RFR (S): 8198909: [Graal] compiler/codecache/stress/UnexpectedDeoptimizationTest.java crashed with SIGSEGV
Tom Rodriguez
tom.rodriguez at oracle.com
Thu Jun 21 20:46:53 UTC 2018
Erik Österlund wrote on 6/21/18 6:26 AM:
> Hi,
>
>
> In src/hotspot/share/jvmci/jvmciCompilerToVM.cpp
>
> Please remove
> #include "gc/g1/g1BarrierSet.hpp"
>
> In src/hotspot/share/jvmci/jvmciCompilerToVM.hpp:
>
> I would prefer if KlassRefHandle was called JVMCIKlassHandle, because it
> is very specific to JVMCI. On that note it is unfortunate that we can
> not simply reuse ciInstanceKlass, which is the klass handle used by the
> other compilers.
>
> Klass* _value;
> should be called _klass
>
> Handle _phantom;
> should be called _holder
>
> Klass* obj()
> should be called klass()
>
> Otherwise, this looks good, and I don't need another webrev for this.
I've made all the requested edits. Additionally I never really got an
answer to my question about handling of ObjArrayKlass but concluded that
it must be handled, so I've moved phantom_holder from InstanceKlass to
Klass so it can be used in a uniform way. I guess the CI handles it
implicitly under the assumption that klass->class_loader_data() ==
ObjArrayKlass::cast(klass)->bottom_klass()->class_loader_data() which
should presumably be true. The new webrev is
http://cr.openjdk.java.net/~never/8198909.2/webrev. I'll consider the
movement of phantom_holder to be acceptable unless I hear an objection soon.
tom
>
> Thanks,
> /Erik
>
> On 2018-06-19 23:34, Tom Rodriguez wrote:
>> I've generated a webrev with a new KlassRefHandle protecting
>> questionable uses in JVMCI.
>> http://cr.openjdk.java.net/~never/8198909.1/webrev
>>
>> One outstanding question is whether ObjArrayKlass also needs a working
>> holder_phantom method. It would seem so to me but maybe there's some
>> reason not?
>>
>> tom
>>
>> Tom Rodriguez wrote on 6/11/18 10:04 AM:
>>>
>>>
>>> Erik Österlund wrote on 6/11/18 2:09 AM:
>>>> Hi Tom,
>>>>
>>>> Could you please call InstanceKlass::holder_phantom() instead to
>>>> keep the class alive? That is the more general mechanism that is
>>>> also used by ciInstanceKlass. We don't want to use explicit G1
>>>> enqueue calls anymore.
>>>
>>> Ok. I guess the same fix in JDK8 will have the use the explicit
>>> enqueue though or is it not required in JDK8?
>>>
>>>> Also, you must not perform any thread transition between loading the
>>>> weak klass from the MDO until you call holder_phantom, otherwise it
>>>> might have been unloaded before you get to call holder_phantom(). Is
>>>> this guaranteed somehow in this scenario? I looked through all
>>>> callsites and could not find where the Klass pointer is read in the
>>>> MDO and subsequently passed into the CompilerToVM::get_jvmci_type
>>>> API, and therefore I do not know if this is guaranteed.
>>>
>>> The obviously problematic path is at
>>> http://hg.openjdk.java.net/jdk/jdk/file/50469fb301c4/src/hotspot/share/jvmci/jvmciCompilerToVM.cpp#l334
>>> when either base_address is a Klass* or base_object is NULL which is
>>> where we are reading from non-heap memory. There are other paths
>>> which are reading Klasses through more standard APIs from the
>>> ConstantPool for instance.
>>>
>>> There isn't an easy way to ensure no safepoint occurs in between so
>>> maybe we require the caller of get_jvmci_type to pass in the
>>> phantom_holder() as a way of forcing the caller to call
>>> holder_phantom() at the appropriate places? Or is it the case that
>>> getResolvedType is the only place where special effort is required?
>>> All the other paths are fairly normal HotSpot code but though place
>>> that uses klass->implementor() for instance seems like it could be
>>> considered to be weak by G1.
>>>
>>> http://hg.openjdk.java.net/jdk/jdk/file/50469fb301c4/src/hotspot/share/jvmci/jvmciCompilerToVM.cpp#l368
>>>
>>>
>>> The lack of a properly working KlassHandle seems like an oversight in
>>> the API to me.
>>>
>>> tom
>>>
>>>>
>>>> Thanks,
>>>> /Erik
>>>>
>>>> On 2018-06-08 22:46, Tom Rodriguez wrote:
>>>>> The JVMCI API may read Klass* and java.lang.Class instances from
>>>>> locations which G1 would consider to be weakly referenced. This
>>>>> can result in HotSpotResolvedObjectTypeImpl instances with
>>>>> references to Classes that have been unloaded. In the this crash,
>>>>> JVMCI was reading a Klass* from the profile in an MDO and building
>>>>> a wrapper around it. The MDO reference is weak and was the only
>>>>> remaining reference to the type so it could be dropped resulting in
>>>>> an eventual crash.
>>>>>
>>>>> I've added an explicit G1 enqueue before we call out to create the
>>>>> wrapper object but is there a more recommended way of doing this?
>>>>> Dean had pointed out the oddly named InstanceKlass::holder_phantom
>>>>> which is used by the CI. Should I be using that? The G1 barrier is
>>>>> only really need when reading from non-Java heap memory but since
>>>>> the get_jvmci_type method is the main entry point for this logic it
>>>>> safest to always perform it in this path.
>>>>>
>>>>> https://bugs.openjdk.java.net/browse/JDK-8198909
>>>>> http://cr.openjdk.java.net/~never/8198909/webrev
>>>>
>
More information about the hotspot-gc-dev
mailing list