JDK-8371881 : C2: Fix potential SEGV in VTransformReductionVectorNode tracing
  • Type: Enhancement
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 26
  • Priority: P5
  • Status: Resolved
  • Resolution: Fixed
  • Submitted: 2025-11-14
  • Updated: 2025-11-24
  • Resolved: 2025-11-18
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 26
26 b25Fixed
Related Reports
Causes :  
JDK-8369448 - C2 SuperWord: refactor VTransform to do move_unordered_reduction_out_of_loop during VTransform::optimize
Description
Sonar complains that given `current_red == nullptr` check, it is plausible `current_red->print();` would dereference the null pointer. Also `first_red` seems to be unused.

  VTransformReductionVectorNode* first_red   = this;
  VTransformReductionVectorNode* last_red    = phi->in_req(2)->isa_ReductionVector();
  VTransformReductionVectorNode* current_red = last_red;
  while (true) {
    if (current_red == nullptr ||
        current_red->vector_reduction_opcode() != ropc ||
        current_red->element_basic_type() != bt ||
        current_red->vector_length() != vlen) {
      TRACE_OPTIMIZE(
        tty->print("  Cannot move out of loop, other reduction node does not match:");
        print();
        tty->print("  other: ");
        current_red->print();
      )
      return false; // not compatible
    }
Comments
Changeset: 16557739 Branch: master Author: Vishal Chand <vishalvc@amazon.com> Committer: Aleksey Shipilev <shade@openjdk.org> Date: 2025-11-18 06:49:03 +0000 URL: https://git.openjdk.org/jdk/commit/16557739791ada59dc1991f65a0218434df01f9e
18-11-2025
A pull request was submitted for review. Branch: master URL: https://git.openjdk.org/jdk/pull/28323 Date: 2025-11-14 13:24:14 +0000
14-11-2025
Yeah, this is static analyzer result. I think it is a very corner-ish case when `isa_ReductionVector()` returns `nullptr` somehow, and we get into the TRACE_OPTIMIZE and crash there. Meaning, something is completely off the rails, the graph is already broken, and we would additionally crash at diagnostics. We really just want to tighten this up a little bit. I'll let one of our folks (Vishal) to practice Hotspot development on this starter cleanup task.
14-11-2025
[~shade] I tried to reproduce it, but so far no luck. Maybe it is not even possible. I attached the file, and below my command line: java -XX:CompileCommand=compileonly,Reduction::test -XX:CompileCommand=printcompilation,Reduction::test -XX:CompileCommand=TraceAutoVectorization,Reduction::test,ALL -XX:+TraceLoopOpts -XX:LoopUnrollLimit=1000 -XX:+TraceSuperWord -Xbatch -XX:AutoVectorizationOverrideProfitability=2 Reduction.java
14-11-2025