United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6837011 SIGSEGV in PhaseIdealLoop in 32bit jvm
JDK-6837011 : SIGSEGV in PhaseIdealLoop in 32bit jvm

Details
Type:
Bug
Submit Date:
2009-05-04
Status:
Closed
Updated Date:
2011-03-08
Project Name:
JDK
Resolved Date:
2011-03-08
Component:
hotspot
OS:
generic
Sub-Component:
compiler
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
hs15
Fixed Versions:
hs16 (b03)

Related Reports
Backport:
Backport:
Relates:
Relates:
Relates:

Sub Tasks

Description
The following test crashes with SIGSEGV when running with "-server -Xcomp" using using 32bit jvm
(on all 32bit platforms - solaris, linux, sparc. didn't try on windows). 

=== Tester.java ===
class Tester {
    static boolean var_3 = true;

    public static void main(String[] args)
    {
        double var_5;
        char var_7 = 1;
        double var_11 = 0;

        do
        {
            var_11++;
            var_5 = (var_7 /= ( var_3 ? ~1L : 3 ) );
        } while (var_11 < 1);

        System.out.println("PASSED");
    }
}
===================

hs_err output  is the following:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xfe4b6aef, pid=18397, tid=9
#
# JRE version: 7.0-b57
# Java VM: Java HotSpot(TM) Server VM (16.0-b02 compiled mode solaris-x86 )
# Problematic frame:
# V  [libjvm.so+0xb6aef]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x08141800):  JavaThread "CompilerThread0" daemon [_thread_in_native, id=9, stack(0xb77580
00,0xb77d8000)]

siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0x0000001c;;

Registers:
EAX=0x081e3b24, EBX=0xfecb8000, ECX=0xb77d65c0, EDX=0x00000000
ESP=0xb77d5c50, EBP=0xb77d5c98, ESI=0x00000000, EDI=0x00000004
EIP=0xfe4b6aef, EFLAGS=0x00010246

Top of Stack: (sp=0xb77d5c50)
0xb77d5c50:   081e27dc 00000000 0816fa00 0816f9f0
0xb77d5c60:   0816f924 081e2af0 b77d65d0 081e2e6d
0xb77d5c70:   00000006 00000006 00000002 081e2e6c
0xb77d5c80:   0816fa30 00000000 00000010 00000004
0xb77d5c90:   00000000 fecb8000 b77d5cd8 fe4b759f
0xb77d5ca0:   b77d65c0 081e3b00 b77d5cd8 fe4b758a
0xb77d5cb0:   b77d5da0 00000085 b77d5cd8 fea0f2aa
0xb77d5cc0:   081e09a0 08169b48 b77d5d08 00000004

