[prev in list] [next in list] [prev in thread] [next in thread]
List: openjdk-serviceability-dev
Subject: Re: SEGV in EdgeUtils::field_name_symbol(Edge const&)
From: "Daniel D. Daugherty" <daniel.daugherty () oracle ! com>
Date: 2020-02-19 19:52:28
Message-ID: 2644c4a0-d449-6538-71a6-7b149df43ab2 () oracle ! com
[Download RAW message or body]
Hi Tony!
Thanks for filing:
JDK-8239497 SEGV in EdgeUtils::field_name_symbol(Edge const&)
https://bugs.openjdk.java.net/browse/JDK-8239497
I've added hotspot-jfr-dev@... alias to this thread, but the JFR
folks usually lurk on the Serviceability alias also.
Dan
On 2/19/20 1:33 PM, Tony Printezis wrote:
> FWIW, this is the stack trace when the crash happens:
>
> EdgeUtils::field_name_symbol(Edge const&)
> ObjectSampleWriter::write(StoredEdge const*)
> ObjectSampleWriter::operator()(StoredEdge&)
> ObjectSampleCheckpoint::write(ObjectSampler*, EdgeStore*, bool, Thread*)
> EventEmitter::write_events(ObjectSampler*, EdgeStore*, bool)
> PathToGcRootsOperation::doit()
> VM_Operation::evaluate()
> VMThread::evaluate_operation(VM_Operation*)
> VMThread::loop()
> VMThread::run()
>
>
> —————
> Tony Printezis | @TonyPrintezis | tprintezis@twitter.com
> <mailto:tprintezis@twitter.com>
>
>
> On February 19, 2020 at 1:22:35 PM, Tony Printezis
> (tprintezis@twitter.com <mailto:tprintezis@twitter.com>) wrote:
>
>> Hi,
>>
>> (Is this the right mailing list for this?)
>>
>> I’ve been looking at a SEGV in EdgeUtils::field_name_symbol(Edge
>> const&) that we have been seeing in our nightly testing when running
>> jdk/jfr/jcmd/TestJcmdDump.java. I can reproduce it using graal and
>> parallel gc (cms also) on Linux with our 11 release, as well as
>> OpenJDK 11u, 12, 13, and 14.
>>
>> The culprit seems to be this method:
>>
>> static const InstanceKlass* field_type(const StoredEdge& edge) {
>> assert(!edge.is_root() || !EdgeUtils::is_array_element(edge),
>> "invariant");
>> return (const InstanceKlass*)edge.reference_owner_klass();
>> }
>>
>> In fact, edge.reference_owner_klass()->is_instance_klass() == false,
>> as the class here seems to be an object array class (I’ve seen
>> [Ljava.lang.Class; and [Ljava.lang.Enum;).
>>
>> Is this a known issue? I’m not familiar with this code. Should
>> field_name_symbol() return NULL in this case?
>>
>> Thanks,
>>
>> Tony
>>
>>
>> —————
>> Tony Printezis | @TonyPrintezis | tprintezis@twitter.com
>> <mailto:tprintezis@twitter.com>
>>
[Attachment #3 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<tt>Hi Tony!<br>
<br>
Thanks for filing:<br>
<br>
JDK-8239497 SEGV in EdgeUtils::field_name_symbol(Edge
const&)<br>
<a class="moz-txt-link-freetext" \
href="https://bugs.openjdk.java.net/browse/JDK-8239497">https://bugs.openjdk.java.net/browse/JDK-8239497</a><br>
<br>
I've added hotspot-jfr-dev@... alias to this thread, but the JFR<br>
folks usually lurk on the Serviceability alias also.<br>
<br>
Dan<br>
<br>
<br>
</tt><br>
<div class="moz-cite-prefix">On 2/19/20 1:33 PM, Tony Printezis
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOzU2inE+hxutgzLVm5_5M9dpp9fkZi5G3B46u7Z+V4aCgo6_A@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<style>body{font-family:Helvetica,Arial;font-size:13px}</style>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">FWIW,
this is the stack trace when the crash happens:</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
<div id="bloop_customfont" \
style="margin:0px">EdgeUtils::field_name_symbol(Edge const&)</div>
<div id="bloop_customfont" \
style="margin:0px">ObjectSampleWriter::write(StoredEdge const*)</div>
<div id="bloop_customfont" \
style="margin:0px">ObjectSampleWriter::operator()(StoredEdge&)</div>
<div id="bloop_customfont" \
style="margin:0px">ObjectSampleCheckpoint::write(ObjectSampler*, EdgeStore*, bool, \
Thread*)</div>
<div id="bloop_customfont" \
style="margin:0px">EventEmitter::write_events(ObjectSampler*, EdgeStore*, \
bool)</div>
<div id="bloop_customfont" \
style="margin:0px">PathToGcRootsOperation::doit()</div>
<div id="bloop_customfont" style="margin:0px">VM_Operation::evaluate()</div>
<div id="bloop_customfont" \
style="margin:0px">VMThread::evaluate_operation(VM_Operation*)</div>
<div id="bloop_customfont" style="margin:0px">VMThread::loop()</div>
<div id="bloop_customfont" style="margin:0px">VMThread::run()</div>
<div><br>
</div>
</div>
<div id="bloop_sign_1582137179603087872" class="bloop_sign">
<div><br>
</div>
<div>
<div>—————</div>
<div>Tony Printezis | @TonyPrintezis | <a
href="mailto:tprintezis@twitter.com"
moz-do-not-send="true">tprintezis@twitter.com</a></div>
</div>
<div><br>
</div>
</div>
<br>
<p class="airmail_on">On February 19, 2020 at 1:22:35 PM, Tony
Printezis (<a href="mailto:tprintezis@twitter.com"
moz-do-not-send="true">tprintezis@twitter.com</a>) wrote:</p>
<blockquote type="cite" class="clean_bq"><span>
<div style="word-wrap:break-word;line-break:after-white-space">
<div>
<title></title>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Hi,</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">(Is
this the right mailing list for this?)</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">I’ve
been looking at a SEGV
in EdgeUtils::field_name_symbol(Edge const&) that we
have
been seeing in our nightly testing when running
jdk/jfr/jcmd/TestJcmdDump.java. I can reproduce it using
graal and
parallel gc (cms also) on Linux with our 11 release, as
well as
OpenJDK 11u, 12, 13, and 14.</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">The
culprit seems to be this method:</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">
<div id="bloop_customfont" style="margin:0px">static
const
InstanceKlass* field_type(const StoredEdge& edge)
{</div>
<div id="bloop_customfont" style="margin:0px">
assert(!edge.is_root() ||
!EdgeUtils::is_array_element(edge),
"invariant");</div>
<div id="bloop_customfont" style="margin:0px"> return
(const InstanceKlass*)edge.reference_owner_klass();</div>
<div id="bloop_customfont" style="margin:0px">}</div>
<div><br>
</div>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">In
fact,
edge.reference_owner_klass()->is_instance_klass() ==
false, as the class here seems to be an object array
class (I’ve
seen [Ljava.lang.Class; and [Ljava.lang.Enum;).</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Is
this a known issue? I’m not familiar with this code.
Should
field_name_symbol() return NULL in this case?</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Thanks,</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Tony</div>
<br>
<div class="bloop_sign"
id="bloop_sign_1582135866872517120">
<div><br>
</div>
<div>
<div>—————</div>
<div>Tony Printezis | @TonyPrintezis | <a
href="mailto:tprintezis@twitter.com"
moz-do-not-send="true">tprintezis@twitter.com</a></div>
</div>
<div><br>
</div>
</div>
</div>
</div>
</span></blockquote>
</blockquote>
<br>
</body>
</html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic