JDK-4692404 : com.sun.jdi.ClassType.invokeMethod causes a crash of debugee
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 1.4.1,1.4.2,5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: generic
  • CPU: generic,x86
  • Submitted: 2002-05-28
  • Updated: 2004-05-11
  • Resolved: 2004-04-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
Other
5.0 beta2Fixed
Related Reports
Duplicate :  
Relates :  
Relates :  
Relates :  
Relates :  
Description

Name: vpR10197			Date: 05/28/2002


When the invoked method is throwing uncought NullPointerException,
debugee VM crashes on x86 platforms in -server -Xcomp modes.

This situation is produced by the following test from testbase_nsk:
        nsk/jdi/ClassType/invokeMethod/invokemethod004
which will appear in the next testbase_nsk r15 relase.

The test checks up the following assertion of 
com.sun.jdi.ClassType.invokeMethod spec:
      If the invoked method throws an exception, this method will throw 
      an InvocationException which contains a mirror to the exception object 
      thrown. 

I ran the test on:
 - MS Windows 2000 5.00.2195 SP 2
 - SunOS 5.8 Generic_108529-14 i86pc i386 i86pc
 - Red Hat Linux release 7.2 (Enigma)
Please note, ErrorID on Windows is other than on Linux or Solx86.
This test fails since the hopper-b08 and passes with earlier builds.

How to reproduce:
 1. cd /net/sqesvr.sfbay/export/vsn/GammaBase/Bugs/{this_bug_number}
 2. sh doit.sh <JAVA_HOME>

