JDK-8248462 : JVM crashes on repeated access to a MethodHandle linking to Object.hashCode
  • Type: Bug
  • Component: hotspot
  • Sub-Component: compiler
  • Affected Version: 8u251,9,10,11,12
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_10
  • CPU: x86_64
  • Submitted: 2020-06-28
  • Updated: 2021-02-24
  • Resolved: 2020-06-29
Related Reports
Duplicate :  
JDK-8217760 - C2: Missing symbolic info on a call from intrinsics when invoked through MethodHandle
Description
A DESCRIPTION OF THE PROBLEM :
Creating a MethodHandle linking to java.lang.Object.hashCode() and invoking it more than about 12000 times in a row causes the JVM to crash. Seems to work fine on Java SE 14.

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
The issue can be reproduced by running the attached code.


---------- BEGIN SOURCE ----------
  MethodHandle hashCode =
            MethodHandles.lookup().findVirtual(Object.class, "hashCode", MethodType.methodType(int.class));
  
  for (int i = 0; i < 100000; i++)
      hashCode.invoke(new String());
---------- END SOURCE ----------

FREQUENCY : always
Comments
Running with fastdebug reveals: # Internal Error (/scratch/opt/mach5/mesos/work_dir/slaves/9190d864-6621-4810-ba08-d8d8c75ba674-S802/frameworks/1735e8a2-a1db-478c-8104-60c8b0af87dd-0196/executors/0a350cb6-616d-4ae0-b410-8a3ea9caeed6/runs/fa9c7a3a-1911-41ea-b6cc-bf65dab5b6c5/workspace/open/src/hotspot/share/runtime/sharedRuntime.cpp:1284), pid=18601, tid=18602 # assert((!is_virtual && invoke_code == Bytecodes::_invokestatic ) || (!is_virtual && invoke_code == Bytecodes::_invokespecial) || (!is_virtual && invoke_code == Bytecodes::_invokehandle ) || (!is_virtual && invoke_code == Bytecodes::_invokedynamic) || ( is_virtual && invoke_code != Bytecodes::_invokestatic )) failed: inconsistent bytecode It's JDK-8217760 which has been fixed in JDK >= 13 and 11.0.6-oracle.
29-06-2020
Doesn't crash with -Xint - moving to compiler team for evaluation.
29-06-2020
Crashed for me with OpenJDK 8u252 on Linux: # # A fatal error has been detected by the Java Runtime Environment: # # SIGSEGV (0xb) at pc=0x00007f5db14be9b3, pid=12597, tid=0x00007f5db296e700 # # JRE version: OpenJDK Runtime Environment (8.0_252-b09) (build 1.8.0_252-b09) # Java VM: OpenJDK 64-Bit Server VM (25.252-b09 mixed mode linux-amd64 compressed oops) # Problematic frame: # V [libjvm.so+0x96a9b3] SharedRuntime::resolve_sub_helper(JavaThread*, bool, bool, Thread*)+0x4c3 # # Core dump written. Default location: /scratch/users/daholme/tests/core or core.12597 # # An error report file with more information is saved as: # /scratch/users/daholme/tests/hs_err_pid12597.log Compiled method (nm) 117 19 n 0 java.lang.invoke.MethodHandle::linkToVirtual(LL)I (native) total in heap [0x00007f5d9c043ed0,0x00007f5d9c044028] = 344 relocation [0x00007f5d9c043ff8,0x00007f5d9c044000] = 8 main code [0x00007f5d9c044000,0x00007f5d9c044028] = 40 Compiled method (c2) 117 99 4 java.lang.invoke.LambdaForm$BMH/1300109446::reinvoke (23 bytes) total in heap [0x00007f5d9c072f50,0x00007f5d9c073220] = 720 relocation [0x00007f5d9c073078,0x00007f5d9c073090] = 24 main code [0x00007f5d9c0730a0,0x00007f5d9c073140] = 160 stub code [0x00007f5d9c073140,0x00007f5d9c073158] = 24 oops [0x00007f5d9c073158,0x00007f5d9c073170] = 24 metadata [0x00007f5d9c073170,0x00007f5d9c073180] = 16 scopes data [0x00007f5d9c073180,0x00007f5d9c0731c0] = 64 scopes pcs [0x00007f5d9c0731c0,0x00007f5d9c073200] = 64 dependencies [0x00007f5d9c073200,0x00007f5d9c073208] = 8 handler table [0x00007f5d9c073208,0x00007f5d9c073220] = 24 # # If you would like to submit a bug report, please visit: # http://bugreport.java.com/bugreport/crash.jsp # Aborted (core dumped) > java -version openjdk version "1.8.0_252" OpenJDK Runtime Environment (build 1.8.0_252-b09) OpenJDK 64-Bit Server VM (build 25.252-b09, mixed mode) Stack: [0x00007f5db286f000,0x00007f5db296f000], sp=0x00007f5db296cd90, free space=1015k Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code) V [libjvm.so+0x96a9b3] SharedRuntime::resolve_sub_helper(JavaThread*, bool, bool, Thread*)+0x4c3 V [libjvm.so+0x96abb4] SharedRuntime::resolve_helper(JavaThread*, bool, bool, Thread*)+0x54 V [libjvm.so+0x96b10e] SharedRuntime::resolve_virtual_call_C(JavaThread*)+0x5e v ~RuntimeStub::resolve_virtual_call J 99 C2 java.lang.invoke.LambdaForm$BMH.reinvoke(Ljava/lang/Object;Ljava/lang/Object;)V (23 bytes) @ 0x00007f5d9c073110 [0x00007f5d9c0730a0+0x70] J 89 C1 java.lang.invoke.LambdaForm$MH.invoke_MT(Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)V (21 bytes) @ 0x00007f5d9c07033c [0x00007f5d9c06f880+0xabc] j MethodHandleCrash.main([Ljava/lang/String;)V+33 v ~StubRoutines::call_stub V [libjvm.so+0x67dd1e] JavaCalls::call_helper(JavaValue*, methodHandle*, JavaCallArguments*, Thread*)+0xf5e V [libjvm.so+0x68e9fa] jni_invoke_static(JNIEnv_*, JavaValue*, _jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*) [clone .isra.205]+0x30a V [libjvm.so+0x6a2af6] jni_CallStaticVoidMethod+0x186 C [libjli.so+0x39c9] JavaMain+0xa29 C [libpthread.so.0+0x7ea5] start_thread+0xc5 Also crashes in Oracle JDK 9, 10, 11 and 12. No crash in 13 or 14.
29-06-2020
I was not able to reproduce this issue on Windows 10: x64 in any of the JDK versions; even after I set my heap size to 1 MB.
29-06-2020