Bug ID: JDK-8324050 Issue store-store barrier after re-materializing objects during deoptimization

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 17	JDK 21	JDK 22	JDK 23
17.0.12-oracleFixed	21.0.3Fixed	22.0.1Fixed	23 b07Fixed

In JDK-8322854 comments [~jrose] wrote:

The JIT might scalar-replace a string, but then generate it onto the heap. (This is for deoptimization, recovery from an uncommon event, previously speculated against.) In that case the JIT generates the string object not by executing code but interpreting debug-info. If that generation process failed to issue a store-store barrier, on a CPU that needed it, and there was no other store-store barrier issued (during the course of deoptimization), then conceivably you might get a race.

I agree. Consider next case where object escapes after deoptimization:

public class Test {
     int _i;
    public static Test _t; // Externally visible static field

    public Test(int i) { _i = i; }

    void test(int i) {
         Test t = new Test(i);
         if (i == foo()) {
            // Rare case so C2 generates uncommon trap.
            // Object 't' does not escape from EA POV since
            // it is referenced only by uncommon trap.
            // It will escape after deoptimization.
            Test::_t = t;
         }
   }
}

A pull request was submitted for review. URL: https://git.openjdk.org/jdk17u-dev/pull/2172 Date: 2024-01-24 09:12:48 +0000
24-01-2024
[jdk17u-fix-request] Approval Request from Aleksey Shipilëv Semi-clean (copyright years conflict) backport to improve deopt reliability. Adds the barrier on uncommonly used path. The functional and performance risk is low.
24-01-2024
[jdk22u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to improve deopt reliability. Adds the barrier on uncommonly used path. The functional and performance risk is low.
23-01-2024
[jdk21u-fix-request] Approval Request from Aleksey Shipilëv Clean backport to improve deopt reliability. Adds the barrier on uncommonly used path. The functional and performance risk is low.
23-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk21u-dev/pull/211 Date: 2024-01-23 10:03:29 +0000
23-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk22u/pull/28 Date: 2024-01-23 10:00:53 +0000
23-01-2024
Changeset: 52523d33 Author: Vladimir Kozlov <kvn@openjdk.org> Date: 2024-01-22 22:50:32 +0000 URL: https://git.openjdk.org/jdk/commit/52523d33dde797bf03b15a05bb227b19b22c06be
22-01-2024
A pull request was submitted for review. URL: https://git.openjdk.org/jdk/pull/17503 Date: 2024-01-19 22:00:15 +0000
19-01-2024
ILW = Missing barrier after object re-materialization during deopt, never observed, no workaround but disable scalar replacement = HLM = P3
18-01-2024
Note, I think it is "almost" impossible to hit this issue because there is a lot of VM's runtime code between the code which rematerialize an object during deoptimization and a code in Interpreter which is executed after deoptimization and which may execute a store instruction that makes the object accessible by other threads. Because of that I can't create a test which may trigger the issue and added `noreg-hard` label. JDK-8322854 has regression tests which trigger access to re-materialized object from other threads. But that issue is different - incorrect object re-materialization.
17-01-2024
We should add OrderAccess::storestore(); after we re-assigned fields values to re-allocated objects. I think we need it there and not after reallocation because at BCI we are returning to these fields have these values.
17-01-2024