Bug ID: 7166725 [macosx] Crash in JVM when exiting an FX app run with j2d pipeline

7166725 : [macosx] Crash in JVM when exiting an FX app run with j2d pipeline

Details

Type:	Bug	Submit Date:	2012-05-05
Status:	Closed	Updated Date:	2012-10-01
Project Name:	JDK	Resolved Date:	2012-08-13
Component:	client-libs	OS:	os_x
Sub-Component:	java.awt	CPU:	x86,generic
Priority:	P4
Resolution:	Won't Fix
Affected Versions:	7,7u4,7u6
Fixed Versions:	7u40

Related Reports

Backport:	JDK-2228324 - [macosx] Crash in JVM when exiting an FX app run with j2d pipeline
Duplicate:	JDK-7167508 - Crash on OSX call from JNFCallStaticVoidMethod
Duplicate:	JDK-7163254 - [macosx]Crash on exit application - Error 134
Relates:	JDK-7144542 - [macosx] Crash in liblwawt.dylib setBusy() when exiting an FX app run with j2d pipeline
Relates:	JDK-7174704 - [macosx] New issue in 7u6 b12: HeadlessPrintingTest failure

Sub Tasks

Description

This issue is related to 7144542. Please note that 7144542 is going to be addressed in 7u6 by loading another dynamic library for AWT (headless instead of headful) which will eliminate the crash in 7u6. However, this crash shouldn't be happening even with the wrong library loaded.

NOTE: 'java' below means a Java binary w/o a fix for 7144542, e.g. 7u4 GA or early builds of 7u6. This problem is not reproducible with JDK 8 since it implicitly contains a fix for 7144542.

NOTE2: early builds of 7u4/7u-osx (as of about Dec 2011) did not experience the issue. More over, even old Apple JDK 1.6 didn't experience it. However, since about Jan or Feb 2012 it has become reproducible with both 7u4 AND Apple JDK.

Steps to reproduce:

1. Build Java FX with a j2d-pipeline exit workaround removed:

$ hg clone http://jfxsrc.us.oracle.com/javafx/2.2/scrum/graphics/jfx fx
$ cd fx
$ hg clone http://jfxsrc.us.oracle.com/javafx/2.2/scrum/graphics/rt-closed
$ hg clone http://jfxsrc.us.oracle.com/javafx/2.2/scrum/graphics/rt
$ cd rt
$ patch -p 1 < /net/mandriva.ru.oracle.com/export/anthony/patch/fx-remove-mac-j2d-exit-workaround.patch
$ cd ..
$ ant
(this usually takes ~10-15 minutes)

2. Build the HelloRectangle toy:

$ cd rt-closed/toys/HelloWorld/src
$ javac -classpath ../../../../artifacts/sdk/rt/lib/jfxrt.jar helloworld/HelloRectangle.java

3. Run it using the FX Prism J2D pipeline:

$ java -cp .:../../../../artifacts/sdk/rt/lib/jfxrt.jar -Dprism.order=j2d -Dprism.verbose=true helloworld.HelloRectangle

4. Click the red circle (Close button) in the title bar of the toy's window to exit the app, and observe the crash as described at 7144542:

Stack: [7fff65055000,7fff65855000],  sp=7fff658523e0,  free space=8180k
Native frames: (J=compiled Java code, j=interpreted, Vv=VM code, C=native code)
V  [libjvm.dylib+0x27f3ae]  ThreadStateTransition::trans_from_native(JavaThreadState)+0xa
V  [libjvm.dylib+0x277a19]  jni_CallStaticVoidMethodV+0x3d
C  [JavaNativeFoundation+0x3c20]  JNFCallStaticVoidMethod+0xae
C  [liblwawt.dylib+0xde46]  setBusy+0x79
C  [CoreFoundation+0x63bd7]  __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__+0x17
C  [CoreFoundation+0x63b36]  __CFRunLoopDoObservers+0x176
C  [CoreFoundation+0x38dd6]  __CFRunLoopRun+0x426
C  [CoreFoundation+0x38676]  CFRunLoopRunSpecific+0xe6
C  [java+0x5cb4]  CreateExecutionEnvironment+0x349
C  [java+0x37b8]  JLI_Launch+0x78d
C  [java+0x7a30]  main+0x6c
C  [java+0x13f4]  start+0x34

