8058737: CodeCache::find_blob fails with 'unsafe access to zombie method'

Remove active ICStubs from zombie nmethods Reviewed-by: kvn, iveresov
2026-05-11 14:11:36 +00:00 · 2014-09-29 08:40:51 +02:00 · 2014-09-29 08:40:51 +02:00 · d63b9025d8
commit d63b9025d8
parent bea6d40f48
5 changed files with 27 additions and 4 deletions
--- a/hotspot/src/share/vm/code/compiledIC.cpp
+++ b/hotspot/src/share/vm/code/compiledIC.cpp
@ -155,6 +155,14 @@ address CompiledIC::stub_address() const {
  return _ic_call->destination();
 }

+// Clears the IC stub if the compiled IC is in transition state
+void CompiledIC::clear_ic_stub() {
+  if (is_in_transition_state()) {
+    ICStub* stub = ICStub_from_destination_address(stub_address());
+    stub->clear();
+  }
+}
+

 //-----------------------------------------------------------------------------
 // High-level access to an inline cache. Guaranteed to be MT-safe.
@ -333,10 +341,7 @@ void CompiledIC::set_to_clean() {

  if (safe_transition) {
    // Kill any leftover stub we might have too
-    if (is_in_transition_state()) {
-      ICStub* old_stub = ICStub_from_destination_address(stub_address());
-      old_stub->clear();
-    }
+    clear_ic_stub();
    if (is_optimized()) {
    set_ic_destination(entry);
  } else {
--- a/hotspot/src/share/vm/code/compiledIC.hpp
+++ b/hotspot/src/share/vm/code/compiledIC.hpp
@ -216,6 +216,7 @@ class CompiledIC: public ResourceObj {
  //
  void set_to_clean();  // Can only be called during a safepoint operation
  void set_to_monomorphic(CompiledICInfo& info);
+  void clear_ic_stub();

  // Returns true if successful and false otherwise. The call can fail if memory
  // allocation in the code cache fails.
--- a/hotspot/src/share/vm/code/nmethod.cpp
+++ b/hotspot/src/share/vm/code/nmethod.cpp
@ -1130,6 +1130,18 @@ void nmethod::clear_inline_caches() {
  }
 }

+// Clear ICStubs of all compiled ICs
+void nmethod::clear_ic_stubs() {
+  assert_locked_or_safepoint(CompiledIC_lock);
+  RelocIterator iter(this);
+  while(iter.next()) {
+    if (iter.type() == relocInfo::virtual_call_type) {
+      CompiledIC* ic = CompiledIC_at(&iter);
+      ic->clear_ic_stub();
+    }
+  }
+}
+

 void nmethod::cleanup_inline_caches() {

--- a/hotspot/src/share/vm/code/nmethod.hpp
+++ b/hotspot/src/share/vm/code/nmethod.hpp
@ -577,6 +577,7 @@ public:

  // Inline cache support
  void clear_inline_caches();
+  void clear_ic_stubs();
  void cleanup_inline_caches();
  bool inlinecache_check_contains(address addr) const {
    return (addr >= code_begin() && addr < verified_entry_point());
--- a/hotspot/src/share/vm/runtime/sweeper.cpp
+++ b/hotspot/src/share/vm/runtime/sweeper.cpp
@ -543,6 +543,10 @@ int NMethodSweeper::process_nmethod(nmethod *nm) {
      if (PrintMethodFlushing && Verbose) {
        tty->print_cr("### Nmethod %3d/" PTR_FORMAT " (not entrant) being made zombie", nm->compile_id(), nm);
      }
+      // Clear ICStubs to prevent back patching stubs of zombie or unloaded
+      // nmethods during the next safepoint (see ICStub::finalize).
+      MutexLocker cl(CompiledIC_lock);
+      nm->clear_ic_stubs();
      // Code cache state change is tracked in make_zombie()
      nm->make_zombie();
      _zombified_count++;