Bug ID: JDK-8265872 assert(tag == t->type()->tag() || tag == objectTag && t->type()->tag() == addressTag) failed: types must correspond

JDK-8265872 : assert(tag == t->type()->tag() || tag == objectTag && t->type()->tag() == addressTag) failed: types must correspond

Type: Bug
Component: core-libs
Sub-Component: java.lang:reflect
Affected Version: 17

Priority: P3
Status: Resolved
Resolution: Not an Issue

Submitted: 2021-04-23
Updated: 2021-06-25
Resolved: 2021-06-22

Related Reports

Duplicate :	JDK-8265391 - assert(is_reference(type)) failed: must be reference type
Relates :	JDK-6824466 - (reflect) java.lang.reflect.Method should use java.lang.invoke.MethodHandle
Relates :	JDK-8265391 - assert(is_reference(type)) failed: must be reference type

Description

applications/jcstress/atomicity.java fails with the following assert when running with  JDK-6824466 [1] which replaces the core reflection implementation to use method handles.  The test also hits another assertion (JDK-8265391).

[1] https://github.com/mlchung/jdk/tree/method-invoke-4


#
# A fatal error has been detected by the Java Runtime Environment:
#
#  Internal Error (/home/mlchung/ws/jdk/jdk-open/src/hotspot/share/c1/c1_ValueStack.hpp:53), pid=15355, tid=15818
#  assert(tag == t->type()->tag() || tag == objectTag && t->type()->tag() == addressTag) failed: types must correspond
#
# JRE version: OpenJDK Runtime Environment (17.0) (fastdebug build 17-internal+0-adhoc.mlchung.jdk-open)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 17-internal+0-adhoc.mlchung.jdk-open, mixed mode, emulated-client, sharing, tiered, compressed 
oops, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x793ae0]  ValueStack::apush(Instruction*)+0x40
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/libexec/abrt-hook-ccpp %s %c %p %u %g %t e %P %I %h" (or
 dumping to /home/mlchung/ws/jdk/core.15355)
#
# If you would like to submit a bug report, please visit:
#   https://bugreport.java.com/bugreport/crash.jsp
#

---------------  S U M M A R Y ------------

Command Line: -XX:+UnlockDiagnosticVMOptions -XX:MaxRAMFraction=32 -XX:MinRAMFraction=32 -XX:CICompilerCount=4 -XX:ParallelGCThreads=4 -XX:Con
cGCThreads=4 -XX:G1ConcRefinementThreads=4 -XX:-RestrictContended -XX:+WhiteBoxAPI -Xbootclasspath/a:/tmp/whitebox9616254137607220078.jar -XX:
TieredStopAtLevel=1 org.openjdk.jcstress.ForkedMain 127.0.0.1 44319 fork-token-104

Host: core-libs-ol-76-8, Intel(R) Xeon(R) Platinum 8167M CPU @ 2.00GHz, 32 cores, 235G, Oracle Linux Server release 7.8
Time: Thu Apr 22 22:13:54 2021 GMT elapsed time: 41.907906 seconds (0d 0h 0m 41s)

---------------  T H R E A D  ---------------

Current thread (0x00007f67903e9900):  JavaThread "C1 CompilerThread2" daemon [_thread_in_native, id=15818, stack(0x00007f6797bfc000,0x00007f67
97cfd000)]


Current CompileTask:
C1:  41907 1045       1       jdk.internal.reflect.FieldAccessorImpl_LS$$3/0x0000000801021000::setShort (11 bytes)

Stack: [0x00007f6797bfc000,0x00007f6797cfd000],  sp=0x00007f6797cfad40,  free space=1019k
Native frames: (J=compiled Java code, A=aot compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.so+0x793ae0]  ValueStack::apush(Instruction*)+0x40
V  [libjvm.so+0x78c75c]  GraphBuilder::iterate_bytecodes_for_block(int)+0x1e7c
V  [libjvm.so+0x78cd69]  GraphBuilder::iterate_all_blocks(bool)+0x89
V  [libjvm.so+0x78e07f]  GraphBuilder::GraphBuilder(Compilation*, IRScope*)+0x53f
V  [libjvm.so+0x79dca5]  IRScope::IRScope(Compilation*, IRScope*, int, ciMethod*, int, bool)+0x3e5
V  [libjvm.so+0x79de34]  IR::IR(Compilation*, ciMethod*, int)+0xf4
V  [libjvm.so+0x75f381]  Compilation::build_hir() [clone .part.0]+0x261
V  [libjvm.so+0x763d3c]  Compilation::compile_java_method()+0x1bc
V  [libjvm.so+0x764b50]  Compilation::compile_method()+0x1d0
V  [libjvm.so+0x76556b]  Compilation::Compilation(AbstractCompiler*, ciEnv*, ciMethod*, int, BufferBlob*, bool, DirectiveSet*)+0x36b
V  [libjvm.so+0x766983]  Compiler::compile_method(ciEnv*, ciMethod*, int, bool, DirectiveSet*)+0x1a3
V  [libjvm.so+0xa756a7]  CompileBroker::invoke_compiler_on_method(CompileTask*)+0x1107
V  [libjvm.so+0xa763d8]  CompileBroker::compiler_thread_loop()+0x5a8
V  [libjvm.so+0x1a1ddd5]  JavaThread::thread_main_inner()+0x605
V  [libjvm.so+0x1a26570]  Thread::call_run()+0x100
V  [libjvm.so+0x15bb956]  thread_native_entry(Thread*)+0x116

