1.9.0-ea-b64 regression (AIOOB thrown where it shouldn't be thrown)

Sun May 24 07:23:11 UTC 2015

Hello again,

The bug repro code is at the link below:
http://download.carrotsearch.com/jvm/repro.zip

Definitely something with the compilation because disabling loop
unrolling (or running in interpreted mode) doesn't trigger the bug.
More information (also included in README.txt) quoted below.

Dawid

Expected behavior:
  The code should re-read the gz2 resource, looping and printing (infinitely):
  Round...
  Round...
  Round...

Actual behavior (64-Bit Server VM, build 1.9.0-ea-b64, mixed mode):
  Round...
  Round...
  Round...
  Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 314297
          at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.setupBlock(BZip2CompressorInputStream.java:820)
          at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:136)
          at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:111)
          at bug.Repro.main(Repro.java:15)

Notes
-----

- Self contained maven project (copied commons compress sources so that one can
  tweak them if needed). An additional bz2 resource is needed (included).
- Build with:
  mvn package
- Run with:
  java -jar target/Repro-0.0.0.jar
- Running in interpreted mode does *not* cause any error:
  java -Xint -jar target/Repro-0.0.0.jar
- Running without loop unrolls does *not* cause any error:
  java -Xbatch -XX:LoopUnrollLimit=0 -jar target/Repro-0.0.0.jar

On Sat, May 23, 2015 at 9:58 PM, Dawid Weiss <dawid.weiss at gmail.com> wrote:
> Good news. I have a repro that crashes for me every time and it only
> contains open-source code (and some data). Bad news: it's probably a
> compiler bug because everything works just fine with -Xint.
>
> I'll put it together into a repro tomorrow, hopefully, and will ask
> somebody with the right permission to file an issue in Jira. Should be
> relatively easy to narrow it down by bisecting hs repo commits.
>
> Dawid
>
> On Sat, May 23, 2015 at 2:19 PM, Dawid Weiss
> <dawid.weiss at carrotsearch.com> wrote:
>> Hi Rory, everyone,
>>
>> I've ran into an issue with a suspicious ArrayIndexOutOfBounds on ea
>> builds of JDK 1.9.0. Here's some context:
>>
>> - we run separate builds for 1.7, 1.8 and 1.9ea VMs and only the 1.9
>> build currently fails (Windows, Linux environments, 64-bit),
>>
>> - the bug/ issue is a suspicious AIOOB on:
>>
>> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.setupBlock(BZip2CompressorInputStream.java:820)
>>
>> which happens to be the line of code inside this for loop:
>>
>>         for (int i = 0, lastShadow = this.last; i <= lastShadow; i++) {
>>             tt[cftab[ll8[i] & 0xff]++] = i;
>>         }
>>
>> Which array access this is exactly is hard to tell, but the *same*
>> bzip input file does not produce the error on any other JVM (or an
>> earlier releases of 1.9ea). This code is deterministic in the test
>> that uses the above routine.
>>
>> - the problem *only* appears from 1.9ea_b64; on earlier releases the
>> same code passes just fine (bisected it back from b45),
>>
>> - I also checked 1.9ea_b65 (which happens to be on the download server
>> but wasn't properly announced yet?). The problem persists.
>>
>> - the problem does reproduce on the build server (Windows and Linux).
>> Interestingly, I couldn't reproduce it locally. The code is
>> proprietary, I couldn't narrow it down yet to something that would
>> reproduce (sigh).
>>
>> I realize this is insufficient information to get started, but perhaps
>> this issue is already known or somebody may have a clue at what is
>> going on (CCing hotspot-compiler-dev)?
>>
>> Dawid