JDK-8232921 : assert(is_object_aligned(result)) failed: address not aligned
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 14
  • Priority: P2
  • Status: Closed
  • Resolution: Fixed
  • Submitted: 2019-10-24
  • Updated: 2020-01-27
  • Resolved: 2019-10-31
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 14
14 b22Fixed
Related Reports
Duplicate :  
JDK-8232752 - [Graal] compiler/jsr292/NullConstantReceiver.java failed "assert(oopDesc::is_oop(pre_val, true)) failed: Error"
Relates :  
JDK-8218628 - Add detailed message to NullPointerException describing what is null.
Description
The following error occurs while running DaCapo's tradesoap benchmark. I have narrowed down the culprit to JDK-8218628 (https://hg.openjdk.java.net/jdk/jdk/rev/e3618c902d17).

Reproducing recipe:
1. Download dacapo-9.12-MR1-bach.jar from https://sourceforge.net/projects/dacapobench/files/9.12-bach-MR1/

2. Run the following with a fastdebug build:
$ java -Xms150m -Xmx150m -jar dacapo-9.12-MR1-bach.jar tradesoap -n 10 -t 50

It usually crashes withing 4 warmup iterations. A small heap (150MB) and many application threads (-t 50) help to trigger the crash more often.


# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (usr/local/google/home/manc/ws/jdkHeadOpen3/src/hotspot/share/oops/compressedOops.inline.hpp:51), pid=10769, tid=12030
#  assert(is_object_aligned(result)) failed: address not aligned: 0x00000000baadbabe
#
# JRE version: OpenJDK Runtime Environment (14.0) (fastdebug build 14-internal+0-adhoc.manc.jdkHeadOpen3)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 14-internal+0-adhoc.manc.jdkHeadOpen3, mixed mode, sharing, tiered, compressed oops, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x94f53c]  AccessInternal::PostRuntimeDispatch<G1BarrierSet::AccessBarrier<2670710ul, G1BarrierSet>, (AccessInternal::BarrierType)1, 2670710ul>::oop_access_barrier(oop, long, oop)+0x97c

Current thread (0x00007faaf534a000):  JavaThread "DaCapo Thread 35" [_thread_in_vm, id=12030, stack(0x00007fa68aef1000,0x00007fa68aff2000)]

Stack: [0x00007fa68aef1000,0x00007fa68aff2000],  sp=0x00007fa68afed5e0,  free space=1009k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x94f53c]  AccessInternal::PostRuntimeDispatch<G1BarrierSet::AccessBarrier<2670710ul, G1BarrierSet>, (AccessInternal::BarrierType)1, 2670710ul>::oop_access_barrier(oop, long, oop)+0x97c
V  [libjvm.so+0xa9b160]  objArrayOopDesc::obj_at_put(int, oop)+0xf0
V  [libjvm.so+0xe408d4]  java_lang_Throwable::fill_in_stack_trace(Handle, methodHandle const&, Thread*)+0xbe4
V  [libjvm.so+0xe4099f]  java_lang_Throwable::fill_in_stack_trace(Handle, methodHandle const&)+0x4f
V  [libjvm.so+0xf6a184]  JVM_FillInStackTrace+0x104
C  [libjava.so+0x12951]  Java_java_lang_Throwable_fillInStackTrace+0x11
J 738  java.lang.Throwable.fillInStackTrace(I)Ljava/lang/Throwable; java.base@14-internal (0 bytes) @ 0x00007faae3f6513f [0x00007faae3f65060+0x00000000000000df]
J 13076 c2 java.security.PrivilegedActionException.<init>(Ljava/lang/Exception;)V java.base@14-internal (7 bytes) @ 0x00007faae4d8ace4 [0x00007faae4d8ab20+0x00000000000001c4]
J 4382 c2 java.security.AccessController.doPrivileged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object; java.base@14-internal (26 bytes) @ 0x00007faae4205484 [0x00007faae4205280+0x0000000000000204]
J 13746 c2 jdk.internal.loader.URLClassPath$JarLoader.<init>(Ljava/net/URL;Ljava/net/URLStreamHandler;Ljava/util/HashMap;Ljava/security/AccessControlContext;)V java.base@14-internal (67 bytes) @ 0x00007faae4f87c28 [0x00007faae4f86f80+0x0000000000000ca8]
J 14264 c2 jdk.internal.loader.URLClassPath$JarLoader$3.run()Ljava/lang/Object; java.base@14-internal (5 bytes) @ 0x00007faae5095894 [0x00007faae5095720+0x0000000000000174]
J 4382 c2 java.security.AccessController.doPrivileged(Ljava/security/PrivilegedExceptionAction;Ljava/security/AccessControlContext;)Ljava/lang/Object; java.base@14-internal (26 bytes) @ 0x00007faae42052dc [0x00007faae4205280+0x000000000000005c]
J 6218 c2 jdk.internal.loader.URLClassPath$JarLoader.getResource(Ljava/lang/String;ZLjava/util/Set;)Ljdk/internal/loader/Resource; java.base@14-internal (354 bytes) @ 0x00007faae4444b2c [0x00007faae4444500+0x000000000000062c]
J 4336 c2 jdk.internal.loader.URLClassPath$JarLoader.getResource(Ljava/lang/String;Z)Ljdk/internal/loader/Resource; java.base@14-internal (65 bytes) @ 0x00007faae4056be4 [0x00007faae40563c0+0x0000000000000824]
J 13057 c2 org.apache.geronimo.kernel.classloader.UnionEnumeration.hasMoreElements()Z (45 bytes) @ 0x00007faae4d307ec [0x00007faae4d30600+0x00000000000001ec]
J 13715 c2 java.util.ServiceLoader$LazyClassPathLookupIterator.nextProviderClass()Ljava/lang/Class; java.base@14-internal (248 bytes) @ 0x00007faae4f729b4 [0x00007faae4f72000+0x00000000000009b4]
J 14350 c2 java.util.ServiceLoader$LazyClassPathLookupIterator.hasNextService()Z java.base@14-internal (144 bytes) @ 0x00007faae5108d38 [0x00007faae5108ce0+0x0000000000000058]
J 14448 c2 javax.naming.spi.NamingManager.getInitialContext(Ljava/util/Hashtable;)Ljavax/naming/Context; java.naming@14-internal (207 bytes) @ 0x00007faae51df240 [0x00007faae51de500+0x0000000000000d40]
J 14086 c1 javax.naming.InitialContext.getDefaultInitCtx()Ljavax/naming/Context; java.naming@14-internal (43 bytes) @ 0x00007faadcd13fbc [0x00007faadcd13ec0+0x00000000000000fc]
J 13498 c1 org.apache.geronimo.samples.daytrader.soap.TradeWebSoapProxy.getPortFromFactory()Lorg/apache/geronimo/samples/daytrader/client/ws/TradeWSServices; (142 bytes) @ 0x00007faadcd84b44 [0x00007faadcd84400+0x0000000000000744]
J 13453 c1 org.apache.geronimo.samples.daytrader.soap.TradeWebSoapProxy.getTrade()Lorg/apache/geronimo/samples/daytrader/client/ws/TradeWSServices; (59 bytes) @ 0x00007faadd457e34 [0x00007faadd457de0+0x0000000000000054]
J 13852 c1 org.apache.geronimo.samples.daytrader.dacapo.DaCapoTrader.doQuote(Ljava/lang/String;Z)I (134 bytes) @ 0x00007faaddbdb33c [0x00007faaddbdb120+0x000000000000021c]
J 12878 c1 org.apache.geronimo.samples.daytrader.dacapo.DaCapoTrader.doPortfolio(Ljava/lang/String;)I (244 bytes) @ 0x00007faadcdfc4dc [0x00007faadcdfbf60+0x000000000000057c]
J 12890 c1 org.apache.geronimo.samples.daytrader.dacapo.DaCapoTrader.runTradeSession(Ljava/lang/String;)V (248 bytes) @ 0x00007faaddba371c [0x00007faaddba3300+0x000000000000041c]
j  org.apache.geronimo.samples.daytrader.dacapo.DaCapoTrader.run()V+15
v  ~StubRoutines::call_stub
V  [libjvm.so+0xe2486c]  JavaCalls::call_helper(JavaValue*, methodHandle const&, JavaCallArguments*, Thread*)+0x6ac
V  [libjvm.so+0xe2190f]  JavaCalls::call_virtual(JavaValue*, Klass*, Symbol*, Symbol*, JavaCallArguments*, Thread*)+0x33f
V  [libjvm.so+0xe21b2a]  JavaCalls::call_virtual(JavaValue*, Handle, Klass*, Symbol*, Symbol*, Thread*)+0xca
V  [libjvm.so+0xf67d13]  thread_entry(JavaThread*, Thread*)+0xa3
V  [libjvm.so+0x181b456]  JavaThread::thread_main_inner()+0x226
V  [libjvm.so+0x1820c46]  Thread::call_run()+0xf6
V  [libjvm.so+0x14308fe]  thread_native_entry(Thread*)+0x10e

