EVALUATION

The root cause of the crashes and assertion failures is a preexisting
bug in the safepoint code which was made more frequent by the
introduction of biased locking and its increase in the number of
safepoints taken.

During a thread state transition from _thread_in_native to
_thread_in_vm a safepoint is taken for a bias revocation requested by
another thread. The write to the memory serialization page, used to
ensure total store ordering for thread states during safepoint checks,
faults. Ordinarily the structured exception handler (SEH) installed by
HotSpot on Windows would be invoked to examine this fault and continue
execution, knowing that the serialization page will be write-enabled
again shortly by the VM thread. However, the SEH is only guaranteed to
be installed in the call_stub, or in other words, when Java frames are
on the stack. In the case of the Java Plug-In, the JVM is created from
native code and the main thread repeatedly invokes JNI functions
without having any Java frames on the stack. When the fault is taken
it looks like an unhandled exception in IEXPLORE.EXE and the browser
crashes.

The above behavior happens with JPICOM.DLL which is apparently the COM
version of the Java Plug-In used for Internet Explorer. Some of the
plugin tests seem to use JPIEXP.DLL. This plugin DLL seems to install
a top-level exception handler which catches the unhandled exception
above and swallows it, so it doesn't look at that point like the JVM
has crashed. It somehow seems to truncate the stack of that thread
back down to the installation point of the SEH in the plugin, so the
JVM state associated with that thread is in an inconsistent state (in
particular, the thread state is still in the transition state which
incurred the serialization page fault). Upon leaving the web page, the
plugin attempts to make a call into the JVM via JNI with this
transition state in the JavaThread and we assert as was seen before.

The fix (suggested by ###@###.###) is to switch back to using
membars only on Windows for certain JVM state transitions which are at
risk, in particular _thread_in_native to _thread_in_vm and vice versa,
and from _thread_in_vm to _thread_blocked and vice versa, when there
is no Java call stub on the stack (and consequently a last_Java_frame,
since we must have transitioned from _thread_in_Java to get into
_thread_in_native). This is the least impact solution. We may later
consider changing to use vectored exception handlers for recent
Windows releases (XP and later), which would gain back any performance
loss from this change and also significantly improve the speed of the
fast JNI GetField accessors developed by ###@###.###.

I also disabled the installation of asynchronous exceptions in the
return path from ThreadToNativeFromVM (used primarily in the boot
class loader) because this could be problematic and lead to assertion
failures or crashes.

This fix was verified manually with the Java Plug-In tests by opening
up the window of potential faults significantly (putting a sleep in
os::serialize_thread_states between the protect and unguard) and
running many tests. Before the fix, with this window expanded the
browser would crash almost immediately; with the fix, it no longer
does. Performance of the fix was verified with the JNI microbenchmarks
by ###@###.###.

This problem is present in the 5.0 release train so this fix will need
to be backported.
                                     

EVALUATION

The problem is that the JNI thread has the wrong state _thread_in_native.
Its not clear at this time how it got into that state.

It appears that the problem has been introduced with the biased locking putback CR: 6264252.
An workaround to use is -XX:-UseBiasedLocking to the VM, which will make the problem go away.

After testing with 20050804133224.kbr.c2_baseline the problem has disappeared, its quite
possible that this may have moved the problem around, as the fix CR: 6306530 and 6295591, 
directly does relate to  the original symptom. Which is the thread in the wrong state.

Since there is workaround and a "fix" will be provided indirectly, b47,  I am reducing the priority of this 
bug to P3.
                                     

EVALUATION

I ran the tests as described and cannot reproduce the problem. Could you please
document how to run with FireFox maybe I will have better luck with that.


