Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8335662

[AArch64] C1: guarantee(val < (1ULL << nbits)) failed: Field too big for insn

XMLWordPrintable

    • b21
    • aarch64

      The ComplexLockingAndMultiThreading.class (encounters bug) has been produced by fuzzing the class-file, from the ComplexLockingAndMultiThreading.java (this runs just fine).

      Reproduces on JDK 22, 23, 24
      Probably older versions are affected by the bug, but for JDK21 the class-file format is too new. See more info below.

      ---------- Summary -------------
      Most likely, the locals table exceeds a certain size, and that creates a much larger offset than expected, which the aarch64 backend is not ready to handle.

      The size of the table is 4100 = 0x1004. The offset is 32824 = 0x8038.

      Most likely, this is an issue in the aarch64 backend, and the encoding must be fixed.
      A similar bug that I had found recently, and is fixed already:
      JDK-8319690: [AArch64] C2 compilation hits offset_ok_for_immed: assert "c2 compiler bug"

      ---------- Reproducing -------------

      java ComplexLockingAndMultiThreading

      debug:
      # Internal Error (/scratch/empeter/jdk-fork1/open/src/hotspot/cpu/aarch64/assembler_aarch64.hpp:548), pid=2672487, tid=2672502
      # assert(offset_ok_for_immed(offset(), size)) failed: must be, was: 32824, 3
      #
      # JRE version: Java(TM) SE Runtime Environment (23.0) (fastdebug build 23-internal-2024-05-22-1101113.empeter...)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-internal-2024-05-22-1101113.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)

      Current CompileTask:
      C1:139 44 %s! 3 ComplexLockingAndMultiThreading::synchronizedMethod @ 23 (74 bytes)

      Stack: [0x0000fffd8cb70000,0x0000fffd8cd70000], sp=0x0000fffd8cd6bae0, free space=2030k
      Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
      V [libjvm.so+0x41d548] Address::encode(Instruction_aarch64*) const+0x348 (assembler_aarch64.hpp:548)
      V [libjvm.so+0x41d988] Assembler::ld_st2(Register, Address const&, int, int, int)+0x1b8
      V [libjvm.so+0x67ed1c] LIR_Assembler::osr_entry()+0x2c8
      V [libjvm.so+0x672f08] LIR_Assembler::emit_lir_list(LIR_List*)+0xf8
      V [libjvm.so+0x6737b0] LIR_Assembler::emit_code(BlockList*)+0x270
      V [libjvm.so+0x61b280] Compilation::emit_code_body()+0x130
      V [libjvm.so+0x61b880] Compilation::compile_java_method()+0x370
      V [libjvm.so+0x61c18c] Compilation::compile_method()+0x1f8
      V [libjvm.so+0x61c7bc] Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, bool, DirectiveSet*)+0x27c
      V [libjvm.so+0x61e568] Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0xa4
      V [libjvm.so+0x8d1b34] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x7d4
      V [libjvm.so+0x8d2674] CompileBroker::compiler_thread_loop()+0x510
      V [libjvm.so+0xd36900] JavaThread::thread_main_inner()+0xcc
      V [libjvm.so+0x159dae0] Thread::call_run()+0xac

      product:
      # Internal Error (assembler_aarch64.hpp:246), pid=2673045, tid=2673064
      # guarantee(val < (1ULL << nbits)) failed: Field too big for insn
      #
      # JRE version: Java(TM) SE Runtime Environment (23.0) (build 23-internal-2024-05-22-1101275.empeter...)
      # Java VM: Java HotSpot(TM) 64-Bit Server VM (23-internal-2024-05-22-1101275.empeter..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)

      Maybe older versions are affected, but for JDK21 the class-file format is too new.
      If you fix this: try to find another reproducer that works further back.

      The only difference between the original and the fuzzed diff seems to be a bit that changes the locals number:

      emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class > a.p
      emanuel@emanuel-oracle:xyz$ vim a.p
      emanuel@emanuel-oracle:xyz$ javap -c -v -p ComplexLockingAndMultiThreading.class.orig.class > b.p
      emanuel@emanuel-oracle:xyz$ diff a.p b.p
      1c1
      < Classfile xyz/ComplexLockingAndMultiThreading.class
      ---
      > Classfile xyz/ComplexLockingAndMultiThreading.class.orig.class
      3c3
      < SHA-256 checksum dd5170690764b6c7e3624a232bfe9632836941aab678e78330ae3676ea5f238d
      ---
      > SHA-256 checksum 8a9e0c859d99f105e28b894cbb328b8ce29afc13f745ed5599045472c8aa7da7
      220c220
      < stack=2, locals=4100, args_size=0
      ---
      > stack=2, locals=4, args_size=0

      ----------------------------------------------------------------------------------

      A part of the task will be to extract a simpler JASM file that reproduces this bug, and to check if it reproduces on older JDK. I tried it quickly, like below, but it did not work:

      java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jdis ComplexLockingAndMultiThreading.class > X.jasm
      (rename class to X)
      java -jar ~/Documents/asmtools-7.0-build/release/lib/asmtools.jar jasm X.jasm
      X.jasm (34:39) Error: Wrong tag: Either Method or InterfaceMethod expected.
      MethodHandle REF_invokeStatic:Method X.lambda$main$0:"()V",
      ^
      1 error

            crakoczy Chad Rakoczy
            epeter Emanuel Peter
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: