Bug ID: JDK-8323190 Segfault during deoptimization of C2-compiled code

JDK-8323190 : Segfault during deoptimization of C2-compiled code

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: 22,23

Priority: P2
Status: Resolved
Resolution: Fixed

Submitted: 2024-01-08
Updated: 2024-01-23
Resolved: 2024-01-12

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 22	JDK 23
22Fixed	23 b06Fixed

Related Reports

Relates :

JDK-8287061 - Support for rematerializing scalar replaced objects participating in allocation merges

Description

Execution of the attached test with -Xcomp on JDK 22 and 23 leads to a segfault:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f04423fe14f, pid=749112, tid=749113
#
# JRE version: OpenJDK Runtime Environment (23.0+4) (build 23-ea+4-185)
# Java VM: OpenJDK 64-Bit Server VM (23-ea+4-185, compiled mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0xdcf14f]  StackValue::create_stack_value_from_oop_location(stackChunkOopDesc*, void*)+0x12f

The stack is:

Stack: [0x00007f04413d5000,0x00007f04414d6000],  sp=0x00007f04414d2120,  free space=1012k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0xdcf14f]  StackValue::create_stack_value_from_oop_location(stackChunkOopDesc*, void*)+0x12f
V  [libjvm.so+0xdcfa97]  StackValue* StackValue::create_stack_value<RegisterMap>(ScopeValue*, unsigned char*, RegisterMap const*)+0x1d7
V  [libjvm.so+0xf389f7]  compiledVFrame::monitors() const+0x1e7
V  [libjvm.so+0x6aa4fe]  Deoptimization::fetch_unroll_info_helper(JavaThread*, int)+0xd6e
V  [libjvm.so+0x6aa782]  Deoptimization::uncommon_trap(JavaThread*, int, int)+0x32
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
v  ~UncommonTrapBlob 0x00007f042c1015a1
J 1201 c2 Test.method1()LTest$Class0; (87 bytes) @ 0x00007f042c8dd9a0 [0x00007f042c8dd820+0x0000000000000180]
J 1021 c1 Test.main([Ljava/lang/String;)V (24 bytes) @ 0x00007f0424dc26ec [0x00007f0424dc2660+0x000000000000008c]
v  ~StubRoutines::call_stub 0x00007f042c0aacc6

If I'm reading this correctly, this is during deoptimization of a C2-compiled method.

To run:
rm -f *.class && jdk-22/bin/javac Test.java && jdk-22/bin/java -Xcomp Test
or
rm -f *.class && jdk-23/bin/javac Test.java && jdk-23/bin/java -Xcomp Test

Tested JDK versions:
openjdk version "22-ea" 2024-03-19
OpenJDK Runtime Environment (build 22-ea+30-2287)
OpenJDK 64-Bit Server VM (build 22-ea+30-2287, mixed mode, sharing)
from https://jdk.java.net/22/
and
openjdk version "23-ea" 2024-09-17
OpenJDK Runtime Environment (build 23-ea+4-185)
OpenJDK 64-Bit Server VM (build 23-ea+4-185, mixed mode, sharing)
from https://jdk.java.net/23/.

Doesn't seem to happen with JDK 21. Test code and a sample hs_err dump attached.

Comments

A pull request was submitted for review. URL: https://git.openjdk.org/jdk22/pull/67 Date: 2024-01-12 10:45:11 +0000
12-01-2024
Changeset: ed182223 Author: Cesar Soares Lucas <cslucas@openjdk.org> Committer: Tobias Hartmann <thartmann@openjdk.org> Date: 2024-01-12 10:43:16 +0000 URL: https://git.openjdk.org/jdk/commit/ed182223655feee5356d42a94dd74950e9595724
12-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17333 Date: 2024-01-10 01:22:37 +0000
10-01-2024
Thanks. I'll start looking asap.
09-01-2024
Cesar, please have a look.
08-01-2024
ILW = Crash during deopt (or assert during compilation with C2), reproducible with generated test, -XX:-ReduceAllocationMerges = HML = P2
08-01-2024
Thanks for reporting this! With fastdebug, we already hit an assert during compilation of the problematic method: java -Xcomp -XX:CompileCommand=compileonly,Test::* Test.java # A fatal error has been detected by the Java Runtime Environment: # # Internal Error (/open/src/hotspot/share/opto/output.cpp:707), pid=3969077, tid=3969091 # assert(OptoReg::is_valid(regnum)) failed: location must be valid # # JRE version: Java(TM) SE Runtime Environment (23.0+4) (fastdebug build 23-ea+4-173) # Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 23-ea+4-173, compiled mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64) # Problematic frame: # V [libjvm.so+0x14bf913] new_loc_value(PhaseRegAlloc, int, Location::Type) [clone .constprop.0]+0x153 Current CompileTask: C2:2086 91 !b 4 Test::method1 (87 bytes) Stack: [0x00007fbd6c247000,0x00007fbd6c348000], sp=0x00007fbd6c343a90, free space=1010k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x14bf913] new_loc_value(PhaseRegAlloc, int, Location::Type) [clone .constprop.0]+0x153 (output.cpp:707) V [libjvm.so+0x14ccba7] PhaseOutput::Process_OopMap_Node(MachNode, int)+0x707 V [libjvm.so+0x14cf40a] PhaseOutput::fill_buffer(CodeBuffer, unsigned int)+0x79a V [libjvm.so+0x9ed90c] Compile::Code_Gen()+0x4ac V [libjvm.so+0x9f05f1] Compile::Compile(ciEnv, ciMethod, int, Options, DirectiveSet)+0x1cd1 V [libjvm.so+0x83dc57] C2Compiler::compile_method(ciEnv, ciMethod, int, bool, DirectiveSet)+0x1e7 V [libjvm.so+0x9fbacc] CompileBroker::invoke_compiler_on_method(CompileTask)+0x92c V [libjvm.so+0x9fc758] CompileBroker::compiler_thread_loop()+0x468 V [libjvm.so+0xeb99ec] JavaThread::thread_main_inner()+0xcc V [libjvm.so+0x179ea66] Thread::call_run()+0xb6 V [libjvm.so+0x14a92e7] thread_native_entry(Thread*)+0x127 This is a regression from JDK-8287061 in JDK 22 b07.
08-01-2024