ADDITIONAL SYSTEM INFORMATION :
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
A DESCRIPTION OF THE PROBLEM :
We run a drafted regression test on the newest version of JDK 11,17,22 under the option "--add-exports java.base/jdk.internal.misc=ALL-UNNAMED". We found that the JVM crashed every time.
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/repository/jdk11u/src/hotspot/share/prims/unsafe.cpp:117), pid=22666, tid=22867
# assert(byte_offset < p_size) failed: Unsafe access: offset 2235 > object's size 24
#
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
# compile
$ javac --add-exports java.base/jdk.internal.misc=ALL-UNNAMED compiler/c2/aarch64/TestUnsafeVolatileStore.java
# run
$ java --add-exports java.base/jdk.internal.misc=ALL-UNNAMED compiler.c2.aarch64.TestUnsafeVolatileStore
ACTUAL -
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/unsafe.cpp:117
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/repository/jdk11u/src/hotspot/share/prims/unsafe.cpp:117), pid=22666, tid=22867
# assert(byte_offset < p_size) failed: Unsafe access: offset 2235 > object's size 24
#
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /home/repository/JVM-Tesing-by-Anti-Optimization/bugs/TestUnsafeVolatileStore_07_17_10_32_14/hs_err_pid22666.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
Current thread is 22867
---------- BEGIN SOURCE ----------
/*
* Copyright (c) 2018, Red Hat, Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package compiler.c2.aarch64;
import java.lang.reflect.Field;
import jdk.internal.misc.Unsafe;
class TestUnsafeVolatileStore
{
public volatile int f_int = 0;
public volatile Integer f_obj = Integer.valueOf(0);
public static Unsafe unsafe = Unsafe.getUnsafe();
public static Field f_int_field;
public static Field f_obj_field;
public static long f_int_off;
public static long f_obj_off;
static {
try {
f_int_field = TestUnsafeVolatileStore.class.getField("f_int");
f_obj_field = TestUnsafeVolatileStore.class.getField("f_obj");
f_int_off = unsafe.objectFieldOffset(f_int_field);
f_obj_off = unsafe.objectFieldOffset(f_obj_field);
} catch (Exception e) {
System.out.println("reflection failed " + e);
e.printStackTrace();
}
}
public static void main(String[] args)
{
final TestUnsafeVolatileStore t = new TestUnsafeVolatileStore();
for (int i = 0; i < 100_000; i++) {
t.f_int = -1;
t.testInt(i);
if (t.f_int != i) {
throw new RuntimeException("bad result!");
}
}
for (int i = 0; i < 100_000; i++) {
t.f_obj = null;
t.testObj(Integer.valueOf(i));
if (t.f_obj != i) {
throw new RuntimeException("bad result!");
}
}
}
public static int method0(int var) {
return var ^ 0;
}
public static int method11(int var1,int var2) {
return (int)(var1 / var2);
}
public static long method42(long var) {
return var + 8989;
}
public static int method51(int var) {
return var == 0? 0:var * 2223/var;
}
public void testInt(int i)
{
synchronized (this) {
try {
Class <?> Class3 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
Class <?> Class12 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
int var13 = 0;
Class <?> Class43 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
synchronized(this){
synchronized (TestUnsafeVolatileStore.class) {
unsafe.putIntVolatile(this, (long)((((int)Class12.getDeclaredMethod("method11", int.class, int.class).invoke(null, 340, 1))-1664)+((103/1+(((long)(f_int_off & (((long)Class43.getDeclaredMethod("method42", long.class).invoke(null, f_int_off))-8989))-340)-103)/1-1252)+((1664-method51(i))+(1252+2223)))), ((int)Class3.getDeclaredMethod("method0", int.class).invoke(null, (int)(~(((int)(~((i)&(i))))|(i))))));
}
}
}catch (Exception eeeeeeee){throw new RuntimeException(eeeeeeee);}
}
}
public void testObj(Object o)
{
unsafe.putObjectVolatile(this, f_obj_off, o);
}
}
---------- END SOURCE ----------
FREQUENCY : always
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
A DESCRIPTION OF THE PROBLEM :
We run a drafted regression test on the newest version of JDK 11,17,22 under the option "--add-exports java.base/jdk.internal.misc=ALL-UNNAMED". We found that the JVM crashed every time.
