-
Bug
-
Resolution: Fixed
-
P3
-
11, 17, 21, 22, 23, 24
-
b21
-
aarch64
The ComplexLockingAndMultiThreading.class (encounters bug) has been produced by fuzzing the class-file, from the ComplexLockingAndMultiThreading.java (this runs just fine).
Reproduces on JDK 22, 23, 24
Probably older versions are affected by the bug, but for JDK21 the class-file format is too new. See more info below.
---------- Summary -------------
Most likely, the locals table exceeds a certain size, and that creates a much larger offset than expected, which the aarch64 backend is not ready to handle.
The size of the table is 4100 = 0x1004. The offset is 32824 = 0x8038.
Most likely, this is an issue in the aarch64 backend, and the encoding must be fixed.
A similar bug that I had found recently, and is fixed already:
JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert "c2 compiler bug"
---------- Reproducing -------------
java ComplexLockingAndMultiThreading
debug:
# Internal Error (/scratch/empeter/jdk-fork1/open/src/hotspot/cpu/aarch64/assembler_aarch64.hpp:548), pid=2672487, tid=2672502
# assert(offset_ok_for_immed(offset(), size)) failed: must be, was: 32824, 3
#
# JRE version: Java(TM) SE Runtime Environment (23.0) (fastdebug build 23-internal-2024-05-22-1101113.empeter...)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-internal-2024-05-22-1101113.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
Current CompileTask:
C1:139 44 %s! 3 ComplexLockingAndMultiThreading::synchronizedMethod @ 23 (74 bytes)
Stack: [0x0000fffd8cb70000,0x0000fffd8cd70000], sp=0x0000fffd8cd6bae0, free space=2030k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x41d548] Address::encode(Instruction_aarch64*) const+0x348 (assembler_aarch64.hpp:548)
V [libjvm.so+0x41d988] Assembler::ld_st2(Register, Address const&, int, int, int)+0x1b8
V [libjvm.so+0x67ed1c] LIR_Assembler::osr_entry()+0x2c8
V [libjvm.so+0x672f08] LIR_Assembler::emit_lir_list(LIR_List*)+0xf8
V [libjvm.so+0x6737b0] LIR_Assembler::emit_code(BlockList*)+0x270
V [libjvm.so+0x61b280] Compilation::emit_code_body()+0x130
V [libjvm.so+0x61b880] Compilation::compile_java_method()+0x370
V [libjvm.so+0x61c18c] Compilation::compile_method()+0x1f8
V [libjvm.so+0x61c7bc] Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, bool, DirectiveSet*)+0x27c
V [libjvm.so+0x61e568] Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0xa4
V [libjvm.so+0x8d1b34] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x7d4
V [libjvm.so+0x8d2674] CompileBroker::compiler_thread_loop()+0x510
V [libjvm.so+0xd36900] JavaThread::thread_main_inner()+0xcc
V [libjvm.so+0x159dae0] Thread::call_run()+0xac
product:
# Internal Error (assembler_aarch64.hpp:246), pid=2673045, tid=2673064
# guarantee(val < (1ULL << nbits)) failed: Field too big for insn
#
# JRE version: Java(TM) SE Runtime Environment (23.0) (build 23-internal-2024-05-22-1101275.empeter...)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23-internal-2024-05-22-1101275.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
Maybe older versions are affected, but for JDK21 the class-file format is too new.
If you fix this: try to find another reproducer that works further back.
The only difference between the original and the fuzzed diff seems to be a bit that changes the locals number:
emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class > a.p
emanuel@emanuel-oracle:xyz$ vim a.p
emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class.orig.class > b.p
emanuel@emanuel-oracle:xyz$ diff a.p b.p
1c1
< Classfile xyz/ComplexLockingAndMultiThreading.class
---
> Classfile xyz/ComplexLockingAndMultiThreading.class.orig.class
3c3
< SHA-256 checksum dd5170690764b6c7e3624a232bfe9632836941aab678e78330ae3676ea5f238d
---
> SHA-256 checksum 8a9e0c859d99f105e28b894cbb328b8ce29afc13f745ed5599045472c8aa7da7
220c220
< stack=2, locals=4100, args_size=0
---
> stack=2, locals=4, args_size=0
----------------------------------------------------------------------------------
A part of the task will be to extract a simpler JASM file that reproduces this bug, and to check if it reproduces on older JDK. I tried it quickly, like below, but it did not work:
java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jdis ComplexLockingAndMultiThreading.class > X.jasm
(rename class to X)
java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jasm X.jasm
X.jasm (34:39) Error: Wrong tag: Either Method or InterfaceMethod expected.
