RFR: JDK-8222545: Safe klass asserts

Daniel D. Daugherty daniel.daugherty at oracle.com
Thu Apr 18 17:11:08 UTC 2019 

On 4/18/19 12:47 PM, Per Liden wrote:
>
> On 04/18/2019 06:21 PM, Roman Kennke wrote:
>>
>>
>> Am 18.04.19 um 17:34 schrieb Stefan Karlsson:
>>> On 2019-04-18 17:29, Roman Kennke wrote:
>>>>
>>>>
>>>> Am 18.04.19 um 16:34 schrieb Stefan Karlsson:
>>>>> On 2019-04-18 15:13, Roman Kennke wrote:
>>>>>>>>>> To add a little more detail, I could move the change up into 
>>>>>>>>>> is_objArray(), but I don't want to expose it to any 
>>>>>>>>>> non-assert paths. Therefore I could do 2 different impls 
>>>>>>>>>> there, guarded by #ifdef ASSERT but I don't think it's a good 
>>>>>>>>>> idea to behave differently under ASSERT, that kindof defeats 
>>>>>>>>>> the point of assert, right?
>>>>>>>>>>
>>>>>>>>>> What do you think ?
>>>>>>>>>
>>>>>>>>> I don't follow your argument. Under asserts you need to access 
>>>>>>>>> the klass pointer "safely" but otherwise you do not. So there 
>>>>>>>>> are two behaviours related to accessing the klass pointer 
>>>>>>>>> anyway. I'd rather see that encapsulated in the accessor.
>>>>>>>>>
>>>>>>>>> I assume it's not just asserts but any debug only code that 
>>>>>>>>> wants to access the klass pointer.
>>>>>>>>
>>>>>>>> In general, for any runtime calls into oopDesc::klass() the 
>>>>>>>> access should be safe. The acrobatics is only necessary for 
>>>>>>>> *GC-internal* 
>>>>>>>
>>>>>>> This is the part I don't quite understand, and goes back to my 
>>>>>>> initial question. Why are you doing these operations on 
>>>>>>> from-space objects? I'm thinking you should be in a position in 
>>>>>>> the GC to make sure this can never happen. If you need to do 
>>>>>>> that in the GC (which is fine), then the GC could apply a 
>>>>>>> "resolve" function to get the to-space object, and call size() 
>>>>>>> (or whatever) on that object. This shouldn't have to leak out of 
>>>>>>> the GC, right?
>>>>>>
>>>>>> It is a problem when we are about to evacuate an object. Then we 
>>>>>> need to know its size in order to allocate and copy an 
>>>>>> appropriate chunk. The problem is that this part is racy: two 
>>>>>> threads (e.g. two Java threads via barrier, or one Java thread vs 
>>>>>> one GC thread) might compete over this: both would create a copy 
>>>>>> of the object, but ultimately only one would succeed (by CASing 
>>>>>> the fwd pointer). Therefore, getting hold of the object size is 
>>>>>> racy, by design, and this requires to resolve the _klass. Now, we 
>>>>>> can do that ahead of time, and call oopDesc::size_given_klass() 
>>>>>> and all would be good, except that size_given_klass() asserts 
>>>>>> that the object is indeed of the given klass, and hence fetches 
>>>>>> _klass again, which, at this point, is racy. Solving this inside 
>>>>>> the GC would require to basically copy all the machinery to get 
>>>>>> hold of object size into the GC. Are you asking me to do that?
>>>>>
>>>>> Other GCs store forwarding pointers in the mark word. See 
>>>>> oopDesc::forward_to and friends. Could you do the same and get rid 
>>>>> of this problem?
>>>>>
>>>>
>>>> No. Other GCs store the fwd pointer there, but only during a pause, 
>>>> and while possibly stashing the mark word somewhere else in the 
>>>> meantime.
>>>>
>>>> We need to do it outside of GC pauses, plus we need a way (bit) to 
>>>> indicate what it actually is (fwd pointer or Klass*). The mark word 
>>>> is already badly overloaded and also accessed much more often and 
>>>> in critical paths (e.g. locking), while the Klass* is basically 
>>>> immutable, and has the lowest 3 bits free (when running with 
>>>> -UseCompressedClassPointers, which would be enforced by 
>>>> Shenandoah). Using the Klass* slot is therefore the simplest and 
>>>> most efficient place to keep the fwd pointer. Attempting to use the 
>>>> mark word would require much more barriers and cause more overhead 
>>>> to manage it.
>>>
>>> Are you sure? Remember, the object is in from-space and no thread is 
>>> allowed to change it, except the threads that are copying out of the 
>>> from-space.
>>
>> Right. But we still need one bit in it to differentiate between fwd 
>> ptr and regular mark word. And installing the fwd pointer 
>> concurrently with 
>
> We already have such bits, and oopDesc::forward_to_atomic() will set 
> them for you. Aren't they enough?
>
>> locking seems more of a horror story than dealing with an otherwise 
>> immutable Klass*.
>
> With a to-space invariant, I can't see how this can happen 
> concurrently with locking.

Roman might be thinking about Async Monitor Deflation... :-)

Dan


>
> cheers,
> Per
>
>>
>> In any case, I guess we could do without any GC interface changes by 
>> dropping the asserts in size_given_klass() if you think that is 
>> reasonable, also avoid the extra asserts in klass() and friends (even 
>> though I would prefer to have some way to assert sanity there...), 
>> plus the changes for JDK-8222537 which are arguably an improvement in 
>> any case.
>>
>> Roman

More information about the hotspot-gc-dev mailing list