*Error description* 

The error occurs because JDK-8218628 introduced a safepoint in code that is not GC-safe, i.e., 
keeps oops in local fields not visible to the GC.  The safepoint is encountered in 
the allocation of a Boolean object with value true.
This boolean is used to indicate that some hidden frames were omitted from 
the internal Backtrace data structure.

The internal backtrace data structure consists of an oop array that references some other arrays that 
again point to data needed to build a Java StackTraceElement[] on demand. To extend this data structure
to indicate that a hidden frame was dropped, the basic oop array was extended by one. If no hidden frame
was dropped, the new entry is supposed to be null, else != null. To set it != null, a legal oop is needed. 
It was chosen to allocate a Boolean with value true.

*Solution*

Instead of allocating a new object, an existing object can be used. We just copy one of the other 
oops referenced by the oop array into the field that indicates the hidden frame.

It was discussed to use Boolean::TRUE. This is not easily possible as it is only available if the VM 
is fully initialized, but exceptions can already occur during initialization.
It was discussed to pre-allocate a Boolean and hold it in universe.hpp. This works, but was 
dropped as it adds quite some overhead and pulls the issue out from the BacktraceBuilder into universe.
Comments
The affected tests (eg. compiler/jsr292/NullConstantReceiver.java) now run sucessfully.
05-12-2019
URL: https://hg.openjdk.java.net/jdk/jdk/rev/8c0e8cff877f User: goetz Date: 2019-10-31 21:07:24 +0000
31-10-2019
ILW = HMM = P2
29-10-2019
I'm not on runtime-dev so it's had for me to reply to your RFR, but maybe you could just create a cached true value in java_lang_boxing_object for this purpose during VM init. It doesn't really have to be the TRUE instance. Also it wouldn't hurt to add some comments about the GC unsafety of BacktraceBuilder to warn the next person.
29-10-2019
Find a possible fix here: http://mail.openjdk.java.net/pipermail/hotspot-runtime-dev/2019-October/036653.html
29-10-2019
The fix for JDK-8218628 introduced a GC safepoint in the middle of GC unsafe code. The fields of BacktraceBuilder aren't GC safe in the interests of speed and allocating a new boxing object in the middle of that code is likely to lead to corrupt oop references. Additionally allocating a new box object for true seems very inefficient. Why not simply cache a reference to Boolean.TRUE in java_lang_boxing_object?
28-10-2019