RFR(S): 8156760: VM crashes if -XX:-ReduceInitialCardMarks is set
tobias.hartmann at oracle.com
Mon May 23 09:25:19 UTC 2016
please review the following patch:
While working on JDK-8155643, I found several problems when running tests with -XX:-ReduceInitialCardMarks:
C2 crashes with "missing G1 post barrier" while trying to eliminate the card mark emitted by the Object.clone() intrinsic (after removing the allocation of the destination object) . The problem is that the shape of the card mark code is different for the Object.clone() intrinsic because we don't emit any checks (see ). However, PhaseMacroExpand::eliminate_card_mark() tries to find and collapse a region check. Usually, this is not a problem because with ReduceInitialCardMarks we don't emit a post barrier for Object.clone().
The VM crashes during GC verification in G1SATBCardTableModRefBS::verify_g1_young_region() with "there should not have been any failures" because we expect cards for the young generation to be always set to 'g1_young_gen' :
[1.478s][error][gc,verify] == CT verification failed: [0x00007f097c167800,0x00007f097c167fff]
[1.478s][error][gc,verify] == expecting value: 32
[1.478s][error][gc,verify] == card 0x00007f097c167800 [0x00000006d8900000,0x00000006d8900200], val: 0
[1.478s][error][gc,verify] == card 0x00007f097c167801 [0x00000006d8900200,0x00000006d8900400], val: 0
With !ReduceInitialCardMarks, the Object.clone() intrinsic emits card marks that set the cards of the newly allocated destination object to 'dirty' (!= 'g1_young_gen') and thus causing the verification to fail.
I fixed problems 1 and 2 by removing the card marking code for the Object.clone() intrinsic with G1. This should be fine because the destination object is always in Eden and we therefore don't need to mark the cards.
C2 crashes with SIGSEGV in ArrayCopyNode::prepare_array_copy() because we expect an array clone/copy and dereference 'src_type->isa_aryptr()' but actually have a non-array Object.clone() . This is because with !ReduceInitialCardMarks, ArrayCopyNode::try_clone_instance() does not capture the Object.clone() intrinsic because we emit card marking code (we bail out in 'ArrayCopyNode::finish_transform()'). We continue assuming that the array copy is a non-instance copy. I added an additional check to bail out in this case.
I changed 'TestInstanceCloneAsLoadsStores' to be also executed with -XX:-ReduceInitialCardMarks. This triggers problem 1 and 2. Problem 3 can be reproduced by running the modified test with XX:+UseConcMarkSweepGC.
Tested with failing tests, JPRT and RBT (running).
More information about the hotspot-dev