jdk_lang Test7157574 segfault

[pdbain-ibm]

    $JAVA_HOME/jre/bin/../../bin/java \
        -Dtest.class.path.prefix=$JVMTEST/openjdk_regression/work/classes/3/java/lang/invoke/7157574:$TEST_HOME/openjdk_regression/openjdk-jdk/jdk/test/java/lang/invoke/7157574 \
        -Dtest.src=$TEST_HOME/openjdk_regression/openjdk-jdk/jdk/test/java/lang/invoke/7157574 \
        -Dtest.src.path=$TEST_HOME/openjdk_regression/openjdk-jdk/jdk/test/java/lang/invoke/7157574 \
        -Dtest.classes=$JVMTEST/openjdk_regression/work/classes/3/java/lang/invoke/7157574 \
        -Dtest.class.path=$JVMTEST/openjdk_regression/work/classes/3/java/lang/invoke/7157574 \
        -Dtest.vm.opts='-ea -esa -Xmx512m -Xcompressedrefs' \
        -Dtest.tool.vm.opts='-J-ea -J-esa -J-Xmx512m -J-Xcompressedrefs' \
        -Dtest.compiler.opts= \
        -Dtest.java.opts= \
        -Dtest.jdk=$JAVA_HOME/jre/bin/../.. \
        -Dcompile.jdk=$JAVA_HOME/jre/bin/../.. \
        -Dtest.timeout.factor=4.0 \
        -classpath $JVMTEST/openjdk_regression/work/classes/3/java/lang/invoke/7157574:$TEST_HOME/openjdk_regression/openjdk-jdk/jdk/test/java/lang/invoke/7157574:$JAVA_HOME/jre/bin/../../lib/tools.jar:$JVMTEST/openjdk_regression/jtreg/lib/javatest.jar:$JVMTEST/openjdk_regression/jtreg/lib/jtreg.jar \
        Test7157574

MethodHandle(Sub)void
MethodHandle(Sub)void
MethodHandle(Sub)int
MethodHandle(Sub,int)void
MethodHandle(Sub)int
Unhandled exception
Type=Segmentation error vmState=0x00000000
J9Generic_Signal_Number=00000004 Signal_Number=0000000b Error_Value=00000000 Signal_Code=00000001
Handler1=00007F8BA958C110 Handler2=00007F8BA875B7C0 InaccessibleAddress=0000000000000000
RDI=0000000000000005 RSI=0000000002166E00 RAX=0000000000000005 RBX=00007F8BA23F2080
RCX=0000000000000005 RDX=0000000000000000 R8=000000000207B900 R9=000000000000000D
R10=FFFFFFFFFFFFFFFF R11=00007F8B7B8A62A8 R12=00007F8BA9CDD3E0 R13=0000000002055700
R14=0000000002122C68 R15=000000000207BB30
RIP=00007F8BA21CEC76 GS=0000 FS=0000 RSP=00007F8BAA4DF848
EFlags=0000000000010206 CS=0033 RBP=0000000002166E00 ERR=0000000000000004
TRAPNO=000000000000000E OLDMASK=0000000000000000 CR2=0000000000000000
xmm0 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm1 6874654d2f656b6f (f: 795175808.000000, d: 1.488867e+195)
xmm2 0000000000000000 (f: 0.000000, d: 0.000000e+00)
xmm3 43e0000000000000 (f: 0.000000, d: 9.223372e+18)
xmm4 402f2f3cf5eab68a (f: 4125800192.000000, d: 1.559226e+01)
xmm5 3fe6b5302eeb2aa9 (f: 787163840.000000, d: 7.096177e-01)
xmm6 402f2f3d9a8c6bad (f: 2592893952.000000, d: 1.559227e+01)
xmm7 3bbcc86800000000 (f: 0.000000, d: 6.095003e-21)
xmm8 dddddddddddddddd (f: 3722305024.000000, d: -1.456816e+144)
xmm9 3ff0000000000000 (f: 0.000000, d: 1.000000e+00)
xmm10 bedd000000000000 (f: 0.000000, d: -6.914139e-06)
xmm11 3d75474c359916f1 (f: 899225344.000000, d: 1.209543e-12)
xmm12 bcc4000000000000 (f: 0.000000, d: -5.551115e-16)
xmm13 bc6c400000000000 (f: 0.000000, d: -1.225148e-17)
xmm14 bc6bc60efafc6f6e (f: 4210847488.000000, d: -1.204491e-17)
xmm15 402e7f9c1e980d00 (f: 513281280.000000, d: 1.524924e+01)
Module=/team/pdbain/defects/git1128/xa6480_openj9/j2sdk-image/jre/lib/amd64/compressedrefs/libjclse7b_29.so
Module_base_address=00007F8BA218A000
Target=2_90_20180323_382118 (Linux 3.16.0-77-generic)
CPU=amd64 (4 logical CPUs) (0x1f30c3000 RAM)
----------- Stack Backtrace -----------
(0x00007F8BA21CEC76 [libjclse7b_29.so+0x44c76])
Java_java_lang_invoke_PrimitiveHandle_lookupMethod+0x912 (0x00007F8BA219E432 [libjclse7b_29.so+0x14432])
(0x00007F8B915BD438 [<unknown>+0x0])
---------------------------------------

