RFR(S): 8170409: CMS: Crash in CardTableModRefBSForCTRS::process_chunk_boundaries
Volker Simonis
volker.simonis at gmail.com
Mon Nov 28 18:33:32 UTC 2016
Hi,
can I please have a review and sponsor for the following fix submitted
by gunter.haug at sap.com:
http://cr.openjdk.java.net/~simonis/webrevs/2016/8170409/
https://bugs.openjdk.java.net/browse/JDK-8170409
We've observed a crash (see bug report for a stack trace) in
CardTableModRefBSForCTRS::process_chunk_boundaries() from time to time
since several years now, but only on non TSO platforms:
- It only happens in opt builds.
- Analysis of the assembly code revealed the actual crash site to be
an array store to a pointer (_lowest_non_clean) which is an argument
to process_chunk_boundaries()
- The pointer is actually calculated in
CardTableModRefBS::get_LNC_array_for_space() and passed as argument to
CardTableModRefBSForCTRS::process_chunk_boundaries()
- CardTableModRefBS::get_LNC_array_for_space() doesn't enforce TSO on
_last_LNC_resizing_collection[i] so the pointer to an uninitialized
structure (i.e._lowest_non_clean) could become visible to other
threads before the value of _last_LNC_resizing_collection[i].
Solution:
Use OrderAccess::load_acquire and OrderAccess::release_store for
accessing _last_LNC_resizing_collection[i] in
CardTableModRefBSForCTRS::get_LNC_array_for_space()
Thanks you and best regards,
Volker
More information about the hotspot-gc-dev
mailing list