Skip to content

Symbolic handling error for invokedynamic #15

New issue
New issue
Open
Open
Symbolic handling error for invokedynamic#15
Labels
bugSomething isn't working
@m-carrasco

Description

@m-carrasco
m-carrasco
opened on Jul 12, 2025

The following program causes SPouT to crash when handling the symbolic state for the invokedynamic opcode.The failure happens on this unbasic call. The unbasic method does not expect a symbolic value and crashes when manipulating the stack value.

// javac version: 17.0.15
// javac -cp verifier-stub-1.0.jar Main.java -d out/
// spout -cp /home/ubuntu/gdart/verifier-stub/target/verifier-stub-1.0.jar:out/ -Dconcolic.bools=true -Dconcolic.execution=true -Dtaint.flow=OFF Main

import java.util.function.Function;
import tools.aqua.concolic.Verifier;

public class Main {
  public static void main(String[] args) {
    boolean r = foo(Verifier.nondetBoolean());
    Verifier.outputBooleanAnnotation(r);
    System.exit(0);
  }
  public static boolean foo(boolean a) {
    return ((Function< Object, Boolean >)f -> {
          return a;
        }).apply(null);
  }
}

The stack trace is as follows:

java.lang.ClassCastException: tools.aqua.spout.AnnotatedValue cannot be cast to java.lang.Integer
        at com.oracle.truffle.espresso.nodes.quick.invoke.InvokeDynamicCallSiteNode.unbasic(InvokeDynamicCallSiteNode.java:111)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHLinkToNode.unbasic(MHLinkToNode.java:127)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHLinkToNode.call(MHLinkToNode.java:82)
        at com.oracle.truffle.espresso.nodes.quick.invoke.InvokeHandleNode.execute(InvokeHandleNode.java:74)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.quickenInvoke(BytecodeNode.java:2282)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBodyFromBCI(BytecodeNode.java:1404)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBody(BytecodeNode.java:779)
        at com.oracle.truffle.espresso.nodes.EspressoBaseMethodNode.execute(EspressoBaseMethodNode.java:54)
        at com.oracle.truffle.espresso.nodes.EspressoRootNode$Default.execute(EspressoRootNode.java:318)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callDirect(OptimizedCallTarget.java:491)
        at org.graalvm.compiler.truffle.runtime.OptimizedDirectCallNode.call(OptimizedDirectCallNode.java:68)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHInvokeBasicNode.executeCallDirect(MHInvokeBasicNode.java:64)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHInvokeBasicNodeGen.executeAndSpecialize(MHInvokeBasicNodeGen.java:86)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHInvokeBasicNodeGen.executeCall(MHInvokeBasicNodeGen.java:48)
        at com.oracle.truffle.espresso.nodes.methodhandle.MHInvokeBasicNode.call(MHInvokeBasicNode.java:88)
        at com.oracle.truffle.espresso.nodes.quick.invoke.InvokeHandleNode.execute(InvokeHandleNode.java:74)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.quickenInvoke(BytecodeNode.java:2282)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBodyFromBCI(BytecodeNode.java:1404)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBody(BytecodeNode.java:779)
        at com.oracle.truffle.espresso.nodes.EspressoBaseMethodNode.execute(EspressoBaseMethodNode.java:54)
        at com.oracle.truffle.espresso.nodes.EspressoRootNode$Default.execute(EspressoRootNode.java:318)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callDirect(OptimizedCallTarget.java:491)
        at org.graalvm.compiler.truffle.runtime.OptimizedDirectCallNode.call(OptimizedDirectCallNode.java:68)
        at com.oracle.truffle.espresso.nodes.quick.invoke.InvokeDynamicCallSiteNode.execute(InvokeDynamicCallSiteNode.java:93)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.quickenInvokeDynamic(BytecodeNode.java:2546)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBodyFromBCI(BytecodeNode.java:1525)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBody(BytecodeNode.java:779)
        at com.oracle.truffle.espresso.nodes.EspressoBaseMethodNode.execute(EspressoBaseMethodNode.java:54)
        at com.oracle.truffle.espresso.nodes.EspressoRootNode$Default.execute(EspressoRootNode.java:318)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callDirect(OptimizedCallTarget.java:491)
        at org.graalvm.compiler.truffle.runtime.OptimizedDirectCallNode.call(OptimizedDirectCallNode.java:68)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStatic$WithoutClassInitCheck.callDirect(InvokeStatic.java:86)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStaticNodeGen$WithoutClassInitCheckNodeGen.executeAndSpecialize(InvokeStaticNodeGen.java:126)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStaticNodeGen$WithoutClassInitCheckNodeGen.execute(InvokeStaticNodeGen.java:105)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStatic.callWithClassInitCheck(InvokeStatic.java:63)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStaticNodeGen.executeAndSpecialize(InvokeStaticNodeGen.java:52)
        at com.oracle.truffle.espresso.nodes.bytecodes.InvokeStaticNodeGen.execute(InvokeStaticNodeGen.java:38)
        at com.oracle.truffle.espresso.nodes.quick.invoke.InvokeStaticQuickNode.execute(InvokeStaticQuickNode.java:70)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.quickenInvoke(BytecodeNode.java:2282)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBodyFromBCI(BytecodeNode.java:1404)
        at com.oracle.truffle.espresso.nodes.BytecodeNode.executeBody(BytecodeNode.java:779)
        at com.oracle.truffle.espresso.nodes.EspressoBaseMethodNode.execute(EspressoBaseMethodNode.java:54)
        at com.oracle.truffle.espresso.nodes.EspressoRootNode$Default.execute(EspressoRootNode.java:318)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callIndirect(OptimizedCallTarget.java:473)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.call(OptimizedCallTarget.java:454)
        at com.oracle.truffle.espresso.impl.Method.invokeDirect(Method.java:483)
        at com.oracle.truffle.espresso.jni.JniEnv.CallStaticVoidMethodVarargs(JniEnv.java:1152)
        at com.oracle.truffle.espresso.jni.JniEnv_CallStaticVoidMethodVarargs__LJL.invoke(JniEnv_CallStaticVoidMethodVarargs__LJL.java:72)
        at com.oracle.truffle.espresso.jni.NativeEnv$NativeRootNode.execute(NativeEnv.java:283)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callIndirect(OptimizedCallTarget.java:473)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.call(OptimizedCallTarget.java:454)
        at com.oracle.truffle.espresso.jni.NativeEnv$3.call(NativeEnv.java:321)
        at com.oracle.truffle.espresso.jni.Callback.execute(Callback.java:52)
        at com.oracle.truffle.espresso.jni.CallbackGen$InteropLibraryExports$Cached.execute(CallbackGen.java:77)
        at com.oracle.truffle.espresso.ffi.nfi.NFINativeAccess$JavaToNativeWrapper.doExecute(NFINativeAccess.java:377)
        at com.oracle.truffle.espresso.ffi.nfi.NFINativeAccess$JavaToNativeWrapper$Execute.doCached(NFINativeAccess.java:413)
        at com.oracle.truffle.espresso.ffi.nfi.JavaToNativeWrapperGen$InteropLibraryExports$Cached.executeAndSpecialize(JavaToNativeWrapperGen.java:150)
        at com.oracle.truffle.espresso.ffi.nfi.JavaToNativeWrapperGen$InteropLibraryExports$Cached.execute(JavaToNativeWrapperGen.java:108)
        at com.oracle.truffle.nfi.CallSignatureNode$OptimizedCallClosureNode.doCall(CallSignatureNode.java:219)
        at com.oracle.truffle.nfi.CallSignatureNodeFactory$OptimizedCallClosureNodeGen.executeAndSpecialize(CallSignatureNodeFactory.java:515)
        at com.oracle.truffle.nfi.CallSignatureNodeFactory$OptimizedCallClosureNodeGen.execute(CallSignatureNodeFactory.java:468)
        at com.oracle.truffle.nfi.NFIClosure$Execute.doOptimizedDirect(NFIClosure.java:91)
        at com.oracle.truffle.nfi.NFIClosureGen$InteropLibraryExports$Cached.executeAndSpecialize(NFIClosureGen.java:159)
        at com.oracle.truffle.nfi.NFIClosureGen$InteropLibraryExports$Cached.execute(NFIClosureGen.java:123)
        at com.oracle.truffle.nfi.backend.libffi.LibFFIClosure$CallClosureNode.doCall(LibFFIClosure.java:206)
        at com.oracle.truffle.nfi.backend.libffi.LibFFIClosureFactory$CallClosureNodeGen.executeAndSpecialize(LibFFIClosureFactory.java:107)
        at com.oracle.truffle.nfi.backend.libffi.LibFFIClosureFactory$CallClosureNodeGen.execute(LibFFIClosureFactory.java:72)
        at com.oracle.truffle.nfi.backend.libffi.LibFFIClosure$VoidRetClosureRootNode.execute(LibFFIClosure.java:333)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.executeRootNode(OptimizedCallTarget.java:656)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.profiledPERoot(OptimizedCallTarget.java:628)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callBoundary(OptimizedCallTarget.java:561)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.invokeCallBoundary(SubstrateOptimizedCallTarget.java:115)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTargetInstalledCode.doInvoke(SubstrateOptimizedCallTargetInstalledCode.java:194)
        at com.oracle.svm.truffle.api.SubstrateOptimizedCallTarget.doInvoke(SubstrateOptimizedCallTarget.java:97)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.callIndirect(OptimizedCallTarget.java:473)
        at org.graalvm.compiler.truffle.runtime.OptimizedCallTarget.call(OptimizedCallTarget.java:454)
        at com.oracle.svm.truffle.nfi.NativeClosure.call(NativeClosure.java:192)
        at com.oracle.svm.truffle.nfi.NativeClosure.doInvokeClosureVoidRet(NativeClosure.java:301)
        at com.oracle.svm.truffle.nfi.NativeClosure.invokeClosureVoidRet(NativeClosure.java:289)
Caused by: Attached Guest Language Frames (6)

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions