# HG changeset patch # User coleenp # Date 1416420131 18000 # Node ID fe34c5ab0b356349c625673c541a0f72cff3936d # Parent bee8095780dbf1e3c90aed97e944c96fb6aa6a53 8042235: redefining method used by multiple MethodHandles crashes VM Summary: note all MemberNames created on internal list for adjusting method entries. Reviewed-by: sspitsyn, dcubed, lfoltan diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/classfile/javaClasses.cpp --- a/src/share/vm/classfile/javaClasses.cpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/classfile/javaClasses.cpp Wed Nov 19 13:02:11 2014 -0500 @@ -41,6 +41,7 @@ #include "oops/method.hpp" #include "oops/symbol.hpp" #include "oops/typeArrayOop.hpp" +#include "prims/jvmtiRedefineClassesTrace.hpp" #include "runtime/fieldDescriptor.hpp" #include "runtime/handles.inline.hpp" #include "runtime/interfaceSupport.hpp" @@ -2775,12 +2776,35 @@ return (Metadata*)mname->address_field(_vmtarget_offset); } +bool java_lang_invoke_MemberName::is_method(oop mname) { + assert(is_instance(mname), "must be MemberName"); + return (flags(mname) & (MN_IS_METHOD | MN_IS_CONSTRUCTOR)) > 0; +} + #if INCLUDE_JVMTI // Can be executed on VM thread only -void java_lang_invoke_MemberName::adjust_vmtarget(oop mname, Metadata* ref) { - assert((is_instance(mname) && (flags(mname) & (MN_IS_METHOD | MN_IS_CONSTRUCTOR)) > 0), "wrong type"); +void java_lang_invoke_MemberName::adjust_vmtarget(oop mname, Method* old_method, + Method* new_method, bool* trace_name_printed) { + assert(is_method(mname), "wrong type"); assert(Thread::current()->is_VM_thread(), "not VM thread"); - mname->address_field_put(_vmtarget_offset, (address)ref); + + Method* target = (Method*)mname->address_field(_vmtarget_offset); + if (target == old_method) { + mname->address_field_put(_vmtarget_offset, (address)new_method); + + if (RC_TRACE_IN_RANGE(0x00100000, 0x00400000)) { + if (!(*trace_name_printed)) { + // RC_TRACE_MESG macro has an embedded ResourceMark + RC_TRACE_MESG(("adjust: name=%s", + old_method->method_holder()->external_name())); + *trace_name_printed = true; + } + // RC_TRACE macro has an embedded ResourceMark + RC_TRACE(0x00400000, ("MemberName method update: %s(%s)", + new_method->name()->as_C_string(), + new_method->signature()->as_C_string())); + } + } } #endif // INCLUDE_JVMTI diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/classfile/javaClasses.hpp --- a/src/share/vm/classfile/javaClasses.hpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/classfile/javaClasses.hpp Wed Nov 19 13:02:11 2014 -0500 @@ -1096,7 +1096,8 @@ static Metadata* vmtarget(oop mname); static void set_vmtarget(oop mname, Metadata* target); #if INCLUDE_JVMTI - static void adjust_vmtarget(oop mname, Metadata* target); + static void adjust_vmtarget(oop mname, Method* old_method, Method* new_method, + bool* trace_name_printed); #endif // INCLUDE_JVMTI static intptr_t vmindex(oop mname); @@ -1110,6 +1111,8 @@ return obj != NULL && is_subclass(obj->klass()); } + static bool is_method(oop obj); + // Relevant integer codes (keep these in synch. with MethodHandleNatives.Constants): enum { MN_IS_METHOD = 0x00010000, // method (not constructor) diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/oops/instanceKlass.cpp --- a/src/share/vm/oops/instanceKlass.cpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/oops/instanceKlass.cpp Wed Nov 19 13:02:11 2014 -0500 @@ -2947,28 +2947,27 @@ return NULL; } -void InstanceKlass::add_member_name(int index, Handle mem_name) { +bool InstanceKlass::add_member_name(Handle mem_name) { jweak mem_name_wref = JNIHandles::make_weak_global(mem_name); MutexLocker