JDK-4979449 : C2 compiler crash in const Type*TypeInstPtr::xmeet
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 1.4.2_03
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_8
  • CPU: generic
  • Submitted: 2004-01-16
  • Updated: 2004-04-28
  • Resolved: 2004-03-23
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
1.4.2_05 05Fixed
Description
customer has run into 2 distinct C2 bugs on 1.4.2_03.
One is 4951940 which is being addressed via esc 550290 

we had a build that addressed two issues
4951940 and 4964653(which this current crash was thought to have been related to)
the second crash is still showing up.

all cores and pstacks are in /net/cores.sfbay/cores/63833451/011504_Logs 

the stack signature of the failing thread is 

-----------------  lwp# 11 / thread# 10  --------------------
__sigprocmask (ff36bf60, 0, 0, b1101d70, ff37e000, 0) + 8
_sigon   (b1101d70, ff385930, 6, b10ffc5c, b1101d70, 6) + d0
_thrp_kill (0, a, 6, ff37e000, a, ff2c0440) + f8
raise    (6, 0, 0, ffffffff, ff2c03ac, 4) + 40
abort    (ff2bc000, b10ffdb0, 0, fffffff8, 4, b10ffdd1) + 100
void os::abort(int)
void report_error(int,const char*,int,const char*,const char*,...)
const Type*TypeInstPtr::xmeet(const Type*)const (38c438, fe582000, fe582000, 7225ac, 0, 0) + 8b4
const Type*CastPPNode::Value(PhaseTransform*)const (722588, b1100d24, 1, 2, 2, d76460) + d0
Node*PhaseIterGVN::transform_old(Node*)
void PhaseIterGVN::optimize()
void Compile::Optimize()
Compile::Compile(ciEnv*,ciScope*,ciMethod*,int,int,int)
void C2Compiler::compile_method(ciEnv*,ciScope*,ciMethod*,int,int)
void CompileBroker::invoke_compiler_on_method(CompileTask*)
void CompileBroker::compiler_thread_loop()
void JavaThread::run()
_start   (ea0a0, ff37f688, 1, 1, ff37e000, 0) + 134
_thread_start (ea0a0, 0, 0, 0, 0, 0) + 40
Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: 1.4.2_05 generic tiger-beta2 FIXED IN: 1.4.2_05 tiger-beta2 INTEGRATED IN: 1.4.2_05 tiger-b44 tiger-beta2 VERIFIED IN: 1.4.2_05
14-06-2004
EVALUATION The following code is aborting via typerr: 2296 case AryPtr: { // All arrays inherit from Object class 2297 const TypeAryPtr *tp = t->is_aryptr(); 2298 int offset = meet_offset(tp->offset()); 2299 PTR ptr = meet_ptr(tp->ptr()); 2300 switch (ptr) { 2301 case TopPTR: 2302 case AnyNull: // Fall 'down' to dual of object klass 2303 if (klass()->equals(ciEnv::current()->Object_klass())) { 2304 return TypeAryPtr::make(ptr, tp->ary(), tp->klass(), tp->klass_is_exact(), offset); 2305 } else { 2306 // cannot subclass, so the meet has to fall badly below the centerline 2307 ptr = NotNull; 2308 return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset); 2309 } 2310 case NotNull: 2311 case BotPTR: // Fall down to object klass 2312 // LCA is object_klass, but if we subclass from the top we can do better 2313 if( above_centerline(_ptr) ) { 2314 // If 'tp' is above the centerline then we can subclass in the 2315 // Java class heirarchy 2316 if (klass()->equals(ciEnv::current()->Object_klass())) { 2317 // that is, tp's array type is a subtype of my klass 2318 return TypeAryPtr::make(ptr, tp->ary(), tp->klass(), tp->klass_is_exact(), offset); 2319 } 2320 } 2321 // The other case cannot happen, since I cannot be a subtype of an array. 2322 // if( _ptr == TopPTR || _ptr == AnyNull ) ... 2323 return make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset ); 2324 default: typerr(t); 2325 } 2326 } Continuing to examine the code and data. ###@###.### 2004-01-20 The abort is apparently due to the following value [h/chrisph/4979449:DBX] x 0xfe5db28c-0x94/X 0xfe5db1f8: Bytecodes::_result_type+0x0310: 0x0000000e in the type value returned by 2299 PTR ptr = meet_ptr(tp->ptr()); 2300 switch (ptr) { ###@###.### 2004-01-21 Fastdebug : Aborts as follows: Error mixing types: java/lang/String:exact * and long:long:9223372036854775807--9223372036854775808[int:2147483647-0]:An yNull:exact* # To suppress the following error report, specify this argument # after -XX: or in .hotspotrc: SuppressErrorAt=/type.cpp:670 # # HotSpot Virtual Machine Error, Internal Error # Please report this error at # http://java.sun.com/cgi-bin/bugreport.cgi # # Java VM: Java HotSpot(TM) Server VM (1.4.2_04_fix_05+4951940+4964653_chrisphi_2004.02.11_13:50-debug mixed mode) # # ShouldNotReachHere() # # Error ID: /net/altair.east/terra/space5/chrisph/4951940/ws/src/share/vm/opto/type.cpp, 670 [ Patched ] # # Problematic Thread: prio=5 tid=0x00125f18 nid=0xb runnable # in essentially the same place: =>[6] os::abort(dump_core = ???) (optimized), at 0xfd891d2c (line ~1323) in "os_solaris.cpp" [7] report_error(is_vm_internal_error = ???, file_name = ???, line_no = ???, title = ???, format = ???, ...) (optimized), at 0xfd3e5ba4 (line ~460) in "debug.cpp" [8] TypeInstPtr::xmeet(this = ???, t = ???) (optimized), at 0xfda5c028 (line ~2548) in "type.cpp" [9] Type::meet(this = ???, t = ???) (optimized), at 0xfda537c4 (line ~467) in "type.cpp" [10] CastPPNode::Value(this = ???, phase = ???) (optimized), at 0xfd3cf0a0 (line ~392) in "connode.cpp" [11] PhaseIterGVN::transform_old(this = ???, n = ???) (optimized), at 0xfd914ee4 (line ~1013) in "phaseX.cpp" [12] PhaseIterGVN::optimize(this = ???) (optimized), at 0xfd913d80 (line ~879) in "phaseX.cpp" [13] Compile::Optimize(this = ???) (optimized), at 0xfd387350 (line ~1383) in "compile.cpp" [14] Compile::Compile(this = ???, ci_env = ???, ci_scope = ???, target = ???, osr_bci = ???, subsume_loads = ???, comp_level = ???) (optimized), at 0xfd382228 (line ~486) in "compile.cpp" [15] C2Compiler::compile_method(this = ???, env = ???, scope = ???, target = ???, entry_bci = ???, comp_lev = ???) (optimized), at 0xfd29af7c (line ~45) in "c2compiler.cpp" [16] CompileBroker::invoke_compiler_on_method(task = ???) (optimized), at 0xfd3958a8 (line ~1608) in "compileBroker.cpp" [17] CompileBroker::compiler_thread_loop() (optimized), at 0xfd393ec0 (line ~1401) in "compileBroker.cpp" [18] JavaThread::thread_main_inner(this = ???) (optimized), at 0xfda35a10 (line ~1141) in "thread.cpp" [19] _start(data = ???) (optimized), at 0xfd890140 (line ~746) in "os_solaris.cpp" Note the code compiles fine when inlining is turned off: print compilation output: ******************************************************************************** {method} - klass: {other class} - method holder: 'com/timetra/nms/server/generated/log/pso/PsoLogRecord' - constants: {constant pool} - access: 0x81300004 protected - name: 'validatePeriodicTime' - signature: '(J)V' - max stack: 4 - max locals: 3 - size of params: 3 - method size: 34 - vtable index: 284 - exceptions: [I - code size: 11 - code start: 0xf19a19e0 - code end (excl): 0xf19a19eb - method data: 0xf4f5a238 - checked ex length: 0 - linenumber start: 0xf19a19eb - localvar length: 2 - localvar start: 0xf19a19f2 # # void ( com/timetra/nms/server/generated/log/imp/ImpLogRecord:NotNull *, long, half ) # #r048 R_I0 : parm 0: com/timetra/nms/server/generated/log/imp/ImpLogRecord:NotNull * #r018 R_G1:R_G1H : parm 1: long #r149 R_SP+124: old out preserve #r148 R_SP+120: old out preserve #r147 R_SP+116: old out preserve #r146 R_SP+112: old out preserve #r145 R_SP+108: old out preserve #r144 R_SP+104: old out preserve #r143 R_SP+100: old out preserve #r142 R_SP+96: old out preserve #r141 R_SP+92: old out preserve #r140 R_SP+88: old out preserve #r139 R_SP+84: old out preserve #r138 R_SP+80: old out preserve #r137 R_SP+76: old out preserve #r136 R_SP+72: old out preserve #r135 R_SP+68: old out preserve #r134 R_SP+64: old out preserve # -- Old R_SP -- Framesize: 64 -- #r165 R_SP+60: new out preserve #r164 R_SP+56: new out preserve #r163 R_SP+52: new out preserve #r162 R_SP+48: new out preserve #r161 R_SP+44: new out preserve #r160 R_SP+40: new out preserve #r159 R_SP+36: new out preserve #r158 R_SP+32: new out preserve #r157 R_SP+28: new out preserve #r156 R_SP+24: new out preserve #r155 R_SP+20: new out preserve #r154 R_SP+16: new out preserve #r153 R_SP+12: new out preserve #r152 R_SP+ 8: new out preserve #r151 R_SP+ 4: new out preserve #r150 R_SP+ 0: new out preserve # 000 N54: # B1 <- BLOCK HEAD IS JUNK Freq: 159.563 000 UEP: LDUW [R_O0 + oopDesc::klass_offset_in_bytes],R_G5 ! Inline cache check CMP R_G5,R_G3 Tne icc,R_G0+ST_RESERVED_FOR_USER_0+2 NOP # Pad for loops 010 B1: # B5 B2 <- BLOCK HEAD IS JUNK Freq: 159.563 010 ! bang stack SAVE R_SP,-64,R_SP 01c CALL,static ; NOP ==> com.timetra.nms.server.generated.log.pso.PsoLogRecord::wrapPeriodicTime # com.timetra.nms.server.generated.log.pso.PsoLogRecord::validatePeriodicTime @ bci:4 L0=_ L1=_ L2=_ STK0=R_I0 STK1=#Ptr0x005d7ee0 # R_I0=Oop 024 024 B2: # B4 B3 <- B1 Freq: 159.56 024 + MOV R_O0,R_O2 028 + SET java/lang/String:exact *,R_O1 !ptr 030 + MOV R_I0,R_O0 034 CALL,static ; NOP ==> com.timetra.nms.server.core.ManagedObject::validatePropertyValue # com.timetra.nms.server.generated.log.pso.PsoLogRecord::validatePeriodicTime @ bci:7 L0=_ L1=_ L2=_ # 03c 03c B3: # N54 <- B2 Freq: 159.557 03c RESTORE 040 + RET ; NOP 040 048 B4: # B6 <- B2 Freq: 0.0015956 048 # exception oop is in R_O0; no code emitted 048 + MOV R_O0,R_I0 04c + BA B6 04c 054 B5: # B6 <- B1 Freq: 0.00159563 054 # exception oop is in R_O0; no code emitted 054 + MOV R_O0,R_I0 054 058 B6: # N54 <- B5 B4 Freq: 0.00319124 058 RESTORE 05c + JMP rethrow_stub 05c ******************************************************************************** Is this possibly related to 4911268 / 4971124 ? ###@###.### 2004-03-03 It is definitely not 4971124. ###@###.### 2004-03-03 ###@###.### 2004-03-09 There is problem with processing of CheckCastPPNode's type when input value's type is constant pointer. ###@###.### 2004-03-15 The customer's application crash because of C2 doesn't process the legal case when meet_ptr(AryPtr->ptr(),InstPtr->ptr())==Constant. C2 treats it as error. We need to fix CheckCastPPNode::Value() and *::xmeet() methods.
11-06-2004
SUGGESTED FIX ###@###.### 2004-03-15 http://analemma.sfbay.sun.com/net/prt-archiver.sfbay/export2/archived_workspaces/main/c2_baseline/2004/20040312184925.kvn.4895131/workspace/webrevs/webrev-2004.03.12/index.html src/share/vm/opto/connode.cpp *************** *** 430,436 **** // Then return the interface. const TypeOopPtr *jptr = my_type->isa_oopptr(); assert( jptr, "" ); ! return jptr->klass()->is_interface() ? my_type->cast_to_ptr_type( TypePtr::NotNull ) : in_type; } else { --- 430,436 ---- // Then return the interface. const TypeOopPtr *jptr = my_type->isa_oopptr(); assert( jptr, "" ); ! return (jptr->klass()->is_interface() || !in_type->higher_equal(_type)) ? my_type->cast_to_ptr_type( TypePtr::NotNull ) : in_type; } else { src/share/vm/opto/type.cpp *************** *** 2297,2308 **** ptr = NotNull; return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset); } case NotNull: case BotPTR: // Fall down to object klass // LCA is object_klass, but if we subclass from the top we can do better ! if( above_centerline(_ptr) ) { ! // If 'tp' is above the centerline then we can subclass in the ! // Java class heirarchy if (klass()->equals(ciEnv::current()->Object_klass())) { // that is, tp's array type is a subtype of my klass return TypeAryPtr::make(ptr, tp->ary(), tp->klass(), tp->klass_is_exact(), offset); --- 2297,2309 ---- ptr = NotNull; return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset); } + case Constant: case NotNull: case BotPTR: // Fall down to object klass // LCA is object_klass, but if we subclass from the top we can do better ! if( above_centerline(_ptr) ) { // if( _ptr == TopPTR || _ptr == AnyNull ) ! // If 'this' (InstPtr) is above the centerline and it is Object class ! // then we can subclass in the Java class heirarchy. if (klass()->equals(ciEnv::current()->Object_klass())) { // that is, tp's array type is a subtype of my klass return TypeAryPtr::make(ptr, tp->ary(), tp->klass(), tp->klass_is_exact(), offset); *************** *** 2309,2315 **** } } // The other case cannot happen, since I cannot be a subtype of an array. ! // if( _ptr == TopPTR || _ptr == AnyNull ) ... return make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset ); default: typerr(t); } --- 2310,2318 ---- } } // The other case cannot happen, since I cannot be a subtype of an array. ! // The meet falls down to Object class below centerline. ! if( ptr == Constant ) ! ptr = NotNull; return make( ptr, ciEnv::current()->Object_klass(), false, NULL, offset ); default: typerr(t); } *************** *** 2709,2715 **** switch (tp->ptr()) { case TopPTR: case AnyNull: ! return make(ptr, NULL, _ary, _klass, _klass_is_exact, offset); case BotPTR: case NotNull: return TypeOopPtr::make(ptr, offset); --- 2712,2718 ---- switch (tp->ptr()) { case TopPTR: case AnyNull: ! return make(ptr, (ptr == Constant ? const_oop() : NULL), _ary, _klass, _klass_is_exact, offset); case BotPTR: case NotNull: return TypeOopPtr::make(ptr, offset); *************** *** 2731,2737 **** case Null: if( ptr == Null ) return TypePtr::make(AnyPtr, ptr, offset); case AnyNull: ! return make( ptr, NULL, _ary, _klass, _klass_is_exact, offset ); default: ShouldNotReachHere(); } } --- 2734,2740 ---- case Null: if( ptr == Null ) return TypePtr::make(AnyPtr, ptr, offset); case AnyNull: ! return make( ptr, (ptr == Constant ? const_oop() : NULL), _ary, _klass, _klass_is_exact, offset ); default: ShouldNotReachHere(); } } *************** *** 2806,2824 **** ptr = NotNull; return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL,offset); } case NotNull: case BotPTR: // Fall down to object klass // LCA is object_klass, but if we subclass from the top we can do better if (above_centerline(tp->ptr())) { ! // If 'tp' is above the centerline then we can subclass in the ! // Java class heirarchy if( tp->klass()->equals(ciEnv::current()->Object_klass()) ) { ! // that is, tp's array type is a subtype of my klass return make( ptr, _ary, _klass, _klass_is_exact, offset ); } } // The other case cannot happen, since t cannot be a subtype of an array. ! // if (above_centerline(tp->ptr()) return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL,offset); default: typerr(t); } --- 2809,2830 ---- ptr = NotNull; return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL,offset); } + case Constant: case NotNull: case BotPTR: // Fall down to object klass // LCA is object_klass, but if we subclass from the top we can do better if (above_centerline(tp->ptr())) { ! // If 'tp' is above the centerline and it is Object class ! // then we can subclass in the Java class heirarchy. if( tp->klass()->equals(ciEnv::current()->Object_klass()) ) { ! // that is, my array type is a subtype of 'tp' klass return make( ptr, _ary, _klass, _klass_is_exact, offset ); } } // The other case cannot happen, since t cannot be a subtype of an array. ! // The meet falls down to Object class below centerline. ! if( ptr == Constant ) ! ptr = NotNull; return TypeInstPtr::make( ptr, ciEnv::current()->Object_klass(), false, NULL,offset); default: typerr(t); }
11-06-2004