Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MathLoadTest_bigdecimal_CS crash Illegal instruction vmState=0x00000000 Compiled_method=java/lang/Class.getConstructor([Ljava/lang/Class;)Ljava/lang/reflect/Constructor; #19525

Closed
pshipton opened this issue May 21, 2024 · 11 comments
Closed

MathLoadTest_bigdecimal_CS crash Illegal instruction vmState=0x00000000 Compiled_method=java/lang/Class.getConstructor([Ljava/lang/Class;)Ljava/lang/reflect/Constructor; #19525

pshipton opened this issue May 21, 2024 · 11 comments
Labels
arch:aarch64 comp:jit test failure

Comments

@pshipton
Copy link
Member

https://openj9-jenkins.osuosl.org/job/Test_openjdk17_j9_sanity.system_aarch64_mac_Nightly_testList_1/500
MathLoadTest_bigdecimal_CS_5m_0 -Xgcpolicy:gencon -Xgc:concurrentScavenge

https://openj9-artifactory.osuosl.org/artifactory/ci-openj9/Test/Test_openjdk17_j9_sanity.system_aarch64_mac_Nightly_testList_1/500/system_test_output.tar.gz

19:37:19  MLT 09:37:18.768 - Starting thread. Suite=0 thread=6
19:37:26  MLT stderr Unhandled exception
19:37:26  MLT stderr Type=Illegal instruction vmState=0x00000000
19:37:26  MLT stderr J9Generic_Signal_Number=00000048 Signal_Number=00000004 Error_Value=00000000 Signal_Code=00000002
19:37:26  MLT stderr Handler1=0000000108822F08 Handler2=0000000104711E74
19:37:26  MLT stderr x0=000000037A3E1E88 x1=0000000000000000 x2=00000002800097C0 x3=000000000000001D
19:37:26  MLT stderr x4=000000000000002D x5=0000000000000000 x6=000000028129E218 x7=0000000000000000
19:37:26  MLT stderr x8=000000037A3E1E88 x9=000000000000002D x10=0000000000000074 x11=000000037A3E1FE0
19:37:26  MLT stderr x12=0000000000000010 x13=0000000000000015 x14=000000037A3E1FC8 x15=0000000000000000
19:37:26  MLT stderr x16=0000000108D58218 x17=00000001FF7F5AB0 x18=000000016C92ED00 x19=000000012C17EB00
19:37:26  MLT stderr x20=000000012C187E10 x21=000000012C188278 x22=0000000000000000 x23=000000012C188278
19:37:26  MLT stderr x24=000000012C188278 x25=000000000000002D x26=000000012C188278 x27=0000000000000015
19:37:26  MLT stderr x28=0000000000000014 x29(FP)=0000000138D0FB10 x30(LR)=0000000117FA4910 x31(SP)=000000016C92E840
19:37:26  MLT stderr PC=0000000117FA4B3C SP=000000016C92E840
19:37:26  MLT stderr v0=6c2e6176616a4c28 (f: 1634356224.000000, d: 1.278453e+213)
19:37:26  MLT stderr v1=0000000139048df0 (f: 956599808.000000, d: 2.594619e-314)
19:37:26  MLT stderr v2=000000016c92eab8 (f: 1821567616.000000, d: 3.021970e-314)
19:37:26  MLT stderr v3=000000028024a978 (f: 2149886208.000000, d: 5.306177e-314)
19:37:26  MLT stderr v4=4033000000000000 (f: 0.000000, d: 1.900000e+01)
19:37:26  MLT stderr v5=3ff0000000000000 (f: 0.000000, d: 1.000000e+00)
19:37:26  MLT stderr v6=3fd2495cadd90449 (f: 2916680704.000000, d: 2.857277e-01)
19:37:26  MLT stderr v7=3fe5555555555593 (f: 1431655808.000000, d: 6.666667e-01)
19:37:26  MLT stderr v8=000003c10000745f (f: 29791.000000, d: 2.039238e-311)
19:37:26  MLT stderr v9=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v10=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v11=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v12=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v13=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v14=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v15=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v16=bfd0000000000000 (f: 0.000000, d: -2.500000e-01)
19:37:26  MLT stderr v17=3fd53d8905fce455 (f: 100459608.000000, d: 3.318808e-01)
19:37:26  MLT stderr v18=3f77baae070604d0 (f: 117834960.000000, d: 5.793266e-03)
19:37:26  MLT stderr v19=3fe62e42fefa39ef (f: 4277811712.000000, d: 6.931472e-01)
19:37:26  MLT stderr v20=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v21=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v22=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v23=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v24=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v25=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v26=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v27=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v28=0000000000000000 (f: 0.000000, d: 0.000000e+00)
19:37:26  MLT stderr v29=400aaaaaaaaaaaab (f: 2863311616.000000, d: 3.333333e+00)
19:37:26  MLT stderr v30=616c2e6176616a4c (f: 1986095744.000000, d: 1.981011e+161)
19:37:26  MLT stderr v31=76616a283e74696e (f: 1047816576.000000, d: 1.713648e+262)
19:37:26  MLT stderr 
19:37:26  MLT stderr Compiled_method=java/lang/Class.getConstructor([Ljava/lang/Class;)Ljava/lang/reflect/Constructor;
19:37:26  MLT stderr Target=2_90_20240518_573 (Mac OS X 11.7.1)
19:37:26  MLT stderr CPU=aarch64 (8 logical CPUs) (0x400000000 RAM)
19:37:26  MLT stderr ----------- Stack Backtrace -----------
19:37:26  MLT stderr ---------------------------------------
@pshipton
Copy link
Member Author