[DanHeidinga]

Given InaccessibleAddress=0000000000000000, likely a missing nullcheck somewhere

[pdbain-ibm]

Here is a simple testcase:

import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;

public class TestMH {
interface MyInterface {void myMethod();}
	public static void main(String[] args) {
		try {
			java.lang.invoke.MethodHandle h = MethodHandles.lookup().findVirtual(MyInterface.class,
					"hashCode", MethodType.methodType(int.class));
		} catch (NoSuchMethodException | IllegalAccessException e) {
			e.printStackTrace();
		}
	}
}

We lookup a concrete method from j.l.Object. findVirtual() returns the concrete method but describes it as an interface method. We run off the end of the iTable looking for the method.

[DanHeidinga]

The curse of Interfaces being able to lookup Object methods. I think we're missing a check in java_dyn_methodhandle.c::lookupinterface() compared to the code in resolvesupport.cpp::resolveInterfaceMethodRefInfo():

ie:

			/* Object methods may be invoked via invokeinterface.  In that case, use Object
			 * for the interfaceClass in the ref.  The methodIndex value doesn't matter as
			 * Object will never be found in an iTable.
			 */
			if (J9_ARE_ANY_BITS_SET(methodClass->romClass->modifiers, J9_JAVA_INTERFACE)) {
				methodIndex = getITableIndexForMethod(method, interfaceClass) << 8;
			} else {
				interfaceClass = methodClass;
			}

i.e. we should be checking whether the methodClass is an interface before calling getITableIndexForMethod

hshelp.c may have a similar problem.

[pdbain-ibm]

I think the problem is outside lookupinterface() and is in MethodHandles.java. The class in question is in fact an interface, so the test doesn't help.

MethodHandles.findVirtual() assumes that if the given class is an interface, all methods are interface methods:

				if (clazz.isInterface()) {
					handle = new InterfaceHandle(clazz, methodName, type);  <<< crashes here
					if (Modifier.isStatic(handle.getModifiers())) {
						throw new IllegalAccessException();
					}
3XMTHREADINFO3           Java callstack:
4XESTACKTRACE                at java/lang/invoke/PrimitiveHandle.lookupMethod(Native Method)
 4XESTACKTRACE                at java/lang/invoke/PrimitiveHandle.finishMethodInitialization(PrimitiveHandle.java:192)
4XESTACKTRACE                at java/lang/invoke/InterfaceHandle.<init>(InterfaceHandle.java:43)
4XESTACKTRACE                at java/lang/invoke/MethodHandles$Lookup.findVirtual(MethodHandles.java:549)
 4