-
Bug
-
Resolution: Unresolved
-
P3
-
16
Found by Olivier Mattmann <olivier.mattmann@bluewin.ch> during work on this Master thesis where he is working on a fuzzer for C2 (JDK-8370562).
The attached testcase segfaults without any arguments in PhaseIdealLoop::verify_strip_mined_scheduling with fast/slowdebug builds and in OuterStripMinedLoopNode::remove_outer_loop_and_safepoint or OuterStripMinedLoopNode::adjust_strip_mined_loop with a release builds from different versions. At least for the debug builds the segfault occurs because OuterStripMinedLoopNode::outer_loop_end returns nullptr and the result is not checked before further use. This is probably also the case for the release crashes, since the affected functions use the offending method.
java-fastdebug -Xbatch -XX:-TieredCompilation -XX:CompileCommand=printcompilation,\*,\* -XX:CompileCommand=compileonly,Test.test Test.java
CompileCommand: PrintCompilation *.* bool PrintCompilation = true
CompileCommand: compileonly Test.test bool compileonly = true
2954 102 b Test::test (62 bytes)
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fa9d0383ef8, pid=831013, tid=831028
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (fastdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1583ef8] PhaseIdealLoop::verify_strip_mined_scheduling(Node*, Node*)+0x278
#
# An error report file with more information is saved as:
#hs_err_fastdebug.log
java-26 Test.java
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f7ac29349c8, pid=831730, tid=831753
#
# JRE version: Java(TM) SE Runtime Environment (26.0+21) (build 26-ea+21-2168)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (26-ea+21-2168, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xd349c8] OuterStripMinedLoopNode::adjust_strip_mined_loop(PhaseIterGVN*)+0x228
#
# An error report file with more information is saved as:
# hs_err_26.log
Build search determined that this bug was introduced withJDK-8223051.
The reproducer was derived from compiler/vectorization/TestOffsetSorting.java.
The attached testcase segfaults without any arguments in PhaseIdealLoop::verify_strip_mined_scheduling with fast/slowdebug builds and in OuterStripMinedLoopNode::remove_outer_loop_and_safepoint or OuterStripMinedLoopNode::adjust_strip_mined_loop with a release builds from different versions. At least for the debug builds the segfault occurs because OuterStripMinedLoopNode::outer_loop_end returns nullptr and the result is not checked before further use. This is probably also the case for the release crashes, since the affected functions use the offending method.
java-fastdebug -Xbatch -XX:-TieredCompilation -XX:CompileCommand=printcompilation,\*,\* -XX:CompileCommand=compileonly,Test.test Test.java
CompileCommand: PrintCompilation *.* bool PrintCompilation = true
CompileCommand: compileonly Test.test bool compileonly = true
2954 102 b Test::test (62 bytes)
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007fa9d0383ef8, pid=831013, tid=831028
#
# JRE version: Java(TM) SE Runtime Environment (26.0) (fastdebug build 26-internal-mhassig.open)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-internal-mhassig.open, mixed mode, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0x1583ef8] PhaseIdealLoop::verify_strip_mined_scheduling(Node*, Node*)+0x278
#
# An error report file with more information is saved as:
#hs_err_fastdebug.log
java-26 Test.java
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00007f7ac29349c8, pid=831730, tid=831753
#
# JRE version: Java(TM) SE Runtime Environment (26.0+21) (build 26-ea+21-2168)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (26-ea+21-2168, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V [libjvm.so+0xd349c8] OuterStripMinedLoopNode::adjust_strip_mined_loop(PhaseIterGVN*)+0x228
#
# An error report file with more information is saved as:
# hs_err_26.log
Build search determined that this bug was introduced with
The reproducer was derived from compiler/vectorization/TestOffsetSorting.java.
- caused by
-
JDK-8223051 support loops with long (64b) trip counts
-
- Resolved
-
- relates to
-
-
- Open
-