RFR 8051012: Regression in verifier for <init> method call from inside of a branch
karen.kinnear at oracle.com
Fri Aug 1 15:10:18 UTC 2014
The fix looks good. Thank you for the updated comment header.
On Aug 1, 2014, at 10:31 AM, harold seigel wrote:
> Hi Lois,
> Thanks for the review. I'll run those tests before checking in the fix.
> On 8/1/2014 9:34 AM, Lois Foltan wrote:
>> Hi Harold,
>> Looks good. It might be good to run JDK lang & util tests on this as well?
>> On 7/24/2014 8:46 AM, harold seigel wrote:
>>> Please review this verifier fix for bug 8051012. The fix has two parts. The first part adds another argument to function match_stackmap() which specifies whether or not the stackmap being matched is for an exception handler. If the targetted stackmap is an exception handler then matches are allowed even if the stackmap flags differ (See JVMS 8 section 184.108.40.206 <http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-220.127.116.11>). An additional argument was needed because the existing stackmap matching code was erroneously allowing flag differences when matching branch target stackmaps for bytecodes such as 'goto'. The additional argument lets the verifier differentiate between exception handler stackmaps and branch stackmaps.
>>> The second part of the fix removes the check for branch targets jumping over constructor calls to super() (the furthest_jump code). This fix was intended for security but broke legal programs. Removing the fix allows legal programs to work. The needed security is provided by the above fix for stackmap matching.
>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8051012
>>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8051012/
>>> The fix was tested with the JCK lang, vm, and api/java_lang tests, the UTE verifier and quick tests, the JTREG hotspot tests, including tests that reproduce the security issue and one for legal programs broken by the 'furthest_jump' code fix.
>>> Thanks, Harold
More information about the hotspot-runtime-dev