Mercurial > jdk8-mips64-public > hotspot / file revision
src/share/vm/memory/gcLocker.hpp@2c022e432e10
src/share/vm/memory/gcLocker.hpp
Fri, 20 Sep 2013 10:53:28 +0200
- author
- stefank
- date
- Fri, 20 Sep 2013 10:53:28 +0200
- changeset 5769
- 2c022e432e10
- parent 4299
- f34d701e952e
- child 6198
- 55fb97c4c58d
- permissions
- -rw-r--r--
8024974: Incorrect use of GC_locker::is_active()
Summary: SymbolTable and StringTable can make calls to GC_locker::is_active() outside a safepoint. This isn't safe because the GC_locker active state (lock count) is only updated at a safepoint and only remains valid as long as _needs_gc is true. However, outside a safepoint_needs_gc can change to false at any time, which makes it impossible to do a correct call to is_active() in that context. In this case these calls can just be removed since the input argument to basic_add() should never be on the heap and so there's no need to check the GC_locker state. This change also adjusts the assert() in is_active() to makes sure all calls to this function are always done under a safepoint.
Reviewed-by: brutisso, dcubed
Contributed-by: per.liden@oracle.com
1 /*
2 * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
25 #ifndef SHARE_VM_MEMORY_GCLOCKER_HPP
26 #define SHARE_VM_MEMORY_GCLOCKER_HPP
28 #include "gc_interface/collectedHeap.hpp"
29 #include "memory/genCollectedHeap.hpp"
30 #include "memory/universe.hpp"
31 #include "oops/oop.hpp"
32 #include "runtime/thread.inline.hpp"
33 #ifdef TARGET_OS_FAMILY_linux
34 # include "os_linux.inline.hpp"
35 #endif
36 #ifdef TARGET_OS_FAMILY_solaris
37 # include "os_solaris.inline.hpp"
38 #endif
39 #ifdef TARGET_OS_FAMILY_windows
40 # include "os_windows.inline.hpp"
41 #endif
42 #ifdef TARGET_OS_FAMILY_bsd
43 # include "os_bsd.inline.hpp"
44 #endif
46 // The direct lock/unlock calls do not force a collection if an unlock
47 // decrements the count to zero. Avoid calling these if at all possible.
49 class GC_locker: public AllStatic {
50 private:
51 // The _jni_lock_count keeps track of the number of threads that are
52 // currently in a critical region. It's only kept up to date when
53 // _needs_gc is true. The current value is computed during
54 // safepointing and decremented during the slow path of GC_locker
55 // unlocking.
56 static volatile jint _jni_lock_count; // number of jni active instances.
58 static volatile jint _lock_count; // number of other active instances
59 static volatile bool _needs_gc; // heap is filling, we need a GC
60 // note: bool is typedef'd as jint
61 static volatile bool _doing_gc; // unlock_critical() is doing a GC
63 #ifdef ASSERT
64 // This lock count is updated for all operations and is used to
65 // validate the jni_lock_count that is computed during safepoints.
66 static volatile jint _debug_jni_lock_count;
67 #endif
69 // Accessors
70 static bool is_jni_active() {
71 assert(_needs_gc, "only valid when _needs_gc is set");
72 return _jni_lock_count > 0;
73 }
75 // At a safepoint, visit all threads and count the number of active
76 // critical sections. This is used to ensure that all active
77 // critical sections are exited before a new one is started.
78 static void verify_critical_count() NOT_DEBUG_RETURN;
80 static void jni_lock(JavaThread* thread);
81 static void jni_unlock(JavaThread* thread);
83 static bool is_active_internal() {
84 verify_critical_count();
85 return _lock_count > 0 || _jni_lock_count > 0;
86 }
88 public:
89 // Accessors
90 static bool is_active() {
91 assert(SafepointSynchronize::is_at_safepoint(), "only read at safepoint");
92 return is_active_internal();
93 }
94 static bool needs_gc() { return _needs_gc; }
96 // Shorthand
97 static bool is_active_and_needs_gc() {
98 // Use is_active_internal since _needs_gc can change from true to
99 // false outside of a safepoint, triggering the assert in
100 // is_active.
101 return needs_gc() && is_active_internal();
102 }
104 // In debug mode track the locking state at all times
105 static void increment_debug_jni_lock_count() {
106 #ifdef ASSERT
107 assert(_debug_jni_lock_count >= 0, "bad value");
108 Atomic::inc(&_debug_jni_lock_count);
109 #endif
110 }
111 static void decrement_debug_jni_lock_count() {
112 #ifdef ASSERT
113 assert(_debug_jni_lock_count > 0, "bad value");
114 Atomic::dec(&_debug_jni_lock_count);
115 #endif
116 }
118 // Set the current lock count
119 static void set_jni_lock_count(int count) {
120 _jni_lock_count = count;
121 verify_critical_count();
122 }
124 // Sets _needs_gc if is_active() is true. Returns is_active().
