United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6774607 SIGSEGV or (!is_null(v),"oop value can never be zero") assertion when running with CMS and COOPs
JDK-6774607 : SIGSEGV or (!is_null(v),"oop value can never be zero") assertion when running with CMS and COOPs

Details
Type:
Bug
Submit Date:
2008-11-21
Status:
Resolved
Updated Date:
2010-12-07
Project Name:
JDK
Resolved Date:
2009-03-20
Component:
hotspot
OS:
solaris
Sub-Component:
gc
CPU:
x86
Priority:
P2
Resolution:
Fixed
Affected Versions:
hs14
Fixed Versions:
hs14 (b09)

Related Reports
Backport:
Backport:
Relates:

Sub Tasks

Description
"-XX:+UseConcMarkSweepGC -XX:+UseCompressedOops" leads product jvm to fail with SIGSEGV
and fastdebug jvm to fail with following assertion:
 #  Internal Error (/BUILD_AREA/jdk7.0/hotspot/src/share/vm/oops/oop.inline.hpp:150), pid=29365, tid=3
 #  Error: assert(!is_null(v),"oop value can never be zero")

                                    

Comments
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/df4305d4c1a1
                                     
2008-11-24
EVALUATION

> 6774607 SIGSEGV or (!is_null(v),"oop value can never be zero")
> assertion when running with CMS and COOPs
>
> ParNew's work queue overflow handling uses the klass-word of
> the original (Eden or from-space) copy of an object to link
> overflown oops into the overflow list, so we need to call
> the more permissive methods (which permit a null value)
> in the overflow handling code that manipulates this field.
>
> Testing: the tests listed in the bug report
> 
webrev: http://analemma.sfbay.sun.com/net/neeraja/export/ysr/soft-ref/webrev/
                                     
2008-12-02
SUGGESTED FIX

> 6774607 SIGSEGV or (!is_null(v),"oop value can never be zero")
> assertion when running with CMS and COOPs
>
> ParNew's work queue overflow handling uses the klass-word of
> the original (Eden or from-space) copy of an object to link
> overflown oops into the overflow list, so we need to call
> the more permissive methods (which permit a null value)
> in the overflow handling code that manipulates this field.
>
> Testing: the tests listed in the bug report
> 
webrev: http://analemma.sfbay.sun.com/net/neeraja/export/ysr/soft-ref/webrev/
                                     
2008-12-02
SUGGESTED FIX

changeset:   445:df4305d4c1a1
user:        ysr
date:        Mon Nov 24 09:53:31 2008 -0800
files:       src/share/vm/gc_implementation/parNew/parNewGeneration.cpp src/share/vm/oops/oop.inline.hpp
description:
6774607: SIGSEGV or (!is_null(v),"oop value can never be zero") assertion when running with CMS and COOPs
Summary: Use the more permissive set_klass_or_null() and klass_or_null() interfaces in ParNew's workqueue overflow code that manipulates the klass-word.
Reviewed-by: coleenp

diff -r c96030fff130 -r df4305d4c1a1 src/share/vm/gc_implementation/parNew/parNewGeneration.cpp
--- a/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp        Thu Nov 20 16:56:09 2008 -0800
+++ b/src/share/vm/gc_implementation/parNew/parNewGeneration.cpp        Mon Nov 24 09:53:31 2008 -0800
@@ -1205,7 +1205,7 @@ ParNewGeneration::take_from_overflow_lis
   int n = 0;
   while (cur != NULL) {
     oop obj_to_push = cur->forwardee();
-    oop next        = oop(cur->klass());
+    oop next        = oop(cur->klass_or_null());
     cur->set_klass(obj_to_push->klass());
     if (par_scan_state->should_be_partially_scanned(obj_to_push, cur)) {
       obj_to_push = cur;
diff -r c96030fff130 -r df4305d4c1a1 src/share/vm/oops/oop.inline.hpp
--- a/src/share/vm/oops/oop.inline.hpp  Thu Nov 20 16:56:09 2008 -0800
+++ b/src/share/vm/oops/oop.inline.hpp  Mon Nov 24 09:53:31 2008 -0800
@@ -92,7 +92,7 @@ inline void oopDesc::set_klass_to_list_p
   // This is only to be used during GC, for from-space objects, so no
   // barrier is needed.
   if (UseCompressedOops) {
-    _metadata._compressed_klass = encode_heap_oop_not_null(k);
+    _metadata._compressed_klass = encode_heap_oop(k);  // may be null (parnew overflow handling)
   } else {
     _metadata._klass = (klassOop)k;
   }
                                     
2008-12-02
EVALUATION

It turns out that the fix I made here is insufficient
for the case of compressed oops if there is work queue
overflow in ParNew involving an object array. That needs
to be fixed by changing the overflow handling code to
user a compressed pointer (i.e. narrow oop) to point to
the next object in the overflow list. This is probably
somewhat of a showstopper for CompressedOops and CMS
because it can cause GC crashes. The only reliable workaround
is to disable ParNew in such cases (although, following
6787254, this is unlikely to affect most casual users,
it cab still affect users who make use of very large
heaps and have very large object arrays such as hashtables).
                                     
2009-03-19
WORK AROUND

-XX:-UseParNewGC or -XX:-UseCompressedOops
                                     
2009-03-19
EVALUATION

The fix for this CR is being done under 6819891. This bug will
be closed as a duplicate of 6819891 once the latter is fixed.
See 6819891 for more details.
                                     
2009-03-19



Hardware and Software, Engineered to Work Together