JDK-8299259 : C2: Div/Mod nodes without zero check could be split through iv phi of loop resulting in SIGFPE
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8,11,17,19,20,21
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2022-12-22
  • Updated: 2024-09-23
  • Resolved: 2023-01-10
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 17 JDK 20 JDK 21
11.0.20-oracleFixed 17.0.8-oracleFixed 20.0.2Fixed 21 b05Fixed
Related Reports
Relates :  
JDK-8323101 - C2: assert(n->in(0) == nullptr) failed: divisions with zero check should already have bailed out earlier in split-if
Relates :  
JDK-8248552 - C2 crashes with SIGFPE due to division by zero
Relates :  
JDK-8256655 - rework long counted loop handling
Relates :  
JDK-8299857 - C2: Allow speculative Div/Mod on RISC architectures
Relates :  
JDK-8336729 - C2: Div/Mod nodes without zero check could be split through iv phi of outer loop of long counted loop nest resulting in SIGFPE
Description
JDK-8248552 added bailout code when trying to split DivI/ModI nodes without zero check (control is NULL) through an iv phi which has an input that contains zero in its type range.

However, the fix is not complete in two regards:

1) We could have an "iv phi -> X -> DivI/ModI" chain where we want to split X and DivI/ModI through the iv phi. In this case, we first split X and create a new phi to merge the newly created nodes for X. When splitting the DivI/ModI node afterwards, the bailout code finds the newly created phi as divisor input which is not the iv phi and we do not bail out. We should change that.
2) Since JDK-8256655, we also optimize iv phis of long counted loops. The earlier added bailout code, however, only handles int divisions/modulo. We should extend the bailout code to additionally handle DivL/ModL.
Comments
Fix request [11u] I backport this for parity with 11.0.20-oracle. I had to resolve and adapt code and test. Typical risk of a C2 fix. Test failes without the fix, and passes with it, so a good repro case exists. SAP nightly testing passed.
30-05-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk11u-dev/pull/1910 Date: 2023-05-29 19:17:05 +0000
29-05-2023
Fix request [17u] I backport this for parity with 17.0.8-oracle. Typical risk of a C2 fix. Well reproducible, so we should take it. Clean backport except for Copyright. Test passes and fails witout the fix. SAP nightly testing passed.
19-04-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/1261 Date: 2023-04-18 15:27:04 +0000
18-04-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk20u/pull/25 Date: 2023-03-29 10:35:30 +0000
29-03-2023
Fix Request (JDK 20u) Resolves an issue with a SIGFPE in C2 compiled code. The fix is low risk (bailout), was already backported to Oracle JDK 11u and 17u and tested in the JDK 21, 17u and 11u CIs. The backport applies cleanly.
29-03-2023
Changeset: 8b0133f2 Author: Christian Hagedorn <chagedorn@openjdk.org> Date: 2023-01-10 14:35:46 +0000 URL: https://git.openjdk.org/jdk/commit/8b0133f2760f67cd968528c041a600408cc26978
10-01-2023
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/11900 Date: 2023-01-09 09:39:55 +0000
09-01-2023
ILW = SIGFPE in C2 compiled code when wrongly splitting Div/Mod nodes through a iv phi, rare, use -XX:-SplitIfBlocks = HLM = P3
22-12-2022