Microsoft Visual Studio\Common\Tools\WinNT;C:\DevTools\Microsoft Visual Studio\C
ommon\MSDev98\Bin;C:\DevTools\Microsoft Visual Studio\Common\Tools;C:\DevTools\M
icrosoft Visual Studio\VC98\bin;C:\devtools\mssdk\Bin\.;C:\devtools\mssdk\Bin\Wi
nNT\.;;;c:/DevTools/MKS/mksnt;c:/utils
+ [ X = X ]
+ TONGA_REMOVE=PASS
+ [ X = X ]
+ REMOVE_TEST_JRE=true
+ USER_DEFINED_FILE=Y:/test_run/deploy_results/Standalone_deployment_plugin_2005
_08_03_06_26_58/output/.user.defined
+ . Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06_26_58/
output/.user.defined
+ J2SE_COMPONENT_DIR=deployment
+ JDEPLOY_COMPONENT=plugin
+ SUITE_DIR=Y:/deployment1/deployment_mustang_int_exec_ws
+ J2SE_SQE_HOME=Y:/deployment1/deployment_mustang_int_exec_ws
+ RESULTS_DIR=Y:/test_run/deploy_results
+ RESULTS_TOP_DIR_WEB_URL=http://sqeweb.sfbay/test_run/deploy_results
+ TEST_JDK_HOME=X:/jdk/1.6.0/latest/binaries/windows-i586
+ TEST_JRE_BUNDLE=X:/jdk/1.6.0/latest/bundles/windows-i586/jre-6_0-ea-windows-i5
86.exe
+ BROWSER_NAME=IE
+ TESTLIST=testlist.plugin
+ TESTLIST_FILTER=deployHelper
+ TONGA_REMOVE=NONE
+ REMOVE_TEST_JRE=false
+ STANDALONE_EXEC_FLAG=TRUE
+ RESULTS_DIR=Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03
_06_26_58
+ checkRequiredVariable J2SE_SQE_HOME xY:/deployment1/deployment_mustang_int_exe
c_ws
+ [ xY:/deployment1/deployment_mustang_int_exec_ws = x ]
+ checkRequiredVariable JDEPLOY_COMPONENT xplugin
+ [ xplugin = x ]
+ checkRequiredVariable J2SE_COMPONENT_DIR xdeployment
+ [ xdeployment = x ]
+ INIFILE=Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06_
26_58/dtf_deployment_tonga.ini
+ touch Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06_26
_58/dtf_deployment_tonga.ini
+ chmod +w Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06
_26_58/dtf_deployment_tonga.ini
+ [ ! -w Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06_2
6_58/dtf_deployment_tonga.ini ]
+ appendINI
+ echo
+ appendINI ## The following are generated by Run_deployment.sh ##
+ echo ## The following are generated by Run_deployment.sh ##
+ appendINI
+ echo
+ MASTER_WS=Y:/deployment1/deployment_mustang_int_exec_ws
+ COMPONENT_WS=Y:/deployment1/deployment_mustang_int_exec_ws/deployment
+ appendINI MASTER_WS=Y:/deployment1/deployment_mustang_int_exec_ws
+ echo MASTER_WS=Y:/deployment1/deployment_mustang_int_exec_ws
+ appendINI COMPONENT_WS=Y:/deployment1/deployment_mustang_int_exec_ws/deploymen
t
+ echo COMPONENT_WS=Y:/deployment1/deployment_mustang_int_exec_ws/deployment
+ appendINI export MASTER_WS
+ echo export MASTER_WS
+ appendINI export COMPONENT_WS
+ echo export COMPONENT_WS
+ appendINI TONGA_REMOVE=NONE
+ echo TONGA_REMOVE=NONE
+ appendINI export TONGA_REMOVE
+ echo export TONGA_REMOVE
+ appendINI TESTBASE=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/sr
c/plugin
+ echo TESTBASE=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/src/plu
gin
+ [ xtestlist.plugin = x ]
+ [ ! -f Y:/deployment1/deployment_mustang_int_exec_ws/deployment/testlist/testl
ist.plugin ]
+ appendINI TESTLIST=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/te
stlist/testlist.plugin
+ echo TESTLIST=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/testlis
t/testlist.plugin
+ appendINI export TESTLIST
+ echo export TESTLIST
+ appendINI FAIL_LIST=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/t
estlist/testlist.plugin.knownfailures
+ echo FAIL_LIST=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/testli
st/testlist.plugin.knownfailures
+ appendINI export FAIL_LIST
+ echo export FAIL_LIST
+ checkRequiredVariable TEST_JDK_HOME xX:/jdk/1.6.0/latest/binaries/windows-i586

+ [ xX:/jdk/1.6.0/latest/binaries/windows-i586 = x ]
+ appendINI JDK_HOME="X:/jdk/1.6.0/latest/binaries/windows-i586"
+ echo JDK_HOME="X:/jdk/1.6.0/latest/binaries/windows-i586"
+ appendINI export JDK_HOME
+ echo export JDK_HOME
+ appendINI HTML_CONVERTER="X:/jdk/1.6.0/latest/binaries/windows-i586/bin/HtmlCo
nverter"
+ echo HTML_CONVERTER="X:/jdk/1.6.0/latest/binaries/windows-i586/bin/HtmlConvert
er"
+ appendINI export HTML_CONVERTER
+ echo export HTML_CONVERTER
+ [ x != x ]
+ checkRequiredVariable TEST_JRE_BUNDLE xX:/jdk/1.6.0/latest/bundles/windows-i58
6/jre-6_0-ea-windows-i586.exe
+ [ xX:/jdk/1.6.0/latest/bundles/windows-i586/jre-6_0-ea-windows-i586.exe = x ]

+ appendINI TEST_JRE_BUNDLE=X:/jdk/1.6.0/latest/bundles/windows-i586/jre-6_0-ea-
windows-i586.exe
+ echo TEST_JRE_BUNDLE=X:/jdk/1.6.0/latest/bundles/windows-i586/jre-6_0-ea-windo
ws-i586.exe
+ appendINI export TEST_JRE_BUNDLE
+ echo export TEST_JRE_BUNDLE
+ [ xfalse = xtrue ]
+ + uname
OS=Windows_NT
+ [ Windows_NT = SunOS -o Windows_NT = Linux ]
+ appendINI PLATFORM=win32
+ echo PLATFORM=win32
+ + sed s|\\|/|g
+ print -r C:\Documents and Settings\ksrini
HOME=C:/Documents and Settings/ksrini
+ [ C:/Documents and Settings/ksrini ==  ]
+ echo C:/Documents and Settings/ksrini
C:/Documents and Settings/ksrini
+ DEP_USER_HOME=C:/Documents and Settings/ksrini/Applic~1/Sun/Java/Deployment
+ echo C:/Documents and Settings/ksrini/Applic~1/Sun/Java/Deployment
C:/Documents and Settings/ksrini/Applic~1/Sun/Java/Deployment
+ appendINI HOME="C:/Documents and Settings/ksrini"
+ echo HOME="C:/Documents and Settings/ksrini"
+ appendINI export HOME
+ echo export HOME
+ appendINI USERPROFILE="C:/Documents and Settings/ksrini"
+ echo USERPROFILE="C:/Documents and Settings/ksrini"
+ appendINI export USERPROFILE
+ echo export USERPROFILE
+ appendINI DEP_USER_HOME="C:/Documents and Settings/ksrini/Applic~1/Sun/Java/De
ployment"
+ echo DEP_USER_HOME="C:/Documents and Settings/ksrini/Applic~1/Sun/Java/Deploym
ent"
+ appendINI export DEP_USER_HOME
+ echo export DEP_USER_HOME
+ + echo C:/devtools/mks
MKSROOT=C:/devtools/mks
+ echo MKSROOT is C:/devtools/mks
MKSROOT is C:/devtools/mks
+ MKSPATH=C:/devtools/mks/bin;C:/devtools/mks/bin/X11;C:/devtools/mks/mksnt
+ appendINI MKSPATH="C:/devtools/mks/bin;C:/devtools/mks/bin/X11;C:/devtools/mks
/mksnt"
+ echo MKSPATH="C:/devtools/mks/bin;C:/devtools/mks/bin/X11;C:/devtools/mks/mksn
t"
+ appendINI export MKSPATH
+ echo export MKSPATH
+ rm -rf C:/Documents and Settings/ksrini/Applic~1/Sun/Java/Deployment
+ appendINI export PLATFORM
+ echo export PLATFORM
+ checkRequiredVariable BROWSER_NAME xIE
+ [ xIE = x ]
+ appendINI BROWSER_NAME=IE
+ echo BROWSER_NAME=IE
+ appendINI export BROWSER_NAME
+ echo export BROWSER_NAME
+ checkRequiredVariable RESULTS_TOP_DIR_WEB_URL xhttp://sqeweb.sfbay/test_run/de
ploy_results
+ [ xhttp://sqeweb.sfbay/test_run/deploy_results = x ]
+ [ xTRUE = x ]
+ + basename Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_
06_26_58
