java.lang.VerifyError: Inconsistent stackmap frames at branch target
Attila Szegedi
szegedia at gmail.com
Thu Dec 1 12:01:46 UTC 2016
Running with assertions enabled shows that the error is in “this.length >>>=0” expression on line 31. Reducing the testcase to just:
(function (p) {
if (p) {
this.length >>>= 0; // Coerce to uint32.
}
})(false)
also reproduces the problem (at least, the assertion; it will cause a somewhat different issue without assertions).
Attila.
> On 01 Dec 2016, at 12:18, Frantzius, Jörg <Joerg.Frantzius at aperto.com> wrote:
>
> Hi Sunda,
>
> you can reproduce by putting the following into a test.js file and executing it using jjs.
>
> ======== snip =============
>
> function Buffer(subject, encoding) {
> if (!util.isBuffer(this))
> return new Buffer(subject, encoding);
>
> if (util.isNumber(subject)) {
> this.length = +subject;
>
> } else if (util.isString(subject)) {
> if (!util.isString(encoding) || encoding.length === 0)
> encoding = 'utf8';
> this.length = Buffer.byteLength(subject, encoding);
>
> // Handle Arrays, Buffers, Uint8Arrays or JSON.
> } else if (util.isObject(subject)) {
> if (subject.type === 'Buffer' && util.isArray(subject.data))
> subject = subject.data;
> this.length = +subject.length;
>
> } else {
> throw new TypeError('must start with number, buffer, array or string');
> }
>
> if (this.length > kMaxLength) {
> throw new RangeError('Attempt to allocate Buffer larger than maximum ' +
> 'size: 0x' + kMaxLength.toString(16) + ' bytes');
> }
>
> if (this.length < 0)
> this.length = 0;
> else
> this.length >>>= 0; // Coerce to uint32.
>
> this.parent = undefined;
> if (this.length <= (Buffer.poolSize >>> 1) && this.length > 0) {
> if (this.length > poolSize - poolOffset)
> createPool();
> this.parent = sliceOnto(allocPool,
> this,
> poolOffset,
> poolOffset + this.length);
> poolOffset += this.length;
>
> // Ensure aligned slices
> if (poolOffset & 0x7) {
> poolOffset |= 0x7;
> poolOffset++;
> }
> } else {
> alloc(this, this.length);
> }
>
> if (util.isNumber(subject)) {
> return;
> }
>
> if (util.isString(subject)) {
> // In the case of base64 it's possible that the size of the buffer
> // allocated was slightly too large. In this case we need to rewrite
> // the length to the actual length written.
> var len = this.write(subject, encoding);
> // Buffer was truncated after decode, realloc internal ExternalArray
> if (len !== this.length) {
> var prevLen = this.length;
> this.length = len;
> truncate(this, this.length);
> // Only need to readjust the poolOffset if the allocation is a slice.
> if (this.parent != undefined)
> poolOffset -= (prevLen - len);
> }
>
> } else if (util.isBuffer(subject)) {
> subject.copy(this, 0, 0, this.length);
>
> } else if (util.isNumber(subject.length) || util.isArray(subject)) {
> // Really crappy way to handle Uint8Arrays, but V8 doesn't give a simple
> // way to access the data from the C++ API.
> for (var i = 0; i < this.length; i++)
> this[i] = subject[i];
> }
> }
>
> new Buffer(1024);
>
> ========== snip ==============
>
>
> I’ll hopefully get my OCA signed and sent in soon, so I can contribute in JIRA.
>
> Regards,
> Jörg
>
>
> ---
>
> Dipl. Inf. Jörg von Frantzius, Technical Director
>
> E-Mail joerg.frantzius at aperto.com
>
> Phone +49 30 283921-318
> Fax +49 30 283921-29
>
> Aperto GmbH – An IBM Company
> Chausseestraße 5, D-10115 Berlin
> http://www.aperto.com<http://www.aperto.de/>
> http://www.facebook.com/aperto
> https://www.xing.com/companies/apertoag
>
> HRB 77049 B, AG Berlin Charlottenburg
> Geschäftsführer: Dirk Buddensiek, Kai Großmann, Stephan Haagen, Daniel Simon
>
> Am 01.12.2016 um 07:46 schrieb Sundararajan Athijegannathan <sundararajan.athijegannathan at oracle.com<mailto:sundararajan.athijegannathan at oracle.com>>:
>
> Is there a simple reduced test case that we can use it to reproduce the issue you're seeing? Please send us the same and we'll file a bug (or you may do that as well).
>
> Thanks,
> -Sundar
>
> On 29/11/16, 11:11 PM, Frantzius, Jörg wrote:
> Hi,
>
> with JDK 1.8.0_112 (on Mac OS X) I’m running into the following error. When querying bugs.openjdk.java.net<http://bugs.openjdk.java.net><http://bugs.openjdk.java.net> for "Current frame's stack size doesn't match stackmap“, I only found bugs dating from 2013, so this may not be known yet?
