Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8217990

C2 UseOptoBiasInlining: load of markword optimized to 0 if running with -XX:-EliminateLocks

    Details

    • Subcomponent:
    • Resolved In Build:
      b08
    • CPU:
      generic
    • OS:
      generic
    • Verification:
      Verified

      Backports

        Description

        The jtreg test TestUseOptoBiasInliningWithoutEliminateLocks.java contained in the attached jdk.changeset triggers

          assert(dmw->is_neutral()) failed: invariant

        in ObjectSynchronizer::inflate().

        Analysis:

        - Test is run with -XX:-EliminateLocks

        - The load node 223 (see attachment 1_ideal_after_macro_before_opt.log) for loading the markword is replaced with the constant 0

          * The address of the load has instance id 25 from escape analysis, but there is no alias index.
          * The load gets Bot memory from MemMerge 56 which is the initial memory node 7
          * LoadNode::Value() treats the markword as every other field and evaluates to constant zero

        - The optimizer finds the test of the markword for a bias pattern to be constant false

        - The biased locking enter is found to be dead code and removed (see 2_ideal_after_macro_after_opt.log and B3 in 3_opto_assembly.log).

        - At runtime: fast lock succeeds and stores the anonymously biased mark word as displaced header into the stack frame

        - Frame is deoptimized w/o inflating the lock as normally

        - Something goes wrong in the interpreted monitor exit which leads to inflation

        - Assertion fires in ObjectSynchronizer::inflate(), because the displaced header has a bias pattern

        Note: when running the test with -XX:-DoEscapeAnalysis, the markword load has as well the initial
        memory as memory input (see 4_ideal_after_macro_after_opt_DoEscapeAnalysis_disabled.log). It is not
        replaced with constant 0, because the address is _not_ is_known_instance_field(). I presume this is
        the reason, why the markword loads get pinned?

        Fix Attempt (attachment jdk.changeset):

        LoadNode::Value(): only replace loads with constant 0 if the offset is greater than 0.

        Experimental: GraphKit::set_output_for_allocation(): create alias index for markword references.
        With this the markword load has a memory dependency on the object initialization (see
        5_fix_attempt_ideal_after_macro_after_opt.log) if escape analysis is disabled. With escape analysis
        enabled this is not enough if the object has an instance id. In this case the load should be pinned
        (not included in the fix).

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  roland Roland Westrelin
                  Reporter:
                  rrich Richard Reingruber
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  4 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: