Subject:
optimizer SecurityException
Date:
Mon, 11 Oct 1999 17:37:51 -0400
From:
Andrew Wason <aw@softcom.com>
To:
norris@netscape.com (Norris Boyd)
CC:
Howard Lin <howard@softcom.com>
We use our own SecuritySupport implementation in Rhino. This is properly
getting called by the optimizer to generate new classes (e.g.
org.mozilla.javascript.gen.c5 etc.)
However, after defining the class, Codegen.compile calls getClassLoader()
on the new class. The default SecurityManager doesn't allow
getClassLoader() to be called and so an exception is thrown:
java.lang.RuntimeException: Malformed optimizer package
java.security.AccessControlException: access denied
(java.lang.RuntimePermission getClassLoader )
at org.mozilla.javascript.optimizer.Codegen.compile(Codegen.java:138)
at org.mozilla.javascript.Context.compile(Context.java:1761)
at org.mozilla.javascript.Context.compile(Context.java:1691)
at org.mozilla.javascript.Context.compileReader(Context.java:810)
at org.mozilla.javascript.Context.evaluateReader(Context.java:725)
[...]
This is kind of a pain to duplicate outside of our application, but if you
require a test case I can create one.
Codegen is attempting to call loadClass() after it uses
SecuritySupport.defineClass(). Our SecuritySupport calls loadClass()
internally in its defineClass() implementation. This is what JavaAdapter
expects.
This is from Codegen.compile():
if (securitySupport == null) {
if (Context.isSecurityDomainRequired())
throw new SecurityException("Required " +
"security context missing");
if (classLoader == null)
classLoader = new JavaScriptClassLoader();
clazz = classLoader.defineClass(name, classFile);
} else {
clazz = securitySupport.defineClass(name,
classFile,
securityDom
securityDomain);
}
ClassLoader loader = clazz.getClassLoader();
clazz = loader.loadClass(name);
This is from JavaAdapter.createAdapterClass():
SecuritySupport ss = cx.getSecuritySupport();
if (ss != null) {
Object securityDomain = cx.getSecurityDomainForStackDepth(-1);
return ss.defineClass(adapterName, bytes, securityDomain);
} else {
if (classLoader == null)
classLoader = new MyClassLoader();
classLoader.defineClass(adapterName, bytes);
return classLoader.loadClass(adapterName, true);
}
So JavaAdapter is assuming SecuritySupport.defineClass() will call
ClassLoader.loadClass() on the new class, while Codegen is assuming it
needs to call ClassLoader.loadClass() on the class defined by
SecuritySupport.defineClass().
These should be made consistent, and in both cases it should be assumed
that SecuritySupport will both define and load the class.
Andrew
--
Andrew Wason
SoftCom, Inc.
aw@softcom.com
- map xpcshell's 'quit()' to a loop exit rather than calling
'exit(0)' so that the cleanup and leak detection code will still
get called.
- add NS_InitXPCOM and NS_ShutdownXPCOM to xpcshell to run said
cleanup and leak detection code.
- use more NS_IF_* macros
- fix numerous places where code assumed that
nsXPConnect::GetXPConnect() does not add a new ref on the
xpconnect singleton object (the behavior changed some time back
but not all the uses did - brainfade!).
- fix nsXPCException::NewException to automatically trim
'dataless' native stackframes off of the front of a stack trace.
The old system of manually telling it how many frames to trim was
not working well. We really want the first frame showing to be an
'interesting' frame so that callers who get exceptions thrown at
them will see some useful information rather than an empty native
frame that represents (but says nothing about) some native frame
in the xpconnect runtime.
- remove an extra addref from the trimming loop in
nsXPCException::NewException.
- Stop building XPCJSStack objects. XPConnect stacks are singly
linked lists of XPCJSStackFrame objects with refcounted links. I
had this stupid idea that each object would have a refcounted
link to a XPCJSStack object that would tie together the lifetimes
of all objects in the chain. This was overcomplex and
unnecessary. The linked list was enough. Any frame without a
refcount deserved to be deleted because it is simply unreachable.
There was no reason to tie together all the lifetimes of each
object in the chain. So this has been simplified in a big way.
- fixed place in xpcthrower.cpp where we were leaking a refcount
on the xpconnect singleton each time an xpcexception was thrown.
- do cleanup and gc() at the end of xpctest_echo.js to use for
leak testing - all wrappers should go away.
Re: NPL vs. MPL
Date:
Wed, 06 Oct 1999 18:30:34 -0400
From:
"Ian D. Stewart" <idstewart@softhome.net>
To:
Norris Boyd <norris@netscape.com>
References:
1 , 2 , 3
Norris Boyd wrote:
Great. So I'd like to change this copyright text
/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset:
4 -*-
*
* The contents of this file are subject to the Mozilla Public License
* Version 1.0 (the "MozPL"); you may not use this file except in
* compliance with the MozPL. You may obtain a copy of the MozPL at
* http://www.mozilla.org/NPL/
*
* Software distributed under the MozPL is distributed on an "AS IS"
basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the
MozPL
* for the specific language governing rights and limitations under the
* MozPL.
