Re: java.lang.VerifyError: Inconsistent stackmap frames at branch target

Thu, 01 Dec 2016 04:02:58 -0800 

Running with assertions enabled shows that the error is in “this.length >>>=0” 
expression on line 31. Reducing the testcase to just:

(function (p) {
 if (p) {
   this.length >>>= 0;  // Coerce to uint32.
 }
})(false)

also reproduces the problem (at least, the assertion; it will cause a somewhat 
different issue without assertions).

Attila.

> On 01 Dec 2016, at 12:18, Frantzius, Jörg <joerg.frantz...@aperto.com> wrote:
> 
> Hi Sunda,
> 
> you can reproduce by putting the following into a test.js file and executing 
> it using jjs.
> 
> ======== snip =============
> 
> function Buffer(subject, encoding) {
>  if (!util.isBuffer(this))
>    return new Buffer(subject, encoding);
> 
>  if (util.isNumber(subject)) {
>    this.length = +subject;
> 
>  } else if (util.isString(subject)) {
>    if (!util.isString(encoding) || encoding.length === 0)
>      encoding = 'utf8';
>    this.length = Buffer.byteLength(subject, encoding);
> 
>  // Handle Arrays, Buffers, Uint8Arrays or JSON.
>  } else if (util.isObject(subject)) {
>    if (subject.type === 'Buffer' && util.isArray(subject.data))
>      subject = subject.data;
>    this.length = +subject.length;
> 
>  } else {
>    throw new TypeError('must start with number, buffer, array or string');
>  }
> 
>  if (this.length > kMaxLength) {
>    throw new RangeError('Attempt to allocate Buffer larger than maximum ' +
>                         'size: 0x' + kMaxLength.toString(16) + ' bytes');
>  }
> 
>  if (this.length < 0)
>    this.length = 0;
>  else
>    this.length >>>= 0;  // Coerce to uint32.
> 
>  this.parent = undefined;
>  if (this.length <= (Buffer.poolSize >>> 1) && this.length > 0) {
>    if (this.length > poolSize - poolOffset)
>      createPool();
>    this.parent = sliceOnto(allocPool,
>                            this,
>                            poolOffset,
>                            poolOffset + this.length);
>    poolOffset += this.length;
> 
>    // Ensure aligned slices
>    if (poolOffset & 0x7) {
>      poolOffset |= 0x7;
>      poolOffset++;
>    }
>  } else {
>    alloc(this, this.length);
>  }
> 
>  if (util.isNumber(subject)) {
>    return;
>  }
> 
>  if (util.isString(subject)) {
>    // In the case of base64 it's possible that the size of the buffer
>    // allocated was slightly too large. In this case we need to rewrite
>    // the length to the actual length written.
>    var len = this.write(subject, encoding);
>    // Buffer was truncated after decode, realloc internal ExternalArray
>    if (len !== this.length) {
>      var prevLen = this.length;
>      this.length = len;
>      truncate(this, this.length);
>      // Only need to readjust the poolOffset if the allocation is a slice.
>      if (this.parent != undefined)
>        poolOffset -= (prevLen - len);
>    }
> 
>  } else if (util.isBuffer(subject)) {
>    subject.copy(this, 0, 0, this.length);
> 
>  } else if (util.isNumber(subject.length) || util.isArray(subject)) {
>    // Really crappy way to handle Uint8Arrays, but V8 doesn't give a simple
>    // way to access the data from the C++ API.
>    for (var i = 0; i < this.length; i++)
>      this[i] = subject[i];
>  }
> }
> 
> new Buffer(1024);
> 
> ========== snip ==============
> 
> 
> I’ll hopefully get my OCA signed and sent in soon, so I can contribute in 
> JIRA.
> 
