JDK-8039298 : C2: assert(base == NULL || t_adr->isa_rawptr() || !phase->type(base)->higher_equal(TypePtr::NULL_PTR)) failed: NULL+offs not RAW address?
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: hs24,7u80,9
  • Priority: P1
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2014-04-04
  • Updated: 2017-08-04
  • Resolved: 2014-05-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 JDK 9
7u72Fixed 8u20Fixed 9 b14Fixed
Related Reports
Duplicate :  
Description
The hs_err head is:
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (C:\jprt\T\P1\145625.kwalls\s\src\share\vm\opto\memnode.cpp:320), pid=11196, tid=7956
#  assert(base == NULL || t_adr->isa_rawptr() || !phase->type(base)->higher_equal(TypePtr::NULL_PTR)) failed: NULL+offs not RAW address?
#
# JRE version: Java(TM) SE Runtime Environment (7.0_40-b43) (build 1.7.0_40-fastdebug-b43)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (24.80-b06-internal-201404031456.kwalls.hotspot-fastdebug mixed mode windows-amd64 compressed oops)
# Core dump written. Default location: C:\local\aurora\sandbox\results\workDir\java\util\PluggableLocale\TimeZoneNameProviderTest\hs_err_pid11196.mdmp
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.sun.com/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x000000004effb000):  JavaThread "C2 CompilerThread0" daemon [_thread_in_native, id=7956, stack(0x0000000051f70000,0x0000000052070000)]

Stack: [0x0000000051f70000,0x0000000052070000]
[error occurred during error reporting (printing stack bounds), id 0xc0000005]


[error occurred during error reporting (printing native stack), id 0xe0000000]


Current CompileTask:
C2:   6597  172 % !         TimeZoneNameProviderTest::test1 @ 74 (275 bytes)
Comments
verified by nightly testing
2017-08-04

SQE OK to take regression fix into PSU14_04
2014-07-23

The code is on dead path. The control path is not removed yet because of order of processing igvn._worklist. We start processing load nodes first.
2014-04-25

Hooray, I was able to replay first Kitchensink failure replay_pid21994.log ! Now I have to copy classes to solaris box where I can use dbx and try to replay there.
2014-04-24

Looks like last replay_pid25860.log is not complete - there is no 'compile' command in it.
2014-04-23

For the last crash the IR subgraph is next: 484 ConI === 0 [[...]] #int:12 20324 Phi === 19674 1 20403 [[ 19664 ]] #byte[int:>=0]:exact+any * 19664 AddP === _ 1 20324 484 [[ 19663 ]] 19663 LoadB === 19098 13423 19664 [[ 19662 ]] @byte[int:>=0]:exact+any *, idx=52; #byte It is 32-bit VM on linux.b It is similar previous Kitchensink failure but for different method compilation.
2014-04-23

It could be indeed related to 8039050 where we did not put changed by loop opts nodes on IGVN worklist. But without reproducer we can't prove it.
2014-04-16

I attached replay and hs_err files from Kitchensink test.
2014-04-16

I think the problem here is we did not finished processing control nodes for dead path where this load nodes are located. Note, non of these nodes are on dean_node_list yet. There is no output from next statements: tty->print_cr("===== NULL+offs not RAW address ====="); if (C->is_dead_node(this->_idx)) tty->print_cr("'this' is dead"); if ((ctl != NULL) && C->is_dead_node(ctl->_idx)) tty->print_cr("'ctl' is dead"); if (C->is_dead_node(mem->_idx)) tty->print_cr("'mem' is dead"); if (C->is_dead_node(address->_idx)) tty->print_cr("'address' is dead"); if (C->is_dead_node(base->_idx)) tty->print_cr("'base' is dead"); tty->cr(); base->dump(1);
2014-04-16

For TimeZoneNameProviderTest the code is loading through NULL node: 80 ConP === 0 [[ 81 ... ]] #NULL 3182 AddP === _ 80 80 3183 [[ 3181 ]] 3181 AddP === _ 80 3182 297 [[ 3180 ]] 3180 LoadN === 3246 3239 3181 [[ 3888 ]] phase->type(base): NULL+bot For Kitchensink the code is loading through TOP node for one Phi node's input: 1 Con === 0 [[]] #top 12457 Phi === 12020 1 12501 [[ 12010 ]] #byte[int:>=0]:exact+any * 12010 AddP === _ 1 12457 523 [[ 12009 ]] 12009 LoadB === 11752 7229 12010 [[ 12008 ]] phase->type(base): byte[int:>=0]:exact+any *
2014-04-16

