JDK-8164954 : split_if creates empty phi and region nodes
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2016-08-29
  • Updated: 2019-09-13
  • Resolved: 2017-03-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 10 JDK 8 JDK 9
10Fixed 8u162Fixed 9 b162Fixed
Related Reports
Duplicate :  
Hotspot PIT testing, happened once on Mac OS X x64
Bugs with this assertion have been fixed a number of times JDK-8143307, JDK-8066775, JDK-8066045, JDK-8027444

# A fatal error has been detected by the Java Runtime Environment:
#  Internal Error (/opt/jprt/T/P1/170438.amurillo/s/hotspot/src/share/vm/opto/node.hpp:363), pid=74713, tid=30723
#  assert(i < _max) failed: oob: i=1, _max=1
# JRE version: Java(TM) SE Runtime Environment (9.0) (fastdebug build 9-internal+0-2016-08-26-170438.amurillo.jdk9-hs-2016-08-26-snapshot)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 9-internal+0-2016-08-26-170438.amurillo.jdk9-hs-2016-08-26-snapshot, compiled mode, compressed oops, g1 gc, bsd-amd64)
# Core dump will be written. Default location: /cores/core.74713
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp

---------------  S U M M A R Y ------------

Command Line: -Dtest.src=/export/local/aurora/CommonData/j2se_jdk/jdk/test/java/lang/invoke -Dtest.src.path=/export/local/aurora/CommonData/j2se_jdk/jdk/test/java/lang/invoke:/export/local/aurora/CommonData/j2se_jdk/jdk/test/lib/testlibrary:/export/local/aurora/CommonData/j2se_jdk/jdk/test/lib/testlibrary/jsr292 -Dtest.classes=/export/local/aurora/sandbox/results/workDir/classes/2/java/lang/invoke -Dtest.class.path=/export/local/aurora/sandbox/results/workDir/classes/2/java/lang/invoke:/export/local/aurora/sandbox/results/workDir/classes/2/lib/testlibrary:/export/local/aurora/sandbox/results/workDir/classes/2/lib/testlibrary/jsr292 -Dtest.vm.opts= -Dtest.tool.vm.opts= -Dtest.compiler.opts= -Dtest.java.opts=-Xcomp -Xcomp -XX:MaxRAMFraction=8 -XX:+CreateCoredumpOnCrash -ea -esa -XX:CompileThreshold=100 -XX:+UnlockExperimentalVMOptions -server -XX:-TieredCompilation -XX:+IgnoreUnrecognizedVMOptions -XX:+DeoptimizeALot -Dtest.jdk=/export/local/aurora/CommonData/TEST_JAVA_HOME -Dcompile.jdk=/export/local/aurora/CommonData/TEST_JAVA_HOME -Dtest.timeout.factor=16.0 -Dtest.nativepath=/export/local/aurora/sandbox/JTREG_NATIVEPATH_LIBRARY_PREPARED -Xcomp -Xcomp -XX:MaxRAMFraction=8 -XX:+CreateCoredumpOnCrash -ea -esa -XX:CompileThreshold=100 -XX:+UnlockExperimentalVMOptions -XX:-TieredCompilation -XX:+IgnoreUnrecognizedVMOptions -XX:+DeoptimizeALot -Djava.library.path=/export/local/aurora/sandbox/JTREG_NATIVEPATH_LIBRARY_PREPARED -XX:+IgnoreUnrecognizedVMOptions -XX:-VerifyDependencies -esa com.sun.javatest.regtest.agent.MainWrapper /export/local/aurora/sandbox/results/workDir/java/lang/invoke/MethodHandlesTest.d/junit.0.jta java/lang/invoke/MethodHandlesTest.java test.java.lang.invoke.MethodHandlesTest

Host: vmsqe-mac-35.ru.oracle.com, MacPro5,1 x86_64 3200 MHz, 8 cores, 8G, Darwin 12.5.0
Time: Mon Aug 29 03:59:36 2016 MSK elapsed time: 8901 seconds (0d 2h 28m 21s)

---------------  T H R E A D  ---------------

Current thread (0x00007fd9bb08c800):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=30723, stack(0x000000011dbd8000,0x000000011dcd8000)]

Current CompileTask:
C2:8901495 206671    b        java.lang.invoke.MethodHandleImpl::makePairwiseConvertByEditor (397 bytes)

