Bug ID: JDK-8293216 C2: SLP miscompilation

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 18,19,20

Priority: P3
Status: Closed
Resolution: Duplicate

Submitted: 2022-09-01
Updated: 2022-09-05
Resolved: 2022-09-05

JDK 20
20Resolved

The attached test case passes when executed in interpreter mode:

$ java -Xint Test.java 
-30.0
-30.0

but fails on JDK20 (b13) when compiled with C2 using -XX:+UseSuperWord (default setting), on a linux-x86_64 platform:

$ java -Xcomp -Xbatch -XX:CompileOnly=Test -XX:CompileCommand=quiet -XX:+UseSuperWord Test.java
-30.0
-9.0
Exception in thread "main" java.lang.Exception: expected s: -30, actual s: -9.0
	at Test.o(Test.java:26)
	at Test.main(Test.java:31)

The test case succeeds when compiled with -XX:-UseSuperWord, which suggests that the bug is in this C2 sub-component.

Great, thanks!
05-09-2022
[~chagedorn], yes, I'll update my PR with the reduced test. Thanks for your kind reminder.
05-09-2022
[~fgao] Thanks for the analysis! Sounds good, then I'll close it as a dup. Maybe you want to add the reduced test as additional regression test for the patch.
05-09-2022
Hi [~chagedorn], I suppose it's caused by the same problem as https://bugs.openjdk.org/browse/JDK-8290910. Here is the loop in the failed case above: ``` for (int h = 1; h < 32; h++) { a[h] = b[h - 1]--; // statement 1 b[h]--; // statement 2 } ``` Its generated assembly code by the current JDK is: ``` B13: movl R10, R8 # spill B14: load_vector XMM1,[RBX + #12 + R10 << #2] decl [RBX + #16 + R10 << #2] # int decl [RBX + #20 + R10 << #2] # int decl [RBX + #24 + R10 << #2] # int vpaddd XMM2,XMM1,XMM0 ! add packedI store_vector [RBX + #12 + R10 << #2],XMM2 decl [RBX + #28 + R10 << #2] # int load_vector XMM2,[RBX + #28 + R10 << #2] decl [RBX + #32 + R10 << #2] # int decl [RBX + #36 + R10 << #2] # int decl [RBX + #40 + R10 << #2] # int vpaddd XMM3,XMM2,XMM0 ! add packedI store_vector [RBX + #28 + R10 << #2],XMM3 decl [RBX + #44 + R10 << #2] # int vector_cast_i2x XMM1,XMM1 ! store_vector [RCX + #16 + R10 << #2],XMM1 vector_cast_i2x XMM1,XMM2 ! store_vector [RCX + #32 + R10 << #2],XMM1 movl R8, R10 # spill addl R8, #8 # int cmpl R8, #25 jl,s B13 ``` `Load_vector` of statement 1 is scheduled to the very beginning of the loop , where we haven't assign necessary new values to `b[h]` by statement2. After fixed by my patch, we pick the memory state of the last load and the generated assembly code is like: ``` B13: movl R10, R8 # spill B14: decl [RBX + #16 + R10 << #2] # int decl [RBX + #20 + R10 << #2] # int decl [RBX + #24 + R10 << #2] # int load_vector XMM1,[RBX + #12 + R10 << #2] vpaddd XMM2,XMM1,XMM0 ! add packedI store_vector [RBX + #12 + R10 << #2],XMM2 decl [RBX + #28 + R10 << #2] # int decl [RBX + #32 + R10 << #2] # int decl [RBX + #36 + R10 << #2] # int decl [RBX + #40 + R10 << #2] # int load_vector XMM2,[RBX + #28 + R10 << #2] vpaddd XMM3,XMM2,XMM0 ! add packedI store_vector [RBX + #28 + R10 << #2],XMM3 decl [RBX + #44 + R10 << #2] # int vector_cast_i2x XMM1,XMM1 ! store_vector [RCX + #16 + R10 << #2],XMM1 vector_cast_i2x XMM1,XMM2 ! store_vector [RCX + #32 + R10 << #2],XMM1 movl R8, R10 # spill addl R8, #8 # int cmpl R8, #25 jl,s B13 ``` Then we can get correct results.
05-09-2022
This issue is duplicated with JDK-8290910. A patch for the fix is under review.
05-09-2022
[~pli] can you take a look at it?
02-09-2022
I could trace it back to JDK-8275317 which added some type conversation vectorization support in SLP.
02-09-2022
ILW = Wrong execution of C2 compiled code, only single fuzzer test and not a recent regression, use -XX:-UseSuperWord or disable compilation of affected method = HLM = P3
01-09-2022

Duplicate :	JDK-8290910 - Wrong memory state is picked in SuperWord::co_locate_pack()
Relates :	JDK-8275317 - AArch64: Support some type conversion vectorization in SLP