TEMP=Standalone_deployment_plugin_2005_08_03_06_26_58
+ HTTP_ROOT_ACCESS=http://sqeweb.sfbay/test_run/deploy_results/Standalone_deploy
ment_plugin_2005_08_03_06_26_58
+ STRING_TO_REPLACE=Y:/test_run/deploy_results/Standalone_deployment_plugin_2005
_08_03_06_26_58/
+ appendINI HTTP_ROOT_ACCESS=http://sqeweb.sfbay/test_run/deploy_results/Standal
one_deployment_plugin_2005_08_03_06_26_58
+ echo HTTP_ROOT_ACCESS=http://sqeweb.sfbay/test_run/deploy_results/Standalone_d
eployment_plugin_2005_08_03_06_26_58
+ appendINI export HTTP_ROOT_ACCESS
+ echo export HTTP_ROOT_ACCESS
+ appendINI STRING_TO_REPLACE=Y:/test_run/deploy_results/Standalone_deployment_p
lugin_2005_08_03_06_26_58/
+ echo STRING_TO_REPLACE=Y:/test_run/deploy_results/Standalone_deployment_plugin
_2005_08_03_06_26_58/
+ appendINI export STRING_TO_REPLACE
+ echo export STRING_TO_REPLACE
+ [ x != x ]
+ [ x != x ]
+ [ X != X ]
+ [ x = x ]
+ TONGA_JAR=Y:/deployment1/deployment_mustang_int_exec_ws/deployment/share/harne
ss/tonga2.0.jar
+ echo TONGA_JAR is Y:/deployment1/deployment_mustang_int_exec_ws/deployment/sha
re/harness/tonga2.0.jar
TONGA_JAR is Y:/deployment1/deployment_mustang_int_exec_ws/deployment/share/harn
ess/tonga2.0.jar
+ [ XdeployHelper = X ]
+ CMD=X:/jdk/1.5.0_04/latest/binaries/windows-i586/bin/java -classpath Y:/deploy
ment1/deployment_mustang_int_exec_ws/deployment/share/harness/tonga2.0.jar DTong
a -workdir Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06
_26_58 -inifile Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_
03_06_26_58/dtf_deployment_tonga.ini -filter deployHelper
+ [  = TRUE ]
+ echo Running command: X:/jdk/1.5.0_04/latest/binaries/windows-i586/bin/java -c
lasspath Y:/deployment1/deployment_mustang_int_exec_ws/deployment/share/harness/
tonga2.0.jar DTonga -workdir Y:/test_run/deploy_results/Standalone_deployment_pl
ugin_2005_08_03_06_26_58 -inifile Y:/test_run/deploy_results/Standalone_deployme
nt_plugin_2005_08_03_06_26_58/dtf_deployment_tonga.ini -filter deployHelper
Running command: X:/jdk/1.5.0_04/latest/binaries/windows-i586/bin/java -classpat
h Y:/deployment1/deployment_mustang_int_exec_ws/deployment/share/harness/tonga2.
0.jar DTonga -workdir Y:/test_run/deploy_results/Standalone_deployment_plugin_20
05_08_03_06_26_58 -inifile Y:/test_run/deploy_results/Standalone_deployment_plug
in_2005_08_03_06_26_58/dtf_deployment_tonga.ini -filter deployHelper
+ X:/jdk/1.5.0_04/latest/binaries/windows-i586/bin/java -classpath Y:/deployment
1/deployment_mustang_int_exec_ws/deployment/share/harness/tonga2.0.jar DTonga -w
orkdir Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_06_26_
58 -inifile Y:/test_run/deploy_results/Standalone_deployment_plugin_2005_08_03_0
6_26_58/dtf_deployment_tonga.ini -filter deployHelper
DTonga. Version: 2.0.1 FCS. Subrelease: 07/29/05 15:15:05
Built: Fri Jul 29 17:02:11 IST 2005
Build directory: tonga_ws
Comments: ${env.BUILD_COMMENTS}
Tonga Harness interest alias: ###@###.###.
Tonga Bugtraq category: java_tools/tonga (file against Tonga version 2.0)

