Bug 18482

Summary: JustIce Pass3bVerifier Verifies Exception Handlers too often
Product: BCEL - Now in Jira Reporter: Mark Crocker <mcrocker>
Component: MainAssignee: issues <issues>
Status: REOPENED ---    
Severity: enhancement CC: ehaase
Priority: P5    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
URL: http://www.markcrocker.com/~mcrocker/Computer/Purifier/justIceExceptionHandlingIssue.shtml

Description Mark Crocker 2003-03-28 21:47:19 UTC 
While using the JustIce Verifier that is built into BCEL to investigate some
issues with the Purifier project (a pure Java preverifier.  See
http://www.markcrocker.com/~mcrocker/Computer/Purifier/), I noticed that the
internal state of JustIce occasionally disagreed with the StackMaps produced by
Sun's preverifier.

The problem seems to be that JustIce considers Exception handlers to be possible
successors for EVERY instruction in a try block that result in merge changes
when the outgoing frame is merged with the incoming frame of the first
instruction in the Exception handler.

I believe that this is an overly broad interpretation of the specification. 
Only instructions that can actually throw the type (or subtype) of Exception
that a handler is designed to catch should be considered to have possible a
successor of the handler.

An excruciatingly detailed report with source code, bytecode and Data Flow
Analysis can be found at:
http://www.markcrocker.com/~mcrocker/Computer/Purifier/justIceExceptionHandlingIssue.shtml

The solution would be to check if an instruction can throw the type of Exception
that the handler can catch BEFORE checking to see if a merge causes a change. 
This would probably be a fairly involved task.
Comment 1 Enver Haase 2003-11-02 19:40:17 UTC 
Yes, that might be a tough task that is prone to errors, and will probably
not really speed up verification. However, if you'd do the coding and submit
a patch, I'll read through it and would be very happy to add it.