Bug ID: JDK-8235324 Dying objects are published from users of CollectedHeap::object

JDK-8235324 : Dying objects are published from users of CollectedHeap::object_iterate

Type: Bug
Component: hotspot
Sub-Component: gc
Affected Version: 8,11,14

Priority: P2
Status: Closed
Resolution: Fixed

Submitted: 2019-12-04
Updated: 2021-03-17
Resolved: 2019-12-09

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 11	JDK 14
11.0.11Fixed	14 b27Fixed

Related Reports

Blocks :	JDK-8234508 - VM_HeapWalkOperation::iterate_over_object reads non-strong fields with an on-strong load barrier
Duplicate :	JDK-8233434 - ZGC: ZHeapIterator ran into something dead
Relates :	JDK-8237369 - Shenandoah: failed vmTestbase/nsk/jvmti/AttachOnDemand/attach021/TestDescription.java test
Relates :	JDK-8235305 - Corrupted oops embedded in nmethods due to parallel modification during optional evacuation

Description

Caution needs to be taken when CollectedHeap::object_iterate is used. It may:
- Return non-reachable objects - for example, when G1 walks the prev bitmap
- Return the Reference.referent without an appropriate resurrection barrier
- Return an object loaded without a "strong"/"marking" barrier

These objects should not escape the confines of the active safepoint that calls object_iterate. If they do we run the risk of various crashes when the objects get garbage collected.

Unfortunately, there are a few closures that do this. The once we have identified are:
- HeapInspection::find_instances_at_safepoint
- JVMTI object tagging

There might be some merit to solving this by altering the object_iterate API, but for now we'd like to fix the two problematic areas listed above. The suggestion is to introduce a CollectedHeap::keep_alive function that notifies the GC that the object should be kept alive the current GC cycle (if active).

Comments

Fix Request (11u) This resolves the GC bug that is able to crash the VM under heap inspection. Patch does not apply to 11u cleanly due to simple conflicts. Needs JDK-8237369 to be backported to unbreak Shenandoah. 11u RFR (acked by Stefan): https://mail.openjdk.java.net/pipermail/jdk-updates-dev/2021-February/004847.html Passes tier{1,2,3} with {G1, Shenandoah, ZGC, Parallel}, vmTestbase_nsk_jvmti with {G1, Shenandoah, ZGC, Parallel}.
04-02-2021
Tests from bug reports don't fail anymore.
31-01-2020
URL: https://hg.openjdk.java.net/jdk/jdk/rev/35d8d9b65744 User: stefank Date: 2019-12-09 21:11:18 +0000
09-12-2019
Set to P2 to reflect priority from duplicated bugs.
04-12-2019
Out for review on hotspot-gc-dev
04-12-2019