JDK-8058828 : Wrong ciConstant type for arrays from ConstantPool::_resolved_reference
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8u40,9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2014-09-19
  • Updated: 2017-08-24
  • Resolved: 2014-10-01
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 8 JDK 9
8u40Fixed 9 b35Fixed
Description
Staring form 8u40-b06 following crash may happen:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/tmp/jprt/T1/140126.ctornqvi/s/src/share/vm/c1/c1_GraphBuilder.cpp:890), pid=9025, tid=18
#  assert(obj->is_instance()) failed: must be java_mirror of klass
#
# JRE version: Java(TM) SE Runtime Environment (8.0_40-b06) (build 1.8.0_40-ea-fastdebug-b06)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.40-b11-internal-201409171401.ctornqvi.hs-8u40-fastdebug compiled mode solaris-sparc compressed oops)
# Core dump written. Default location: /export/local/aurora/sandbox/results/ResultDir/compiledTargetInStackTrace_copy_1/core or core.9025
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.sun.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x0000000100491800):  JavaThread "C1 CompilerThread3" daemon [_thread_in_native, id=18, stack(0xffffffff5ab00000,0xffffffff5ac00000)]

Stack: [0xffffffff5ab00000,0xffffffff5ac00000],  sp=0xffffffff5abfdaf0,  free space=1014k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x12e5020]  void VMError::report_and_die()+0x588
V  [libjvm.so+0x760cc0]  void report_vm_error(const char*,int,const char*,const char*)+0x78
V  [libjvm.so+0x448774]  void GraphBuilder::load_constant()+0x56c
V  [libjvm.so+0x45b8c0]  BlockEnd*GraphBuilder::iterate_bytecodes_for_block(int)+0x14c8
V  [libjvm.so+0x45dba4]  void GraphBuilder::iterate_all_blocks(bool)+0xfc
V  [libjvm.so+0x461400]  GraphBuilder::GraphBuilder #Nvariant 1(Compilation*,IRScope*)+0x828
V  [libjvm.so+0x473c60]  BlockBegin*IRScope::build_graph(Compilation*,int)+0x30
V  [libjvm.so+0x473fa8]  IRScope::IRScope #Nvariant 1(Compilation*,IRScope*,int,ciMethod*,int,bool)+0x2d8
V  [libjvm.so+0x4746e0]  IR::IR(Compilation*,ciMethod*,int)+0xb8
V  [libjvm.so+0x434774]  void Compilation::build_hir()+0x16c
V  [libjvm.so+0x436140]  int Compilation::compile_java_method()+0x2d8
V  [libjvm.so+0x4368b4]  void Compilation::compile_method()+0xac
V  [libjvm.so+0x437454]  Compilation::Compilation(AbstractCompiler*,ciEnv*,ciMethod*,int,BufferBlob*)+0x2ec
V  [libjvm.so+0x43a38c]  void Compiler::compile_method(ciEnv*,ciMethod*,int)+0x12c
V  [libjvm.so+0x6d0618]  void CompileBroker::invoke_compiler_on_method(CompileTask*)+0x590
V  [libjvm.so+0x6cfa74]  void CompileBroker::compiler_thread_loop()+0x4cc
V  [libjvm.so+0x12271b0]  void JavaThread::thread_main_inner()+0x268
V  [libjvm.so+0x1226ecc]  void JavaThread::run()+0x414
V  [libjvm.so+0xf90da8]  java_start+0x258
C  [libc.so.1+0xe25fc]  _lwp_start+0x8


Current CompileTask:
C1:  68040 6101    b  3       java.lang.invoke.LambdaForm$MH/863831416::collect (19 bytes)


I was not able to reproduce issue with 8u40-b05 and previous 8u releases.
With product bits nothing bad happens, so it could be just an incorrect assert.
