Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8331717

C2: Crash with SIGFPE Because Loop Predication Wrongly Hoists Division Requiring Zero Check

XMLWordPrintable

    • master

      The attached Java Fuzzer test crashes with a SIGFPE after JDK-8259227.

      To reproduce:
      $ java -XX:CompileCommand=compileonly,*Test*::* -XX:-TieredCompilation -Xbatch Test.java
      $ java -XX:CompileCommand=compileonly,*Reduced*::* -XX:-TieredCompilation -Xbatch Reduced.java

      #
      # A fatal error has been detected by the Java Runtime Environment:
      #
      # SIGFPE (0x8) at pc=0x000078e8d8d8a34b, pid=229233, tid=229234
      #
      # JRE version: Java(TM) SE Runtime Environment (23.0+21) (fastdebug build 23-ea+21-1729)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-ea+21-1729, mixed mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
      # Problematic frame:
      # J 97% c2 Test.test()V (57 bytes) @ 0x000078e8d8d8a34b [0x000078e8d8d8a2a0+0x00000000000000ab]
      .............
      Command Line: -XX:CompileCommand=compileonly,*Test*::* -XX:-TieredCompilation -Xbatch --add-modules=ALL-DEFAULT jdk.compiler/com.sun.tools.javac.launcher.SourceLauncher Test.java
      .............
      Stack: [0x000078e8dbc19000,0x000078e8dbd19000], sp=0x000078e8dbd17370, free space=1016k
      Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
      J 97% c2 Test.test()V (57 bytes) @ 0x000078e8d8d8a34b [0x000078e8d8d8a2a0+0x00000000000000ab]
      j Test.main([Ljava/lang/String;)V+9
      j java.lang.invoke.LambdaForm$DMH+0x000078e863028400.invokeStatic(Ljava/lang/Object;Ljava/lang/Object;)V+10 java.base@23-ea
      j java.lang.invoke.LambdaForm$MH+0x000078e863149400.invoke(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;+33 java.base@23-ea
      j java.lang.invoke.Invokers$Holder.invokeExact_MT(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;+20 java.base@23-ea
      j jdk.internal.reflect.DirectMethodHandleAccessor.invokeImpl(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+55 java.base@23-ea
      j jdk.internal.reflect.DirectMethodHandleAccessor.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+23 java.base@23-ea
      j java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+102 java.base@23-ea
      j com.sun.tools.javac.launcher.SourceLauncher.execute(Lcom/sun/tools/javac/launcher/MemoryContext;[Ljava/lang/String;)Ljava/lang/Class;+447 jdk.compiler@23-ea
      j com.sun.tools.javac.launcher.SourceLauncher.run([Ljava/lang/String;[Ljava/lang/String;)Lcom/sun/tools/javac/launcher/Result;+62 jdk.compiler@23-ea
      j com.sun.tools.javac.launcher.SourceLauncher.main([Ljava/lang/String;)V+17 jdk.compiler@23-ea
      v ~StubRoutines::call_stub 0x000078e8d8c19d01
      V [libjvm.so+0xe68739] JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x4a9
      V [libjvm.so+0xfa04f0] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, JavaThread*) [clone .constprop.1]+0x360
      V [libjvm.so+0xfa3bf3] jni_CallStaticVoidMethod+0x193
      C [libjli.so+0x3a00] invokeStaticMainWithArgs+0x70
      C [libjli.so+0x49dd] JavaMain+0xd9d
      C [libjli.so+0x7cb9] ThreadJavaMain+0x9

      siginfo: si_signo: 8 (SIGFPE), si_code: 1 (FPE_INTDIV), si_addr: 0x000078e8d8d8a34b

        1. FuzzerUtils.java
          13 kB
        2. hs_err_pid229233.log
          107 kB
        3. Reduced.java
          0.5 kB
        4. Reduced2.java
          0.7 kB
        5. Test.java
          7 kB
        6. Test2.java
          0.6 kB
        7. Test2-1.java
          12 kB

            tweidmann Theo Weidmann
            chagedorn Christian Hagedorn
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: