RFR (S) 8213092: Add more runtime locks for concurrent class unloading

David Holmes david.holmes at oracle.com
Wed Oct 31 08:42:10 UTC 2018 

Hi Erik,

So the magic STS Joiner ensures everything works okay. But how can I 
tell from the code that you are in fact using the STS Joiner? Can it be:

assert_locked_by_sts_joiner_or_safepoint(...);

? Is that at all possible?

I don't know when SuspendibleThreadSet came into play or exactly how it 
operates.

Thanks,
David

On 31/10/2018 6:19 PM, Erik Österlund wrote:
> Hi David,
> 
> On 2018-10-31 01:56, David Holmes wrote:
>> On 30/10/2018 11:16 PM, coleen.phillimore at oracle.com wrote:
>>> On 10/30/18 8:36 AM, David Holmes wrote:
>>>> On 30/10/2018 10:24 PM, coleen.phillimore at oracle.com wrote:
>>>>> On 10/30/18 12:17 AM, David Holmes wrote:
>>>>>> Hi Coleen,
>>>>>>
>>>>>> On 30/10/2018 1:45 PM, coleen.phillimore at oracle.com wrote:
>>>>>>> Summary: Add locks for calling CLDG::purge concurrently as well 
>>>>>>> and for calling SystemDictionary::do_unloading concurrently.
>>>>>>>
>>>>>>> Ran linux-x64 tier1-6 through mach5 and hotspot/jtreg/runtime 
>>>>>>> tests, which include the module tests.
>>>>>>>
>>>>>>> open webrev at http://cr.openjdk.java.net/~coleenp/8213092.01/webrev
>>>>>>> bug link https://bugs.openjdk.java.net/browse/JDK-8213092
>>>>>>
>>>>>> So ... all the locks covered by an assert_locked_or_safepoint, or 
>>>>>> which are acquired by the VMThread at a safepoint, must never be 
>>>>>> held by a JavaThread if it could reach a safepoint whilst that 
>>>>>> lock is held - else we could deadlock. So can we check that with 
>>>>>> NoSafepointVerifiers?
>>>>>
>>>>> Actually I think this is not possible to add NSV.   You can acquire 
>>>>> the ClassLoaderDataGraph_lock and then the Module_lock. The latter 
>>>>> would check for a safepoint also for a Java thread. This is 
>>>>> currently done for Jvmti and JFR, but not in other code that I can 
>>>>> see.  I don't actually know how to fix this problem.
>>>>
>>>> This seems risky. If a JavaThread can hold the CLDG_lock while 
>>>> blocked at a safepoint (acquiring the Module_lock), then what is to 
>>>> stop the VMThread from hitting one of these sections of code 
>>>> protected by locked_or_safepoint and then proceeding into what is 
>>>> effectively a critical section (by virtue of there being a 
>>>> safepoint) when the JavaThread is itself in the midst of a critical 
>>>> section? Do we actively take steps to prevent this somehow, or to 
>>>> make it safe for the VMThread to proceed?
>>>
>>> No we don't.  I think we have this problem today (not introduced or 
>>> made worse by this patch).
>>
>> It is made worse by this patch. Before this patch you have code only 
>> executed by the VMThread at a safepoint. After the patch you have code 
>> that may be executed by the VMThread at a safepoint or by another 
>> thread under a lock (and there may or may not also be a safepoint). 
>> And this allows the VMThread to execute the same code at the same as a 
>> lock-holding thread executes it!
> 
> The scenario you describe can not happen. The code you are referring to 
> is executed either by the VM thread in a safepoint, or by a concurrent 
> GC thread outside of a safepoint, holding the STS joiner, and hence 
> effectively blocking concurrent safepoints from entering the scope. The 
> two can never run concurrent to each other.
> 
> I tried going down the path of not using the STS joiner in an earlier 
> prototype, but it required major rewrites due to too many assumptions 
> being violated. And yet I could not convince myself what I was doing was 
> safe, due to possibly strange interactions with crazy safepoint 
> operations, like redefinition. So I dropped that and decided to protect 
> these operations with the STS joiner instead.
> 
>>> I'll file an bug to fix it and hopefully add detection for this.  I 
>>> think we don't need to take CLDG_lock in a safepoint and should 
>>> prevent doing so, but things like this are more reliable to do with 
>>> computers than visual inspection.  Can you add your suggestions to my 
>>> RFE? https://bugs.openjdk.java.net/browse/JDK-8213150
>>
>> This needs to be fixed before enabling the current patch IMHO. At 
>> least the two usages you mention in your follow up email need some 
>> kind of guard to ensure a safepoint can't be reached while the lock is 
>> held. Or the VMThread must also acquire the lock(s) - though if NJTs 
>> are involved there is a risk of breakage due to lock sneaking!
> 
> These locks are taken under the STS joiner, specifically to dodge the 
> issues you refer to. The STS joiner makes sure that the locks you are 
> taking do not suffer from bad lock sneaking interactions, because they 
> do not take the locks concurrent to the VM thread. So we have the safety 
> we need. I agree that the CLDG lock does not need to be taken by the VM 
> thread in a safepoint, simply because it is unnecessary and risky. But 
> that is orthogonal to this patch.
> 
> Thanks,
> /Erik
> 
>> David
>> -----
>>
>>> The CLDG lock can be shared by non-java threads and java threads, 
>>> which is the point.  There may be other locks though.
>>
>>
>>
>>>>
>>>>>
>>>>> The locks added in this patch set though are for the 
>>>>> NonJavaThreads, who do not do safepoint checks.  The NonJavaThreads 
>>>>> that acquire these locks use the STS joiner mechanism which 
>>>>> disallows safepoints while being held (and since they are non Java 
>>>>> threads, do not check for safepoints themselves).
>>>>>
>>>>> This is how it's going to look for the ZGC caller:
>>>>>
>>>>> {
>>>>> SuspendibleThreadSetJoiner sts_joiner;
>>>>> // Unlink the classes.
>>>>> MutexLockerEx ml(ClassLoaderDataGraph_lock);
>>>>> unloading_occurred = 
>>>>> SystemDictionary::do_unloading(ZStatPhase::timer(),
>>>>> true /* do_cleaning */););
>>>>> }
>>>>
>>>> Somehow I missed the creation/invention of the STS joiner mechanism.
>>>>
>>>
>>> Me too!   It's in gc/shared but it's really runtime code, except 
>>> people in runtime didn't know about it because it's used by GC threads.
>>>
>>> Let me know if you have more questions and can review this code.
>>>
>>> Thanks,
>>> Coleen
>>>
>>>> David
>>>>
>>>>>
>>>>>>
>>>>>> Further, are these locks acquired by non-JavaThreads such that the 
>>>>>> VMThread may be delayed whilst a safepoint is active?
>>>>>
>>>>> Yes, theoretically they could delay the VMThread from getting to a 
>>>>> safepoint or doing its work while in a safepoint but the threads 
>>>>> that take out these locks only hold them for short durations.
>>>>>
>>>>> Thanks,
>>>>> Coleen
>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> David
>>>>>>
>>>>>>> Thanks,
>>>>>>> Coleen
>>>>>
>>>

More information about the hotspot-runtime-dev mailing list