> Regards,
> Jörg
> 
> 
> ---
> 
> Dipl. Inf. Jörg von Frantzius, Technical Director
> 
> E-Mail joerg.frantz...@aperto.com
> 
> Phone +49 30 283921-318
> Fax +49 30 283921-29
> 
> Aperto GmbH – An IBM Company
> Chausseestraße 5, D-10115 Berlin
> http://www.aperto.com<http://www.aperto.de/>
> http://www.facebook.com/aperto
> https://www.xing.com/companies/apertoag
> 
> HRB 77049 B, AG Berlin Charlottenburg
> Geschäftsführer: Dirk Buddensiek, Kai Großmann, Stephan Haagen, Daniel Simon
> 
> Am 01.12.2016 um 07:46 schrieb Sundararajan Athijegannathan 
> <sundararajan.athijegannat...@oracle.com<mailto:sundararajan.athijegannat...@oracle.com>>:
> 
> Is there a simple reduced test case that we can use it to reproduce the issue 
> you're seeing? Please send us the same and we'll file a bug  (or you may do 
> that as well).
> 
> Thanks,
> -Sundar
> 
> On 29/11/16, 11:11 PM, Frantzius, Jörg wrote:
> Hi,
> 
> with JDK 1.8.0_112 (on Mac OS X) I’m running into the following error. When 
> querying 
> bugs.openjdk.java.net<http://bugs.openjdk.java.net><http://bugs.openjdk.java.net>
>   for "Current frame's stack size doesn't match stackmap“, I only found bugs 
> dating from 2013, so this may not be known yet?
> 
> Unfortunately I can’t see the Javascript file name or line number in the 
> error message. The last known source location node/lib/fs.js:374 that I can 
> step to in the Netbeans debugger is calling a constructor „Buffer(size)“, 
> which is likely this source: 
> https://github.com/nodejs/node/blob/v0.12.7-release/lib/buffer.js#L48
> 
> Following is the error message:
> 
> java.lang.VerifyError: Inconsistent stackmap frames at branch target 404
> Exception Details:
>  Location:
>    
> jdk/nashorn/internal/scripts/Script$Recompilation$414$1806AA$\^function\_.L:1#Buffer(Ljdk/nashorn/internal/runtime/ScriptFunction;Ljava/lang/Object;Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;
>  @382: goto
>  Reason:
>    Current frame's stack size doesn't match stackmap.
>  Current Frame:
>    bci: @382
>    flags: { }
>    locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 
> 'java/lang/Object', 'java/lang/Object', 'java/lang/Object', 
> 'jdk/nashorn/internal/runtime/ScriptObject' }
>    stack: { }
>  Stackmap Frame:
>    bci: @404
>    flags: { }
>    locals: { 'jdk/nashorn/internal/runtime/ScriptFunction', 
> 'java/lang/Object', 'java/lang/Object', 'java/lang/Object', 
> 'jdk/nashorn/internal/runtime/ScriptObject' }
>    stack: { 'java/lang/Object' }
>  Bytecode:
>    0x0000000: 2ab6 0014 3a04 1904 ba00 2000 0059 ba00
>    0x0000010: 2300 005f 2bba 0027 0000 9a00 1219 04ba
>    0x0000020: 002a 0000 2c2d ba00 2e00 00b0 1904 ba00
>    0x0000030: 2000 0059 ba00 3100 005f 2cba 0034 0000
>    0x0000040: 9900 102b 2cb8 003a ba00 3e00 00a7 00d5
>    0x0000050: 1904 ba00 2000 0059 ba00 4100 005f 2cba
>    0x0000060: 0044 0000 9900 4d19 04ba 0020 0000 59ba
>    0x0000070: 0041 0000 5f2d ba00 4400 0099 0012 2dba
>    0x0000080: 0047 0000 b800 4a03 8798 9a00 0912 4cb8
>    0x0000090: 0050 4e2b 1904 ba00 5500 0059 ba00 5800
>    0x00000a0: 005f 2c2d ba00 5c00 00ba 005f 0000 a700
>    0x00000b0: 7419 04ba 0020 0000 59ba 0062 0000 5f2c
>    0x00000c0: ba00 6500 0099 0043 2cba 0068 0000 126a
>    0x00000d0: b800 7099 0026 1904 ba00 2000 0059 ba00
>    0x00000e0: 7300 005f 2cba 0076 0000 ba00 7900 0099
>    0x00000f0: 000a 2cba 0076 0000 4d2b 2cba 007b 0000
