[lilliput-jdk17u:lilliput] RFR: 8303027: [Lilliput/JDK17] Correctly resolve forwarded objects in G1 heap iteration [v7]

Roman Kennke rkennke at openjdk.org
Thu Feb 23 10:31:28 UTC 2023 

> A user provided a (pretty simple) test case that makes the VM crash with Lilliput, when it should exit (somewhat more) gracefully with an OOME. The reason for the crash is that in G1, object_iterate() (or rather, the block_size() method that it calls) does not correctly resolve possibly forwarded objects, and then crashes because it accesses the Klass*, which is overridden by the forwarding pointer.
> 
> The trouble is that, we don't need (or even can't) resolve forwarded objects during full-GC, because there we are using sliding-forwarding which is designed precisely to preserve the object's Klass* while being forwarded. Outside of full-GC we don't need to preserve the Klass* because the Klass* is preserved in the forwarded copy.
> 
> This bug only exists in Lilliput/JDK17, the code path that leads to object_iterate() (restoring self-forwarded objects at evac failure) doesn't exist anymore in later versions - it uses a better way to iterate over the relevant self-forwarded objects.
> 
> The proposed fix is to do two different loops, one that resolves the forwardees when needed, and the other one that doesn't. The alternative would have to check for the condition in_full_gc() on every object being scanned, which would affect performance. I included the test case as jtreg test.
> 
> Testing:
>  - [x] runtime/oom/TestOOM.java
>  - [x] tier1
>  - [ ] tier2

Roman Kennke has updated the pull request with a new target base due to a merge or a rebase. The incremental webrev excludes the unrelated changes brought in by the merge/rebase. The pull request contains seven additional commits since the last revision:

 - Merge branch 'lilliput' into JDK-8303027
 - Reformat asserts for better readability
 - Add asserts for sanity
 - Rename object_iterate to _impl
 - Use default template arg, and simplify block_size()
 - Use templated iteration loop and block_size()
 - 8303027: [Lilliput/JDK17] Correctly resolve forwarded objects in G1 heap iteration

-------------

Changes:
  - all: https://git.openjdk.org/lilliput-jdk17u/pull/6/files
  - new: https://git.openjdk.org/lilliput-jdk17u/pull/6/files/590742c5..8cb1b7fe

Webrevs:
 - full: https://webrevs.openjdk.org/?repo=lilliput-jdk17u&pr=6&range=06
 - incr: https://webrevs.openjdk.org/?repo=lilliput-jdk17u&pr=6&range=05-06

  Stats: 41692 lines in 740 files changed: 31866 ins; 4089 del; 5737 mod
  Patch: https://git.openjdk.org/lilliput-jdk17u/pull/6.diff
  Fetch: git fetch https://git.openjdk.org/lilliput-jdk17u pull/6/head:pull/6

PR: https://git.openjdk.org/lilliput-jdk17u/pull/6

More information about the lilliput-dev mailing list