RFR 8051012: Regression in verifier for <init> method call from inside of a branch

harold seigel harold.seigel at oracle.com
Fri Aug 1 14:31:28 UTC 2014

Hi Lois,

Thanks for the review.  I'll run those tests before checking in the fix.


On 8/1/2014 9:34 AM, Lois Foltan wrote:
> Hi Harold,
> Looks good.  It might be good to run JDK lang & util tests on this as 
> well?
> Thanks,
> Lois
> On 7/24/2014 8:46 AM, harold seigel wrote:
>> Hi,
>> Please review this verifier fix for bug 8051012.  The fix has two 
>> parts.  The first part adds another argument to function 
>> match_stackmap() which specifies whether or not the stackmap being 
>> matched is for an exception handler.  If the targetted stackmap is an 
>> exception handler then matches are allowed even if the stackmap flags 
>> differ  (See JVMS 8 section 
>> <http://docs.oracle.com/javase/specs/jvms/se8/html/jvms-4.html#jvms->). 
>> An additional argument was needed because the existing stackmap 
>> matching code was erroneously allowing flag differences when matching 
>> branch target stackmaps for bytecodes such as 'goto'. The additional 
>> argument lets the verifier differentiate between exception handler 
>> stackmaps and branch stackmaps.
>> The second part of the fix removes the check for branch targets 
>> jumping over constructor calls to super()  (the furthest_jump code).  
>> This fix was intended for security but broke legal programs.  
>> Removing the fix allows legal programs to work.  The needed security 
>> is provided by the above fix for stackmap matching.
>> Bug:  https://bugs.openjdk.java.net/browse/JDK-8051012
>> Open webrev: http://cr.openjdk.java.net/~hseigel/bug_8051012/
>> The fix was tested with the JCK lang, vm, and api/java_lang tests, 
>> the UTE verifier and quick tests, the JTREG hotspot tests, including 
>> tests that reproduce the security issue and one for legal programs 
>> broken by the 'furthest_jump' code fix.
>> Thanks, Harold

More information about the hotspot-runtime-dev mailing list