RFR: 8284877: Check type compatibility before looking up method from receiver's vtable

[David Holmes]

On Thu, 14 Apr 2022 10:40:21 GMT, Yi Yang <yyang at openjdk.org> wrote:

> Hi, can I have a review for this enhancement? This patch adds type compatibility check before method lookup for robustness. In some internal cases, serialization framework may improperly generate an object of wrong type, which leads JVM randomly crashes during method resolution.
> 
> For example:
> 
> invokevirtual selected method: receiver-class:java.util.ArrayList, resolved-class:com.taobao.forest.domain.util.LongMapSupportArrayList, resolved_method:com.taobao.forest.domain.util.LongMapSupportArrayList.toMap()Ljava/util/Map;, selected_method:0x458, vtable_index:56#
> 
> The real type of receiver is ArrayList, while the resolved method is LongMapSupportArrayList.toMap. VM attempts to select method as if looking up from receiver's vtable via vtable index of resolved method(i.e. attempts to lookup `toMap()` from 
>  ArrayList), an invalid method or incorrect method would be selected, thus causing some strange crashes.
> 
> I think it's reasonable to add a type compatibility check before method lookup. If such an incompatible call is found, JVM could throw an exception instead.

Hi,

This really needs a test case so we can understand exactly what is going on. Receiver type checking happens in a number of places so we need to understand how the problem arises and exactly what should be happening in that case per the JVMS. If this is a corrupt serialization stream then it may indicate a bug in the JDK deserialization code - again important to know.

Thanks,
David

-------------

PR: https://git.openjdk.java.net/jdk/pull/8241