JDK-8277239 : SIGSEGV in vrshift_reg_maskedNode::emit
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 18
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • CPU: x86_64
  • Submitted: 2021-11-16
  • Updated: 2022-02-08
  • Resolved: 2021-11-22
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 18
18 b26Fixed
Related Reports
Duplicate :  
JDK-8277248 - 12 jdk/incubator/vector tests fail with EXCEPTION_ACCESS_VIOLATION in vrshift_reg_maskedNode::emit
Relates :  
JDK-8278267 - ARM32: several vector test failures for ASHR
Relates :  
JDK-8271515 - Integration of JEP 417: Vector API (Third Incubator)
Description
ASHRInt256VectorTestsMasked test in test/jdk/jdk/incubator/vector/Int256VectorTests.java fails with sigsegv due to null pointer access.

The failure is seen with the following command line on x86_64 ICX both Windows and Linux platform:
-XX:+CreateCoredumpOnCrash -ea -esa -XX:CompileThreshold=100 -XX:+UnlockExperimentalVMOptions  -Xcomp -server -XX:-TieredCompilation

The issue is observed at instruct vrshift_reg_masked in x86.ad file at line:

bool is_varshift = !VectorNode::is_vshift_cnt_opcode(in(2)->isa_Mach()->ideal_Opcode());

Here in(2) is a phi node and isa_Mach() returns null.

The phi node handling also needs to be done for is_vshift_cnt() check in the predicates in x86.ad file.
Comments
As this bug is intermittent, to verify this I run the test 200 times, of which 26 failed (pass rate is 87%). The fixed version passed through its own 200 runs with flying colours. I mark the test Verified.
08-02-2022
The fix for this bug is in jdk-18+25-1671.
23-11-2021
Changeset: e5298655 Author: Jatin Bhateja <jbhateja@openjdk.org> Date: 2021-11-22 16:38:52 +0000 URL: https://git.openjdk.java.net/jdk/commit/e529865531d0eb5a2119a1d220b195d088794226
22-11-2021
Please fix this or problem_list the tests.
22-11-2021
Currently instruction selector differentiates between two kinds of vector shift operations i.e. with vector shift count and scalar shift count passed though LShiftCntV/RShiftCntV nodes by looking at the ideal opcode of shift count node. A more robust scheme is to set a flag over vector shift node if it has variable vector shift count and replace the opcode based check with flag based check in various shift instruction selection patterns.
17-11-2021
Crash log with graph dump: nmatched Memory: @BotPTR *+bot, idx=Bot; !jvms: Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:102 (line 2228) 499 Region === 499 156 [[ 499 547 254 152 ]] !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 519 Region === 519 227 [[ 519 493 314 321 322 323 324 226 ]] !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 495 Region === 495 135 [[ 495 494 ]] !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 760 MemToRegSpillCopy === _ 744 [[ 251 772 786 ]] vectory[8]:{int} !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 254 loadV === 499 231 755 758 [[ 251 634 ]] vectory[8]:{int} !jvms: Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:102 (line 2228) 773 DefinitionSpillCopy === _ 251 [[ 863 138 ]] vectory[8]:{int} !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 493 jmpDir === 519 [[ 134 ]] !orig=451 !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 494 jmpDir === 495 [[ 134 ]] !orig=451 !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 251 vand_reg === _ 254 760 [[ 773 787 ]] vectory[8]:{int} !jvms: Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:115 (line 2229) 863 PhiLocationDifferToInputLocationSpillCopy === _ 773 [[ 787 ]] vectory[8]:{int} !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 134 Region === 134 494 493 [[ 134 221 243 133 312 786 787 ]] !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) 787 Phi === 134 863 251 [[ 245 599 ]] #vectory[8]:{int} !jvms: IntVector::intoArray @ bci:-1 (line 3163) Int256VectorTests::ASHRInt256VectorTestsMasked @ bci:148 (line 2231) # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007fac81eeab38, pid=2355419, tid=2355434 # # JRE version: OpenJDK Runtime Environment (18.0) (slowdebug build 18-internal+0-adhoc.root.jdk) # Java VM: OpenJDK 64-Bit Server VM (slowdebug 18-internal+0-adhoc.root.jdk, compiled mode, compressed oops, compressed class ptrs, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x3deb38] vrshift_reg_masked_0Node::emit(CodeBuffer&, PhaseRegAlloc*) const+0x15a
17-11-2021
This triggers with multiple tests, see JDK-8277248. ILW = SIGSEGV during C2 compilation (regression in JDK 18 from JDK-8271515), multiple vectorapi tests at tier4/5, no workaround but disable compilation of affected method = HMM = P2
17-11-2021
[~sviswanathan] could you please add the hs_err file?
17-11-2021