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/repository/jdk11u/src/hotspot/share/prims/unsafe.cpp:117), pid=22666, tid=22867
# assert(byte_offset < p_size) failed: Unsafe access: offset 2235 > object's size 24
#
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
# compile
$ javac --add-exports java.base/jdk.internal.misc=ALL-UNNAMED compiler/c2/aarch64/TestUnsafeVolatileStore.java
# run
$ java --add-exports java.base/jdk.internal.misc=ALL-UNNAMED compiler.c2.aarch64.TestUnsafeVolatileStore
ACTUAL -
# To suppress the following error report, specify this argument
# after -XX: or in .hotspotrc: SuppressErrorAt=/unsafe.cpp:117
#
# A fatal error has been detected by the Java Runtime Environment:
#
# Internal Error (/home/repository/jdk11u/src/hotspot/share/prims/unsafe.cpp:117), pid=22666, tid=22867
# assert(byte_offset < p_size) failed: Unsafe access: offset 2235 > object's size 24
#
# JRE version: OpenJDK Runtime Environment (11.0.20) (fastdebug build 11.0.20-internal+0-adhoc.jdk11u)
# Java VM: OpenJDK 64-Bit Server VM (fastdebug 11.0.20-internal+0-adhoc.jdk11u, mixed mode, tiered, compressed oops, g1 gc, linux-amd64)
# No core dump will be written. Core dumps have been disabled. To enable core dumping, try "ulimit -c unlimited" before starting Java again
#
# An error report file with more information is saved as:
# /home/repository/JVM-Tesing-by-Anti-Optimization/bugs/TestUnsafeVolatileStore_07_17_10_32_14/hs_err_pid22666.log
#
# If you would like to submit a bug report, please visit:
# https://bugreport.java.com/bugreport/crash.jsp
#
Current thread is 22867
---------- BEGIN SOURCE ----------
/*
* Copyright (c) 2018, Red Hat, Inc. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package compiler.c2.aarch64;
import java.lang.reflect.Field;
import jdk.internal.misc.Unsafe;
class TestUnsafeVolatileStore
{
public volatile int f_int = 0;
public volatile Integer f_obj = Integer.valueOf(0);
public static Unsafe unsafe = Unsafe.getUnsafe();
public static Field f_int_field;
public static Field f_obj_field;
public static long f_int_off;
public static long f_obj_off;
static {
try {
f_int_field = TestUnsafeVolatileStore.class.getField("f_int");
f_obj_field = TestUnsafeVolatileStore.class.getField("f_obj");
f_int_off = unsafe.objectFieldOffset(f_int_field);
f_obj_off = unsafe.objectFieldOffset(f_obj_field);
} catch (Exception e) {
System.out.println("reflection failed " + e);
e.printStackTrace();
}
}
public static void main(String[] args)
{
final TestUnsafeVolatileStore t = new TestUnsafeVolatileStore();
for (int i = 0; i < 100_000; i++) {
t.f_int = -1;
t.testInt(i);
if (t.f_int != i) {
throw new RuntimeException("bad result!");
}
}
for (int i = 0; i < 100_000; i++) {
t.f_obj = null;
t.testObj(Integer.valueOf(i));
if (t.f_obj != i) {
throw new RuntimeException("bad result!");
}
}
}
public static int method0(int var) {
return var ^ 0;
}
public static int method11(int var1,int var2) {
return (int)(var1 / var2);
}
public static long method42(long var) {
return var + 8989;
}
public static int method51(int var) {
return var == 0? 0:var * 2223/var;
}
public void testInt(int i)
{
synchronized (this) {
try {
Class <?> Class3 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
Class <?> Class12 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
int var13 = 0;
Class <?> Class43 = Class.forName("compiler.c2.aarch64.TestUnsafeVolatileStore");
synchronized(this){
synchronized (TestUnsafeVolatileStore.class) {
unsafe.putIntVolatile(this, (long)((((int)Class12.getDeclaredMethod("method11", int.class, int.class).invoke(null, 340, 1))-1664)+((103/1+(((long)(f_int_off & (((long)Class43.getDeclaredMethod("method42", long.class).invoke(null, f_int_off))-8989))-340)-103)/1-1252)+((1664-method51(i))+(1252+2223)))), ((int)Class3.getDeclaredMethod("method0", int.class).invoke(null, (int)(~(((int)(~((i)&(i))))|(i))))));
}
}
}catch (Exception eeeeeeee){throw new RuntimeException(eeeeeeee);}
}
}
public void testObj(Object o)
{
unsafe.putObjectVolatile(this, f_obj_off, o);
}
}
---------- END SOURCE ----------
FREQUENCY : always
- relates to
-
JDK-8312431 JVM crashes on unsafe.cpp
-
- Closed
-