JDK-8219807 : C2 crash in IfNode::up_one_dom(Node*, bool)
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8,9,10,11,12,13
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-02-25
  • Updated: 2019-08-21
  • Resolved: 2019-04-30
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 8 Other
11.0.5-oracleFixed 13 b19Fixed 8u231Fixed openjdk8u232Fixed
Related Reports
Duplicate :  
JDK-8223541 - C2 crash in IfNode::up_one_dom(Node*, bool)
Duplicate :  
JDK-8219894 - JVM crash during JIT compile task (C2)
Description
ADDITIONAL SYSTEM INFORMATION 


A DESCRIPTION OF THE PROBLEM :
EXCEPTION_ACCESS_VIOLATION during JIT compile task

ERROR MESSAGES/STACK TRACES THAT OCCUR :
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fb07e8974d9, pid=118529, tid=0x00007fb05f9f9700
#
# JRE version: Java(TM) SE Runtime Environment (8.0_201-b09) (build 1.8.0_201-b09)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (25.201-b09 mixed mode linux-amd64 compressed oops)
# Problematic frame:
# V  [libjvm.so+0x62c4d9]  IfNode::up_one_dom(Node*, bool)+0x99
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x00007fb0780c4800):  JavaThread "C2 CompilerThread1" daemon [_thread_in_native, id=118544, stack(0x00007fb05f8f9000,0x00007fb05f9fa000)]

siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x000000000000002c

Stack: [0x00007fb05f8f9000,0x00007fb05f9fa000],  sp=0x00007fb05f9f5180,  free space=1008k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x62c4d9]  IfNode::up_one_dom(Node*, bool)+0x99
V  [libjvm.so+0x62dbf8]  IfNode::Ideal(PhaseGVN*, bool)+0x938
V  [libjvm.so+0x967aee]  PhaseIterGVN::transform_old(Node*)+0x6e
V  [libjvm.so+0x964f44]  PhaseIterGVN::optimize()+0x134
V  [libjvm.so+0x47e077]  Compile::Optimize()+0xb7
V  [libjvm.so+0x48019a]  Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool)+0xcda
V  [libjvm.so+0x3c4c4a]  C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0xaa
V  [libjvm.so+0x48b84c]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x73c
V  [libjvm.so+0x48d488]  CompileBroker::compiler_thread_loop()+0x6d8
V  [libjvm.so+0xa7bb6b]  JavaThread::thread_main_inner()+0xdb
V  [libjvm.so+0xa7be71]  JavaThread::run()+0x2d1
V  [libjvm.so+0x90d922]  java_start(Thread*)+0x102
C  [libpthread.so.0+0x7df5]  start_thread+0xc5


Current CompileTask:
C2:    519  598       4       java.util.logging.Logger::log (33 bytes)
Comments
Fix Request (11u, 8u) Backporting this fix resolves the C2 crash. Patch applies cleanly to 11u and with reshuffling to 8u. New regression test fails without the patch (in 11u) and passes with the patch (in both 11u and 8u). tier1 passes in 11u, hotspot/test passes in 8u.
12-06-2019
The regression test does not work when compiled with latest javac because of Indify String Concat (JDK-8085796) which affects the String related bytecodes that are generated. It works with -XDstringConcat=inline. Here's a much simpler version of the test: http://cr.openjdk.java.net/~thartmann/8219807/webrev.00/test/hotspot/jtreg/compiler/c2/TestIfWithDeadRegion.java.html The problem is that the dominator chain includes two regions (3239 and 640) that are degraded to copies (i.e. the control input is NULL): (rr) print curr->dump(4) 3668 MemBarRelease === 3665 1 3666 1 1 [[ 3669 3670 ]] !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 3669 Proj === 3668 [[ 3239 ]] #0 !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 3 Start === 3 0 [[ 3 5 6 7 8 9 10 ]] #{0:control, 1:abIO, 2:memory, 3:rawptr:BotPTR, 4:return_address, 5:java/util/function/Supplier *} 1086 MemBarRelease === 1083 1 1084 1 1 [[ 1087 1088 ]] !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 1087 Proj === 1086 [[ 640 ]] #0 !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 3670 Proj === 3668 [[ 470 257 ]] #2 Memory: @BotPTR *+bot, idx=Bot; !