Bug ID: JDK-5067517 RedefineClasses crash if class list includes class for primtive or array types

Type: Bug
Component: hotspot
Sub-Component: jvmti
Affected Version: 6

Priority: P4
Status: Resolved
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2004-06-23
Updated: 2005-03-01
Resolved: 2004-10-07

Other	JDK 6
5.0u4Fixed	6 mustangFixed

JVMTI RedefineClasses will crash if class definition list includes a class representing a primitive or array type. Here is a sample err file for an array type :-

#
# An unexpected error has been detected by HotSpot Virtual Machine:
#
#  Internal Error (C:\ws\service_hs_baseline\src\share\vm\runtime\handles.hpp, 236), pid=1256, tid=2020
#
# Java VM: Java HotSpot(TM) Client VM (1.5-internal-debug mixed mode)
#
# Error: assert(SharedSkipVerify || is_null() || obj->klass_part()->oop_is_instance(),"illegal type")

---------------  T H R E A D  ---------------

Current thread (0x0023a228):  JavaThread "main" [_thread_in_vm, id=2020]

Stack: [0x00030000,0x00070000),  sp=0x0006edf4,  free space=251k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [jvm_g.dll+0x34fc9b]
V  [jvm_g.dll+0x160ce9]
V  [jvm_g.dll+0xd9fbf]
V  [jvm_g.dll+0x25c87d]
V  [jvm_g.dll+0x25c209]
V  [jvm_g.dll+0x35e0ad]
V  [jvm_g.dll+0x242095]
V  [jvm_g.dll+0x398d9f]
C  [instrument_g.dll+0x47e2]
C  [instrument_g.dll+0x1ed4]
j  sun.instrument.InstrumentationImpl.redefineClasses0([Ljava/lang/instrument/ClassDefinition;)V+0
j  sun.instrument.InstrumentationImpl.redefineClasses([Ljava/lang/instrument/ClassDefinition;)V+69
j  Test.premain(Ljava/lang/String;Ljava/lang/instrument/Instrumentation;)V+74
v  ~StubRoutines::call_stub
V  [jvm_g.dll+0x1cb724]
V  [jvm_g.dll+0x2ab67d]
V  [jvm_g.dll+0x1cb3ef]
V  [jvm_g.dll+0x2d537f]
V  [jvm_g.dll+0x2d722e]
V  [jvm_g.dll+0x225ba1]
C  [java_g.dll+0xa7a8]
j  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+0
j  sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+87
j  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+6
j  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+111
j  sun.instrument.InstrumentationImpl.loadClassAndCallPremain(Ljava/lang/String;Ljava/lang/String;)V+51
v  ~StubRoutines::call_stub
V  [jvm_g.dll+0x1cb724]
V  [jvm_g.dll+0x2ab67d]
V  [jvm_g.dll+0x1cb3ef]
V  [jvm_g.dll+0x1d7c9d]
V  [jvm_g.dll+0x1db88b]
C  [instrument_g.dll+0x3acc]
C  [instrument_g.dll+0x34fd]
C  [instrument_g.dll+0x3430]
C  [instrument_g.dll+0x23fc]
V  [jvm_g.dll+0x24e83a]
V  [jvm_g.dll+0x31cfb8]
V  [jvm_g.dll+0x1edf15]
C  [java_g.exe+0x2b47]
C  [java_g.exe+0x12d2]
C  [java_g.exe+0xabbf]
C  [KERNEL32.DLL+0x11af6]

Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j  sun.instrument.InstrumentationImpl.redefineClasses0([Ljava/lang/instrument/ClassDefinition;)V+0
j  sun.instrument.InstrumentationImpl.redefineClasses([Ljava/lang/instrument/ClassDefinition;)V+69
j  Test.premain(Ljava/lang/String;Ljava/lang/instrument/Instrumentation;)V+74
v  ~StubRoutines::call_stub
j  sun.reflect.NativeMethodAccessorImpl.invoke0(Ljava/lang/reflect/Method;Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+0
j  sun.reflect.NativeMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+87
j  sun.reflect.DelegatingMethodAccessorImpl.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+6
j  java.lang.reflect.Method.invoke(Ljava/lang/Object;[Ljava/lang/Object;)Ljava/lang/Object;+111
j  sun.instrument.InstrumentationImpl.loadClassAndCallPremain(Ljava/lang/String;Ljava/lang/String;)V+51
v  ~StubRoutines::call_stub

---------------  P R O C E S S  ---------------

Java Threads: ( => current thread )
  0x009aeda0 JavaThread "Finalizer" daemon [_thread_blocked, id=1816]
  0x009ad290 JavaThread "Reference Handler" daemon [_thread_blocked, id=1424]
=>0x0023a228 JavaThread "main" [_thread_in_vm, id=2020]

Other Threads:
  0x009a71f0 VMThread [id=932]