Comments
Suggested fix: diff --git a/src/share/vm/ci/ciEnv.cpp b/src/share/vm/ci/ciEnv.cpp --- a/src/share/vm/ci/ciEnv.cpp +++ b/src/share/vm/ci/ciEnv.cpp @@ -579,7 +579,11 @@ oop obj = cpool->resolved_references()->obj_at(cache_index); if (obj != NULL) { ciObject* ciobj = get_object(obj); - return ciConstant(T_OBJECT, ciobj); + if (ciobj->is_array()) { + return ciConstant(T_ARRAY, ciobj); + } else { + return ciConstant(T_OBJECT, ciobj); + } } index = cpool->object_to_cp_index(cache_index); }
30-09-2014
Problematic constant pool entry: - 12 : String : a 'java/lang/Object'[0] {0x718556048}
30-09-2014
ciEnv::get_constant_by_index_impl computes wrong type for cpPatch of array type: if (cache_index >= 0) { assert(index < 0, "only one kind of index at a time"); oop obj = cpool->resolved_references()->obj_at(cache_index); if (obj != NULL) { ciObject* ciobj = get_object(obj); return ciConstant(T_OBJECT, ciobj); } index = cpool->object_to_cp_index(cache_index); } obj could be an array (T_ARRAY), but constant's type is always T_OBJECT.
30-09-2014
(gdb) call 'ciObject::get_oop() const'(obj) $16 = (oopDesc *) 0x718556048 (gdb) call pp($16) "Executing pp" [Ljava.lang.Object; - klass: 'java/lang/Object'[] - length: 0 (gdb) call 'ciMethod::print_codes()'(callee) 0 fast_aldc <pseudo-string> 2 checkcast 14 <[Ljava/lang/Object;> 0 bci: 2 ReceiverTypeData count(0) entries(1) 'java/lang/Object'[](17024 1.00) 5 astore #7 7 fast_aldc <pseudo-string> 9 checkcast 18 <java/lang/invoke/MethodHandle> 48 bci: 9 ReceiverTypeData count(0) entries(1) 'java/lang/invoke/SimpleMethodHandle'(17024 1.00) 12 aload #7 14 checkcast 14 <[Ljava/lang/Object;> 96 bci: 14 ReceiverTypeData count(0) entries(1) 'java/lang/Object'[](17024 1.00) 17 invokehandle 22 <java/lang/invoke/MethodHandle.invokeBasic(Ljava/lang/Object;)Ljava/lang/Object;> 144 bci: 17 VirtualCallData count(17024) entries(0) argument types 0: stack(1) 'java/lang/Object'[] return type 'java/lang/Object' 20 areturn (gdb) frame #6 0x00007f25b34e7a2c in GraphBuilder::iterate_bytecodes_for_block (this=0x7f25027e6010, bci=0) at /scratch/vlivanov/jdk9-dev/hotspot/src/share/vm/c1/c1_GraphBuilder.cpp:2624 2624 case Bytecodes::_ldc2_w : load_constant(); break; (gdb) info locals s = {<StackObj> = {<AllocatedObj> = {_vptr.AllocatedObj = 0x7f25b46b3950}, <No data fields>}, _method = 0x7f24d8179ab0, _holder = 0x7f24d8179b90, _bc_start = 0x7f24d817af50 <incomplete sequence \345>, _was_wide = 0x0, _table_base = 0x300000003, _start = 0x7f24d817af50 <incomplete sequence \345>, _end = 0x7f24d817af63 "\253\253\253\253\253\253\253\253\253\253\253\253\253\200\257\027\330$\177", _pc = 0x7f24d817af52 "\300", _bc = Bytecodes::_ldc, _raw_bc = Bytecodes::_fast_aldc} prev_bci = 0 push_exception = false end = 0x7f25027e5dd0 log = 0x0 code = Bytecodes::_ldc (gdb) call 