RFR: 8360175: C2 crash: assert(edge_from_to(prior_use,n)) failed: before block local scheduling

Manuel Hässig mhaessig at openjdk.org
Mon Jul 7 10:29:54 UTC 2025 

The triggered assert is part of the schedule verification code that runs just before machine code is emitted. The debug output showed that a `leaPCompressedOopOffset` node was causing the assert, which suggested the peephole optimization introduced in #25471 as the cause. The failure proved quite difficult to reproduce. It failed more often on Windows and required `-XX:+UseKNLSetting` (forces code generation for Intel's Knights Landing platform), which forces `-XX:+OptoScheduling`.

The root-cause is a subtle bug in the rewiring of the base edge of `leaP*` nodes in the `remove_redundant_lea` peephole. When the peephole removed a `decodeHeapOop_not_null` including a spill, it did not set the base edge of the `leaP*` node to the same node as the address edge, which is the intent of the peephole, but to the parent node of the spill. That is not catastrophic in most cases, but might reference another register slot, which causes this assert. Concretely, we see the following graph

    MemToRegSpillCopy
     |             |
     |    MemToRegSpillCopy
     |             |    
DefiniinoSpillCopy |
     |             |
     |  decodeHeapOop_not_null
     |             |
   leaPCompressedHeapOop

gets rewired to

     MemToRegSpillCopy
       |            |    
DefinitionSpillCopy |
       |            |
   leaPCompressedHeapOop

instead of

  MemToRegSpillCopy
         |
 DefinitionSpillCopy
        / \     
leaPCompressedHeapOop


This PR fixes this by always setting the base edge of the `leaP*` node to the same node as the address edge. Unfortunately, I was not able to construct a regression test because of the difficulty of reproducing the bug.

# Testing

- [ ] Github Actions
- [x] tier1,tier2 plus internal testing on all Oracle supported platforms
- [x] tier3,tier4,tier5 plus internal testing on Linux and Windows x64
- [ ] Runthese8H on `windows-x64-debug` (test that reliably produced the failure addressed in this PR)

-------------

Commit messages:
 - Fix spill removal in redundant lea peephole

Changes: https://git.openjdk.org/jdk/pull/26157/files
  Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=26157&range=00
  Issue: https://bugs.openjdk.org/browse/JDK-8360175
  Stats: 1 line in 1 file changed: 0 ins; 0 del; 1 mod
  Patch: https://git.openjdk.org/jdk/pull/26157.diff
  Fetch: git fetch https://git.openjdk.org/jdk.git pull/26157/head:pull/26157

PR: https://git.openjdk.org/jdk/pull/26157

More information about the hotspot-compiler-dev mailing list