JDK-8316512 : C2: large byte array clone crashes on linux-x86 for large FastAllocateSizeLimit values
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 22
  • Priority: P4
  • Status: New
  • Resolution: Unresolved
  • CPU: x86
  • Submitted: 2023-09-19
  • Updated: 2023-09-19
Related Reports
Relates :  
JDK-8316414 - C2: large byte array clone triggers "failed: malformed control flow" assertion failure on linux-x86
Description
Running the attached program (ArrayCopyCrash.java) on a 32-bits x86 debug VM using

$ java -Xcomp -XX:-TieredCompilation -XX:CompileOnly=ArrayCopyCrash::createAndClone -XX:FastAllocateSizeLimit=2147483647 ArrayCopyCrash.java

triggers the following segmentation fault:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0xf2ce548f, pid=10422, tid=10423
#
# JRE version: Java(TM) SE Runtime Environment (22.0) (fastdebug build 22-internal-2023-09-18-0751569.roberto.castaneda.lozano.JDK-2215)
# Java VM: Java HotSpot(TM) Server VM (fastdebug 22-internal-2023-09-18-0751569.roberto.castaneda.lozano.JDK-2215, compiled mode, g1 gc, linux-x86)
# Problematic frame:
# J 82 c2 ArrayCopyCrash.createAndClone(I)[B (12 bytes) @ 0xf2ce548f [0xf2ce53c0+0x000000cf]

The failure is caused by an overflow in the fast-path allocation of the array. The overflow is caused by the large value of FastAllocateSizeLimit. Note that FastAllocateSizeLimit is a "develop" flag (i.e. debug-only), so the failure cannot happen on a product build, where FastAllocateSizeLimit is fixed to a much smaller value (currently 128*K).