Re: java/8025: ICE when bytecode does array access on null

Re: java/8025: ICE when bytecode does array access on null

[Eric Blake]

The following reply was made to PR java/8025; it has been noted by GNATS.

From: Eric Blake <ebb9@email.byu.edu>
To: gcc-gnats@gcc.gnu.org, gcc-prs@gcc.gnu.org, ebb9@email.byu.edu,
 gcc-bugs@gcc.gnu.org, nobody@gcc.gnu.org
Cc:  
Subject: Re: java/8025: ICE when bytecode does array access on null
Date: Thu, 26 Sep 2002 16:10:58 -0600

 http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=8025
 
 Andrew Haley pointed out that arraylength also suffers from the same 
 fate - see this thread: http://gcc.gnu.org/ml/java/2002-09/msg00241.html
 
 I also confirmed that the jikes compiler allows the following:
 class Foo {
    public static void main(String[] args) {
      int i = ((Object[]) null).length;
      ((Object[]) null)[0] = null;
    }
 }
 
 This compiled to:
 Method void main(java.lang.String[])
     0 aconst_null
     1 arraylength
     2 istore_1
     3 aconst_null
     4 iconst_0
     5 aconst_null
     6 aastore
     7 return
 
 And successfully verified with JDK 1.4.1.  So it is possible to use null 
 types directly, instead of storing them into a local variable first.
 
 

Re: java/8025: ICE when bytecode does array access on null

[aph]

Synopsis: ICE when bytecode does array access on null

Responsible-Changed-From-To: unassigned->aph
Responsible-Changed-By: aph
Responsible-Changed-When: Fri Sep 27 11:27:54 2002
Responsible-Changed-Why:
    Problem fixed
State-Changed-From-To: open->closed
State-Changed-By: aph
State-Changed-When: Fri Sep 27 11:27:54 2002
State-Changed-Why:
    Problem fixed

http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view%20audit-trail&database=gcc&pr=8025

java/8025: ICE when bytecode does array access on null

[ericb]

>Number:         8025
>Category:       java
>Synopsis:       ICE when bytecode does array access on null
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    unassigned
>State:          open
>Class:          ice-on-legal-code
>Submitter-Id:   net
>Arrival-Date:   Tue Sep 24 16:36:00 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator:     Eric Blake
>Release:        3.1 20020501 (prerelease)
>Organization:
>Environment:
System: Linux quaffle 2.4.9-31smp #1 SMP Tue Feb 26 06:55:00 EST 2002 i686 unknown
Architecture: i686

	
host: i686-pc-linux-gnu
build: i686-pc-linux-gnu
target: i686-pc-linux-gnu
configured with: ../gcc/configure --enable-languages=c,c++,java --prefix=/fpga3/users/eblake/gcc
>Description:
	
The java .class file verifier is croaking when accessing array
elements of a null-typed local variable. This affects the 16
instructions [abcsilfd]a{load|store}.

Further analysis: In .java source code, no variable can have the null
type. But in .class bytecode, aconst_null is legal and has its own
type. The null type can therefore appear as the arrayref argument for
array stores and array loads - this must generate a
NullPointerException at runtime, but it is legal code and must pass
the verifier.

>How-To-Repeat:
	
Compile this program (which demonstrates the bug for iaload; the other
15 bytecodes with problems are similar) to bytecode, then from
bytecode to native.

$ cat Foo.java
class Foo
{
  void m()
  {
    int[] a = null;
    int i = a[0];
  }
}
$ gcj -C Foo.java
$ gcj -o Foo --main=Foo Foo.class
Foo.java: In class `Foo':
Foo.java: In method `Foo.m()':
Foo.java:6: Internal compiler error in build_java_check_indexed_type, at java/expr.c:890
Please submit a full bug report,
with preprocessed source if appropriate.
See <URL:http://www.gnu.org/software/gcc/bugs.html> for instructions.
$

>Fix:
	
The following hack forces the compiler to store type information and
thus avoid the ICE:

class Foo1
{
  void m()
  {
    int[] a = null;
    Object o = a;
    a = (int[]) o; // this causes a checkcast bytecode to appear,
               // now the verifier knows a is int[] instead of null
    int i = a[0]; // correctly throws the NullPointerException
  }
}
>Release-Note:
>Audit-Trail:
>Unformatted: