RFR 8051012: Regression in verifier for <init> method call from inside of a branch
harold seigel
harold.seigel at oracle.com
Wed Jul 30 18:31:06 UTC 2014
Hi Coleen,
Thanks for the review!
Harold
On 7/30/2014 2:27 PM, Coleen Phillimore wrote:
>
> This looks good.
> Coleen
>
> On 7/24/14, 8:46 AM, harold seigel wrote:
>> Hi,
>>
>> Please review this verifier fix for bug 8051012. The fix has two
>> parts. The first part adds another argument to function
>> match_stackmap() which specifies whether or not the stackmap being
>> matched is for an exception handler. If the targetted stackmap is an
>> exception handler then matches are allowed even if the stackmap flags
>> differ (See JVMS 8 section 4.10.1.4
>> <http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms-4.10.1.4>).
>> An additional argument was needed because the existing stackmap
>> matching code was erroneously allowing flag differences when matching
>> branch target stackmaps for bytecodes such as 'goto'. The additional
>> argument lets the verifier differentiate between exception handler
>> stackmaps and branch stackmaps.
>>
>> The second part of the fix removes the check for branch targets
>> jumping over constructor calls to super() (the furthest_jump code).
>> This fix was intended for security but broke legal programs.
>> Removing the fix allows legal programs to work. The needed security
>> is provided by the above fix for stackmap matching.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8051012
>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8051012/
>>
>> The fix was tested with the JCK lang, vm, and api/java_lang tests,
>> the UTE verifier and quick tests, the JTREG hotspot tests, including
>> tests that reproduce the security issue and one for legal programs
>> broken by the 'furthest_jump' code fix.
>>
>> Thanks, Harold
>
More information about the hotspot-runtime-dev
mailing list