RFR(XS) 8129897: Old verifier fails to reject erroneous cast from boolean[] to byte[]

harold seigel harold.seigel at oracle.com
Wed Jul 22 15:06:11 UTC 2015


Hi David,

Thanks for the review!

I updated lines 2256- 2261 in a new webrev: 
http://cr.openjdk.java.net/~hseigel/bug_8129897.2/

Here are the new lines:

2256                     case 'B':    /* array of bytes or booleans */
2257                         if (top_type != MAKE_FULLINFO(ITEM_Byte, 1, 0) &&
2258                             top_type != MAKE_FULLINFO(ITEM_Boolean, 1, 0))
2259                             CCerror(context,
2260                                   "Expecting to find array of bytes or Booleans on stack");
2261                         break;


File jdk/src/java.base/share/native/libverify/opcodes.in_out defines the 
first operand for opcodes baload and bastore as [B.  But, according to 
the JVM Spec, the first operand for these bytecodes can be either [B or 
[Z.  This code checks that the opcodes, that opcodes.in_out says expect 
[B, do not throw VerifyError if their actual operand is either [B or 
[Z.  Opcodes baload and bastore are the only opcodes in opcodes.in_out 
with [B operands, and that's unlikely to change.

I removed "case 'Z': because there are no [Z operands for any opcodes in 
opcodes.in_out.

Thanks, Harold

On 7/21/2015 7:44 PM, David Holmes wrote:
> Hi Harold,
>
> On 22/07/2015 6:21 AM, harold seigel wrote:
>> Hi,
>>
>> Please review this small change to fix bug 8129897.  The old verifier
>> treats arrays of Booleans as arrays of bytes, allowing assignability
>> between them.  This fix distinguishes between arrays of Booleans and
>> arrays of bytes and so disallows assignability between them. Additional
>> changes were needed to make sure operands to baload and similar opcodes
>> could still be either Boolean or byte arrays.
>>
>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8129897/
>
> Seems reasonable. Only query I have was why you didn't split this:
>
> 2256                     case 'B': case 'Z':   /* array of bytes or 
> booleans */
> 2257                         if (top_type != MAKE_FULLINFO(ITEM_Byte, 
> 1, 0) &&
> 2258                             top_type != 
> MAKE_FULLINFO(ITEM_Boolean, 1, 0))
> 2259                             CCerror(context,
> 2260                                   "Expecting to find array of 
> bytes or Booleans on stack");
> 2261                         break;
>
> into two distinct cases?
>
> Thanks,
> David
>
>> JBS Bug: https://bugs.openjdk.java.net/browse/JDK-8129897
>>
>> The fix was tested with JCK Lang and VM tests, the UTE quick and split
>> verifier tests, and the hotspot, and JDK vm, java/io, java/lang, and
>> java/util JTreg tests.
>>
>> This scenario will be tested by JCK-9.  So no regression test was
>> included in this webrev.
>>
>> Thanks, Harold



More information about the hotspot-runtime-dev mailing list