Segfault detected when executing a compiled method

[connglli]

Describe the issue

When running the following test using Graal, Graal crashed with a segmentation fault.

class T {
  void v(int p, byte o, int q) {
    int[] g = {};
    int[] y = {};
    int k = 1214167904;
    try {
      for (int z = 1; z < k; z++) g[z] = y[z + k];
    } catch (Throwable x) {
    } finally {
    }
  }

  void b() {
    for (int i = 2; ; ) v(40049, (byte) 35, i);
  }

  public static void main(String[] g) {
    new T().b();
  }
}

Steps to reproduce the issue

1. javac T.java
2. java -XX:ThreadPriorityPolicy=1 -XX:+UnlockExperimentalVMOptions -XX:+EnableJVMCIProduct -XX:-UnlockExperimentalVMOptions -XX:-BackgroundCompilation -XX:-PrintCompilation --illegal-access=deny T

Describe GraalVM and your environment:

• GraalVM version: GraalVM CE 23.1.0-dev-20230328_0529
• JDK major version: 17
• OS: Ubuntu 20.04.5 LTS
• Architecture: AMD64

More details

From the log, it looks liky the crash occurs because of C1: J 33 c1 T.v(IBI)V. However, there isn't any crash observed if we directly run the test in HotSpot. This is similar to #6350, but the code looks totally different and there're not any OSRs in this example. The following is part of the crash:

#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f2a472483dc, pid=170910, tid=170911
#
# JRE version: OpenJDK Runtime Environment GraalVM CE 23.1.0-dev (17.0.7+4) (build 17.0.7+4-jvmci-23.0-b09)
# Java VM: OpenJDK 64-Bit Server VM GraalVM CE 23.1.0-dev (17.0.7+4-jvmci-23.0-b09, mixed mode, sharing, tiered, jvmci, jvmci compiler, compressed oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# J 33 c1 T.v(IBI)V (57 bytes) @ 0x00007f2a472483dc [0x00007f2a47248240+0x000000000000019c]
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /home/simon/Desktop/test-jitcomp/ax-eval/bugs2/20.graal/mutant/red/ttt/core.170910)
#
# If you would like to submit a bug report, please visit:
#   https://github.com/oracle/graal/issues
#

---------------  S U M M A R Y ------------

Command Line: -XX:ThreadPriorityPolicy=1 -XX:+UnlockExperimentalVMOptions -XX:+EnableJVMCIProduct -XX:-UnlockExperimentalVMOptions -XX:-BackgroundCompilation -XX:-PrintCompilation --illegal-access=deny T

Host: Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz, 8 cores, 31G, Ubuntu 20.04.5 LTS
Time: Mon Apr  3 19:54:32 2023 CST elapsed time: 0.110915 seconds (0d 0h 0m 0s)

---------------  T H R E A D  ---------------

Current thread (0x00007f2a60025920):  JavaThread "main" [_thread_in_Java, id=170911, stack(0x00007f2a66df3000,0x00007f2a66ef4000)]

Stack: [0x00007f2a66df3000,0x00007f2a66ef4000],  sp=0x00007f2a66ef28f0,  free space=1022k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
J 33 c1 T.v(IBI)V (57 bytes) @ 0x00007f2a472483dc [0x00007f2a47248240+0x000000000000019c]
j  T.b()V+8
j  T.main([Ljava/lang/String;)V+7
v  ~StubRoutines::call_stub
V  [libjvm.so+0x7fc1e5]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, JavaThread*)+0x315
V  [libjvm.so+0x8972cd]  jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, JavaThread*) [clone .constprop.1]+0x38d
V  [libjvm.so+0x89a10e]  jni_CallStaticVoidMethod+0x16e
C  [libjli.so+0x46ae]  JavaMain+0xcfe
C  [libjli.so+0x7d39]  ThreadJavaMain+0x9

See more in hs_err_pid170910.log.

[oubidar-Abderrahim]

Hi, Thank you for reporting this, we'll take a look into this shortly

[matneu]

This is an upstream bug in C1: https://bugs.openjdk.org/browse/JDK-8310127