'ConstantPool::print_on(outputStream*) const'($11, tty) {constant pool} - holder: 0x00000007c00d5c30 - cache: 0x00007f259a5e8e60 - resolved_references: 0x0000000719e2a4e8 - reference_map: 0x00007f259a5e8e90 - 1 : Utf8 : 'java/lang/invoke/LambdaForm$MH' - 2 : Class : 'java/lang/invoke/LambdaForm$MH' {0x7c00d5c30} - 3 : Utf8 : 'java/lang/Object' - 4 : Unresolved Class : 'java/lang/Object' - 5 : Utf8 : 'LambdaForm$MH' - 6 : Utf8 : 'collect' - 7 : Utf8 : '(Ljava/lang/Object;)Ljava/lang/Object;' - 8 : Utf8 : 'Ljava/lang/invoke/LambdaForm$Hidden;' - 9 : Utf8 : 'Ljava/lang/invoke/LambdaForm$Compiled;' - 10 : Utf8 : 'Ljava/lang/invoke/ForceInline;' - 11 : Utf8 : 'CONSTANT_PLACEHOLDER_0' - 12 : String : a 'java/lang/Object'[0] {0x718556048} - 13 : Utf8 : '[Ljava/lang/Object;' - 14 : Class : 'java/lang/Object'[] {0x7c0010dd0} - 15 : Utf8 : 'CONSTANT_PLACEHOLDER_1' - 16 : String : a 'java/lang/invoke/SimpleMethodHandle' {0x719a20c70} - 17 : Utf8 : 'java/lang/invoke/MethodHandle' - 18 : Class : 'java/lang/invoke/MethodHandle' {0x7c000b2b8} - 19 : Utf8 : 'invokeBasic' - 20 : NameAndType : name_index=19 signature_index=7 - 21 : Method : klass_index=18 name_and_type_index=20 - 22 : Utf8 : 'Code' - 23 : Utf8 : 'RuntimeVisibleAnnotations' - 24 : Utf8 : 'SourceFile'
30-09-2014
I have the hs_err and replay files if that would help.
30-09-2014
Hi, I had a similar problem when running the octane benchmarks on top of 9.0-b32. # # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/HUDSON/workspace/9-2-build-linux-amd64/jdk9/1371/hotspot/src/share/vm/ci/ciTypeFlow.cpp:733), pid=5699, tid=140505161594624 # assert(obj->is_instance()) failed: must be java_mirror of klass # # JRE version: Java(TM) SE Runtime Environment (9.0-b32) (build 1.9.0-ea-fastdebug-b32) # Java VM: Java HotSpot(TM) 64-Bit Server VM (1.9.0-ea-fastdebug-b32 mixed mode linux-amd64 compressed oops) # Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again # # If you would like to submit a bug report, please visit: # http://bugreport.sun.com/bugreport/crash.jsp # --------------- T H R E A D --------------- Current thread (0x00007fca04149800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=5709, stack(0x00007fc9e82ef000,0x00007fc9e83f0000)] Stack: [0x00007fc9e82ef000,0x00007fc9e83f0000], sp=0x00007fc9e83eb2b0, free space=1008k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x1077101] VMError::report_and_die()+0x151 V [libjvm.so+0x73534b] report_vm_error(char const*, int, char const*, char const*)+0x7b V [libjvm.so+0x622fff] ciTypeFlow::StateVector::do_ldc(ciBytecodeStream*)+0xdf V [libjvm.so+0x6237c3] ciTypeFlow::StateVector::apply_one_bytecode(ciBytecodeStream*)+0x323 V [libjvm.so+0x6274b8] ciTypeFlow::flow_block(ciTypeFlow::Block*, ciTypeFlow::StateVector*, ciTypeFlow::JsrSet*)+0x178 V [libjvm.so+0x628861] ciTypeFlow::df_flow_types(ciTypeFlow::Block*, bool, ciTypeFlow::StateVector*, ciTypeFlow::JsrSet*)+0x431 