Note Kitchensink failed with 32-bit VM: # Java VM: Java HotSpot(TM) Server VM (25.0-b62-internal-201404011344.ehelin.hs-to-hs-gc-fastdebug mixed mode linux-x86 ) TimeZoneNameProviderTest failed with 64-bit VM: # Java VM: Java HotSpot(TM) 64-Bit Server VM (24.80-b06-internal-201404031456.kwalls.hotspot-fastdebug mixed mode windows-amd64 compressed oops)
2014-04-16

From TimeZoneNameProviderTest.jtr : ===== NULL+offs not RAW address ===== 80 ConP === 0 [[ 81 79 100 99 1735 137 146 145 164 163 182 181 200 199 224 223 267 275 275 1735 383 355 1735 373 1728 1714 1698 1596 1596 1391 1398 442 449 449 449 441 1588 1301 1248 1248 559 1569 1562 1317 3852 1518 651 658 658 658 677 684 1518 790 712 719 719 1510 757 764 2160 3719 1398 847 847 869 1991 907 949 1492 981 1459 1223 1097 1104 1128 1485 1466 1177 1177 1194 1204 1466 2054 2058 2067 2071 2073 2075 2077 2079 2081 2186 2149 2237 2167 2307 2511 2501 2149 2502 2506 2505 2504 2503 2870 3288 2653 2657 2659 3107 3105 3101 2667 2710 3238 3115 3808 3806 3850 3182 3182 3815 3814 3223 3288 3236 3271 3181 3816 3813 3812 3811 3810 3809 2811 2800 2724 2710 3859 3858 3857 3856 3855 3854 3853 ]] #NULL 297 ConL === 0 [[ 1630 302 1624 818 961 1264 1273 1341 1350 1552 1549 2138 2186 2132 2688 2701 3181 3166 3172 ]] #long:16 3182 AddP === _ 80 80 3183 [[ 3181 ]] !orig=819 !jvms: TimeZoneNameProviderTest::test1 @ bci:216 80 ConP === 0 [[ 81 79 100 99 1735 137 146 145 164 163 182 181 200 199 224 223 267 275 275 1735 383 355 1735 373 1728 1714 1698 1596 1596 1391 1398 442 449 449 449 441 1588 1301 1248 1248 559 1569 1562 1317 3852 1518 651 658 658 658 677 684 1518 790 712 719 719 1510 757 764 2160 3719 1398 847 847 869 1991 907 949 1492 981 1459 1223 1097 1104 1128 1485 1466 1177 1177 1194 1204 1466 2054 2058 2067 2071 2073 2075 2077 2079 2081 2186 2149 2237 2167 2307 2511 2501 2149 2502 2506 2505 2504 2503 2870 3288 2653 2657 2659 3107 3105 3101 2667 2710 3238 3115 3808 3806 3850 3182 3182 3815 3814 3223 3288 3236 3271 3181 3816 3813 3812 3811 3810 3809 2811 2800 2724 2710 3859 3858 3857 3856 3855 3854 3853 ]] #NULL 3286 Proj === 3288 [[ 3131 3236 3239 3559 3560 3561 ]] #2 Memory: @BotPTR *+bot, idx=Bot; !orig=687 !jvms: TimeZoneNameProviderTest::test1 @ bci:168 3234 Proj === 3236 [[ 3239 3497 ]] #2 Memory: @BotPTR *+bot, idx=Bot; !orig=772 !jvms: TimeZoneNameProviderTest::test1 @ bci:199 3244 Region === 3244 3242 3295 [[ 3238 3239 3135 3244 3245 3289 ]] !orig=711,[1902],[799] !jvms: TimeZoneNameProviderTest::test1 @ bci:204 3245 If === 3244 3133 [[ 3246 3376 ]] P=0.999999, C=-1.000000 !orig=807 !jvms: TimeZoneNameProviderTest::test1 @ bci:216 3181 AddP === _ 80 3182 297 [[ 3180 ]] !orig=818 !jvms: TimeZoneNameProviderTest::test1 @ bci:216 3239 Phi === 3244 3234 3286 [[ 3465 3180 3509 3463 3464 3165 3170 3174 3215 3271 3282 3462 ]] #memory Memory: @BotPTR *+bot, idx=Bot; !orig=788,[2484] !jvms: TimeZoneNameProviderTest::test1 @ bci:204 3246 IfTrue === 3245 [[ 3180 3255 ]] #1 !orig=808,[827] !jvms: TimeZoneNameProviderTest::test1 @ bci:216 3180 LoadN === 3246 3239 3181 [[ 3888 ]] @narrowoop: java/lang/Object *[int:>=0]+any * [narrow], idx=8; #narrowoop: java/lang/String:exact * !orig=820,[2613] !jvms: TimeZoneNameProviderTest::test1 @ bci:216 this->adr_type(): NULL+bot phase->type(address): NULL+bot phase->type(base): NULL+bot
2014-04-16

