Wed, 02 Nov 2011 08:04:23 +0100
7106751: G1: gc/gctests/nativeGC03 crashes VM with SIGSEGV
Summary: _cset_rs_update_cl[] was indexed with values beyond what it is set up to handle.
Reviewed-by: ysr, jmasa, johnc
tonyp@2968 | 1 | /* |
tonyp@2968 | 2 | * Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. |
tonyp@2968 | 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
tonyp@2968 | 4 | * |
tonyp@2968 | 5 | * This code is free software; you can redistribute it and/or modify it |
tonyp@2968 | 6 | * under the terms of the GNU General Public License version 2 only, as |
tonyp@2968 | 7 | * published by the Free Software Foundation. |
tonyp@2968 | 8 | * |
tonyp@2968 | 9 | * This code is distributed in the hope that it will be useful, but WITHOUT |
tonyp@2968 | 10 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
tonyp@2968 | 11 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
tonyp@2968 | 12 | * version 2 for more details (a copy is included in the LICENSE file that |
tonyp@2968 | 13 | * accompanied this code). |
tonyp@2968 | 14 | * |
tonyp@2968 | 15 | * You should have received a copy of the GNU General Public License version |
tonyp@2968 | 16 | * 2 along with this work; if not, write to the Free Software Foundation, |
tonyp@2968 | 17 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
tonyp@2968 | 18 | * |
tonyp@2968 | 19 | * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
tonyp@2968 | 20 | * or visit www.oracle.com if you need additional information or have any |
tonyp@2968 | 21 | * questions. |
tonyp@2968 | 22 | * |
tonyp@2968 | 23 | */ |
tonyp@2968 | 24 | |
tonyp@2968 | 25 | #ifndef SHARE_VM_GC_IMPLEMENTATION_G1_CONCURRENTMARK_INLINE_HPP |
tonyp@2968 | 26 | #define SHARE_VM_GC_IMPLEMENTATION_G1_CONCURRENTMARK_INLINE_HPP |
tonyp@2968 | 27 | |
tonyp@2968 | 28 | #include "gc_implementation/g1/concurrentMark.hpp" |
tonyp@2968 | 29 | #include "gc_implementation/g1/g1CollectedHeap.inline.hpp" |
tonyp@2968 | 30 | |
tonyp@2968 | 31 | inline void CMTask::push(oop obj) { |
tonyp@2968 | 32 | HeapWord* objAddr = (HeapWord*) obj; |
tonyp@2968 | 33 | assert(_g1h->is_in_g1_reserved(objAddr), "invariant"); |
tonyp@2968 | 34 | assert(!_g1h->is_on_master_free_list( |
tonyp@2968 | 35 | _g1h->heap_region_containing((HeapWord*) objAddr)), "invariant"); |
tonyp@2968 | 36 | assert(!_g1h->is_obj_ill(obj), "invariant"); |
tonyp@2968 | 37 | assert(_nextMarkBitMap->isMarked(objAddr), "invariant"); |
tonyp@2968 | 38 | |
tonyp@2968 | 39 | if (_cm->verbose_high()) { |
tonyp@2968 | 40 | gclog_or_tty->print_cr("[%d] pushing "PTR_FORMAT, _task_id, (void*) obj); |
tonyp@2968 | 41 | } |
tonyp@2968 | 42 | |
tonyp@2968 | 43 | if (!_task_queue->push(obj)) { |
tonyp@2968 | 44 | // The local task queue looks full. We need to push some entries |
tonyp@2968 | 45 | // to the global stack. |
tonyp@2968 | 46 | |
tonyp@2968 | 47 | if (_cm->verbose_medium()) { |
tonyp@2968 | 48 | gclog_or_tty->print_cr("[%d] task queue overflow, " |
tonyp@2968 | 49 | "moving entries to the global stack", |
tonyp@2968 | 50 | _task_id); |
tonyp@2968 | 51 | } |
tonyp@2968 | 52 | move_entries_to_global_stack(); |
tonyp@2968 | 53 | |
tonyp@2968 | 54 | // this should succeed since, even if we overflow the global |
tonyp@2968 | 55 | // stack, we should have definitely removed some entries from the |
tonyp@2968 | 56 | // local queue. So, there must be space on it. |
tonyp@2968 | 57 | bool success = _task_queue->push(obj); |
tonyp@2968 | 58 | assert(success, "invariant"); |
tonyp@2968 | 59 | } |
tonyp@2968 | 60 | |
tonyp@2968 | 61 | statsOnly( int tmp_size = _task_queue->size(); |
tonyp@2973 | 62 | if (tmp_size > _local_max_size) { |
tonyp@2968 | 63 | _local_max_size = tmp_size; |
tonyp@2973 | 64 | } |
tonyp@2968 | 65 | ++_local_pushes ); |
tonyp@2968 | 66 | } |
tonyp@2968 | 67 | |
tonyp@2968 | 68 | // This determines whether the method below will check both the local |
tonyp@2968 | 69 | // and global fingers when determining whether to push on the stack a |
tonyp@2968 | 70 | // gray object (value 1) or whether it will only check the global one |
tonyp@2968 | 71 | // (value 0). The tradeoffs are that the former will be a bit more |
tonyp@2968 | 72 | // accurate and possibly push less on the stack, but it might also be |
