--- old/src/share/vm/classfile/javaClasses.cpp Wed Jan 14 21:29:58 2015 +++ new/src/share/vm/classfile/javaClasses.cpp Wed Jan 14 21:29:57 2015 @@ -42,6 +42,7 @@ #include "oops/methodOop.hpp" #include "oops/symbol.hpp" #include "oops/typeArrayOop.hpp" +#include "prims/jvmtiRedefineClassesTrace.hpp" #include "runtime/fieldDescriptor.hpp" #include "runtime/handles.inline.hpp" #include "runtime/interfaceSupport.hpp" @@ -2538,11 +2539,35 @@ return mname->obj_field(_vmtarget_offset); } +bool java_lang_invoke_MemberName::is_method(oop mname) { + assert(is_instance(mname), "must be MemberName"); + return (flags(mname) & (MN_IS_METHOD | MN_IS_CONSTRUCTOR)) > 0; +} + // Can be executed on VM thread only -void java_lang_invoke_MemberName::adjust_vmtarget(oop mname, oop ref) { - assert((is_instance(mname) && (flags(mname) & (MN_IS_METHOD | MN_IS_CONSTRUCTOR)) > 0), "wrong type"); +void java_lang_invoke_MemberName::adjust_vmtarget(oop mname, methodOop old_method, + methodOop new_method, bool* trace_name_printed) { + assert(is_method(mname), "wrong type"); assert(Thread::current()->is_VM_thread(), "not VM thread"); - mname->address_field_put(_vmtarget_offset, (address)ref); + + methodOop target = (methodOop) mname->obj_field(_vmtarget_offset); + + if (target == old_method) { + mname->obj_field_put(_vmtarget_offset, new_method); + + if (RC_TRACE_IN_RANGE(0x00100000, 0x00400000)) { + if (!(*trace_name_printed)) { + // RC_TRACE_MESG macro has an embedded ResourceMark + RC_TRACE_MESG(("adjust: name=%s", + instanceKlass::cast(old_method->method_holder())->external_name())); + *trace_name_printed = true; + } + // RC_TRACE macro has an embedded ResourceMark + RC_TRACE(0x00400000, ("MemberName method update: %s(%s)", + new_method->name()->as_C_string(), + new_method->signature()->as_C_string())); + } + } } void java_lang_invoke_MemberName::set_vmtarget(oop mname, oop ref) { --- old/src/share/vm/classfile/javaClasses.hpp Wed Jan 14 21:29:58 2015 +++ new/src/share/vm/classfile/javaClasses.hpp Wed Jan 14 21:29:58 2015 @@ -28,6 +28,7 @@ #include "classfile/systemDictionary.hpp" #include "jvmtifiles/jvmti.h" #include "oops/oop.hpp" +#include "oops/methodOop.hpp" #include "runtime/os.hpp" #include "utilities/utf8.hpp" @@ -1023,7 +1024,8 @@ static oop vmtarget(oop mname); static void set_vmtarget(oop mname, oop target); - static void adjust_vmtarget(oop mname, oop target); + static void adjust_vmtarget(oop mname, methodOop old_method, methodOop new_method, + bool* trace_name_printed); static intptr_t vmindex(oop mname); static void set_vmindex(oop mname, intptr_t index); @@ -1036,6 +1038,8 @@ return obj != NULL && is_subclass(obj->klass()); } + static bool is_method(oop obj); + // Relevant integer codes (keep these in synch. with MethodHandleNatives.Constants): enum { MN_IS_METHOD = 0x00010000, // method (not constructor) --- old/src/share/vm/oops/cpCacheOop.cpp Wed Jan 14 21:29:59 2015 +++ new/src/share/vm/oops/cpCacheOop.cpp Wed Jan 14 21:29:59 2015 @@ -615,7 +615,9 @@ m = f1_as_method(); } - assert(m != NULL && m->is_method(), "sanity check"); + // Secondary entry can have vfinal flag and a NULL _f2, giving m==NULL here: + assert(is_secondary_entry() || (m != NULL && m->is_method()), "sanity check"); + if (m == NULL || !m->is_method() || (k != NULL && m->method_holder() != k)) { // robustness for above sanity checks or method is not in // the interesting class --- old/src/share/vm/oops/instanceKlass.cpp Wed Jan 14 21:30:00 2015 +++ new/src/share/vm/oops/instanceKlass.cpp Wed Jan 14 21:30:00 2015 @@ -2344,28 +2344,27 @@ return NULL; } -void instanceKlass::add_member_name(int index, Handle mem_name) { +bool instanceKlass::add_member_name(Handle mem_name) { jweak mem_name_wref = JNIHandles::make_weak_global(mem_name); MutexLocker ml(MemberNameTable_lock); - assert(0 <= index && index < idnum_allocated_count(), "index is out of bounds"); DEBUG_ONLY(No_Safepoint_Verifier nsv); - if (_member_names == NULL) { - _member_names = new (ResourceObj::C_HEAP, mtClass) MemberNameTable(idnum_allocated_count()); + // Check if method has been redefined while taking out MemberNameTable_lock, if so + // return false. We cannot cache obsolete methods. They will crash when the function + // is called! + methodOop method = (methodOop) java_lang_invoke_MemberName::vmtarget(mem_name()); + if (method->is_obsolete()) { + return false; + } else if (method->is_old()) { + // Replace method with redefined version + java_lang_invoke_MemberName::set_vmtarget(mem_name(), method_with_idnum(method->method_idnum())); } - _member_names->add_member_name(index, mem_name_wref); -} -oop instanceKlass::get_member_name(int index) { - MutexLocker ml(MemberNameTable_lock); - assert(0 <= index && index < idnum_allocated_count(), "index is out of bounds"); - DEBUG_ONLY(No_Safepoint_Verifier nsv); - if (_member_names == NULL) { - return NULL; + _member_names = new (ResourceObj::C_HEAP, mtClass) MemberNameTable(idnum_allocated_count()); } - oop mem_name =_member_names->get_member_name(index); - return mem_name; + _member_names->add_member_name(mem_name_wref); + return true; } // ----------------------------------------------------------------------------------------------------- --- old/src/share/vm/oops/instanceKlass.hpp Wed Jan 14 21:30:01 2015 +++ new/src/share/vm/oops/instanceKlass.hpp Wed Jan 14 21:30:00 2015 @@ -977,8 +977,7 @@ // JSR-292 support MemberNameTable* member_names() { return _member_names; } void set_member_names(MemberNameTable* member_names) { _member_names = member_names; } - void add_member_name(int index, Handle member_name); - oop get_member_name(int index); + bool add_member_name(Handle member_name); public: // JVMTI support --- old/src/share/vm/prims/jvm.cpp Wed Jan 14 21:30:01 2015 +++ new/src/share/vm/prims/jvm.cpp Wed Jan 14 21:30:01 2015 @@ -597,12 +597,12 @@ // Make shallow object copy const int size = obj->size(); - oop new_obj = NULL; + oop new_obj_oop = NULL; if (obj->is_javaArray()) { const int length = ((arrayOop)obj())->length(); - new_obj = CollectedHeap::array_allocate(klass, size, length, CHECK_NULL); + new_obj_oop = CollectedHeap::array_allocate(klass, size, length, CHECK_NULL); } else { - new_obj = CollectedHeap::obj_allocate(klass, size, CHECK_NULL); + new_obj_oop = CollectedHeap::obj_allocate(klass, size, CHECK_NULL); } // 4839641 (4840070): We must do an oop-atomic copy, because if another thread // is modifying a reference field in the clonee, a non-oop-atomic copy might @@ -614,24 +614,39 @@ // The same is true of StubRoutines::object_copy and the various oop_copy // variants, and of the code generated by the inline_native_clone intrinsic. assert(MinObjAlignmentInBytes >= BytesPerLong, "objects misaligned"); - Copy::conjoint_jlongs_atomic((jlong*)obj(), (jlong*)new_obj, + Copy::conjoint_jlongs_atomic((jlong*)obj(), (jlong*)new_obj_oop, (size_t)align_object_size(size) / HeapWordsPerLong); // Clear the header - new_obj->init_mark(); + new_obj_oop->init_mark(); // Store check (mark entire object and let gc sort it out) BarrierSet* bs = Universe::heap()->barrier_set(); assert(bs->has_write_region_opt(), "Barrier set does not have write_region"); - bs->write_region(MemRegion((HeapWord*)new_obj, size)); + bs->write_region(MemRegion((HeapWord*)new_obj_oop, size)); + Handle new_obj(THREAD, new_obj_oop); + // Special handling for MemberNames. Since they contain Method* metadata, they + // must be registered so that RedefineClasses can fix metadata contained in them. + if (java_lang_invoke_MemberName::is_instance(new_obj()) && + java_lang_invoke_MemberName::is_method(new_obj())) { + methodOop method = (methodOop)java_lang_invoke_MemberName::vmtarget(new_obj()); + // MemberName may be unresolved, so doesn't need registration until resolved. + if (method != NULL) { + // add_member_name() can safepoint: use Handle for method and new_obj: + methodHandle