-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
P3
-
Affects Version/s: 27
-
Component/s: hotspot
After the submission of the fix for JDK-8372634, we're seeing relatively rare, but reproducible, crashes in C2 when compiling some Kotlin methods.
Unfortunately, we don't yet have a compact repro to share, as our current test case is quite large.
With a release build, the crash manifests itself with a SEGV in:
PC: @ 0x7f7de0225870 (unknown) PhaseIterGVN::add_users_to_worklist()
In fastdebug, this assert triggers:
# Internal Error (src/hotspot/share/opto/multnode.cpp:104), pid=9114, tid=9133
# assert((Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2) failed: bad if #1
JDK-8372634 sharpens type information in C2 by mining instance_of checks. The change enables early local C2 optimizations during parsing to potentially eliminate the false case of If nodes. The optimization leaves SubTypeCheckNodes in an unexpected state before they are expanded by the eliminate_macro_nodes function.
Briefly, the original C2 node might look like this:
822 If === 788 821 [[ 823 824 ]] P=0.900000, C=-1.000000 !jvms: ReferenceUtilsKt::toReferenceImpl @ bci:3 (line 61) ReferenceUtilsKt::toReference @ bci:26 (line 33) KaFirResolver::toKtCallInfo @ bci:393 (line 346)
but with the change, is simplified to have only one output, like this:
1652 If === 877 1664 [[ 1627 ]] P=0.100000, C=-1.000000 !orig=[822] !jvms: ReferenceUtilsKt::toReferenceImpl @ bci:3 (line 61) ReferenceUtilsKt::toReference @ bci:26 (line 33) KaFirResolver::toKtCallInfo @ bci:393 (line 346)
Note that the latter has only one output, which causes the crash when eliminate_macro_nodes calls expand_subtypecheck_node.
Unfortunately, we don't yet have a compact repro to share, as our current test case is quite large.
With a release build, the crash manifests itself with a SEGV in:
PC: @ 0x7f7de0225870 (unknown) PhaseIterGVN::add_users_to_worklist()
In fastdebug, this assert triggers:
# Internal Error (src/hotspot/share/opto/multnode.cpp:104), pid=9114, tid=9133
# assert((Opcode() != Op_If && Opcode() != Op_RangeCheck) || outcnt() == 2) failed: bad if #1
Briefly, the original C2 node might look like this:
822 If === 788 821 [[ 823 824 ]] P=0.900000, C=-1.000000 !jvms: ReferenceUtilsKt::toReferenceImpl @ bci:3 (line 61) ReferenceUtilsKt::toReference @ bci:26 (line 33) KaFirResolver::toKtCallInfo @ bci:393 (line 346)
but with the change, is simplified to have only one output, like this:
1652 If === 877 1664 [[ 1627 ]] P=0.100000, C=-1.000000 !orig=[822] !jvms: ReferenceUtilsKt::toReferenceImpl @ bci:3 (line 61) ReferenceUtilsKt::toReference @ bci:26 (line 33) KaFirResolver::toKtCallInfo @ bci:393 (line 346)
Note that the latter has only one output, which causes the crash when eliminate_macro_nodes calls expand_subtypecheck_node.
- relates to
-
JDK-8372634 C2: Materialize type information from instanceof checks
-
- Resolved
-