Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Artur-/jbr-bug

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
src/main/java
src/main/java
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 

Repository files navigation

JBR Crash Reproducer: AllowEnhancedClassRedefinition + Javassist + ByteBuddy

Reproducer for a JBR bug where -XX:+AllowEnhancedClassRedefinition causes a JVM crash (SIGSEGV) when Mockito/ByteBuddy retransforms a class whose bytecode was previously modified by a ClassFileTransformer using javassist.

The crash occurs in VM_EnhancedRedefineClasses::find_class_bytes()JvmtiClassFileReconstituter::write_method_infos().

This reproduces what happens when HotswapAgent's Vaadin plugin transforms VaadinServlet's constructor via javassist, and then Mockito creates a mock of VaadinServlet using ByteBuddy's inline mock maker.

Requirements

  • JetBrains Runtime (JBR) with -XX:+AllowEnhancedClassRedefinition support
  • Maven 3.x

How to run

Build:

mvn package -DskipTests

Test 1 — baseline (no agent, should pass):

java -XX:+EnableDynamicAgentLoading \
  -cp "target/jbr-crash-reproducer-1.0-SNAPSHOT.jar:target/lib/*" \
  test.NestAccessTest

Test 2 — agent without the flag (should pass):

java -XX:+EnableDynamicAgentLoading \
  -javaagent:target/jbr-crash-reproducer-1.0-SNAPSHOT.jar \
  -cp "target/jbr-crash-reproducer-1.0-SNAPSHOT.jar:target/lib/*" \
  test.NestAccessTest

Test 3 — agent with the flag (crashes on affected JBR versions):

java -XX:+EnableDynamicAgentLoading \
  -XX:+AllowEnhancedClassRedefinition \
  -javaagent:target/jbr-crash-reproducer-1.0-SNAPSHOT.jar \
  -cp "target/jbr-crash-reproducer-1.0-SNAPSHOT.jar:target/lib/*" \
  test.NestAccessTest

Expected results

Test Configuration Result
1 No agent OK
2 Agent, no -XX:+AllowEnhancedClassRedefinition OK
3 Agent + -XX:+AllowEnhancedClassRedefinition SIGSEGV crash

What happens

  1. A java agent (agent.NoOpAgent) uses javassist to transform BaseServlet's constructor, injecting a call to PluginClass.onServletInit(this)
  2. PluginClass.onServletInit() references PluginClass.Command, a package-private inner class
  3. Mockito.mock(BaseServlet.class) triggers ByteBuddy's inline mock maker, which calls Instrumentation.retransformClasses(BaseServlet.class)
  4. With -XX:+AllowEnhancedClassRedefinition enabled, the JVM enters VM_EnhancedRedefineClasses::find_class_bytes() and crashes in JvmtiClassFileReconstituter::write_method_infos() with a SIGSEGV

Crash stack trace

V  [libjvm.so]  JvmtiClassFileReconstituter::write_method_infos()
V  [libjvm.so]  JvmtiClassFileReconstituter::write_class_file_format()
V  [libjvm.so]  VM_EnhancedRedefineClasses::find_class_bytes()
V  [libjvm.so]  VM_EnhancedRedefineClasses::load_new_class_versions()
V  [libjvm.so]  VM_EnhancedRedefineClasses::doit()
V  [libjvm.so]  VM_Operation::evaluate()
V  [libjvm.so]  VMThread::evaluate_operation()

Tested on

  • JBR-25.0.1+8-268.52-nomod (OpenJDK 25, aarch64)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages