P2
ParGCCardsPerStrideChunk option used is several arithmetic expressions in hotspot/src/share/vm/gc/cms/parCardTableModRefBS.cpp module and this can cause overflow problems:
void
CardTableModRefBSForCTRS::
process_stride(Space* sp,
MemRegion used,
jint stride, int n_strides,
OopsInGenClosure* cl,
CardTableRS* ct,
jbyte** lowest_non_clean,
uintptr_t lowest_non_clean_base_chunk_index,
size_t lowest_non_clean_chunk_size) {
...
if ((uintptr_t)stride >= start_chunk_stride_num) {
chunk_card_start = (jbyte*)(start_card +
(stride - start_chunk_stride_num) *
ParGCCardsPerStrideChunk);
} else {
// Go ahead to the next chunk group boundary, then to the requested stride.
chunk_card_start = (jbyte*)(start_card +
(n_strides - start_chunk_stride_num + stride) *
ParGCCardsPerStrideChunk);
}
...
jbyte* chunk_card_end = chunk_card_start + ParGCCardsPerStrideChunk;
...
// Find the next chunk of the stride.
chunk_card_start += ParGCCardsPerStrideChunk * n_strides;
}
}
32-bit fastdebug JVM with following options(run TestGCOld jtreg hotspot test) hits assert:
java -XX:+UseConcMarkSweepGC -XX:ParGCCardsPerStrideChunk=2147483647 TestGCOld 10 10 10 10 10
...
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/cardTableModRefBS.hpp:293
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/scratch/opt/jprt/T/P1/011512.daholme/s/hotspot/src/share/vm/gc/shared/cardTableModRefBS.hpp:293), pid=15636, tid=15639
# assert(p >= _byte_map && p < _byte_map + _byte_map_size) failed: out of bounds access to card marking array
#
...
hs_err_pid15636.log is attached.
Following ParGCCardsPerStrideChunk values also hit assert: 126870912, 536870912, 1073741824, 1610612735
Also, can be reproduced by running javac(32 bit, fastdebug):
javac -J-XX:+UseConcMarkSweepGC -J-XX:ParGCCardsPerStrideChunk=2147483647 HelloWorld.java
void
CardTableModRefBSForCTRS::
process_stride(Space* sp,
MemRegion used,
jint stride, int n_strides,
OopsInGenClosure* cl,
CardTableRS* ct,
jbyte** lowest_non_clean,
uintptr_t lowest_non_clean_base_chunk_index,
size_t lowest_non_clean_chunk_size) {
...
if ((uintptr_t)stride >= start_chunk_stride_num) {
chunk_card_start = (jbyte*)(start_card +
(stride - start_chunk_stride_num) *
ParGCCardsPerStrideChunk);
} else {
// Go ahead to the next chunk group boundary, then to the requested stride.
chunk_card_start = (jbyte*)(start_card +
(n_strides - start_chunk_stride_num + stride) *
ParGCCardsPerStrideChunk);
}
...
jbyte* chunk_card_end = chunk_card_start + ParGCCardsPerStrideChunk;
...
// Find the next chunk of the stride.
chunk_card_start += ParGCCardsPerStrideChunk * n_strides;
}
}
32-bit fastdebug JVM with following options(run TestGCOld jtreg hotspot test) hits assert:
java -XX:+UseConcMarkSweepGC -XX:ParGCCardsPerStrideChunk=2147483647 TestGCOld 10 10 10 10 10
...
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/cardTableModRefBS.hpp:293
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/scratch/opt/jprt/T/P1/011512.daholme/s/hotspot/src/share/vm/gc/shared/cardTableModRefBS.hpp:293), pid=15636, tid=15639
# assert(p >= _byte_map && p < _byte_map + _byte_map_size) failed: out of bounds access to card marking array
#
...
hs_err_pid15636.log is attached.
Following ParGCCardsPerStrideChunk values also hit assert: 126870912, 536870912, 1073741824, 1610612735
Also, can be reproduced by running javac(32 bit, fastdebug):
javac -J-XX:+UseConcMarkSweepGC -J-XX:ParGCCardsPerStrideChunk=2147483647 HelloWorld.java