8261395: C1 crash "cannot make java calls from the native compiler" #3913
If a nest host and a nest member are associated with different protection domains it can lead to execution of Java code (to validate the "new" protection domain) during a nestmate access check, if nest membership verification has not yet been performed. This will cause assertion or guarantee failures if executed by a JIT compiler thread during access checks.
After much discussion and trying different solutions it was decided that the existing logic for nest membership validation unnecessarily tries to resolve constant-pool entries, when it suffices that the symbolic entry in the constant-pool has the same name as the class being checked. Given this check occurs after we have verified the nest host and the purported member are loaded by the same classloader and in the same runtime package, there can only be one class with the name of the member, and that is the member class. Hence resolution of the constant-pool entry serves no purpose but introduces the complexity of dealing with exceptions and avoiding Java code execution in compiler threads.
Thanks to both Coleen and Ioi for their insights, discussions and contributions.
The text was updated successfully, but these errors were encountered:
…ss_at but can use resolved_klass_at. Now exceptions are truly impossible.
This avoids any possibility of class loading or executing any Java code and removes all possibility of exceptions in this part of the nestmate verification process.
@dholmes-ora This change now passes all automated pre-integration checks.
After integration, the commit message for the final commit will be:
At the time when this comment was updated there had been 40 new commits pushed to the
As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.
…ert the introduction of "current".
Thanks for the reviews Coleen, Ioi and Harold.
Minor updates in place based on Coleen's feedback and suggestions. Please re-review.
@coleenp we wouldn't have arrived at this simplified name-check-only version without all of the discussions and investigations of how to fix the more complex version. So credit remains where credit is due. :)
@dholmes-ora Since your change was applied there have been 46 commits pushed to the
Your commit was automatically rebased without conflicts.
Pushed as commit e828a93.
On 8/05/2021 12:08 am, Harold Seigel wrote:
Thanks for the review Harold!
On 12/05/2021 9:34 am, Coleen Phillimore wrote:
It would be "wrong" to actually call that as it calls
Thanks for the review.