United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6811384 MacroAssembler::serialize_memory may touch next page on amd64
JDK-6811384 : MacroAssembler::serialize_memory may touch next page on amd64

Details
Type:
Bug
Submit Date:
2009-02-27
Status:
Closed
Updated Date:
2012-10-08
Project Name:
JDK
Resolved Date:
2009-03-18
Component:
hotspot
OS:
linux,solaris_10,linux_2.6,linux_redhat_5.0
Sub-Component:
runtime
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
hs14,6u14,6u16
Fixed Versions:
hs15 (b03)

Related Reports
Backport:
Backport:
Backport:
Backport:
Duplicate:
Duplicate:
Duplicate:
Relates:

Sub Tasks

Description
Customer reported a crash running SPECjAppServer2004 benchmark on Glassfish v2ur2-b04/OpenSolaris Nevada build snv_107/Nehalem EP.

I think this is a previously unreported bug in MacroAssembler::serialize_memory.

void MacroAssembler::serialize_memory(Register thread,
                                      Register tmp) {

  movl(tmp, thread);
  shrl(tmp, os::get_serialize_page_shift_count());
  andl(tmp, (os::vm_page_size() - sizeof(int)));

  Address index(noreg, tmp, Address::times_1);
  ExternalAddress page(os::get_memory_serialize_page());

  movptr(ArrayAddress(page, index), tmp);
}


It's storing a 64-bit quantity but only masking for an int.  In your faulting case we've got this:

;; fffffd7ffac6ff1d 81 e1 fc 0f 00 00       and    $0xffc,%ecx
;; fffffd7ffac6ff23 49 ba 00 00 e9 fd 7f fd ff ff mov    $0xfffffd7ffde90000,%r10
;; ---------------
;; fffffd7ffac6ff2d 49 89 0c 0a             mov    %rcx,(%r10,%rcx,1)

RCX=0x0000000000000ffc, R10=0xfffffd7ffde90000
siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0xfffffd7ffde91000;;

So we're crossing the boundary and accessing off the end of the page because of the 8 byte store.  It either needs to mask more or use smaller stores.
*** (#1 of 1): [ UNSAVED ] ###@###.###

                                    

Comments
WORK AROUND

-XX:+UseMembar will use a membar instruction instead of the serialize page.
                                     
2009-02-27
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/19962e74284f
                                     
2009-03-02



Hardware and Software, Engineered to Work Together