Browse files

verify that check/init prop operations occur in correct functions wit…

…h existent properties

Summary: HHVM was crashing when CheckProp or InitProp referenced nonexistent properties. This adds a check to the verifier that they only reference existing properties, and that they only appear in either 86sinit or 86pinit as specified in the bytecode spec.

Reviewed By: markw65

Differential Revision: D5513939

fbshipit-source-id: d862bd2066ad80e5061c99e7abd5b50f4912e3fe
  • Loading branch information...
dsainati1 authored and hhvm-bot committed Jul 28, 2017
1 parent 8bae69b commit 71157b5a80ec11f00e1cc9c03eb88cd0c1332033
@@ -1129,6 +1129,21 @@ bool FuncChecker::checkClsRefSlots(State* cur, PC const pc) {
bool FuncChecker::checkOp(State* cur, PC pc, Op op, Block* b) {
switch (op) {
case Op::InitProp:
case Op::CheckProp: {
auto const prop = m_func->unit()->lookupLitstrId(getImm(pc, 0).u_SA);
auto fname = m_func->name()->toCppString();
if ("86pinit") != 0 &&"86sinit") != 0) {
ferror("{} cannot appear in {} function\n", opcodeToName(op), fname);
return false;
if (!m_func->preClass() || !m_func->preClass()->hasProp(prop)){
ferror("{} references non-existent property {}\n",
opcodeToName(op), prop);
return false;
case Op::DefCls:
case Op::DefClsNop:
case Op::CreateCl: {
@@ -0,0 +1,32 @@
.main {
DefCls 0
FPushCtorD 0 "C"
FCall 0
CheckProp "foo"
InitProp "bar" NonStatic
.class C {
.method [public] 86sinit() {
String "default ::foo value"
InitProp "foo" Static
.method [public] 86pinit() {
CheckProp "bar"
String "string"
InitProp "baz" Static
@@ -0,0 +1,6 @@
Verification Error (unit %s func ): CheckProp cannot appear in function
Verification Error (unit %s func ): InitProp cannot appear in function
Verification Error (unit %s func 86sinit): InitProp references non-existent property foo
Verification Error (unit %s func 86pinit): CheckProp references non-existent property bar
Verification Error (unit %s func 86pinit): InitProp references non-existent property baz
Verification failed for unit %s. Re-run with HHVM_VERIFY_VERBOSE=1 to see more details.

0 comments on commit 71157b5

Please sign in to comment.