RFR 8051012: Regression in verifier for <init> method call from inside of a branch

[harold seigel]

Hi,

Please review this verifier fix for bug 8051012.  The fix has two 
parts.  The first part adds another argument to function 
match_stackmap() which specifies whether or not the stackmap being 
matched is for an exception handler.  If the targetted stackmap is an 
exception handler then matches are allowed even if the stackmap flags 
differ  (See JVMS 8 section 4.10.1.4 
<http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.10.1.4>). 
An additional argument was needed because the existing stackmap matching 
code was erroneously allowing flag differences when matching branch 
target stackmaps for bytecodes such as 'goto'.  The additional argument 
lets the verifier differentiate between exception handler stackmaps and 
branch stackmaps.

The second part of the fix removes the check for branch targets jumping 
over constructor calls to super()  (the furthest_jump code).  This fix 
was intended for security but broke legal programs.  Removing the fix 
allows legal programs to work.  The needed security is provided by the 
above fix for stackmap matching.

Bug:  https://bugs.openjdk.java.net/browse/JDK-8051012
Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8051012/

The fix was tested with the JCK lang, vm, and api/java_lang tests, the 
UTE verifier and quick tests, the JTREG hotspot tests, including tests 
that reproduce the security issue and one for legal programs broken by 
the 'furthest_jump' code fix.

Thanks, Harold