*
* The Initial Developer of this code under the MozPL is Ian D. Stewart.
* Portions created by Ian D. Stewart are Copyright (C) 1998, 1999
* Ian D. Stewart.
* All Rights Reserved.
*/
to this:
/* -*- Mode: java; tab-width: 8; indent-tabs-mode: nil; c-basic-offset:
4 -*-
*
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.mozilla.org/NPL/
*
* Software distributed under the License is distributed on an "AS
* IS" basis, WITHOUT WARRANTY OF ANY KIND, either express oqr
* implied. See the License for the specific language governing
* rights and limitations under the License.
*
* The Original Code is ListenerCollection, released
* May 15, 1998.
*
* The Initial Developer of the Original Code is Ian D. Stewart.
* Portions created by Ian D. Stewart are Copyright (C) 1998, 1999
* Ian D. Stewart.
* Rights Reserved.
*
* Contributor(s):
* Ian D. Stewart
*
* Alternatively, the contents of this file may be used under the
* terms of the GNU Public License (the "GPL"), in which case the
* provisions of the GPL are applicable instead of those above.
* If you wish to allow use of your version of this file only
* under the terms of the GPL and not to allow others to use your
* version of this file under the NPL, indicate your decision by
* deleting the provisions above and replace them with the notice
* and other provisions required by the GPL. If you do not delete
* the provisions above, a recipient may use your version of this
* file under either the NPL or the GPL.
*/
Can you give me your approval for this change?
Make it so.
Ian
JSErrorReports when thrown as exceptions. Extract JSErrorReport
and convert to an xpcexception. This restores functionality that
was whacked when JS errors-as-exceptions was enabled in the JS
engine.
- add conversion support for string-with-length as part of array
support mentioned in bug 13420. All the array stuff is basically
in with minimal testcases. More comprehensive tests need to be
written to verify and tune the code.
- fix a broken #undef
- switch to using PR_Alloc/PR_Free internally in nsjsid where we
were using new/delete before. This is prompted by warren's change
to nsID::ToString that uses PR_Alloc were before it used new.
This fixes an alloc/delete mismatch detected by Purify.
r=mccabe
- js_NewFunction wasn't initializing (clearing) JSFunction members before it
linked the JSFunction to a JSObject that the GC could reach from a root.
- Make sure frame.scopeChain is cleared before linking frame via cx->fp, even
though we set frame.scopeChain to some object later (another signal that we
should rework js_Invoke to inline it and otherwise optimize it).
the errors are being wrapped by runtime exceptions and still need to be
explicitly caught (this is happening in the interpreter, but not in
generated code).
Problem was that one transformation of a node to GETVAR wasn't protected by a check of inWithStatement().
======================================
Subject:
multiple scopes
Date:
Fri, 01 Oct 1999 12:39:14 -0400
From:
Andrew Wason <aw@softcom.com>
To:
norris@netscape.com
CC:
Howard Lin <howard@softcom.com>
When I create two scopes, and one scope evaulates a string in the other
scope, it works. However, if I do this while handling an exception thrown
within a JavaAdapter method, it fails with an exception.
Run the attached Java program with the two script files. scope1.js
evaluates a string "printMessage" in the scope of scope2.js. This returns
a function object which is then invoked. This works in 3 cases, but fails
in the 4th (in the catch in the JavaAdapter). Even in the 4th case where
it fails, printing the function object looks normal.
Am I doing something wrong, or is there a bug here?
java CrossScope scope1.js scope2.js
Outside of JavaAdapter
works before exception
works after exception
Inside of JavaAdapter
works before exception
Caught exception
pma=
function printMessage(msg) {
java.lang.System.out.println(msg);
}
Exception in thread "main" org.mozilla.javascript.JavaScriptException:
org.mozilla.javascript.EvaluatorException: The undefined value has no
properties.
