Resend: Request for reviews (L): 6840775: Multiple JVM crashes seen with 1.6.0_10 through early access of 1.6.0_14
Vladimir Kozlov
Vladimir.Kozlov at Sun.COM
Mon Jun 29 15:47:44 PDT 2009
Updated changes:
Removed changes in sharedRuntime.cpp. Put the duplicated code
in inline_native_clone() into separate helper method copy_to_clone().
http://cr.openjdk.java.net/~kvn/6840775/webrev.02
Fixed 6840775: Multiple JVM crashes seen with 1.6.0_10 through early access of 1.6.0_14
Problem:
There is no live oop value (only raw) across the call
to slow_arraycopy() corresponding to new array allocation
followed by arraycopy. The original CheckCastPP
is moved after the call and the new CheckCastPP lives
only until the call. As result the reference to allocated array
in copyOf() intrinsic is not put into OopMap and we get
wrong reference after the call when GC happens on the exit
from the call to slow_arraycopy().
Solution:
Replace raw memory edge in the original CheckCastPP with
new CheckCastPP to have a live oop across safepoints.
Also:
- don't disconnect the original InitializeNode;
- use a secondary InitializeNode as raw memory barrier
only on zero copy length path since other paths have
stub or runtime calls as raw memory barriers;
- remove incorrect stack restore in generate_slow_arraycopy;
- separate code for arrays and instances in inline_native_clone
and put common code into separate helper method;
- add assert to check for possible live raw values at safepoint
which are oops (there are CheckCastPP for the raw value);
- fix SA to display an object with bad oop fields;
- fix typo in optimized.make.
Reviewed by: never
Fix verified (y/n): y, bug's test
Other testing:
JPRT, CTW
More information about the hotspot-compiler-dev
mailing list