On Mon, 9 Sep 2024 20:04:22 GMT, Stefan Karlsson <[email protected]> wrote:
>> src/hotspot/share/oops/typeArrayKlass.cpp line 175:
>>
>>> 173: size_t TypeArrayKlass::oop_size(oop obj) const {
>>> 174: // In this assert, we cannot safely access the Klass* with compact
>>> headers.
>>> 175: assert(UseCompactObjectHeaders || obj->is_typeArray(),"must be a
>>> type array");
>>
>> Why not? I think I'm missing something. Klass should be in the markWord
>> and that should be ok (?)
>
> I tracked this down to only (at least in my testing) happen from
> `size_given_klass` when called from the GC when it is about to copy an
> object. While that happens another thread can racingly succeed to copy the
> object and install a forwarding pointer over the old copy. When that happens
> the klass pointer is broken and the call to oopDesc::is_typeArray() crashes.
I did miss something. I thought the markWord was never overwritten by the
forwarding pointer.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/20677#discussion_r1750882259
