RFR: JDK-8272570: C2: crash in PhaseCFG::global_code_motion

王超 github.com+25214855+casparcwang at openjdk.java.net
Tue Aug 17 11:45:49 UTC 2021 

In PhaseCFG::global_code_motion, it allocate recalc_pressure_nodes array. condition is at least one block has more than 10 nodes:

  if (OptoRegScheduling) {
    for (uint i = 0; i < number_of_blocks(); i++) {
      Block* block = get_block(i);
      if (block->number_of_nodes() > 10) {
        block_size_threshold_ok = true;
        break;
      }
    }
  }


In PhaseCFG::select, it uses recalc_pressure_nodes array, if block's node exceed 10:

bool block_size_threshold_ok = (block->number_of_nodes() > 10) ? true : false;


In this case, block#4's node size is 10 at GCM begin, but increased to 11 later. PhaseCFG::select use null recalc_pressure_nodes array, this leads to crash.

# --- schedule_local B4, before: ---
#   31: Region              31    6
#   22: MergeMem          NULL    0   17    0   23   25 NULL NULL
#   25: storeImmB            3   17   24 NULL
#   23: storeImmB            3   17   24 NULL
#    3: MachProj             4
#    4: CallLeafDirect      31    0   17   18    0   19    0 NULL
#    5: MachProj             4
#   19: loadConD          NULL   20 NULL NULL
#   20: MachConstantBaseNode   11 NULL NULL NULL
#    2: Ret                  3   21   22   18   26 NULL NULL NULL
#
#   ready cnt: -2  latency:  0    31: Region
#   ready cnt:  2  latency:  0    22: MergeMem
#   ready cnt:  1  latency:  0    25: storeImmB
#   ready cnt:  1  latency:  0    23: storeImmB
#   ready cnt:  1  latency:  0     3: MachProj
#   ready cnt:  1  latency:  0     4: CallLeafDirect
#   ready cnt:  1  latency:  0     5: MachProj
#   ready cnt:  1  latency:  0    19: loadConD
#   ready cnt:  0  latency:  0    20: MachConstantBaseNode
#   ready cnt:  0  latency:  0     2: Ret
#   ready list: 20
#    select 20: MachConstantBaseNode, latency:0 20  MachConstantBaseNode  ===  11  [[ 19 ]] 
#   ready list: 19
#    select 19: loadConD, latency:0 19  loadConD  === _  20  [[ 4 ]] dblcon:1.000000
#   ready list: 4
#    select 4: CallLeafDirect, latency:0 4  CallLeafDirect  ===  31  0  17  18  0  19  0  [[ 5  3 ]] dtan # double/half ( double, half ) !jvms: SDD0::foo @ bci:23 (line 10)
#   ready list: 23 25
select node_size # B4, 11
#   31: Region              31    6
#   20: MachConstantBaseNode   11 NULL NULL NULL
#   19: loadConD          NULL   20 NULL NULL
#    4: CallLeafDirect      31    0   17   18    0   19    0 NULL
#    5: MachProj             4
#    3: MachProj             4
#   35: MachProj             4
#    5: MachProj             4
#   19: loadConD          NULL   20 NULL NULL
#   20: MachConstantBaseNode   11 NULL NULL NULL
#    2: Ret                  3   21   22   18   26 NULL NULL NULL
#
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f14bf3ccf81, pid=31936, tid=31949

-------------

Commit messages:
 - Add test
 - Fix nullptr in lcm

Changes: https://git.openjdk.java.net/jdk/pull/5140/files
 Webrev: https://webrevs.openjdk.java.net/?repo=jdk&pr=5140&range=00
  Issue: https://bugs.openjdk.java.net/browse/JDK-8272570
  Stats: 56 lines in 2 files changed: 54 ins; 0 del; 2 mod
  Patch: https://git.openjdk.java.net/jdk/pull/5140.diff
  Fetch: git fetch https://git.openjdk.java.net/jdk pull/5140/head:pull/5140

PR: https://git.openjdk.java.net/jdk/pull/5140

More information about the hotspot-compiler-dev mailing list