Bug ID: JDK-8178033 C1 crashes with -XX:UseAVX = 3: "not a mov [reg+offs], reg instruction"

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 9

Priority: P2
Status: Closed
Resolution: Fixed

Submitted: 2017-04-04
Updated: 2019-03-28
Resolved: 2017-04-06

JDK 10	JDK 9
10Fixed	9 b165Fixed

Host: Intel(R) Xeon Phi(TM) CPU 7250 @ 1.40GHz, 272 cores, 109G, Oracle Linux Server release 7.3
Extra flag: -XX:UseAVX=3
A number of tests crashed.

# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/scratch/workspace/9-2-build-linux-amd64-phase2/jdk9/6180/hotspot/src/cpu/x86/vm/nativeInst_x86.cpp:508), pid=240923, tid=243397
#  fatal error: not a mov [reg+offs], reg instruction
#
# JRE version: Java(TM) SE Runtime Environment (9.0+160) (fastdebug build 9-ea+160)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 9-ea+160, compiled mode, tiered, compressed oops, g1 gc, linux-amd64)
# Core dump will be written. Default location: Core dumps may be processed with "/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e %P %I" (or dumping to /export/home/aginfra/sandbox/results/workDir/runtime/CompactStrings/TestMethodNames/core.240923)
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: -Dtest.src=/export/home/aginfra/CommonData/j2se_jdk/hotspot/test/runtime/CompactStrings -Dtest.src.path=/export/home/aginfra/CommonData/j2se_jdk/hotspot/test/runtime/CompactStrings -Dtest.classes=/export/home/aginfra/sandbox/results/workDir/classes/13/runtime/CompactStrings -Dtest.class.path=/export/home/aginfra/sandbox/results/workDir/classes/13/runtime/CompactStrings -Dtest.vm.opts= -Dtest.tool.vm.opts= -Dtest.compiler.opts= -Dtest.java.opts=-Xcomp -Xcomp -XX:MaxRAMFraction=8 -XX:+CreateCoredumpOnCrash -ea -esa -XX:CompileThreshold=100 -XX:+UnlockExperimentalVMOptions -server -XX:+TieredCompilation -XX:UseAVX=3 -Dtest.jdk=/export/home/aginfra/CommonData/TEST_JAVA_HOME -Dcompile.jdk=/export/home/aginfra/CommonData/TEST_JAVA_HOME -Dtest.timeout.factor=16.0 -Dtest.nativepath=/export/home/aginfra/sandbox/JTREG_NATIVEPATH_LIBRARY_PREPARED -Xcomp -Xcomp -XX:MaxRAMFraction=8 -XX:+CreateCoredumpOnCrash -ea -esa -XX:CompileThreshold=100 -XX:+UnlockExperimentalVMOptions -XX:+TieredCompilation -XX:UseAVX=3 -Djava.library.path=/export/home/aginfra/sandbox/JTREG_NATIVEPATH_LIBRARY_PREPARED -XX:+CompactStrings com.sun.javatest.regtest.agent.MainWrapper /export/home/aginfra/sandbox/results/workDir/runtime/CompactStrings/TestMethodNames.d/main.0.jta

Host: [REMOVED], Intel(R) Xeon Phi(TM) CPU 7250 @ 1.40GHz, 272 cores, 109G, Oracle Linux Server release 7.3
Time: Sat Apr  1 16:33:31 2017 PDT elapsed time: 211 seconds (0d 0h 3m 31s)

---------------  T H R E A D  ---------------

Current thread (0x00007f785cb3a000):  JavaThread "C1 CompilerThread29" daemon [_thread_in_native, id=243397, stack(0x00007f71aa6e7000,0x00007f71aa7e8000)]


Current CompileTask:
C1: 211498 8630    b  3       jdk.nashorn.internal.objects.NativeNumber$Constructor::G$MAX_VALUE (4 bytes)

