Bug ID: JDK-8270886 Crash in PhaseIdealLoop::verify_strip_mined

JDK-8270886 : Crash in PhaseIdealLoop::verify_strip_mined_scheduling

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 11,16,17,18

Priority: P3
Status: Resolved
Resolution: Fixed

Submitted: 2021-07-19
Updated: 2022-05-31
Resolved: 2021-07-29

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 13	JDK 15	JDK 17	JDK 18
11.0.14-oracleFixed	13.0.12Fixed	15.0.8Fixed	17.0.2Fixed	18 b09Fixed

Related Reports

Relates :	JDK-8271340 - Crash PhaseIdealLoop::clone_outer_loop
Relates :	JDK-8186027 - C2: loop strip mining
Relates :	JDK-8271341 - Opcode() != Op_If && Opcode() != Op_RangeCheck) \|\| outcnt() == 2 assert failure with Test7179138_1.java

Description

Several fuzzer generated tests trigger crashes/asserts because the OuterStripMinedLoopEnd main_head->outer_loop()->outer_loop_tail() only has an IfTrue projection.

For example, with attached SDD87.java we fail because sfpt = head->as_Loop()->outer_safepoint() is
NULL, because loop->_head->outer_loop_tail() only has an IfTrue projection:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007fdf1d8794ec, pid=9384, tid=9397
#
# JRE version: Java(TM) SE Runtime Environment (18.0) (fastdebug build 18-internal+0-2021-07-15-1125012.tobias...)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 18-internal+0-2021-07-15-1125012.tobias..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x12bb4ec]  Node::in(unsigned int) const [clone .constprop.1]+0xc
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport %p %s %c %d %P %E" (or dumping to /home/tobias/Downloads/32703210/core.9384)
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: SDD87

Host: prometheus, Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 12 cores, 31G, Ubuntu 20.04.2 LTS
Time: Mon Jul 19 08:47:12 2021 CEST elapsed time: 0.285794 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x00007fdf182ed9e0):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=9397, stack(0x00007fdee5739000,0x00007fdee583a000)]


Current CompileTask:
C2:    285  283   !   4       SDD87::mainTest (845 bytes)

Stack: [0x00007fdee5739000,0x00007fdee583a000],  sp=0x00007fdee58341a0,  free space=1004k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x12bb4ec]  Node::in(unsigned int) const [clone .constprop.1]+0xc
V  [libjvm.so+0x12cfbc3]  PhaseIdealLoop::verify_strip_mined_scheduling(Node*, Node*)+0x93
V  [libjvm.so+0x12dd0f2]  PhaseIdealLoop::build_loop_late_post_work(Node*, bool)+0x122
V  [libjvm.so+0x12dd77a]  PhaseIdealLoop::build_loop_late(VectorSet&, Node_List&, Node_Stack&)+0xba
V  [libjvm.so+0x12de0e7]  PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x507
V  [libjvm.so+0x9fb46c]  PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x28c
V  [libjvm.so+0x9f7d5f]  Compile::Optimize()+0x127f
V  [libjvm.so+0x9f9a24]  Compile::Compile(ciEnv*, ciMethod*, int, bool, bool, bool, bool, bool, DirectiveSet*)+0x1564
V  [libjvm.so+0x819aa6]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x646
V  [libjvm.so+0xa0a4e9]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0xef9
V  [libjvm.so+0xa0b218]  CompileBroker::compiler_thread_loop()+0x598
V  [libjvm.so+0x186728c]  JavaThread::thread_main_inner()+0x27c
V  [libjvm.so+0x186da30]  Thread::call_run()+0x100
V  [libjvm.so+0x1550bf4]  thread_native_entry(Thread*)+0x104

These issues were reported by John Jiang (johnsjiang@tencent.com)

