JDK-7169782 : C2: SIGSEGV in LShiftLNode::Ideal(PhaseGVN*, bool)
Type:Bug
Component:hotspot
Sub-Component:compiler
Affected Version:hs23
Priority:P3
Status:Closed
Resolution:Fixed
OS:generic
CPU:generic
Submitted:2012-05-17
Updated:2013-07-31
Resolved:2012-06-16
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed. Resolved: Release in which this issue/RFE has been resolved. Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
EVALUATION
The problem is similar to 6732154/6837011: u0 becomes dead during transformation of temp, but then u0 is used for u0v1 construction:
src/share/vm/opto/divnode.cpp:
257 static Node* long_by_long_mulhi(PhaseGVN* phase, Node* dividend, jlong magic_const) {
...
288 Node* u0 = phase->transform(new (phase->C, 3) AndLNode(dividend, phase->longcon(0xFFFFFFFF)));
...
296 Node* w0 = phase->transform(new (phase->C, 3) MulLNode(u0, v0));
...
300 Node* temp = phase->transform(new (phase->C, 3) URShiftLNode(w0, phase->intcon(N / 2)));
...
317 Node* u0v1 = phase->transform(new (phase->C, 3) MulLNode(u0, v1));
During URShiftLNode transformation at divnode.cpp:300, u0 becomes dead, but then at divnode.cpp:317 MulLNode with dependecy on u0 is constructed and it crashes during transformation, trying to traverse u0 users.
28-05-2012
EVALUATION
The problematic part of ideal graph is related to AndLNode (idx=97), produced in Node* long_by_long_mulhi(PhaseGVN*, Node*, jlong):
src/share/vm/opto/divnode.cpp:
288 Node* u0 = phase->transform(new (phase->C, 3) AndLNode(dividend, phase->longcon(0xFFFFFFFF)));
During u0v1 node (MulLNode) transformation, it tries to follow u0's in-edges and hits NULL:
317 Node* u0v1 = phase->transform(new (phase->C, 3) MulLNode(u0, v1));
The following transformation takes place:
MulL(
AndL(
LoadL#24, //dividend
ConL(FFFFFFFF))#97,
ConL (1>>32)#101
)#112
==>
LShiftL(
AndL#97
ConI)
and crash occurs during IterGVN transformation of LShiftL.
dividend: 24 LoadL === _ 7 23 [[ 72 28 67 99 110 ]] @java/lang/Class:exact+112 *, name=var_8, idx=4; #long !jvms: Test::<clinit>
u0 initially looks fine, but got corrupted during temp construction:
300 Node* temp = phase->transform(new (phase->C, 3) URShiftLNode(w0, phase->intcon(N / 2)));
Before temp:
97 AndL === _ 24 96 [[]] !orig=[102]
After temp construction:
97 AndL === _ _ _ [[]] [4800097] !orig=[102]
25-05-2012
EVALUATION
Program received signal SIGSEGV, Segmentation fault.
0xf767d2b0 in LShiftLNode::Ideal (this=0xada10328, phase=0xadbfdb8c, can_reshape=4146260737)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/mulnode.cpp:802
802 int add2_op = add2->Opcode();
(gdb) list
799 // Check for "((x>>c0) & Y)<<c0" which just masks off more low bits
800 if( add1_op == Op_AndL ) {
801 Node *add2 = add1->in(1);
802 int add2_op = add2->Opcode();
803 if( (add2_op == Op_RShiftL || add2_op == Op_URShiftL ) &&
(gdb) p add2
$1 = (Node *) 0x0
(gdb) where
#0 0xf767d2b0 in LShiftLNode::Ideal (this=0xada10328, phase=0xadbfdb8c, can_reshape=4146260737)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/mulnode.cpp:802
#1 0xf770c916 in PhaseIterGVN::transform_old (this=0xadbfdb8c, n=0xada10294)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/phaseX.cpp:1069
#2 0xf770b3e3 in PhaseIterGVN::transform(Node*) (this=0xadbfdb8c) at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/phaseX.cpp:1010
#3 0xf7399290 in long_by_long_mulhi (phase=0xadbfdb8c, dividend=0xada0d570, magic_const=1)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/divnode.cpp:317
#4 0xf7399b59 in transform_long_divide (phase=0xadbfdb8c, dividend=0xada0d570, divisor=4294967295)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/divnode.cpp:411
#5 0xf7399f78 in DivLNode::Ideal(PhaseGVN*, bool) (this=0xada0ed08, phase=0xadbfdb8c, can_reshape=2913143644)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/divnode.cpp:574
#6 0xf770c694 in PhaseIterGVN::transform_old (this=0xadbfdb8c, n=0xada0ed08)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/phaseX.cpp:1029
#7 0xf770e60b in PhaseIterGVN::optimize (this=0xadbfdb8c) at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/phaseX.cpp:903
#8 0xf75fd404 in PhaseIdealLoop::build_and_optimize (this=0xadbfdf44, do_split_ifs=2913141505, skip_loop_opts=4141557760)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/loopnode.cpp:2181
#9 0xf72cd6f1 in PhaseIdealLoop::PhaseIdealLoop(PhaseIterGVN&, bool, bool) (tag=-1379934396)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/gc_implementation/g1/g1ErgoVerbose.hpp:91
#10 0xf72c5138 in Compile::Optimize (this=0xadbfe8d0) at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/compile.cpp:1797
#11 0xf72c937d in Compile::Compile (this=0xadbfe8d0, ci_env=0xadbfee38, compiler=0xae5f5948, target=0xf6d344f8, osr_bci=-1,
subsume_loads=4294967041, do_escape_analysis=4294967041) at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/compile.cpp:769
#12 0xf720eb24 in C2Compiler::compile_method (this=0xae5f5948, env=<incomplete type>, target=0xf6d344f8, entry_bci=-1)
at /set/vmsqe/home/vi158347/hotspot-main/src/share/vm/opto/c2compiler.cpp:130
...