>    0x0000100: ba00 3e00 00a7 001d 1904 b600 80ba 0083
>    0x0000110: 0000 1285 ba00 8900 0012 8b10 4507 b800
>    0x0000120: 91bf 2bba 0047 0000 1904 ba00 9400 00b8
>    0x0000130: 0097 9900 3a19 04b6 0080 ba00 9a00 0012
>    0x0000140: 9c19 04ba 0094 0000 59ba 009f 0000 5f10
>    0x0000150: 10ba 00a3 0000 b800 a712 a9b8 00a7 ba00
>    0x0000160: ac00 0012 8b10 4907 b800 91bf 2bba 007b
>    0x0000170: 0000 0e98 9c00 0d2b 03ba 00af 0000 a700
>    0x0000180: 162b 592b ba00 4700 00b8 00b3 b800 b7ba
>    0x0000190: 003e 0000 2b19 04b6 0080 ba00 ba00 00ba
>    0x00001a0: 00bd 0000 2bba 0047 0000 1904 ba00 5500
>    0x00001b0: 00ba 00c0 0000 047c b800 b75d 58b8 003a
>    0x00001c0: 5e58 989d 00c3 2bba 007b 0000 0e97 9e00
>    0x00001d0: b82b ba00 4700 0019 04ba 00c2 0000 1904
>    0x00001e0: ba00 c500 005f b800 3a5d 58b8 003a 675d
>    0x00001f0: 58b8 003a 5e58 979e 0013 1904 ba00 c800
>    0x0000200: 00b2 00cc ba00 d000 0057 2b19 04ba 00d3
>    0x0000210: 0000 b200 cc19 04ba 00d6 0000 2b19 04ba
>    0x0000220: 00c5 0000 1904 ba00 c500 002b ba00 4700
>    0x0000230: 00b8 00a7 ba00 da00 00ba 00bd 0000 1904
>    0x0000240: 1904 ba00 c500 002b ba00 4700 00b8 00a7
>    0x0000250: ba00 dd00 0019 04ba 00df 0000 1007 7e99
>    0x0000260: 0024 1904 1904 ba00 df00 0010 0780 ba00
>    0x0000270: e100 0019 0419 04ba 00e3 0000 0f63 ba00
>    0x0000280: e500 00a7 001a 1904 ba00 e800 00b2 00cc
>    0x0000290: 2b2b ba00 4700 00ba 00ec 0000 5719 04ba
>    0x00002a0: 0020 0000 59ba 0031 0000 5f2c ba00 3400
>    0x00002b0: 0099 0007 b200 ccb0 1904 ba00 2000 0059
>    0x00002c0: ba00 4100 005f 2cba 0044 0000 9900 8b2b
>    0x00002d0: 59ba 00ef 0000 5f2c 2dba 00f2 0000 3a05
>    0x00002e0: 1905 2bba 0047 0000 b800 f599 0064 2bba
>    0x00002f0: 0047 0000 3a06 2b19 05ba 005f 0000 1904
>    0x0000300: ba00 f800 00b2 00cc 2b2b ba00 4700 00ba
>    0x0000310: 00fb 0000 572b ba00 fe00 0019 04b6 0080
>    0x0000320: ba00 ba00 00b8 0101 9900 2419 0419 04ba
>    0x0000330: 00c5 0000 1906 b800 3a19 05b8 003a 675d
>    0x0000340: 58b8 003a 5e58 67ba 00e5 0000 a700 08b2
>    0x0000350: 00cc 3a06 a700 9e19 04ba 0020 0000 59ba
>    0x0000360: 0023 0000 5f2c ba00 2700 0099 001d 2c59
>    0x0000370: ba01 0400 005f 2b03 032b ba00 4700 00ba
>    0x0000380: 0108 0000 57a7 0063 1904 ba00 2000 0059
>    0x0000390: ba00 3100 005f 2cba 0047 0000 ba00 3400
>    0x00003a0: 009a 001a 1904 ba00 2000 0059 ba00 7300
>    0x00003b0: 005f 2cba 0079 0000 9900 3003 3607 1507
>    0x00003c0: 8739 0818 082b ba00 7b00 0098 9c00 1c2b
>    0x00003d0: 1808 2c18 08ba 010e 0000 ba01 1200 0018
>    0x00003e0: 080f 6339 08a7 ffde b200 cc3a 06b2 00cc
>    0x00003f0: 3a05 b200 ccb0
>  Stackmap Table:
>    append_frame(@44,Object[#125])
>    same_frame(@80)
>    same_frame(@141)
>    same_frame(@147)
>    same_frame(@177)
>    same_frame_extended(@249)
>    same_frame(@264)
>    same_frame(@290)
>    same_frame_extended(@364)
>    same_frame(@385)
>    same_locals_1_stack_item_frame(@404,Object[#286])
>    same_locals_1_stack_item_extended(@522,Object[#286])
>    same_locals_1_stack_item_extended(@643,Object[#286])
>    same_locals_1_stack_item_frame(@646,Object[#286])
>    same_locals_1_stack_item_frame(@669,Object[#286])
>    same_locals_1_stack_item_frame(@696,Object[#286])
>    
> full_frame(@844,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
>    
> full_frame(@847,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286]},{Object[#286]})
>    
