JDK-7028374 : race in fix_oop_relocations for scavengeable nmethods
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: hs21
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: x86
  • Submitted: 2011-03-16
  • Updated: 2011-04-24
  • Resolved: 2011-04-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 Other
7Fixed hs21Fixed
Related Reports
Relates :  
JDK-7017732 - move static fields into Class to prepare for perm gen removal
Relates :  
JDK-6962931 - move interned strings out of the perm gen
Relates :  
JDK-6863023 - need non-perm oops in code cache for JSR 292
Description
I was getting ready to finish my statics fields in Class changes when I hit a failure with jbb and CMS.  I've tracked it down to a race in the machinery for updating oop relocations and the logic for making sure that a scavengable nmethod is only scanned once.  During a scavenge an nmethod can be reached for scanning in two different ways, either as a live activation on some thread stack or during the scan of scavengeable nmethods.  The scan of scavengeable nmethods does two things though.  It does the oops_do for the nmethod and then it calls fix_oop_relocations to update the generated code to match the new oop values.  The problem is that the scan of the thread stacks and the scan of the scavengable nmethods are performed concurrently so the stack scanning thread might claim the nmethod first but actually scan the nmethod after the call to fix_oop_relocations in the other thread, leaving the oops valid but the code stale.

I think the logical place to move the fix_oop_relocations call is into nmethod::oops_do_marking_epilogue.  Does this seem reasonable to anyone who understands the new nmethod scavenge code better than I do?  It seems to work fine.
Comments
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/d673ef06fe96
25-03-2011
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/d673ef06fe96
25-03-2011
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot/hotspot/rev/d673ef06fe96
25-03-2011
EVALUATION 7028374: race in fix_oop_relocations for scavengeable nmethods Reviewed-by: kvn In ScavengeRootsInCode mode oops could sometimes be udpated after their relocations had been updated, resulting in stale oops in generated code. The fix is to move the rewriting of the relocations to the epilogue part of the scavenge nmethods logic. I also added verification of the CodeCache which would have detected this problem immediately. The statics in Class changes will be laid on top of these changes. Tested with statics changes with jbb.
22-03-2011
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/d673ef06fe96
19-03-2011
EVALUATION the description is correct.
16-03-2011