Integrated: JDK-8272570: C2: crash in PhaseCFG::global_code_motion

王超 github.com+25214855+casparcwang at openjdk.java.net
Wed Aug 25 01:20:33 UTC 2021 

On Tue, 17 Aug 2021 11:28:08 GMT, 王超 <github.com+25214855+casparcwang at openjdk.org> wrote:

> In PhaseCFG::global_code_motion, it allocate recalc_pressure_nodes array. condition is at least one block has more than 10 nodes:
> 
>   if (OptoRegScheduling) {
>     for (uint i = 0; i < number_of_blocks(); i++) {
>       Block* block = get_block(i);
>       if (block->number_of_nodes() > 10) {
>         block_size_threshold_ok = true;
>         break;
>       }
>     }
>   }
> 
> 
> In PhaseCFG::select, it uses recalc_pressure_nodes array, if block's node exceed 10:
> 
> bool block_size_threshold_ok = (block->number_of_nodes() > 10) ? true : false;
> 
> 
> In this case, block#4's node size is 10 at GCM begin, but increased to 11 later. PhaseCFG::select use null recalc_pressure_nodes array, this leads to crash.
> 
> # --- schedule_local B4, before: ---
> #   31: Region              31    6
> #   22: MergeMem          NULL    0   17    0   23   25 NULL NULL
> #   25: storeImmB            3   17   24 NULL
> #   23: storeImmB            3   17   24 NULL
> #    3: MachProj             4
> #    4: CallLeafDirect      31    0   17   18    0   19    0 NULL
> #    5: MachProj             4
> #   19: loadConD          NULL   20 NULL NULL
> #   20: MachConstantBaseNode   11 NULL NULL NULL
> #    2: Ret                  3   21   22   18   26 NULL NULL NULL
> #
> #   ready cnt: -2  latency:  0    31: Region
> #   ready cnt:  2  latency:  0    22: MergeMem
> #   ready cnt:  1  latency:  0    25: storeImmB
> #   ready cnt:  1  latency:  0    23: storeImmB
> #   ready cnt:  1  latency:  0     3: MachProj
> #   ready cnt:  1  latency:  0     4: CallLeafDirect
> #   ready cnt:  1  latency:  0     5: MachProj
> #   ready cnt:  1  latency:  0    19: loadConD
> #   ready cnt:  0  latency:  0    20: MachConstantBaseNode
> #   ready cnt:  0  latency:  0     2: Ret
> #   ready list: 20
> #    select 20: MachConstantBaseNode, latency:0 20  MachConstantBaseNode  ===  11  [[ 19 ]] 
> #   ready list: 19
> #    select 19: loadConD, latency:0 19  loadConD  === _  20  [[ 4 ]] dblcon:1.000000
> #   ready list: 4
> #    select 4: CallLeafDirect, latency:0 4  CallLeafDirect  ===  31  0  17  18  0  19  0  [[ 5  3 ]] dtan # double/half ( double, half ) !jvms: SDD0::foo @ bci:23 (line 10)
> #   ready list: 23 25
> select node_size # B4, 11
> #   31: Region              31    6
> #   20: MachConstantBaseNode   11 NULL NULL NULL
> #   19: loadConD          NULL   20 NULL NULL
> #    4: CallLeafDirect      31    0   17   18    0   19    0 NULL
> #    5: MachProj             4
> #    3: MachProj             4
> #   35: MachProj             4
> #    5: MachProj             4
> #   19: loadConD          NULL   20 NULL NULL
> #   20: MachConstantBaseNode   11 NULL NULL NULL
> #    2: Ret                  3   21   22   18   26 NULL NULL NULL
> #
> #
> # A fatal error has been detected by the Java Runtime Environment:
> #
> #  SIGSEGV (0xb) at pc=0x00007f14bf3ccf81, pid=31936, tid=31949

This pull request has now been integrated.

Changeset: 0f428ca5
Author:    casparcwang <casparcwang at tencent.com>
Committer: Jie Fu <jiefu at openjdk.org>
URL:       https://git.openjdk.java.net/jdk/commit/0f428ca533627e758cdca599d4589f39c21e27b6
Stats:     55 lines in 2 files changed: 53 ins; 0 del; 2 mod

8272570: C2: crash in PhaseCFG::global_code_motion

Co-authored-by: Hui Shi <hshi at openjdk.org>
Reviewed-by: thartmann, rbackman

-------------

PR: https://git.openjdk.java.net/jdk/pull/5140

More information about the hotspot-compiler-dev mailing list