1.9.0-ea-b64 regression (AIOOB thrown where it shouldn't be thrown)

Rory O'Donnell rory.odonnell at oracle.com
Sun May 24 20:32:09 UTC 2015 

Hi Dawid,

Could you log an incident at bugs.java.com and let us know the incident id.

Thanks, Rory

On 24/05/2015 08:23, Dawid Weiss wrote:
> Hello again,
>
> The bug repro code is at the link below:
> http://download.carrotsearch.com/jvm/repro.zip
>
> Definitely something with the compilation because disabling loop
> unrolling (or running in interpreted mode) doesn't trigger the bug.
> More information (also included in README.txt) quoted below.
>
> Dawid
>
> Expected behavior:
>    The code should re-read the gz2 resource, looping and printing (infinitely):
>    Round...
>    Round...
>    Round...
>
> Actual behavior (64-Bit Server VM, build 1.9.0-ea-b64, mixed mode):
>    Round...
>    Round...
>    Round...
>    Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: 314297
>            at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.setupBlock(BZip2CompressorInputStream.java:820)
>            at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:136)
>            at org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.<init>(BZip2CompressorInputStream.java:111)
>            at bug.Repro.main(Repro.java:15)
>
> Notes
> -----
>
> - Self contained maven project (copied commons compress sources so that one can
>    tweak them if needed). An additional bz2 resource is needed (included).
> - Build with:
>    mvn package
> - Run with:
>    java -jar target/Repro-0.0.0.jar
> - Running in interpreted mode does *not* cause any error:
>    java -Xint -jar target/Repro-0.0.0.jar
> - Running without loop unrolls does *not* cause any error:
>    java -Xbatch -XX:LoopUnrollLimit=0 -jar target/Repro-0.0.0.jar
>
> On Sat, May 23, 2015 at 9:58 PM, Dawid Weiss <dawid.weiss at gmail.com> wrote:
>> Good news. I have a repro that crashes for me every time and it only
>> contains open-source code (and some data). Bad news: it's probably a
>> compiler bug because everything works just fine with -Xint.
>>
>> I'll put it together into a repro tomorrow, hopefully, and will ask
>> somebody with the right permission to file an issue in Jira. Should be
>> relatively easy to narrow it down by bisecting hs repo commits.
>>
>> Dawid
>>
>> On Sat, May 23, 2015 at 2:19 PM, Dawid Weiss
>> <dawid.weiss at carrotsearch.com> wrote:
>>> Hi Rory, everyone,
>>>
>>> I've ran into an issue with a suspicious ArrayIndexOutOfBounds on ea
>>> builds of JDK 1.9.0. Here's some context:
>>>
>>> - we run separate builds for 1.7, 1.8 and 1.9ea VMs and only the 1.9
>>> build currently fails (Windows, Linux environments, 64-bit),
>>>
>>> - the bug/ issue is a suspicious AIOOB on:
>>>
>>> org.apache.commons.compress.compressors.bzip2.BZip2CompressorInputStream.setupBlock(BZip2CompressorInputStream.java:820)
>>>
>>> which happens to be the line of code inside this for loop:
>>>
>>>          for (int i = 0, lastShadow = this.last; i <= lastShadow; i++) {
>>>              tt[cftab[ll8[i] & 0xff]++] = i;
>>>          }
>>>
>>> Which array access this is exactly is hard to tell, but the *same*
>>> bzip input file does not produce the error on any other JVM (or an
>>> earlier releases of 1.9ea). This code is deterministic in the test
>>> that uses the above routine.
>>>
>>> - the problem *only* appears from 1.9ea_b64; on earlier releases the
>>> same code passes just fine (bisected it back from b45),
>>>
>>> - I also checked 1.9ea_b65 (which happens to be on the download server
>>> but wasn't properly announced yet?). The problem persists.
>>>
>>> - the problem does reproduce on the build server (Windows and Linux).
>>> Interestingly, I couldn't reproduce it locally. The code is
>>> proprietary, I couldn't narrow it down yet to something that would
>>> reproduce (sigh).
>>>
>>> I realize this is insufficient information to get started, but perhaps
>>> this issue is already known or somebody may have a clue at what is
>>> going on (CCing hotspot-compiler-dev)?
>>>
>>> Dawid

-- 
Rgds,Rory O'Donnell
Quality Engineering Manager
Oracle EMEA, Dublin,Ireland

More information about the hotspot-compiler-dev mailing list