Stack: [0x00007f71aa6e7000,0x00007f71aa7e8000],  sp=0x00007f71aa7e5cf0,  free space=1019k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x16c9542]  VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long)+0x162;;  VMError::report_and_die(int, char const*, char const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*, int, unsigned long)+0x162
V  [libjvm.so+0x16ca2cf]  VMError::report_and_die(Thread*, char const*, int, char const*, char const*, __va_list_tag*)+0x2f;;  VMError::report_and_die(Thread*, char const*, int, char const*, char const*, __va_list_tag*)+0x2f
V  [libjvm.so+0xaa1b9e]  report_fatal(char const*, int, char const*, ...)+0xde;;  report_fatal(char const*, int, char const*, ...)+0xde
V  [libjvm.so+0x1313e07]  NativeMovRegMem::verify()+0xb7;;  NativeMovRegMem::verify()+0xb7
V  [libjvm.so+0x78a88c]  LIR_Assembler::patching_epilog(PatchingStub*, LIR_PatchCode, RegisterImpl*, CodeEmitInfo*)+0xcc;;  LIR_Assembler::patching_epilog(PatchingStub*, LIR_PatchCode, RegisterImpl*, CodeEmitInfo*)+0xcc
V  [libjvm.so+0x795e29]  LIR_Assembler::mem2reg(LIR_OprDesc*, LIR_OprDesc*, BasicType, LIR_PatchCode, CodeEmitInfo*, bool, bool)+0x629;;  LIR_Assembler::mem2reg(LIR_OprDesc*, LIR_OprDesc*, BasicType, LIR_PatchCode, CodeEmitInfo*, bool, bool)+0x629
V  [libjvm.so+0x78b8f3]  LIR_Assembler::emit_op1(LIR_Op1*)+0x83;;  LIR_Assembler::emit_op1(LIR_Op1*)+0x83
V  [libjvm.so+0x78c3ef]  LIR_Assembler::emit_lir_list(LIR_List*)+0x12f;;  LIR_Assembler::emit_lir_list(LIR_List*)+0x12f
V  [libjvm.so+0x78d1b2]  LIR_Assembler::emit_code(BlockList*)+0x122;;  LIR_Assembler::emit_code(BlockList*)+0x122
V  [libjvm.so+0x72bcf7]  Compilation::emit_code_body()+0x1d7;;  Compilation::emit_code_body()+0x1d7
V  [libjvm.so+0x72e4c5]  Compilation::compile_java_method() [clone .part.114]+0x6e5;;  Compilation::compile_java_method() [clone .part.114]+0x6e5
V  [libjvm.so+0x72f097]  Compilation::compile_method()+0x247;;  Compilation::compile_method()+0x247
V  [libjvm.so+0x72fc33]  Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, DirectiveSet*)+0x433;;  Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, DirectiveSet*)+0x433
V  [libjvm.so+0x731b9e]  Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x17e;;  Compiler::compile_method(ciEnv*, ciMethod*, int, DirectiveSet*)+0x17e
V  [libjvm.so+0xa1d896]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x3d6;;  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x3d6
V  [libjvm.so+0xa1e531]  CompileBroker::compiler_thread_loop()+0x2b1;;  CompileBroker::compiler_thread_loop()+0x2b1
V  [libjvm.so+0x162ddbe]  JavaThread::thread_main_inner()+0x22e;;  JavaThread::thread_main_inner()+0x22e
V  [libjvm.so+0x162e04e]  JavaThread::run()+0x1ce;;  JavaThread::run()+0x1ce
V  [libjvm.so+0x137e922]  thread_native_entry(Thread*)+0x112;;  thread_native_entry(Thread*)+0x112
C  [libpthread.so.0+0x7dc5]  start_thread+0xc5

Fix verified by manual testing on EVEX machine.
07-08-2017
Fix is approved for JDK 9.
04-04-2017
For clarification: An explicit "-XX:UseAVX = 3" is not required to trigger this bug. We just need a machine that supports AVX-512 [1] and then UseAVX = 3 is set by default: java -XX:+PrintFlagsFinal -version \| grep UseAVX intx UseAVX = 3 This didn't show up before because we didn't test on "Knights Landing" machines. [1] https://en.wikipedia.org/wiki/AVX-512
04-04-2017
Fix Request It's important to fix this bug because C1 may crash during compilation on platforms that support UseAVX = 3. The patch is small and low-risk: http://cr.openjdk.java.net/~thartmann/8178033/webrev.00/ Reviewers: [to be reviewed]
04-04-2017
Reproducible with -XX:+ReplayCompiles -XX:+ReplayIgnoreInitErrors -XX:ReplayDataFile=replay_pid100826.log (file attached). JDK-8076276 added support for AVX512 but NativeMovRegMem::instruction_start() was not updated to recognize/skip the 4-bytes prefix for EVEX instructions. As a result, C1 crashes in NativeMovRegMem::verify() because the instruction_address() points to the EVEX prefix (0x62) which is not a valid MovRegMem instruction. Similar to the VEX prefixes, we should skip the corresponding number of bytes such that the instruction address points to the prefixed opcode (see also 'case 0x62' in Assembler::locate_operand()). http://cr.openjdk.java.net/~thartmann/8178033/webrev.00/
04-04-2017
This problem was introduced by JDK-8076276.
04-04-2017
ILW = Crash in C1, reproducible with UseAVX=3, set UseAVX <= 2 = HMM = P2
04-04-2017