Instructions: (pc=0xfe4b6aef)
0xfe4b6adf:   00 00 89 45 e0 e9 9d 00 00 00 8b 50 04 8b 4d 08
0xfe4b6aef:   8b 42 1c 8b 71 14 3b c6 72 04 33 c0 eb 06 8b 79
;; fe4b6adf 00 00                   add    %al,(%eax)
;; fe4b6ae1 89 45 e0                mov    %eax,0xffffffe0(%ebp)
;; fe4b6ae4 e9 9d 00 00 00          jmp    0xfe4b6b86
;; fe4b6ae9 8b 50 04                mov    0x4(%eax),%edx
;; fe4b6aec 8b 4d 08                mov    0x8(%ebp),%ecx
;; ---------------
;; fe4b6aef 8b 42 1c                mov    0x1c(%edx),%eax
;; fe4b6af2 8b 71 14                mov    0x14(%ecx),%esi
;; fe4b6af5 3b c6                   cmp    %esi,%eax
;; fe4b6af7 72 04                   jb     0xfe4b6afd
;; fe4b6af9 33 c0                   xor    %eax,%eax
;; fe4b6afb eb 06                   jmp    0xfe4b6b03
;; fe4b6afd 8b 79 ff                mov    0xffffffff(%ecx),%edi
;;
Stack: [0xb7758000,0xb77d8000],  sp=0xb77d5c50,  free space=1f7b77d8000k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xb6aef];;  Node*PhaseIdealLoop::get_early_ctrl(Node*)+0xe3
V  [libjvm.so+0xb759f];;  void PhaseIdealLoop::set_early_ctrl(Node*)+0x23
V  [libjvm.so+0x15942a];;  void PhaseIdealLoop::build_loop_early(VectorSet&,Node_List&,Node_Stack&,const P
haseIdealLoop*)+0x37e
V  [libjvm.so+0x5c73b4];;  PhaseIdealLoop::PhaseIdealLoop(PhaseIterGVN&,const PhaseIdealLoop*,bool)+0x8f8
V  [libjvm.so+0x186107];;  void Compile::Optimize()+0x1fb
V  [libjvm.so+0x39f67e];;  Compile::Compile(ciEnv*,C2Compiler*,ciMethod*,int,bool,bool)+0xaf6
V  [libjvm.so+0x1824df];;  void C2Compiler::compile_method(ciEnv*,ciMethod*,int)+0x93
V  [libjvm.so+0x182b21];;  void CompileBroker::invoke_compiler_on_method(CompileTask*)+0x4a9
V  [libjvm.so+0x1ea164];;  void CompileBroker::compiler_thread_loop()+0x3b0
V  [libjvm.so+0x1ec754];;  void compiler_thread_entry(JavaThread*,Thread*)+0x18
V  [libjvm.so+0x1b1179];;  void JavaThread::thread_main_inner()+0x51
V  [libjvm.so+0x1b111c];;  void JavaThread::run()+0x19c
V  [libjvm.so+0x62567d];;  java_start+0x10d
C  [libc.so.1+0xa3a81];;  _thr_setup+0x4e
C  [libc.so.1+0xa3d70];;  _lwp_start+0x0


Current CompileTask:
C2:423   b  Tester.main([Ljava/lang/String;)V (43 bytes)

                                    

Comments
EVALUATION

Introduced with changes for 6800154.
I verified that previous pushd passed 2009-02-06-213531.kvn.6791852
and the pushd for 6800154 failed:

intelsdv21% bin/java -Xcomp -server Tester
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xfe34c287, pid=4437, tid=15
#
# JRE version: 7.0-b52
# Java VM: OpenJDK Server VM (15.0-b01-2009-02-16-081218.ct232829.6800154-jvmg compiled mode solaris-x86 )
# Problematic frame:
# V  [libjvm.so+0x54c287]
                                     
2009-05-04
EVALUATION

Somewhere in the compiler both inputs get cleared, and I still don't know where:

t@9 (l@9) stopped in long_by_long_mulhi at line 291 in file "divnode.cpp"
  291     Node* t    = phase->transform(new (phase->C, 3) AddLNode(u1v0, temp));
(dbx) print temp
temp = 0x81be7e0
(dbx) print temp->_in[0..2] 
temp->_in[0..2] = 
[0] = (nil)
[1] = 0x81be710
[2] = 0x81be608
(dbx) c
t@9 (l@9) signal SEGV (no mapping at the fault address) in PhaseIdealLoop::has_node at line 530 in file "loopnode.hpp"
  530     bool has_node( Node* n ) const { return _nodes[n->_idx] != NULL; }
(dbx) fr 3
Current function is PhaseIdealLoop::get_early_ctrl
   65       early = get_ctrl(n->in(1));
(dbx) p n
n = 0x81be7e0
(dbx) print n->_in[0..2]    
n->_in[0..2] = 
[0] = (nil)
[1] = (nil)
[2] = (nil)

I just wonder why this happens only with 32-bits.
                                     
2009-05-05
EVALUATION

The original fix for 6732154 only worked if the RShiftL was transformed before the AndL and 6800154 reversed them.  The transform of the AndL can return t and that causes the problem.  Swapping the two transforms (w1 and w2) fixes the problem.
                                     
2009-05-06
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/cecd04fc6f93
                                     
2009-05-07
EVALUATION

Approved for JDK 7 M3 build 3.
                                     
2009-05-07



Hardware and Software, Engineered to Work Together