-
Type:
Bug
-
Resolution: Fixed
-
Priority:
P3
-
Affects Version/s: 26
-
Component/s: hotspot
-
b26
It looks like a regression from JDK-8324751, where we add aliasing runtime checks.
VTransform::add_speculative_check
Inserts a runtime check before at the ParsePredicate that is before the pre-loop. For this, it requires the pre_init value, which is available before the pre loop. In most cases, it is also already available before the ParsePredicate, but in rare cases that assumption does not hold. In the fuzzer case, there is a CastII pinning the pre_init value after the ParsePredicate for the auto vectorization check. If we use that value and insert a runtime check before the ParsePredicate, then that leads to a circular graph, hence a "bad graph" assert.
See also the attached images below, especially img2 and img3.
Solution Idea:
We may have to improve our checks, and not just check that the values we use are pre-loop independent, but also available before the ParsePredicate for the Auto_Vectorization_Check.
We need to look at places like:
VPointer::can_make_speculative_aliasing_check_with
--------------------- Original Report -----------------------
java -XX:CompileCommand=quiet -XX:CompileCommand=compileonly,Test::mainTest -XX:RepeatCompilation=100 -XX:-TieredCompilation -Xcomp -XX:+StressLoopPeeling Test.java
Bad graph detected in build_loop_late
n: 5762 Bool === _ 5761 [[ 5713 ]] [ne]
early(n): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1): 5761 CmpI === _ 5760 38 [[ 5762 ]]
early(n->in(1)): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1)->in(1): 5760 OrI === _ 5813 5815 [[ 5761 ]]
early(n->in(1)->in(1)): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1)->in(2): 38 ConI === 0 [[ 57 93 1667 190 1431 765 513 146 146 157 157 168 168 179 179 190 503 493 1783 350 483 473 1444 310 310 320 320 330 330 340 340 350 1385 1396 1427 1440 1868 1323 606 616 1869 626 566 636 2265 1218 1239 1254 1203 1869 3119 1431 5761 5813 5815 5695 5808 5806 5235 ]] #int:0
early(n->in(1)->in(2)): 0 Root === 0 150 161 172 183 194 1207 314 324 334 344 354 5521 477 487 497 507 517 610 620 630 640 2565 3067 1328 3141 1327 1243 1258 2520 3220 5510 1222 3056 3045 3187 4933 2542 2366 3175 2127 2139 2150 2161 2173 2184 2195 2206 2287 2587 4922 2321 2333 4623 4955 2988 3000 3011 3022 3034 4096 4601 4944 4134 4448 4459 [[ 0 1 3 22 1318 24 25 26 27 28 29 1292 31 32 33 1169 36 38 1151 40 1135 42 2654 46 1034 1032 930 53 866 858 81 848 85 846 89 1322 124 145 156 167 178 189 2637 232 255 271 272 287 821 782 779 454 455 456 459 461 773 556 762 593 736 735 2628 2023 2021 1693 1600 1457 1584 1477 1464 2723 2791 2840 2841 3378 3379 3407 3408 3409 3411 3412 3413 3425 3434 3437 3438 3453 3454 3455 4066 4074 4081 4139 4140 4142 4153 4170 4183 4184 4336 4437 4638 4685 4695 4698 4700 4710 4712 4961 4972 4978 5318 5634 5771 5787 5788 5790 5823 5825 5837 5840 5842 5847 5852 ]]
LCA(n): 1905 IfTrue === 1904 [[ 5713 5733 ]] #1
n->out(0): 5713 If === 1905 5762 [[ 5714 5715 ]] P=0.999999, C=-1.000000
n->out(0)->out(0): 5714 IfTrue === 5713 [[ 1896 ]] #1
n->out(0)->out(1): 5715 IfFalse === 5713 [[ 1894 ]] #0
idoms of early "1897 IfTrue":
idom[3]: 1905 IfTrue
idom[2]: 5713 If
idom[1]: 5714 IfTrue
idom[0]: 1896 ParsePredicate
n: 1897 IfTrue
idoms of (wrong) LCA "1905 IfTrue":
n: 1905 IfTrue
Real LCA of early "1897 IfTrue" (idom[3]) and wrong LCA "1905 IfTrue":
1905 IfTrue === 1904 [[ 5713 5733 ]] #1
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (workspace/open/src/hotspot/share/opto/loopnode.cpp:6851), pid=3656089, tid=3656108