ml(MemberNameTable_lock); - assert(0 <= index && index < idnum_allocated_count(), "index is out of bounds"); DEBUG_ONLY(No_Safepoint_Verifier nsv); + // Check if method has been redefined while taking out MemberNameTable_lock, if so + // return false. We cannot cache obsolete methods. They will crash when the function + // is called! + Method* method = (Method*)java_lang_invoke_MemberName::vmtarget(mem_name()); + if (method->is_obsolete()) { + return false; + } else if (method->is_old()) { + // Replace method with redefined version + java_lang_invoke_MemberName::set_vmtarget(mem_name(), method_with_idnum(method->method_idnum())); + } + if (_member_names == NULL) { _member_names = new (ResourceObj::C_HEAP, mtClass) MemberNameTable(idnum_allocated_count()); } - _member_names->add_member_name(index, mem_name_wref); -} - -oop InstanceKlass::get_member_name(int index) { - MutexLocker ml(MemberNameTable_lock); - assert(0 <= index && index < idnum_allocated_count(), "index is out of bounds"); - DEBUG_ONLY(No_Safepoint_Verifier nsv); - - if (_member_names == NULL) { - return NULL; - } - oop mem_name =_member_names->get_member_name(index); - return mem_name; + _member_names->add_member_name(mem_name_wref); + return true; } // ----------------------------------------------------------------------------------------------------- diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/oops/instanceKlass.hpp --- a/src/share/vm/oops/instanceKlass.hpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/oops/instanceKlass.hpp Wed Nov 19 13:02:11 2014 -0500 @@ -1091,8 +1091,7 @@ // JSR-292 support MemberNameTable* member_names() { return _member_names; } void set_member_names(MemberNameTable* member_names) { _member_names = member_names; } - void add_member_name(int index, Handle member_name); - oop get_member_name(int index); + bool add_member_name(Handle member_name); public: // JVMTI support diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/prims/jvm.cpp --- a/src/share/vm/prims/jvm.cpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/prims/jvm.cpp Wed Nov 19 13:02:11 2014 -0500 @@ -603,13 +603,14 @@ // Make shallow object copy const int size = obj->size(); - oop new_obj = NULL; + oop new_obj_oop = NULL; if (obj->is_array()) { const int length = ((arrayOop)obj())->length(); - new_obj = CollectedHeap::array_allocate(klass, size, length, CHECK_NULL); + new_obj_oop = CollectedHeap::array_allocate(klass, size, length, CHECK_NULL); } else { - new_obj = CollectedHeap::obj_allocate(klass, size, CHECK_NULL); + new_obj_oop = CollectedHeap::obj_allocate(klass, size, CHECK_NULL); } + // 4839641 (4840070): We must do an oop-atomic copy, because if another thread // is modifying a reference field in the clonee, a non-oop-atomic copy might // be suspended in the middle of copying the pointer and end up with parts @@ -620,24 +621,41 @@ // The same is true of StubRoutines::object_copy and the various oop_copy // variants, and of the code generated by the inline_native_clone intrinsic. assert(MinObjAlignmentInBytes >= BytesPerLong, "objects misaligned"); - Copy::conjoint_jlongs_atomic((jlong*)obj(), (jlong*)new_obj, + Copy::conjoint_jlongs_atomic((jlong*)obj(), (jlong*)new_obj_oop, (size_t)align_object_size(size) / HeapWordsPerLong); // Clear the header - new_obj->init_mark(); + new_obj_oop->init_mark(); // Store check (mark entire object and let gc sort it out) BarrierSet* bs = Universe::heap()->barrier_set(); assert(bs->has_write_region_opt(), "Barrier set does not have write_region"); - bs->write_region(MemRegion((HeapWord*)new_obj, size)); + bs->write_region(MemRegion((HeapWord*)new_obj_oop, size)); + + Handle