m(THREAD, method); + instanceKlass::cast(m->method_holder())->add_member_name(new_obj); + } + } + // Caution: this involves a java upcall, so the clone should be // "gc-robust" by this stage. if (klass->has_finalizer()) { assert(obj->is_instance(), "should be instanceOop"); - new_obj = instanceKlass::register_finalizer(instanceOop(new_obj), CHECK_NULL); + new_obj_oop = instanceKlass::register_finalizer(instanceOop(new_obj()), CHECK_NULL); + new_obj = Handle(THREAD, new_obj_oop); } - return JNIHandles::make_local(env, oop(new_obj)); + return JNIHandles::make_local(env, new_obj()); JVM_END // java.lang.Compiler //////////////////////////////////////////////////// --- old/src/share/vm/prims/methodHandles.cpp Wed Jan 14 21:30:02 2015 +++ new/src/share/vm/prims/methodHandles.cpp Wed Jan 14 21:30:02 2015 @@ -29,6 +29,7 @@ #include "interpreter/oopMapCache.hpp" #include "memory/allocation.inline.hpp" #include "memory/oopFactory.hpp" +#include "oops/methodOop.hpp" #include "prims/jvmtiRedefineClassesTrace.hpp" #include "prims/methodHandles.hpp" #include "runtime/compilationPolicy.hpp" @@ -252,9 +253,13 @@ // If relevant, the vtable or itable value is stored as vmindex. // This is done eagerly, since it is readily available without // constructing any new objects. - instanceKlass::cast(m->method_holder())->add_member_name(m->method_idnum(), mname); - return mname(); + if (instanceKlass::cast(m->method_holder())->add_member_name(mname)) { + return mname(); + } else { + // Redefinition caused this to fail. Return NULL (and an exception?) + return NULL; + } } Handle MethodHandles::init_method_MemberName(Handle mname, CallInfo& info, TRAPS) { @@ -993,62 +998,27 @@ } } -void MemberNameTable::add_member_name(int index, jweak mem_name_wref) { +void MemberNameTable::add_member_name(jweak mem_name_wref) { assert_locked_or_safepoint(MemberNameTable_lock); - this->at_put_grow(index, mem_name_wref); + this->push(mem_name_wref); } -// Return a member name oop or NULL. -oop MemberNameTable::get_member_name(int index) { - assert_locked_or_safepoint(MemberNameTable_lock); - jweak ref = this->at(index); - oop mem_name = JNIHandles::resolve(ref); - return mem_name; -} -oop MemberNameTable::find_member_name_by_method(methodOop old_method) { - assert_locked_or_safepoint(MemberNameTable_lock); - oop found = NULL; - int len = this->length(); - - for (int idx = 0; idx < len; idx++) { - oop mem_name = JNIHandles::resolve(this->at(idx)); - if (mem_name == NULL) { - continue; - } - methodOop method = (methodOop)java_lang_invoke_MemberName::vmtarget(mem_name); - if (method == old_method) { - found = mem_name; - break; - } - } - return found; -} - -// It is called at safepoint only +// It is called at safepoint only for RedefineClasses void MemberNameTable::adjust_method_entries(methodOop* old_methods, methodOop* new_methods, int methods_length, bool *trace_name_printed) { assert(SafepointSynchronize::is_at_safepoint(), "only called at safepoint"); - // search the MemberNameTable for uses of either obsolete or EMCP methods + // For each redefined method for (int j = 0; j < methods_length; j++) { methodOop old_method = old_methods[j]; methodOop new_method = new_methods[j]; - oop mem_name = find_member_name_by_method(old_method); - if (mem_name != NULL) { - java_lang_invoke_MemberName::adjust_vmtarget(mem_name, new_method); - - if (RC_TRACE_IN_RANGE(0x00100000, 0x00400000)) { - if (!(*trace_name_printed)) { - // RC_TRACE_MESG macro has an embedded ResourceMark - RC_TRACE_MESG(("adjust: name=%s", - Klass::cast(old_method->method_holder())->external_name())); - *trace_name_printed = true; - } - // RC_TRACE macro has an embedded ResourceMark - RC_TRACE(0x00400000, ("MemberName method update: %s(%s)", - new_method->name()->as_C_string(), - new_method->signature()->as_C_string())); - } + // search the MemberNameTable for uses of either obsolete or EMCP methods + for (int idx = 0; idx < length(); idx++) { + oop mem_name = JNIHandles::resolve(this->at(idx)); + if (mem_name != NULL) { + java_lang_invoke_MemberName::adjust_vmtarget(mem_name, old_method, new_method, + trace_name_printed); + } } } } --- old/src/share/vm/prims/methodHandles.hpp Wed Jan 14 21:30:03 2015 +++ new/src/share/vm/prims/methodHandles.hpp Wed Jan 14 21:30:03 2015 @@ -238,8 +238,7 @@ MemberNameTable(int methods_cnt); ~MemberNameTable(); - void add_member_name(int index, jweak mem_name_ref); - oop get_member_name(int index); + void add_member_name(jweak mem_name_ref); public: // RedefineClasses() API support: @@ -247,8 +246,6 @@ // to refer to new_method. void adjust_method_entries(methodOop* old_methods, methodOop* new_methods, int methods_length, bool *trace_name_printed); - private: - oop find_member_name_by_method(methodOop old_method); }; #endif // SHARE_VM_PRIMS_METHODHANDLES_HPP --- /dev/null Wed Jan 14 21:30:03 2015 +++ new/test/compiler/jsr292/RedefineMethodUsedByMultipleMethodHandlesNoASM.java Wed Jan 14 21:30:03 2015 @@ -0,0 +1,246 @@ +/* + * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/** + * @test + * @bug 8042235 + * @summary redefining method used by multiple MethodHandles crashes VM + * @compile -XDignore.symbol.file RedefineMethodUsedByMultipleMethodHandlesNoASM.java + * @run main/othervm -XX:+UnlockDiagnosticVMOptions -XX:+EnableInvokeDynamic RedefineMethodUsedByMultipleMethodHandlesNoASM + */ + +import java.io.*; +import java.lang.instrument.*; +import java.lang.invoke.*; +import java.lang.invoke.MethodHandles.Lookup; +import java.lang.management.*; +import java.lang.reflect.*; +import java.nio.file.*; +import java.security.*; +import java.util.jar.*; + +import javax.tools.*; + +public class RedefineMethodUsedByMultipleMethodHandlesNoASM { + + static class Foo { + public static Object getName() { + int fooInt = 1; + if (true) { + // We "just know" that this creates bytecodes: + // bipush 0x7 0x10 0x7 + // ishl 0x78 + fooInt <<= 0x7; + } + return "foo" + fooInt; + } + } + + public static void main(String[] args) throws Throwable { + + Lookup lookup = MethodHandles.lookup(); + Method fooMethod = Foo.class.getDeclaredMethod("getName"); + + // fooMH2 displaces fooMH1 from the MemberNamesTable + MethodHandle fooMH1 = lookup.unreflect(fooMethod); + MethodHandle fooMH2 = lookup.unreflect(fooMethod); + + System.out.println("Foo.getName() = " + Foo.getName()); + System.out.println("fooMH1.invoke = " + fooMH1.invokeExact()); + System.out.println("fooMH2.invoke = " + fooMH2.invokeExact()); + + // Redefining Foo.getName() causes vmtarget to be updated + // in fooMH2 but not fooMH1 + redefineFoo(); + + // Full GC causes fooMH1.vmtarget to be deallocated + System.gc(); + + // Calling fooMH1.vmtarget crashes the VM on JDK8, on JDK7 we see + // the wrong method invoked, we execute the old code. + Object newResult = fooMH1.invokeExact(); + System.out.println("fooMH1.invoke = " + fooMH1.invokeExact()); + if (!((String) newResult).equals("foo32")) { + throw new RuntimeException("failed, fooMH1 invoke gets '" + newResult + "'"); + } + } + + /** + * Adds the class file bytes for {@code c} to {@code jar}. + */ + static void add(JarOutputStream jar, Class c) throws IOException { + String classAsPath = c.getName().replace('.', '/') + ".class"; + jar.putNextEntry(new JarEntry(classAsPath)); + InputStream stream = c.getClassLoader().getResourceAsStream(classAsPath); + + int b; + while ((b = stream.read()) != -1) { + jar.write(b); + } + } + + static void redefineFoo() throws Exception { + Manifest manifest = new Manifest(); + manifest.getMainAttributes().put(Attributes.Name.MANIFEST_VERSION, "1.0"); + Attributes mainAttrs = manifest.getMainAttributes(); + mainAttrs.putValue("Agent-Class", FooAgent.class.getName()); + mainAttrs.putValue("Can-Redefine-Classes", "true"); + mainAttrs.putValue("Can-Retransform-Classes", "true"); + + Path jar = Files.createTempFile("myagent", ".jar"); + try { + JarOutputStream jarStream = new JarOutputStream(new