SIGSEGV in Jdk9 from MethodHandle
Jackson Davis
jackson at jcdav.is
Mon Jul 10 16:27:22 UTC 2017
(Apologies in advance if this is not the correct mailing list, this seems
to not be happening in jdk8 so this seemed appropriate)
I've been playing around with some complex MethodHandle chains recently (as
one does) and ran into a consistent segfault in the interpreter. Here is
the most minimal repro I could find:
import java.lang.invoke.*;
import static java.lang.invoke.MethodType.*;
import static java.lang.invoke.MethodHandles.*;
class Crash {
public static void main(String[] args) throws Throwable {
MethodHandle crash = permuteArguments(foldArguments(
dropArguments(identity(int[].class), 1, int.class, int.class),
arrayElementSetter(int[].class)
), methodType(int[].class, int.class, int[].class, int.class), 1, 2, 0);
int[] arr = new int[1];
arr = (int[])crash.invokeExact(1, arr, 0);
System.out.println(arr);
}
}
Removing the permuteArguments call seems to stop it from happening, as does
removing the println. This crashes at the same place every time both on my
local builds (fastdebug & release), as well as the latest ea 9+177. As
mentioned above, I can't repro this in 8u92.
Here is the top of the error log from the EA build:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# SIGSEGV (0xb) at pc=0x00000001086db1b2, pid=12616, tid=6147
#
# JRE version: Java(TM) SE Runtime Environment (9.0+177) (build 9+177)
# Java VM: Java HotSpot(TM) 64-Bit Server VM (9+177, mixed mode, tiered,
compressed oops, g1 gc, bsd-amd64)
# Problematic frame:
# V [libjvm.dylib+0x4db1b2]
LinkResolver::resolve_invokevirtual(CallInfo&, Handle, constantPoolHandle
const&, int, Thread*)+0x4e
#
# No core dump will be written. Core dumps have been disabled. To enable
core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Crash
Host: MacBookPro11,5 x86_64 2800 MHz, 8 cores, 16G, Darwin 15.6.0
Time: Mon Jul 10 09:13:55 2017 PDT elapsed time: 0 seconds (0d 0h 0m 0s)
--------------- T H R E A D ---------------
Current thread (0x00007fabd9806000): JavaThread "main" [_thread_in_vm,
id=6147, stack(0x000070000011a000,0x000070000021a000)]
Stack: [0x000070000011a000,0x000070000021a000], sp=0x00007000002196c0,
free space=1021k
Native frames: (J=compiled Java code, A=aot compiled Java code,
j=interpreted, Vv=VM code, C=native code)
V [libjvm.dylib+0x4db1b2] LinkResolver::resolve_invokevirtual(CallInfo&,
Handle, constantPoolHandle const&, int, Thread*)+0x4e
V [libjvm.dylib+0x39a447] InterpreterRuntime::resolve_invoke(JavaThread*,
Bytecodes::Code)+0x1ff
V [libjvm.dylib+0x39a9e7]
InterpreterRuntime::resolve_from_cache(JavaThread*, Bytecodes::Code)+0x3d
j java.lang.String.valueOf(Ljava/lang/Object;)Ljava/lang/String;+10
java.base at 9
j java.io.PrintStream.println(Ljava/lang/Object;)V+1 java.base at 9
j Crash.main([Ljava/lang/String;)V+91
v ~StubRoutines::call_stub
V [libjvm.dylib+0x3a240d] JavaCalls::call_helper(JavaValue*, methodHandle
const&, JavaCallArguments*, Thread*)+0x2b5
V [libjvm.dylib+0x3db879] jni_invoke_static(JNIEnv_*, JavaValue*,
_jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*)+0x12d
V [libjvm.dylib+0x3de227] jni_CallStaticVoidMethod+0x18d
C [java+0x4dfa] JavaMain+0xb8d
C [libsystem_pthread.dylib+0x399d] _pthread_body+0x83
C [libsystem_pthread.dylib+0x391a] _pthread_body+0x0
C [libsystem_pthread.dylib+0x1351] thread_start+0xd
C 0x0000000000000000
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.lang.String.valueOf(Ljava/lang/Object;)Ljava/lang/String;+10
