Hi, JustIce indicates that the storing of a newly created object in a local before calling it's constructor as an error. However, this is incorrect as the local is not accessed along any control flow path before the constructor is called. This is also safe in a multithreaded setting. Also, the same class file is well interpreted by java interpreters from SUN, Blackdown, and IBM. Moreover, there is no restriction on handling (not using) of uninitialized objects in the JVM spec. ASM output of the correponding class file and JustIce' output are inlined. public static main ([Ljava/lang/String;)V NEW excpsync ASTORE 1 ALOAD 1 INVOKESPECIAL excpsync <init> ()V ALOAD 1 ASTORE 1 NEW java/lang/Thread ASTORE 2 ALOAD 2 ALOAD 1 INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V ALOAD 2 INVOKEVIRTUAL java/lang/Thread start ()V NEW java/lang/Thread ASTORE 2 NEW f ASTORE 3 ALOAD 3 INVOKESPECIAL f <init> ()V ALOAD 2 ALOAD 3 INVOKESPECIAL java/lang/Thread <init> (Ljava/lang/Runnable;)V ALOAD 2 INVOKEVIRTUAL java/lang/Thread start ()V LDC "Hi" ASTORE 2 ALOAD 1 ALOAD 2 PUTFIELD excpsync o Ljava/lang/String; ALOAD 2 PUTSTATIC excpsync t Ljava/lang/String; RETURN MAXSTACK = 2 MAXLOCALS = 4 JustIce by Enver Haase, (C) 2001-2002. <http://bcel.sourceforge.net> <http://jakarta.apache.org/bcel> Now verifying: excpsync Pass 1: VERIFIED_OK Passed verification. Pass 2: VERIFIED_OK Passed verification. Pass 3a, method number 0 ['public void <init>()']: VERIFIED_OK Passed verification. Pass 3b, method number 0 ['public void <init>()']: VERIFIED_OK Passed verification. Pass 3a, method number 1 ['public static void main(String[] arg0)']: VERIFIED_OK Passed verification. Pass 3b, method number 1 ['public static void main(String[] arg0)']: VERIFIED_REJECTED Constraint violated in method 'public static void main(String[] arg0)': Instruction ASTORE constraint violated: Working on an uninitialized object '<UNINITIALIZED OBJECT OF TYPE 'excpsync'>'. InstructionHandle: 3: astore_1[76](1) Execution Frame: Local Variables: 0: java.lang.String[] 1: <unknown object> 2: <unknown object> 3: <unknown object> OperandStack: Slots used: 1 MaxStack: 2. <UNINITIALIZED OBJECT OF TYPE 'excpsync'> (Size: 1) Execution flow: 0: new 12 [InstructionContext] 3: astore_1 [InstructionContext] Pass 3a, method number 2 ['public void run()']: VERIFIED_OK Passed verification. Pass 3b, method number 2 ['public void run()']: VERIFIED_OK Passed verification.
Created attachment 9978 [details] Patch to InstConstraintVisitor.java to relax certain "assumed" constraint checks
I looked at InstConstraintVisitor.java and would suggest that the verifier = not check if the reference is initialized when an object is loaded/stored, but rather check for intialized-ness before using = it in operations such as method invocation or field access expressions. Hence, the solution would be to allow uninitialized obj= ects to exists in the heap if they are only accessible from locals in the method and to check for initialized-ness befo= re exposing them to the rest of the system by assigning them to fields, returning them from the method, or passing them a= s arguments into a method. The following patch enables this form of constraint checking. Please do mail me any questions/comments/suggestions you may have about the= proposed approach. [Attachment 01 [details]/16/04 15:31 has the corresponding patch]
applied please cross check