JDK-8325216 : JRE Crash due to JIT compiling ArrayIndexOutOfBoundsException
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 21.0.2
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: linux_ubuntu
  • CPU: x86_64
  • Submitted: 2024-02-01
  • Updated: 2024-02-05
  • Resolved: 2024-02-05
Related Reports
Duplicate :  
Description
ADDITIONAL SYSTEM INFORMATION :
# Java version
java 21.0.2 2024-01-16 LTS
Java(TM) SE Runtime Environment (build 21.0.2+13-LTS-58)
Java HotSpot(TM) 64-Bit Server VM (build 21.0.2+13-LTS-58, mixed mode, sharing)

# Operating system details
$ cat /etc/*release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.6 LTS"
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic

$ uname -a
Linux seoul 5.4.0-146-generic #163~18.04.1-Ubuntu SMP Mon Mar 20 15:02:59 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

A DESCRIPTION OF THE PROBLEM :
JRE Crash is observed when executing the attached program. This bug affects 17.0.10 and 21.0.2, as well as previous versions 18.0.2.1, 19.0.2, and 20.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The following steps shows how to reproduce the bug on Java 21 in a
Ubuntu Linux environment.

$ java C.java


EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
# no output
ACTUAL -
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007faca0b17c46, pid=29031, tid=29032
#
# JRE version: OpenJDK Runtime Environment (19.0.2+7) (build 19.0.2+7-44)
# Java VM: OpenJDK 64-Bit Server VM (19.0.2+7-44, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# J 1130 c2 C.read([CI)V (28 bytes) @ 0x00007faca0b17c46 [0x00007faca0b17c20+0x0000000000000026]
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /home/disk2/fuyao/projects/investigation/core.29031)
#
# An error report file with more information is saved as:
# /home/disk2/fuyao/projects/investigation/hs_err_pid29031.log
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#
Aborted (core dumped)

---------- BEGIN SOURCE ----------
public class C {
    static class SM {
        void sMatch(char[] buffer, int pos) {
            boolean x = ' ' == buffer[pos];
        }
    }

    static SM sm = new SM();

    static void m() {
        char[] buffer = { '.' };
        read(buffer, 0);
        read(buffer, -1);
    }

    static void read(char[] buffer, int pos) {
        for (int j = 0; j < 10; ++j) {
            match(buffer, pos);
            sm.sMatch(buffer, pos);
        }
    }

    static void match(char[] buffer, int pos) {
        char x = buffer[pos];
    }

    public static void main(String[] args) {
        for (int i = 0; i < 100_000; ++i) {
            try {
                m();
            } catch (IndexOutOfBoundsException e) {
            }
        }
    }
}

---------- END SOURCE ----------

CUSTOMER SUBMITTED WORKAROUND :
Interpreter is fine.
$ java -Xint C.java

FREQUENCY : always



Comments
This issue is duplicate of JDK-8319793
05-02-2024

This has been fixed in jdk23 b06 onwards, upgrading to latest version should avoid this issue.
05-02-2024