JDK-6866651 : Regression: simple int sum crashes jvm (build 1.6.0_14-b08 and 1.7.0-ea-b59)
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 6u10
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: linux
  • CPU: x86
  • Submitted: 2009-07-29
  • Updated: 2011-03-08
  • Resolved: 2011-03-08
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 6 JDK 7 Other
6u21Fixed 7Fixed hs17Fixed
Description
FULL PRODUCT VERSION :
java version "1.6.0_14"
Java(TM) SE Runtime Environment (build 1.6.0_14-b08)
Java HotSpot(TM) 64-Bit Server VM (build 14.0-b16, mixed mode)

AND

java version "1.7.0-ea"
Java(TM) SE Runtime Environment (build 1.7.0-ea-b59)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b03, mixed mode)



FULL OS VERSION :
Linux 2.6.18-128.1.14.el5 #1 SMP Wed Jun 17 06:38:05 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux

AND

Linux  2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 x86_64 x86_64 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
I have a loop summing integers.  In previous versions and builds of the JVM this returned the correct answer of 1. As of build 1.6.0_14-b08 it crashes the JVM.  Because it does not crash when I use -Xint it looks like this is a JIT problem.

I have verified the failure on 2 machines.


THE PROBLEM WAS REPRODUCIBLE WITH -Xint FLAG: No

THE PROBLEM WAS REPRODUCIBLE WITH -server FLAG: Yes

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Run the attached class.  In my experience it will crash at least 80% of the time.

EXPECTED VERSUS ACTUAL BEHAVIOR :
Expected output is two lines, each containing the character 1:

$ java Crash.java
1
1

Actual output:

$ java Crash
1
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00002b1d96ff2793, pid=32558, tid=1091856704
#
# JRE version: 6.0_14-b08
# Java VM: Java HotSpot(TM) 64-Bit Server VM (14.0-b16 mixed mode linux-amd64 )
# Problematic frame:
# V  [libjvm.so+0x1bd793]
#
# An error report file with more information is saved as:
# /home2/sean/hs_err_pid32558.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
Aborted

Actual trace file included below


Also, same failure on another machine:

everest[sean]:~> /usr/local/java/jdk1.7.0/bin/java -cp . Crash
1
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00002acc101779b5, pid=17621, tid=1119455552
#
# JRE version: 7.0-b59
# Java VM: Java HotSpot(TM) 64-Bit Server VM (16.0-b03 mixed mode linux-amd64 )
# Problematic frame:
# V  [libjvm.so+0x1eb9b5]
#
# An error report file with more information is saved as:
# /home/sean/hs_err_pid17621.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#
Aborted

ERROR MESSAGES/STACK TRACES THAT OCCUR :

hs_err_pidNNNN.log contents removed - they are too large
for the bug reporting tool.

REPRODUCIBILITY :
This bug can be reproduced often.

---------- BEGIN SOURCE ----------
public class Crash {

  static int sum() {
    int s = 0;
    for (int x = 1, y = 0; x != 0; x++, y--) {
      s ^= y;
    }
    return s;
  }

  public static void main(final String[] args) {
    for (int k = 0; k < 2; k++) {
      System.err.println(String.valueOf(sum()));
    }
  }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Use older JVM, such as jdk1.6.0_13
Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/662f330d7275
17-08-2009