Comments

ClassByteBuilder::emitLoad misses to handle the case when the field is of short type. } else if (type == Character.TYPE) { mv.visitVarInsn(ILOAD, slot); + } else if (type == Short.TYPE) { + mv.visitVarInsn(ILOAD, slot); } else if (type == Integer.TYPE) { mv.visitVarInsn(ILOAD, slot); } else if (type == Long.TYPE) { mv.visitVarInsn(LLOAD, slot); } else if (type == Float.TYPE) {
25-06-2021
Thanks Vladimir. I'll follow up on the bug in ClassByteBuilder. Closed this as this is not yet integrated.
22-06-2021
Not a compiler bug but still a bug - moving to core-libs.
15-06-2021
Not a compiler bug.
14-06-2021
The problematic bytecode comes from: src/java.base/share/classes/jdk/internal/reflect/ClassByteBuilder.java: + private void addSetter(Class<?> type, boolean isStatic) { + MethodType mtype = isStatic ? methodType(void.class, type) : methodType(void.class, Object.class, type); + MethodVisitor mv = visitMethod(ACC_PUBLIC, + methodName("set", type), + mtype.descriptorString(), null, THROWS_THROWABLE); + mv.visitCode(); + mv.visitLdcInsn(classDataCondy); // load VarHandle constant + mv.visitTypeInsn(CHECKCAST, VH_CLS); + if (isStatic) { + emitLoad(mv, type, 1); + } else { + mv.visitVarInsn(ALOAD, 1); + emitLoad(mv, type, 2); + } + mv.visitMethodInsn(INVOKEVIRTUAL, VH_CLS, "set", + mtype.descriptorString(), false); + mv.visitInsn(RETURN); + mv.visitMaxs(0, 0); + mv.visitEnd(); + } where slot #1 contains an int while `aload_1` is used to access it.
14-06-2021
There's nothing wrong with compilers. They assert on invalid bytecode. And, indeed, the patch generates broken bytecode in FieldAccessorImpl. -Xverify:all triggers a verification error: $ java -Xverify:all TestFieldReflectValueOf Exception in thread "main" java.lang.InternalError: java.lang.InternalError: java.lang.VerifyError: Bad local variable type Exception Details: Location: jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000.setByte(B)V @5: iload_1 Reason: Type 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000' (current frame, locals[0]) is not assignable to integer Current Frame: bci: @5 flags: { } locals: { 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000', integer } stack: { 'java/lang/invoke/VarHandle' } Bytecode: 0000000: 1219 c000 1b1a b600 23b1 at java.base/jdk.internal.reflect.VarHandleByteFieldAccessorImpl.getByte(VarHandleByteFieldAccessorImpl.java:92) at java.base/jdk.internal.reflect.VarHandleByteFieldAccessorImpl.get(VarHandleByteFieldAccessorImpl.java:77) at java.base/java.lang.reflect.Field.get(Field.java:421) at TestFieldReflectValueOf.testField(TestFieldReflectValueOf.java:161) at TestFieldReflectValueOf.testFieldAccessors(TestFieldReflectValueOf.java:121) at TestFieldReflectValueOf.testUnsafeStaticFieldAccessors(TestFieldReflectValueOf.java:97) at TestFieldReflectValueOf.main(TestFieldReflectValueOf.java:90) Caused by: java.lang.InternalError: java.lang.VerifyError: Bad local variable type Exception Details: Location: jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000.setByte(B)V @5: iload_1 Reason: Type 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000' (current frame, locals[0]) is not assignable to integer Current Frame: bci: @5 flags: { } locals: { 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000', integer } stack: { 'java/lang/invoke/VarHandle' } Bytecode: 0000000: 1219 c000 1b1a b600 23b1 at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.newVarHandleAccessor(MethodHandleAccessorFactory.java:273) at java.base/jdk.internal.reflect.VarHandleFieldAccessorImpl.slowAccessor(VarHandleFieldAccessorImpl.java:71) at java.base/jdk.internal.reflect.VarHandleFieldAccessorImpl.accessor(VarHandleFieldAccessorImpl.java:64) at java.base/jdk.internal.reflect.VarHandleByteFieldAccessorImpl$StaticFieldAccessor.getValue(VarHandleByteFieldAccessorImpl.java:52) at java.base/jdk.internal.reflect.VarHandleByteFieldAccessorImpl.getByte(VarHandleByteFieldAccessorImpl.java:86) ... 6 more Caused by: java.lang.VerifyError: Bad local variable type Exception Details: Location: jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000.setByte(B)V @5: iload_1 Reason: Type 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000' (current frame, locals[0]) is not assignable to integer Current Frame: bci: @5 flags: { } locals: { 'jdk/internal/reflect/FieldAccessorImpl_B$$0+0x00000008000c0000', integer } stack: { 'java/lang/invoke/VarHandle' } Bytecode: 0000000: 1219 c000 1b1a b600 23b1 at java.base/java.lang.ClassLoader.defineClass0(Native Method) at java.base/java.lang.System$2.defineClass(System.java:2196) at java.base/java.lang.invoke.MethodHandles$Lookup$ClassDefiner.defineClass(MethodHandles.java:2458) at java.base/java.lang.invoke.MethodHandles$Lookup$ClassDefiner.defineClassAsLookup(MethodHandles.java:2464) at java.base/java.lang.invoke.MethodHandleImpl$1.defineHiddenClassWithClassData(MethodHandleImpl.java:1875) at java.base/jdk.internal.reflect.MethodHandleAccessorFactory.newVarHandleAccessor(MethodHandleAccessorFactory.java:268) ... 10 more
14-06-2021