1. 信号处理入口
-
JVM_HANDLE_XXX_SIGNAL 是 JVM 处理信号的统一入口,负责处理 SIGSEGV、SIGBUS 等信号。 -
javaSignalHandler 是实际注册到操作系统的信号处理函数,直接调用JVM_HANDLE_XXX_SIGNAL。
2. 安全点轮询页的识别
在 PosixSignals::pd_hotspot_signal_handler 中,以下代码检测是否因访问安全点轮询页触发了信号:
c
复制
if (sig == SIGSEGV && SafepointMechanism::is_poll_address((address)info->si_addr)) { stub = SharedRuntime::get_poll_stub(pc); }
-
SafepointMechanism::is_poll_address 检查触发异常的地址是否是安全点轮询页。 - 如果是,获取一个 桩代码地址(Stub)
stub,该桩代码用于跳转到安全点处理逻辑。
3. 桩代码与上下文切换
-
SharedRuntime::get_poll_stub(pc) 返回一段平台相关的桩代码地址(如polling_page_rerun_stub)。 -
os::Posix::ucontext_set_pc(uc, stub) 修改信号上下文中的程序计数器(PC),使线程在信号处理返回后跳转到桩代码执行。
4. 桩代码触发安全点处理
桩代码(如 polling_page_rerun_stub)的伪代码如下:
asm
复制
mov %rsp, %rax ; 保存寄存器状态 call handle_poll ; 调用安全点处理函数 ret
-
handle_poll 是 JVM 内部函数,最终调用SafepointSynchronize::handle_polling_page_exception。 - 线程通过桩代码进入安全点处理流程,最终阻塞在安全点屏障。
5. 核心调用链
信号处理流程最终通过以下路径调用 handle_polling_page_exception:
信号处理函数 (javaSignalHandler)
→ pd_hotspot_signal_handler (识别安全点轮询页)
→ 设置 PC 到桩代码 (polling_page_safepoint_handler_blob)
→ 桩代码调用 polling_page_safepoint_handler_blob
→ ThreadSafepointState::handle_polling_page_exception
→ SafepointMechanism::process_if_requested
→ SafepointSynchronize::block关键设计思想
- 信号驱动:通过内存页保护机制(轮询页不可访问)触发 SIGSEGV,将线程控制权交给 JVM。
- 上下文篡改:在信号处理中修改线程的 PC,使其跳转到桩代码。
- 桩代码桥接:桩代码将信号处理上下文与 JVM 内部安全点逻辑连接,最终调用
handle_polling_page_exception。
总结
- 这段代码是 安全点轮询页的信号处理入口,通过识别 SIGSEGV 信号和轮询地址,篡改线程执行路径,间接调用
handle_polling_page_exception。 - 最终目的是让所有 Java 线程在安全点处阻塞,等待垃圾回收完成。
##源码
extern "C" JNIEXPORT
int JVM_HANDLE_XXX_SIGNAL(int sig, siginfo_t* info,
void* ucVoid, int abort_if_unrecognized)
{
assert(info != NULL && ucVoid != NULL, "sanity");
// Note: it's not uncommon that JNI code uses signal/sigset to install,
// then restore certain signal handler (e.g. to temporarily block SIGPIPE,
// or have a SIGILL handler when detecting CPU type). When that happens,
// this handler might be invoked with junk info/ucVoid. To avoid unnecessary
// crash when libjsig is not preloaded, try handle signals that do not require
// siginfo/ucontext first.
// Preserve errno value over signal handler.
// (note: RAII ok here, even with JFR thread crash protection, see below).
ErrnoPreserver ep;
// Unblock all synchronous error signals (see JDK-8252533)
PosixSignals::unblock_error_signals();
ucontext_t* const uc = (ucontext_t*) ucVoid;
Thread* const t = Thread::current_or_null_safe();
// Handle JFR thread crash protection.
// Note: this may cause us to longjmp away. Do not use any code before this
// point which really needs any form of epilogue code running, eg RAII objects.
os::ThreadCrashProtection::check_crash_protection(sig, t);
bool signal_was_handled = false;
// Handle assertion poison page accesses.
#ifdef CAN_SHOW_REGISTERS_ON_ASSERT
if (!signal_was_handled &&
((sig == SIGSEGV || sig == SIGBUS) && info != NULL && info->si_addr == g_assert_poison)) {
signal_was_handled = handle_assert_poison_fault(ucVoid, info->si_addr);
}
#endif
if (!signal_was_handled) {
// Handle SafeFetch access.
#ifndef ZERO
if (uc != NULL) {
address pc = os::Posix::ucontext_get_pc(uc);
if (StubRoutines::is_safefetch_fault(pc)) {
os::Posix::ucontext_set_pc(uc, StubRoutines::continuation_for_safefetch_fault(pc));
signal_was_handled = true;
}
}
#else
// See JDK-8076185
if (sig == SIGSEGV || sig == SIGBUS) {
sigjmp_buf* const pjb = get_jmp_buf_for_continuation();
if (pjb) {
siglongjmp(*pjb, 1);
}
}
#endif // ZERO
}
// Ignore SIGPIPE and SIGXFSZ (4229104, 6499219).
if (!signal_was_handled &&
(sig == SIGPIPE || sig == SIGXFSZ)) {
PosixSignals::chained_handler(sig, info, ucVoid);
signal_was_handled = true; // unconditionally.