Below are examples of the test outputs:
==========
on Windows
^^^^^^^^^^
java version "1.4.1-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-beta-b13)
Java HotSpot(TM) Server VM (build 1.4.1-beta-b13, compiled mode)
debugee.stdout> 
debugee.stdout> Unexpected Signal : EXCEPTION_ACCESS_VIOLATION occurred at PC=0x6D59174F
debugee.stdout> Function=LinkResolver::runtime_resolve_virtual_method+0x16F
debugee.stdout> Library=e:\hs_run\jdk\jdk141-b13\jre\bin\server\jvm.dll
debugee.stdout> Source file = D:/BUILD_AREA/jdk1.4.1/hotspot\src\share\vm\interpreter\linkResolver.cpp : 
537
debugee.stdout> 
debugee.stdout> 
debugee.stdout> Current Java thread:
debugee.stdout> 	at 
nsk.jdi.ClassType.invokeMethod.invokemethod004a.throwNPE(invokemethod004a.java:44)
debugee.stdout> 	at 
nsk.jdi.ClassType.invokeMethod.invokemethod004a.main(invokemethod004a.java:32)
debugee.stdout> 
debugee.stdout> Dynamic libraries:
debugee.stdout> 0x00400000 - 0x00406000 	e:\hs_run\jdk\jdk141-b13\jre\bin\java.exe
debugee.stdout> 0x77F80000 - 0x77FFB000 	D:\WINNT\System32\ntdll.dll
debugee.stdout> 0x77DB0000 - 0x77E0B000 	D:\WINNT\system32\ADVAPI32.dll
debugee.stdout> 0x77E80000 - 0x77F35000 	D:\WINNT\system32\KERNEL32.DLL
debugee.stdout> 0x77D40000 - 0x77DB0000 	D:\WINNT\system32\RPCRT4.DLL
debugee.stdout> 0x78000000 - 0x78046000 	D:\WINNT\system32\MSVCRT.dll
debugee.stdout> 0x6D460000 - 0x6D6DA000 	e:\hs_run\jdk\jdk141-b13\jre\bin\server\jvm.dll
debugee.stdout> 0x77E10000 - 0x77E74000 	D:\WINNT\system32\USER32.dll
debugee.stdout> 0x77F40000 - 0x77F7C000 	D:\WINNT\system32\GDI32.DLL
debugee.stdout> 0x75E60000 - 0x75E7A000 	D:\WINNT\System32\IMM32.DLL
debugee.stdout> 0x6D1D0000 - 0x6D1D7000 	e:\hs_run\jdk\jdk141-b13\jre\bin\hpi.dll
debugee.stdout> 0x6D300000 - 0x6D30D000 	e:\hs_run\jdk\jdk141-b13\jre\bin\verify.dll
debugee.stdout> 0x6D210000 - 0x6D229000 	e:\hs_run\jdk\jdk141-b13\jre\bin\java.dll
debugee.stdout> 0x6D320000 - 0x6D32D000 	e:\hs_run\jdk\jdk141-b13\jre\bin\zip.dll
debugee.stdout> 0x6D260000 - 0x6D27C000 	e:\hs_run\jdk\jdk141-b13\jre\bin\jdwp.dll
debugee.stdout> 0x6D160000 - 0x6D166000 	e:\hs_run\jdk\jdk141-b13\jre\bin\dt_shmem.dll
debugee.stdout> 0x6D2D0000 - 0x6D2DE000 	E:\hs_run\jdk\jdk141-b13\jre\bin\net.dll
debugee.stdout> 0x75050000 - 0x75058000 	D:\WINNT\System32\WSOCK32.dll
debugee.stdout> 0x75030000 - 0x75043000 	D:\WINNT\System32\WS2_32.DLL
debugee.stdout> 0x75020000 - 0x75028000 	D:\WINNT\System32\WS2HELP.DLL
debugee.stdout> 0x785C0000 - 0x785CC000 	D:\WINNT\System32\rnr20.dll
debugee.stdout> 0x77980000 - 0x779A4000 	D:\WINNT\System32\DNSAPI.DLL
debugee.stdout> 0x77340000 - 0x77353000 	D:\WINNT\System32\iphlpapi.dll
debugee.stdout> 0x77520000 - 0x77525000 	D:\WINNT\System32\ICMP.DLL
debugee.stdout> 0x77320000 - 0x77337000 	D:\WINNT\System32\MPRAPI.DLL
debugee.stdout> 0x75150000 - 0x75160000 	D:\WINNT\System32\SAMLIB.DLL
debugee.stdout> 0x75170000 - 0x751BF000 	D:\WINNT\System32\NETAPI32.DLL
debugee.stdout> 0x77BE0000 - 0x77BEF000 	D:\WINNT\System32\SECUR32.DLL
debugee.stdout> 0x751C0000 - 0x751C6000 	D:\WINNT\System32\NETRAP.DLL
debugee.stdout> 0x77950000 - 0x77979000 	D:\WINNT\system32\WLDAP32.DLL
debugee.stdout> 0x77A50000 - 0x77B46000 	D:\WINNT\system32\OLE32.DLL
debugee.stdout> 0x779B0000 - 0x77A4B000 	D:\WINNT\system32\OLEAUT32.DLL
debugee.stdout> 0x773B0000 - 0x773DE000 	D:\WINNT\System32\ACTIVEDS.DLL
debugee.stdout> 0x77380000 - 0x773A2000 	D:\WINNT\System32\ADSLDPC.DLL
debugee.stdout> 0x77830000 - 0x7783E000 	D:\WINNT\System32\RTUTILS.DLL
debugee.stdout> 0x77880000 - 0x7790D000 	D:\WINNT\System32\SETUPAPI.DLL
debugee.stdout> 0x77C10000 - 0x77C6D000 	D:\WINNT\System32\USERENV.DLL
debugee.stdout> 0x774E0000 - 0x77512000 	D:\WINNT\System32\RASAPI32.DLL
debugee.stdout> 0x774C0000 - 0x774D1000 	D:\WINNT\System32\RASMAN.DLL
debugee.stdout> 0x77530000 - 0x77552000 	D:\WINNT\System32\TAPI32.DLL
debugee.stdout> 0x71780000 - 0x7180A000 	D:\WINNT\system32\COMCTL32.DLL
debugee.stdout> 0x70BD0000 - 0x70C34000 	D:\WINNT\system32\SHLWAPI.DLL
debugee.stdout> 0x77360000 - 0x77379000 	D:\WINNT\System32\DHCPCSVC.DLL
debugee.stdout> 0x775A0000 - 0x77625000 	D:\WINNT\System32\CLBCATQ.DLL
debugee.stdout> 0x777E0000 - 0x777E8000 	D:\WINNT\System32\winrnr.dll
debugee.stdout> 0x777F0000 - 0x777F5000 	D:\WINNT\System32\rasadhlp.dll
debugee.stdout> 0x74FD0000 - 0x74FEF000 	D:\WINNT\system32\msafd.dll
debugee.stdout> 0x75010000 - 0x75017000 	D:\WINNT\System32\wshtcpip.dll
debugee.stdout> 0x77920000 - 0x77943000 	D:\WINNT\system32\imagehlp.dll
debugee.stdout> 0x72A00000 - 0x72A2D000 	D:\WINNT\system32\DBGHELP.dll
debugee.stdout> 0x690A0000 - 0x690AB000 	D:\WINNT\System32\PSAPI.DLL
debugee.stdout> 
debugee.stdout> Local Time = Mon May 27 19:41:30 2002
debugee.stdout> Elapsed Time = 21
debugee.stdout> #
debugee.stdout> # HotSpot Virtual Machine Error : EXCEPTION_ACCESS_VIOLATION
debugee.stdout> # Error ID : 4C494E4B3245534F4C5645520E4350500219
debugee.stdout> # Please report this error at
debugee.stdout> # http://java.sun.com/cgi-bin/bugreport.cgi
debugee.stdout> #
debugee.stdout> # Java VM: Java HotSpot(TM) Server VM (1.4.1-beta-b13 compiled mode)
debugee.stdout> #
debugee.stdout> # An error report file has been saved as hs_err_pid992.log.
debugee.stdout> # Please refer to the file for further information.
debugee.stdout> #
========
on Solx86
^^^^^^^^
java version "1.4.1-beta"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1-beta-b13)
Java HotSpot(TM) Server VM (build 1.4.1-beta-b13, compiled mode)
debugee.stdout> 
debugee.stdout> Unexpected Signal : 11 occurred at PC=0xDE8CF40D
debugee.stdout> Function=[Unknown. Nearest: JVM_GetMethodIxExceptionTableLength+0xE1D]
debugee.stdout> 
Library=/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/server/libjvm.so
debugee.stdout> 
debugee.stdout> Current Java thread:
debugee.stdout>         at 
nsk.jdi.ClassType.invokeMethod.invokemethod004a.throwNPE(invokemethod004a.java:44)
debugee.stdout>         at 
nsk.jdi.ClassType.invokeMethod.invokemethod004a.main(invokemethod004a.java:32)
debugee.stdout> 
debugee.stdout> Dynamic libraries:
debugee.stdout> 0x8050000       
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/bin/java
debugee.stdout> 0xdfb60000      /usr/lib/libthread.so.1
debugee.stdout> 0xdfba0000      /usr/lib/libdl.so.1
debugee.stdout> 0xdfab0000      /usr/lib/libc.so.1
debugee.stdout> 0xde800000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/server/libjvm.so
debugee.stdout> 0xdfa40000      /usr/lib/libCrun.so.1
debugee.stdout> 0xdfa20000      /usr/lib/libsocket.so.1
debugee.stdout> 0xdf980000      /usr/lib/libnsl.so.1
debugee.stdout> 0xdf960000      /usr/lib/libm.so.1
debugee.stdout> 0xdfa70000      /usr/lib/libw.so.1
debugee.stdout> 0xdf920000      /usr/lib/libmp.so.2
debugee.stdout> 0xdf8f0000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/native_threads/libhpi.so
debugee.stdout> 0xdf8c0000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libverify.so
debugee.stdout> 0xdf870000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libjava.so
debugee.stdout> 0xdf840000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libzip.so
debugee.stdout> 0xded00000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libjdwp.so
debugee.stdout> 0xde7e0000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libdt_socket.so
debugee.stdout> 0xde7c0000      /usr/lib/nss_nisplus.so.1
debugee.stdout> 0xde790000      /usr/lib/libdoor.so.1
debugee.stdout> 0xda8d0000      
/net/novo172/export/home/java/dest/jdk1.4.1-b13/solaris-i586/jre/lib/i386/libnet.so
debugee.stdout> 
debugee.stdout> Local Time = Mon May 27 20:07:35 2002
debugee.stdout> Elapsed Time = 33
debugee.stdout> #
debugee.stdout> # HotSpot Virtual Machine Error : 11
debugee.stdout> # Error ID : 4F530E43505002E6
debugee.stdout> # Please report this error at
debugee.stdout> # http://java.sun.com/cgi-bin/bugreport.cgi
debugee.stdout> #
debugee.stdout> # Java VM: Java HotSpot(TM) Server VM (1.4.1-beta-b13 compiled mode)
debugee.stdout> #
debugee.stdout> # An error report file has been saved as hs_err_pid26344.log.
debugee.stdout> # Please refer to the file for further information.
debugee.stdout> #