MethodHandle REF_invokeStatic:Method X.lambda$main$0:"()V",
^
1 error
Reproduces on JDK 22, 23, 24
Probably older versions are affected by the bug, but for JDK21 the class-file format is too new. See more info below.
---------- Summary -------------
Most likely, the locals table exceeds a certain size, and that creates a much larger offset than expected, which the aarch64 backend is not ready to handle.
The size of the table is 4100 = 0x1004. The offset is 32824 = 0x8038.
Most likely, this is an issue in the aarch64 backend, and the encoding must be fixed.
A similar bug that I had found recently, and is fixed already:
---------- Reproducing -------------
java ComplexLockingAndMultiThreading
debug:
# Internal Error (/scratch/empeter/jdk-fork1/open/src/hotspot/cpu/aarch64/assembler_aarch64.hpp:548), pid=2672487, tid=2672502
# assert(offset_ok_for_immed(offset(), size)) failed: must be, was: 32824, 3
#
# JRE version: Java(TM) SE Runtime Environment (23.0) (fastdebug build 23-internal-2024-05-22-1101113.empeter...)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-internal-2024-05-22-1101113.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
Current CompileTask:
C1:139 44 %s! 3 ComplexLockingAndMultiThreading::synchronizedMethod @ 23 (74 bytes)
Stack: [0x0000fffd8cb70000,0x0000fffd8cd70000], sp=0x0000fffd8cd6bae0, free space=2030k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x41d548] Address::encode(Instruction_aarch64*) const+0x348 (assembler_aarch64.hpp:548)
V [libjvm.so+0x41d988] Assembler::ld_st2(Register, Address const&, int, int, int)+0x1b8
V [libjvm.so+0x67ed1c] LIR_Assembler::osr_entry()+0x2c8
V [libjvm.so+0x672f08] LIR_Assembler::emit_lir_list(LIR_List*)+0xf8
V [libjvm.so+0x6737b0] LIR_Assembler::emit_code(BlockList*)+0x270
V [libjvm.so+0x61b280] Compilation::emit_code_body()+0x130
V [libjvm.so+0x61b880] Compilation::compile_java_method()+0x370
V [libjvm.so+0x61c18c] Compilation::compile_method()+0x1f8
V [libjvm.so+0x61c7bc] Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, bool, DirectiveSet*)+0x27c
V [libjvm.so+0x61e568] Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0xa4
V [libjvm.so+0x8d1b34] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x7d4
V [libjvm.so+0x8d2674] CompileBroker::compiler_thread_loop()+0x510
V [libjvm.so+0xd36900] JavaThread::thread_main_inner()+0xcc
V [libjvm.so+0x159dae0] Thread::call_run()+0xac
product:
# Internal Error (assembler_aarch64.hpp:246), pid=2673045, tid=2673064
# guarantee(val < (1ULL << nbits)) failed: Field too big for insn
#
# JRE version: Java(TM) SE Runtime Environment (23.0) (build 23-internal-2024-05-22-1101275.empeter...)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23-internal-2024-05-22-1101275.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
Maybe older versions are affected, but for JDK21 the class-file format is too new.
If you fix this: try to find another reproducer that works further back.
The only difference between the original and the fuzzed diff seems to be a bit that changes the locals number:
emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class > a.p
emanuel@emanuel-oracle:xyz$ vim a.p
emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class.orig.class > b.p
emanuel@emanuel-oracle:xyz$ diff a.p b.p
1c1
< Classfile xyz/ComplexLockingAndMultiThreading.class
---
> Classfile xyz/ComplexLockingAndMultiThreading.class.orig.class
3c3
< SHA-256 checksum dd5170690764b6c7e3624a232bfe9632836941aab678e78330ae3676ea5f238d
---
> SHA-256 checksum 8a9e0c859d99f105e28b894cbb328b8ce29afc13f745ed5599045472c8aa7da7
220c220
< stack=2, locals=4100, args_size=0
---
> stack=2, locals=4, args_size=0
----------------------------------------------------------------------------------
A part of the task will be to extract a simpler JASM file that reproduces this bug, and to check if it reproduces on older JDK. I tried it quickly, like below, but it did not work:
java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jdis ComplexLockingAndMultiThreading.class > X.jasm
(rename class to X)
java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jasm X.jasm
X.jasm (34:39) Error: Wrong tag: Either Method or InterfaceMethod expected.
MethodHandle REF_invokeStatic:Method X.lambda$main$0:"()V",
^
1 error
- relates to
-
-
- Resolved
-
-
-
- Open
-
-
-
- Resolved
-
- links to
-
Commit(master)
openjdk/jdk/401d0d6b
-
Review(master)
openjdk/jdk/21473