United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-6896647 card marks can be deferred too long
JDK-6896647 : card marks can be deferred too long

Details
Type:
Bug
Submit Date:
2009-10-30
Status:
Closed
Updated Date:
2012-05-22
Project Name:
JDK
Resolved Date:
2011-03-07
Component:
hotspot
OS:
windows_2003,linux,generic,solaris_10,windows
Sub-Component:
gc
CPU:
x86,sparc,generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
hs16,hs17,6u16,6u18
Fixed Versions:
hs17 (b08)

Related Reports
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Backport:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Duplicate:
Relates:
Relates:
Relates:
Relates:
Relates:
Relates:
Relates:

Sub Tasks

Description
ParallelGC intermittently crashes with SIGSEGV in PSPromotionManager::copy_to_survivor_space

#
#  SIGSEGV (0xb) at pc=0xb77e3d6e, pid=910, tid=1944603536
#
# JRE version: 7.0-b74
# Java VM: Java HotSpot(TM) Server VM (17.0-b04-2009-10-23-213406.et151817.hs17b04 compiled mode linux-x86 )
# Problematic frame:
# V  [libjvm.so+0x53ed6e]
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x08059c00):  GCTaskThread [stack: 0x73e04000,0x73e85000] [id=913]

siginfo:si_signo=SIGSEGV: si_errno=0, si_code=1 (SEGV_MAPERR), si_addr=0xf89bf917;; 

Registers:
EAX=0xf89bf90b, EBX=0x9f50a2e8, ECX=0xad68da40, EDX=0xf89bf913
ESP=0x73e83e50, EBP=0x73e83e88, ESI=0xffffffff, EDI=0x9f526ea0EIP=0xb77e3d6e, CR2=0xf89bf917, EFLAGS=0x00010293

Top of Stack: (sp=0x73e83e50)
0x73e83e50:   b419a34c 00000000 00000000 01f1254e
0x73e83e60:   3be56b7d 00e83ea8 0000000a 00000081
0x73e83e70:   b7f178dc ad81c000 00001000 9f50a2e80x73e83e80:   ffffffff 9f526ea0 73e83ed8 b77e5fe1
0x73e83e90:   080aa920 ad68da40 00000001 ffffffff

0x73e83ea0:   b7f13c5c 00000391 004161b0 00000000
0x73e83eb0:   00000001 9f526e9c ffffffff b7968cb0
0x73e83ec0:   08059420 08059428 9f50a2e8 000000ab 

Instructions: (pc=0xb77e3d6e)
0xb77e3d5e:   03 0f 84 1b 01 00 00 8b 4d 0c 8b 41 04 8d 50 08
0xb77e3d6e:   8b 4a 04 83 f9 00 0f 8e 86 00 00 00 c1 f9 02 89 
;; b77e3d5e 03
;; b77e3d5f 0f 84 1b 01 00 00       je     0xb77e3e80
;; b77e3d65 8b 4d 0c                mov    0xc(%ebp),%ecx
;; b77e3d68 8b 41 04                mov    0x4(%ecx),%eax
;; b77e3d6b 8d 50 08                lea    0x8(%eax),%edx
;; ---------------
;; b77e3d6e 8b 4a 04                mov    0x4(%edx),%ecx
;; b77e3d71 83 f9 00                cmp    $0x0,%ecx
;; b77e3d74 0f 8e 86 00 00 00       jle    0xb77e3e00
;; b77e3d7a c1 f9 02                sar    $0x2,%ecx
;; b77e3d7d 89 ff                   mov    %edi,%edi
;; 
Stack: [0x73e04000,0x73e85000],  sp=0x73e83e50,  free space=1ff73e837f4k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x53ed6e];;  PSPromotionManager::copy_to_survivor_space(oopDesc*, bool)+0x2e
V  [libjvm.so+0x540fe1];;  PSPromotionManager::drain_stacks_depth(bool)+0x601
V  [libjvm.so+0x1e1011];;  CardTableExtension::scavenge_contents_parallel(ObjectStartArray*, MutableSpace*, HeapWord*, P
SPromotionManager*, unsigned int)+0x881
V  [libjvm.so+0x5436ca];;  OldToYoungRootsTask::do_it(GCTaskManager*, unsigned int)+0x3a
V  [libjvm.so+0x30cea5];;  GCTaskThread::run()+0xd5
V  [libjvm.so+0x4f86b9];;  java_start(Thread*)+0xf9
C  [libpthread.so.0+0x61b5]

                                    

Comments
EVALUATION

Bisecting indicates this was introduced with 6888898: CMS: ReduceInitialCardMarks unsafe in the presence of cms precleaning.  A build of that mercurial revision (39b01ab7035a) fails regularly in under 20 iterations; a build of the prior revision did not fail after more than 700 iterations.
                                     
2009-12-14
EVALUATION

Adding -XX:-ReduceInitialCardMarks works around the problem; a run of the mercurial revision that introduced the problem (39b01ab7035a) with that option passed 500+ iterations.
                                     
2009-12-14
WORK AROUND

Add the command line option -XX:-ReduceInitialCardMarks
                                     
2009-12-14
EVALUATION

Running with -XX:+VerifyBeforeGC -XX:+VerifyAfterGC hides the problem; 1400+ iterations completed without failure.
                                     
2009-12-15
WORK AROUND

This bug affects all collectors other than UseSerialGC; see evaluation section.
                                     
2009-12-16
EVALUATION

Please note that our investigations as to the cause of this bug indicate that
it was introduced as a result of some changes in 6888898 and this bug
potentially affects all collectors other than UseSerialGC. See workaround
section.
                                     
2009-12-16
EVALUATION

Copied from an entry in the Comments field:

6888898 deferred the card marks so that they would occur strictly after the initializing stores which they were shadowing. The deferred marks would then be done by the GC worker threads when scanning thread stacks. However, there is no synchronizing barrier between the thread stack scanning (which would apply the deferred card marks) and the subsequent code that does the card-scanning.  Thus, card scanning for an arbitrary card whose marking had been deferred could happen before the deferred mark had been written.
                                     
2009-12-16
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/7b0e9cba0307
                                     
2010-01-14
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/7b0e9cba0307
                                     
2010-01-17



Hardware and Software, Engineered to Work Together