new_obj(THREAD, new_obj_oop); + // Special handling for MemberNames. Since they contain Method* metadata, they + // must be registered so that RedefineClasses can fix metadata contained in them. + if (java_lang_invoke_MemberName::is_instance(new_obj()) && + java_lang_invoke_MemberName::is_method(new_obj())) { + Method* method = (Method*)java_lang_invoke_MemberName::vmtarget(new_obj()); + // MemberName may be unresolved, so doesn't need registration until resolved. + if (method != NULL) { + methodHandle m(THREAD, method); + // This can safepoint and redefine method, so need both new_obj and method + // in a handle, for two different reasons. new_obj can move, method can be + // deleted if nothing is using it on the stack. + m->method_holder()->add_member_name(new_obj()); + } + } // Caution: this involves a java upcall, so the clone should be // "gc-robust" by this stage. if (klass->has_finalizer()) { assert(obj->is_instance(), "should be instanceOop"); - new_obj = InstanceKlass::register_finalizer(instanceOop(new_obj), CHECK_NULL); + new_obj_oop = InstanceKlass::register_finalizer(instanceOop(new_obj()), CHECK_NULL); + new_obj = Handle(THREAD, new_obj_oop); } - return JNIHandles::make_local(env, oop(new_obj)); + return JNIHandles::make_local(env, new_obj()); JVM_END // java.lang.Compiler //////////////////////////////////////////////////// diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/prims/methodHandles.cpp --- a/src/share/vm/prims/methodHandles.cpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/prims/methodHandles.cpp Wed Nov 19 13:02:11 2014 -0500 @@ -29,7 +29,6 @@ #include "interpreter/oopMapCache.hpp" #include "memory/allocation.inline.hpp" #include "memory/oopFactory.hpp" -#include "prims/jvmtiRedefineClassesTrace.hpp" #include "prims/methodHandles.hpp" #include "runtime/compilationPolicy.hpp" #include "runtime/javaCalls.hpp" @@ -271,9 +270,12 @@ // This is done eagerly, since it is readily available without // constructing any new objects. // TO DO: maybe intern mname_oop - m->method_holder()->add_member_name(m->method_idnum(), mname); - - return mname(); + if (m->method_holder()->add_member_name(mname)) { + return mname(); + } else { + // Redefinition caused this to fail. Return NULL (and an exception?) + return NULL; + } } oop MethodHandles::init_field_MemberName(Handle mname, fieldDescriptor& fd, bool is_setter) { @@ -946,63 +948,27 @@ } } -void MemberNameTable::add_member_name(int index, jweak mem_name_wref) { +void MemberNameTable::add_member_name(jweak mem_name_wref) { assert_locked_or_safepoint(MemberNameTable_lock); - this->at_put_grow(index, mem_name_wref); -} - -// Return a member name oop or NULL. -oop MemberNameTable::get_member_name(int index) { - assert_locked_or_safepoint(MemberNameTable_lock); - - jweak ref = this->at(index); - oop mem_name = JNIHandles::resolve(ref); - return mem_name; + this->push(mem_name_wref); } #if INCLUDE_JVMTI -oop MemberNameTable::find_member_name_by_method(Method* old_method) { - assert_locked_or_safepoint(MemberNameTable_lock); - oop found = NULL; - int len = this->length(); - - for (int idx = 0; idx < len; idx++) { - oop mem_name = JNIHandles::resolve(this->at(idx)); - if (mem_name == NULL) { - continue; - } - Method* method = (Method*)java_lang_invoke_MemberName::vmtarget(mem_name); - if (method == old_method) { - found = mem_name; - break; - } - } - return found; -} - -// It is called at safepoint only +// It is called at safepoint only for RedefineClasses void MemberNameTable::adjust_method_entries(Method** old_methods, Method** new_methods, int methods_length, bool *trace_name_printed) { assert(SafepointSynchronize::is_at_safepoint(), "only called at safepoint"); - // search the MemberNameTable for uses of either obsolete or EMCP methods + // For each redefined method for (int j = 0; j < methods_length; j++) { Method* old_method = old_methods[j]; Method* new_method = new_methods[j]; - oop mem_name = find_member_name_by_method(old_method); - if (mem_name != NULL) { - java_lang_invoke_MemberName::adjust_vmtarget(mem_name, new_method); - if (RC_TRACE_IN_RANGE(0x00100000, 0x00400000)) { - if (!