Bug ID: JDK-6987991 JSR 292 phpreboot test/testtracefun2.phpr segfaults

Type: Bug
Component: hotspot
Sub-Component: compiler
Affected Version: hs20

Priority: P4
Status: Closed
Resolution: Fixed
OS: generic
CPU: generic

Submitted: 2010-09-28
Updated: 2011-07-29
Resolved: 2011-04-25

JDK 7	Other
7Fixed	hs21Fixed

Putting the libraries on the system classpath (instead of the boot classpath) makes the VM crash.

$ gamma -XX:+UnlockExperimentalVMOptions -XX:+EnableInvokeDynamic -cp lib/phpreboot.jar:lib/tatoo-runtime.jar:lib/asm-all-3.2.jar:lib/grizzly-servlet-webserver-1.9.18-k.jar:. com.googlecode.phpreboot.Main test/testtracefun2.phpr

Program received signal SIGSEGV, Segmentation fault.
0xf719b73e in oopDesc::klass (this=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/oops/oop.inline.hpp:40
40	    return _metadata._klass;
(gdb) where
#0  0xf719b73e in oopDesc::klass (this=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/oops/oop.inline.hpp:40
#1  0xf719b762 in oopDesc::blueprint (this=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/oops/oop.inline.hpp:102
#2  0xf719b7f8 in oopDesc::is_klass (this=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/oops/oop.inline.hpp:113
#3  0xf719b54d in Klass::cast (k=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/oops/klass.hpp:483
#4  0xf76a83d6 in MethodHandles::class_cast_needed (src=0xb282f578, dst=0x0) at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:938
#5  0xf76a922f in MethodHandles::check_argument_type_change (src_type=T_OBJECT, src_klass=0xb282f578, dst_type=T_OBJECT, dst_klass=0x0, argnum=1, raw=false)
    at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:1256
#6  0xf76a8a20 in MethodHandles::verify_method_signature (m=..., mtype=..., first_ptype_pos=0, insert_ptype=..., __the_thread__=0x8068000)
    at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:1070
#7  0xf76a8c37 in MethodHandles::verify_method_type (m=..., mtype=..., has_bound_recv=false, bound_recv_type=..., __the_thread__=0x8068000)
    at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:1112
#8  0xf76a9977 in MethodHandles::verify_DirectMethodHandle (mh=..., m=..., __the_thread__=0x8068000) at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:1385
#9  0xf76a9ad2 in MethodHandles::init_DirectMethodHandle (mh=..., m=..., do_dispatch=false, __the_thread__=0x8068000) at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:1405
#10 0xf76ac503 in MHI_init_DMH (env=0x8068134, igcls=0xffffa5e4, mh_jh=0xffffa5f8, target_jh=0xffffa5f4, do_dispatch=0 '\000', caller_jh=0xffffa5ec)
    at /home/twisti/hotspot-comp/hotspot/src/share/vm/prims/methodHandles.cpp:2217
<snip>
The current version of phpreboot still fails with the same error on JDK 7 b136:

intelsdv03:~/mlvm/phpreboot-read-only/phpreboot$ java -XX:+UnlockExperimentalVMOptions -XX:+EnableInvokeDynamic -Xbootclasspath/p:lib/phpreboot.jar:lib/tatoo-runtime.jar:lib/asm-all-4.0.jar:lib/jaxen-1.1.2.jar:lib/grizzly-servlet-webserver-1.9.18-k.jar:lib/derby.jar com.googlecode.phpreboot.Main test/testtracefun2.phpr 
VM option '+UnlockExperimentalVMOptions'
VM option '+EnableInvokeDynamic'
i = 300000

intelsdv03:~/mlvm/phpreboot-read-only/phpreboot$ java -XX:+UnlockExperimentalVMOptions -XX:+EnableInvokeDynamic -cp lib/phpreboot.jar:lib/tatoo-runtime.jar:lib/asm-all-4.0.jar:lib/jaxen-1.1.2.jar:lib/grizzly-servlet-webserver-1.9.18-k.jar:lib/derby.jar com.googlecode.phpreboot.Main test/testtracefun2.phpr 
VM option '+UnlockExperimentalVMOptions'
VM option '+EnableInvokeDynamic'
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00ecc587, pid=20705, tid=11262832
#
# JRE version: 7.0-b136
# Java VM: Java HotSpot(TM) Server VM (21.0-b06-fastdebug mixed mode linux-x86 )
# Problematic frame:
# V  [libjvm.so+0x281587]  Klass::cast(klassOopDesc*)+0x17
#
# Failed to write core dump. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /home/twisti/mlvm/phpreboot-read-only/phpreboot/hs_err_pid20705.log
#
# If you would like to submit a bug report, please visit:
#   http://java.sun.com/webapps/bugreport/crash.jsp
#

EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-rt/hotspot/rev/328926869b15
23-04-2011
EVALUATION John Rose said: Make MH verification tests more correct, robust, and informative. Fix lingering symbol refcount problems.
11-04-2011
EVALUATION http://hg.openjdk.java.net/jdk7/hotspot-comp/hotspot/rev/328926869b15
10-04-2011
EVALUATION The logic of MethodHandles::verify_method_signature tries to resolve each class in the method signature with the loader and protection domain of the method holder class. The method signature is: (dbx) p m->signature()->print() Symbol: '(Lcom/googlecode/phpreboot/interpreter/EvalEnv;ILcom/googlecode/phpreboot/model/Var;)Z' count 1 The method holder class is: (dbx) p m->method_holder()->print() {instance class} - klass: {other class} - instance size: 2 - klass size: 86 - access: public final - state: linked - name: 'GenStub$0$trace' - super: 'java/lang/Object' - sub: - arrays: NULL - methods: a 'java/lang/Object'[2] - method ordering: [I - local interfaces: a 'java/lang/Object'[0] - trans. interfaces: a 'java/lang/Object'[0] - constants: constant pool [39] for 'GenStub$0$trace' cache=0xb6a750d0 - class loader: NULL - protection domain: NULL - host class: 'sun/reflect/NativeConstructorAccessorImpl' - signers: NULL - source file: 'script' - inner classes: [S - java mirror: a 'java/lang/Class' = 'GenStub$0$trace' - vtable length 5 (start addr: 0xb6a75038) - itable length 2 (start addr: 0xb6a75050) - ---- static fields (0 words): - ---- non-static fields (0 words): - non-static oop maps: Since the com/googlecode/phpreboot/* classes are loaded with the system class loader, the resolve fails, resulting in a null value, which is then passed on leading to the crash.
21-03-2011