JDK-8359200 : Memory corruption in MStack::push
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 24
  • Priority: P2
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-06-11
  • Updated: 2025-07-11
  • Resolved: 2025-06-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 25 JDK 26
25Fixed 26 b03Fixed
Related Reports
Causes :  
JDK-8336999 - Verification for resource area allocated data structures in C2
Description
A few odd numbers (83, 85, 87, 89, ...) of -XX:OptoNodeListSize trigger an assert in the matcher:

java -Xcomp -XX:-TieredCompilation -XX:OptoNodeListSize=89 Test.java

# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (workspace/open/src/hotspot/share/opto/matcher.cpp:1263), pid=2845732, tid=2845750
#  Error: ShouldNotReachHere()
#
# JRE version: Java(TM) SE Runtime Environment (25.0+26) (fastdebug build 25-ea+26-LTS-3300)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (fastdebug 25-ea+26-LTS-3300, compiled mode, sharing, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x15ddf1e]  Matcher::xform(Node*, int)+0x140e

Current CompileTask:
C2:10877 2247   !b        java.net.URI::create (23 bytes)

Stack: [0x0000783fdcc00000,0x0000783fdcd00000],  sp=0x0000783fdccfba90,  free space=1006k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x15ddf1e]  Matcher::xform(Node*, int)+0x140e  (matcher.cpp:1263)
V  [libjvm.so+0x15e3dff]  Matcher::match()+0x10ff
V  [libjvm.so+0xb2308e]  Compile::Code_Gen()+0x1fe
V  [libjvm.so+0xb28be3]  Compile::Compile(ciEnv*, ciMethod*, int, Options, DirectiveSet*)+0x2033
V  [libjvm.so+0x94fe57]  C2Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x467
V  [libjvm.so+0xb37f18]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0xb58
V  [libjvm.so+0xb390e8]  CompileBroker::compiler_thread_loop()+0x578
V  [libjvm.so+0x108590b]  JavaThread::thread_main_inner()+0x13b
V  [libjvm.so+0x1ad1746]  Thread::call_run()+0xb6
V  [libjvm.so+0x1759058]  thread_native_entry(Thread*)+0x128
Comments
A pull request was submitted for review. Branch: jdk25 URL: https://git.openjdk.org/jdk/pull/25792 Date: 2025-06-13 08:02:06 +0000
13-06-2025
Changeset: ed39e17e Branch: master Author: Tobias Hartmann <thartmann@openjdk.org> Date: 2025-06-13 07:45:18 +0000 URL: https://git.openjdk.org/jdk/commit/ed39e17e34a2a3fd08a3e54d8d2c309deb99f61a
13-06-2025
The problem is that MStack::push assumes that Node_Stack::grow will always grow the array but that's not true anymore after JDK-8336999. The method will then push two items on the stack which leads to memory corruption if there's not enough space left. ILW = Memory corruption in MStack::push, only seen with non-default debug flat -XX:OptoNodeListSize, no workaround but disable compilation of affected method = HMM = P2
11-06-2025
Bisection points to JDK-8336999.
11-06-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/25751 Date: 2025-06-11 11:49:08 +0000
11-06-2025