JDK-8064703 : crash running specjvm98's javac following 8060252
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 9
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-11-12
  • Updated: 2017-08-07
  • Resolved: 2014-12-04
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 9
9 b43Fixed
Related Reports
Relates :  
JDK-8060252 - JDK-7173584 compiler changes regress SPECjvm2008 on SPARC
Relates :  
JDK-8073866 - Fix for 8064703 is not sufficient
Relates :  
JDK-8072016 - Array copy may cause infinite cycle of deoptimization/compilation
Description
Reported by Goetz Lindenmaier:

on ppc, I see immediate bugs in g1:
 
ppc_vm/bin/java -XX:+UseG1GC -XX:SurvivorRatio=4 -classpath ���/benchmarks/jvm98/ SPECjvm98All ���/benchmarks/jvm98/ jvm98.log.txt jvm98.result.txt javac 
 
#  Internal Error (/sapmnt/home1/d045726/oJ/g1Bug-hs-comp/src/share/vm/oops/oop.inline.hpp:199), pid=1554, tid=4398079689280
#  assert(check_obj_alignment(result)) failed: address not aligned: 0x00000000baadbabe
 
V  [libjvm.so+0xaa5150]  report_vm_error(char const*, int, char const*, char const*)+0xdc
V  [libjvm.so+0x78e738]  oopDesc::decode_heap_oop_not_null(unsigned int)+0x11c
V  [libjvm.so+0x78e7f8]  oopDesc::decode_heap_oop(unsigned int)+0x6c
V  [libjvm.so+0xc41238]  void G1SATBCardTableModRefBS::write_ref_field_pre_static<unsigned int>(unsigned int*, oopDesc*)+0x7c
V  [libjvm.so+0xc412cc]  void G1SATBCardTableModRefBS::inline_write_ref_field_pre<unsigned int>(unsigned int*, oopDesc*)+0x40
V  [libjvm.so+0xc41354]  G1SATBCardTableModRefBS::write_ref_field_pre_work(unsigned int*, oopDesc*)+0x44
V  [libjvm.so+0x8dadcc]  void BarrierSet::write_ref_field_pre<unsigned int>(unsigned int*, oopDesc*)+0xac
V  [libjvm.so+0x1195044]  void ObjArrayKlass::do_copy<unsigned int>(arrayOopDesc*, unsigned int*, arrayOopDesc*, unsigned int*, int, Thread*)+0x3f4
V  [libjvm.so+0x1191c68]  ObjArrayKlass::copy_array(arrayOopDesc*, int, arrayOopDesc*, int, int, Thread*)+0x27c
V  [libjvm.so+0xeac84c]  JVM_ArrayCopy+0xff51fc1c
J 17  java.lang.System.arraycopy(Ljava/lang/Object;ILjava/lang/Object;II)V (0 bytes) @ 0x00000400021bd104 [0x00000400021bd000+0x104]
j  spec.benchmarks._213_javac.Parser.exprArgs(I)[Lspec/benchmarks/_213_javac/Expression;+23
j  spec.benchmarks._213_javac.Parser.parseMethodExpression(Lspec/benchmarks/_213_javac/Expression;Lspec/benchmarks/_213_javac/Identifier;)Lspec/benchmarks/_213_javac/Expression;+69
j  spec.benchmarks._213_javac.Parser.parseExpression()Lspec/benchmarks/_213_javac/Expression;+426

Can be reproduced on x64.

ILW=H (crash) L (rare) H (no workaround) = P2
Comments
may be mark uncommon trap as re-execute allocation bytecode.
18-11-2014
ILW=Crash, specjvm, rare so far, none=HLH=P2
17-11-2014
Array allocation is followed by an arraycopy with the newly allocated array as destination and of the entire array, so we optimize out the initialization of array and let the arraycopy do the initialization. Between the allocation and the actual copy, we validate arguments of the arraycopy and uncommon trap in case of unexpected argument. If we deoptimize before the copy we leave the array uninitialized and the interpreter calls the arraycopy with an uninitialized array.
12-11-2014