V [libjvm.so+0x628c85] ciTypeFlow::flow_types()+0x2d5 V [libjvm.so+0x628f56] ciTypeFlow::do_flow()+0x26 V [libjvm.so+0x5e6c15] ciMethod::get_flow_analysis()+0xb5 V [libjvm.so+0x46bcb9] InlineTree::check_can_parse(ciMethod*)+0x79 V [libjvm.so+0x46dea7] InlineTree::ok_to_inline(ciMethod*, JVMState*, ciCallProfile&, WarmCallInfo*, bool&)+0xe7 V [libjvm.so+0x7d2b6a] Compile::call_generator(ciMethod*, int, bool, JVMState*, bool, float, ciKlass*, bool, bool)+0xbea V [libjvm.so+0x58bb57] CallGenerator::for_method_handle_inline(JVMState*, ciMethod*, ciMethod*, bool&)+0x727 V [libjvm.so+0x58c36d] CallGenerator::for_method_handle_call(JVMState*, ciMethod*, ciMethod*, bool)+0x4d V [libjvm.so+0x7d238a] Compile::call_generator(ciMethod*, int, bool, JVMState*, bool, float, ciKlass*, bool, bool)+0x40a V [libjvm.so+0x7d33e8] Parse::do_call()+0x2f8 V [libjvm.so+0xe21375] Parse::do_one_bytecode()+0x6a5 V [libjvm.so+0xe15e3e] Parse::do_one_block()+0x3ee V [libjvm.so+0xe16bb6] Parse::do_all_blocks()+0x116 V [libjvm.so+0xe18c11] Parse::Parse(JVMState*, ciMethod*, float)+0xc81 V [libjvm.so+0x585d16] ParseGenerator::generate(JVMState*)+0x146 V [libjvm.so+0x7d34da] Parse::do_call()+0x3ea V [libjvm.so+0xe21375] Parse::do_one_bytecode()+0x6a5 V [libjvm.so+0xe15e3e] Parse::do_one_block()+0x3ee V [libjvm.so+0xe16bb6] Parse::do_all_blocks()+0x116 V [libjvm.so+0xe18c11] Parse::Parse(JVMState*, ciMethod*, float)+0xc81 V [libjvm.so+0x585d16] ParseGenerator::generate(JVMState*)+0x146 V [libjvm.so+0x7d34da] Parse::do_call()+0x3ea V [libjvm.so+0xe21375] Parse::do_one_bytecode()+0x6a5 V [libjvm.so+0xe15e3e] Parse::do_one_block()+0x3ee V [libjvm.so+0xe16bb6] Parse::do_all_blocks()+0x116 V [libjvm.so+0xe18c11] Parse::Parse(JVMState*, ciMethod*, float)+0xc81 V [libjvm.so+0x585d16] ParseGenerator::generate(JVMState*)+0x146 V [libjvm.so+0x6acb87] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool)+0xfa7 V [libjvm.so+0x5848df] C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0x28f V [libjvm.so+0x6b891a] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x4ba V [libjvm.so+0x6b9f78] CompileBroker::compiler_thread_loop()+0x528 V [libjvm.so+0xff2cf4] JavaThread::thread_main_inner()+0x1d4 V [libjvm.so+0xff2fd1] JavaThread::run()+0x251 V [libjvm.so+0xdc8192] java_start(Thread*)+0xf2 C [libpthread.so.0+0x8182] start_thread+0xc2 Command line output: zmajo@zmajo-ThinkPad-X230:~/Documents/repos/octane-benchmark-read-only$ time ../../jdks/jdk1.9.0-x64-debug-b32/fastdebug/bin/jjs -J-X\ X:ReservedCodeCacheSize=134217728 -J-XX:+PrintCodeCache run.js Richards: 16.6 DeltaBlue: 29.1 Crypto: 159 RayTrace: 140 EarleyBoyer: 221 RegExp: 57.3 Splay: 376 SplayLatency: 52.7 NavierStokes: 392 PdfJS: 27.4 Mandreel: 13.5 MandreelLatency: 24.9 Gameboy: 55.1 CodeLoad: 7.66 ... error appears.