> full_frame(@852,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
>    
> full_frame(@855,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125]},{Object[#286]})
>    same_locals_1_stack_item_frame(@904,Object[#286])
>    same_locals_1_stack_item_frame(@955,Object[#286])
>    
> full_frame(@963,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Top,Top,Integer,Double},{Object[#286]})
>    
> full_frame(@1000,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125]},{Object[#286]})
>    
> full_frame(@1010,{Object[#16],Object[#286],Object[#286],Object[#286],Object[#125],Object[#286],Object[#286]},{Object[#286]})
> 
> at java.lang.Class.getDeclaredFields0(Native Method)
> at java.lang.Class.privateGetDeclaredFields(Class.java:2583)
> at java.lang.Class.getDeclaredField(Class.java:2068)
> at 
> jdk.nashorn.internal.runtime.Context$ContextCodeInstaller$1.run(Context.java:209)
> at 
> jdk.nashorn.internal.runtime.Context$ContextCodeInstaller$1.run(Context.java:204)
> at java.security.AccessController.doPrivileged(Native Method)
> at 
> jdk.nashorn.internal.runtime.Context$ContextCodeInstaller.initialize(Context.java:204)
> at 
> jdk.nashorn.internal.codegen.CompilationPhase$InstallPhase.transform(CompilationPhase.java:508)
> at 
> jdk.nashorn.internal.codegen.CompilationPhase.apply(CompilationPhase.java:624)
> at jdk.nashorn.internal.codegen.Compiler.compile(Compiler.java:655)
> at 
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.compileTypeSpecialization(RecompilableScriptFunctionData.java:725)
> at 
> jdk.nashorn.internal.runtime.RecompilableScriptFunctionData.getBest(RecompilableScriptFunctionData.java:905)
> at 
> jdk.nashorn.internal.runtime.ScriptFunctionData.getBest(ScriptFunctionData.java:375)
> at 
> jdk.nashorn.internal.runtime.ScriptFunctionData.getBestConstructor(ScriptFunctionData.java:247)
> at 
> jdk.nashorn.internal.runtime.ScriptFunction.findNewMethod(ScriptFunction.java:758)
> at jdk.nashorn.internal.runtime.ScriptObject.lookup(ScriptObject.java:1827)
> at 
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:104)
> at 
> jdk.nashorn.internal.runtime.linker.NashornLinker.getGuardedInvocation(NashornLinker.java:98)
> at 
> jdk.internal.dynalink.support.CompositeTypeBasedGuardingDynamicLinker.getGuardedInvocation(CompositeTypeBasedGuardingDynamicLinker.java:176)
> at 
> jdk.internal.dynalink.support.CompositeGuardingDynamicLinker.getGuardedInvocation(CompositeGuardingDynamicLinker.java:124)
> at 
> jdk.internal.dynalink.support.LinkerServicesImpl.getGuardedInvocation(LinkerServicesImpl.java:154)
> at jdk.internal.dynalink.DynamicLinker.relink(DynamicLinker.java:253)
> at 
> jdk.nashorn.internal.scripts.Script$Recompilation$402$9044AA$\^function\_.L:1#readFileSync(node/lib/fs.js:374)
> [..]
> 
> Any help or hints would be very appreciated!
> 
> Regards,
> Jörg
> 
> ---
> 
> Dipl. Inf. Jörg von Frantzius, Technical Director
> 
> E-Mail joerg.frantz...@aperto.com<mailto:joerg.frantz...@aperto.com>
> 
> Phone +49 30 283921-318
> Fax +49 30 283921-29
> 
> Aperto GmbH – An IBM Company
> Chausseestraße 5, D-10115 Berlin
> http://www.aperto.com<http://www.aperto.de/>
> http://www.facebook.com/aperto
> https://www.xing.com/companies/apertoag
> 
> HRB 77049 B, AG Berlin Charlottenburg
> Vorstand: Dirk Buddensiek (Vorsitzender), Kai Großmann, Stephan Haagen, 
> Daniel Simon
> Aufsichtsrat: Matthew Candy (Vorsitzender)
> 
>

Reply via email to