JDK-8221658 : aarch64: add necessary predicate for ubfx patterns
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8-aarch64,11,13
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: aarch64
  • Submitted: 2019-03-29
  • Updated: 2021-02-01
  • Resolved: 2019-04-09
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 Other
11.0.11-oracleFixed 13 b16Fixed openjdk8u292Fixed
Related Reports
Relates :  
JDK-8257192 - Integrate AArch64 JIT port into 8u
Description
One of our fuzz tests causes the aarch64 8u slowdebug JVM crash. 

Call trace:
(gdb) bt
#0  report_vm_error (file=0xffffb78a9458 "/home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp", line=238,
    error_msg=0xffffb78a9430 "guarantee(val < (1U << nbits)) failed", detail_msg=0xffffb78a9418 "Field too big for insn")
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/utilities/debug.cpp:223
#1  0x0000ffffb6e422a8 in Instruction_aarch64::f (this=0xffff6023d9a0, val=19329, msb=21, lsb=16)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp:238
#2  0x0000ffffb6e433f4 in Assembler::f (this=0xffff6023da40, val=19329, msb=21, lsb=16)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp:677
#3  0x0000ffffb6e43f6c in Assembler::ubfmw (this=0xffff6023da40, Rd=0xb, Rn=0x10, immr=19329, imms=19330)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/assembler_aarch64.hpp:832
#4  0x0000ffffb6e4bbd8 in MacroAssembler::ubfxw (this=0xffff6023da40, Rd=0xb, Rn=0x10, lsb=19329, width=2)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/macroAssembler_aarch64.hpp:254
#5  0x0000ffffb6e23e84 in ubfxwINode::emit (this=0xffffa46f11b0, cbuf=..., ra_=0xffff6023e178)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/aarch64.ad:12347
#6  0x0000ffffb7119464 in Compile::scratch_emit_size (this=0xffff60240860, n=0xffffa46f11b0)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/compile.cpp:628
#7  0x0000ffffb7541b20 in MachNode::emit_size (this=0xffffa46f11b0, ra_=0xffff6023e178)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/machnode.cpp:155
#8  0x0000ffffb7541aa4 in MachNode::size (this=0xffffa46f11b0, ra_=0xffff6023e178)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/machnode.cpp:147
#9  0x0000ffffb764eb5c in Compile::shorten_branches (this=0xffff60240860, blk_starts=0xfbb5f0, code_size=@0xffff6023debc: 0,
    reloc_size=@0xffff6023dec0: 703, stub_size=@0xffff6023dec4: 168) at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/output.cpp:441
#10 0x0000ffffb7651610 in Compile::init_buffer (this=0xffff60240860, blk_starts=0xfbb5f0)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/output.cpp:1138
#11 0x0000ffffb764dd04 in Compile::Output (this=0xffff60240860) at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/output.cpp:127
#12 0x0000ffffb7120d4c in Compile::Code_Gen (this=0xffff60240860) at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/compile.cpp:2459
#13 0x0000ffffb711a614 in Compile::Compile (this=0xffff60240860, ci_env=0xffff602414f0, compiler=0xffffa4000950, target=0xffffa4702580, osr_bci=-1,
    subsume_loads=true, do_escape_analysis=true, eliminate_boxing=true)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/compile.cpp:923
#14 0x0000ffffb704a5a8 in C2Compiler::compile_method (this=0xffffa4000950, env=0xffff602414f0, target=0xffffa4702580, entry_bci=-1)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/opto/c2compiler.cpp:118
#15 0x0000ffffb7132334 in CompileBroker::invoke_compiler_on_method (task=0xffffa401b340)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/compiler/compileBroker.cpp:2000
#16 0x0000ffffb7131990 in CompileBroker::compiler_thread_loop ()
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/compiler/compileBroker.cpp:1816
#17 0x0000ffffb77fcb10 in compiler_thread_entry (thread=0xffffa4005000, __the_thread__=0xffffa4005000)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/runtime/thread.cpp:3305
#18 0x0000ffffb77f7fb4 in JavaThread::thread_main_inner (this=0xffffa4005000)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/runtime/thread.cpp:1737
#19 0x0000ffffb77f7e58 in JavaThread::run (this=0xffffa4005000) at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/share/vm/runtime/thread.cpp:1717
#20 0x0000ffffb763546c in java_start (thread=0xffffa4005000) at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/os/linux/vm/os_linux.cpp:840
#21 0x0000ffffb7fa0dc4 in start_thread () from /lib64/libpthread.so.0

-------------------------------------------------------------------------------------------------------------------------------------
(gdb) f 5
#5  0x0000ffffb6e23e84 in ubfxwINode::emit (this=0xffffa46f11b0, cbuf=..., ra_=0xffff6023e178)
    at /home/yangfei/openjdk8u-aarch64-shenandoah/hotspot/src/cpu/aarch64/vm/aarch64.ad:12347
12347               as_Register($src$$reg), rshift, width);
(gdb) l
12342     ins_encode %{
12343       int rshift = $rshift$$constant;
12344       long mask = $mask$$constant;
12345       int width = exact_log2(mask+1);
12346       __ ubfxw(as_Register($dst$$reg),
12347               as_Register($src$$reg), rshift, width);
12348     %}
12349     ins_pipe(ialu_reg_shift);
12350   %}
12351   instruct ubfxL(iRegLNoSp dst, iRegL src, immI rshift, immL_bitmask mask)
(gdb) p rshift
$14 = 19329
(gdb) p width
$15 = 2
-------------------------------------------------------------------------------------------------------------------------------------

Here, we are trying to emit a ubfx instruction with a huge 'rshift' immediate operand.
It's necessary to add predicate for the 'rshift' & 'mask' operands to make sure we are not going to exceed what ubfx can do.
Although this issue is not reproduced with jdk11 or newer versions, it is there in theory.

Patch fixing the issue is under testing.
Comments
Fix Request [11u] The same issue is there in jdk11u in theory. Patch applies cleanly to jdk11u-dev repo. Tier1-3 tested on aarch64-linux-gnu.
04-08-2020