FileOutputStream(jar.toFile()), manifest); + add(jarStream, FooAgent.class); + add(jarStream, FooTransformer.class); + jarStream.close(); + runAgent(jar); + } finally { + Files.deleteIfExists(jar); + } + } + + public static void runAgent(Path agent) throws Exception { + String vmName = ManagementFactory.getRuntimeMXBean().getName(); + int p = vmName.indexOf('@'); + assert p != -1 : "VM name not in @ format: " + vmName; + String pid = vmName.substring(0, p); + ClassLoader cl = ToolProvider.getSystemToolClassLoader(); + Class c = Class.forName("com.sun.tools.attach.VirtualMachine", true, cl); + Method attach = c.getDeclaredMethod("attach", String.class); + Method loadAgent = c.getDeclaredMethod("loadAgent", String.class); + Method detach = c.getDeclaredMethod("detach"); + Object vm = attach.invoke(null, pid); + loadAgent.invoke(vm, agent.toString()); + detach.invoke(vm); + } + + public static class FooAgent { + + public static void agentmain(@SuppressWarnings("unused") String args, Instrumentation inst) throws Exception { + assert inst.isRedefineClassesSupported(); + assert inst.isRetransformClassesSupported(); + inst.addTransformer(new FooTransformer(), true); + Class[] classes = inst.getAllLoadedClasses(); + for (int i = 0; i < classes.length; i++) { + Class c = classes[i]; + if (c == Foo.class) { + inst.retransformClasses(new Class[]{c}); + } + } + } + } + + + /** + * This method will only be called on the class Foo, above, and that class + * only has the method getName(). + * Avoid using the objectweb ASM library as we do in jdk8, by + * looking for a specific bytecode pattern (which this method does not really + * understand). + */ + static class FooTransformer implements ClassFileTransformer { + + @Override + public byte[] transform(ClassLoader cl, String className, Class classBeingRedefined, ProtectionDomain protectionDomain, + byte[] classfileBuffer) throws IllegalClassFormatException { + + + if (Foo.class.equals(classBeingRedefined)) { + + try { + System.out.println("redefining " + classBeingRedefined); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + InputStream is = new ByteArrayInputStream(classfileBuffer); + copyWithSubstitution(is, new byte[] {(byte)0x10,(byte)0x07,(byte)0x78}, + new byte[] {(byte)0x10,(byte)0x05,(byte)0x78}, + baos); + return baos.toByteArray(); + } catch(Exception e) { + e.printStackTrace(); + } + } + return classfileBuffer; + } + + /** + * Copy bytes from a Reader to an OutputStream. If a sequence of bytes + * matches the given oldBytes byte array, write the newBytes array instead. + */ + public void copyWithSubstitution(InputStream is, byte[] oldBytes, byte [] newBytes, OutputStream out) throws Exception { + + byte[] buffer = new byte[oldBytes.length]; + + while (is.available() > 0) { + int i = 0xff & is.read(); + if (i != oldBytes[0]) { + out.write(i); + continue; + } + int pos = 0; + while (pos < oldBytes.length && oldBytes[pos] == (byte) i) { + buffer[pos] = (byte) i; + pos++; + i = is.read(); + } + // We have read as much as matches oldBytes, plus one byte (now in i). + // Write out: + // buffer it if did not match fully + // new bytes if it was a full match + if (pos > 0) { + if (pos == oldBytes.length) { + System.out.println("copyWithSubstitution: replacing: "); + printBytesOn(System.out, buffer); + System.out.println("copyWithSubstitution: with:"); + printBytesOn(System.out, newBytes); + out.write(newBytes, 0, newBytes.length); + } else { + out.write(buffer, 0, pos); + } + } + // Does not handle two sequential occurrences of oldBytes. + out.write(i); + } + out.close(); + } + + + public static void printBytesOn(PrintStream out, byte[] bytes) { + int numColumns = 16; + int column = 0; + for (int i = 0; i < bytes.length; i++) { + if (column == 0) { + out.print(i); + out.print("\t"); + } + out.print("0x" + Integer.toHexString(255 & bytes[i]) + /* + " (" + (char) bytes[i] + */ + "\t"); + column++; + if (column == numColumns) { + out.println(); + column = 0; + } + } + out.println(); + } + } +}