Comments

A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk13u-dev/pull/354 Date: 2022-05-31 06:33:07 +0000
31-05-2022
Fix request (15u, 13u): I'd like to backport this fix to 15u, 13u for parity with major releases. Clean backport.
31-05-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk15u-dev/pull/214 Date: 2022-05-30 12:57:13 +0000
30-05-2022
Fix Request (11u): Should get backported for parity with 11.0.14-oracle. Applies cleanly.
06-10-2021
Fix request (17u): The bug leads to a crash in C2. The fix is low risk and has been tested in the JDK 18 for a while and with tier1-3 in JDK 17u. The patch applies cleanly.
28-09-2021
Changeset: 6afcf5f5 Author: Roland Westrelin <roland@openjdk.org> Date: 2021-07-29 07:34:20 +0000 URL: https://git.openjdk.java.net/jdk/commit/6afcf5f5a243be10e2ec61229819c298ccce3267
29-07-2021
I couldn't reproduce SDD62.java or Test.java
27-07-2021
Running test/hotspot/jtreg/compiler/c2/Test7179138_1.java with "-XX:-ReduceInitialCardMarks -XX:-ReduceBulkZeroing -XX:-ReduceFieldZeroing -XX:+IgnoreUnrecognizedVMOptions -XX:+UnlockDiagnosticVMOptions -XX:+StressIGVN -XX:RepeatCompilation=100" (might need multiple runs to reproduce) also triggers the "bad if #1" assert: # Internal Error (/oracle/jdk/open/src/hotspot/share/opto/multnode.cpp:49), pid=629891, tid=629907 # assert((Opcode() != Op_If && Opcode() != Op_RangeCheck) \|\| outcnt() == 2) failed: bad if #1
22-07-2021
Roland, could you please have a look?
19-07-2021
ILW = Asserts/crashes in C2, reproducible with JavaFuzzer generated tests containing infinite loops, disable loop strip mining = HLM = P3
19-07-2021
I've attached a simplified Test.java that fails with: # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/oracle/jdk/open/src/hotspot/share/opto/multnode.cpp:49), pid=10566, tid=10579 # assert((Opcode() != Op_If && Opcode() != Op_RangeCheck) \|\| outcnt() == 2) failed: bad if #1 Current CompileTask: C2: 322 353 % 4 Test::test @ 12 (59 bytes) Stack: [0x00007ff3b6334000,0x00007ff3b6435000], sp=0x00007ff3b642f160, free space=1004k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x14a8342] MultiNode::proj_out_or_null(unsigned int) const+0x172 V [libjvm.so+0x14a865e] MultiNode::proj_out(unsigned int) const+0xe V [libjvm.so+0x12d7aab] PhaseIdealLoop::is_counted_loop(Node, IdealLoopTree&, BasicType)+0xb7b V [libjvm.so+0x12d937f] IdealLoopTree::counted_loop(PhaseIdealLoop)+0x10f V [libjvm.so+0x12d9304] IdealLoopTree::counted_loop(PhaseIdealLoop)+0x94 V [libjvm.so+0x12de5aa] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0x9ca V [libjvm.so+0x9fb46c] PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x28c V [libjvm.so+0x9f6fd6] Compile::Optimize()+0x4f6 V [libjvm.so+0x9f9a24] Compile::Compile(ciEnv, ciMethod, int, bool, bool, bool, bool, bool, DirectiveSet)+0x1564 V [libjvm.so+0x819aa6] C2Compiler::compile_method(ciEnv, ciMethod, int, bool, DirectiveSet)+0x646 V [libjvm.so+0xa0a4e9] CompileBroker::invoke_compiler_on_method(CompileTask)+0xef9 V [libjvm.so+0xa0b218] CompileBroker::compiler_thread_loop()+0x598 V [libjvm.so+0x186728c] JavaThread::thread_main_inner()+0x27c V [libjvm.so+0x186da30] Thread::call_run()+0x100 V [libjvm.so+0x1550bf4] thread_native_entry(Thread)+0x104
19-07-2021
SDD62.java fails with as assert because l->outer_loop_end is NULL because l->outer_loop()->outer_loop_tail() only has an IfTrue projection: # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/opt/mach5/mesos/work_dir/slaves/3c846bae-ce30-4a97-93ee-9fef4497ccb6-S78974/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/37c71054-bd06-4323-a05c-bfac0e7342c9/runs/fc41a2a1-240b-4634-8179-0bbf19fca6ba/workspace/open/src/hotspot/share/opto/loopTransform.cpp:80), pid=10424, tid=10436 # assert(outer_loop_end != __null) failed: missing piece of strip mined loop Current CompileTask: C2: 137 75 ! 