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 3239 Region === _ 3669 [[ 257 ]] !jvms: TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 8 Parm === 3 [[ 633 632 5625 429 34 30 433 67 63 5472 398 402 5456 452 5460 5420 300 5424 105 234 238 5404 5408 203 5351 207 5355 257 5100 5087 5091 5053 5057 5025 678 4972 682 4890 4894 4712 4687 714 4691 4655 4659 4564 758 4534 754 780 4538 4488 812 808 4492 850 846 859 4476 4480 4464 4468 4381 4365 4369 4329 4333 4314 4318 1127 4295 1123 4299 4242 4246 1152 1148 3990 3977 3981 3943 3947 1207 1203 3915 3862 3784 3788 3730 3734 3705 1283 3709 3445 3432 3436 3396 3400 1336 3368 3346 1368 1364 3350 1402 1398 1411 3306 3277 3273 3091 2922 2906 2910 2870 2874 2854 1667 2858 2801 2805 1663 2550 2537 2541 2503 2507 2475 1720 1716 1739 1735 1754 1750 1790 1786 1802 2422 2339 2343 2160 2135 2139 2099 2103 1993 1963 1967 1893 1889 1906 1902 1919 1915 ]] FramePtr !jvms: TestIfWithDeadRegion::test @ bci:-1 1088 Proj === 1086 [[ 470 452 ]] #2 Memory: @BotPTR *+bot, idx=Bot; !jvms: StringLatin1::newString @ bci:-1 StringBuilder::toString @ bci:16 TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 640 Region === _ 1087 [[ 452 ]] !jvms: TestIfWithDeadRegion::getString @ bci:18 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 257 CallLeaf === 3239 1 3670 8 1 ) [[ 258 ]] # nanoTime long/half ( ) !jvms: TestIfWithDeadRegion::getString @ bci:22 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 452 CallLeaf === 640 1 1088 8 1 ) [[ 453 ]] # nanoTime long/half ( ) !jvms: TestIfWithDeadRegion::getString @ bci:22 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:-1 258 Proj === 257 [[ 468 ]] #0 !jvms: TestIfWithDeadRegion::getString @ bci:22 TestIfWithDeadRegion::lambda$main$1 @ bci:4 0x0000000800096840::get @ bci:0 TestIfWithDeadRegion::test @ bci:1 453 Proj === 452 [[ 468 ]] #0 !jvms: TestIfWithDeadRegion::getString @ bci:22 TestIfWithDeadRegion::lambda$main$0 @ bci:4 0x0000000800097440::get @ bci:0 TestIfWithDeadRegion::test @ bci:-1 468 Region === 468 453 258 [[ 468 489 469 470 471 492 476 ]] !jvms: TestIfWithDeadRegion::test @ bci:-1 The control input is set to NULL here because the Region degraded to a copy: http://hg.openjdk.java.net/jdk/jdk/file/2f4393ec54d4/src/hotspot/share/opto/cfgnode.cpp#l570 #0 Node::set_req (this=0x7efd180ba790, i=<optimized out>, n=0x0) at /oracle/jdk_jdk/open/src/hotspot/share/opto/node.hpp:416 #1 0x00007efd6affab72 in RegionNode::Ideal (this=0x7efd180ba790, phase=<optimized out>, can_reshape=<optimized out>) at /oracle/jdk_jdk/open/src/hotspot/share/opto/cfgnode.cpp:570 #2 0x00007efd6bc8a1d8 in PhaseGVN::apply_ideal (can_reshape=false, k=0x7efd180ba790, this=0x7efd2b7a62a0) at /oracle/jdk_jdk/open/src/hotspot/share/opto/phaseX.cpp:821 #3 PhaseGVN::transform_no_reclaim (this=0x7efd2b7a62a0, n=<optimized out>) at /oracle/jdk_jdk/open/src/hotspot/share/opto/phaseX.cpp:851 #4 0x00007efd6bc350ed in Parse::do_exits (this=this@entry=0x7efd2b7a5b90) at /oracle/jdk_jdk/open/src/hotspot/share/opto/parse1.cpp:966 #5 0x00007efd6bc3d25b in Parse::Parse (this=0x7efd2b7a5b90, caller=<optimized out>, parse_method=<optimized out>, expected_uses=<optimized out>) at /oracle/jdk_jdk/open/src/hotspot/share/opto/parse1.cpp:626 #6 0x00007efd6afb2e28 in ParseGenerator::generate (this=0x7efd1809c270, jvms=0x7efd180c1a80) at /oracle/jdk_jdk/open/src/hotspot/share/opto/callGenerator.cpp:97 #7 0x00007efd6afb44e3 in LateInlineCallGenerator::do_late_inline (this=0x7efd1809c2a0) at /oracle/jdk_jdk/open/src/hotspot/share/opto/callGenerator.cpp:452 #8 0x00007efd6b17fe12 in Compile::inline_string_calls (this=this@entry=0x7efd2b7a6d50, parse_time=parse_time@entry=true) at /oracle/jdk_jdk/open/src/hotspot/share/opto/compile.cpp:2028 #9 0x00007efd6b18540d in Compile::Compile (this=0x7efd2b7a6d50, ci_env=<optimized out>, compiler=<optimized out>, target=<optimized out>, osr_bci=<optimized out>, subsume_loads=<optimized out>, do_escape_analysis=true, eliminate_boxing=true, directive=0x7efd6429b720) at /oracle/jdk_jdk/open/src/hotspot/share/opto/compile.cpp:831 #10 0x00007efd6afb1842 in C2Compiler::compile_method (this=0x7efd6438ac20, env=0x7efd2b7a7b00, target=0x7efd64594420, entry_bci=-1, directive=0x7efd6429b720) at /oracle/jdk_jdk/open/src/hotspot/share/opto/c2compiler.cpp:110 #11 0x00007efd6b191eea in CompileBroker::invoke_compiler_on_method (task=task@entry=0x7efd645adb10) at /oracle/jdk_jdk/open/src/hotspot/share/compiler/compileBroker.cpp:2120 #12 0x00007efd6b192b6f in CompileBroker::compiler_thread_loop () at /oracle/jdk_jdk/open/src/hotspot/share/compiler/compileBroker.cpp:1803 #13 0x00007efd6bfe666a in JavaThread::thread_main_inner (this=0x7efd6438b000) at /oracle/jdk_jdk/open/src/hotspot/share/runtime/thread.cpp:1885 #14 0x00007efd6bfeb97b in Thread::call_run (this=0x7efd6438b000) at /oracle/jdk_jdk/open/src/hotspot/share/runtime/thread.cpp:400 #15 0x00007efd6bbe7051 in thread_native_entry (thread=0x7efd6438b000) at /oracle/jdk_jdk/open/src/hotspot/os/linux/os_linux.cpp:791 #16 0x00007efd6cc906ba in start_thread (arg=0x7efd2b7a8700) at pthread_create.c:333 #17 0x00007efd6d1b141d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 But the node is not removed because we are still parsing. It is on the igvn worklist but the IfNode is processed first. Proposed fix: http://cr.openjdk.java.net/~thartmann/8219807/webrev.00/
29-04-2019
-- Reproduced crashes reported. Sample runs - $ ..jdk9b103/fastdebug/bin/javac JVMCrash.java $ ..jdk9b103/fastdebug/bin/java JVMCrash # SIGSEGV (0xb) at pc=0x00007f1a3482c3b1, pid=6267, tid=6286 # Problematic frame: # V [libjvm.so+0xc083b1] IfNode::search_identical(int)+0x341 Current CompileTask: C2: 1945 611 4 java.util.logging.Logger::log (33 bytes) -- No similar crash from jdk9b104 onwards. But crashes when compiled with Old JDK versions and run with latest JDK 13. $ ..jdk9b103/jdk-9/fastdebug/bin/javac JVMCrash.java $ ..jdk13b09/jdk-13/fastdebug/bin/java JVMCrash # SIGSEGV (0xb) at pc=0x00007f670d312953, pid=14387, tid=14404 # Problematic frame: # V [libjvm.so+0xd4f953] IfNode::search_identical(int)+0x373 Current CompileTask: C2: 4038 740 4 java.util.logging.Logger::log (33 bytes) -- Confirmed similar following crash when compiled with OLD JDK versions and run with latest sources build ======================== # SIGSEGV (0xb) at pc=0x00007f093453465e, pid=22695, tid=22714 ...... # Problematic frame: # V [libjvm.so+0x4d865e] Node::is_If() const+0xc ....... Host: rvraghav-ThinkPad-T450, Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 4 cores, 15G, Ubuntu 16.04.6 LTS --------------- T H R E A D --------------- Current thread (0x00007f08ec1ef000): JavaThread "C2 CompilerThread1" daemon [_thread_in_native, id=22714, stack(0x00007f0905eff000,0x00007f0906000000)] Current CompileTask: C2: 6929 980 4 java.util.logging.Logger::log (33 bytes) Stack: [0x00007f0905eff000,0x00007f0906000000], sp=0x00007f0905ffb120, free space=1008k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x4d865e] Node::is_If() const+0xc V [libjvm.so+0xb0a9d4] IfNode::up_one_dom(Node*, bool)+0x1ee V [libjvm.so+0xb0e652] IfNode::search_identical(int)+0xd6 V [libjvm.so+0xb0e130] IfNode::Ideal(PhaseGVN*, bool)+0x1bc V [libjvm.so+0xff29b1] PhaseGVN::apply_ideal(Node*, bool)+0x6b V [libjvm.so+0xff439d] PhaseIterGVN::transform_old(Node*)+0x105 V [libjvm.so+0xff4128] PhaseIterGVN::optimize()+0x148 V [libjvm.so+0x7fe2fa] Compile::Optimize()+0x186 V [libjvm.so+0x7f7c25] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, DirectiveSet*)+0x11df V [libjvm.so+0x6d018a] C2Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x13c V [libjvm.so+0x813b71] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x77d V [libjvm.so+0x8128fa] CompileBroker::compiler_thread_loop()+0x3d6 V [libjvm.so+0x11789ee] compiler_thread_entry(JavaThread*, Thread*)+0x69 V [libjvm.so+0x1173ac5] JavaThread::thread_main_inner()+0x149 V [libjvm.so+0x1173974] JavaThread::run()+0x11a V [libjvm.so+0x116fdf1] Thread::call_run()+0x195 V [libjvm.so+0xf830c6] thread_native_entry(Thread*)+0x1ee ======================== Work in progress for Fix proposal.
