Fail gracefully when invoking method pointers to null or uncompiled methods.

Author: peter-hofer

substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/InvalidVTableEntryHandler.java renamed to substratevm/src/com.oracle.svm.core/src/com/oracle/svm/core/InvalidMethodPointerHandler.java

@@ -43,16 +43,33 @@
 import com.oracle.svm.util.ReflectionUtil;
 
 /**
- * Provides a stub method that can be used to fill otherwise unused vtable slots. Instead of a
- * segfault, this method provides a full diagnostic output with a stack trace.
+ * Provides stub methods that can be used for uninitialized method pointers. Instead of a segfault,
+ * the stubs provide full diagnostic output with a stack trace.
  */
-public final class InvalidVTableEntryHandler {
-    public static final Method HANDLER_METHOD = ReflectionUtil.lookupMethod(InvalidVTableEntryHandler.class, "invalidVTableEntryHandler");
-    public static final String MSG = "Fatal error: Virtual method call used an illegal vtable entry that was seen as unused by the static analysis";
+public final class InvalidMethodPointerHandler {
+    public static final Method INVALID_VTABLE_ENTRY_HANDLER_METHOD = ReflectionUtil.lookupMethod(InvalidMethodPointerHandler.class, "invalidVTableEntryHandler");
+    public static final String INVALID_VTABLE_ENTRY_MSG = "Fatal error: Virtual method call used an illegal vtable entry that was seen as unused by the static analysis";
+
+    public static final Method METHOD_POINTER_INVALID_HANDLER_METHOD = ReflectionUtil.lookupMethod(InvalidMethodPointerHandler.class, "methodPointerInvalidHandler");
+    public static final String METHOD_POINTER_INVALID_MSG = "Fatal error: Method pointer invoked on a method that is null, was not registered for compilation, or was not seen as invoked by the static analysis";
 
     @StubCallingConvention
     @NeverInline("We need a separate frame that stores all registers")
     private static void invalidVTableEntryHandler() {
+        Pointer callerSP = KnownIntrinsics.readCallerStackPointer();
+        CodePointer callerIP = KnownIntrinsics.readReturnAddress();
+        failFatally(callerSP, callerIP, INVALID_VTABLE_ENTRY_MSG);
+    }
+
+    @StubCallingConvention
+    @NeverInline("We need a separate frame that stores all registers")
+    private static void methodPointerInvalidHandler() {
+        Pointer callerSP = KnownIntrinsics.readCallerStackPointer();
+        CodePointer callerIP = KnownIntrinsics.readReturnAddress();
+        failFatally(callerSP, callerIP, METHOD_POINTER_INVALID_MSG);
+    }
+
+    private static void failFatally(Pointer callerSP, CodePointer callerIP, String message) {
         VMThreads.StatusSupport.setStatusIgnoreSafepoints();
         StackOverflowCheck.singleton().disableStackOverflowChecksForFatalError();
 
@@ -63,13 +80,11 @@ private static void invalidVTableEntryHandler() {
          * from the method that has the illegal vtable call. That can be helpful when debugging the
          * cause of the fatal error.
          */
-        Pointer callerSP = KnownIntrinsics.readCallerStackPointer();
-        CodePointer callerIP = KnownIntrinsics.readReturnAddress();
         LogHandler logHandler = ImageSingletons.lookup(LogHandler.class);
-        Log log = Log.enterFatalContext(logHandler, callerIP, MSG, null);
+        Log log = Log.enterFatalContext(logHandler, callerIP, message, null);
         if (log != null) {
             SubstrateDiagnostics.printFatalError(log, callerSP, callerIP, WordFactory.nullPointer(), true);
-            log.string(MSG).newline();
+            log.string(message).newline();
         }
         logHandler.fatalError();
     }

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/classinitialization/ClassInitializationFeature.java

@@ -44,6 +44,7 @@
 import org.graalvm.compiler.graph.Node;
 import org.graalvm.compiler.options.OptionValues;
 import org.graalvm.compiler.phases.util.Providers;
+import org.graalvm.nativeimage.c.function.CFunctionPointer;
 
 import com.oracle.graal.pointsto.constraints.UnsupportedFeatureException;
 import com.oracle.graal.pointsto.meta.AnalysisMetaAccess;
@@ -354,11 +355,13 @@ private static ClassInitializationInfo buildRuntimeInitializationInfo(FeatureImp
          * information.
          */
         assert type.isLinked();
+        CFunctionPointer classInitializerFunction = null;
         AnalysisMethod classInitializer = type.getClassInitializer();
         if (classInitializer != null) {
             assert classInitializer.getCode() != null;
             access.registerAsCompiled(classInitializer);
+            classInitializerFunction = MethodPointer.factory(classInitializer);
         }
-        return new ClassInitializationInfo(MethodPointer.factory(classInitializer));
+        return new ClassInitializationInfo(classInitializerFunction);
     }
 }

