JDK-7129034 : VM crash with a field setter method with a filterArguments
  • Type: Bug
  • Component: core-libs
  • Sub-Component: java.lang.invoke
  • Affected Version: 7,8
  • Priority: P3
  • Status: Closed
  • Resolution: Cannot Reproduce
  • OS: generic
  • CPU: generic
  • Submitted: 2012-01-11
  • Updated: 2013-10-16
  • Resolved: 2013-10-16
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u40Fixed 8Resolved
Related Reports
Relates :  
Description
The following test program crashes the VM.

----

import java.lang.invoke.*;
import java.lang.reflect.*;

public class Test {
    public Test obj;
    public String str;

    public static void main(String[] args) throws Throwable {
        MethodHandles.Lookup l = MethodHandles.publicLookup();
        Field field = Test.class.getField("str");
        MethodHandle mh = l.unreflectSetter(field);
        MethodHandle filter = l.unreflectGetter(Test.class.getField("obj"));
        mh = MethodHandles.filterArguments(mh, 0, filter);
        mh.invokeExact(new Test(), "hello");
    }
}

---

The test crashes with the problematic frame "Unsafe_setObject". Without the filterArguments, if 'null' is directly passed to invokeExact as first argument, then we get WrongTypeException because null is inferred as Void type. But, when filterArguments and the filter returns null value, then the VM crashes.

Comments
Doesn't happen with 7u45 or 8.
16-10-2013

EVALUATION http://hg.openjdk.java.net/hsx/hotspot-main/jdk/rev/beeb1d5ecd9e
11-08-2012

SUGGESTED FIX src/share/classes/java/lang/invoke/MethodHandleImpl.java + private static void nullCheck(Object obj) { obj.getClass(); } - int getFieldI(Object /*C*/ obj) { return unsafe.getInt(obj, offset); } + int getFieldI(Object /*C*/ obj) { nullCheck(obj); return unsafe.getInt(obj, offset); } etc.
10-02-2012

EVALUATION Missing null check in FieldAccessor.setFieldL, etc.
10-02-2012