(*trace_name_printed)) { - // RC_TRACE_MESG macro has an embedded ResourceMark - RC_TRACE_MESG(("adjust: name=%s", - old_method->method_holder()->external_name())); - *trace_name_printed = true; - } - // RC_TRACE macro has an embedded ResourceMark - RC_TRACE(0x00400000, ("MemberName method update: %s(%s)", - new_method->name()->as_C_string(), - new_method->signature()->as_C_string())); + // search the MemberNameTable for uses of either obsolete or EMCP methods + for (int idx = 0; idx < length(); idx++) { + oop mem_name = JNIHandles::resolve(this->at(idx)); + if (mem_name != NULL) { + java_lang_invoke_MemberName::adjust_vmtarget(mem_name, old_method, new_method, + trace_name_printed); } } } diff -r bee8095780db -r fe34c5ab0b35 src/share/vm/prims/methodHandles.hpp --- a/src/share/vm/prims/methodHandles.hpp Thu Nov 20 11:06:26 2014 +0100 +++ b/src/share/vm/prims/methodHandles.hpp Wed Nov 19 13:02:11 2014 -0500 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -236,18 +236,14 @@ public: MemberNameTable(int methods_cnt); ~MemberNameTable(); - void add_member_name(int index, jweak mem_name_ref); - oop get_member_name(int index); + void add_member_name(jweak mem_name_ref); #if INCLUDE_JVMTI - public: // RedefineClasses() API support: // If a MemberName refers to old_method then update it // to refer to new_method. void adjust_method_entries(Method** old_methods, Method** new_methods, int methods_length, bool *trace_name_printed); - private: - oop find_member_name_by_method(Method* old_method); #endif // INCLUDE_JVMTI }; diff -r bee8095780db -r fe34c5ab0b35 test/compiler/jsr292/RedefineMethodUsedByMultipleMethodHandles.java --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/compiler/jsr292/RedefineMethodUsedByMultipleMethodHandles.java Wed Nov 19 13:02:11 2014 -0500 @@ -0,0 +1,174 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8042235 + * @summary redefining method used by multiple MethodHandles crashes VM + * @compile -XDignore.symbol.file RedefineMethodUsedByMultipleMethodHandles.java + * @run main RedefineMethodUsedByMultipleMethodHandles + */ + +import java.io.*; +import java.lang.instrument.*; +import java.lang.invoke.*; +import java.lang.invoke.MethodHandles.Lookup; +import java.lang.management.*; +import java.lang.reflect.*; +import java.nio.file.*; +import java.security.*; +import java.util.jar.*; + +import javax.tools.*; + +import jdk.internal.org.objectweb.asm.*; + +public class RedefineMethodUsedByMultipleMethodHandles { + + static class Foo { + public static Object getName() { + return "foo"; + } + } + + public static void main(String[] args) throws Throwable { + + Lookup lookup = MethodHandles.lookup(); + Method fooMethod = Foo.class.getDeclaredMethod("getName"); + + // fooMH2 displaces fooMH1 from the MemberNamesTable + MethodHandle fooMH1 = lookup.unreflect(fooMethod); + MethodHandle fooMH2 = lookup.unreflect(fooMethod); + + System.out.println("fooMH1.invoke = " + fooMH1.invokeExact()); + System.out.println("fooMH2.invoke = " + fooMH2.invokeExact()); + + // Redefining Foo.getName() causes vmtarget to be updated + // in fooMH2 but not