Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8328702

C2: Crash during parsing because sub type check is not folded

    XMLWordPrintable

Details

    • b05
    • 21
    • b17

    Backports

      Description

        Attached Crash.java triggers a crash during C2 compilation.

        java -XX:-TieredCompilation -Xbatch -XX:CompileCommand=compileonly,Crash::* Crash.java

        # A fatal error has been detected by the Java Runtime Environment:
        #
        # Internal Error (/workspace/open/src/hotspot/share/opto/graphKit.hpp:369), pid=2866297, tid=2866311
        # assert(argument(0)->bottom_type()->isa_ptr()) failed: must be
        #
        # JRE version: Java(TM) SE Runtime Environment (23.0+14) (fastdebug build 23-ea+14-1026)
        # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-ea+14-1026, mixed mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
        # Problematic frame:
        # V [libjvm.so+0x1221fc3] LibraryCallKit::inline_native_getClass()+0x133

        Current CompileTask:
        C2:2232 110 b Crash::compileRoot (19 bytes)

        Stack: [0x00007f2101bfc000,0x00007f2101cfd000], sp=0x00007f2101cf8b30, free space=1010k
        Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
        V [libjvm.so+0x1221fc3] LibraryCallKit::inline_native_getClass()+0x133 (graphKit.hpp:369)
        V [libjvm.so+0x1242284] LibraryIntrinsic::generate(JVMState*)+0x1e4
        V [libjvm.so+0xb8dc42] Parse::do_call()+0x602
        V [libjvm.so+0x151d778] Parse::do_one_bytecode()+0x328
        V [libjvm.so+0x150b38a] Parse::do_one_block()+0x20a
        V [libjvm.so+0x150c846] Parse::do_all_blocks()+0x136
        V [libjvm.so+0x1510b85] Parse::Parse(JVMState*, ciMethod*, float)+0xb15
        V [libjvm.so+0x84be49] ParseGenerator::generate(JVMState*)+0x169
        V [libjvm.so+0xb8dc42] Parse::do_call()+0x602
        V [libjvm.so+0x151d778] Parse::do_one_bytecode()+0x328
        V [libjvm.so+0x150b38a] Parse::do_one_block()+0x20a
        V [libjvm.so+0x150c846] Parse::do_all_blocks()+0x136
        V [libjvm.so+0x1510b85] Parse::Parse(JVMState*, ciMethod*, float)+0xb15
        V [libjvm.so+0x84be49] ParseGenerator::generate(JVMState*)+0x169
        V [libjvm.so+0x9f542e] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x163e
        V [libjvm.so+0x8498a5] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x1d5
        V [libjvm.so+0xa016d8] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x928
        V [libjvm.so+0xa02368] CompileBroker::compiler_thread_loop()+0x478
        V [libjvm.so+0xebfccc] JavaThread::thread_main_inner()+0xcc
        V [libjvm.so+0x17b9e66] Thread::call_run()+0xb6
        V [libjvm.so+0x14bdb47] thread_native_entry(Thread*)+0x127

        It's a regression from JDK-8297933 in JDK 21 b05. The problem is that a node in the C2 IR is replaced by TOP. We assert in debug or crash during compilation in product.

        #3 0x00007f27b716f804 in LibraryCallKit::inline_native_getClass (this=0x7f279b3f7cd0) at /oracle/valhalla/open/src/hotspot/share/opto/library_call.cpp:4948
        4948 set_result(load_mirror_from_klass(load_object_klass(obj)));
        (rr) p obj->dump(1)
           0 Root === 0 70 106 [[ 0 1 3 20 21 22 33 38 53 56 65 76 97 101 ]]
           1 Con === 0 [[ ]] #top

        The underlying issue is that after JDK-8297933, C2's type system is able to determine that the instanceof check in Crash::typeCheck is always false when called from Crash::compileRoot and thus the type 'i' is replaced by TOP (= no possible type). However, C2 is not able to fold the corresponding subtype check, leading to an inconsistent intermediate representation.

        The problem is not specific to the Object.getClass() intrinsic. We just end up crashing when trying to intrinsify that method and encountering TOP. Using 'i.hashCode()' instead of 'getClass' will result in a different failure mode.

        Attachments

          1. replay_pid2866297.log
            240 kB
          2. hs_err_pid2866297.log
            78 kB
          3. Crash.java
            2 kB

          Issue Links

            Activity

              People

                chagedorn Christian Hagedorn
                thartmann Tobias Hartmann
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: