Bug ID: JDK-8249608 Vector register used by C2 compiled method corrupted at safepoint

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 11,12,13,14,15,16

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2020-07-16
Updated: 2024-11-20
Resolved: 2020-08-10

JDK 11	JDK 13	JDK 15	JDK 16
11.0.10-oracleFixed	13.0.8Fixed	15.0.4Fixed	16 b11Fixed

The attached fuzzer test produces a different result for -Xint compared to "-Xmx1G -Xbatch"

To reproduce:
$ java -Xint Test.java > Xint.log
$ java -Xmx1G -Xbatch Test.java > Xbatch.log

$ diff Xint.log Xbatch.log
7c7
< Test.lArrFld = 25674174407149025
---
> Test.lArrFld = 25674174407148752
17c17
< Test.lArrFld = 9537047398970299
---
> Test.lArrFld = 9537047398970587
27c27
< Test.lArrFld = 18629965541333
---
> Test.lArrFld = 18629965541341
37c37
< Test.lArrFld = 54959195193890875
---
> Test.lArrFld = 54959195193890614
47c47
< Test.lArrFld = 4367139473002696
---
> Test.lArrFld = 4367139473002084
57c57
< Test.lArrFld = 100932619575317988
---
> Test.lArrFld = 100932619575318267
67c67
< Test.lArrFld = 20084261578502931
---
> Test.lArrFld = 20084261578502843
77c77
< Test.lArrFld = 80394573410852050
---
> Test.lArrFld = 80394573410852213
87c87
< Test.lArrFld = 542189777010360
---
> Test.lArrFld = 542189777010483
97c97
< Test.lArrFld = 20016425702668859
---
> Test.lArrFld = 20016425702669146


Note: Does not differ if we specifiy -XX:-TieredCompilation or -XX:TieredStopAtLevel=1

Fix request (13u) - will label after testing completed. I'd like to backport this fix to jdk13u for parity with jdk11u. The original patch applied cleanly.
16-05-2021
Fix request (15u) - will label after testing completed. I'd like to backport this fix to jdk15u for parity with jdk11u. The original patch applied cleanly.
16-05-2021
Fix Request (11u) This fixes the corner case in C2, and keeps codebases in sync (I see 11.0.10-oracle). The patch applies cleanly to 11u, but the new test DOES NOT fail without the patch, and still passes with the patch. tier{1,2} pass with the patch. Needs JDK-8251456 test fix as the follow-up.
08-09-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/9805023507c0 User: thartmann Date: 2020-08-10 06:21:41 +0000
10-08-2020
Analysis: The problem is very similar to JDK-8193518 [1], a vector register (ymm0) used for vectorization of a loop in a C2 compiled method is corrupted at a safepoint. Again, the root cause is the superword optimization setting 'max_vector_size' to 16 bytes instead of 32 bytes which leads to the nmethod being marked as !has_wide_vectors and the safepoint handler not saving vector registers [3]. This time, the problem is that the superword code only updates 'max_vlen_in_bytes' if 'vlen > max_vlen'. In the failing case, 'vlen' is 4 for all packs (see [4]) but 'vlen_in_bytes' is 16 for the 4 x int StoreVector and 32 for the 4 x long StoreVector. Once we've processed the int StoreVector, we are not updating 'max_vlen_in_bytes' when processing long StoreVector because 'vlen' is equal. The fix is to make sure to always update 'max_vlen_in_bytes': http://cr.openjdk.java.net/~thartmann/8249608/webrev.00/ When looking at JDK-8193518 [1], I've noticed that the corresponding regression test was never pushed. I've added it to this webrev and extended it such that it also covers the new issue. [1] https://bugs.openjdk.java.net/browse/JDK-8193518 [2] http://hg.openjdk.java.net/jdk/jdk/file/1f74c0319302/src/hotspot/share/opto/output.cpp#l3313 [3] http://hg.openjdk.java.net/jdk/jdk/file/1f74c0319302/src/hotspot/share/runtime/sharedRuntime.cpp#l551 [4] -XX:+TraceSuperWord output: After filter_packs packset Pack: 0 align: 0 1101 StoreL === 1115 1120 1102 174 [[ 1098 ]] @long[int:>=0]:exact+any , idx=6; Memory: @long[int:>=0]:NotNull:exact+any , idx=6; !orig=993,214,[1012] !jvms: Test::test @ bci:17 Test::main @ bci:8 align: 8 1098 StoreL === 1115 1101 1099 174 [[ 993 ]] @long[int:>=0]:exact+any , idx=6; Memory: @long[int:>=0]:NotNull:exact+any , idx=6; !orig=214,[1012] !jvms: Test::test @ bci:17 Test::main @ bci:8 align: 16 993 StoreL === 1115 1098 994 174 [[ 866 214 ]] @long[int:>=0]:exact+any , idx=6; Memory: @long[int:>=0]:NotNull:exact+any , idx=6; !orig=214,[1012] !jvms: Test::test @ bci:17 Test::main @ bci:8 align: 24 214 StoreL === 1115 993 212 174 [[ 1120 864 255 ]] @long[int:>=0]:exact+any , idx=6; Memory: @long[int:>=0]:NotNull:exact+any , idx=6; !orig=[1012] !jvms: Test::test @ bci:17 Test::main @ bci:8 Pack: 1 align: 0 1097 StoreI === 1115 1119 1106 41 [[ 1096 ]] @int[int:>=0]:exact+any , idx=8; Memory: @int[int:>=0]:NotNull:exact+any , idx=8; !orig=989,253,[1009] !jvms: Test::test @ bci:23 Test::main @ bci:8 align: 4 1096 StoreI === 1115 1097 1104 41 [[ 989 ]] @int[int:>=0]:exact+any , idx=8; Memory: @int[int:>=0]:NotNull:exact+any , idx=8; !orig=253,[1009] !jvms: Test::test @ bci:23 Test::main @ bci:8 align: 8 989 StoreI === 1115 1096 996 41 [[ 867 253 ]] @int[int:>=0]:exact+any , idx=8; Memory: @int[int:>=0]:NotNull:exact+any , idx=8; !orig=253,[1009] !jvms: Test::test @ bci:23 Test::main @ bci:8 align: 12 253 StoreI === 1115 989 251 41 [[ 1119 860 255 ]] @int[int:>=0]:exact+any , idx=8; Memory: @int[int:>=0]:NotNull:exact+any , idx=8; !orig=[1009] !jvms: Test::test @ bci:23 Test::main @ bci:8 new Vector node: 1491 ReplicateI === _ 41 [[]] #vectorx[4]:{int} new Vector node: 1492 StoreVector === 1115 1119 1106 1491 [[ 1487 1119 255 1486 ]] @int[int:>=0]:NotNull:exact+any , idx=8; mismatched Memory: @int[int:>=0]:NotNull:exact+any , idx=8; !orig=[1097],[989],[253],[1009] !jvms: Test::test @ bci:23 Test::main @ bci:8 new Vector node: 1493 ReplicateL === _ 174 [[]] #vectory[4]:{long} new Vector node: 1494 StoreVector === 1115 1120 1102 1493 [[ 1489 1120 255 1488 ]] @long[int:>=0]:NotNull:exact+any , idx=6; mismatched Memory: @long[int:>=0]:NotNull:exact+any , idx=6; !orig=[1101],[993],[214],[1012] !jvms: Test::test @ bci:17 Test::main @ bci:8
06-08-2020

Relates :	JDK-8251456 - [TESTBUG] compiler/vectorization/TestVectorsNotSavedAtSafepoint.java failed OutOfMemoryError
Relates :	JDK-8193518 - C2: Vector registers sometimes corrupted at safepoint