review for 7157141: crash in 64 bit with corrupted oops

Tom Rodriguez tom.rodriguez at
Tue Mar 27 21:32:03 PDT 2012
39 lines changed: 18 ins; 19 del; 2 mod; 24524 unchg

7157141: crash in 64 bit with corrupted oops

The fix for 6964776 introduced a new match pattern for cases where the
polling page is far from the code cache and must be materialized as a
64 bit value.  In the very rare case that the byte_map_base for the
card table and the polling page end up at the same address it's
possible for this code to incorrectly trigger when emitting card mark
code, resulting in incorrect card marks.  It requires a bit of a
confluence of events since the OS has to hand out unlucky values for
the card table and polling page and C2 has to emits the unlucky
sequence as well.  Changing the heap size would cause those values to
change and the problem to disappear. -XX:+VerifyRememberedSets finds
the issue fairly quickly.  The issue is new in JDK7/hs21 and only
occurs on x64.  The simplest fix is to simply remove the special
handling of immP_poll and allow the poll page to be handled just like
any other constant when it can't be handled as a RIP relative value.
Tested with failing program from original report and runthese with and
without -XX:+ForceUnreachable to exercise the new path.

I also added some code to dump the card table space, byte_map_base and
polling page in the hs_err.  The output looks like this:

PSYoungGen      total 39424K, used 675K [0xfffffd7fcc000000, 0xfffffd7fcec00000, 0xfffffd7ff6c00000)
  eden space 33792K, 2% used [0xfffffd7fcc000000,0xfffffd7fcc0a8fc8,0xfffffd7fce100000)
  from space 5632K, 0% used [0xfffffd7fce680000,0xfffffd7fce680000,0xfffffd7fcec00000)
  to   space 5632K, 0% used [0xfffffd7fce100000,0xfffffd7fce100000,0xfffffd7fce680000)
ParOldGen       total 86016K, used 0K [0xfffffd7f76c00000, 0xfffffd7f7c000000, 0xfffffd7fcc000000)
  object space 86016K, 0% used [0xfffffd7f76c00000,0xfffffd7f76c00000,0xfffffd7f7c000000)
PSPermGen       total 22528K, used 2754K [0xfffffd7f71a00000, 0xfffffd7f73000000, 0xfffffd7f76c00000)
  object space 22528K, 12% used [0xfffffd7f71a00000,0xfffffd7f71cb0b38,0xfffffd7f73000000)

Card table byte_map: 0xfffffd7f71200000,0xfffffd7f7162a000 byte_map_base: 0xff7ffd80b1673000

Polling page: 0xfffffd7fff170000

More information about the hotspot-compiler-dev mailing list