RFR (XS) 8047212: fix race between ObjectMonitor alloc and verification code (original) (raw)

Daniel D. Daugherty daniel.daugherty at oracle.com
Wed Oct 21 02:44:26 UTC 2015

On 10/20/15, 8:15 PM, David Holmes wrote:

Quick follow up here then I'll respond to updated webrev ...

Cool. Quick reply to your follow up...

On 21/10/2015 12:51 AM, Daniel D. Daugherty wrote: On 10/20/15, 1:53 AM, David Holmes wrote:

Hi Dan,

Great find in getting to the bottom of this one! Thanks! And thanks for the fast review! Also, welcome back from vacation... hope you had a blast. Thanks - I did! :) On 20/10/2015 1:02 PM, Daniel D. Daugherty wrote: Greetings,

I have a fix for a long standing race between the lock-free ObjectMonitor verification code and the normal (locked) ObjectMonitor block allocation code path. For this fix, I would like at least a Runtime team reviewer and a Serviceability team reviewer. Thanks! JDK-8047212 runtime/ParallelClassLoading/bootstrap/random/inner-complex assert(ObjectSynchronizer::verifyobjmonisinpool(inf)) failed: monitor is invalid https://bugs.openjdk.java.net/browse/JDK-8047212 Webrev URL: http://cr.openjdk.java.net/~dcubed/8047212-webrev/0-jdk9-hs-rt/ src/share/vm/runtime/synchronizer.cpp I would have just used OrderAccess::storeStore() as per my comment in the CR. Saw your comment, but I already had the current fix in my stress testing cycle so I went with it... I could use OrderAccess::storestore(), but I think I'm more fond of "OrderAccess::releasestoreptr(&gBlockList, temp)". To me the semantics are more clear: release previous stores before storing a new value in this variable I think OrderAccess::releasestoreptr() is also a little less heavyweight than OrderAccess::storestore(), but I'd have to re-read everything in orderAccess.?pp to nail that down for sure. But as Carsten says a "release" should be paired with an "acquire". Which suggests that in the other code that reads these variables we also need either the loadacquire() or a loadLoad() (if using storeStore()).** Yes, Carsten is right and I was modeling after other ObjectMonitor code that doesn't do this quite right. I'll fix this to use loadacquire().

** This symmetry is largely missing in our lock-free code, and I think we've been relying on "volatile" to act as a compiler barrier. :( Hey it seems to work! (famous last words) Well we're gradually getting around to cleaning it up. :)

One bug at a time... :-)

src/share/vm/runtime/vmStructs.cpp Can you not just define volatilestaticfield? Yes, I went that way originally and then I changed my mind to avoid colliding with the other format. See below.

Why does the ptr aspect need to come into it? Also "static pointer volatile field" sounds really odd, it is a static, volatile field that happens to be a pointer-type. It's meant to be odd because it follows the actual decl: static ObjectMonitor * volatile gBlockList; So "static pointer volatile field" is exactly what I have: static ObjectMonitor * volatile gBlockList; => (static ObjectMonitor *) volatile gBlockList; i.e. I have a static ObjectMonitor pointer that is volatile Compared to these two forms: static volatile ObjectMonitor * gBlockList; static ObjectMonitor volatile * gBlockList; => static (volatile ObjectMonitor) * gBlockList; => static (ObjectMonitor volatile) * gBlockList; i.e. I have a static pointer to a volatile ObjectMonitor. Hopefully, this makes my reasons a bit more clear... Not really :) Yes there is a difference between a "volatile pointer to Foo" and "pointer to a volatile Foo", but for the sake of vmstructs we don't really seem to need to care about that. The two questions are: - is the field/variable static - is the field/variable volatile

I'll have to politely disagree:

Here's the existing volatile non-static macro:

2743 // This macro checks the type of a volatile VMStructEntry by comparing pointer types 2744 #define CHECK_VOLATILE_NONSTATIC_VM_STRUCT_ENTRY(typeName, fieldName, type)
2745 {typedef type dummyvtype; typeName dummyObj = NULL; volatile dummyvtype dummy = &dummyObj->fieldName; }

And here's the new static pointer volatile macro:

2751 // This macro checks the type of a static pointer volatile VMStructEntry by comparing pointer types, 2752 // e.g.: "static ObjectMonitor * volatile gBlockList;" 2753 #define CHECK_STATIC_PTR_VOLATILE_VM_STRUCT_ENTRY(typeName, fieldName, type)
2754 {type volatile * dummy = &typeName::fieldName; }

Yes, the variable assignments are different because we have static versus a non-static situation, but what's more important is where the "volatile" is positioned.

In the existing volatile non-static macro, the volatile piece is:

 volatile dummyvtype* dummy = &dummyObj->fieldName;

and in the new static pointer volatile macro, the volatile piece is:

 type volatile * dummy = &typeName::fieldName;

So the CHECK_VOLATILE_NONSTATIC_XXX macro has the "volatile" before the data type... and the CHECK_STATIC_PTR_VOLATILE_XXX macro has the "volatile" after the data type...

Dan

Cheers, David

Dan

Thanks, David Testing: Aurora Adhoc RT-SVC nightly batch 4 inner-complex fastdebug parallel runs for 4+ days and 600K iterations without seeing this failure; the experiment is still running; final results to be reported at the end of the review cycle JPRT -testset hotspot This fix: - makes ObjectMonitor::gBlockList volatile - uses "OrderAccess::releasestoreptr(&gBlockList, temp)" to make sure the new block updates happen before gBlockList is changed to refer to the new block - add SA support for a "static pointer volatile" field like: static ObjectMonitor * volatile gBlockList; See the following link for a nice description of what "volatile" means in the different positions on a variable/parameter decl line: http://www.embedded.com/electronics-blogs/beginner-s-corner/4023801/Introduction-to-the-Volatile-Keyword

Thanks, in advance, for any comments, questions or suggestions. Dan

More information about the hotspot-runtime-dev mailing list