I ran them with java_g too and got this:
debugee.stdout> #
debugee.stdout> # HotSpot Virtual Machine Error, assertion failure
debugee.stdout> # Please report this error at
debugee.stdout> # http://java.sun.com/cgi-bin/bugreport.cgi
debugee.stdout> #
debugee.stdout> # Java VM: Java HotSpot(TM) Server VM (1.4.1-beta-b10-debug compiled mode)
debugee.stdout> #
debugee.stdout> # assert(obj->is_oop(), "sanity check")
debugee.stdout> #
debugee.stdout> # Error ID: /BUILD_AREA/jdk1.4.1/hotspot/src/share/vm/runtime/handles.cpp, 16
debugee.stdout> #
debugee.stdout> # Problematic Thread: prio=5 tid=0x807bd78 nid=0x1 at breakpoint
debugee.stdout> #

Note that the same sanity check assert was hit.  See
    4664677 jvmdi crash on b07 week-ahead on x86 platforms with -server -Xcomp (it was closed as CNR)
    4646591 mwevent001: debuggee VM crashes in -d64 -server mode

======================================================================

Comments
CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: tiger-beta2 FIXED IN: tiger-beta2 INTEGRATED IN: tiger-beta2 VERIFIED IN: tiger-beta2
14-06-2004

SUGGESTED FIX ------- callGenerator.cpp ------- --- /tmp/sd2804 Sat Jan 31 16:30:04 2004 +++ callGenerator.cpp Sat Jan 31 16:28:44 2004 @@ -136,7 +136,10 @@ // the call instruction will have a seemingly deficient out-count. // (The bailout says something misleading about an "infinite loop".) if (kit.gvn().type(receiver)->higher_equal(TypePtr::NULL_PTR)) { + kit.inc_sp(method()->arg_size()); // restore arguments kit.do_athrow(Deoptimization::Deopt_null_check); return kit.transfer_exceptions_into_jvms(); } ###@###.### 2004-01-31 The previous suggested fix is not complete. A more complete fix, backported to Mantis, is attached for the record. ###@###.### 2004-03-04
31-01-2004

EVALUATION Ran the debugee VM with these options: java_g =-server -Xcomp -XX:CompileOnly=invokemethod004a.throwNPE -XX:+PrintOptoAssembly -XX:+PrintOpto -XX:+TraceDeoptimization -XX:+PrintNMethods 1 nsk.jdi.ClassType.invokeMethod.invokemethod004a::throwNPE (8 bytes) {method} - klass: {other class} - method holder: 'nsk/jdi/ClassType/invokeMethod/invokemethod004a' - constants: {constant pool} - access: 0x81300009 public static - name: 'throwNPE' - signature: '()V' - max stack: 1 - max locals: 2 - size of params: 0 - method size: 34 - vtable index: -1 - exceptions: [I - code size: 8 - code start: 0x143B2D10 - code end (excl): 0x143B2D18 - checked ex length: 0 - linenumber start: 0x143B2D18 - localvar length: 2 - localvar start: 0x143B2D22 # # void ( ) # # -- Old ESP -- Framesize: 8 -- #r027 ESP+ 4: return address #r026 ESP+ 0: pad2, in_preserve # abababab N1: # B1 <- B1 Freq: 0.000666667 abababab 000 B1: # N1 <- BLOCK HEAD IS JUNK Freq: 1e-006 000 MOV [ESP+-16384],EAX # Bang stack SUB ESP,4 # Create frame 00d MOV ECX,#-2 012 CALL,static wrapper for: uncommon_trap # nsk.jdi.ClassType.invokeMethod.invokemethod004a::throwNPE @ bci:3 L0=#NULL L1=_ # EBP=Callers_EBP EDI=Callers_EDI ESI=Callers_ESI 017 INT3 ; ShouldNotReachHere 017 Compiled {method} 'throwNPE' '()V' in 'nsk/jdi/ClassType/invokeMethod/invokemetho d004a' main code [0x00A44500,0x00A44518] = 24 exception code [0x00A44518,0x00A44520] = 8 relocation [0x00A444F0,0x00A444F4] = 4 oops [0x00A4453C,0x00A44544] = 8 scopes data [0x00A44520,0x00A44530] = 16 scopes pcs [0x00A44530,0x00A44538] = 8 nul chk table [0x00A44538,0x00A4453C] = 4 total size = 252 Decoding compiled method 0xa44448: Code: Loaded disassembler Could not load disassembler pc-bytecode offsets: PcDesc(pc=0xa44517 offset=17): nsk.jdi.ClassType.invokeMethod.invokemethod004a::throwNPE @3 (at_call) OopMapSet contains 1 OopMaps OopMap #0 offset:00000017 OopMap #0 at_call:1 EBP=Callers_EBP EDI=Callers_EDI ESI=Callers_ESI Uncommon trap occurred in nsk.jdi.ClassType.invokeMethod.invokemethod004a::throwN PE (@0xa44517) unloaded_class_index = -2, thread = 423 DEOPT PACKING thread 0x764368 Compiled frame (sp=0x6f4d8, fp=0x6f500, pc=0xa44517 ) nmethod:{method} 'throwNPE' '()V' in 'nsk/jdi/ClassType/invokeMethod/invokem ethod004a' Virtual frames (innermost first): 0 - nsk.jdi.ClassType.invokeMethod.invokemethod004a.throwNPE(invokemethod 004a.java:44) - invokevirtual @ bci 3 Created vframeArray 0x7c7808 DEOPT UNPACKING thread 0x764368 vframeArray 0x7c7808 {method} 'throwNPE' '()V' in 'nsk/jdi/ClassType/invokeMethod/invokemethod004 a' - invokevirtual @ bci 3 # # HotSpot Virtual Machine Error, assertion failure # Please report this error at # http://java.sun.com/cgi-bin/bugreport.cgi # # Java VM: Java HotSpot(TM) Server VM (1.4.1-beta-b14-debug compiled mode) # # assert(obj->is_oop(), "sanity check") # # Error ID: D:/BUILD_AREA/jdk1.4.1/hotspot\src\share\vm\runtime\handles.cpp, 16 # # Problematic Thread: prio=5 tid=0x00764368 nid=0x1a7 runnable # ###@###.### 2002-08-20 ----------------------------------- this problem is happening on sparc as well. Problem is seen to occur when an uncommon trap happens in the compiled code for nsk.jdi.ClassType.invokeMethod.invokemethod004a.throwNPE() due to NULL check (unloaded_class_index = -2). Receiver class handle had a bad address; Looks like a problem in code, deoptimizing and creating interpreter activations. bug# 4647643 had fixed a similar issue. ###@###.### 2002-08-26 ------------------------------------------------------ This appears to me to be a mistake in the debug info as produced by c2 so that the deop-timzation goes astray. Here are the bytecodes for the method in question:public static void throwNPE(); Code: 0: aconst_null 1: astore_0 2: aload_0 3: invokevirtual #18; //Method java/lang/Object.toString:()Ljava/lang/String; 6: astore_1 7: return We are invoking a virtual method with a constant NULL receiver at bci 3. When deoptimization creates the vframeArray extracting the information from the compiled frame here is what it winds up with: [t@1 l@1]: print *array->_elements[0]->_locals->_values *array->_elements[0]._locals->_values = { GrowableArray<StackValue*>::GenericGrowableArray::_len = 2 GrowableArray<StackValue*>::GenericGrowableArray::_max = 2 GrowableArray<StackValue*>::GenericGrowableArray::_data = 0x80842b8 GrowableArray<StackValue*>::GenericGrowableArray::_arena = (nil) GrowableArray<StackValue*>::GenericGrowableArray::_nesting = 4 } here is the local data array: [t@1 l@1]: x 0x80842b8 /4 0x080842b8: 0x080842c0 0x080842d0 0xdee47fd8 and the individual locals: [t@1 l@1]: print *(StackValue*)0x080842c0 *((class StackValue *) 0x80842c0) = { StackValue::_type = T_INT StackValue::_i = 0 StackValue::_o = { StackValue::Handle::_handle = (nil) } [t@1 l@1]: print *(StackValue*)0x080842d0 *((class StackValue *) 0x80842d0) = { StackValue::_type = T_CONFLICT StackValue::_i = 0 StackValue::_o = { StackValue::Handle::_handle = (nil) } } So for bci 3 the locals are perfectly reasonable. Now for the java expression stack:[t@1 l@1]: print *array->_elements[0]->_expressions->_values *array->_elements[0]._expressions->_values = { GrowableArray<StackValue*>::GenericGrowableArray::_len = 0 GrowableArray<StackValue*>::GenericGrowableArray::_max = 0 GrowableArray<StackValue*>::GenericGrowableArray::_data = 0x8084320 GrowableArray<StackValue*>::GenericGrowableArray::_arena = (nil) GrowableArray<StackValue*>::GenericGrowableArray::_nesting = 4 } NO expressions! It is as if the compiler has produced debuginfo reflecting the case that a null pointer exception had to have been thrown and so the expression stack is empty. The deoptimization (uncommon trap) seems to be expecting (sensibly) that there ought to be an oop (NULL) on the expression stack so that it can attempt to do the invoke and get the exception on its own. After we unpack the interpreter frame with the incorrect expressions the interpreter tries to resolve the invoke and explodes because the java expression stack contains junk which is easily recognizable as not being an oop and we die. ###@###.### 2003-11-04 Yes; the uncommon trap is seeing the wrong JVM state. The problem is that the null receiver is detected by the C2 parser after the arguments are popped. They must be re-pushed for the trap. See suggested fix. ###@###.### 2004-01-31
31-01-2004