JDK-8264393 : JDK-8258284 introduced dangling TLH race
  • Type: Bug
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 17
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2021-03-29
  • Updated: 2021-04-08
  • Resolved: 2021-04-03
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 17
17 b17Fixed
Related Reports
Relates :  
JDK-8262881 - port JVM/DI tests from JDK-4413752 to JVM/TI
Relates :  
JDK-8257831 - Suspend with handshakes
Relates :  
JDK-8258284 - clean up issues with nested ThreadsListHandles
Description
I ported some 20 year old tests using JDK-8262881 in order to help
test [~rehn]'s fix for JDK-8257831. These tests in combination with
one piece of the fix from JDK-8257831 revealed a bug in my fix for
JDK-8258284 from back in Dec 2020.

The race revealed by the ported tests from JDK-8262881 happens
only with nested ThreadsListHandles. When TLH2 is destroyed, the
thread updates its threads_hazard_ptr from the TLH2-list to the
TLH1-list; I made this change back in 2020.12 using JDK-8258284.
The threads_hazard_ptr can be observed by a thread calling
ThreadsSMRSupport::free_list() as a stable ThreadsList at the same
time as the TLH1 destructor is decrementing the nested_handle_cnt
that permits the ThreadsList to be freed. So the thread calling
ThreadsSMRSupport::free_list() thinks it has a stable hazard ptr
(TLH1-list), but that hazard ptr can be freed and causes lots of
confusion.
Comments
Changeset: f259eeaf Author: Daniel D. Daugherty <dcubed@openjdk.org> Date: 2021-04-03 19:06:34 +0000 URL: https://git.openjdk.java.net/jdk/commit/f259eeaf
03-04-2021
Wow, those ASCII art diagrams got seriously munged. Attaching as analysis.ThreadsList.for_JBS instead.
29-03-2021