tonyp@2968 | 73 | // a little bit slower. |
tonyp@2968 | 74 | |
tonyp@2968 | 75 | #define _CHECK_BOTH_FINGERS_ 1 |
tonyp@2968 | 76 | |
tonyp@2968 | 77 | inline void CMTask::deal_with_reference(oop obj) { |
tonyp@2968 | 78 | if (_cm->verbose_high()) { |
tonyp@2968 | 79 | gclog_or_tty->print_cr("[%d] we're dealing with reference = "PTR_FORMAT, |
tonyp@2968 | 80 | _task_id, (void*) obj); |
tonyp@2968 | 81 | } |
tonyp@2968 | 82 | |
tonyp@2968 | 83 | ++_refs_reached; |
tonyp@2968 | 84 | |
tonyp@2968 | 85 | HeapWord* objAddr = (HeapWord*) obj; |
tonyp@2968 | 86 | assert(obj->is_oop_or_null(true /* ignore mark word */), "Error"); |
tonyp@2968 | 87 | if (_g1h->is_in_g1_reserved(objAddr)) { |
tonyp@2968 | 88 | assert(obj != NULL, "null check is implicit"); |
tonyp@2968 | 89 | if (!_nextMarkBitMap->isMarked(objAddr)) { |
tonyp@2968 | 90 | // Only get the containing region if the object is not marked on the |
tonyp@2968 | 91 | // bitmap (otherwise, it's a waste of time since we won't do |
tonyp@2968 | 92 | // anything with it). |
tonyp@2968 | 93 | HeapRegion* hr = _g1h->heap_region_containing_raw(obj); |
tonyp@2968 | 94 | if (!hr->obj_allocated_since_next_marking(obj)) { |
tonyp@2968 | 95 | if (_cm->verbose_high()) { |
tonyp@2968 | 96 | gclog_or_tty->print_cr("[%d] "PTR_FORMAT" is not considered marked", |
tonyp@2968 | 97 | _task_id, (void*) obj); |
tonyp@2968 | 98 | } |
tonyp@2968 | 99 | |
tonyp@2968 | 100 | // we need to mark it first |
tonyp@2968 | 101 | if (_nextMarkBitMap->parMark(objAddr)) { |
tonyp@2968 | 102 | // No OrderAccess:store_load() is needed. It is implicit in the |
tonyp@2968 | 103 | // CAS done in parMark(objAddr) above |
tonyp@2968 | 104 | HeapWord* global_finger = _cm->finger(); |
tonyp@2968 | 105 | |
tonyp@2968 | 106 | #if _CHECK_BOTH_FINGERS_ |
tonyp@2968 | 107 | // we will check both the local and global fingers |
tonyp@2968 | 108 | |
tonyp@2968 | 109 | if (_finger != NULL && objAddr < _finger) { |
tonyp@2968 | 110 | if (_cm->verbose_high()) { |
tonyp@2968 | 111 | gclog_or_tty->print_cr("[%d] below the local finger ("PTR_FORMAT"), " |
tonyp@2968 | 112 | "pushing it", _task_id, _finger); |
tonyp@2968 | 113 | } |
tonyp@2968 | 114 | push(obj); |
tonyp@2968 | 115 | } else if (_curr_region != NULL && objAddr < _region_limit) { |
tonyp@2968 | 116 | // do nothing |
tonyp@2968 | 117 | } else if (objAddr < global_finger) { |
tonyp@2968 | 118 | // Notice that the global finger might be moving forward |
tonyp@2968 | 119 | // concurrently. This is not a problem. In the worst case, we |
tonyp@2968 | 120 | // mark the object while it is above the global finger and, by |
tonyp@2968 | 121 | // the time we read the global finger, it has moved forward |
tonyp@2968 | 122 | // passed this object. In this case, the object will probably |
tonyp@2968 | 123 | // be visited when a task is scanning the region and will also |
tonyp@2968 | 124 | // be pushed on the stack. So, some duplicate work, but no |
tonyp@2968 | 125 | // correctness problems. |
tonyp@2968 | 126 | |
tonyp@2968 | 127 | if (_cm->verbose_high()) { |
tonyp@2968 | 128 | gclog_or_tty->print_cr("[%d] below the global finger " |
tonyp@2968 | 129 | "("PTR_FORMAT"), pushing it", |
tonyp@2968 | 130 | _task_id, global_finger); |
tonyp@2968 | 131 | } |
tonyp@2968 | 132 | push(obj); |
tonyp@2968 | 133 | } else { |
tonyp@2968 | 134 | // do nothing |
tonyp@2968 | 135 | } |
tonyp@2968 | 136 | #else // _CHECK_BOTH_FINGERS_ |
tonyp@2968 | 137 | // we will only check the global finger |
tonyp@2968 | 138 | |
tonyp@2968 | 139 | if (objAddr < global_finger) { |
tonyp@2968 | 140 | // see long comment above |
tonyp@2968 | 141 | |
tonyp@2968 | 142 | if (_cm->verbose_high()) { |
tonyp@2968 | 143 | gclog_or_tty->print_cr("[%d] below the global finger " |
tonyp@2968 | 144 | "("PTR_FORMAT"), pushing it", |
tonyp@2968 | 145 | _task_id, global_finger); |
tonyp@2968 | 146 | } |
tonyp@2968 | 147 | push(obj); |
tonyp@2968 | 148 | } |
tonyp@2968 | 149 | #endif // _CHECK_BOTH_FINGERS_ |
tonyp@2968 | 150 | } |
tonyp@2968 | 151 | } |
tonyp@2968 | 152 | } |
tonyp@2968 | 153 | } |
tonyp@2968 | 154 | } |
tonyp@2968 | 155 | |
tonyp@2968 | 156 | #endif // SHARE_VM_GC_IMPLEMENTATION_G1_CONCURRENTMARK_INLINE_HPP |