}
// Call platform dependent signal handler.
if (!signal_was_handled) {
JavaThread* const jt = (t != NULL && t->is_Java_thread()) ? (JavaThread*) t : NULL;
signal_was_handled = PosixSignals::pd_hotspot_signal_handler(sig, info, uc, jt);
}
// From here on, if the signal had not been handled, it is a fatal error.
// Give the chained signal handler - should it exist - a shot.
if (!signal_was_handled) {
signal_was_handled = PosixSignals::chained_handler(sig, info, ucVoid);
}
// Invoke fatal error handling.
if (!signal_was_handled && abort_if_unrecognized) {
// Extract pc from context for the error handler to display.
address pc = NULL;
if (uc != NULL) {
// prepare fault pc address for error reporting.
if (S390_ONLY(sig == SIGILL || sig == SIGFPE) NOT_S390(false)) {
pc = (address)info->si_addr;
} else if (ZERO_ONLY(true) NOT_ZERO(false)) {
// Non-arch-specific Zero code does not really know the pc.
// This can be alleviated by making arch-specific os::Posix::ucontext_get_pc
// available for Zero for known architectures. But for generic Zero
// code, it would still remain unknown.
pc = NULL;
} else {
pc = os::Posix::ucontext_get_pc(uc);
}
}
// For Zero, we ignore the crash context, because:
// a) The crash would be in C++ interpreter code, so context is not really relevant;
// b) Generic Zero code would not be able to parse it, so when generic error
// reporting code asks e.g. about frames on stack, Zero would experience
// a secondary ShouldNotCallThis() crash.
VMError::report_and_die(t, sig, pc, info, NOT_ZERO(ucVoid) ZERO_ONLY(NULL));
// VMError should not return.
ShouldNotReachHere();
}
return signal_was_handled;
}
// Entry point for the hotspot signal handler.
static void javaSignalHandler(int sig, siginfo_t* info, void* ucVoid) {
// Do not add any code here!
// Only add code to either JVM_HANDLE_XXX_SIGNAL or PosixSignals::pd_hotspot_signal_handler.
(void)JVM_HANDLE_XXX_SIGNAL(sig, info, ucVoid, true);
}
bool PosixSignals::pd_hotspot_signal_handler(int sig, siginfo_t* info,
ucontext_t* uc, JavaThread* thread) {
if (sig == SIGILL &&
((info->si_addr == (caddr_t)check_simd_fault_instr)
|| info->si_addr == (caddr_t)check_vfp_fault_instr
|| info->si_addr == (caddr_t)check_vfp3_32_fault_instr
|| info->si_addr == (caddr_t)check_mp_ext_fault_instr)) {
// skip faulty instruction + instruction that sets return value to
// success and set return value to failure.
os::Posix::ucontext_set_pc(uc, (address)info->si_addr + 8);
uc->uc_mcontext.arm_r0 = 0;
return true;
}
address stub = NULL;
address pc = NULL;
bool unsafe_access = false;
if (info != NULL && uc != NULL && thread != NULL) {
pc = (address) os::Posix::ucontext_get_pc(uc);
// Handle ALL stack overflow variations here
if (sig == SIGSEGV) {
address addr = (address) info->si_addr;
// check if fault address is within thread stack
if (thread->is_in_full_stack(addr)) {
// stack overflow
StackOverflow* overflow_state = thread->stack_overflow_state();
if (overflow_state->in_stack_yellow_reserved_zone(addr)) {
overflow_state->disable_stack_yellow_reserved_zone();
if (thread->thread_state() == _thread_in_Java) {
// Throw a stack overflow exception. Guard pages will be reenabled
// while unwinding the stack.
stub = SharedRuntime::continuation_for_implicit_exception(thread, pc, SharedRuntime::STACK_OVERFLOW);
} else {
// Thread was in the vm or native code. Return and try to finish.
return true;
}
} else if (overflow_state->in_stack_red_zone(addr)) {
// Fatal red zone violation. Disable the guard pages and fall through
// to handle_unexpected_exception way down below.
overflow_state->disable_stack_red_zone();
tty->print_raw_cr("An irrecoverable stack overflow has occurred.");
} else {
// Accessing stack address below sp may cause SEGV if current
// thread has MAP_GROWSDOWN stack. This should only happen when
// current thread was created by user code with MAP_GROWSDOWN flag
// and then attached to VM. See notes in os_linux.cpp.
if (thread->osthread()->expanding_stack() == 0) {
thread->osthread()->set_expanding_stack();
if (os::Linux::manually_expand_stack(thread, addr)) {
thread->osthread()->clear_expanding_stack();
return true;
}
thread->osthread()->clear_expanding_stack();
} else {
fatal("recursive segv. expanding stack.");
}
}
}
}
if (thread->thread_state() == _thread_in_Java) {
// Java thread running in Java code => find exception handler if any
// a fault inside compiled code, the interpreter, or a stub
if (sig == SIGSEGV && SafepointMechanism::is_poll_address((address)info->si_addr)) {
stub = SharedRuntime::get_poll_stub(pc);
} else if (sig == SIGBUS) {
// BugId 4454115: A read from a MappedByteBuffer can fault
// here if the underlying file has been truncated.
