Probes inserted at locals that will be overridden

[mkroghj]

When injecting probes into functions jacoco assumes that the arguments are not overridden as per the following JVM bytecode for class Test:

public final class Test
  minor version: 0
  major version: 52
  flags: ACC_PUBLIC, ACC_FINAL, ACC_SUPER
Constant pool:
   #1 = Utf8               Test
   #2 = Class              #1             // Test
   #3 = Utf8               java/lang/Object
   #4 = Class              #3             // java/lang/Object
   #5 = Utf8               Test.java
   #6 = Utf8               <init>
   #7 = Utf8               ()V
   #8 = NameAndType        #6:#7          // "<init>":()V
   #9 = Methodref          #4.#8          // java/lang/Object."<init>":()V
  #10 = Utf8               this
  #11 = Utf8               LTest;
  #12 = Utf8               foo
  #13 = Utf8               (I)I
  #14 = Utf8               main
  #15 = Utf8               ([Ljava/lang/String;)V
  #16 = Utf8               java/lang/System
  #17 = Class              #16            // java/lang/System
  #18 = Utf8               out
  #19 = Utf8               Ljava/io/PrintStream;
  #20 = NameAndType        #18:#19        // out:Ljava/io/PrintStream;
  #21 = Fieldref           #17.#20        // java/lang/System.out:Ljava/io/PrintStream;
  #22 = NameAndType        #12:#13        // foo:(I)I
  #23 = Methodref          #2.#22         // Test.foo:(I)I
  #24 = Utf8               java/io/PrintStream
  #25 = Class              #24            // java/io/PrintStream
  #26 = Utf8               println
  #27 = Utf8               (I)V
  #28 = NameAndType        #26:#27        // println:(I)V
  #29 = Methodref          #25.#28        // java/io/PrintStream.println:(I)V
  #30 = Utf8               Code
  #31 = Utf8               LineNumberTable
  #32 = Utf8               LocalVariableTable
  #33 = Utf8               SourceFile
{
  static int foo(int);
    descriptor: (I)I
    flags: ACC_STATIC
    Code:
      stack=2, locals=2, args_size=1
         0: iload_0
         1: i2l
         2: lstore_0
         3: bipush        15
         5: ireturn

  public static void main(java.lang.String[]);
    descriptor: ([Ljava/lang/String;)V
    flags: ACC_PUBLIC, ACC_STATIC
    Code:
      stack=2, locals=1, args_size=1
         0: getstatic     #21                 // Field java/lang/System.out:Ljava/io/PrintStream;
         3: bipush        42
         5: invokestatic  #23                 // Method foo:(I)I
         8: invokevirtual #29                 // Method java/io/PrintStream.println:(I)V
        11: return
      LineNumberTable:
        line 6: 0
        line 7: 11
}

After instrumentation, the foo function looks as follows, which is not valid (therefore, the format is a bit different from javap):

.method Test.foo(I)I
 0:   invokestatic Test.$jacocoInit()[Z
 1:   astore 1
 2:   iload 0
 3:   i2l
 4:   lstore 0
 5:   ldc 15
 6:   aload 1
 7:   ldc 1
 8:   ldc 1
 9:   bastore
10:   ireturn
.end method

Here, the probe is stored into local 1, however, local 1 is overriden by lstore 0 that takes up two locals.

Steps to reproduce

java -cp out.jar -javaagent:jacocoagent.jar=destfile=foo.txt,dumponexit=true,output=true Test

JaCoCo version: 0.8.3
Operating system: Linux
Tool integration: Command line (and gradle)

Expected behaviour

Running:
java -cp out.jar -javaagent:jacocoagent.jar=destfile=foo.txt,dumponexit=true,output=true Test
should ouput 15

Actual behaviour

java.lang.VerifyError: Bad local variable type
Exception Details:
  Location:
    Test.foo(I)I @34: aload_1
  Reason:
    Type long_2nd (current frame, locals[1]) is not assignable to reference type

[marchof]

@mkroghj Thanks for reporting this! In your example the first argument (slot 0) is overwritten. What compiler created such bytecode?