fooMH1 + redefineFoo(); + + // Full GC causes fooMH1.vmtarget to be deallocated + System.gc(); + + // Calling fooMH1.vmtarget crashes the VM + System.out.println("fooMH1.invoke = " + fooMH1.invokeExact()); + } + + /** + * Adds the class file bytes for {@code c} to {@code jar}. + */ + static void add(JarOutputStream jar, Class c) throws IOException { + String classAsPath = c.getName().replace('.', '/') + ".class"; + jar.putNextEntry(new JarEntry(classAsPath)); + InputStream stream = c.getClassLoader().getResourceAsStream(classAsPath); + + int b; + while ((b = stream.read()) != -1) { + jar.write(b); + } + } + + static void redefineFoo() throws Exception { + Manifest manifest = new Manifest(); + manifest.getMainAttributes().put(Attributes.Name.MANIFEST_VERSION, "1.0"); + Attributes mainAttrs = manifest.getMainAttributes(); + mainAttrs.putValue("Agent-Class", FooAgent.class.getName()); + mainAttrs.putValue("Can-Redefine-Classes", "true"); + mainAttrs.putValue("Can-Retransform-Classes", "true"); + + Path jar = Files.createTempFile("myagent", ".jar"); + try { + JarOutputStream jarStream = new JarOutputStream(new FileOutputStream(jar.toFile()), manifest); + add(jarStream, FooAgent.class); + add(jarStream, FooTransformer.class); + jarStream.close(); + runAgent(jar); + } finally { + Files.deleteIfExists(jar); + } + } + + public static void runAgent(Path agent) throws Exception { + String vmName = ManagementFactory.getRuntimeMXBean().getName(); + int p = vmName.indexOf('@'); + assert p != -1 : "VM name not in @ format: " + vmName; + String pid = vmName.substring(0, p); + ClassLoader cl = ToolProvider.getSystemToolClassLoader(); + Class c = Class.forName("com.sun.tools.attach.VirtualMachine", true, cl); + Method attach = c.getDeclaredMethod("attach", String.class); + Method loadAgent = c.getDeclaredMethod("loadAgent", String.class); + Method detach = c.getDeclaredMethod("detach"); + Object vm = attach.invoke(null, pid); + loadAgent.invoke(vm, agent.toString()); + detach.invoke(vm); + } + + public static class FooAgent { + + public static void agentmain(@SuppressWarnings("unused") String args, Instrumentation inst) throws Exception { + assert inst.isRedefineClassesSupported(); + assert inst.isRetransformClassesSupported(); + inst.addTransformer(new FooTransformer(), true); + Class[] classes = inst.getAllLoadedClasses(); + for (int i = 0; i < classes.length; i++) { + Class c = classes[i]; + if (c == Foo.class) { + inst.retransformClasses(new Class[]{c}); + } + } + } + } + + static class FooTransformer implements ClassFileTransformer { + + @Override + public byte[] transform(ClassLoader cl, String className, Class classBeingRedefined, ProtectionDomain protectionDomain, byte[] classfileBuffer) throws IllegalClassFormatException { + if (Foo.class.equals(classBeingRedefined)) { + System.out.println("redefining " + classBeingRedefined); + ClassReader cr = new ClassReader(classfileBuffer); + ClassWriter cw = new ClassWriter(cr, ClassWriter.COMPUTE_FRAMES); + ClassVisitor adapter = new ClassVisitor(Opcodes.ASM5, cw) { + @Override + public MethodVisitor visitMethod(int access, String base, String desc, String signature, String[] exceptions) { + MethodVisitor mv = cv.visitMethod(access, base, desc, signature, exceptions); + if (mv != null) { + mv = new MethodVisitor(Opcodes.ASM5, mv) { + @Override + public void visitLdcInsn(Object cst) { + System.out.println("replacing \"" + cst + "\" with \"bar\""); + mv.visitLdcInsn("bar"); + } + }; + } + return mv; + } + }; + + cr.accept(adapter, ClassReader.SKIP_FRAMES); + cw.visitEnd(); + return cw.toByteArray(); + } + return classfileBuffer; + } + } +}