Synchronization between continuation mounting and concurrent scanning

[LinHu2016]

There is a race condition between continuation mounting(swapping java
stacks with carrier thread) and concurrent continuation scanning the
related java stacks).

use atomic operations with continuation->state to synchronizer
to avoid to introduce a new Mutex.
1, GC concurrent scanning use low bit of continuation->state for enter
and exit ConcurrentGCScan(J9_GC_CONTINUATION_STATE_CONCURRENT_SCAN,
tryWinningConcurrentGCScan(), exitConcurrentGCScan()).
2, mounting use atomic "or" set continuation->state
(synchronizeWithConcurrentGCScan()).
3, if mounting enter earlier than scanning, then drop scanning
4, if scanning enter earlier than mounting, then mounting is going to
wait scanning complete
5, after scanning complete, need to clear the low bit
(J9_GC_CONTINUATION_STATE_CONCURRENT_SCAN) and if mounting is in
waiting, notify the mounting.

fix: #16212, #15939
Signed-off-by: Lin Hu linhu@ca.ibm.com

[amicic]

I'd suggest something like:
synchronizeWithConcurrentGCScan

[nbhuiyan]

@LinHu2016 does this fix the JIT invalid return address issue discussed within #15939? I wanted to test this out myself, however, I am not able to get a build with your commit due to a linker error.

[LinHu2016]

@nbhuiyan here is my earlier personal build for trying, if you want to confirm if JIT invalid return address issue also is triggered by race condition.
https://hyc-runtimes-jenkins.swg-devops.com/view/OpenJ9%20-%20Personal/job/Pipeline-Build-Test-Personal/14726/

[nbhuiyan]

@LinHu2016 the JIT invalid return address issue still happens with your build, so it is not caused by this particular race condition.

[amicic]

not used/needed anymore

[gacholio]

Please do not use names like bNeedsMutex in the VM code. It's pretty obviously a boolean.

[gacholio]

Formatting, and should be ANY_BITS_SET anyway.

[amicic]

Please do not use names like bNeedsMutex in the VM code. It's pretty obviously a boolean.

and while renaming it, let's use a bit more descriptive name, like: syncWithConcurrentGCScan

EDIT: I was referring to usage as an argument in walkContinuationStackFramesWrapper. Other spots may or may not need a different name.

[amicic]

I believe these are just temporary debug flags that you used during testing. I think you can remove them now, so that affected code is easier to read.

[amicic]

unfortunately we will either have to introduce a new API that is not Scav specific (what is OMR change) or find another existing way to check this (via ConcurrentGC mode?)

[gacholio]

ANY_BITS here too. The cast also seems unnecessary given the pointer type.

[amicic]

you probably meant 'cast'
I see you edited meanwhile

[gacholio]

By using an existing field to contain the tag, do we need to change general uses of that field to mask the tag?

[amicic]

By using an existing field to contain the tag, do we need to change general uses of that field to mask the tag?

indeed we thought about it (there is comment there in isCountinationMounted, that is probably the only other user)
Perhaps we should have a cuple of macros to extract (pure) carrierThread and/or tagged value, and even rename the field to be more descriptive (for example carrierThreadAnd(Or)ConcurrentlyScanned?)

[gacholio]

Perhaps we should have a couple of macros

I think that would be a good idea, as well as renaming the field to make it (more) obvious not to use it directly.

[amicic]

I'd structure the code like this:

if (0 == oldValue) {
	if (atomic succeeds) 
            return true;
}

return false;

And I'd put just one comment in front of the method (since it applies to both not attempting atomic and attempting, but losing) like:

If low tagging failed (or not even attempted) due to either

• a carrier thread winning to mount, we don't need to do anything, since it will be compensated by pre/post mount actions/scans
• another GC thread winning to scan, again don't do anything, and let the winning thread do the work, instead

[amicic]

there is VM_AtomicSupport::bitAnd which also returns what you need - oldValue

[amicic]

You can also add a comment that we don't need atomic here, since no GC thread should be able to start scanning while continuation is mounted, nor should another carrier thread be able to mount before we complete the unmount (hence no risk to overwrite anything in a race)

After that comment you can add an assert that it indeed concurrentlyScanned is not set (and have the other assert about carrier ID). Or that could just really be one assert that the state is exactly currentThread

[amicic]

I understand your intention to put this comment early, thinking if there is a need for synchronization, it should be done early.

But comment really applies to putting state back to initial, while someone may assume we are talking about currentContinuation being set to NULL. So either we should state it more explicitly rather than saying 'here" or (what was my initial intention) just keep the comment next to state reset.

Same applies to the assert, it's the best to be the closest to state reset as possible (in some malicious scenario if anotehr thread mutates state between the assert and the reset, keeping them close increases chances to catch the intruder)
Then we can merge the 2 asserts into one: currentThread == state. Such an assert would not be completely clean (in a sense it knows something about how state struct is organized), but I'm still ok with it, for the sake of simpler code (asserts). Besides, it would not be the only spot: for example, atomic in tryWinningConcurrentGCScan also assumes this knowledge.

[amicic]

we'll need a comment about the reset being the last step and write fence preceding it, but only after/if GAC confirms 'borrowing' the existing fence was ok, first

[gacholio]

I see no issue with the placement of the fence.

[amicic]

jenkins test sanity aix jdk19

[amicic]

jenkins test sanity win jdk19
jenkins test sanity.functional aix jdk19

[gacholio]

@amicic There's a question above related to barriers - can you please reiterate what I'm supposed to be considering?

[amicic]

@amicic There's a question above related to barriers - can you please reiterate what I'm supposed to be considering?

It's about readWriteBarrier. It used to be the very last thing in unmount. Now, it's not.

We needed a write barrier just before resetting the state (setting it to INITIAL, what basically clears carrier ID). The reset effectively presents the continuation structure to GC, letting it to be concurrently scanned. But GC potentially running on another CPU must see the up-to-date continuation structure that just have been extensively mutated by swapFieldsWithContinuation a step earlier.

So, we ended up borrowing the write part of the barrier by swapping the existing full barrier with the reset line (the line used to be just setting carrierThread to NULL)

I don't fully understand the original intent of the barrier (but I guess it has something to do with lock-free inNative?), so the question is if we compromised the original intent.

[gacholio]

The placement/use of the fence seems fine.

[amicic]

@LinHu2016, you can expand this comment with:

Order 

swap-stacks
writeBarrier
state initial

must be maintained for weakly ordered CPUs, to unsure that once the continuation is again available for GC scan (on potentially remote CPUs), all CPUs see up-to-date stack .

[amicic]

let's add a comment

We don't scan mounted continuations:

• for concurrent GCs, since stack is actively changing. Instead, we scan them during preMount or during root scanning if already mounted at cycle start or during postUnmount (might be indirectly via card cleaning) or during final STW (via root re-scan) if still mounted at cycle end
• for sliding compacts to avoid double slot fixups

For fully STW GCs, there is no harm to scan them, but it's a waste of time since they are scanned during root scanning already.

We don't scan currently scanned either - one scan is enough.

[amicic]

Add a comment:
Used during main scan phase of GC (object graph traversal) or heap object iteration (in sliding compact). Not meant to be used during root scanning (neither strong roots nor weak roots)!

[amicic]

align these 3

[amicic]

remove debug code

[amicic]

jenkins test sanity.functional all jdk19

[amicic]

jenkins compile win,aix jdk8