JDK-6736417 : Fastdebug C2 crashes in StoreBNode::Ideal
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: hs10
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: linux
  • CPU: generic
  • Submitted: 2008-08-12
  • Updated: 2011-03-08
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u14Fixed 7Fixed hs14Fixed
Description
Fastdebug C2 crashes in StoreBNode::Ideal at least on linux-i586.

The related stack trace is 
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb7de98f5 in raise () from /lib/libc.so.6
#2  0xb7deb1e1 in abort () from /lib/libc.so.6
#3  0x0695436b in os::abort ()
#4  0x06b0d139 in VMError::report_and_die ()
#5  0x0695ac9d in JVM_handle_linux_signal ()
#6  0x069565e0 in signalHandler ()
#7  <signal handler called>
#8  0x068f3b72 in StoreNode::Ideal_masked_input ()
#9  0x068f41cf in StoreBNode::Ideal ()
#10 0x069b00b6 in PhaseIterGVN::transform_old ()
#11 0x069af3d2 in PhaseIterGVN::optimize ()
#12 0x06569781 in Compile::Optimize ()
#13 0x0656549c in Compile::Compile ()
#14 0x064b3d63 in C2Compiler::compile_method ()
#15 0x065738df in CompileBroker::invoke_compiler_on_method ()
#16 0x06572d57 in CompileBroker::compiler_thread_loop ()
#17 0x06aafc8c in JavaThread::thread_main_inner ()
#18 0x06959548 in java_start ()
#19 0xb7f06192 in start_thread () from /lib/libpthread.so.0
#20 0xb7e8302e in clone () from /lib/libc.so.6
Comments
SUGGESTED FIX - Check the result of step_through_mergemem() and remove_dead_region() methods and stop further transformations if the node become dead. - Add the assert to transform_old() after the call to Ideal() to verify that it does not return a dead node.
27-08-2008
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/ab075d07f1ba
27-08-2008
EVALUATION Originally I though this was caused by order in which LoadNode::Ideal was called relative to the transforms in LoadBNode::Ideal but I realized that would have hidden this problem but wasn't actually the cause. I believe the problem is that step_through_mergemem can cause the node to go dead but that isn't being checked for. The nodes inputs are all killed to NULL in subsume_node and step_through_mergemem return top, so we set the memory to top and reprocess the node. if (mem->is_MergeMem()) { MergeMemNode* mmem = mem->as_MergeMem(); const TypePtr *tp = t_adr->is_ptr(); mem = step_through_mergemem(phase, mmem, tp, adr_type(), tty); } if (mem != old_mem) { set_req(MemNode::Memory, mem); return this; } We probably need to detect that outcnt() == 0 and return NodeSentinel. I think every use of step_through_mergemem including optimize_memory_chain is exposed to the exact same problem. There also should be an assert that Ideal doesn't return dead nodes.
12-08-2008