RFR (S) 8182397: Race in field updates when creating ArrayKlasses can lead to crash
Erik Österlund
erik.osterlund at oracle.com
Tue Jul 25 13:41:59 UTC 2017
On 2017-07-25 14:42, Andrew Haley wrote:
> On 25/07/17 12:13, Erik Österlund wrote:
>> For example, take this example pseudo code for performing what I refer
>> to as a stable load between two fields modified concurrently with
>> potential ABA issues:
>>
>> loop {
>> x_start = load_relaxed(field_A)
>> y = load_consume(field_B)
>> x = load_consume(field_A)
>> if (x_start == x) break;
>> }
>>
>> // use x->foo
> I don't understand this pseudocode. What is the base address for field_A
> and field_B ?
>
field_A and field_B could be two different registers pointing at
different addresses - i.e. they are arbitrary pointers. The key in this
example is that field_A is reloaded, and then we compare if the reloaded
value is equal to the original value (with a possible ABA problem), and
stop the loop then. But the original and reloaded value could reside in
different registers, and when we continue using x->foo afterwards, the
compiler could elect to use either one of the two registers as base
pointers in the dereference - either the one from the reloaded value of
field_A or for the original value, as they are equal to each other.
Normally that is totally fine, but had the compiler known that the
reload had consume semantics, it would have known that it definitely has
to use that register that the reload went into when dereferencing x->foo
after the loop, despite the fact that it is arithmetically equal to the
other register.
Hope that makes more sense.
Thanks,
/Erik
More information about the hotspot-dev
mailing list