@knn-k fyi

@JasonFengJ9
Copy link
Member

JDK17 aarch64_mac(macaarch64rt5)

[2024-05-21T02:51:32.924Z] variation: Mode101
[2024-05-21T02:51:32.924Z] JVM_OPTIONS:  -Xjit -Xgcpolicy:optthruput -Xnocompressedrefs 

[2024-05-21T02:51:35.193Z] java version "17.0.12-beta" 2024-07-16
[2024-05-21T02:51:35.193Z] IBM Semeru Runtime Certified Edition 17.0.12+3-202405202303 (build 17.0.12-beta+3-202405202303)
[2024-05-21T02:51:35.193Z] Eclipse OpenJ9 VM 17.0.12+3-202405202303 (build master-2da7e0a283, JRE 17 Mac OS X aarch64-64-Bit 20240520_562 (JIT enabled, AOT enabled)
[2024-05-21T02:51:35.193Z] OpenJ9   - 2da7e0a283
[2024-05-21T02:51:35.193Z] OMR      - 76296e11f
[2024-05-21T02:51:35.193Z] JCL      - 3ce367f804 based on jdk-17.0.12+3)

[2024-05-21T02:51:44.619Z] MLT stderr Unhandled exception
[2024-05-21T02:51:44.619Z] MLT stderr Type=Illegal instruction vmState=0x00000000
[2024-05-21T02:51:44.619Z] MLT stderr J9Generic_Signal_Number=00000048 Signal_Number=00000004 Error_Value=00000000 Signal_Code=00000002
[2024-05-21T02:51:44.619Z] MLT stderr Handler1=0000000100886A88 Handler2=0000000100A6CD94
[2024-05-21T02:51:44.619Z] MLT stderr x0=000000028000F230 x1=0000000299DF34B8 x2=000000000000001D x3=0000000122934CF0
[2024-05-21T02:51:44.619Z] MLT stderr x4=0000000000000000 x5=0000000122934CF0 x6=0000000122934CF0 x7=0000000122934CF0
[2024-05-21T02:51:44.619Z] MLT stderr x8=000000000000002D x9=0000000000000000 x10=0000000299DF3610 x11=0000000299DF35C8
[2024-05-21T02:51:44.619Z] MLT stderr x12=0000000000000010 x13=0000000000000015 x14=0000000299DF35F8 x15=0000000000000000
[2024-05-21T02:51:44.619Z] MLT stderr x16=00000001052A4CB8 x17=00000001F5539AB0 x18=000000017056AD00 x19=0000000122148900
[2024-05-21T02:51:44.619Z] MLT stderr x20=0000000122934880 x21=00000002805F7108 x22=000000000000002D x23=0000000122934CD0
[2024-05-21T02:51:44.619Z] MLT stderr x24=0000000122934CD0 x25=000000000000002D x26=0000000000000028 x27=0000000000000015
[2024-05-21T02:51:44.619Z] MLT stderr x28=0000000299DF35A0 x29(FP)=0000000128E0FB10 x30(LR)=00000001309BCF5C x31(SP)=000000017056A840
[2024-05-21T02:51:44.619Z] MLT stderr PC=00000001309BD0A4 SP=000000017056A840
[2024-05-21T02:51:44.619Z] MLT stderr v0=6c2e6176616a4c28 (f: 1634356224.000000, d: 1.278453e+213)
[2024-05-21T02:51:44.619Z] MLT stderr v1=000000016030f568 (f: 1613821312.000000, d: 2.919329e-314)
[2024-05-21T02:51:44.619Z] MLT stderr v2=000000017056aab8 (f: 1884727936.000000, d: 3.053175e-314)
[2024-05-21T02:51:44.619Z] MLT stderr v3=3dea39ef35793c76 (f: 897137792.000000, d: 1.908215e-10)
[2024-05-21T02:51:44.619Z] MLT stderr v4=3ce2cf03efe312dc (f: 4024636160.000000, d: 2.088180e-15)
[2024-05-21T02:51:44.619Z] MLT stderr v5=3ff0000000000000 (f: 0.000000, d: 1.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v6=bd803323f5b53b23 (f: 4122295040.000000, d: -1.841700e-12)
[2024-05-21T02:51:44.619Z] MLT stderr v7=bfadde2d52defd9a (f: 1390345600.000000, d: -5.833570e-02)
[2024-05-21T02:51:44.619Z] MLT stderr v8=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v9=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v10=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v11=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v12=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v13=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v14=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v15=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v16=bfd0000000000000 (f: 0.000000, d: -2.500000e-01)
[2024-05-21T02:51:44.619Z] MLT stderr v17=3fd55b800ff9d555 (f: 268031312.000000, d: 3.337097e-01)
[2024-05-21T02:51:44.619Z] MLT stderr v18=bf58afacc73fa48d (f: 3342836992.000000, d: -1.506728e-03)
[2024-05-21T02:51:44.619Z] MLT stderr v19=3fe62e42fefa39ef (f: 4277811712.000000, d: 6.931472e-01)
[2024-05-21T02:51:44.619Z] MLT stderr v20=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v21=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v22=0000000000000000 (f: 0.000000, d: 0.000000e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v23=7fefffffffffffff (f: 4294967296.000000, d: 1.797693e+308)
[2024-05-21T02:51:44.619Z] MLT stderr v24=bfb16872b03ff0cf (f: 2956980480.000000, d: -6.800000e-02)
[2024-05-21T02:51:44.619Z] MLT stderr v25=c1150fb645a1cac1 (f: 1168231168.000000, d: -3.450696e+05)
[2024-05-21T02:51:44.619Z] MLT stderr v26=bc90000000000000 (f: 0.000000, d: -5.551115e-17)
[2024-05-21T02:51:44.619Z] MLT stderr v27=4090000000000000 (f: 0.000000, d: 1.024000e+03)
[2024-05-21T02:51:44.619Z] MLT stderr v28=c1150fb600000000 (f: 0.000000, d: -3.450695e+05)
[2024-05-21T02:51:44.619Z] MLT stderr v29=400aaaaaaaaaaaab (f: 2863311616.000000, d: 3.333333e+00)
[2024-05-21T02:51:44.619Z] MLT stderr v30=616c2e6176616a4c (f: 1986095744.000000, d: 1.981011e+161)
[2024-05-21T02:51:44.619Z] MLT stderr v31=69622e747365742e (f: 1936028672.000000, d: 4.349066e+199)
[2024-05-21T02:51:44.619Z] MLT stderr 
[2024-05-21T02:51:44.619Z] MLT stderr Compiled_method=java/lang/Class.getConstructor([Ljava/lang/Class;)Ljava/lang/reflect/Constructor;
[2024-05-21T02:51:44.619Z] MLT stderr Target=2_90_20240520_562 (Mac OS X 11.4)
[2024-05-21T02:51:44.619Z] MLT stderr CPU=aarch64 (8 logical CPUs) (0x400000000 RAM)
[2024-05-21T02:51:44.619Z] MLT stderr ----------- Stack Backtrace -----------
[2024-05-21T02:51:44.619Z] MLT stderr ---------------------------------------
[2024-05-21T02:51:44.619Z] MLT stderr JVMDUMP039I Processing dump event "gpf", detail "" at 2024/05/20 22:51:43 - please wait.

[2024-05-21T02:51:59.045Z] MathLoadTest_all_special_5m_0_FAILED

@knn-k
Copy link
Contributor

knn-k commented May 22, 2024

The illegal instruction and the instructions around it:

(lldb) x/20i 0x117FA4B10
    0x117fa4b10: 0xb900f699   str    w25, [x20, #0xf4]
    0x117fa4b14: 0x7100007f   cmp    w3, #0x0
    0x117fa4b18: 0xaa1a03f8   mov    x24, x26
    0x117fa4b1c: 0xaa1a03f7   mov    x23, x26
    0x117fa4b20: 0xaa1a03f5   mov    x21, x26
    0x117fa4b24: 0x5401c84d   b.le   0x117fa842c
    0x117fa4b28: 0xb901aa89   str    w9, [x20, #0x1a8]
    0x117fa4b2c: 0xf904ae9a   str    x26, [x20, #0x958]
    0x117fa4b30: 0xf9043e9a   str    x26, [x20, #0x878]
    0x117fa4b34: 0xf9062a8b   str    x11, [x20, #0xc50]
    0x117fa4b38: 0xb901ba8c   str    w12, [x20, #0x1b8]
    0x117fa4b3c: 0x53207f29   .long  0x53207f29                ; unknown opcode <- PC points to this instruction
    0x117fa4b40: 0x4b0c0129   sub    w9, w9, w12
    0x117fa4b44: 0x5280004a   mov    w10, #0x2
    0x117fa4b48: 0x0b0a018a   add    w10, w12, w10
    0x117fa4b4c: 0x6b0a013f   cmp    w9, w10
    0x117fa4b50: 0x1a8ac123   csel   w3, w9, w10, gt
    0x117fa4b54: 0x0b03018f   add    w15, w12, w3
    0x117fa4b58: 0x710001ff   cmp    w15, #0x0
    0x117fa4b5c: 0xaa0b03fb   mov    x27, x11

0x53207f29 at the PC address looks like a 32-bit variant of the ubfm instruction, but its immr field (rotate amount, bits 16-21) is 32, which is beyond the limit for the 32-bit variant, thus illegal instruction.
I need to know the IL for this instruction. Perhaps a logical shift right for a 32-bit integer.

@knn-k
Copy link
Contributor

knn-k commented May 22, 2024

30x Grinder for MathLoadTest_bigdecimal_CS_5m_0 failed twice: https://openj9-jenkins.osuosl.org/job/Grinder/3616/

@knn-k
Copy link
Contributor

knn-k commented May 22, 2024
edited

I reproduced the failure locally. It was an ishl node with shift amount 0.

 n73616n  (  0)  treetop                                                        
                      [       0x12b14d250] bci=[191,12,255] rc=0 vc=8 vn=- li=3696 udi=- nc=1
 n73617n  (  1)    ishl (in GPR_4672)                                           
                      [       0x12b14d2a0] bci=[191,11,255] rc=1 vc=8 vn=- li=3696 udi=38240 nc=2
 n73591n  (  1)      ==>iadd (in GPR_4663)
 n73736n  (  2)      ==>iconst 0 (X==0 X>=0 X<=0 )

@knn-k
Copy link
Contributor

knn-k commented May 23, 2024

I opened eclipse/omr#7343 as a fix for AArch64 codegen.
It is still unclear why the optimizer leaves a shift node with shift amount 0.