C2 has additional output for this failure. From Kitchensink server.log: ===== NULL+offs not RAW address ===== 1 Con === 0 [[]] #top 523 ConI === 0 [[ 524 9563 588 9159 751 773 1066 12078 13105 1303 8184 8135 1482 1636 4702 12161 1862 7877 7856 2039 2228 2454 11975 12157 12238 2766 2828 12234 4296 7520 12136 3036 3166 3188 7458 12196 7166 13103 6689 6512 3348 6206 3352 3452 6054 3501 5877 12010 12052 ]] #int:12 12457 Phi === 12020 1 12501 [[ 12010 ]] #byte[int:>=0]:exact+any * !orig=[12422],[12011],[7618] !jvms: Name::equals @ bci:15 Name::fromUtf @ bci:52 Name::subName @ bci:27 Convert::packagePart @ bci:8 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 7226 CallStaticJava === 7106 7086 7087 8 1 ( 1 2519 1 1 1 1 1 1 1 1 1 1 1 12 1 1 1 10 10 362 1 1 10 362 1 1 1 1 1 48 1 1 1 1 1 37 ) [[ 7227 7228 7229 7231 ]] # Static com.sun.tools.javac.util.Name::lastIndexOf int ( com/sun/tools/javac/util/Name:NotNull *, byte ) Convert::packagePart @ bci:5 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 !jvms: Convert::packagePart @ bci:5 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 11751 If === 11749 11762 [[ 11752 11753 ]] P=0.999999, C=-1.000000 !orig=7559 !jvms: Name::equals @ bci:10 Name::fromUtf @ bci:52 Name::subName @ bci:27 Convert::packagePart @ bci:8 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 12010 AddP === _ 1 12457 523 [[ 12009 ]] !orig=7617 !jvms: Name::equals @ bci:15 Name::fromUtf @ bci:52 Name::subName @ bci:27 Convert::packagePart @ bci:8 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 7229 Proj === 7226 [[ 9846 9845 9844 9843 8279 11918 7460 12051 7271 12009 8278 8276 9845 7739 7327 7339 7495 7483 11974 8272 11894 7436 7451 7531 7697 7563 8044 7619 8274 7785 8030 7575 7696 8277 7521 8275 7777 7765 8273 7752 7971 7970 ]] #2 Memory: @BotPTR *+bot, idx=Bot; !orig=[7317],[7347] !jvms: Convert::packagePart @ bci:5 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 11752 IfTrue === 11751 [[ 11763 7619 11974 12009 12051 ]] #1 12009 LoadB === 11752 7229 12010 [[ 12008 ]] @byte[int:>=0]:exact+any *, idx=36; #byte !orig=7619 !jvms: Name::equals @ bci:15 Name::fromUtf @ bci:52 Name::subName @ bci:27 Convert::packagePart @ bci:8 ClassReader::enterClass @ bci:69 ClassReader::enterClass @ bci:24 Types::unboxedType @ bci:42 Types::isConvertible @ bci:60 Types::isAssignable @ bci:196 Types::covariantReturnType @ bci:37 this->adr_type(): byte[int:>=0]:exact+any * phase->type(address): byte[int:>=0]:exact+any * phase->type(base): byte[int:>=0]:exact+any *
2014-04-16

ILW=Crash, several times recently, none=HMH=P1
2014-04-09

Also happend in GC nightly.
2014-04-09

Seems to be a follow-up issue from JDK-8038785. This must either be fixed, or we need to roll out the JDK 6 fix (if this happens in JDK 6 that is)
2014-04-07