jvm安全點(一)openjdk17 c++源碼垃圾回收安全點信號函數處理線程阻塞

1. 信號處理入口??

??JVM_HANDLE_XXX_SIGNAL?? 是 JVM 處理信號的統一入口，負責處理 SIGSEGV、SIGBUS 等信號。
??javaSignalHandler?? 是實際注冊到操作系統的信號處理函數，直接調用?JVM_HANDLE_XXX_SIGNAL。

??2. 安全點輪詢頁的識別??

在?PosixSignals::pd_hotspot_signal_handler?中，以下代碼檢測是否因訪問安全點輪詢頁觸發了信號：

復制

if (sig == SIGSEGV && SafepointMechanism::is_poll_address((address)info->si_addr)) { stub = SharedRuntime::get_poll_stub(pc); }

??SafepointMechanism::is_poll_address?? 檢查觸發異常的地址是否是安全點輪詢頁。
如果是，獲取一個 ??樁代碼地址（Stub）???stub，該樁代碼用于跳轉到安全點處理邏輯。

??3. 樁代碼與上下文切換??

??SharedRuntime::get_poll_stub(pc)?? 返回一段平臺相關的樁代碼地址（如?polling_page_rerun_stub）。
??os::Posix::ucontext_set_pc(uc, stub)?? 修改信號上下文中的程序計數器（PC），使線程在信號處理返回后跳轉到樁代碼執行。

??4. 樁代碼觸發安全點處理??

樁代碼（如?polling_page_rerun_stub）的偽代碼如下：

asm

復制

mov %rsp, %rax ; 保存寄存器狀態 call handle_poll ; 調用安全點處理函數 ret

??handle_poll?? 是 JVM 內部函數，最終調用?SafepointSynchronize::handle_polling_page_exception。
線程通過樁代碼進入安全點處理流程，最終阻塞在安全點屏障。

??5. 核心調用鏈??

信號處理流程最終通過以下路徑調用?handle_polling_page_exception：

信號處理函數 (javaSignalHandler)→ pd_hotspot_signal_handler (識別安全點輪詢頁)→ 設置 PC 到樁代碼 (polling_page_safepoint_handler_blob)→ 樁代碼調用 polling_page_safepoint_handler_blob→ ThreadSafepointState::handle_polling_page_exception→ SafepointMechanism::process_if_requested→ SafepointSynchronize::block

??關鍵設計思想??

??信號驅動??：通過內存頁保護機制（輪詢頁不可訪問）觸發 SIGSEGV，將線程控制權交給 JVM。
??上下文篡改??：在信號處理中修改線程的 PC，使其跳轉到樁代碼。
??樁代碼橋接??：樁代碼將信號處理上下文與 JVM 內部安全點邏輯連接，最終調用?handle_polling_page_exception。

??總結??

這段代碼是 ??安全點輪詢頁的信號處理入口??，通過識別 SIGSEGV 信號和輪詢地址，篡改線程執行路徑，間接調用?handle_polling_page_exception。
最終目的是讓所有 Java 線程在安全點處阻塞，等待垃圾回收完成。

##源碼

extern "C" JNIEXPORT
int JVM_HANDLE_XXX_SIGNAL(int sig, siginfo_t* info,void* ucVoid, int abort_if_unrecognized)
{assert(info != NULL && ucVoid != NULL, "sanity");// Note: it's not uncommon that JNI code uses signal/sigset to install,// then restore certain signal handler (e.g. to temporarily block SIGPIPE,// or have a SIGILL handler when detecting CPU type). When that happens,// this handler might be invoked with junk info/ucVoid. To avoid unnecessary// crash when libjsig is not preloaded, try handle signals that do not require// siginfo/ucontext first.// Preserve errno value over signal handler.//  (note: RAII ok here, even with JFR thread crash protection, see below).ErrnoPreserver ep;// Unblock all synchronous error signals (see JDK-8252533)PosixSignals::unblock_error_signals();ucontext_t* const uc = (ucontext_t*) ucVoid;Thread* const t = Thread::current_or_null_safe();// Handle JFR thread crash protection.//  Note: this may cause us to longjmp away. Do not use any code before this//  point which really needs any form of epilogue code running, eg RAII objects.os::ThreadCrashProtection::check_crash_protection(sig, t);bool signal_was_handled = false;// Handle assertion poison page accesses.
#ifdef CAN_SHOW_REGISTERS_ON_ASSERTif (!signal_was_handled &&((sig == SIGSEGV || sig == SIGBUS) && info != NULL && info->si_addr == g_assert_poison)) {signal_was_handled = handle_assert_poison_fault(ucVoid, info->si_addr);}
#endifif (!signal_was_handled) {// Handle SafeFetch access.
#ifndef ZEROif (uc != NULL) {address pc = os::Posix::ucontext_get_pc(uc);if (StubRoutines::is_safefetch_fault(pc)) {os::Posix::ucontext_set_pc(uc, StubRoutines::continuation_for_safefetch_fault(pc));signal_was_handled = true;}}
#else// See JDK-8076185if (sig == SIGSEGV || sig == SIGBUS) {sigjmp_buf* const pjb = get_jmp_buf_for_continuation();if (pjb) {siglongjmp(*pjb, 1);}}
#endif // ZERO}// Ignore SIGPIPE and SIGXFSZ (4229104, 6499219).if (!signal_was_handled &&(sig == SIGPIPE || sig == SIGXFSZ)) {PosixSignals::chained_handler(sig, info, ucVoid);signal_was_handled = true; // unconditionally.}// Call platform dependent signal handler.if (!signal_was_handled) {JavaThread* const jt = (t != NULL && t->is_Java_thread()) ? (JavaThread*) t : NULL;signal_was_handled = PosixSignals::pd_hotspot_signal_handler(sig, info, uc, jt);}// From here on, if the signal had not been handled, it is a fatal error.// Give the chained signal handler - should it exist - a shot.if (!signal_was_handled) {signal_was_handled = PosixSignals::chained_handler(sig, info, ucVoid);}// Invoke fatal error handling.if (!signal_was_handled && abort_if_unrecognized) {// Extract pc from context for the error handler to display.address pc = NULL;if (uc != NULL) {// prepare fault pc address for error reporting.if (S390_ONLY(sig == SIGILL || sig == SIGFPE) NOT_S390(false)) {pc = (address)info->si_addr;} else if (ZERO_ONLY(true) NOT_ZERO(false)) {// Non-arch-specific Zero code does not really know the pc.// This can be alleviated by making arch-specific os::Posix::ucontext_get_pc// available for Zero for known architectures. But for generic Zero// code, it would still remain unknown.pc = NULL;} else {pc = os::Posix::ucontext_get_pc(uc);}}// For Zero, we ignore the crash context, because://  a) The crash would be in C++ interpreter code, so context is not really relevant;//  b) Generic Zero code would not be able to parse it, so when generic error//     reporting code asks e.g. about frames on stack, Zero would experience//     a secondary ShouldNotCallThis() crash.VMError::report_and_die(t, sig, pc, info, NOT_ZERO(ucVoid) ZERO_ONLY(NULL));// VMError should not return.ShouldNotReachHere();}return signal_was_handled;
}// Entry point for the hotspot signal handler.
static void javaSignalHandler(int sig, siginfo_t* info, void* ucVoid) {// Do not add any code here!// Only add code to either JVM_HANDLE_XXX_SIGNAL or PosixSignals::pd_hotspot_signal_handler.(void)JVM_HANDLE_XXX_SIGNAL(sig, info, ucVoid, true);
}bool PosixSignals::pd_hotspot_signal_handler(int sig, siginfo_t* info,ucontext_t* uc, JavaThread* thread) {if (sig == SIGILL &&((info->si_addr == (caddr_t)check_simd_fault_instr)|| info->si_addr == (caddr_t)check_vfp_fault_instr|| info->si_addr == (caddr_t)check_vfp3_32_fault_instr|| info->si_addr == (caddr_t)check_mp_ext_fault_instr)) {// skip faulty instruction + instruction that sets return value to// success and set return value to failure.os::Posix::ucontext_set_pc(uc, (address)info->si_addr + 8);uc->uc_mcontext.arm_r0 = 0;return true;}address stub = NULL;address pc = NULL;bool unsafe_access = false;if (info != NULL && uc != NULL && thread != NULL) {pc = (address) os::Posix::ucontext_get_pc(uc);// Handle ALL stack overflow variations hereif (sig == SIGSEGV) {address addr = (address) info->si_addr;// check if fault address is within thread stackif (thread->is_in_full_stack(addr)) {// stack overflowStackOverflow* overflow_state = thread->stack_overflow_state();if (overflow_state->in_stack_yellow_reserved_zone(addr)) {overflow_state->disable_stack_yellow_reserved_zone();if (thread->thread_state() == _thread_in_Java) {// Throw a stack overflow exception.  Guard pages will be reenabled// while unwinding the stack.stub = SharedRuntime::continuation_for_implicit_exception(thread, pc, SharedRuntime::STACK_OVERFLOW);} else {// Thread was in the vm or native code.  Return and try to finish.return true;}} else if (overflow_state->in_stack_red_zone(addr)) {// Fatal red zone violation.  Disable the guard pages and fall through// to handle_unexpected_exception way down below.overflow_state->disable_stack_red_zone();tty->print_raw_cr("An irrecoverable stack overflow has occurred.");} else {// Accessing stack address below sp may cause SEGV if current// thread has MAP_GROWSDOWN stack. This should only happen when// current thread was created by user code with MAP_GROWSDOWN flag// and then attached to VM. See notes in os_linux.cpp.if (thread->osthread()->expanding_stack() == 0) {thread->osthread()->set_expanding_stack();if (os::Linux::manually_expand_stack(thread, addr)) {thread->osthread()->clear_expanding_stack();return true;}thread->osthread()->clear_expanding_stack();} else {fatal("recursive segv. expanding stack.");}}}}if (thread->thread_state() == _thread_in_Java) {// Java thread running in Java code => find exception handler if any// a fault inside compiled code, the interpreter, or a stubif (sig == SIGSEGV && SafepointMechanism::is_poll_address((address)info->si_addr)) {stub = SharedRuntime::get_poll_stub(pc);} else if (sig == SIGBUS) {// BugId 4454115: A read from a MappedByteBuffer can fault// here if the underlying file has been truncated.// Do not crash the VM in such a case.CodeBlob* cb = CodeCache::find_blob_unsafe(pc);CompiledMethod* nm = (cb != NULL) ? cb->as_compiled_method_or_null() : NULL;if ((nm != NULL && nm->has_unsafe_access()) || (thread->doing_unsafe_access() && UnsafeCopyMemory::contains_pc(pc))) {unsafe_access = true;}} else if (sig == SIGSEGV &&MacroAssembler::uses_implicit_null_check(info->si_addr)) {// Determination of interpreter/vtable stub/compiled code null exceptionCodeBlob* cb = CodeCache::find_blob_unsafe(pc);if (cb != NULL) {stub = SharedRuntime::continuation_for_implicit_exception(thread, pc, SharedRuntime::IMPLICIT_NULL);}} else if (sig == SIGILL && *(int *)pc == NativeInstruction::zombie_illegal_instruction) {// Zombiestub = SharedRuntime::get_handle_wrong_method_stub();}} else if ((thread->thread_state() == _thread_in_vm ||thread->thread_state() == _thread_in_native) &&sig == SIGBUS && thread->doing_unsafe_access()) {unsafe_access = true;}// jni_fast_Get<Primitive>Field can trap at certain pc's if a GC kicks in// and the heap gets shrunk before the field access.if (sig == SIGSEGV || sig == SIGBUS) {address addr = JNI_FastGetField::find_slowcase_pc(pc);if (addr != (address)-1) {stub = addr;}}}if (unsafe_access && stub == NULL) {// it can be an unsafe access and we haven't found// any other suitable exception reason,// so assume it is an unsafe access.address next_pc = pc + Assembler::InstructionSize;if (UnsafeCopyMemory::contains_pc(pc)) {next_pc = UnsafeCopyMemory::page_error_continue_pc(pc);}
#ifdef __thumb__if (uc->uc_mcontext.arm_cpsr & PSR_T_BIT) {next_pc = (address)((intptr_t)next_pc | 0x1);}
#endifstub = SharedRuntime::handle_unsafe_access(thread, next_pc);}if (stub != NULL) {
#ifdef __thumb__if (uc->uc_mcontext.arm_cpsr & PSR_T_BIT) {intptr_t p = (intptr_t)pc | 0x1;pc = (address)p;// Clear Thumb mode bit if we're redirected into the ARM ISA based codeif (((intptr_t)stub & 0x1) == 0) {uc->uc_mcontext.arm_cpsr &= ~PSR_T_BIT;}} else {// No Thumb2 compiled stubs are triggered from ARM ISA compiled JIT'd code today.// The support needs to be added if that changesassert((((intptr_t)stub & 0x1) == 0), "can't return to Thumb code");}
#endif// save all thread context in case we need to restore itif (thread != NULL) thread->set_saved_exception_pc(pc);os::Posix::ucontext_set_pc(uc, stub);return true;}return false;
}

##gdb調試堆棧

(gdb) bt
#0  PosixSignals::pd_hotspot_signal_handler (sig=11, info=0x7ffff7bfdb70, uc=0x7ffff7bfda40, thread=0x7ffff002ab00)at /home/yym/openjdk17/jdk17-master/src/hotspot/os_cpu/linux_x86/os_linux_x86.cpp:213
#1  0x00007ffff6a616e1 in JVM_handle_linux_signal (sig=11, info=0x7ffff7bfdb70, ucVoid=0x7ffff7bfda40, abort_if_unrecognized=1)at /home/yym/openjdk17/jdk17-master/src/hotspot/os/posix/signals_posix.cpp:628
#2  0x00007ffff6a617c1 in javaSignalHandler (sig=11, info=0x7ffff7bfdb70, ucVoid=0x7ffff7bfda40) at /home/yym/openjdk17/jdk17-master/src/hotspot/os/posix/signals_posix.cpp:672
#3  <signal handler called>
#4  0x00007fffe100064d in ?? ()
#5  0x0000000000000246 in ?? ()
#6  0x00007fffe1000744 in ?? ()
#7  0x00007ffff002ab00 in ?? ()
#8  0x00007ffff7bfe360 in ?? ()
#9  0x00007ffff6c3a3f4 in VM_Version::get_processor_features () at /home/yym/openjdk17/jdk17-master/src/hotspot/cpu/x86/vm_version_x86.cpp:630