Loading harness modules... Done
Initializing harness with file: dtf_deployment_tonga.ini
Deleting results directory: Y:/test_run/deploy_results/Standalone_deployment_plu
gin_2005_08_03_06_26_58/ksrini.Windows_XP.x86
Preparing testlist... Done.
Some tests wont be added to the list. Check testlist.error and/or testlist.filte
red
HARNESS STARTED: Wed Aug 03 06:27:07 PDT 2005
SUITE RUN PREPARATION deployHelper: READY
TEST test_schema BrowserJVMTest 1/55 1/55 PASS
TEST test_schema Negativetest01 2/55 2/55 PASS
TEST test_schema TestGetJVMs 3/55 3/55 PASS
TEST test_schema CompareBrowserJVM 4/55 4/55 PASS
TEST test_schema Negativetest02 5/55 5/55 PASS
TEST test_schema Negativetest03 6/55 6/55 PASS
TEST test_schema TestRunningJVM 7/55 7/55 PASS
TEST test_schema Negativetest04 8/55 8/55 PASS
TEST test_schema CompareRunningJVM 9/55 9/55 PASS
TEST test_schema Negativetest05 10/55 10/55 PASS
TEST test_schema CompareGetJVMs 11/55 11/55 PASS
TEST test_schema Negativetest06 12/55 12/55 PASS
TEST test_schema Negativetest07 13/55 13/55 PASS
TEST test_schema TestCLSIDsMimetypes 14/55 14/55 PASS
TEST test_schema Negativetest08 15/55 15/55 PASS
TEST test_schema Negativetest09 16/55 16/55 PASS
TEST test_schema Negativetest10 17/55 17/55 PASS
TEST test_schema Negativetest11 18/55 18/55 PASS
TEST test_schema Negativetest12 19/55 19/55 PASS
TEST test_schema TestCLSIDsMimetypes1 20/55 20/55 PASS
TEST test_schema Negativetest13 21/55 21/55 PASS
TEST test_schema Negativetest14 22/55 22/55 PASS
TEST test_schema objectBrowserJVM 23/55 23/55 PASS
TEST test_schema ObjectNegtest01 24/55 24/55 PASS
TEST test_schema objectCompBJVM 25/55 25/55 PASS
TEST test_schema ObjectNegtest02 26/55 26/55 PASS
TEST test_schema ObjectNegtest03 27/55 27/55 PASS
TEST test_schema ObjectNegtest04 28/55 28/55 PASS
TEST test_schema objectRunningJVM 29/55 29/55 PASS
TEST test_schema objectComRJVM 30/55 30/55 PASS
TEST test_schema objectGetJVMs 31/55 31/55 PASS
TEST test_schema ObjectNegtest05 32/55 32/55 PASS
TEST test_schema objectCompGetJVMs 33/55 33/55 PASS
TEST test_schema ObjectNegtest06 34/55 34/55 PASS
TEST test_schema ObjectNegtest07 35/55 35/55 PASS
TEST test_schema objectCLSIDsMimetypes 36/55 36/55 PASS
TEST test_schema ObjectNegtest08 37/55 37/55 PASS
TEST test_schema objectCLSIDsMimetypes1 38/55 38/55 PASS
TEST test_schema ObjectNegtest09 39/55 39/55 PASS
TEST test_schema ObjectNegtest10 40/55 40/55 PASS
TEST test_schema ObjectNegtest11 41/55 41/55 PASS
TEST test_schema ObjectNegtest12 42/55 42/55 PASS
TEST test_schema GenerateCLSIDsMimetypes 43/55 43/55 PASS
TEST test_schema ObjectNegtest13 44/55 44/55 PASS
TEST test_schema ObjectNegtest14 45/55 45/55 PASS
TEST test_schema LiveConnectBJVM 46/55 46/55 PASS
TEST test_schema LiveConnBJVMObject 47/55 47/55 PASS
TEST test_schema LiveConnBJVMComp 48/55 48/55 PASS
TEST test_schema LiveConnBJVMCompObject 49/55 49/55 PASS
TEST test_schema LiveConnectRJVM 50/55 50/55 PASS
TEST test_schema LiveConnectRjvmObject 51/55 51/55 PASS
TEST test_schema LiveConnRjvmComp 52/55 52/55 PASS
TEST test_schema LiveConnRjvmCompObject 53/55 53/55 PASS
TEST test_schema LiveConnGetJVMs 54/55 54/55 PASS
TEST test_schema LiveConnGetJVMsObject 55/55 55/55 PASS
HARNESS ENDED: Wed Aug 03 07:00:47 PDT 2005

TOTAL TESTS IN RUN: 55
TEST PASS: 55; 100% rate
TEST FAIL: 0; 0% rate
TEST INCOMPLETE: 0; 0% rate
TESTS NOT RUN: 0

TOTAL TEST IN TESTLIST: 289
+ [  = TRUE ]
+ [ X != X ]
Done running script for sub component : plugin
+ echo Testrun Done
Testrun Done
+ [ false = true ]
[Y:/deployment1/deployment_mustang_int_exec_ws/deployment/docs/standalone]

Can't reproduce the problem.