>
> Unfortunately I can’t see the Javascript file name or line number in the error message. The last known source location node/lib/fs.js:374 that I can step to in the Netbeans debugger is calling a constructor „Buffer(size)“, which is likely this source: https://github.com/nodejs/node/blob/v0.12.7-release/lib/buffer.js#L48
>
> Following is the error message:
>
> java.lang.VerifyError: Inconsistent stackmap frames at branch target 404
> Exception Details:
> Location:
> jdk/nashorn/internal/scripts/Script$Recompilation$414$1806AA$\^function\_.L:1#Buffer(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object; @382: goto
> Reason:
> Current frame's stack size doesn't match stackmap.
> Current Frame:
> bci: @382
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'java/lang/Object', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
> stack: { }
> Stackmap Frame:
> bci: @404
> flags: { }
> locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 'java/lang/Object', 'java/lang/Object', 'java/lang/Object', 'jdk/nashorn/internal/runtime/ScriptObject' }
> stack: { 'java/lang/Object' }
> Bytecode:
> 0x0000000: 2ab6 0014 3a04 1904 ba00 2000 0059 ba00
> 0x0000010: 2300 005f 2bba 0027 0000 9a00 1219 04ba
> 0x0000020: 002a 0000 2c2d ba00 2e00 00b0 1904 ba00
> 0x0000030: 2000 0059 ba00 3100 005f 2cba 0034 0000
> 0x0000040: 9900 102b 2cb8 003a ba00 3e00 00a7 00d5
> 0x0000050: 1904 ba00 2000 0059 ba00 4100 005f 2cba
> 0x0000060: 0044 0000 9900 4d19 04ba 0020 0000 59ba
> 0x0000070: 0041 0000 5f2d ba00 4400 0099 0012 2dba
> 0x0000080: 0047 0000 b800 4a03 8798 9a00 0912 4cb8
> 0x0000090: 0050 4e2b 1904 ba00 5500 0059 ba00 5800
> 0x00000a0: 005f 2c2d ba00 5c00 00ba 005f 0000 a700
> 0x00000b0: 7419 04ba 0020 0000 59ba 0062 0000 5f2c
> 0x00000c0: ba00 6500 0099 0043 2cba 0068 0000 126a
> 0x00000d0: b800 7099 0026 1904 ba00 2000 0059 ba00
> 0x00000e0: 7300 005f 2cba 0076 0000 ba00 7900 0099
> 0x00000f0: 000a 2cba 0076 0000 4d2b 2cba 007b 0000
> 0x0000100: ba00 3e00 00a7 001d 1904 b600 80ba 0083
> 0x0000110: 0000 1285 ba00 8900 0012 8b10 4507 b800
> 0x0000120: 91bf 2bba 0047 0000 1904 ba00 9400 00b8
> 0x0000130: 0097 9900 3a19 04b6 0080 ba00 9a00 0012
> 0x0000140: 9c19 04ba 0094 0000 59ba 009f 0000 5f10
> 0x0000150: 10ba 00a3 0000 b800 a712 a9b8 00a7 ba00
> 0x0000160: ac00 0012 8b10 4907 b800 91bf 2bba 007b
> 0x0000170: 0000 0e98 9c00 0d2b 03ba 00af 0000 a700
> 0x0000180: 162b 592b ba00 4700 00b8 00b3 b800 b7ba
> 0x0000190: 003e 0000 2b19 04b6 0080 ba00 ba00 00ba
> 0x00001a0: 00bd 0000 2bba 0047 0000 1904 ba00 5500
> 0x00001b0: 00ba 00c0 0000 047c b800 b75d 58b8 003a
> 0x00001c0: 5e58 989d 00c3 2bba 007b 0000 0e97 9e00
> 0x00001d0: b82b ba00 4700 0019 04ba 00c2 0000 1904
> 0x00001e0: ba00 c500 005f b800 3a5d 58b8 003a 675d
> 0x00001f0: 58b8 003a 5e58 979e 0013 1904 ba00 c800
> 0x0000200: 00b2 00cc ba00 d000 0057 2b19 04ba 00d3
> 0x0000210: 0000 b200 cc19 04ba 00d6 0000 2b19 04ba
> 0x0000220: 00c5 0000 1904 ba00 c500 002b ba00 4700
> 0x0000230: 00b8 00a7 ba00 da00 00ba 00bd 0000 1904
> 0x0000240: 1904 ba00 c500 002b ba00 4700 00b8 00a7
> 0x0000250: ba00 dd00 0019 04ba 00df 0000 1007 7e99
> 0x0000260: 0024 1904 1904 ba00 df00 0010 0780 ba00
> 0x0000270: e100 0019 0419 04ba 00e3 0000 0f63 ba00
> 0x0000280: e500 00a7 001a 1904 ba00 e800 00b2 00cc
> 0x0000290: 2b2b ba00 4700 00ba 00ec 0000 5719 04ba
> 0x00002a0: 0020 0000 59ba 0031 0000 5f2c ba00 3400
> 0x00002b0: 0099 0007 b200 ccb0 1904 ba00 2000 0059
> 0x00002c0: ba00 4100 005f 2cba 0044 0000 9900 8b2b
> 0x00002d0: 59ba 00ef 0000 5f2c 2dba 00f2 0000 3a05
> 0x00002e0: 1905 2bba 0047 0000 b800 f599 0064 2bba
> 0x00002f0: 0047 0000 3a06 2b19 05ba 005f 0000 1904
> 0x0000300: ba00 f800 00b2 00cc 2b2b ba00 4700 00ba
> 0x0000310: 00fb 0000 572b ba00 fe00 0019 04b6 0080
> 0x0000320: ba00 ba00 00b8 0101 9900 2419 0419 04ba
> 0x0000330: 00c5 0000 1906 b800 3a19 05b8 003a 675d
> 0x0000340: 58b8 003a 5e58 67ba 00e5 0000 a700 08b2
> 0x0000350: 00cc 3a06 a700 9e19 04ba 0020 0000 59ba
> 0x0000360: 0023 0000 5f2c ba00 2700 0099 001d 2c59
> 0x0000370: ba01 0400 005f 2b03 032b ba00 4700 00ba