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/image/NativeImage.java

@@ -77,6 +77,7 @@
 import com.oracle.svm.core.BuildArtifacts;
 import com.oracle.svm.core.BuildArtifacts.ArtifactType;
 import com.oracle.svm.core.FrameAccess;
+import com.oracle.svm.core.InvalidMethodPointerHandler;
 import com.oracle.svm.core.Isolates;
 import com.oracle.svm.core.SubstrateOptions;
 import com.oracle.svm.core.SubstrateUtil;
@@ -564,14 +565,24 @@ private static boolean checkEmbeddedOffset(ProgbitsSectionImpl sectionImpl, fina
         return true;
     }
 
-    private static void markFunctionRelocationSite(final ProgbitsSectionImpl sectionImpl, final int offset, final RelocatableBuffer.Info info) {
+    private void markFunctionRelocationSite(final ProgbitsSectionImpl sectionImpl, final int offset, final RelocatableBuffer.Info info) {
         assert info.getTargetObject() instanceof CFunctionPointer : "Wrong type for FunctionPointer relocation: " + info.getTargetObject().toString();
         final int functionPointerRelocationSize = 8;
         assert info.getRelocationSize() == functionPointerRelocationSize : "Function relocation: " + info.getRelocationSize() + " should be " + functionPointerRelocationSize + " bytes.";
         // References to functions are via relocations to the symbol for the function.
-        ResolvedJavaMethod method = ((MethodPointer) info.getTargetObject()).getMethod();
+        MethodPointer methodPointer = (MethodPointer) info.getTargetObject();
+        HostedMethod target = null;
+        boolean valid = methodPointer.isValid();
+        if (valid) {
+            ResolvedJavaMethod method = methodPointer.getMethod();
+            target = (method instanceof HostedMethod) ? (HostedMethod) method : heap.getUniverse().lookup(method);
+            valid = target.isCompiled();
+        }
+        if (!valid) {
+            target = metaAccess.lookupJavaMethod(InvalidMethodPointerHandler.METHOD_POINTER_INVALID_HANDLER_METHOD);
+        }
         // A reference to a method. Mark the relocation site using the symbol name.
-        sectionImpl.markRelocationSite(offset, RelocationKind.getDirect(functionPointerRelocationSize), localSymbolNameForMethod(method), false, 0L);
+        sectionImpl.markRelocationSite(offset, RelocationKind.getDirect(functionPointerRelocationSize), localSymbolNameForMethod(target), false, 0L);
     }
 
     private static boolean isAddendAligned(Architecture arch, long addend, RelocationKind kind) {

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/image/NativeImageHeapWriter.java

@@ -38,19 +38,24 @@
 import org.graalvm.nativeimage.ImageSingletons;
 import org.graalvm.nativeimage.c.function.CFunctionPointer;
 import org.graalvm.nativeimage.c.function.RelocatedPointer;
+import org.graalvm.nativeimage.hosted.Feature;
 import org.graalvm.word.WordBase;
 
+import com.oracle.graal.pointsto.meta.AnalysisMethod;
 import com.oracle.graal.pointsto.util.AnalysisError;
 import com.oracle.objectfile.ObjectFile;
 import com.oracle.svm.core.FrameAccess;
+import com.oracle.svm.core.InvalidMethodPointerHandler;
 import com.oracle.svm.core.StaticFieldsSupport;
+import com.oracle.svm.core.annotate.AutomaticFeature;
 import com.oracle.svm.core.config.ConfigurationValues;
 import com.oracle.svm.core.config.ObjectLayout;
 import com.oracle.svm.core.heap.Heap;
 import com.oracle.svm.core.heap.ObjectHeader;
 import com.oracle.svm.core.hub.DynamicHub;
 import com.oracle.svm.core.image.ImageHeapLayoutInfo;
 import com.oracle.svm.core.meta.SubstrateObjectConstant;
+import com.oracle.svm.hosted.FeatureImpl;
 import com.oracle.svm.hosted.config.HybridLayout;
 import com.oracle.svm.hosted.image.NativeImageHeap.ObjectInfo;
 import com.oracle.svm.hosted.meta.HostedClass;
@@ -243,13 +248,19 @@ private void addNonDataRelocation(RelocatableBuffer buffer, int index, Relocated
         assert pointer instanceof CFunctionPointer : "unknown relocated pointer " + pointer;
         assert pointer instanceof MethodPointer : "cannot create relocation for unknown FunctionPointer " + pointer;
 
-        ResolvedJavaMethod method = ((MethodPointer) pointer).getMethod();
-        HostedMethod hMethod = method instanceof HostedMethod ? (HostedMethod) method : heap.getUniverse().lookup(method);
-        if (hMethod.isCompiled()) {
-            // Only compiled methods inserted in vtables require relocation.
-            int pointerSize = ConfigurationValues.getTarget().wordSize;
-            addDirectRelocationWithoutAddend(buffer, index, pointerSize, pointer);
+        RelocatedPointer target = pointer;
+        MethodPointer methodPointer = ((MethodPointer) target);
+        boolean valid = methodPointer.isValid();
+        if (valid) {
+            ResolvedJavaMethod method = methodPointer.getMethod();
+            HostedMethod hMethod = (method instanceof HostedMethod) ? (HostedMethod) method : heap.getUniverse().lookup(method);
+            valid = hMethod.isCompiled();
         }
+        if (!valid) {
+            target = ImageSingletons.lookup(MethodPointerInvalidHandlerFeature.class).getHandler();
+        }
+        int pointerSize = ConfigurationValues.getTarget().wordSize;
+        addDirectRelocationWithoutAddend(buffer, index, pointerSize, target);
     }
 
     private static void writePrimitive(RelocatableBuffer buffer, int index, JavaConstant con) {
@@ -398,3 +409,21 @@ private void writeObject(ObjectInfo info, RelocatableBuffer buffer) {
         }
     }
 }
+
+@AutomaticFeature
+final class MethodPointerInvalidHandlerFeature implements Feature {
+    private CFunctionPointer handler;
+
+    @Override
+    public void beforeAnalysis(BeforeAnalysisAccess a) {
+        FeatureImpl.BeforeAnalysisAccessImpl access = (FeatureImpl.BeforeAnalysisAccessImpl) a;
+        AnalysisMethod notCompiledMethod = access.getMetaAccess().lookupJavaMethod(InvalidMethodPointerHandler.METHOD_POINTER_INVALID_HANDLER_METHOD);
+        access.registerAsCompiled(notCompiledMethod);
+        handler = MethodPointer.factory(notCompiledMethod);
+    }
+
+    CFunctionPointer getHandler() {
+        assert handler != null;
+        return handler;
+    }
+}

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/meta/MethodPointer.java

@@ -29,40 +29,48 @@
 import org.graalvm.nativeimage.c.function.CFunctionPointer;
 import org.graalvm.word.ComparableWord;
 
+import com.oracle.svm.core.InvalidMethodPointerHandler;
+
 import jdk.vm.ci.meta.ResolvedJavaMethod;
 
 /**
  * A pointer to the compiled code of a method.
  */
 public class MethodPointer implements CFunctionPointer {
+    private static final MethodPointer INVALID = new MethodPointer(null);
 
     private final ResolvedJavaMethod method;
 
     public static CFunctionPointer factory(ResolvedJavaMethod method) {
-        if (method == null) {
-            return null;
-        } else {
-            return new MethodPointer(method);
-        }
+        return (method != null) ? new MethodPointer(method) : INVALID;
     }
 
     protected MethodPointer(ResolvedJavaMethod method) {
-        assert method != null;
         this.method = method;
     }
 
+    public boolean isValid() {
+        return (method != null);
+    }
+
     public ResolvedJavaMethod getMethod() {
+        assert isValid();
         return method;
     }
 
+    /**
+     * Always {@code false} because even a pointer to {@code null} or to a method that is not
+     * compiled will eventually be replaced by
+     * {@link InvalidMethodPointerHandler#METHOD_POINTER_INVALID_HANDLER_METHOD}.
+     */
     @Override
     public boolean isNull() {
         return false;
     }
 
     @Override
     public boolean isNonNull() {
-        return true;
+        return !isNull();
     }
 
     @Override

substratevm/src/com.oracle.svm.hosted/src/com/oracle/svm/hosted/meta/UniverseBuilder.java

@@ -63,7 +63,7 @@
 import com.oracle.graal.pointsto.meta.AnalysisUniverse;
 import com.oracle.graal.pointsto.results.AbstractAnalysisResultsBuilder;
 import com.oracle.svm.core.FunctionPointerHolder;
-import com.oracle.svm.core.InvalidVTableEntryHandler;
+import com.oracle.svm.core.InvalidMethodPointerHandler;
 import com.oracle.svm.core.StaticFieldsSupport;
 import com.oracle.svm.core.SubstrateOptions;
 import com.oracle.svm.core.SubstrateUtil;
@@ -674,7 +674,7 @@ private void buildVTables() {
          * To avoid segfaults when jumping to address 0, all unused vtable entries are filled with a
          * stub that reports a fatal error.
          */
-        HostedMethod invalidVTableEntryHandler = hMetaAccess.lookupJavaMethod(InvalidVTableEntryHandler.HANDLER_METHOD);
+        HostedMethod invalidVTableEntryHandler = hMetaAccess.lookupJavaMethod(InvalidMethodPointerHandler.INVALID_VTABLE_ENTRY_HANDLER_METHOD);
 
         for (HostedType type : hUniverse.getTypes()) {
             if (type.isArray()) {
@@ -999,6 +999,6 @@ final class InvalidVTableEntryFeature implements Feature {
     @Override
     public void beforeAnalysis(BeforeAnalysisAccess a) {
         BeforeAnalysisAccessImpl access = (BeforeAnalysisAccessImpl) a;
-        access.registerAsCompiled(InvalidVTableEntryHandler.HANDLER_METHOD);
+        access.registerAsCompiled(InvalidMethodPointerHandler.INVALID_VTABLE_ENTRY_HANDLER_METHOD);
     }
 }