public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libgcj/13606] New: need extra runtime verification of compiled code
@ 2004-01-07 19:07 tromey at gcc dot gnu dot org
2004-01-07 19:09 ` [Bug libgcj/13606] " pinskia at gcc dot gnu dot org
` (8 more replies)
0 siblings, 9 replies; 10+ messages in thread
From: tromey at gcc dot gnu dot org @ 2004-01-07 19:07 UTC (permalink / raw)
To: gcc-bugs
With the new binary compatibility ABI, it is possible for
compiled code to be loaded into an environment where dependent
classes are different from the classes visible to the compiler
at bytecode verification time.
This can be used to circumvent type safety in some situations.
One potential fix is for the compiler to emit "verifier assertions"
that must be checked at runtime. For example these could be checked
at class preparation time.
It isn't completely clear what assertions will need checking.
It might suffice to check extends/implements requirements
implied by the bytecode (and checked by the verifier).
It could also be worthwhile to look at the JSR relating to
"split verification". I haven't done this yet due to the strange
license on this JSR. Beware of this before downloading.
--
Summary: need extra runtime verification of compiled code
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P2
Component: libgcj
AssignedTo: unassigned at gcc dot gnu dot org
ReportedBy: tromey at gcc dot gnu dot org
CC: gcc-bugs at gcc dot gnu dot org
BugsThisDependsOn: 13603
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
@ 2004-01-07 19:09 ` pinskia at gcc dot gnu dot org
2004-03-18 22:50 ` tromey at gcc dot gnu dot org
` (7 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-01-07 19:09 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-01-07 19:09 -------
Confirmed.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
Ever Confirmed| |1
Last reconfirmed|0000-00-00 00:00:00 |2004-01-07 19:09:13
date| |
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
2004-01-07 19:09 ` [Bug libgcj/13606] " pinskia at gcc dot gnu dot org
@ 2004-03-18 22:50 ` tromey at gcc dot gnu dot org
2004-05-06 16:04 ` aph at gcc dot gnu dot org
` (6 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: tromey at gcc dot gnu dot org @ 2004-03-18 22:50 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From tromey at gcc dot gnu dot org 2004-03-18 22:50 -------
FYI, I managed to find a slide show about "split verification" that
isn't under an obnoxious license. Split verification is basically a
proposal for having the compiler emit type maps into the generated bytecode,
so that the runtime verifier can do much less work to verify bytecode.
So, this isn't exactly what we need. Instead we need something that
accepts many constructs at verification time (e.g., always return true
when asked if "is method X in class Y" or "does class X implement
interface Y"), then builds a list of such assertions to be checked
when the resulting object file is linked at runtime.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
2004-01-07 19:09 ` [Bug libgcj/13606] " pinskia at gcc dot gnu dot org
2004-03-18 22:50 ` tromey at gcc dot gnu dot org
@ 2004-05-06 16:04 ` aph at gcc dot gnu dot org
2004-05-13 11:24 ` aph at gcc dot gnu dot org
` (5 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: aph at gcc dot gnu dot org @ 2004-05-06 16:04 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From aph at gcc dot gnu dot org 2004-05-06 16:04 -------
At present, the compiler on the gcj-abi-2-dev-branch output warning messages
when it fails to find types that it needs to check for compatibility.
We need to change this so that type compatibility checks are output into the
<init> section of the file.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (2 preceding siblings ...)
2004-05-06 16:04 ` aph at gcc dot gnu dot org
@ 2004-05-13 11:24 ` aph at gcc dot gnu dot org
2004-08-10 21:09 ` tromey at gcc dot gnu dot org
` (4 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: aph at gcc dot gnu dot org @ 2004-05-13 11:24 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From aph at gcc dot gnu dot org 2004-05-12 19:29 -------
We also need to make sure that a class isn't overriding a final methos somewhere
in the superclass chain.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (3 preceding siblings ...)