[marchof]

Due to JVM spec this seems to be allowed (even if not emitted by javac or other compilers we're testing).

[mkroghj]

This is a reduced program from the R8 compiler:
https://r8.googlesource.com/r8

R8 generates optimized code and will re-use locals when available.

[marchof]

Out of curiosity: What was the original source code of the method? What is the purpose of

0: iload_0
1: i2l
2: lstore_0

when the long value is not used at all? Or do you mean by reduced that you reduced the byte code?

[mkroghj]

The bytecode stems from something larger where local 0 is used for further computation. I just kept removing until the error would disappear.

[marchof]

Overwriting variables is not a problem as such. The issue seems to be specific to the situation where the last slot used by method parameters is overwritten with a two slot value (long or double).

Here is a JUnit reproducer for the issue: https://gist.github.com/marchof/6561c2344c4b284582dc4c778590ca72

As simple solution would be to keep a safety distance of one slot to the method parameters:

• 👍 Local and simple change in ProbeInserter
• 👎 For every stackframe we increase the local variables size by 2 instead of 1
• 👎 It becomes less likely that we can use the 1-byte opcodes aload_n for the probe array

@Godin WDYT?

[Godin]

@marchof While I agree that we should fix this to not cause failure. As far as I understood - R8 is a shrinker and minificator, not compiler, so usage of it while gathering coverage is questionable. Sounds like usage of obfuscators which should not be used together with coverage tools.

I'm wondering - can we detect when this distance is needed? to get rid of negative aspects of simple solution proposed by you.

[bvella]

I encountered this same scenario. My situation is as follows:

We have an annotation processor that that transforms code into continuations, providing async/await to java (https://github.com/ixaris/ixaris-oss/tree/master/commons-async/lib).

This is causing this same issue. In my case, however, I cannot opt to transform the code after coverage.

java.lang.VerifyError: Bad local variable type
Exception Details:
  Location:
    com/ixaris/connectors/plutus/impl/services/accounts/AccountsService.continuation$queuedAdjustAccountBalance(JJLcom/ixaris/connectors/plutus/impl/support/pojos/TransactionOperation;Lcom/ixaris/commons/financial/lib/CurrencyAmount;ILjava/lang/String;Lcom/ixaris/connectors/plutus/impl/services/events/data/EventEntity$Type;JLcom/ixaris/connectors/plutus/impl/services/accounts/data/AccountEntity;ILjava/util/concurrent/CompletionStage;)Ljava/util/concurrent/CompletionStage; @674: aload
  Reason:
    Type long_2nd (current frame, locals[15]) is not assignable to reference type
  Current Frame:
    bci: @674
    flags: { }
    locals: { 'com/ixaris/connectors/plutus/impl/services/accounts/AccountsService', long, long_2nd, long, long_2nd, 'com/ixaris/connectors/plutus/impl/support/pojos/TransactionOperation', 'com/ixaris/commons/financial/lib/CurrencyAmount', integer, 'java/lang/String', 'com/ixaris/connectors/plutus/impl/services/events/data/EventEntity$Type', long, long_2nd, 'com/ixaris/connectors/plutus/impl/services/accounts/data/AccountEntity', 'com/ixaris/connectors/plutus/impl/services/groups/velocitylimits/data/VelocityLimitGroupEntity', long, long_2nd }
    stack: { }
  Bytecode:
    0x0000000: b803 6f3a 0f15 0daa 0000 044b 0000 0000
    ...

In an attempt to fix this, I looked at #782 and modified some code suggested in that thread, to generate a hit method and mark hits by calling this method instead of embedding the code directly in each method. An additional benefit of this is that is it trivially easy to check if the hit was already recorded before updating the array, making better use of memory caching. This has resolved the issue without any slowdown.

I will submit a pull request with these changes for your consideration.

[Godin]

@bvella just my two cents

I looked at #782

IMO main thing discussed in #782 (cache line) is not much related to main thing discussed here (local variable).

This has resolved the issue without any slowdown.

While maybe there is no slowdown in your scenario, such significant changes require validation on variety of scenarios - IMO reading of a field is different from reading from local variable in terms of performance.