C2: segfault while adding node to IGVN worklist

XMLWordPrintable

    • b18
    • b08

        Found by Olivier Mattmann <olivier.mattmann@bluewin.ch> during work on this Master thesis where he is working on a fuzzer for C2.

        The attached testcase segfaults in Node::fast_outs due to a null node during the compilation of the Test.test method while adding a node to the IGVN worklist during macro expansion of an unlock node:
        java-slowdebug Test.java (also reproduces without arguments with fastdebug and release)
        #
        # A fatal error has been detected by the Java Runtime Environment:
        #
        # SIGSEGV (0xb) at pc=0x00007fea6664a730, pid=198863, tid=198872
        #
        # JRE version: Java(TM) SE Runtime Environment (26.0) (slowdebug build 26-internal-mhassig.open)
        # Java VM: Java HotSpot(TM) 64-Bit Server VM (slowdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, serial gc, linux-amd64)
        # Problematic frame:
        # V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18

        Current CompileTask:
        C2:6583 97 !b Test::test (61 bytes)

        Stack: [0x00007fea59b00000,0x00007fea59c00000], sp=0x00007fea59bfaf20, free space=1003k
        Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
        V [libjvm.so+0x64a730] Node::fast_outs(DUIterator_Fast&) const+0x18 (node.hpp:1532)
        V [libjvm.so+0x160d0eb] PhaseIterGVN::add_users_to_worklist0(Node*, Unique_Node_List&)+0x8b (phaseX.cpp:2363)
        V [libjvm.so+0x160d3ec] PhaseIterGVN::add_users_to_worklist(Node*)+0x2a (phaseX.cpp:2390)
        V [libjvm.so+0x6d720d] PhaseIterGVN::replace_node(Node*, Node*)+0x27 (phaseX.hpp:536)
        V [libjvm.so+0x13ed120] PhaseMacroExpand::expand_unlock_node(UnlockNode*)+0x470 (macro.cpp:2302)
        V [libjvm.so+0x13ee677] PhaseMacroExpand::expand_macro_nodes()+0x2b5 (macro.cpp:2587)
        V [libjvm.so+0xa7ee78] Compile::Optimize()+0x1754 (compile.cpp:2545)
        V [libjvm.so+0xa75d19] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x193f (compile.cpp:860)
        V [libjvm.so+0x91f57e] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x4be (c2compiler.cpp:147)
        V [libjvm.so+0xa9f443] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xe01 (compileBroker.cpp:2345)
        V [libjvm.so+0xa9d83c] CompileBroker::compiler_thread_loop()+0x594 (compileBroker.cpp:1989)
        V [libjvm.so+0xac0b11] CompilerThread::thread_entry(JavaThread*, JavaThread*)+0x89 (compilerThread.cpp:69)
        V [libjvm.so+0xf9d020] JavaThread::thread_main_inner()+0x1b2 (javaThread.cpp:771)
        V [libjvm.so+0xf9ce6b] JavaThread::run()+0x1e3 (javaThread.cpp:756)
        V [libjvm.so+0x1895ff9] Thread::call_run()+0x1b9 (thread.cpp:243)
        V [libjvm.so+0x1596689] thread_native_entry(Thread*)+0x1db (os_linux.cpp:883)

        siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x0000000000000020

        The failure was introduced by JDK-8264649 (PR #3336) according t build search. The reproducer is based on compiler/vectorization/TestOffsetSorting.java (https://github.com/openjdk/jdk/blob/aaa9fbf6b5a0dda0773a657a986246b407402fa1/test/hotspot/jtreg/compiler/vectorization/TestOffsetSorting.java) introduced by JDK-8334228.

          1. Test.java
            0.5 kB

              Assignee:
              Kerem Kat
              Reporter:
              Manuel Hässig
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: