United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6736417 Fastdebug C2 crashes in StoreBNode::Ideal
JDK-6736417 : Fastdebug C2 crashes in StoreBNode::Ideal

Details
Type:
Bug
Submit Date:
2008-08-12
Status:
Closed
Updated Date:
2011-03-08
Project Name:
JDK
Resolved Date:
2011-03-08
Component:
hotspot
OS:
linux
Sub-Component:
compiler
CPU:
generic
Priority:
P3
Resolution:
Fixed
Affected Versions:
hs10
Fixed Versions:
hs14 (b04)

Related Reports
Backport:
Backport:

Sub Tasks

Description
Fastdebug C2 crashes in StoreBNode::Ideal at least on linux-i586.

The related stack trace is 
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7de98f5 in raise () from /lib/libc.so.6
#2  0xb7deb1e1 in abort () from /lib/libc.so.6
#3  0x0695436b in os::abort ()
#4  0x06b0d139 in VMError::report_and_die ()
#5  0x0695ac9d in JVM_handle_linux_signal ()
#6  0x069565e0 in signalHandler ()
#7  <signal handler called>
#8  0x068f3b72 in StoreNode::Ideal_masked_input ()
#9  0x068f41cf in StoreBNode::Ideal ()
#10 0x069b00b6 in PhaseIterGVN::transform_old ()
#11 0x069af3d2 in PhaseIterGVN::optimize ()
#12 0x06569781 in Compile::Optimize ()
#13 0x0656549c in Compile::Compile ()
#14 0x064b3d63 in C2Compiler::compile_method ()
#15 0x065738df in CompileBroker::invoke_compiler_on_method ()
#16 0x06572d57 in CompileBroker::compiler_thread_loop ()
#17 0x06aafc8c in JavaThread::thread_main_inner ()
#18 0x06959548 in java_start ()
#19 0xb7f06192 in start_thread () from /lib/libpthread.so.0
#20 0xb7e8302e in clone () from /lib/libc.so.6

                                    

Comments
EVALUATION

Originally I though this was caused by order in which LoadNode::Ideal was called relative to the transforms in LoadBNode::Ideal but I realized that would have hidden this problem but wasn't actually the cause.

I believe the problem is that step_through_mergemem can cause the node to go dead but that isn't being checked for.  The nodes inputs are all killed to NULL in subsume_node and step_through_mergemem return top, so we set the memory to top and reprocess the node.

  if (mem->is_MergeMem()) {
    MergeMemNode* mmem = mem->as_MergeMem();
    const TypePtr *tp = t_adr->is_ptr();

    mem = step_through_mergemem(phase, mmem, tp, adr_type(), tty);
  }

  if (mem != old_mem) {
    set_req(MemNode::Memory, mem);
    return this;
  }

We probably need to detect that outcnt() == 0 and return NodeSentinel.  I think every use of step_through_mergemem including optimize_memory_chain is exposed to the exact same problem.  There also should be an assert that Ideal doesn't return dead nodes.
                                     
2008-08-12
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/ab075d07f1ba
                                     
2008-08-27
SUGGESTED FIX

- Check the result of step_through_mergemem() and remove_dead_region()
methods and stop further transformations if the node become dead.
- Add the assert to transform_old() after the call to Ideal()
to verify that it does not return a dead node.
                                     
2008-08-27



Hardware and Software, Engineered to Work Together