java.base at 9
j java.io.PrintStream.println(Ljava/lang/Object;)V+1 java.base at 9
j Crash.main([Ljava/lang/String;)V+91
v ~StubRoutines::call_stub
siginfo: si_signo: 11 (SIGSEGV), si_code: 1 (SEGV_MAPERR), si_addr:
0x0000000000000009
When run from a debug build, it fails an assert earlier:
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error
(/Users/jackson/dev/jdk9/hotspot/src/share/vm/runtime/handles.cpp:37),
pid=52390, tid=6147
# assert(obj->is_oop()) failed: not an oop: 0x0000000000000001
#
# JRE version: OpenJDK Runtime Environment (9.0) (fastdebug build
9-internal+0-adhoc.jackson.jdk9)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug
9-internal+0-adhoc.jackson.jdk9, mixed mode, tiered, compressed oops, g1
gc, bsd-amd64)
# No core dump will be written. Core dumps have been disabled. To enable
core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# http://bugreport.java.com/bugreport/crash.jsp
#
--------------- S U M M A R Y ------------
Command Line: Crash
Host: Jacksons-MacBook-Pro-2.local, MacBookPro11,5 x86_64 2800 MHz, 8
cores, 16G, Darwin 15.6.0
Time: Mon Jul 10 06:52:20 2017 PDT elapsed time: 1 seconds (0d 0h 0m 1s)
--------------- T H R E A D ---------------
Current thread (0x00007fd374809000): JavaThread "main" [_thread_in_vm,
id=6147, stack(0x000070000011a000,0x000070000021a000)]
Stack: [0x000070000011a000,0x000070000021a000], sp=0x0000700000219340,
free space=1020k
Native frames: (J=compiled Java code, A=aot compiled Java code,
j=interpreted, Vv=VM code, C=native code)
V [libjvm.dylib+0xad63d9] VMError::report_and_die(int, char const*, char
const*, __va_list_tag*, Thread*, unsigned char*, void*, void*, char const*,
int, unsigned long)+0x423
V [libjvm.dylib+0xad6b08] VMError::report_and_die(Thread*, char const*,
int, char const*, char const*, __va_list_tag*)+0x4a
V [libjvm.dylib+0x41c5cf] report_vm_error(char const*, int, char const*,
char const*, ...)+0xcc
V [libjvm.dylib+0x5804e5] HandleArea::allocate_handle(oop)+0xed
V [libjvm.dylib+0x58064d] Handle::Handle(Thread*, oop)+0xdf
V [libjvm.dylib+0x5cf84e] InterpreterRuntime::resolve_invoke(JavaThread*,
Bytecodes::Code)+0x124
V [libjvm.dylib+0x5d04c3]
InterpreterRuntime::resolve_from_cache(JavaThread*, Bytecodes::Code)+0xd7
j java.lang.String.valueOf(Ljava/lang/Object;)Ljava/lang/String;+10
java.base
j java.io.PrintStream.println(Ljava/lang/Object;)V+1 java.base
j Crash.main([Ljava/lang/String;)V+161
v ~StubRoutines::call_stub
V [libjvm.dylib+0x5e230d] JavaCalls::call_helper(JavaValue*, methodHandle
const&, JavaCallArguments*, Thread*)+0x4ed
V [libjvm.dylib+0x60f20b] jni_invoke_static(JNIEnv_*, JavaValue*,
_jobject*, JNICallType, _jmethodID*, JNI_ArgumentPusher*, Thread*)+0x186
V [libjvm.dylib+0x615014] jni_CallStaticVoidMethod+0x31f
C [java+0x4ffe] JavaMain+0xb78
C [libsystem_pthread.dylib+0x399d] _pthread_body+0x83
C [libsystem_pthread.dylib+0x391a] _pthread_body+0x0
C [libsystem_pthread.dylib+0x1351] thread_start+0xd
[error occurred during error reporting (printing native stack), id
0xe0000000]
Java frames: (J=compiled Java code, j=interpreted, Vv=VM code)
j java.lang.String.valueOf(Ljava/lang/Object;)Ljava/lang/String;+10
java.base
j java.io.PrintStream.println(Ljava/lang/Object;)V+1 java.base
j Crash.main([Ljava/lang/String;)V+161
v ~StubRoutines::call_stub
Is this a known issue? Should I file a bug report?
-Jackson
More information about the jdk9-dev
mailing list