8365526: Crash with null Symbol passed to SystemDictionary::resolve_or_null

[coleenp]

The vm was crashing because the constant pool couldn't find the resolution error in the ResolutionErrorEntry error field.

There are two uses of ResolutionErrorEntry in the ResolutionErrorTable. The key to this table is {ConstantPool, cp-index}. In this crash, multiple threads were racing to record nest_host_errors in the case where resolution failed. In this case, there was already a ResolutionErrorEntry in the table for the constant pool resolution failure. In the 'if' case of add_nest_host_error we check to see if there's already a nest_host_error assuming it's the same error, then the 'else' case was unconditionally adding a ResolutionErrorEntry with just the nest host message. Calling HashTable::put() with this entry with just the nest host message, was overwriting the entry with the constant pool resolution error, ie. the other fields. The crash happened in ConstantPool::throw_resolution_error() because the error field was overwritten (and leaked too).

Add a null check before calling ResolutionErrorEntry add entry. Also added an assert that we only add a resolution error for nest host errors in the case of success since in the case of failure there will always already be a ResolutionErrorEntry for the failing constant pool and cp index and we don't want to overwrite that again.

Tested with submitted reproducer and tier1-4.

---

Progress

• Change must be properly reviewed (1 review required, with at least 1 Reviewer)
• Change must not contain extraneous whitespace
• Commit message must refer to an issue

Issue

• JDK-8365526: Crash with null Symbol passed to SystemDictionary::resolve_or_null (Bug - P3)

Reviewers

• Tom Rodriguez (@tkrodriguez - Reviewer) 🔄 Re-review required (review applies to 6123316c)

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.org/jdk.git pull/28438/head:pull/28438
$ git checkout pull/28438

Update a local copy of the PR:
$ git checkout pull/28438
$ git pull https://git.openjdk.org/jdk.git pull/28438/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 28438

View PR using the GUI difftool:
$ git pr show -t 28438

Using diff file

Download this PR as a diff file:
https://git.openjdk.org/jdk/pull/28438.diff

Using Webrev

Link to Webrev Comment

[bridgekeeper]

👋 Welcome back coleenp! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

[openjdk]

@coleenp This change is no longer ready for integration - check the PR body for details.

[openjdk]

@coleenp The following label will be automatically applied to this pull request:

• hotspot-runtime

When this pull request is ready to be reviewed, an "RFR" email will be sent to the corresponding mailing list. If you would like to change these labels, use the /label pull request command.

[mlbridge]

Webrevs

• 01: Full - Incremental (8e7be57d)
• 00: Full (6123316c)

[tkrodriguez]

Thanks for tracking this down! Looks good.

[tkrodriguez]

I might be inclined to swap the cases.

if (entry == nullptr) {
    ...
} else if (entry->nest_host_error() == nullptr) {
    ...
}

Is there ever a situation where replacing an entry in ResolutionErrorTable is correct? Maybe there should be a check for that somewhere?

[coleenp]

Yes, this reorganization would look nicer.
No, there's a never a situation where calling replacing an entry in the ResolutionErrorTable is correct because this HashTable::put() function leaks the value that it has replaced. I've been testing an assert for this.
In general, this function can leak the value but I did a test and we don't leak anything but this one right now. But I think we should fix this separately.