125 static bool check_active_before_gc();
127 // Stalls the caller (who should not be in a jni critical section)
128 // until needs_gc() clears. Note however that needs_gc() may be
129 // set at a subsequent safepoint and/or cleared under the
130 // JNICritical_lock, so the caller may not safely assert upon
131 // return from this method that "!needs_gc()" since that is
132 // not a stable predicate.
133 static void stall_until_clear();
135 // Non-structured GC locking: currently needed for JNI. Use with care!
136 static void lock();
137 static void unlock();
139 // The following two methods are used for JNI critical regions.
140 // If we find that we failed to perform a GC because the GC_locker
141 // was active, arrange for one as soon as possible by allowing
142 // all threads in critical regions to complete, but not allowing
143 // other critical regions to be entered. The reasons for that are:
144 // 1) a GC request won't be starved by overlapping JNI critical
145 // region activities, which can cause unnecessary OutOfMemory errors.
146 // 2) even if allocation requests can still be satisfied before GC locker
147 // becomes inactive, for example, in tenured generation possibly with
148 // heap expansion, those allocations can trigger lots of safepointing
149 // attempts (ineffective GC attempts) and require Heap_lock which
150 // slow down allocations tremendously.
151 //
152 // Note that critical regions can be nested in a single thread, so
153 // we must allow threads already in critical regions to continue.
154 //
155 // JNI critical regions are the only participants in this scheme
156 // because they are, by spec, well bounded while in a critical region.
157 //
158 // Each of the following two method is split into a fast path and a
159 // slow path. JNICritical_lock is only grabbed in the slow path.
160 // _needs_gc is initially false and every java thread will go
161 // through the fast path, which simply increments or decrements the
162 // current thread's critical count. When GC happens at a safepoint,
163 // GC_locker::is_active() is checked. Since there is no safepoint in
164 // the fast path of lock_critical() and unlock_critical(), there is
165 // no race condition between the fast path and GC. After _needs_gc
166 // is set at a safepoint, every thread will go through the slow path
167 // after the safepoint. Since after a safepoint, each of the
168 // following two methods is either entered from the method entry and
169 // falls into the slow path, or is resumed from the safepoints in
170 // the method, which only exist in the slow path. So when _needs_gc
171 // is set, the slow path is always taken, till _needs_gc is cleared.
172 static void lock_critical(JavaThread* thread);
173 static void unlock_critical(JavaThread* thread);
175 static address needs_gc_address() { return (address) &_needs_gc; }
176 };
179 // A No_GC_Verifier object can be placed in methods where one assumes that
180 // no garbage collection will occur. The destructor will verify this property
181 // unless the constructor is called with argument false (not verifygc).
182 //
183 // The check will only be done in debug mode and if verifygc true.
185 class No_GC_Verifier: public StackObj {
186 friend class Pause_No_GC_Verifier;
188 protected:
189 bool _verifygc;
190 unsigned int _old_invocations;
192 public:
193 #ifdef ASSERT
194 No_GC_Verifier(bool verifygc = true);
195 ~No_GC_Verifier();
196 #else
197 No_GC_Verifier(bool verifygc = true) {}
198 ~No_GC_Verifier() {}
199 #endif
200 };
202 // A Pause_No_GC_Verifier is used to temporarily pause the behavior
203 // of a No_GC_Verifier object. If we are not in debug mode or if the
204 // No_GC_Verifier object has a _verifygc value of false, then there
205 // is nothing to do.
207 class Pause_No_GC_Verifier: public StackObj {
208 private:
209 No_GC_Verifier * _ngcv;
211 public:
212 #ifdef ASSERT
213 Pause_No_GC_Verifier(No_GC_Verifier * ngcv);
214 ~Pause_No_GC_Verifier();
215 #else
216 Pause_No_GC_Verifier(No_GC_Verifier * ngcv) {}
217 ~Pause_No_GC_Verifier() {}
218 #endif
219 };
222 // A No_Safepoint_Verifier object will throw an assertion failure if
223 // the current thread passes a possible safepoint while this object is
224 // instantiated. A safepoint, will either be: an oop allocation, blocking
225 // on a Mutex or JavaLock, or executing a VM operation.
226 //
227 // If StrictSafepointChecks is turned off, it degrades into a No_GC_Verifier
228 //
229 class No_Safepoint_Verifier : public No_GC_Verifier {
230 friend class Pause_No_Safepoint_Verifier;
232 private:
233 bool _activated;
234 Thread *_thread;
235 public:
236 #ifdef ASSERT
237 No_Safepoint_Verifier(bool activated = true, bool verifygc = true ) :
238 No_GC_Verifier(verifygc),
239 _activated(activated) {
240 _thread = Thread::current();
241 if (_activated) {
242 _thread->_allow_allocation_count++;
243 _thread->_allow_safepoint_count++;
244 }
245 }
247 ~No_Safepoint_Verifier() {
248 if (_activated) {
249 _thread->_allow_allocation_count--;
250 _thread->_allow_safepoint_count--;
251 }
252 }
253 #else
254 No_Safepoint_Verifier(bool activated = true, bool verifygc = true) : No_GC_Verifier(verifygc){}
255 ~No_Safepoint_Verifier() {}
256 #endif
257 };
259 // A Pause_No_Safepoint_Verifier is used to temporarily pause the
260 // behavior of a No_Safepoint_Verifier object. If we are not in debug
261 // mode then there is nothing to do. If the No_Safepoint_Verifier
262 // object has an _activated value of false, then there is nothing to
263 // do for safepoint and allocation checking, but there may still be
264 // something to do for the underlying No_GC_Verifier object.
266 class Pause_No_Safepoint_Verifier : public Pause_No_GC_Verifier {
267 private:
268 No_Safepoint_Verifier * _nsv;
270 public:
271 #ifdef ASSERT
272 Pause_No_Safepoint_Verifier(No_Safepoint_Verifier * nsv)
273 : Pause_No_GC_Verifier(nsv) {
275 _nsv = nsv;
276 if (_nsv->_activated) {
277 _nsv->_thread->_allow_allocation_count--;
278 _nsv->_thread->_allow_safepoint_count--;
279 }
280 }
282 ~Pause_No_Safepoint_Verifier() {
283 if (_nsv->_activated) {
284 _nsv->_thread->_allow_allocation_count++;
285 _nsv->_thread->_allow_safepoint_count++;
286 }
287 }
288 #else
289 Pause_No_Safepoint_Verifier(No_Safepoint_Verifier * nsv)
290 : Pause_No_GC_Verifier(nsv) {}
291 ~Pause_No_Safepoint_Verifier() {}
292 #endif
293 };
295 // A SkipGCALot object is used to elide the usual effect of gc-a-lot
296 // over a section of execution by a thread. Currently, it's used only to
297 // prevent re-entrant calls to GC.
298 class SkipGCALot : public StackObj {
299 private:
300 bool _saved;
301 Thread* _t;
303 public:
304 #ifdef ASSERT
305 SkipGCALot(Thread* t) : _t(t) {
306 _saved = _t->skip_gcalot();
307 _t->set_skip_gcalot(true);
308 }
310 ~SkipGCALot() {
311 assert(_t->skip_gcalot(), "Save-restore protocol invariant");
312 _t->set_skip_gcalot(_saved);
313 }
314 #else
315 SkipGCALot(Thread* t) { }
316 ~SkipGCALot() { }
317 #endif
318 };
320 // JRT_LEAF currently can be called from either _thread_in_Java or
321 // _thread_in_native mode. In _thread_in_native, it is ok
322 // for another thread to trigger GC. The rest of the JRT_LEAF
323 // rules apply.
324 class JRT_Leaf_Verifier : public No_Safepoint_Verifier {
325 static bool should_verify_GC();
326 public:
327 #ifdef ASSERT
328 JRT_Leaf_Verifier();
329 ~JRT_Leaf_Verifier();
330 #else
331 JRT_Leaf_Verifier() {}
332 ~JRT_Leaf_Verifier() {}
333 #endif
334 };
336 // A No_Alloc_Verifier object can be placed in methods where one assumes that
337 // no allocation will occur. The destructor will verify this property
338 // unless the constructor is called with argument false (not activated).
339 //
340 // The check will only be done in debug mode and if activated.
341 // Note: this only makes sense at safepoints (otherwise, other threads may
342 // allocate concurrently.)
344 class No_Alloc_Verifier : public StackObj {
345 private:
346 bool _activated;
348 public:
349 #ifdef ASSERT
350 No_Alloc_Verifier(bool activated = true) {
351 _activated = activated;
352 if (_activated) Thread::current()->_allow_allocation_count++;
353 }
355 ~No_Alloc_Verifier() {
356 if (_activated) Thread::current()->_allow_allocation_count--;
357 }
358 #else
359 No_Alloc_Verifier(bool activated = true) {}
360 ~No_Alloc_Verifier() {}
361 #endif
362 };
364 #endif // SHARE_VM_MEMORY_GCLOCKER_HPP
