Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8229496

SIGFPE (division by zero) in C2 OSR compiled method

    XMLWordPrintable

Details

    • b14
    • Verified

    Backports

      Description

        (provisional synopsis, please change as you see fit)

        Found by fuzzing. Test crashes almost certainly. The bundle is attached. It has a few hs_errs inside.

        $ ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test

        #
        # A fatal error has been detected by the Java Runtime Environment:
        #
        # SIGFPE (0x8) at pc=0x00007fa13c318886, pid=18763, tid=18764
        #
        # JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
        # Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
        # Problematic frame:
        # J 58% c2 Test.vMeth(II)V (362 bytes) @ 0x00007fa13c318886 [0x00007fa13c3186c0+0x00000000000001c6]
        #
        # Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/04170/core.18763)
        #
        # If you would like to submit a bug report, please visit:
        # http://bugreport.java.com/bugreport/crash.jsp
        #

        --------------- S U M M A R Y ------------

        Command Line: Test

        Host: shade-desktop, Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
        Time: Tue Aug 13 21:29:54 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)

        --------------- T H R E A D ---------------

        Current thread (0x00007fa14c023800): JavaThread "main" [_thread_in_Java, id=18764, stack(0x00007fa1560b3000,0x00007fa1561b4000)]

        Stack: [0x00007fa1560b3000,0x00007fa1561b4000], sp=0x00007fa1561b2660, free space=1021k
        Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
        J 58% c2 Test.vMeth(II)V (362 bytes) @ 0x00007fa13c318886 [0x00007fa13c3186c0+0x00000000000001c6]

        Disassembly near SIGFPE shows this:

         33 d2 xor edx,edx
         83 fb ff cmp ebx,0xffffffff
         74 03 je 0x00000032
         99 cdq
         f7 fb idiv ebx ; <--- SIGFPE here (division by zero)
         89 14 24 mov DWORD PTR [rsp],edx
         eb 46 jmp 0x0000007d

        And register maps says divisor is indeed zero:
          RBX=0x0 is NULL

        Attachments

          1. 04170.tar.gz
            266 kB
            Aleksey Shipilev
          2. 8229496-8u.patch
            16 kB
            Roland Westrelin
          3. Test.java
            0.5 kB
            Tobias Hartmann

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8231928 SIGFPE (division by zero) in C2 OSR compiled method

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8241505 SIGFPE (division by zero) in C2 OSR compiled method

            • P2 - Crashes, loss of data, severe memory leak.
            • Resolved

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8231813 SIGFPE (division by zero) in C2 OSR compiled method

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-8230186 C2: SIGFPE in generated code

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-8230671 x86_32 build failures after JDK-8229496

            • P1 - Blocks development and/or testing work, production could not run.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8234906 [TESTBUG] TestDivZeroCheckControl fails for client VMs due to Unrecognized VM option LoopUnrollLimit

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8233656 assert(d->is_CFG() && n->is_CFG()) failed: must have CFG nodes

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8242108 Performance regression after fix for JDK-8229496

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8257822 C2 crashes with SIGFPE due to a division that floats above its zero check

            • P3 - Major loss of function.
            • Resolved

            Bug - A problem which impairs or prevents the functions of the product. JDK-8256003 TestDivZeroCheckControl.java times out

            • P4 - Minor loss of function, or other problem where easy workaround is present.
            • Closed

            Activity

              People

                thartmann Tobias Hartmann
                shade Aleksey Shipilev
                Votes:
                0 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: