JDK-8229499 : Node budget assert in fuzzed test
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 11,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2019-08-13
  • Updated: 2022-03-14
  • Resolved: 2019-09-26
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 14
11.0.16-oracleFixed 14 b17Fixed
Related Reports
Relates :  
JDK-8235870 - C2 crashes in IdealLoopTree::est_loop_flow_merge_sz()
Relates :  
JDK-8216137 - assert(Compile::current()->live_nodes() < Compile::current()->max_node_limit()) failed: Live Node limit exceeded limit
Description
(synopsis is provisional, please change as you see fit).

Found by fuzzing. Test bundle is attached. Crashes every time for me:

$ ~/trunks/jdk-jdk/build/linux-x86_64-server-fastdebug/images/jdk/bin/java Test

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/home/shade/trunks/jdk-jdk/src/hotspot/share/opto/loopnode.hpp:1410), pid=22965, tid=22976
#  assert(C->live_nodes() - live_at_begin <= 2 * _nodes_required) failed: Bad node estimate: actual = 768 >> request = 166
#
# JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.shade.jdk-jdk)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.shade.jdk-jdk, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x11e762a]  AutoNodeBudget::~AutoNodeBudget()+0x1ba
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P" (or dumping to /home/shade/trunks/JavaFuzzer/tests/08508/core.22965)
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: Test

Host: shade-desktop, Intel(R) Core(TM) i7-7820X CPU @ 3.60GHz, 16 cores, 125G, Ubuntu 18.04.3 LTS
Time: Tue Aug 13 21:39:29 2019 CEST elapsed time: 0 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x00007f2708596000):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=22976, stack(0x00007f26a815e000,0x00007f26a825f000)]


Current CompileTask:
C2:    245   65   !   4       Test::iMeth (538 bytes)
Comments
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk11u-dev/pull/888 Date: 2022-03-14 11:38:25 +0000
14-03-2022
Fix Request (11u): Should get backported for parity with 11.0.16-oracle. Applies almost cleanly. Review: https://github.com/openjdk/jdk11u-dev/pull/888 Original GitHub URL: https://github.com/openjdk/jdk/commit/8275b17b07b1c15bde79b36b76ecbe3072db1e1a Nightly tests have passed.
14-03-2022
URL: https://hg.openjdk.java.net/jdk/jdk/rev/e6b5ec45ab9e User: phedlin Date: 2019-09-26 10:37:56 +0000
26-09-2019
Loop growth estimate for complete unrolling is too simplistic, assuming that control and data dependencies will unravel as we unroll. This is not always the case, e.g. when unrolling inner portions of (deep) loop-nests.
11-09-2019
Initially assigning to Patric.
13-08-2019