2004-05-13 11:24 ` aph at gcc dot gnu dot org
@ 2004-08-10 21:09 ` tromey at gcc dot gnu dot org
2004-09-02 13:27 ` aph at gcc dot gnu dot org
` (3 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: tromey at gcc dot gnu dot org @ 2004-08-10 21:09 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From tromey at gcc dot gnu dot org 2004-08-10 21:09 -------
If a class fails a static assertion (e.g., stack overflow in a method),
gcj should not fail outright. Instead it should continue to generate
code which throws a verification failure at the appropriate time.
At least, this is what we want for gcj-jit. Otherwise, if gcj does
exit with a failure, we will just fall back on the bytecode and
uselessly verify it a second time.
This can easily be done by adding an always-fail assertion to the
assertion table. Either a special assert(0), or just assert something
that can't be true, like "Object extends String"
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (4 preceding siblings ...)
2004-08-10 21:09 ` tromey at gcc dot gnu dot org
@ 2004-09-02 13:27 ` aph at gcc dot gnu dot org
2004-09-02 13:27 ` aph at gcc dot gnu dot org
` (2 subsequent siblings)
8 siblings, 0 replies; 10+ messages in thread
From: aph at gcc dot gnu dot org @ 2004-09-02 13:27 UTC (permalink / raw)
To: gcc-bugs
--
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|unassigned at gcc dot gnu |aph at gcc dot gnu dot org
|dot org |
Status|NEW |ASSIGNED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (5 preceding siblings ...)
2004-09-02 13:27 ` aph at gcc dot gnu dot org
@ 2004-09-02 13:27 ` aph at gcc dot gnu dot org
2004-10-20 15:59 ` aph at gcc dot gnu dot org
2004-12-01 3:12 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: aph at gcc dot gnu dot org @ 2004-09-02 13:27 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From aph at gcc dot gnu dot org 2004-09-02 13:27 -------
Type assertions are noe generated and checked.
However, the format for encoding these assertions isn't at all compact.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (6 preceding siblings ...)
2004-09-02 13:27 ` aph at gcc dot gnu dot org
@ 2004-10-20 15:59 ` aph at gcc dot gnu dot org
2004-12-01 3:12 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: aph at gcc dot gnu dot org @ 2004-10-20 15:59 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From aph at gcc dot gnu dot org 2004-10-20 15:59 -------
Job done.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |FIXED
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
* [Bug libgcj/13606] need extra runtime verification of compiled code
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
` (7 preceding siblings ...)
2004-10-20 15:59 ` aph at gcc dot gnu dot org
@ 2004-12-01 3:12 ` pinskia at gcc dot gnu dot org
8 siblings, 0 replies; 10+ messages in thread
From: pinskia at gcc dot gnu dot org @ 2004-12-01 3:12 UTC (permalink / raw)
To: gcc-bugs
------- Additional Comments From pinskia at gcc dot gnu dot org 2004-12-01 03:12 -------
Fixed on the mainline by merge of the BC branch.
--
What |Removed |Added
----------------------------------------------------------------------------
Target Milestone|--- |4.0.0
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=13606
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2004-12-01 3:12 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-01-07 19:07 [Bug libgcj/13606] New: need extra runtime verification of compiled code tromey at gcc dot gnu dot org
2004-01-07 19:09 ` [Bug libgcj/13606] " pinskia at gcc dot gnu dot org
2004-03-18 22:50 ` tromey at gcc dot gnu dot org
2004-05-06 16:04 ` aph at gcc dot gnu dot org
2004-05-13 11:24 ` aph at gcc dot gnu dot org
2004-08-10 21:09 ` tromey at gcc dot gnu dot org
2004-09-02 13:27 ` aph at gcc dot gnu dot org
2004-09-02 13:27 ` aph at gcc dot gnu dot org
2004-10-20 15:59 ` aph at gcc dot gnu dot org
2004-12-01 3:12 ` pinskia at gcc dot gnu dot org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).