Bug ID: JDK-8000315 IE crash when launching several applets in each tab

JDK-8000315 : IE crash when launching several applets in each tab

Type: Bug
Component: deploy
Sub-Component: plugin
Affected Version: 6u30,6u35

Priority: P2
Status: Closed
Resolution: Won't Fix
OS: windows_7
CPU: x86

Submitted: 2012-10-02
Updated: 2012-11-15
Resolved: 2012-11-15

Related Reports

Relates :	JDK-6974402 - IE: optimize startup logic on the browser side
Relates :	JDK-7044108 - NPAPI Java plugin should not crash even when JRE is not available on the system

Sub Tasks

JDK-8000470 :

Please find workaround of this crash issue and in what condition crash occurred - Closed

Description

[tested under 6u30 and 6u35]
When starting several applets continuously and "tab browse" feature is enabled in IE, 
applets will be launched in each tab. 
IE crashes while loading applet and close tabs, but automatically reopens and restart applet. 
 
[Attached reproduce test]
This applet just obtains Java version and display it on IE screen.
1. Save the attached file in local
2. Open  Internet Explorer (make sure "Tab browse" feature is enabled)
3. From command prompt, go to the saved file location and run tp.sh 
-> It will launch JavaApplet in different tab one by one
-> If unable to reproduce, please add the more lines in tp.sh to increase the number of Applet to be launched

We suspect this is syncronization issue in JavaVM_GetJNIEnv().
deploy/src/plugin/win32/plugin2/common/JavaVM.c.

// Note: locking would be needed in order to make this code 100% correct.
// It's difficult to implement this without another initialization entry
// point called from DllMain. In practice this will be called in a
// sufficiently single threaded fashion when the JVM initialization occurs.
JNIEnv* JavaVM_GetJNIEnv()
{
   JNIEnv* env = NULL;
   jint res = 0;
   if (!initialized) {
       if (!InitializeJVM()) {
           return NULL;
       }
       initialized = 1;
   }
   res = (*jvm)->AttachCurrentThread(jvm, (void**) &env, NULL);
   if (res < 0)
       return NULL;
   return env;
}

While previous Applet launches JVM, it seems like next Applet tries to attach to the launching JVM.

 In fact, our customer reported that when they encounter this issue with debug version of JVM, assertion failed in allocate_threadObj(), thread.cpp in hotspot. 

void JavaThread::allocate_threadObj(Handle thread_group, char* thread_name, bool daemon, TRAPS) {
  assert(thread_group.not_null(), "thread group should be specified") ; <- 

And this allocate_threadObj() is called from attach_current_thread() in jni.cpp

static jint attach_current_thread(JavaVM *vm, void **penv, void *_args, bool daemon) {
 ....
 ....
  // Create Java level thread object and attach it to this thread
  bool attach_failed = false;
  {
    EXCEPTION_MARK;
    HandleMark hm(THREAD);
    Handle thread_group(THREAD, group);
    thread->allocate_threadObj(thread_group, thread_name, daemon, THREAD); <--
    if (HAS_PENDING_EXCEPTION) {
      CLEAR_PENDING_EXCEPTION;
      // cleanup outside the handle mark.
      attach_failed = true;
    }
  }

The first parameter passed to allocate_threadObj() , "thread_group" is null
when crash occurred. 
This  "thread_group" becomes non-null only after VM creation is finished. 
We assume there is a way to syncronize this process and not to call AttachCurrentThread while VM creation is not finished.

Comments

Closed per comment in sub task.
15-11-2012
Hi is there any updates?
10-10-2012
https://jbs.oracle.com/bugs/browse/JDK-7044108 https://jbs.oracle.com/bugs/browse/JDK-6974402 It is stated that the above two bugs are releated to this issue. I could not find the webrev of the fixes for the two bugs. Do you oknow where their fixes are? In both JDK-7044108 and JDK-6974402, it is only stated that they are fixed in jdk7, do you know to which update versions of jdk7 the fixes are applied to
10-10-2012
Hi I have tested with latest 7 and 8 but still same crash occurred. Please do not close this issue yet. Please make sure you follow this step. 1. Save the attached file in local 2. Open Internet Explorer (make sure "Tab browse" feature is enabled) 3. From command prompt, go to the saved file location and run tp.sh If the step is exactly same but crash did not happen, please add more lines in .sh script, meaning please launch more JavaApplet.
09-10-2012
Issue is not applicable to latest 7 and 8 updates. Moving to sustaining team
05-10-2012
For 6u30 I 've reproduce the error: "A problem with this webpage caused Internet Explorer to close and reopen the tab." when using provided .bat file. But for 8 version it seems to work fine(at least on my machine I could not reproduce the issue). Synchronization in JavaVM_GetJNIEnv() was added for the issue: 6974402 IE: optimize startup logic on the browser side (and improved for 7044108)
05-10-2012
I've found out that for 8 version we already have critical section for synchronization there: JNIEnv* JavaVM_GetJNIEnv() { JNIEnv* env = NULL; jint res = 0; if (!initialized) { EnterCriticalSection(&csSync); if (!initialized) { if (!InitializeJVM()) { LeaveCriticalSection(&csSync); return NULL; } initialized = 1; } LeaveCriticalSection(&csSync); } res = (jvm)->AttachCurrentThread(jvm, (void*) &env, NULL); if (res < 0) return NULL; return env; } I also was able to launch several applets in diffrent tabs without crashes on my machine (but my steps were a bit different, may be it depends on IE version(?)). Are you ablr to test on java 8 on your machine? Anyway, I need to reproduce initial crash to make sure that critical section fixes the issue, that's what I'm working on now.
05-10-2012
Yes, it is similar behavior, but in my case upon starting .sh script, IE first opens the same number of tabs to launch the same number of Applets written in tp.sh. But some of them failed and caused to crash. Then IE pops up error message message and when I press "terminate program", IE closes the tab and reopen a new tab, then start new applet. In my case, it starts not only one applet but several applets succeeded to launch.
05-10-2012
For my machine (Windows 7 64, IE9 , java 8) it starts only one applet from the script, after I close IE manually, it automatically reopens IE and stars next applet, and so on. Does that look similar to the behavior on your machine?
04-10-2012
Hi, would you have any updates?
04-10-2012
Hi thank you for working on this issue. I tested with the latest Java SE 7 update 7 and same issue occurred.
03-10-2012
Could you please see if you can see same issue with Java 7?
02-10-2012
Add more information: This issue does not occur if "tab browse" feature is disabled. We also would like to know how "tab" is related to this issue to seek workaround.
02-10-2012