[Original] Breaking the Java Unusual Processing Rules
Q: I call the external method in my application and want to capture the exception that it may thrown. Can I capture java.lang.exception?
A: Depending on a given method to process all runtime and detection exceptions are insufficient for preventing external errors. You can read the current JavaWorld article - "Java Tip 134: When Catching Exception, Don't Cast your Net Too Wide". This article warned the capture java.lang.exception and java.lang.throable is not good. It is very important to capture the exception you can specify for the maintenanceability of the code. However, this rule relies on a special environment. If you don't plan your program to crash and keep your data structure safe anomaly, you must capture the true exception thrown. For example, imagine that you have a server that loads this interface: public interface ifoo {/ ** * this method can't throw any checked exceptions ... or can it? * / Void bar ();
} // end of interface
The reason for giving parameters is to let us notify us where such services are available, and different IFOO implementations can be loaded from external resources. You have written the following code: try {ifoo foo = ... // Get an ifoo importation foo.bar ();} catch (runtimeexception ie) {// handle 'oe' ...} catch (error e) {///// Handle Or Re-Throw 'E' ...}
And you have processed all possible exceptions in this. You don't need to add any capture of java.io ioException, because ifoo implementation does not throw it from ifoo.bar (), right? (In fact, if you add a capture java.io ioException, the compiler may discard it as an unreachable exception) error. The bar () method proves any exceptions that will throw you to the class constructor in the Evilfoo class: public void bar () {EVILTHROW.THROWTHROWABLE (M_THROWTHIS);
Running main method: public class main {public static void main (femar string [] args {// this try / catch block Appears to intercept all Exceptions That //i inter () Can Throw; However, this Is Not True Try {Ifoo foo = new evilfoo (New java.io.ioException); foo.bar ();} catch (runtimeException ooe) {// ignore ooe} catch (error e) {// ignore e} }} // end of class
You will see the java.io ioException exception instance from bar () method and there is no capture block:> java -cp classes mainexception in thread "main" java.io.ioException: surprise! At main.main (main .java: 23)
What happened here? The main observation is that Java rules that typically detect exceptions are only performed when compiling. When running, a JVM cannot guarantee whether the exception thrown by a method and the throwing exception declared in this method. Because the role of the calling method is to capture and process all the exceptions thrown from the calling method. Any exception that is not declared by the calling method will not be ignored and refused to call the stack. If the normal behavior is executed by the compiler, how do I create Evilfoo? There are at least two ways to create an unusual Java method that throws no declaration: • Thread.stop (throwable) is not used in favor, but it is still used and passing a throwable THREAD. • Compile: You can compile the IFOO temporary version of the detection exception when compiling Evilfoo. I use the latter choice: I compile the start defined Evilthrow Class: Public Abstract Class Evilthrow {public static void throwthrow (throwable throwable) throws throwable {throw throwable;}}
Next, I use Byte Code Engineering Library (BCEL) Jasminvisitor to remove the throwthrowable () method of throwThrowable () method in assembly code and compile new versions with Jasmin Assembler. If you reserve a buffer constructor, it should always capture java.lang.Throwable, not just capture java.lang.exception. This rule is suitable for the application of administrative runtime applications and external components that may contain errors or even malicious code. You have to make sure you caught throwable and filter out the error message. The following example illustrates what if you don't follow this suggestion. Example: Breaking Swingutilities.InvokeAndwait () javax.swing.swingutilities.invokeAther () is a useful way to perform a thread on the AWT. When an application thread must update the graphical user interface and obey all Swing thread rules, this method will be called. An exception that does not capture runnable.run () will be captured and packaged in an InvocationTrageTexception to resolve. Sun's J2SE1.4.1 assumes that such an unpaged exception is just a subclass of java.lang.exception. Here is a analysis of swingutilities.invokeAndwait () call java.awt.event.invocationEvent: public void dispatch () {if (catChexception) {try {runnable.run ();} catch (exception e) {exception = e; }} Else {runnable.run ();} if (notifier! = Null) {synchronized (notifier) {notifier.notifyall ();}}}
The problem with this code is if runnable.run () throws a throwable, the capture block is not and notifier.notifyall () will never be executed. Then calling application thread will wait java.awt.EventQueue.invokeAndWait () in a non-public lock object (lock.wait () will never execute): public static void invokeAndWait (Runnable runnable) throws InterruptedException, InvocationTargetException {
Class awtinvocationLock {} Object Lock = New aWTINVOCATIONLOCK ();
InvocationEvent Event = New InvocationEvent (Toolkit.getDefaultToolkit (), Runnable, Lock, True;
Synchronized (Lock) {Toolkit.geteventqueue (). poste (event); lock.wait ();
Exception evenetException = event.getexception (); if (evenetException! = Null) {throw new infocationTargeTexception (EventException);}} Let Evilfoo implement Runnable interface: public void Run () {bar ();}
Then, call it in Main: swingutilities.invokeAit (New Throwable (New Throwable ("surprise!"))); As you can see, untrusted code makes your code into the execution path you are not ready to process Unusually protected.