# assert(false) failed: Bad graph detected in build_loop_late
#
# JRE version: Java(TM) SE Runtime Environment (26.0+23) (fastdebug build 26-ea+23-2304)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-ea+23-2304, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
# Problematic frame:
# V [libjvm.so+0x1322d28] PhaseIdealLoop::build_loop_late_post_work(Node*, bool)+0x888
Current CompileTask:
C2:185 5 !b Test::mainTest (650 bytes)
Stack: [0x0000ffff89bf4000,0x0000ffff89df2000], sp=0x0000ffff89dec4f0, free space=2017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1322d28] PhaseIdealLoop::build_loop_late_post_work(Node*, bool)+0x888 (loopnode.cpp:6851)
V [libjvm.so+0x1322f08] PhaseIdealLoop::build_loop_late(VectorSet&, Node_List&, Node_Stack&)+0x19c (loopnode.cpp:6718)
V [libjvm.so+0x1323770] PhaseIdealLoop::build_and_optimize()+0x610 (loopnode.cpp:5111)
V [libjvm.so+0x9c64e0] PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x340 (loopnode.hpp:1233)
V [libjvm.so+0x9be9e8] Compile::optimize_loops(PhaseIterGVN&, LoopOptsMode)+0x88 (compile.cpp:2262)
V [libjvm.so+0x9c0e78] Compile::Optimize()+0xa70 (compile.cpp:2511)
V [libjvm.so+0x9c3450] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x16a4 (compile.cpp:860)
V [libjvm.so+0x7ee880] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x2dc (c2compiler.cpp:147)
V [libjvm.so+0x9d216c] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xb08 (compileBroker.cpp:2345)
V [libjvm.so+0x9d3098] CompileBroker::compiler_thread_loop()+0x638 (compileBroker.cpp:1989)
V [libjvm.so+0xed4268] JavaThread::thread_main_inner()+0x108 (javaThread.cpp:771)
V [libjvm.so+0x184a73c] Thread::call_run()+0xac (thread.cpp:243)
V [libjvm.so+0x15288fc] thread_native_entry(Thread*)+0x12c (os_linux.cpp:883)
C [libc.so.6+0x80b50] start_thread+0x300
VTransform::add_speculative_check
Inserts a runtime check before at the ParsePredicate that is before the pre-loop. For this, it requires the pre_init value, which is available before the pre loop. In most cases, it is also already available before the ParsePredicate, but in rare cases that assumption does not hold. In the fuzzer case, there is a CastII pinning the pre_init value after the ParsePredicate for the auto vectorization check. If we use that value and insert a runtime check before the ParsePredicate, then that leads to a circular graph, hence a "bad graph" assert.
See also the attached images below, especially img2 and img3.
Solution Idea:
We may have to improve our checks, and not just check that the values we use are pre-loop independent, but also available before the ParsePredicate for the Auto_Vectorization_Check.
We need to look at places like:
VPointer::can_make_speculative_aliasing_check_with
--------------------- Original Report -----------------------
java -XX:CompileCommand=quiet -XX:CompileCommand=compileonly,Test::mainTest -XX:RepeatCompilation=100 -XX:-TieredCompilation -Xcomp -XX:+StressLoopPeeling Test.java
Bad graph detected in build_loop_late
n: 5762 Bool === _ 5761 [[ 5713 ]] [ne]
early(n): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1): 5761 CmpI === _ 5760 38 [[ 5762 ]]
early(n->in(1)): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1)->in(1): 5760 OrI === _ 5813 5815 [[ 5761 ]]
early(n->in(1)->in(1)): 1897 IfTrue === 1896 [[ 2445 2584 2464 2607 2458 2456 2452 2450 ]] #1 !orig=[2482],950 !jvms: Test::mainTest @ bci:125 (line 137)
n->in(1)->in(2): 38 ConI === 0 [[ 57 93 1667 190 1431 765 513 146 146 157 157 168 168 179 179 190 503 493 1783 350 483 473 1444 310 310 320 320 330 330 340 340 350 1385 1396 1427 1440 1868 1323 606 616 1869 626 566 636 2265 1218 1239 1254 1203 1869 3119 1431 5761 5813 5815 5695 5808 5806 5235 ]] #int:0
