You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Emmanuel Bourg (JIRA)" <ji...@apache.org> on 2014/04/24 14:01:23 UTC
[jira] [Updated] (BCEL-36) Incorrect verification of class files
[ https://issues.apache.org/jira/browse/BCEL-36?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Bourg updated BCEL-36:
-------------------------------
Description:
Hi,
JustIce indicates that the storing of a newly created object in a local before calling it's constructor as an error. However, this is incorrect as the local is not accessed along any control flow path before the constructor is called. This is also safe in a multithreaded setting. Also, the same class file is well interpreted by java interpreters from SUN, Blackdown, and IBM. Moreover, there is no restriction on handling (not using) of uninitialized objects in the JVM spec.
ASM output of the correponding class file and JustIce' output are inlined.
public static main ([Ljava/lang/String;)V
NEW excpsync
ASTORE 1
ALOAD 1
INVOKESPECIAL excpsync <init> ()V
ALOAD 1
ASTORE 1
NEW java/lang/Thread
ASTORE 2
ALOAD 2
ALOAD 1
INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
ALOAD 2
INVOKEVIRTUAL java/lang/Thread start ()V
NEW java/lang/Thread
ASTORE 2
NEW f
ASTORE 3
ALOAD 3
INVOKESPECIAL f <init> ()V
ALOAD 2
ALOAD 3
INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
ALOAD 2
INVOKEVIRTUAL java/lang/Thread start ()V
LDC "Hi"
ASTORE 2
ALOAD 1
ALOAD 2
PUTFIELD excpsync o Ljava/lang/String;
ALOAD 2
PUTSTATIC excpsync t Ljava/lang/String;
RETURN
MAXSTACK = 2
MAXLOCALS = 4
JustIce by Enver Haase, (C) 2001-2002.
<http://bcel.sourceforge.net>
<http://jakarta.apache.org/bcel>
Now verifying: excpsync
Pass 1:
VERIFIED_OK
Passed verification.
Pass 2:
VERIFIED_OK
Passed verification.
Pass 3a, method number 0 ['public void <init>()']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 0 ['public void <init>()']:
VERIFIED_OK
Passed verification.
Pass 3a, method number 1 ['public static void main(String[] arg0)']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 1 ['public static void main(String[] arg0)']:
VERIFIED_REJECTED
Constraint violated in method 'public static void main(String[] arg0)':
Instruction ASTORE constraint violated: Working on an uninitialized object
'<UNINITIALIZED OBJECT OF TYPE 'excpsync'>'.
InstructionHandle: 3: astore_1[76](1)
Execution Frame:
Local Variables:
0: java.lang.String[]
1: <unknown object>
2: <unknown object>
3: <unknown object>
OperandStack:
Slots used: 1 MaxStack: 2.
<UNINITIALIZED OBJECT OF TYPE 'excpsync'> (Size: 1)
Execution flow:
0: new 12 [InstructionContext]
3: astore_1 [InstructionContext]
Pass 3a, method number 2 ['public void run()']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 2 ['public void run()']:
VERIFIED_OK
Passed verification.
was:
Hi,
JustIce indicates that the storing of a newly created object in a local before
calling it's constructor as an error. However, this is incorrect as the local
is not accessed along any control flow path before the constructor is called.
This is also safe in a multithreaded setting. Also, the same class file is well
interpreted by java interpreters from SUN, Blackdown, and IBM. Moreover, there
is no restriction on handling (not using) of uninitialized objects in the JVM spec.
ASM output of the correponding class file and JustIce' output are inlined.
public static main ([Ljava/lang/String;)V
NEW excpsync
ASTORE 1
ALOAD 1
INVOKESPECIAL excpsync <init> ()V
ALOAD 1
ASTORE 1
NEW java/lang/Thread
ASTORE 2
ALOAD 2
ALOAD 1
INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
ALOAD 2
INVOKEVIRTUAL java/lang/Thread start ()V
NEW java/lang/Thread
ASTORE 2
NEW f
ASTORE 3
ALOAD 3
INVOKESPECIAL f <init> ()V
ALOAD 2
ALOAD 3
INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
ALOAD 2
INVOKEVIRTUAL java/lang/Thread start ()V
LDC "Hi"
ASTORE 2
ALOAD 1
ALOAD 2
PUTFIELD excpsync o Ljava/lang/String;
ALOAD 2
PUTSTATIC excpsync t Ljava/lang/String;
RETURN
MAXSTACK = 2
MAXLOCALS = 4
JustIce by Enver Haase, (C) 2001-2002.
<http://bcel.sourceforge.net>
<http://jakarta.apache.org/bcel>
Now verifying: excpsync
Pass 1:
VERIFIED_OK
Passed verification.
Pass 2:
VERIFIED_OK
Passed verification.
Pass 3a, method number 0 ['public void <init>()']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 0 ['public void <init>()']:
VERIFIED_OK
Passed verification.