at
org.mozilla.javascript.JavaScriptException.wrapException(JavaScriptException
.java:61)
at
org.mozilla.javascript.NativeJavaMethod.call(NativeJavaMethod.java,
Compiled Code)
at org.mozilla.javascript.ScriptRuntime.call(ScriptRuntime.java:1256)
at org.mozilla.javascript.Interpreter.interpret(Interpreter.java,
Compiled Code)
at
org.mozilla.javascript.InterpretedScript.call(InterpretedScript.java:49)
at
org.mozilla.javascript.InterpretedScript.exec(InterpretedScript.java:37)
at org.mozilla.javascript.Context.evaluateReader(Context.java:697)
at CrossScope.<init>(CrossScope.java:30)
at CrossScope.main(CrossScope.java:10)
Thanks,
Andrew
import java.io.*;
import org.mozilla.javascript.*;
public class CrossScope {
private Context m_jsContext;
private Scriptable m_scope1;
private Scriptable m_scope2;
public static void main(String args[]) throws Exception {
new CrossScope(args[0], args[1]);
}
private CrossScope(String strFile1, String strFile2) throws Exception {
// Associate Context with main thread
m_jsContext = Context.enter();
m_jsContext.setOptimizationLevel(-1);
// Init scope1, expose Scope object
m_scope1 = m_jsContext.initStandardObjects(new ImporterTopLevel());
m_scope1.put("Scope", m_scope1, this);
// Init scope2
m_scope2 = m_jsContext.initStandardObjects(new ImporterTopLevel());
// Run script in scope2
Reader r2 = new FileReader(strFile2);
m_jsContext.evaluateReader(m_scope2, r2, strFile2, 1, null);
// Eval input JS in scope1 - it can in turn eval JS over in scope2
Reader r1 = new FileReader(strFile1);
Object obj = m_jsContext.evaluateReader(m_scope1, r1, strFile1, 1, null);
if (obj instanceof Throwable)
((Throwable)obj).printStackTrace();
m_jsContext.exit();
}
public Object scope1Eval(String str) throws JavaScriptException {
Context cx = Context.enter(m_jsContext);
Object objResult = cx.evaluateString(m_scope1, str, "scope1EvalString", 1, null);
cx.exit();
return objResult;
}
public Object scope2Eval(String str) throws JavaScriptException {
Context cx = Context.enter(m_jsContext);
Object objResult = cx.evaluateString(m_scope2, str, "scope2EvalString", 1, null);
cx.exit();
return objResult;
}
}
// Scope1
importPackage(java.lang);
System.out.println("Outside of JavaAdapter");
try {
var pm = Scope.scope2Eval("printMessage");
pm("works before exception");
System.arraycopy(null, 5, null, 5, 100);
} catch (e) {
var pma = Scope.scope2Eval("printMessage");
pma("works after exception");
}
var obj = new Runnable() {
run: function() {
System.out.println("Inside of JavaAdapter");
try {
var pm = Scope.scope2Eval("printMessage");
pm("works before exception");
System.arraycopy(null, 5, null, 5, 100);
} catch (e) {
System.out.println("Caught exception");
var pma = Scope.scope2Eval("printMessage");
System.out.println("pma=" + pma);
pma("works after exception");
}
}
};
obj.run();
// Scope2
function printMessage(msg) {
java.lang.System.out.println(msg);
}
14443 "Same origin" security policy may be circumvented using docu
14820 Fixing up the relationship between nsCodeBasePrincipal and n
14919 Crash in JS MM code
Reviewed by mstoltz, approved by scc.
Subject:
optimizer Makefiles
Date:
Fri, 01 Oct 1999 14:50:05 -0400
From:
Andrew Wason <aw@softcom.com>
To:
norris@netscape.com
CC:
Howard Lin <howard@softcom.com>
Norris,
Here are patches to the Rhino Makefiles to build the optimizer package and
the jsc compiler. They also fix a problem with "gmake clean".
Andrew
--
Andrew Wason
SoftCom, Inc.
aw@softcom.com
Subject:
Re: [Fwd: [Bug 13658] Changed - Rhino: null pointer exception on class with duplicate field/method]
Date:
Mon, 13 Sep 1999 20:57:32 -0400
From:
"Kurt Westerfeld" <kurt@westerfeld.com>
To:
"Norris Boyd" <norris@netscape.com>
I do have a patch for this, but it is intermixed with some other changes
that I have implemented for the get/set on Java instances (per my LC3
proposal). The bug requires changes that are a little involved actually;
basically it seems that when getting the default value for a "field and
methods" (which combines the same-named entities), the prototype of the
parent scope is deref-ed, and the parent scope is null. Hence, the scope
must be passed into the the cloned field and method values.
Also, the NativeJavaClass implementation passed "false" for isStatic on the
constructor of the FieldAndMethods Hashtable, which results in classes
having instance methods. Bad. I haven't filed a bug on that yet.
Additionally, I fixed a couple other NullPointerException nigglies thrown in
when exceptions are propagated in the same area. Finally, when getting the
default value for the field, it is helpful to convert a Scriptable to string
when that is requested (as when typing in the console).
I am attaching the changed files. The LC3++ code can be removed if you
want, which I can do for you but it will take a little longer. What is your
preference?
-----Original Message-----
From: Norris Boyd <norris@netscape.com>
To: Kurt Westerfeld <kurt@westerfeld.com>
Date: Monday, September 13, 1999 4:54 PM
Subject: [Fwd: [Bug 13658] Changed - Rhino: null pointer exception on class
with duplicate field/method]
>Kurt,
>
>Is this the bug that your patch fixes?
>
>Thanks,
>Norris
>
and propertyIsEnumerable) for JS1.5.
- Optimize obj_propertyIsEnumerable to avoid extra lookup code bloat, requiring
fix to js_GetAttributes (unset out param on successful early retunr) that it
exposed.
- Use more righteous else-if style in shaver's jsarray.c change.