Bug ID: JDK-8283408 Fix a C2 crash when filling arrays with unsafe

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 17	JDK 18	JDK 19
11.0.16-oracleFixed	17.0.4-oracleFixed	18.0.2Fixed	19 b16Fixed

HotSpot C2 crashes when we use unsafe API to fill an array in a loop. It can be reproduced by the case like below.

        byte[] array = new byte[size];
        int offset = unsafe.arrayBaseOffset(byte[].class);
        for (int i = offset; i < offset + size; i++) {
             unsafe.putByte(array, i, fill);
        }

Crash report

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x0000ffffb60c5988, pid=2413836, tid=2413852
#
# JRE version: OpenJDK Runtime Environment (19.0) (fastdebug build 19-internal-adhoc.penli01.jdksrc)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 19-internal-adhoc.penli01.jdksrc, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
# Problematic frame:
# V  [libjvm.so+0x6c5988]  AddPNode::bottom_type() const+0x78
#
# Core dump will be written. Default location: /tmp/core.2413836
#
# An error report file with more information is saved as:
# /tmp/scratch/0/hs_err_pid2413836.log
#
# Compiler replay data is saved as:
# /tmp/scratch/0/replay_pid2413836.log
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#


The crash is caused by a NULL pointer issue when doing loop intrinsify_fill optimization for unsafe fill patterns. Although this only occurs with unsafe call, we still think it's better to fix that because such unsafe call is used in a correct way.

Note that this can be reproduced on AArch64 with default VM options. On x86, it's reproducible with additional option "-XX:+OptimizeFill" which is turned off by default.

Fix request [11u] I backport this for parity with 11.0.16-oracle. Low risk, a rather small fix adding a null check. Clean backport. Test passes. SAP nightly testing passes.
07-04-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk11u-dev/pull/1015 Date: 2022-04-06 13:28:05 +0000
06-04-2022
Starts to fail after JDK-8247307 but the affected code was already there before.
30-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk18u/pull/58 Date: 2022-03-29 15:03:48 +0000
29-03-2022
Fix Request (JDK 18u) Fixes a segmentation fault in C2. The fix is low risk and applies cleanly. Already tested and backported to Oracle JDK 17u. Tier 1-3 testing is running for JDK 18u.
29-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk17u-dev/pull/306 Date: 2022-03-29 14:11:27 +0000
29-03-2022
Fix Request (17u): Should get backported for parity with 17.0.4-oracle. Applies cleanly. Test has passed.
29-03-2022
Changeset: a6740c01 Author: Pengfei Li <pli@openjdk.org> Date: 2022-03-24 01:50:04 +0000 URL: https://git.openjdk.java.net/jdk/commit/a6740c010b7d37f991c8547be6ea72b198e9094f
24-03-2022
ILW = Segmentation fault in C2, rare and only when using Unsafe API, possibly disable compilation of affected method = HLM = P3
21-03-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/7884 Date: 2022-03-21 06:00:31 +0000
21-03-2022

Duplicate :	JDK-8316954 - crash with Problematic frame: # V [libjvm.so+0x3ba568] AddPNode::bottom_type() const+0x158
Relates :	JDK-8247307 - C2: Loop array fill stub routines are not called