VM state:not at safepoint (normal execution)

VM Mutex/Monitor currently owned by a thread: None

Heap
 def new generation   total 576K, used 315K [0x10270000, 0x10310000, 0x10750000)
  eden space 512K,  61% used [0x10270000, 0x102bee70, 0x102f0000)
  from space 64K,   0% used [0x102f0000, 0x102f0000, 0x10300000)
  to   space 64K,   0% used [0x10300000, 0x10300000, 0x10310000)
 tenured generation   total 1408K, used 0K [0x10750000, 0x108b0000, 0x14270000)
   the space 1408K,   0% used [0x10750000, 0x10750000, 0x10750200, 0x108b0000)
 compacting perm gen  total 8192K, used 1396K [0x14270000, 0x14a70000, 0x18270000)
   the space 8192K,  17% used [0x14270000, 0x143cd110, 0x143cd200, 0x14a70000)
No shared spaces configured.

Dynamic libraries:
0x00400000 - 0x00411000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\java_g.exe
0x77f80000 - 0x77ffd000 	C:\WINNT\system32\ntdll.dll
0x7c2d0000 - 0x7c332000 	C:\WINNT\system32\ADVAPI32.dll
0x7c570000 - 0x7c628000 	C:\WINNT\system32\KERNEL32.DLL
0x77d30000 - 0x77da1000 	C:\WINNT\system32\RPCRT4.DLL
0x10200000 - 0x10264000 	C:\WINNT\system32\MSVCRTD.dll
0x08000000 - 0x08632000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\client\jvm_g.dll
0x77e10000 - 0x77e75000 	C:\WINNT\system32\USER32.dll
0x77f40000 - 0x77f7e000 	C:\WINNT\system32\GDI32.DLL
0x77570000 - 0x775a0000 	C:\WINNT\system32\WINMM.dll
0x10000000 - 0x1000a000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\hpi_g.dll
0x690a0000 - 0x690ab000 	C:\WINNT\system32\PSAPI.DLL
0x00900000 - 0x00915000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\instrument_g.dll
0x00a30000 - 0x00a40000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\verify_g.dll
0x00a40000 - 0x00a64000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\java_g.dll
0x00a70000 - 0x00a86000 	c:\ws\service_sdk_baseline\build\windows-i586\bin\zip_g.dll

VM Arguments:
jvm_args: -javaagent:Test.jar
java_command: Test

Environment Variables:
PATH=c:\ws\service_sdk_baseline\build\windows-i586\bin;C:\PROGRA~1\MKSTOO~1\bin;C:\PROGRA~1\MKSTOO~1\bin\X11;C:\PROGRA~1\MKSTOO~1\mksnt;C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem
USERNAME=ab23780
SHELL=C:/PROGRA~1/MKSTOO~1/mksnt/sh.exe
DISPLAY=:0.0
OS=Windows_NT
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel


---------------  S Y S T E M  ---------------

OS: Windows 2000 Build 2195 Service Pack 4

CPU:total 1 family 15, cmov, cx8, fxsr, mmx, sse, sse2, ht

Memory: 4k page, physical 523272k(187856k free), swap 1277784k(1086364k free)

vm_info: Java HotSpot(TM) Client VM (1.5-internal) for windows-x86, built on Jun 17 2004 09:36:27 by ab23780 with MS VC++ 6.0
###@###.### 10/7/04 00:17 GMT

SUGGESTED FIX The fix to src/share/vm/prims/jvmtiRedefineClasses.cpp is :- --- 105,110 ---- *************** *** 191,197 **** --- 185,197 ---- assert(state != NULL, "JvmtiThreadState not initialized"); for (int i = 0; i < _class_count; i++) { oop mirror = JNIHandles::resolve_non_null(_class_defs[i].klass); + if (java_lang_Class::is_primitive(mirror)) { + return JVMTI_ERROR_UNMODIFIABLE_CLASS; + } klassOop k_oop = java_lang_Class::as_klassOop(mirror); + if (!Klass::cast(k_oop)->oop_is_instance()) { + return JVMTI_ERROR_UNMODIFIABLE_CLASS; + } instanceKlassHandle k_h = instanceKlassHandle(THREAD, k_oop); symbolHandle k_name = symbolHandle(THREAD, k_h->name()); ###@###.### 2004-06-23 This fix is being included in a batch of JFluid/RedefineClasses fixes targeted for a Tiger-Update release. See the jfluid-merge-update4-full-webrev.tar.Z attachment in 5088035 for the complete set of changes. ###@###.### 2005-2-25 22:29:34 GMT

25-02-2005

CONVERTED DATA BugTraq+ Release Management Values COMMIT TO FIX: mustang FIXED IN: mustang

29-09-2004

EVALUATION Too later for tiger. ###@###.### 2004-06-23

23-06-2004