JDK-8301944 : assert(cmp == __null) failed: A cmp with 2 OpaqueZeroTripGuard inputs with -XX:+PostLoopMultiversioning
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 21
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: generic
  • CPU: x86,aarch64
  • Submitted: 2023-02-07
  • Updated: 2023-07-17
  • Resolved: 2023-07-17
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
tbdResolved
Related Reports
Duplicate :  
JDK-8311691 - C2: Remove legacy code related to PostLoopMultiversioning
Relates :  
JDK-8269820 - C2 PhaseIdealLoop::do_unroll get wrong opaque node
Relates :  
JDK-8153998 - Masked vector post loops
Relates :  
JDK-8300256 - C2: vectorization is sometimes skipped on loops where it would succeed
Description
In recent days, we run some Java fuzzer tests with C2's experimental feature PostLoopMultiversioning and find a crash.

# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc:  SuppressErrorAt=/subnode.cpp:688
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/home/penli01/jdk_src/src/hotspot/share/opto/subnode.cpp:688), pid=2675636, tid=2675649
#  assert(cmp == __null) failed: A cmp with 2 OpaqueZeroTripGuard inputs
#
# JRE version: OpenJDK Runtime Environment (21.0) (fastdebug build 21-internal-adhoc.penli01.jdksrc)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 21-internal-adhoc.penli01.jdksrc, mixed mode, tiered, compressed oops, compressed class ptrs, g1 gc, linux-aarch64)
# Problematic frame:
# V  [libjvm.so+0x1913b68]  CmpINode::Value(PhaseGVN*) const+0x708
#
# Core dump will be written. Default location: /tmp/core.2675636
#
# An error report file with more information is saved as:
# /home/penli01/reduce2/hs_err_pid2675636.log
#
# Compiler replay data is saved as:
# /home/penli01/reduce2/replay_pid2675636.log
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

We narrowed down the fuzzer test case to a very small one. Below code can reproduce the crash on CPUs with masked vector support (x86 AVX-512 or AArch64 SVE).

public class Foo {
  private static short s;
  private static short[] sa = new short[400];

  private static void bar() {
    int i = 1, j = 1;
    while (i < 300) {
      j = 1;
      do {
        for (int k = j; k < 1; k--) {
          i++;
        }
        sa[i] = s;
      } while (++j < 6);
    }
  }

  public static void main(String[] args) {
    for (int i = 0; i < 20000; i++) {
      bar();
    }
  }
}

java -Xbatch -XX:+UnlockExperimentalVMOptions -XX:+PostLoopMultiversioning Foo
Comments
No need to fix this anymore since related code has been removed
17-07-2023
Looks like this is a regression from JDK-8300256 in JDK 21 ([~roland]).
08-02-2023
Thanks, the attached test reproduces the issue.
08-02-2023
Hi, attached is a failed fuzzer test with its crash logs.
08-02-2023
[~pli], I'm not able to reproduce this (on an AVX-512 capable machine). Could you share the replay/hs_err files?
07-02-2023
ILW = C2 crashes, with experimental feature, use -XX:-PostLoopMultiversioning = HLL = P4
07-02-2023