United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: 6833576 G1: assert(0 <= i && i < _len,"illegal index") utilities/growableArray.hpp:186
6833576 : G1: assert(0 <= i && i < _len,"illegal index") utilities/growableArray.hpp:186

Details
Type:
Bug
Submit Date:
2009-04-23
Status:
Resolved
Updated Date:
2010-04-06
Project Name:
JDK
Resolved Date:
2009-06-12
Component:
hotspot
OS:
solaris
Sub-Component:
gc
CPU:
x86
Priority:
P4
Resolution:
Fixed
Affected Versions:
7
Fixed Versions:
hs16

Related Reports
Backport:
JDK-2178901 - G1: assert(0 <= i && i < _len,"illegal index") utilities/growableArray.hpp:186
Backport:
JDK-2180614 - G1: assert(0 <= i && i < _len,"illegal index") utilities/growableArray.hpp:186

Sub Tasks

Description
While running SPECjbb2005 with G1 I experienced the following crash:
--------------------------------
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/home/jc234399/ws/hs-gc2/hotspot/src/share/vm/utilities/growableArray.hpp:186), pid=13408, tid=5
#  Error: assert(0 <= i && i < _len,"illegal index")
#
# JRE version: 7.0-b54
# Java VM: OpenJDK Server VM (15.0-b04-internal-jvmg mixed mode solaris-x86 )
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

---------------  T H R E A D  ---------------

Current thread (0x080a7c00):  GCTaskThread [stack: 0x00000000,0x00000000] [id=5]
....

Other Threads:
  0x0a288000 VMThread [stack: 0xfa6bb000,0xfa6fb000] [id=11]
  0x0a2b8400 WatcherThread [stack: 0x1b12d000,0x1b16d000] [id=19]

=>0x080a7c00 (exited) GCTaskThread [stack: 0x00000000,0x00000000] [id=5]

VM state:at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread:  ([mutex/lock_event])
[0x08099f10] Threads_lock - owner thread: 0x0a288000
[0x0809a5a0] Heap_lock - owner thread: 0x0809b400

Heap
            0 space 1024K,  34% used [0x1ba00000, 0x1ba587a0, 0x1bb00000)
          F 0 space 1024K,   0% used [0x1bb00000, 0x1bb00000, 0x1bc00000)
          F 0 space 1024K,   0% used [0x1bc00000, 0x1bc00000, 0x1bd00000)
          F 0 space 1024K,   0% used [0x1bd00000, 0x1bd00000, 0x1be00000)
....
          F 0 space 1024K,   0% used [0xf5500000, 0xf5500000, 0xf5600000)
    A  SU F 1 space 1024K,   0% used [0xf5600000, 0xf5600000, 0xf5700000)
    A     F 1 space 1024K,   0% used [0xf5700000, 0xf5700000, 0xf5800000)
    CS Y    0 space 1024K, 100% used [0xf5800000, 0xf5900000, 0xf5900000)
    CS Y    0 space 1024K, 100% used [0xf5900000, 0xf5a00000, 0xf5a00000)
    CS Y    0 space 1024K, 100% used [0xf5a00000, 0xf5b00000, 0xf5b00000)
    CS Y    0 space 1024K, 100% used [0xf5b00000, 0xf5c00000, 0xf5c00000)
    CS Y    0 space 1024K, 100% used [0xf5c00000, 0xf5d00000, 0xf5d00000)
    CS Y    0 space 1024K, 100% used [0xf5d00000, 0xf5e00000, 0xf5e00000)
    CS Y    0 space 1024K, 100% used [0xf5e00000, 0xf5f00000, 0xf5f00000)
    CS Y    0 space 1024K, 100% used [0xf5f00000, 0xf6000000, 0xf6000000)
    CS Y    0 space 1024K, 100% used [0xf6000000, 0xf6100000, 0xf6100000)
    CS Y    0 space 1024K, 100% used [0xf6100000, 0xf6200000, 0xf6200000)
    CS Y    0 space 1024K, 100% used [0xf6200000, 0xf6300000, 0xf6300000)
    CS Y    0 space 1024K,  99% used [0xf6300000, 0xf63ffcb0, 0xf6400000)
    CS Y    0 space 1024K, 100% used [0xf6400000, 0xf6500000, 0xf6500000)
    CS Y    0 space 1024K, 100% used [0xf6500000, 0xf6600000, 0xf6600000)

VM Arguments:
jvm_args: -XX:+UnlockExperimentalVMOptions -XX:+UseG1GC -Xmx3500m -Xms3500m -XX:+PrintGCDetails -XX:+PrintGCTimeStamps
java_command: spec.jbb.JBBmain -propfile SPECjbb.props
Launcher Type: SUN_STANDARD

----------------------------------

I was running SPECjbb2005 with a 32 bit debug JVM.

Comments
EVALUATION

Approved for JDK 7 M3 build 3.
2009-05-07 
EVALUATION

http://hg.openjdk.java.net/jdk7/hotspot-gc/hotspot/rev/a2957df801a1
2009-05-06 
SUGGESTED FIX

Code review feedback was to use the pointer_delta routine with an element size == 1 and include an explicit right-shift to avoid an issue with earlier versions of gcc where a division by a power-of-2 constant was not replaced with an appropriate right-shift operation.
2009-05-05 
SUGGESTED FIX

The fix for this problem is to use unsigned arithmetic which yield the correct result of 3499 for the heap region index:

cairnapple{jc234399}:70 > hg diff src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp
diff -r 922aedc96ef5 src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp
--- a/src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp      Fri Apr 03 15:59:19 2009 -0700
+++ b/src/share/vm/gc_implementation/g1/g1CollectedHeap.inline.hpp      Thu Apr 23 11:14:08 2009 -0700
@@ -37,8 +37,10 @@
 inline HeapRegion*
 G1CollectedHeap::heap_region_containing_raw(const void* addr) const {
   assert(_g1_reserved.contains(addr), "invariant");
-  size_t index = ((intptr_t) addr - (intptr_t) _g1_reserved.start())
-                                              >> HeapRegion::LogOfHRGrainBytes;
+
+  size_t diff = (size_t) (((address) addr) - ((address) _g1_reserved.start()));
+  size_t index = diff >> HeapRegion::LogOfHRGrainBytes;
+
   HeapRegion* res = _hrs->at(index);
   assert(res == _hrs->addr_to_region(addr), "sanity");
   return res;

In the above patch I cast both addr and the base of the reserved space to the address type (an unsigned char*).
2009-04-23


Hardware and Software, Engineered to Work Together