Stack: [0x000000011dbd8000,0x000000011dcd8000],  sp=0x000000011dcd2aa0,  free space=1002k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.dylib+0xc0e84f]  VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long)+0x425
V  [libjvm.dylib+0xc0f018]  VMError::report_and_die(Thread*, char const*, int, char const*, char const*, __va_list_tag*)+0x4a
V  [libjvm.dylib+0x4796f9]  report_vm_error(char const*, int, char const*, char const*, ...)+0xcd
V  [libjvm.dylib+0x8a874e]  Node::in(unsigned int) const+0x7e
V  [libjvm.dylib+0x9e5b4c]  Node::dominates(Node*, Node_List&)+0x26c
V  [libjvm.dylib+0x9772c6]  MemNode::all_controls_dominate(Node*, Node*)+0x42e
V  [libjvm.dylib+0x977947]  MemNode::find_previous_store(PhaseTransform*)+0x223
V  [libjvm.dylib+0x97b7b0]  LoadNode::Ideal(PhaseGVN*, bool)+0x5f0
V  [libjvm.dylib+0xa6592c]  PhaseIterGVN::transform_old(Node*)+0xb0
V  [libjvm.dylib+0xa655df]  PhaseIterGVN::optimize()+0xb3
V  [libjvm.dylib+0x41af1a]  Compile::Optimize()+0x11a
V  [libjvm.dylib+0x419ce5]  Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, DirectiveSet*)+0xbeb
V  [libjvm.dylib+0x41c9d1]  Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, DirectiveSet*)+0x31
V  [libjvm.dylib+0x320cc0]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x130
V  [libjvm.dylib+0x42e09a]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x70e
V  [libjvm.dylib+0x42d648]  CompileBroker::compiler_thread_loop()+0x2e2
V  [libjvm.dylib+0xba45d7]  JavaThread::thread_main_inner()+0x1ed
V  [libjvm.dylib+0xba422a]  JavaThread::run()+0x3d0
V  [libjvm.dylib+0xa05f1f]  thread_native_entry(Thread*)+0x12b
C  [libsystem_c.dylib+0x14772]  _pthread_start+0x147
C  [libsystem_c.dylib+0x11a1]  thread_start+0xd

[error occurred during error reporting (printing native stack), id 0xe0000000]

verified by nightly testing

Out on review: http://cr.openjdk.java.net/~neliasso/8164954/webrev/

Problem understood. Conclusion: IfNode::splitIf() encounters a phi where all defs are the same constant. When splitting, the phi that gets all the remaining defs will be empty, and its region will also be empty. Later this new empty region will be visited by Node::dominates and fail when reading out of bounds. Solution: Skip splitting the if when all defs already are the same constant - this is already the desired state.

I managed to reproduce over night, it took 187 attempts before hitting the assert. Unfortunately I got no replayinline-file - since it is emitted after the optimization stage. The failing method has a huge amount of inlining that change a lot between runs. No obvious inlining command is triggering the assert.

Neither the same build, or a build from current hs-main, reproduces this. Probably dependent on inlining or profiling.

New and old crash have different stacktraces. Old crash is on LoadNode::ideal, the new on StoreNode::Ideal - so most likely different issues. The new crash happens along a code path that is guarded by vm flag ReduceFieldZeroing. A very good candidate for a simple workaround. I'll verify when I have reproduced the issue.

A quick guess after looking at Node::dominates - we are trying to access the second input of a region node with only one input left. if (sub == up && sub->is_Loop()) { // Take loop entry path on the way up to 'dom'. >> up = sub->in(1); // in(LoopNode::EntryControl); } else if (sub == up && sub->is_Region() && sub->req() != 3) { // Always take in(1) path on the way up to 'dom' for clone regions // (with only one input) or regions which merge > 2 paths // (usually used to merge fast/slow paths). >> up = sub->in(1);

Very generic failure, reading a node in-edge out of bounds. I'll try to reproduce. ILW = Crash, very very very rare, none known at this time = HLH=P1

Showed up again: RULE "runtime/Metaspace/FragmentMetaspace.java" Crash Internal Error ...node.hpp...assert(i < _max) failed: oob: i=1, _max=1 http://aurora.us.oracle.com/functional/faces/RunDetails.xhtml?names=1950573.JAVASE.NIGHTLY.VM.Main_Baseline-Tier3.2017-02-16-129

Can't reproduce, hasn't happened again in testing. Closing as CNR. Please reopen if it happens again.

Difficult to make progress with. Crash happened after more than 2 hours, CodeCache had been full at least once. Doesn't reproduce easily. No core file that can give hints.

ILW = Crash in C2, rare, no workaround = HLH = P2