Comments

EVALUATION According to the Evaluation from the Comments section, it appears that FX/Glass have already detached the AppKit thread from the JVM, while AWT is unaware of this. It continues to call Java methods from the setBusy obersvers, and this leads to this crash. Looks like FX has to be able to detect that the AWT is being running, and not detach from the AppKit thread in this case to make sure it is AWT who'e going to cleanup all things and finally terminate the process.
2012-08-22
EVALUATION I've added an AttachCurrentThreadAsDaemon() call to the setBusy() function to make sure the env isn't stale. Note that the Attach call never failed - i.e. it always returned a valid, non-null env. Also, I got rid of all the JNF syntax sugar and used the real JNI calls (like (*env)->FindClass(env...), GetStaticMethodID, etc.). Also, I removed the 'static' caches and fetch all the values each time the setBusy() is executed. After I do this, I get a different stack trace for the crash: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff8c42ece2 __pthread_kill + 10 1 libsystem_c.dylib 0x00007fff912357d2 pthread_kill + 95 2 libsystem_c.dylib 0x00007fff91226a7a abort + 143 3 libjvm.dylib 0x0000000101bb3397 os::abort(bool) + 25 4 libjvm.dylib 0x0000000101ca1632 VMError::report_and_die() + 2306 5 libjvm.dylib 0x0000000101bb4a82 JVM_handle_bsd_signal + 1064 6 libsystem_c.dylib 0x00007fff91287cfa _sigtramp + 26 7 libjvm.dylib 0x0000000101aa3422 ThreadStateTransition::trans_from_native(JavaThreadState) + 10 8 libjvm.dylib 0x0000000101a927b6 jni_FindClass + 50 9 liblwawt.dylib 0x000000010dec3e05 setBusy + 123 In this case the FindClass() call fails. All this indicates that the VM state is corrupt at this point. Another interesting detail: after making a FindClass call I'm making a new global ref for the returned class reference. Nonetheless, the FindClass returns a different reference from time to time while the program is running (I've added an fprintf() in the setBusy() to see each and every call of this function). This seems strange as with a global ref in native, I would expect the FindClass to return the same reference each time I call it.
2012-06-19
EVALUATION The hs_err log reports "Current thread is native thread" which means that when the SEGV occurred ThreadLocalStorage::get_thread_slow() returned NULL. This would all seem to indicate that the current thread is calling into Java but is not attached to the VM. (Or else it's TLS storage has been corrupted).
2012-05-10
EVALUATION What has been tried to resolve the issue but didn't help: 1. Copied JVM 24b07 from JDK 8 to my build of 7u6. 2. Verified that in the setBusy() function (see src/macosx/native/sun/awt/awt.m in JDK) the env is always non-null and that the thread the function is executing on is always attached to the JVM. Neither of the above helped resolve the issue.
2012-05-05

SELECT A COUNTRY/REGION
Africa Operation Argentina Australia Austria Bahrain Bangladesh Belgium & Luxembourg Belize Bhutan Bolivia Bosnia & Herzegovina Brasil Brunei Bulgaria Cambodia Canada - English Canada - French Chile China Colombia	Costa Rica Croatia Cyprus Czech Republic Denmark Ecuador Egypt Estonia Finland France Germany Greece Guatemala Honduras Hong Kong Hungary India Indonesia Iraq Ireland	Israel Italy Japan Jordan Kazakhstan Korea Kuwait Laos Latvia Lebanon Lithuania Malaysia Maldives Malta Mexico Moldova Nepal Netherlands New Zealand Nicaragua	Norway Oman Pakistan Panama Paraguay Peru Philippines Poland Portugal Puerto Rico Qatar Romania Russia Saudi Arabia Serbia & Montenegro Singapore Slovakia Slovenia South Africa Spain	Sri Lanka Sweden Switzerland -- French Switzerland -- German Taiwan Thailand Turkey Ukraine United Arab Emirates United Kingdom United States Uruguay Venezuela Vietnam Yemen

Hardware and Software, Engineered to Work Together