Bug ID: JDK-8286182 [BACKOUT] x86: Handle integral division overflow during parsing

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 19
19 b24Fixed

#  SIGFPE (0x8) at pc=0x00007fd2a0849b1a, pid=90495, tid=90496
# J 106 c2 Test.mainTest([Ljava/lang/String;)V (853 bytes) @ 0x00007fd2a0849b1a [0x00007fd2a0848ca0+0x0000000000000e7a]

Crashes at:
  0x00007fd2a0849b1a:   idivl  0x7c(%rsp)                   ;*invokevirtual append {reexecute=0 rethrow=0 return_oop=0}
                                                            ; - Test::mainTest@409 (line 154)

HOW TO REPRODUCE IT:

Generate bytecode targeting JVM 8 and run it on JVM 19 (b20 or later version, debug or release) as follows:

$ javac --source 8 --target 8 Test.java FuzzerUtils.java
$ java Test
(...)
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGFPE (0x8) at pc=0x00007fa848af7a19, pid=89901, tid=89902
#
# JRE version: OpenJDK Runtime Environment (19.0) (fastdebug build 19-internal-adhoc.rocastan.open)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 19-internal-adhoc.rocastan.open, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# J 294 c2 Test.mainTest([Ljava/lang/String;)V (853 bytes) @ 0x00007fa848af7a19 [0x00007fa848af7360+0x00000000000006b9]

ORIGINAL INSTRUCTIONS:

To reproduce:
$ java -XX:-BackgroundCompilation Test

For some reason, the crash doesn't seem to reproduce it I rebuild the class files from the java files. The class files were produced from the java files initially though. The out attached file contains the entire output, disassembly included.

Changeset: 079312c8 Author: Quan Anh Mai <anhmdq99@gmail.com> Committer: Martin Doerr <mdoerr@openjdk.org> Date: 2022-05-19 19:12:28 +0000 URL: https://git.openjdk.java.net/jdk/commit/079312c835a75e2ed5329d061583add5ac9fa2e0
19-05-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/8774 Date: 2022-05-18 15:44:10 +0000
18-05-2022
Sounds similar to JDK-8229496
16-05-2022
A pull request was submitted for review. URL: https://git.openjdk.java.net/jdk/pull/8726 Date: 2022-05-16 12:36:43 +0000
16-05-2022
Seems like the faulting idivl is hoisted to a speculative path and the result is never used when the divisor is 0. PPC64 is not affected because its integer division instructions never fault. (I've tried ignoring the SIGPFE in the signal handler on x86_64 which makes the crashes disappear. Seems to work correctly, but it isn't a nice fix.)
13-05-2022
Introduced by JDK-8284742, [~qamai] please have a look.
06-05-2022
Thanks [~rcastanedalo] for cleaning up the bug report. I tried backing out JDK-8284742 and the crash no longer reproduces.
05-05-2022
ILW = JVM crash in release mode with arithmetic error; JavaFuzzer-generated bytecode with older target JVM; disable compilation of affected method = HLM = P3
05-05-2022
The attached bytecode seems to be generated targeting JVM 8 (generates sequences of StringBuilder calls instead of using InvokeDynamic #0:makeConcatWithConstants:(III)Ljava/lang/String;). I updated the description accordingly.
05-05-2022

Relates :	JDK-8287035 - [BACKOUT] PPC64: Handle integral division overflow during parsing
Relates :	JDK-8257822 - C2 crashes with SIGFPE due to a division that floats above its zero check
Relates :	JDK-8299857 - C2: Allow speculative Div/Mod on RISC architectures
Relates :	JDK-8284742 - x86: Handle integral division overflow during parsing
Relates :	JDK-8288941 - C2: assert(false) failed: Bad graph detected in build_loop_late