// Do not crash the VM in such a case.
CodeBlob* cb = CodeCache::find_blob_unsafe(pc);
CompiledMethod* nm = (cb != NULL) ? cb->as_compiled_method_or_null() : NULL;
if ((nm != NULL && nm->has_unsafe_access()) || (thread->doing_unsafe_access() && UnsafeCopyMemory::contains_pc(pc))) {
unsafe_access = true;
}
} else if (sig == SIGSEGV &&
MacroAssembler::uses_implicit_null_check(info->si_addr)) {
// Determination of interpreter/vtable stub/compiled code null exception
CodeBlob* cb = CodeCache::find_blob_unsafe(pc);
if (cb != NULL) {
stub = SharedRuntime::continuation_for_implicit_exception(thread, pc, SharedRuntime::IMPLICIT_NULL);
}
} else if (sig == SIGILL && *(int *)pc == NativeInstruction::zombie_illegal_instruction) {
// Zombie
stub = SharedRuntime::get_handle_wrong_method_stub();
}
} else if ((thread->thread_state() == _thread_in_vm ||
thread->thread_state() == _thread_in_native) &&
sig == SIGBUS && thread->doing_unsafe_access()) {
unsafe_access = true;
}
// jni_fast_Get<Primitive>Field can trap at certain pc's if a GC kicks in
// and the heap gets shrunk before the field access.
if (sig == SIGSEGV || sig == SIGBUS) {
address addr = JNI_FastGetField::find_slowcase_pc(pc);
if (addr != (address)-1) {
stub = addr;
}
}
}
if (unsafe_access && stub == NULL) {
// it can be an unsafe access and we haven't found
// any other suitable exception reason,
// so assume it is an unsafe access.
address next_pc = pc + Assembler::InstructionSize;
if (UnsafeCopyMemory::contains_pc(pc)) {
next_pc = UnsafeCopyMemory::page_error_continue_pc(pc);
}
#ifdef __thumb__
if (uc->uc_mcontext.arm_cpsr & PSR_T_BIT) {
next_pc = (address)((intptr_t)next_pc | 0x1);
}
#endif
stub = SharedRuntime::handle_unsafe_access(thread, next_pc);
}
if (stub != NULL) {
#ifdef __thumb__
if (uc->uc_mcontext.arm_cpsr & PSR_T_BIT) {
intptr_t p = (intptr_t)pc | 0x1;
pc = (address)p;
// Clear Thumb mode bit if we're redirected into the ARM ISA based code
if (((intptr_t)stub & 0x1) == 0) {
uc->uc_mcontext.arm_cpsr &= ~PSR_T_BIT;
}
} else {
// No Thumb2 compiled stubs are triggered from ARM ISA compiled JIT'd code today.
// The support needs to be added if that changes
assert((((intptr_t)stub & 0x1) == 0), "can't return to Thumb code");
}
#endif
// save all thread context in case we need to restore it
if (thread != NULL) thread->set_saved_exception_pc(pc);
os::Posix::ucontext_set_pc(uc, stub);
return true;
}
return false;
}##gdb调试堆栈
(gdb) bt
#0 PosixSignals::pd_hotspot_signal_handler (sig=11, info=0x7ffff7bfdb70, uc=0x7ffff7bfda40, thread=0x7ffff002ab00)
at /home/yym/openjdk17/jdk17-master/src/hotspot/os_cpu/linux_x86/os_linux_x86.cpp:213
#1 0x00007ffff6a616e1 in JVM_handle_linux_signal (sig=11, info=0x7ffff7bfdb70, ucVoid=0x7ffff7bfda40, abort_if_unrecognized=1)
at /home/yym/openjdk17/jdk17-master/src/hotspot/os/posix/signals_posix.cpp:628
#2 0x00007ffff6a617c1 in javaSignalHandler (sig=11, info=0x7ffff7bfdb70, ucVoid=0x7ffff7bfda40) at /home/yym/openjdk17/jdk17-master/src/hotspot/os/posix/signals_posix.cpp:672
#3 <signal handler called>
#4 0x00007fffe100064d in ?? ()
#5 0x0000000000000246 in ?? ()
#6 0x00007fffe1000744 in ?? ()
#7 0x00007ffff002ab00 in ?? ()
#8 0x00007ffff7bfe360 in ?? ()
#9 0x00007ffff6c3a3f4 in VM_Version::get_processor_features () at /home/yym/openjdk17/jdk17-master/src/hotspot/cpu/x86/vm_version_x86.cpp:630