[lilliput-jdk17u:lilliput] RFR: 8303027: [Lilliput/JDK17] Correctly resolve forwarded objects in G1 heap iteration [v2]
Aleksey Shipilev
shade at openjdk.org
Wed Feb 22 14:01:36 UTC 2023
On Wed, 22 Feb 2023 13:18:46 GMT, Roman Kennke <rkennke at openjdk.org> wrote:
>> A user provided a (pretty simple) test case that makes the VM crash with Lilliput, when it should exit (somewhat more) gracefully with an OOME. The reason for the crash is that in G1, object_iterate() (or rather, the block_size() method that it calls) does not correctly resolve possibly forwarded objects, and then crashes because it accesses the Klass*, which is overridden by the forwarding pointer.
>>
>> The trouble is that, we don't need (or even can't) resolve forwarded objects during full-GC, because there we are using sliding-forwarding which is designed precisely to preserve the object's Klass* while being forwarded. Outside of full-GC we don't need to preserve the Klass* because the Klass* is preserved in the forwarded copy.
>>
>> This bug only exists in Lilliput/JDK17, the code path that leads to object_iterate() (restoring self-forwarded objects at evac failure) doesn't exist anymore in later versions - it uses a better way to iterate over the relevant self-forwarded objects.
>>
>> The proposed fix is to do two different loops, one that resolves the forwardees when needed, and the other one that doesn't. The alternative would have to check for the condition in_full_gc() on every object being scanned, which would affect performance. I included the test case as jtreg test.
>>
>> Testing:
>> - [x] runtime/oom/TestOOM.java
>> - [x] tier1
>> - [ ] tier2
>
> Roman Kennke has updated the pull request incrementally with one additional commit since the last revision:
>
> Use templated iteration loop and block_size()
This looks much better, thanks.
src/hotspot/share/gc/g1/heapRegion.hpp line 190:
> 188: // and the amount of unallocated words if called on top()
> 189: template<bool RESOLVE>
> 190: size_t block_size(const HeapWord* p) const;
There is non-templated `block_size` here too, just below. Is the non-templated version used? If so, do you want to drop it and say `template<bool RESOLVE = true>` instead?
-------------
Marked as reviewed by shade (Reviewer).
PR: https://git.openjdk.org/lilliput-jdk17u/pull/6
More information about the lilliput-dev
mailing list