Small class file with loop from assembler gives odd behavior

[Godmar Back]

> Godmar Back wrote:
> 
> >  The .class file Brad sent does not verify because it violates a required
> > invariant about the stack size.  I checked in a fix, and we now report the
> > verification error.
> 
> Does Kaffe always require that code verify properly?  

Kaffe only checks and requires it to the extent that it is needed 
to just-in-time compile code.  See the earlier discussion on this topic.

> Could it, perhaps, act
> as Blackdown's does and allow running of non verified code when requested?

Theoretically, in the interpreter, one could bypass the call to verifyMethod()
and instead add equivalent checks to the interpreter loop.  This would come
at a price since you're verifying static properties over and over, every
time you execute an instruction.

If you don't check at run-time, you segfault.  I bet it is really easy to 
make Sun's JVM segfault with jasmin generated code.

I think you should consider it an unfortunate accident that Sun's JVM 
allows you to run code w/o verification.  It has been reported that the
fact that local applications ran w/o verification by default under jdk 1.1 
led to some bugs in Sun's javac.  Javac would apply optimizations that
yielded unverifiable code in certain circumstances, but the error was not 
discovered because the code was not verified.
I believe Sun's 1.2 JDK verifies by default (not sure though.)

Granted, your code only formally violated the stack consistency invariant.
The path on which it would have been violated was unreachable.
A verifier that performed constant propagation and dead code
elimination before verification would not have flagged a problem.
But I think that's probably a rare case overall.

> 
> Also, is there an FAQ or some reference somewhere on how to make code be
> verifiable?  I am generating Jasmin assembler, and would like it to be
> verifiable when possible.
> 

I think studying the VM spec cover to cover is the best advice I can give.

	- Godmar