JDK-8331085 : Crash in MergePrimitiveArrayStores::is_compatible_store()
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 23
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2024-04-24
  • Updated: 2024-05-09
  • Resolved: 2024-05-07
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 23
23 b22Fixed
Related Reports
Relates :  
JDK-8318446 - C2: optimize stores into primitive arrays by combining values into larger store
Relates :  
JDK-8331054 - C2 MergeStores: assert failed: unexpected basic type after JDK-8318446 and JDK-8329555
Description
javax/swing/plaf/metal/MetalUtils/bug6190373.java test crashed running on Mac-x86 with product VM:

# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x000000010b895cc1, pid=34878, tid=25603
#
# JRE version: Java(TM) SE Runtime Environment (23.0+20) (build 23-ea+20-1647)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (23-ea+20-1647, mixed mode, sharing, tiered, compressed oops, compressed class ptrs, g1 gc, bsd-amd64)
# Problematic frame:
# V  [libjvm.dylib+0x88bcc1]  MergePrimitiveArrayStores::is_compatible_store(StoreNode const*) const+0x51
Comments
Changeset: df1ff056 Author: Emanuel Peter <epeter@openjdk.org> Date: 2024-05-07 07:08:32 +0000 URL: https://git.openjdk.org/jdk/commit/df1ff056f19ce569e05b0b87584e289840fc5d5c
07-05-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/19103 Date: 2024-05-06 11:25:22 +0000
07-05-2024
With the help of [~chagedorn] I found a relatively simple regression test. ./java -XX:CompileCommand=compileonly,Test::test -XX:-TieredCompilation -Xcomp -XX:+UnlockDiagnosticVMOptions -XX:+StressIGVN -XX:+StressCCP -XX:+TraceLoopOpts -XX:RepeatCompilation=1000 Test.java it now reproduces on aarch64 and x64, and probably elsewhere.
06-05-2024
Thanks [~prr], I will keep that in mind for the next time! I now have a fuzzer reproducer, and I found out that the issue is with: other_store->adr_type()->isa_aryptr() The store has an address that is dying, i.e. there are TOP inputs further up the address. This means that the "adr_type() == nullptr", and then inside "isa_aryptr" we hit a nullptr-dereference / SIGSEGV. 1019 StoreI === 1128 827 1022 1020 [[ 1075 541 1073 574 ]] @int[int:>=0] (java/lang/Cloneable,java/io/Serializable):exact+any *, idx=6; Memory: @null !orig=574,1068 !jvms: Test::dMeth @ bci:227 (line 35) 1022 AddP === _ 1 1 41 [[ 1019 1021 ]] !orig=539,[572] !jvms: Test::dMeth @ bci:223 (line 35) 1 Con === 0 [[ ]] #top I'll try to reduce the test a little more and create a patch soon.
06-05-2024
This needs to be fixed ASAP. It is causing random tests to crash on at least Linux x64 macOS x64 macOS AARCH64 So it seems like a generic problem.
02-05-2024
ILW = Crash during C2 compilation (regression), intermittent with two tests, -XX:-MergeStores = HLM = P3
25-04-2024
It could be caused by original JDK-8318446 or follow up JDK-8331054 changes.
24-04-2024