Pass 3a, method number 1 ['public static void main(String[] arg0)']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 1 ['public static void main(String[] arg0)']:
VERIFIED_REJECTED
Constraint violated in method 'public static void main(String[] arg0)':
Instruction ASTORE constraint violated: Working on an uninitialized object
'<UNINITIALIZED OBJECT OF TYPE 'excpsync'>'.
InstructionHandle: 3: astore_1[76](1)
Execution Frame:
Local Variables:
0: java.lang.String[]
1: <unknown object>
2: <unknown object>
3: <unknown object>
OperandStack:
Slots used: 1 MaxStack: 2.
<UNINITIALIZED OBJECT OF TYPE 'excpsync'> (Size: 1)
Execution flow:
0: new 12 [InstructionContext]
3: astore_1 [InstructionContext]
Pass 3a, method number 2 ['public void run()']:
VERIFIED_OK
Passed verification.
Pass 3b, method number 2 ['public void run()']:
VERIFIED_OK
Passed verification.
Priority: Major
Environment: (was: Operating System: Linux
Platform: PC)
Fix Version/s: 5.2
Priority: (was: P3)
Severity: (was: normal)
> Incorrect verification of class files
> -------------------------------------
>
> Key: BCEL-36
> URL: https://issues.apache.org/jira/browse/BCEL-36
> Project: Commons BCEL
> Issue Type: Bug
> Components: Main
> Affects Versions: 5.1
> Reporter: Venkatesh Prasad Ranganath
> Assignee: Apache Commons Developers
> Fix For: 5.2
>
> Attachments: InstConstraintVisitor.java.patch
>
>
> Hi,
> JustIce indicates that the storing of a newly created object in a local before calling it's constructor as an error. However, this is incorrect as the local is not accessed along any control flow path before the constructor is called. This is also safe in a multithreaded setting. Also, the same class file is well interpreted by java interpreters from SUN, Blackdown, and IBM. Moreover, there is no restriction on handling (not using) of uninitialized objects in the JVM spec.
> ASM output of the correponding class file and JustIce' output are inlined.
> public static main ([Ljava/lang/String;)V
> NEW excpsync
> ASTORE 1
> ALOAD 1
> INVOKESPECIAL excpsync <init> ()V
> ALOAD 1
> ASTORE 1
> NEW java/lang/Thread
> ASTORE 2
> ALOAD 2
> ALOAD 1
> INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
> ALOAD 2
> INVOKEVIRTUAL java/lang/Thread start ()V
> NEW java/lang/Thread
> ASTORE 2
> NEW f
> ASTORE 3
> ALOAD 3
> INVOKESPECIAL f <init> ()V
> ALOAD 2
> ALOAD 3
> INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V
> ALOAD 2
> INVOKEVIRTUAL java/lang/Thread start ()V
> LDC "Hi"
> ASTORE 2
> ALOAD 1
> ALOAD 2
> PUTFIELD excpsync o Ljava/lang/String;
> ALOAD 2
> PUTSTATIC excpsync t Ljava/lang/String;
> RETURN
> MAXSTACK = 2
> MAXLOCALS = 4
> JustIce by Enver Haase, (C) 2001-2002.
> <http://bcel.sourceforge.net>
> <http://jakarta.apache.org/bcel>
> Now verifying: excpsync
> Pass 1:
> VERIFIED_OK
> Passed verification.
> Pass 2:
> VERIFIED_OK
> Passed verification.
> Pass 3a, method number 0 ['public void <init>()']:
> VERIFIED_OK
> Passed verification.
> Pass 3b, method number 0 ['public void <init>()']:
> VERIFIED_OK
> Passed verification.
> Pass 3a, method number 1 ['public static void main(String[] arg0)']:
> VERIFIED_OK
> Passed verification.
> Pass 3b, method number 1 ['public static void main(String[] arg0)']:
> VERIFIED_REJECTED
> Constraint violated in method 'public static void main(String[] arg0)':
> Instruction ASTORE constraint violated: Working on an uninitialized object
> '<UNINITIALIZED OBJECT OF TYPE 'excpsync'>'.
> InstructionHandle: 3: astore_1[76](1)
> Execution Frame:
> Local Variables:
> 0: java.lang.String[]
> 1: <unknown object>
> 2: <unknown object>
> 3: <unknown object>
> OperandStack:
> Slots used: 1 MaxStack: 2.
> <UNINITIALIZED OBJECT OF TYPE 'excpsync'> (Size: 1)
> Execution flow:
> 0: new 12 [InstructionContext]
> 3: astore_1 [InstructionContext]
> Pass 3a, method number 2 ['public void run()']:
> VERIFIED_OK
> Passed verification.
> Pass 3b, method number 2 ['public void run()']:
> VERIFIED_OK
> Passed verification.
--
This message was sent by Atlassian JIRA
(v6.2#6252)