> 0x0000380: 0108 0000 57a7 0063 1904 ba00 2000 0059
> 0x0000390: ba00 3100 005f 2cba 0047 0000 ba00 3400
> 0x00003a0: 009a 001a 1904 ba00 2000 0059 ba00 7300
> 0x00003b0: 005f 2cba 0079 0000 9900 3003 3607 1507
> 0x00003c0: 8739 0818 082b ba00 7b00 0098 9c00 1c2b
> 0x00003d0: 1808 2c18 08ba 010e 0000 ba01 1200 0018
> 0x00003e0: 080f 6339 08a7 ffde b200 cc3a 06b2 00cc
> 0x00003f0: 3a05 b200 ccb0
> Stackmap Table:
> append_frame(@44,Object[#125])
> same_frame(@80)
> same_frame(@141)
> same_frame(@147)
> same_frame(@177)
> same_frame_extended(@249)
> same_frame(@264)
> same_frame(@290)
> same_frame_extended(@364)
> same_frame(@385)
> same_locals_1_stack_item_frame(@404,Object[#286])
> same_locals_1_stack_item_extended(@522,Object[#286])
> same_locals_1_stack_item_extended(@643,Object[#286])
> same_locals_1_stack_item_frame(@646,Object[#286])
> same_locals_1_stack_item_frame(@669,Object[#286])
> same_locals_1_stack_item_frame(@696,Object[#286])
> full_frame(@844,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
> full_frame(@847,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286]},{Object[#286]})
> full_frame(@852,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
> full_frame(@855,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125]},{Object[#286]})
> same_locals_1_stack_item_frame(@904,Object[#286])
> same_locals_1_stack_item_frame(@955,Object[#286])
> full_frame(@963,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Top,Top,Integer,Double},{Object[#286]})
> full_frame(@1000,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125]},{Object[#286]})
> full_frame(@1010,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
>
> at java.lang.Class.getDeclaredFields0(Native Method)
> at java.lang.Class.privateGetDeclaredFields(Class.java:2583)
> at java.lang.Class.getDeclaredField(Class.java:2068)
> at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller$1.run(Context.java:209)
> at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller$1.run(Context.java:204)
> at java.security.AccessController.doPrivileged(Native Method)
> at jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.initialize(Context.java:204)
> at jdk.nashorn.internal.codegen.CompilationPhase$InstallPhase.transform(CompilationPhase.java:508)
> at jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:624)
> at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:655)
> at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:725)
> at jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:905)
> at jdk.nashorn.internal.runtime.ScriptFunctionData.getBest(ScriptFunctionData.java:375)
> at jdk.nashorn.internal.runtime.ScriptFunctionData.getBestConstructor(ScriptFunctionData.java:247)
> at jdk.nashorn.internal.runtime.ScriptFunction.findNewMethod(ScriptFunction.java:758)
> at jdk.nashorn.internal.runtime.ScriptObject.lookup(ScriptObject.java:1827)
> at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:104)
> at jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:98)
> at jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
> at jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
> at jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:154)
> at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:253)
> at jdk.nashorn.internal.scripts.Script$Recompilation$402$9044AA$\^function\_.L:1#readFileSync(node/lib/fs.js:374)
> [..]
>
> Any help or hints would be very appreciated!
>
> Regards,
> Jörg
>
> ---
>
> Dipl. Inf. Jörg von Frantzius, Technical Director
>
> E-Mail joerg.frantzius at aperto.com<mailto:joerg.frantzius at aperto.com>
>
> Phone +49 30 283921-318
> Fax +49 30 283921-29
>
> Aperto GmbH – An IBM Company
> Chausseestraße 5, D-10115 Berlin
> http://www.aperto.com<http://www.aperto.de/>
> http://www.facebook.com/aperto
> https://www.xing.com/companies/apertoag
>
> HRB 77049 B, AG Berlin Charlottenburg
> Vorstand: Dirk Buddensiek (Vorsitzender), Kai Großmann, Stephan Haagen, Daniel Simon
> Aufsichtsrat: Matthew Candy (Vorsitzender)
>
>
More information about the nashorn-dev
mailing list