RFR (L): JDK-6843347 Boundary values in some public GC options cause crashes

Fri May 3 15:57:38 UTC 2013

Why a minimum value of CMSPrecleanThreshold as 100?  A value as low as 1 
works, right?

Should we make the minimum for HeapSizePerGCThread 1 page and document it
that way?  A value of 1 is legal but it's a crazy value and if anyone 
uses 1, they've
made a mistake.

+  status = status && verify_min_value(HeapSizePerGCThread, 1, "HeapSizePerGCThread");

Rest looks good.

Jon

On 5/3/2013 1:46 AM, Thomas Schatzl wrote:
> Hi all,
>
>    please review the following change that adds argument checking for
> many non-boolean GC related options to avoid crashes, DOSes etc. when
> passing particular option values.
> The change only covers values accessible in a product build (product,
> diagnostic, experimental and managed or so globals).
>
> Bugs.sun
> http://bugs.sun.com/view_bug.do?bug_id=6843347
>
> JBS:
> https://jbs.oracle.com/bugs/browse/JDK-6843347
>
> Webrev:
> http://cr.openjdk.java.net/~tschatzl/6843347/webrev/
>
> Testing:
> jprt
>
> Following is a list stating the reason for the particular check for each
> changed global variable. Note that these changes also resulted in (one
> or two) simplifications in code (e.g. checks/asserts that a int variable
> is larger than zero). For most variables the problem is actually easy to
> spot if you look for such errors, only some are more tricky. This
> information is presented here.
>
> NUMAInterleaveGranularity - must be > 0, task sizing, crash at
> os_windows.cpp:2866
> NUMAPageScanRate - negative value gives an overflow in
> MutableNUMASpace::scan_pages(); intx->uintx
> NUMAChunkResizeWeight - percentage boundary check; intx->uintx
> NUMASpaceResizeRate - negative value gives overflow in
> MutableNUMASpace::initialize() and other errors following; intx->uintx
>
> LogEventsBufferEntries - used to size buffer that is allocated on the
> heap, must be > 0; intx->uintx
> HeapSizePerGCThread - used as divisor
> GCTaskTimeStampEntries - used to size buffer allocated on the heap
>
> ParallelGCBufferWastePct - overflow and degraded performance;
> percentage; intx->uintx
> TargetPLABWastePct - percentage; used as divisor; intx->uintx
>
> ParGCStridesPerThread - used as divisor in
> CardTableModRefBS::process_stride(); used for task sizing, must be > 0
> ParGCCardsPerStrideChunk - incorrect operation in
> CardTableModRefBS::process_stride()
>
> CMSOldPLABNumRefills - used as divisor
> CMSOldPLABToleranceFactor - used as divisor
>
> CMSOldPLABMin - results in use in divisor (and failing assertion)
> CMSOldPLABMax - results in use in divisor (and failing assertion)
>
> CMSYoungGenPerWorker - must be > 0, although it results in nothing
> serious since other safeguards help, but is unexpected. intx->uintx
> CMS_FLSWeight - percentage
>
> FLSCoalescePolicy - invalid value gives ShouldNotReachHere()
>
> CMS_SweepWeight - percentage
>
> CMSMaxAbortablePrecleanTime - time span, should not be negative
>
> CMSRescanMultiple - used for task sizing, should be > 0
> CMSConcMarkMultiple - used for task sizing, should be > 0
>
> CMSPrecleanIter - must be < 10, fails assertion otherwise
> CMSPrecleanDenominator, CMSPrecleanNumerator - other values fail
> assertion in concurrentMarkSweepGeneration
> CMSScheduleRemarkEdenPenetration - percentage
> CMSScheduleRemarkSamplingRatio - must be > 0, div by zero otherwise
> CMSBitMapYieldQuantum - used for task sizing, should be > 0
> CMSTriggerRatio - percentage
> CMSIsTooFullPercentage - percentage
>
> YoungGenerationSizeSupplementDecay - must be > 0, div by zero otherwise
> TenuredGenerationSizeSupplementDecay - must be > 0, div by zero
> otherwise
>
> WorkStealingSleepMillis - intx->uintx
>
> MinRAMFraction - must be > 0, div by zero otherwise
> InitialRAMFraction - ""
> MaxRAMFraction - ""
> DefaultMaxRAMFraction - ""
>
> AdaptiveTimeWeight - percentage
> AdaptiveSizeDecrementScaleFactor - must be > 0, div by zero otherwise
>
> MinTLABSize - must be > 0, buffer allocation
> TLABRefillWasteFraction - must be > 0, div by zero otherwise
>
> MaxTenuringThreshold - 4 bit size limitation due to available storage
> InitialTenuringThreshold - must be 0 <= x <= MaxTenuringThreshold
> TargetSurvivorRatio - percentage
> MarkSweepDeadRatio - percentage
>
> MarkSweepAlwaysCompactCount - must be > 0, division by zero otherwise.
> Note that previously there has been code at the location where it was
> used that checked for zero values; now the argument processing fixes up
> the value as necessary. intx->uintx
>
> QueuedAllocationWarningCount - intx->uintx
>
> ParallelOldDeadWoodLimiterMean - documentation mentions value from
> 0..100
> ParallelOldDeadWoodLimiterStdDev - documentation mentions value from
> 0..100
>
> ParallelOldGCSplitInterval - used as divisor
>
> Thanks,
> Thomas
>
>