Preliminary review for 8028107: Kitchensink crashed with EAV

Vladimir Kozlov vladimir.kozlov at
Wed Nov 27 17:51:28 PST 2013

It is very rare case. Last time it was 1 year ago:

nmethod unloading (nmethod::make_unloaded()) happens only during 
safepoint when it contains pointers (embedded or in oop map, relocation 
info) to dead java objects (see nmethod::can_unload()).

It can only happens when a nmethod is NOT on call stack. GCs have path 
over nmethods on stack and they are treated as strong roots. Igor and I 
looked on GC code and verified it.

I instrumented nmethod::make_unloaded() to see if we may unloading 
nmethods on stack and ran kitchensink for few day. No failures.

The only place left is compiled inline caches. We DO clean up them at 
the end of safepoint if unloading happens:

   if (is_in_use()) {
     // Transitioning directly from live to unloaded -- so
     // we need to force a cache clean-up; remember this
     // for later on.

But there is only place where we may create new compiledIC after 
safepoint when we are resolving call from compiled code: 

In this method we record nmethod in local var:

   CompiledICInfo virtual_call_info;

     CompiledIC::compute_monomorphic_entry(callee_method, h_klass,
                      is_optimized, static_bound, virtual_call_info,

then we take a lock (which is safepoint):

   // grab lock, check for deoptimization and potentially patch caller
     MutexLocker ml_patch(CompiledIC_lock);

and then create compiledIC based on info in CompiledICInfo:

         CompiledIC* inline_cache = CompiledIC_before(caller_nm, 
         if (inline_cache->is_clean()) {

at this point nmethod could be unloaded already during above 
lock/safepoint. But call site is patched and will be used to call this 

Note, we can't compute entry point under the same lock because:

   // Compute entry points. This might require generation of C2I converter
   // frames, so we cannot be holding any locks here. Furthermore, the
   // computation of the entry points is independent of patching the call.

Please, comment or find any flaws in my logic. The bug is impossible to 

I am suggesting next fix.

@@ -1258,12 +1258,14 @@

      // Now that we are ready to patch if the Method* was redefined then
      // don't update call site and let the caller retry.
-    if (!callee_method->is_old()) {
+    // Don't update call site if nmethod was unloaded during safepoint
+    // which may happened during locking above.
+    if (!callee_method->is_old() && (callee_method->code() == callee_nm)) {
  #ifdef ASSERT
        // We must not try to patch to jump to an already unloaded method.
        if (dest_entry_point != 0) {
-        assert(CodeCache::find_blob(dest_entry_point) != NULL,
+        CodeBlob* cb = CodeCache::find_blob(dest_entry_point);
+        assert((cb != NULL) && cb->is_nmethod() && 
                 "should not unload nmethod while locked");


More information about the hotspot-compiler-dev mailing list