early(n->in(1)->in(2)): 0 Root === 0 150 161 172 183 194 1207 314 324 334 344 354 5521 477 487 497 507 517 610 620 630 640 2565 3067 1328 3141 1327 1243 1258 2520 3220 5510 1222 3056 3045 3187 4933 2542 2366 3175 2127 2139 2150 2161 2173 2184 2195 2206 2287 2587 4922 2321 2333 4623 4955 2988 3000 3011 3022 3034 4096 4601 4944 4134 4448 4459 [[ 0 1 3 22 1318 24 25 26 27 28 29 1292 31 32 33 1169 36 38 1151 40 1135 42 2654 46 1034 1032 930 53 866 858 81 848 85 846 89 1322 124 145 156 167 178 189 2637 232 255 271 272 287 821 782 779 454 455 456 459 461 773 556 762 593 736 735 2628 2023 2021 1693 1600 1457 1584 1477 1464 2723 2791 2840 2841 3378 3379 3407 3408 3409 3411 3412 3413 3425 3434 3437 3438 3453 3454 3455 4066 4074 4081 4139 4140 4142 4153 4170 4183 4184 4336 4437 4638 4685 4695 4698 4700 4710 4712 4961 4972 4978 5318 5634 5771 5787 5788 5790 5823 5825 5837 5840 5842 5847 5852 ]]
LCA(n): 1905 IfTrue === 1904 [[ 5713 5733 ]] #1
n->out(0): 5713 If === 1905 5762 [[ 5714 5715 ]] P=0.999999, C=-1.000000
n->out(0)->out(0): 5714 IfTrue === 5713 [[ 1896 ]] #1
n->out(0)->out(1): 5715 IfFalse === 5713 [[ 1894 ]] #0
idoms of early "1897 IfTrue":
idom[3]: 1905 IfTrue
idom[2]: 5713 If
idom[1]: 5714 IfTrue
idom[0]: 1896 ParsePredicate
n: 1897 IfTrue
idoms of (wrong) LCA "1905 IfTrue":
n: 1905 IfTrue
Real LCA of early "1897 IfTrue" (idom[3]) and wrong LCA "1905 IfTrue":
1905 IfTrue === 1904 [[ 5713 5733 ]] #1
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (workspace/open/src/hotspot/share/opto/loopnode.cpp:6851), pid=3656089, tid=3656108
# assert(false) failed: Bad graph detected in build_loop_late
#
# JRE version: Java(TM) SE Runtime Environment (26.0+23) (fastdebug build 26-ea+23-2304)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 26-ea+23-2304, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
# Problematic frame:
# V [libjvm.so+0x1322d28] PhaseIdealLoop::build_loop_late_post_work(Node*, bool)+0x888
Current CompileTask:
C2:185 5 !b Test::mainTest (650 bytes)
Stack: [0x0000ffff89bf4000,0x0000ffff89df2000], sp=0x0000ffff89dec4f0, free space=2017k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V [libjvm.so+0x1322d28] PhaseIdealLoop::build_loop_late_post_work(Node*, bool)+0x888 (loopnode.cpp:6851)
V [libjvm.so+0x1322f08] PhaseIdealLoop::build_loop_late(VectorSet&, Node_List&, Node_Stack&)+0x19c (loopnode.cpp:6718)
V [libjvm.so+0x1323770] PhaseIdealLoop::build_and_optimize()+0x610 (loopnode.cpp:5111)
V [libjvm.so+0x9c64e0] PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x340 (loopnode.hpp:1233)
V [libjvm.so+0x9be9e8] Compile::optimize_loops(PhaseIterGVN&, LoopOptsMode)+0x88 (compile.cpp:2262)
V [libjvm.so+0x9c0e78] Compile::Optimize()+0xa70 (compile.cpp:2511)
V [libjvm.so+0x9c3450] Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x16a4 (compile.cpp:860)
V [libjvm.so+0x7ee880] C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x2dc (c2compiler.cpp:147)
V [libjvm.so+0x9d216c] CompileBroker::invoke_compiler_on_method(CompileTask*)+0xb08 (compileBroker.cpp:2345)
V [libjvm.so+0x9d3098] CompileBroker::compiler_thread_loop()+0x638 (compileBroker.cpp:1989)
V [libjvm.so+0xed4268] JavaThread::thread_main_inner()+0x108 (javaThread.cpp:771)
V [libjvm.so+0x184a73c] Thread::call_run()+0xac (thread.cpp:243)
V [libjvm.so+0x15288fc] thread_native_entry(Thread*)+0x12c (os_linux.cpp:883)
C [libc.so.6+0x80b50] start_thread+0x300
- caused by
-
JDK-8324751 C2 SuperWord: Aliasing Analysis runtime check
-
- Resolved
-
- causes
-
-
- Open
-
-
-
- New
-
- relates to
-
-
- Open
-
- links to
-
Commit(master)
openjdk/jdk/e3a08558
-
Review(master)
openjdk/jdk/28449
(1 links to)