JDK-8225329 : -XX:+PrintBiasedLockingStatistics causes crash during initialization on Windows platforms
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 11,11.0.3-oracle,15,16
  • Priority: P4
  • Status: Resolved
  • Resolution: Fixed
  • OS: windows
  • CPU: x86
  • Submitted: 2019-06-05
  • Updated: 2020-10-05
  • Resolved: 2020-07-20
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 16
11.0.10Fixed 16Fixed
Description
Reported by : chengjingwei1@huawei.com

The JVM crashes during initialization on 64-bit Windows platforms when running the following command:
java -XX:+UnlockDiagnosticVMOptions -XX:+PrintBiasedLockingStatistics -version

The crash would happen with Oracle JDK 11+ and AdoptOpenJDK 11+ (both compiled with VS2017).

OS version:
Windows 7 Professional SP1 x64 / Windows Server 2012 R2 Datacenter x64

For Oracle JDK 11+,

Java version:
java version "11.0.3" 2019-04-16 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.3+12-LTS)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.3+12-LTS, mixed mode)

Crash message:
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (macroAssembler_x86.hpp:116), pid=20940, tid=19804
#  guarantee(this->is8bit(imm8)) failed: Short forward jump exceeds 8-bit offset
#
# JRE version:  (11.0.3+12) (build )
# Java VM: Java HotSpot(TM) 64-Bit Server VM (11.0.3+12-LTS, mixed mode, tiered, compressed oops, g1 gc, windows-amd64)
# No core dump will be written. Minidumps are not enabled by default on client versions of Windows
#
# An error report file with more information is saved as:
# D:\jdk\jdk-11.0.3\bin\hs_err_pid20940.log
#
# If you would like to submit a bug report, please visit:
#   http://bugreport.java.com/bugreport/crash.jsp
#

We built openjdk jdk8u with VS2017 and could also reproduce this issue using this build.

Some quick analysis for jdk8u:

The crash happens when macroAssembler is generating "zerolocals_synchronized".

In hotspot/src/cpu/x86/vm/macroAssembler.cpp, there's a label named "try_revoke_bias", which is to be binded with a short jump.

    1) If PrintBiasedLockingStatistics is turned on, jvm would generate some extra instructions for tracking the counters.

    If ASLR is turned on when compiling hotspot (which is the default behaviour in VS2017),  then
    2) The distance between BiasedLockCounter and current pc can be larger than 4G, causing MacroAssembler::atomic_incl to
generate an extra lea instruction;

    3) Universe::narrow_klass_shift() could be zero, causing MacroAssembler::decode_klass_not_null to generate some extra
instructions.

    If all the above conditions are met, try_revoke_bias would consume more than 127 bytes, triggering the assert and crashing
the jvm.
Comments
Fix Request (11u) Same trivial fix is needed in open source version. Fix was also reviewed here: https://github.com/openjdk/jdk/pull/372#issuecomment-699881263
28-09-2020
Issue can still be observed in JDK16 which can still get built with VS2017: jdk-16\bin\java -XX:+UnlockDiagnosticVMOptions -XX:+UseBiasedLocking -XX:+PrintBiasedLockingStatistics -version
21-09-2020
Changing the jump to try_revoke_bias [1] from a short jump (jccb) to a near jump (jcc), should also solve this for OpenJDK 8. [1] https://hg.openjdk.java.net/jdk8u/jdk8u/hotspot/file/182c3887f2e6/src/cpu/x86/vm/macroAssembler_x86.cpp#l1158
14-08-2020
Reopening to restore lost "Resolved In Build" value and "Status" should be "Resolved".
20-07-2020