Missing store barrier with OptimizeStringConcat
axel.siebenborn at sap.com
Fri Sep 27 05:46:21 PDT 2013
I investigated several sporadic crashes during GC with stale oops. In each of the cases, the wrong oop is the value field of String objects. While the String object is in old generation, the oop of the value field points to an unused area of the young generation.
The crashes occur with -XX:-ReduceInitialCardMarks and -XX:+OptimizeStringConcat.
I noticed, that the oop of the char array is written to the String object without GC store barriers.
This is not a problem in most cases, as both objects are just allocated. However, it may happen that the String object is allocated via the runtime call on the slow path. During a GC at the end of the runtime call, the String object can be promoted to old gen, whereas the char array remains in the young gen. In this case the missing barrier is a problem for the next YoungGC, because the old-to-young oop will be neither scanned nor updated.
(With ReduceInitialCardMarks enabled, the missing store barriers are handled at the end of the runtime call.)
I created a webrev with a possible fix:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the hotspot-compiler-dev