11-03-2019
Reproducible on JDK 13. Compile with JDK8 and run with JDK 13 # Problematic frame: # V [libjvm.so+0x82b770] IfNode::search_identical(int)+0x110 Current thread (0x00007f53d434a000): JavaThread "C2 CompilerThread1" daemon [_thread_in_native, id=74179, stack(0x00007f53f87cb000,0x00007f53f88cc000)] Current CompileTask: C2: 1873 718 4 java.util.logging.Logger::log (33 bytes) Stack: [0x00007f53f87cb000,0x00007f53f88cc000], sp=0x00007f53f88c7a70, free space=1010k Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x82b770] IfNode::search_identical(int)+0x110 V [libjvm.so+0x832506] IfNode::Ideal(PhaseGVN*, bool)+0x706 V [libjvm.so+0xc4c3b1] PhaseIterGVN::transform_old(Node*)+0xa1 V [libjvm.so+0xc48ad4] PhaseIterGVN::optimize()+0x134 V [libjvm.so+0x5f6add] Compile::Optimize()+0x15d V [libjvm.so+0x5f8622] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool, DirectiveSet*)+0xbf2 V [libjvm.so+0x52015c] C2Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0xbc V [libjvm.so+0x6022e8] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x3f8 V [libjvm.so+0x603ba8] CompileBroker::compiler_thread_loop()+0x548 V [libjvm.so+0xdad1ee] JavaThread::thread_main_inner()+0x1be V [libjvm.so+0xdb20e8] Thread::call_run()+0x178 V [libjvm.so+0xbec51e] thread_native_entry(Thread*)+0xee siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x000000000000002c
28-02-2019
This issue observed only on JDK8 and no issue on 11.0.2, 12 and 13 ea b09 == # Problematic frame: # V [libjvm.so+0x62c4d9] IfNode::up_one_dom(Node*, bool)+0x99 # # Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again # # If you would like to submit a bug report, please visit: # http://bugreport.java.com/bugreport/crash.jsp # --------------- T H R E A D --------------- Current thread (0x00007fb0780c4800): JavaThread "C2 CompilerThread1" daemon [_thread_in_native, id=118544, stack(0x00007fb05f8f9000,0x00007fb05f9fa000)] siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr: 0x000000000000002c Stack: [0x00007fb05f8f9000,0x00007fb05f9fa000], sp=0x00007fb05f9f5180, free space=1008k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x62c4d9] IfNode::up_one_dom(Node*, bool)+0x99 V [libjvm.so+0x62dbf8] IfNode::Ideal(PhaseGVN*, bool)+0x938 V [libjvm.so+0x967aee] PhaseIterGVN::transform_old(Node*)+0x6e V [libjvm.so+0x964f44] PhaseIterGVN::optimize()+0x134 V [libjvm.so+0x47e077] Compile::Optimize()+0xb7 V [libjvm.so+0x48019a] Compile::Compile(ciEnv*, C2Compiler*, ciMethod*, int, bool, bool, bool)+0xcda V [libjvm.so+0x3c4c4a] C2Compiler::compile_method(ciEnv*, ciMethod*, int)+0xaa V [libjvm.so+0x48b84c] CompileBroker::invoke_compiler_on_method(CompileTask*)+0x73c V [libjvm.so+0x48d488] CompileBroker::compiler_thread_loop()+0x6d8 V [libjvm.so+0xa7bb6b] JavaThread::thread_main_inner()+0xdb V [libjvm.so+0xa7be71] JavaThread::run()+0x2d1 V [libjvm.so+0x90d922] java_start(Thread*)+0x102 C [libpthread.so.0+0x7df5] start_thread+0xc5
27-02-2019