@knn-k knn-k mentioned this issue May 23, 2024
Merged
@0xdaryl
Copy link
Contributor

0xdaryl commented May 23, 2024

Can you put this into 0.46 as well please? It is small and safe.

@knn-k
Copy link
Contributor

knn-k commented May 23, 2024

I opened eclipse-openj9/openj9-omr#201 for v0.46.
I will keep it in the draft state for a while.

@knn-k
Copy link
Contributor

knn-k commented May 27, 2024

The PR for v0.46 is ready for review.
It is three days since the fix commit has promoted in the openj9 branch of the openj9-omr repository.

On the other hand, I tried to generate a JIT trace file for the ishl 0 node locally, but I haven't been able to get it.
I took the IL node in #19525 (comment) from a traceCG file, and I cannot see the IL optimization steps with it.

@knn-k
Copy link
Contributor

knn-k commented May 28, 2024

Other examples of ishl nodes that should have been optimized, from the same trace file for java/lang/Class.getConstructor([Ljava/lang/Class;)Ljava/lang/reflect/Constructor; at the scorching level:

------------------------------
 n73622n  (  0)  iRegStore x8  (privatizedInlinerArg )                                                [       0x12b14d430] bci=[191,28,257] rc=0 vc=8 vn=- li=3696 udi=- nc=1 flg=0x2000
 n73623n  (  5)    iadd                                                                               [       0x12b14d480] bci=[191,28,257] rc=5 vc=8 vn=- li=3696 udi=- nc=2
 n73624n  (  1)      ishl                                                                             [       0x12b14d4d0] bci=[191,27,257] rc=1 vc=8 vn=- li=3696 udi=- nc=2
 n73625n  (  1)        iconst 2 (X!=0 X>=0 )                                                          [       0x12b14d520] bci=[191,22,257] rc=1 vc=8 vn=- li=3696 udi=- nc=0 flg=0x104
 n73736n  (  2)        ==>iconst 0 (X==0 X>=0 X<=0 )
 n73595n  (  5)      ==>iloadi (in GPR_4664) (X>=0 cannotOverflow )
------------------------------

Node n73624n shifts a constant 2 by 0 bits.

This generated the following instructions:
movzw	w8, 0x0002
addw	w8, w11, w8 lsl 0

It can be simplified as:
addimmw	w8, w11, 2

------------------------------
 n73170n  (  0)  ArrayCopyBNDCHK [#1]                                                                 [       0x12b1446f0] bci=[200,16,5251] rc=0 vc=8 vn=- li=3664 udi=- nc=2
 n73171n  (  3)    ishl                                                                               [       0x12b144740] bci=[200,16,5251] rc=3 vc=8 vn=- li=3664 udi=- nc=2
 n73169n  (  3)      ==>iconst 0 (X==0 X>=0 X<=0 )
 n73150n  (  4)      ==>iloadi (in GPR_4865) (cannotOverflow )
 n73169n  (  3)    ==>iconst 0 (X==0 X>=0 X<=0 )
------------------------------

Result of shifting a constant 0 (n73171n) is always 0.
ArrayCopyBNDCHK (n73170n) compares it against 0.

This generated the following instructions:
movzw	w6, 0
lslvw	w7, w6, w11
cmpimmw	w7, 0

@knn-k knn-k mentioned this issue May 30, 2024
Open
@knn-k
Copy link
Contributor

knn-k commented May 30, 2024

AArch64-specific issue has been fixed, and the fix has been delivered also to v0.46. This issue can be closed now.

I opened Issue #19576 to separate the JIT IL issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
arch:aarch64 comp:jit test failure
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@0xdaryl @JasonFengJ9 @pshipton @knn-k