RFR(S): 8069124 - runtime/NMT/MallocSiteHashOverflow.java failing in nightlies
Christian Tornqvist
christian.tornqvist at oracle.com
Mon Mar 9 15:29:58 UTC 2015
Changed the long to a uintptr_t and cleaned up the loop a bit.
Please see the update webrev at:
http://cr.openjdk.java.net/~ctornqvi/webrev/8069124/webrev.02/
Thanks,
Christian
-----Original Message-----
From: hotspot-runtime-dev
[mailto:hotspot-runtime-dev-bounces at openjdk.java.net] On Behalf Of Coleen
Phillimore
Sent: Wednesday, February 25, 2015 11:50 PM
To: David Holmes; hotspot-runtime-dev at openjdk.java.net
Subject: Re: RFR(S): 8069124 - runtime/NMT/MallocSiteHashOverflow.java
failing in nightlies
On 2/25/15, 11:04 PM, David Holmes wrote:
> On 26/02/2015 1:55 PM, Coleen Phillimore wrote:
>>
>>
>> In this case, I think 'long' is chosen because we want to turn
>> address into an integral type to create the hashcode and that'll
>> cover a 64 bit address.
>
> Sounds like a job for intptr_t.
Or maybe uintptr_t if they're arithmetic.
>
>> Even if we change the signedness of the value, it's still a useful
>> hash code. I don't see a bug here, only unfortunate casts.
>
> I'm surprised this change doesn't induce further warnings about mixing
> signed and unsigned. But the code screams "type confusion" to me.
>
>> This change looks good to me. It's a really good find, Christian!
>> We've been chasing this bug for months.
>
> The real bug was reading an uninitialized value no? In which case the
> change from signed to unsigned seems incidental, unless also guarding
> against overflow.
There were two bugs. The signed hash value was 0x8000000 and when negated
was 0x8000000, so created a negative index into the hash table.
Coleen
>
> David
> -----
>
>>
>> Thanks,
>> Coleen
>>
>>
>> On 2/24/15, 11:09 PM, David Holmes wrote:
>>> Hi Christian,
>>>
>>> On 25/02/2015 12:57 PM, Christian Tornqvist wrote:
>>>> Hi everyone,
>>>>
>>>>
>>>>
>>>> Please review this small fix for an issue with NMT.
>>>
>>> The use of long in this function looks wrong, particularly as
>>> sizeof(long) might equal sizeof(int) and long is signed but now
>>> _hash_value is unsigned:
>>>
>>> 72 // Hash code. Any better algorithm?
>>> 73 unsigned int NativeCallStack::hash() const {
>>> 74 long hash_val = _hash_value;
>>> 75 if (hash_val == 0) {
>>> 76 long pc;
>>> 77 int index;
>>> 78 for (index = 0; index < NMT_TrackingStackDepth; index ++) {
>>> 79 pc = (long)_stack[index];
>>> 80 if (pc == 0) break;
>>> 81 hash_val += pc;
>>> 82 }
>>> 83
>>> 84 NativeCallStack* p = const_cast<NativeCallStack*>(this);
>>> 85 p->_hash_value = (unsigned int)(hash_val & 0xFFFFFFFF);
>>> 86 }
>>> 87 return _hash_value;
>>> 88 }
>>>
>>> Even with the original code the use of long seems wrong.
>>>
>>> David
>>>
>>>
>>>>
>>>>
>>>> The failure was caused by reading random memory from the
>>>> uninitialized _hash_value, when this value happened to be
>>>> 0x80000000,
>>>> hash_to_index()
>>>> failed to negate the value and ended up with an index of -16:
>>>>
>>>>
>>>>
>>>> # Internal Error
>>>> (C:\\jprt\\T\\P1\\130630.ctornqvi\\s\\hotspot\\src\\share\\vm\\serv
>>>> ices\\mal
>>>>
>>>>
>>>> locSiteTable.cpp:139), pid=5680, tid=4928
>>>>
>>>> # assert(index >= 0) failed: Negative index -16
>>>>
>>>>
>>>>
>>>> Reproduced the issue and verified the fix using a debugger. Ran
>>>> vm.quick and hotspot/test/:hotspot_jprt tests on Linux i586/x64 and
>>>> Windows
>>>> i586/x64 with
>>>> -XX:NativeMemoryTracking=detail
>>>>
>>>>
>>>>
>>>> Webrev:
>>>>
>>>> http://cr.openjdk.java.net/~ctornqvi/webrev/8069124/webrev.00/
>>>>
>>>>
>>>>
>>>> Bug:
>>>>
>>>> https://bugs.openjdk.java.net/browse/JDK-8069124
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Christian
>>>>
>>>>
>>>>
>>
More information about the hotspot-runtime-dev
mailing list