RFR(S) 8046233: VerifyError on backward branch

harold seigel harold.seigel at oracle.com
Tue Jun 24 21:24:50 UTC 2014 

Hi David,

Thanks for the review.

My explanation of this bug fix is misleading.

The appropriate text, shown here, was removed from JVMS 8 because it was 
deemed unnecessary.  See JDK-6594979 
<https://bugs.openjdk.java.net/browse/JDK-6594979>.

    A valid instruction sequence must not have an uninitialized object
    on the operand stack or in a local variable at the target of a
    backwards branch if the special type of the uninitialized object is
    merged with a special type other than itself, or in a local variable
    in code protected by an exception handler or a |finally| clause.
    Otherwise, a devious piece of code might fool the verifier into
    thinking it had initialized a class instance when it had, in fact,
    initialized a class instance created in a previous pass through a loop.

The text is unnecessary because the existing stack merging code in the 
verifier should already detect if the special type of the uninitialized 
object is being merged with a special type other than itself.

The verifier code is being changed because it is incorrect for both JVMS 
7 and JVMS 8.  It is throwing a VerifyError for any backward branch 
whose target contains an uninitialized object, even if the special types 
of the uninitialized objects being merged are the same.

I need to add an additional test for this fix, one that attempts to 
merge two stacks containing two different uninitialized special types.

In general, I think that the verification rules depend on the version of 
the classfile being verified, but I don't think that is an issue for 
this fix.  The verifier is wrong in both cases.

Thanks, Harold


On 6/23/2014 10:33 PM, David Holmes wrote:
> Hi Harold,
>
> Are the verification rules dependent on the VM or the version of the 
> classfile being verified?
>
> Thanks,
> David
>
> On 24/06/2014 6:42 AM, harold seigel wrote:
>> Hi,
>>
>> Please review this small fix for bug 8046233.  The fix removes the
>> verifier check concerning backward branches and uninitialized objects
>> because, as discussed in the bug report, the requirement has been
>> removed from JVM Specification 8.
>>
>> Bug: https://bugs.openjdk.java.net/browse/JDK-8046233
>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8046233/
>>
>> The fix was tested with the JCK lang and vm tests, the default method
>> tests, the UTE verifier and quick tests, the JTREG hotspot tests, and a
>> test that reproduced the problem.
>>
>> Thanks, Harold

More information about the hotspot-runtime-dev mailing list