Causing jvm crash when entering C2 compiling when using panama memaccess on macos

刘希晨 benrush0705 at gmail.com
Fri Aug 18 13:43:20 UTC 2023 

Hi guys, I came into a jvm crash problem when using native memory access
when on my macbook with m1 pro, here is the minimum reproducible codes:

public class CrashExample {
    private static final VarHandle byteHandle =
MethodHandles.memorySegmentViewVarHandle(ValueLayout.JAVA_BYTE);
    private static final long len = 100;
    private static final byte CR = (byte) '\r';
    private static final byte LF = (byte) '\n';

    public static void main(String[] args) {
        for(int round = 0; round < 1000; round++) {
            try(Arena arena = Arena.ofConfined()) {
                MemorySegment memorySegment =
arena.allocateArray(ValueLayout.JAVA_BYTE, len);
                for(int i = 0; i < 100000; i++) {
                    int index = i % 99;
                    byteHandle.set(memorySegment, index, CR);
                    byteHandle.set(memorySegment, index + 1, LF);
                    byte[] bytes = readUntil(memorySegment, CR, LF);
                }
            }
        }
    }

    private static byte[] readUntil(MemorySegment segment, byte... separators) {
        for(long cur = 0; cur <= segment.byteSize() -
separators.length; cur++) {
            if(matches(segment, cur, separators)) {
                return segment.asSlice(0, cur).toArray(ValueLayout.JAVA_BYTE);
            }
        }
        return null;
    }

    public static boolean matches(MemorySegment m, long offset, byte[] bytes) {
        for(int index = 0; index < bytes.length; index++) {
            if ((byte) byteHandle.get(m, offset + index) != bytes[index]) {
                return false;
            }
        }
        return true;
    }
}


the matches() method try to judge if the memorysegment has the same content
as bytes from offset index, the readUntil() method try to traverse the
memorysegment until it finds the target separators, return the bytes it has
traversed.

in the main() method,  readUntil() method was tested multiple times to
reach the C2 compiler, then it will cause the JVM to crash.

Here is what I have find out:
1. Calling readUntil() method with a single byte will not cause the JVM to
crash ( In our example, CR and LF were used, so there are two bytes)
2. On Windows and Linux, it works well, this example will only crash on
MacOS, I don't know if x64 or arm CPU makes a difference, since I only have
a arm-based macbook
3. It will only crash when entering C2 compiler phase, when the methods are
not called so much times, they behave normally
4. crash seems to always happen in the # V [libjvm.dylib+0x139a2c]
AddNode::IdealIL(PhaseGVN*, bool, BasicType)+0x48 or # V [libjvm.dylib+
0x958270] SubLNode::Ideal(PhaseGVN*, bool)+0xfc

I have attached the crash report to the mail, I don't know if it's a
problem about C2 compiler or Panama memaccess, cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/panama-dev/attachments/20230818/25ad0ab2/attachment.htm>

More information about the panama-dev mailing list