30-09-2014
ILW=crash in c1, one test, none + nighty = HLH=P2
23-09-2014
We hit similar assert in ciTypeFlow::StateVector::do_ldc: # # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/opt/jprt/T/P1/175024.cccheung/s/src/share/vm/ci/ciTypeFlow.cpp:733), pid=7210, tid=2520443712 # assert(obj->is_instance()) failed: must be java_mirror of klass # # JRE version: Java(TM) SE Runtime Environment (8.0_40-b06) (build 1.8.0_40-ea-fastdebug-b06) # Java VM: Java HotSpot(TM) Server VM (25.40-b12-internal-201409191750.cccheung.8u40-hs-fastdebug mixed mode linux-x86 ) # Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again # # If you would like to submit a bug report, please visit: # http://bugreport.sun.com/bugreport/crash.jsp # --------------- T H R E A D --------------- Current thread (0xb5ec3800): JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=7219, stack(0x9632e000,0x963af000)] Stack: [0x9632e000,0x963af000], sp=0x963a4ba0, free space=474k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0xe14f2b] VMError::report_and_die()+0x17b V [libjvm.so+0x5f7848] report_vm_error(char const*, int, char const*, char const*)+0x68 V [libjvm.so+0x4f56c7] ciTypeFlow::StateVector::do_ldc(ciBytecodeStream*)+0x107 V [libjvm.so+0x4f6e0a] ciTypeFlow::StateVector::apply_one_bytecode(ciBytecodeStream*)+0x108a V [libjvm.so+0x4f720a] ciTypeFlow::flow_block(ciTypeFlow::Block*, ciTypeFlow::StateVector*, ciTypeFlow::JsrSet*)+0x34a V [libjvm.so+0x4f79aa] ciTypeFlow::df_flow_types(ciTypeFlow::Block*, bool, ciTypeFlow::StateVector*, ciTypeFlow::JsrSet*)+0x44a V [libjvm.so+0x4f8804] ciTypeFlow::flow_types()+0x234 V [libjvm.so+0x4f8a8c] ciTypeFlow::do_flow()+0x2c V [libjvm.so+0x4b7308] ciMethod::get_flow_analysis()+0x68 V [libjvm.so+0x36d359] InlineTree::ok_to_inline(ciMethod*, JVMState*, ciCallProfile&, WarmCallInfo*, bool&)+0x1e9 V [libjvm.so+0x691d31] Compile::call_generator(ciMethod*, int, bool, JVMState*, bool, float, ciKlass*, bool, bool)+0xa11 V [libjvm.so+0x464b4a] CallGenerator::for_method_handle_inline(JVMState*, ciMethod*, ciMethod*, bool&)+0x1ca V [libjvm.so+0x4651f0] CallGenerator::for_method_handle_call(JVMState*, ciMethod*, ciMethod*, bool)+0x40 V [libjvm.so+0x691697] Compile::call_generator(ciMethod*, int, bool, JVMState*, bool, float, ciKlass*, bool, bool)+0x377 V [libjvm.so+0x6944a5] Parse::do_call()+0x295 V [libjvm.so+0xc1b451] Parse::do_one_bytecode()+0x3851 V [libjvm.so+0xc0db7e] Parse::do_one_block()+0x52e V [libjvm.so+0xc0e381] Parse::do_all_blocks()+0x1a1 V [libjvm.so+0xc0fd5a] Parse::Parse(JVMState*, ciMethod*, float)+0xc4a V [libjvm.so+0x464502] ParseGenerator::generate(JVMState*)+0x92 ... V [libjvm.so+0x6945f6] Parse::do_call()+0x3e6 V [libjvm.so+0xc1b451] Parse::do_one_bytecode()+0x3851 ...<more frames>... Current CompileTask: C2: 13215 1149 4 java.lang.invoke.LambdaForm$MH/22360249::collect (25 bytes) --------------- P R O C E S S --------------- Java Threads: ( => current thread ) 0x96058000 JavaThread "Service Thread" daemon [_thread_blocked, id=7221, stack(0x9612e000,0x9617f000)] 0xb5ec5800 JavaThread "C1 CompilerThread1" daemon [_thread_in_native, id=7220, stack(0x9617f000,0x96200000)] =>0xb5ec3800 JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=7219, stack(0x9632e000,0x963af000)] 0xb5ec1c00 JavaThread "Signal Dispatcher" daemon [_thread_blocked, id=7218, stack(0x963af000,0x96400000)] 0xb5e98000 JavaThread "Finalizer" daemon [_thread_blocked, id=7217, stack(0x96514000,0x96565000)] 0xb5e95000 JavaThread "Reference Handler" daemon [_thread_blocked, id=7216, stack(0x96565000,0x965b6000)] 0xb5e08c00 JavaThread "main" [_thread_in_Java, id=7212, stack(0xb5f88000,0xb5fd9000)]
22-09-2014
Test passed with 9-b31.
19-09-2014
I'm trying to reproduce the crash with JDK9 at the moment.
19-09-2014