4 SDD62::mainTest (202 bytes) Stack: [0x00007f09f583a000,0x00007f09f593b000], sp=0x00007f09f5934340, free space=1000k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x18bb644] VMError::report_and_die(int, char const, char const, __va_list_tag, Thread, unsigned char, void, void, char const, int, unsigned long)+0x194 V [libjvm.so+0x18bc6af] VMError::report_and_die(Thread, void, char const, int, char const, char const, __va_list_tag)+0x2f V [libjvm.so+0xb00900] report_vm_error(char const, int, char const, char const, ...)+0x100 V [libjvm.so+0x12860b1] IdealLoopTree::record_for_igvn()+0x6b1 V [libjvm.so+0x128ecef] PhaseIdealLoop::do_unroll(IdealLoopTree, Node_List&, bool)+0x81f V [libjvm.so+0x1295051] IdealLoopTree::iteration_split_impl(PhaseIdealLoop, Node_List&)+0x581 V [libjvm.so+0x129530a] IdealLoopTree::iteration_split(PhaseIdealLoop, Node_List&)+0x24a V [libjvm.so+0x129523c] IdealLoopTree::iteration_split(PhaseIdealLoop, Node_List&)+0x17c V [libjvm.so+0x12bdaa5] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0xfa5 V [libjvm.so+0xa2753a] Compile::optimize_loops(int&, PhaseIterGVN&, LoopOptsMode) [clone .part.435]+0x2da V [libjvm.so+0xa2ae20] Compile::Optimize()+0xcb0 V [libjvm.so+0xa2bfd7] Compile::Compile(ciEnv, C2Compiler, ciMethod, int, bool, bool, bool, bool, DirectiveSet)+0xf87 V [libjvm.so+0x82bc0b] C2Compiler::compile_method(ciEnv, ciMethod, int, DirectiveSet)+0xfb V [libjvm.so+0xa394b2] CompileBroker::invoke_compiler_on_method(CompileTask)+0x342 V [libjvm.so+0xa3a6e8] CompileBroker::compiler_thread_loop()+0x568 V [libjvm.so+0x17f8bdb] JavaThread::thread_main_inner()+0x20b V [libjvm.so+0x17f452a] Thread::call_run()+0x19a V [libjvm.so+0x1502ee6] thread_native_entry(Thread)+0x106
19-07-2021
SDD56.java fails with SIGSEGV in PhaseIdealLoop::clone_outer_loop because stack.node() is NULL because sfpt = cl->outer_safepoint() is NULL: # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007fad1c2432bb, pid=9927, tid=9945 # # JRE version: Java(TM) SE Runtime Environment (18.0) (fastdebug build 18-internal+0-2021-07-15-1125012.tobias...) # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 18-internal+0-2021-07-15-1125012.tobias..., mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x12e32bb] PhaseIdealLoop::clone_outer_loop(LoopNode, PhaseIdealLoop::CloneLoopMode, IdealLoopTree, IdealLoopTree, int, Node_List&, Node_List&) [clone .part.0]+0x31b Current CompileTask: C2: 272 282 ! 4 SDD56::mainTest (273 bytes) Stack: [0x00007facb7cfd000,0x00007facb7dfe000], sp=0x00007facb7df7da0, free space=1003k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x12e32bb] PhaseIdealLoop::clone_outer_loop(LoopNode, PhaseIdealLoop::CloneLoopMode, IdealLoopTree, IdealLoopTree, int, Node_List&, Node_List&) [clone .part.0]+0x31b V [libjvm.so+0x12eebd8] PhaseIdealLoop::clone_loop(IdealLoopTree, Node_List&, int, PhaseIdealLoop::CloneLoopMode, Node)+0x4e8 V [libjvm.so+0x12a0fe2] PhaseIdealLoop::do_peeling(IdealLoopTree, Node_List&)+0x102 V [libjvm.so+0x12acd3e] PhaseIdealLoop::do_maximally_unroll(IdealLoopTree, Node_List&)+0xbe V [libjvm.so+0x12b1f80] IdealLoopTree::iteration_split_impl(PhaseIdealLoop, Node_List&) [clone .part.0]+0x460 V [libjvm.so+0x12b259b] IdealLoopTree::iteration_split(PhaseIdealLoop, Node_List&)+0x13b V [libjvm.so+0x12b2495] IdealLoopTree::iteration_split(PhaseIdealLoop, Node_List&)+0x35 V [libjvm.so+0x12de938] PhaseIdealLoop::build_and_optimize(LoopOptsMode)+0xd58 V [libjvm.so+0x9fb46c] PhaseIdealLoop::optimize(PhaseIterGVN&, LoopOptsMode)+0x28c V [libjvm.so+0x9f7f55] Compile::Optimize()+0x1475 V [libjvm.so+0x9f9a24] Compile::Compile(ciEnv, ciMethod, int, bool, bool, bool, bool, bool, DirectiveSet)+0x1564 V [libjvm.so+0x819aa6] C2Compiler::compile_method(ciEnv, ciMethod, int, bool, DirectiveSet)+0x646 V [libjvm.so+0xa0a4e9] CompileBroker::invoke_compiler_on_method(CompileTask)+0xef9 V [libjvm.so+0xa0b218] CompileBroker::compiler_thread_loop()+0x598 V [libjvm.so+0x186728c] JavaThread::thread_main_inner()+0x27c V [libjvm.so+0x186da30] Thread::call_run()+0x100 V [libjvm.so+0x1550bf4] thread_native_entry(Thread*)+0x104 This reproduces with JDK 11u as well.
19-07-2021