2866297.log
            240 kB
          2. hs_err_pid2866297.log
            78 kB
          3. Crash.java
            2 kB

              chagedorn Christian Hagedorn
              thartmann Tobias Hartmann
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: