1 /*
   2  * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "cds/cdsConfig.hpp"
  27 #include "classfile/classFileStream.hpp"
  28 #include "classfile/classLoader.hpp"
  29 #include "classfile/javaClasses.hpp"
  30 #include "classfile/stackMapTable.hpp"
  31 #include "classfile/stackMapFrame.hpp"
  32 #include "classfile/stackMapTableFormat.hpp"
  33 #include "classfile/symbolTable.hpp"
  34 #include "classfile/systemDictionary.hpp"
  35 #include "classfile/verifier.hpp"
  36 #include "classfile/vmClasses.hpp"
  37 #include "classfile/vmSymbols.hpp"
  38 #include "interpreter/bytecodes.hpp"
  39 #include "interpreter/bytecodeStream.hpp"
  40 #include "jvm.h"
  41 #include "logging/log.hpp"
  42 #include "logging/logStream.hpp"
  43 #include "memory/oopFactory.hpp"
  44 #include "memory/resourceArea.hpp"
  45 #include "memory/universe.hpp"
  46 #include "oops/constantPool.inline.hpp"
  47 #include "oops/instanceKlass.inline.hpp"
  48 #include "oops/klass.inline.hpp"
  49 #include "oops/oop.inline.hpp"
  50 #include "oops/typeArrayOop.hpp"
  51 #include "runtime/arguments.hpp"
  52 #include "runtime/fieldDescriptor.hpp"
  53 #include "runtime/handles.inline.hpp"
  54 #include "runtime/interfaceSupport.inline.hpp"
  55 #include "runtime/javaCalls.hpp"
  56 #include "runtime/javaThread.hpp"
  57 #include "runtime/jniHandles.inline.hpp"
  58 #include "runtime/os.hpp"
  59 #include "runtime/safepointVerifiers.hpp"
  60 #include "services/threadService.hpp"
  61 #include "utilities/align.hpp"
  62 #include "utilities/bytes.hpp"
  63 
  64 #define NOFAILOVER_MAJOR_VERSION                       51
  65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  67 #define MAX_ARRAY_DIMENSIONS 255
  68 
  69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  70 
  71 extern "C" {
  72   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  73 }
  74 
  75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  76 
  77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  78 
  79   if (_verify_byte_codes_fn != nullptr)
  80     return _verify_byte_codes_fn;
  81 
  82   MutexLocker locker(Verify_lock);
  83 
  84   if (_verify_byte_codes_fn != nullptr)
  85     return _verify_byte_codes_fn;
  86 
  87   // Load verify dll
  88   char buffer[JVM_MAXPATHLEN];
  89   char ebuf[1024];
  90   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  91     return nullptr; // Caller will throw VerifyError
  92 
  93   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  94   if (lib_handle == nullptr)
  95     return nullptr; // Caller will throw VerifyError
  96 
  97   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  98   if (fn == nullptr)
  99     return nullptr; // Caller will throw VerifyError
 100 
 101   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 102 }
 103 
 104 
 105 // Methods in Verifier
 106 
 107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 108   return (class_loader == nullptr || !should_verify_class) ?
 109     BytecodeVerificationLocal : BytecodeVerificationRemote;
 110 }
 111 
 112 bool Verifier::relax_access_for(oop loader) {
 113   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 114   bool need_verify =
 115     // verifyAll
 116     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 117     // verifyRemote
 118     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 119   return !need_verify;
 120 }
 121 
 122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 123   assert(verify_class != nullptr, "Unexpected null verify_class");
 124   ResourceMark rm;
 125   Symbol* s = verify_class->source_file_name();
 126   const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
 127   const char* verify = verify_class->external_name();
 128   const char* resolve = resolve_class->external_name();
 129   // print in a single call to reduce interleaving between threads
 130   if (source_file != nullptr) {
 131     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 132   } else {
 133     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 134   }
 135 }
 136 
 137 // Prints the end-verification message to the appropriate output.
 138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 139   if (pending_exception != nullptr) {
 140     st->print("Verification for %s has", klassName);
 141     oop message = java_lang_Throwable::message(pending_exception);
 142     if (message != nullptr) {
 143       char* ex_msg = java_lang_String::as_utf8_string(message);
 144       st->print_cr(" exception pending '%s %s'",
 145                    pending_exception->klass()->external_name(), ex_msg);
 146     } else {
 147       st->print_cr(" exception pending %s ",
 148                    pending_exception->klass()->external_name());
 149     }
 150   } else if (exception_name != nullptr) {
 151     st->print_cr("Verification for %s failed", klassName);
 152   }
 153   st->print_cr("End class verification for: %s", klassName);
 154 }
 155 
 156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 157   HandleMark hm(THREAD);
 158   ResourceMark rm(THREAD);
 159 
 160   // Eagerly allocate the identity hash code for a klass. This is a fallout
 161   // from 6320749 and 8059924: hash code generator is not supposed to be called
 162   // during the safepoint, but it allows to sneak the hashcode in during
 163   // verification. Without this eager hashcode generation, we may end up
 164   // installing the hashcode during some other operation, which may be at
 165   // safepoint -- blowing up the checks. It was previously done as the side
 166   // effect (sic!) for external_name(), but instead of doing that, we opt to
 167   // explicitly push the hashcode in here. This is signify the following block
 168   // is IMPORTANT:
 169   if (klass->java_mirror() != nullptr) {
 170     klass->java_mirror()->identity_hash();
 171   }
 172 
 173   if (!is_eligible_for_verification(klass, should_verify_class)) {
 174     return true;
 175   }
 176 
 177   // Timer includes any side effects of class verification (resolution,
 178   // etc), but not recursive calls to Verifier::verify().
 179   JavaThread* jt = THREAD;
 180   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 181                            ClassLoader::perf_class_verify_selftime(),
 182                            ClassLoader::perf_classes_verified(),
 183                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 184                            jt->get_thread_stat()->perf_timers_addr(),
 185                            PerfClassTraceTime::CLASS_VERIFY);
 186 
 187   // If the class should be verified, first see if we can use the split
 188   // verifier.  If not, or if verification fails and can failover, then
 189   // call the inference verifier.
 190   Symbol* exception_name = nullptr;
 191   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 192   char* message_buffer = nullptr;
 193   char* exception_message = nullptr;
 194 
 195   log_info(class, init)("Start class verification for: %s", klass->external_name());
 196   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 197     ClassVerifier split_verifier(jt, klass);
 198     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 199     split_verifier.verify_class(THREAD);
 200     exception_name = split_verifier.result();
 201 
 202     // If dumping static archive then don't fall back to the old verifier on
 203     // verification failure. If a class fails verification with the split verifier,
 204     // it might fail the CDS runtime verifier constraint check. In that case, we
 205     // don't want to share the class. We only archive classes that pass the split
 206     // verifier.
 207     bool can_failover = !CDSConfig::is_dumping_static_archive() &&
 208       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 209 
 210     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 211         (exception_name == vmSymbols::java_lang_VerifyError() ||
 212          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 213       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 214       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 215       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 216       exception_message = message_buffer;
 217       exception_name = inference_verify(
 218         klass, message_buffer, message_buffer_len, THREAD);
 219     }
 220     if (exception_name != nullptr) {
 221       exception_message = split_verifier.exception_message();
 222     }
 223   } else {
 224     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 225     exception_message = message_buffer;
 226     exception_name = inference_verify(
 227         klass, message_buffer, message_buffer_len, THREAD);
 228   }
 229 
 230   LogTarget(Info, class, init) lt1;
 231   if (lt1.is_enabled()) {
 232     LogStream ls(lt1);
 233     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 234   }
 235   LogTarget(Info, verification) lt2;
 236   if (lt2.is_enabled()) {
 237     LogStream ls(lt2);
 238     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 239   }
 240 
 241   if (HAS_PENDING_EXCEPTION) {
 242     return false; // use the existing exception
 243   } else if (exception_name == nullptr) {
 244     return true; // verification succeeded
 245   } else { // VerifyError or ClassFormatError to be created and thrown
 246     Klass* kls =
 247       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 248     if (log_is_enabled(Debug, class, resolve)) {
 249       Verifier::trace_class_resolution(kls, klass);
 250     }
 251 
 252     while (kls != nullptr) {
 253       if (kls == klass) {
 254         // If the class being verified is the exception we're creating
 255         // or one of it's superclasses, we're in trouble and are going
 256         // to infinitely recurse when we try to initialize the exception.
 257         // So bail out here by throwing the preallocated VM error.
 258         THROW_OOP_(Universe::internal_error_instance(), false);
 259       }
 260       kls = kls->super();
 261     }
 262     if (message_buffer != nullptr) {
 263       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 264     }
 265     assert(exception_message != nullptr, "");
 266     THROW_MSG_(exception_name, exception_message, false);
 267   }
 268 }
 269 
 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 271   Symbol* name = klass->name();
 272   Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
 273 
 274   bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
 275                                 klass->is_subtype_of(refl_serialization_ctor_klass);
 276 
 277   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 278     // return if the class is a bootstrapping class
 279     // or defineClass specified not to verify by default (flags override passed arg)
 280     // We need to skip the following four for bootstraping
 281     name != vmSymbols::java_lang_Object() &&
 282     name != vmSymbols::java_lang_Class() &&
 283     name != vmSymbols::java_lang_String() &&
 284     name != vmSymbols::java_lang_Throwable() &&
 285 
 286     // Can not verify the bytecodes for shared classes because they have
 287     // already been rewritten to contain constant pool cache indices,
 288     // which the verifier can't understand.
 289     // Shared classes shouldn't have stackmaps either.
 290     // However, bytecodes for shared old classes can be verified because
 291     // they have not been rewritten.
 292     !(klass->is_shared() && klass->is_rewritten()) &&
 293 
 294     // As of the fix for 4486457 we disable verification for all of the
 295     // dynamically-generated bytecodes associated with
 296     // jdk/internal/reflect/SerializationConstructorAccessor.
 297     (!is_reflect_accessor));
 298 }
 299 
 300 Symbol* Verifier::inference_verify(
 301     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 302   JavaThread* thread = THREAD;
 303 
 304   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 305 
 306   if (verify_func == nullptr) {
 307     jio_snprintf(message, message_len, "Could not link verifier");
 308     return vmSymbols::java_lang_VerifyError();
 309   }
 310 
 311   ResourceMark rm(thread);
 312   log_info(verification)("Verifying class %s with old format", klass->external_name());
 313 
 314   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 315   jint result;
 316 
 317   {
 318     HandleMark hm(thread);
 319     ThreadToNativeFromVM ttn(thread);
 320     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 321     // code knows that we have left the VM
 322     JNIEnv *env = thread->jni_environment();
 323     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 324   }
 325 
 326   JNIHandles::destroy_local(cls);
 327 
 328   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 329   // to be changed (still return jboolean (unsigned char)), and result is
 330   // 1 when verification is passed.
 331   if (result == 0) {
 332     return vmSymbols::java_lang_VerifyError();
 333   } else if (result == 1) {
 334     return nullptr; // verified.
 335   } else if (result == 2) {
 336     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
 337   } else if (result == 3) {
 338     return vmSymbols::java_lang_ClassFormatError();
 339   } else {
 340     ShouldNotReachHere();
 341     return nullptr;
 342   }
 343 }
 344 
 345 TypeOrigin TypeOrigin::null() {
 346   return TypeOrigin();
 347 }
 348 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
 349   assert(frame != nullptr, "Must have a frame");
 350   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 351      frame->local_at(index));
 352 }
 353 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
 354   assert(frame != nullptr, "Must have a frame");
 355   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 356       frame->stack_at(index));
 357 }
 358 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
 359   assert(frame != nullptr, "Must have a frame");
 360   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 361       frame->local_at(index));
 362 }
 363 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
 364   assert(frame != nullptr, "Must have a frame");
 365   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 366       frame->stack_at(index));
 367 }
 368 TypeOrigin TypeOrigin::bad_index(int index) {
 369   return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
 370 }
 371 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
 372   return TypeOrigin(CONST_POOL, index, nullptr, vt);
 373 }
 374 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 375   return TypeOrigin(SIG, 0, nullptr, vt);
 376 }
 377 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 378   return TypeOrigin(IMPLICIT, 0, nullptr, t);
 379 }
 380 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 381   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 382                     VerificationType::bogus_type());
 383 }
 384 
 385 void TypeOrigin::reset_frame() {
 386   if (_frame != nullptr) {
 387     _frame->restore();
 388   }
 389 }
 390 
 391 void TypeOrigin::details(outputStream* ss) const {
 392   _type.print_on(ss);
 393   switch (_origin) {
 394     case CF_LOCALS:
 395       ss->print(" (current frame, locals[%d])", _index);
 396       break;
 397     case CF_STACK:
 398       ss->print(" (current frame, stack[%d])", _index);
 399       break;
 400     case SM_LOCALS:
 401       ss->print(" (stack map, locals[%d])", _index);
 402       break;
 403     case SM_STACK:
 404       ss->print(" (stack map, stack[%d])", _index);
 405       break;
 406     case CONST_POOL:
 407       ss->print(" (constant pool %d)", _index);
 408       break;
 409     case SIG:
 410       ss->print(" (from method signature)");
 411       break;
 412     case IMPLICIT:
 413     case FRAME_ONLY:
 414     case NONE:
 415     default:
 416       ;
 417   }
 418 }
 419 
 420 #ifdef ASSERT
 421 void TypeOrigin::print_on(outputStream* str) const {
 422   str->print("{%d,%d,%p:", _origin, _index, _frame);
 423   if (_frame != nullptr) {
 424     _frame->print_on(str);
 425   } else {
 426     str->print("null");
 427   }
 428   str->print(",");
 429   _type.print_on(str);
 430   str->print("}");
 431 }
 432 #endif
 433 
 434 void ErrorContext::details(outputStream* ss, const Method* method) const {
 435   if (is_valid()) {
 436     ss->cr();
 437     ss->print_cr("Exception Details:");
 438     location_details(ss, method);
 439     reason_details(ss);
 440     frame_details(ss);
 441     bytecode_details(ss, method);
 442     handler_details(ss, method);
 443     stackmap_details(ss, method);
 444   }
 445 }
 446 
 447 void ErrorContext::reason_details(outputStream* ss) const {
 448   streamIndentor si(ss);
 449   ss->indent().print_cr("Reason:");
 450   streamIndentor si2(ss);
 451   ss->indent().print("%s", "");
 452   switch (_fault) {
 453     case INVALID_BYTECODE:
 454       ss->print("Error exists in the bytecode");
 455       break;
 456     case WRONG_TYPE:
 457       if (_expected.is_valid()) {
 458         ss->print("Type ");
 459         _type.details(ss);
 460         ss->print(" is not assignable to ");
 461         _expected.details(ss);
 462       } else {
 463         ss->print("Invalid type: ");
 464         _type.details(ss);
 465       }
 466       break;
 467     case FLAGS_MISMATCH:
 468       if (_expected.is_valid()) {
 469         ss->print("Current frame's flags are not assignable "
 470                   "to stack map frame's.");
 471       } else {
 472         ss->print("Current frame's flags are invalid in this context.");
 473       }
 474       break;
 475     case BAD_CP_INDEX:
 476       ss->print("Constant pool index %d is invalid", _type.index());
 477       break;
 478     case BAD_LOCAL_INDEX:
 479       ss->print("Local index %d is invalid", _type.index());
 480       break;
 481     case LOCALS_SIZE_MISMATCH:
 482       ss->print("Current frame's local size doesn't match stackmap.");
 483       break;
 484     case STACK_SIZE_MISMATCH:
 485       ss->print("Current frame's stack size doesn't match stackmap.");
 486       break;
 487     case STACK_OVERFLOW:
 488       ss->print("Exceeded max stack size.");
 489       break;
 490     case STACK_UNDERFLOW:
 491       ss->print("Attempt to pop empty stack.");
 492       break;
 493     case MISSING_STACKMAP:
 494       ss->print("Expected stackmap frame at this location.");
 495       break;
 496     case BAD_STACKMAP:
 497       ss->print("Invalid stackmap specification.");
 498       break;
 499     case UNKNOWN:
 500     default:
 501       ShouldNotReachHere();
 502       ss->print_cr("Unknown");
 503   }
 504   ss->cr();
 505 }
 506 
 507 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 508   if (_bci != -1 && method != nullptr) {
 509     streamIndentor si(ss);
 510     const char* bytecode_name = "<invalid>";
 511     if (method->validate_bci(_bci) != -1) {
 512       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 513       if (Bytecodes::is_defined(code)) {
 514           bytecode_name = Bytecodes::name(code);
 515       } else {
 516           bytecode_name = "<illegal>";
 517       }
 518     }
 519     InstanceKlass* ik = method->method_holder();
 520     ss->indent().print_cr("Location:");
 521     streamIndentor si2(ss);
 522     ss->indent().print_cr("%s.%s%s @%d: %s",
 523         ik->name()->as_C_string(), method->name()->as_C_string(),
 524         method->signature()->as_C_string(), _bci, bytecode_name);
 525   }
 526 }
 527 
 528 void ErrorContext::frame_details(outputStream* ss) const {
 529   streamIndentor si(ss);
 530   if (_type.is_valid() && _type.frame() != nullptr) {
 531     ss->indent().print_cr("Current Frame:");
 532     streamIndentor si2(ss);
 533     _type.frame()->print_on(ss);
 534   }
 535   if (_expected.is_valid() && _expected.frame() != nullptr) {
 536     ss->indent().print_cr("Stackmap Frame:");
 537     streamIndentor si2(ss);
 538     _expected.frame()->print_on(ss);
 539   }
 540 }
 541 
 542 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 543   if (method != nullptr) {
 544     streamIndentor si(ss);
 545     ss->indent().print_cr("Bytecode:");
 546     streamIndentor si2(ss);
 547     ss->print_data(method->code_base(), method->code_size(), false);
 548   }
 549 }
 550 
 551 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 552   if (method != nullptr) {
 553     streamIndentor si(ss);
 554     ExceptionTable table(method);
 555     if (table.length() > 0) {
 556       ss->indent().print_cr("Exception Handler Table:");
 557       streamIndentor si2(ss);
 558       for (int i = 0; i < table.length(); ++i) {
 559         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 560             table.end_pc(i), table.handler_pc(i));
 561       }
 562     }
 563   }
 564 }
 565 
 566 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 567   if (method != nullptr && method->has_stackmap_table()) {
 568     streamIndentor si(ss);
 569     ss->indent().print_cr("Stackmap Table:");
 570     Array<u1>* data = method->stackmap_data();
 571     stack_map_table* sm_table =
 572         stack_map_table::at((address)data->adr_at(0));
 573     stack_map_frame* sm_frame = sm_table->entries();
 574     streamIndentor si2(ss);
 575     int current_offset = -1;
 576     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 577     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 578       ss->indent();
 579       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 580         sm_frame->print_truncated(ss, current_offset);
 581         return;
 582       }
 583       sm_frame->print_on(ss, current_offset);
 584       ss->cr();
 585       current_offset += sm_frame->offset_delta();
 586       sm_frame = sm_frame->next();
 587     }
 588   }
 589 }
 590 
 591 // Methods in ClassVerifier
 592 
 593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 594     : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
 595       _message(nullptr), _klass(klass) {
 596   _this_type = VerificationType::reference_type(klass->name());
 597 }
 598 
 599 ClassVerifier::~ClassVerifier() {
 600   // Decrement the reference count for any symbols created.
 601   if (_symbols != nullptr) {
 602     for (int i = 0; i < _symbols->length(); i++) {
 603       Symbol* s = _symbols->at(i);
 604       s->decrement_refcount();
 605     }
 606   }
 607 }
 608 
 609 VerificationType ClassVerifier::object_type() const {
 610   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 611 }
 612 
 613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 614   VerificationType vt = VerificationType::reference_type(
 615                          create_temporary_symbol(sig, (int)strlen(sig)));
 616   return TypeOrigin::implicit(vt);
 617 }
 618 
 619 
 620 void ClassVerifier::verify_class(TRAPS) {
 621   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 622 
 623   // Either verifying both local and remote classes or just remote classes.
 624   assert(BytecodeVerificationRemote, "Should not be here");
 625 
 626   Array<Method*>* methods = _klass->methods();
 627   int num_methods = methods->length();
 628 
 629   for (int index = 0; index < num_methods; index++) {
 630     // Check for recursive re-verification before each method.
 631     if (was_recursively_verified()) return;
 632 
 633     Method* m = methods->at(index);
 634     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 635       // If m is native or abstract, skip it.  It is checked in class file
 636       // parser that methods do not override a final method.  Overpass methods
 637       // are trusted since the VM generates them.
 638       continue;
 639     }
 640     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 641   }
 642 
 643   if (was_recursively_verified()){
 644     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 645     log_info(class, init)("Recursive verification detected for: %s",
 646                         _klass->external_name());
 647   }
 648 }
 649 
 650 // Translate the signature entries into verification types and save them in
 651 // the growable array.  Also, save the count of arguments.
 652 void ClassVerifier::translate_signature(Symbol* const method_sig,
 653                                         sig_as_verification_types* sig_verif_types) {
 654   SignatureStream sig_stream(method_sig);
 655   VerificationType sig_type[2];
 656   int sig_i = 0;
 657   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 658 
 659   // Translate the signature arguments into verification types.
 660   while (!sig_stream.at_return_type()) {
 661     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 662     assert(n <= 2, "Unexpected signature type");
 663 
 664     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 665     for (int x = 0; x < n; x++) {
 666       verif_types->push(sig_type[x]);
 667     }
 668     sig_i += n;
 669     sig_stream.next();
 670   }
 671 
 672   // Set final arg count, not including the return type.  The final arg count will
 673   // be compared with sig_verify_types' length to see if there is a return type.
 674   sig_verif_types->set_num_args(sig_i);
 675 
 676   // Store verification type(s) for the return type, if there is one.
 677   if (sig_stream.type() != T_VOID) {
 678     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 679     assert(n <= 2, "Unexpected signature return type");
 680     for (int y = 0; y < n; y++) {
 681       verif_types->push(sig_type[y]);
 682     }
 683   }
 684 }
 685 
 686 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 687                                             int sig_index) {
 688   // Translate the signature into verification types.
 689   ConstantPool* cp = _klass->constants();
 690   Symbol* const method_sig = cp->symbol_at(sig_index);
 691   translate_signature(method_sig, sig_verif_types);
 692 
 693   // Add the list of this signature's verification types to the table.
 694   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 695   assert(is_unique, "Duplicate entries in method_signature_table");
 696 }
 697 
 698 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 699   HandleMark hm(THREAD);
 700   _method = m;   // initialize _method
 701   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 702 
 703 // For clang, the only good constant format string is a literal constant format string.
 704 #define bad_type_msg "Bad type on operand stack in %s"
 705 
 706   u2 max_stack = m->verifier_max_stack();
 707   u2 max_locals = m->max_locals();
 708   constantPoolHandle cp(THREAD, m->constants());
 709 
 710   // Method signature was checked in ClassFileParser.
 711   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 712          "Invalid method signature");
 713 
 714   // Initial stack map frame: offset is 0, stack is initially empty.
 715   StackMapFrame current_frame(max_locals, max_stack, this);
 716   // Set initial locals
 717   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 718 
 719   u2 stackmap_index = 0; // index to the stackmap array
 720 
 721   u4 code_length = m->code_size();
 722 
 723   // Scan the bytecode and map each instruction's start offset to a number.
 724   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 725 
 726   int ex_min = code_length;
 727   int ex_max = -1;
 728   // Look through each item on the exception table. Each of the fields must refer
 729   // to a legal instruction.
 730   if (was_recursively_verified()) return;
 731   verify_exception_handler_table(
 732     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 733 
 734   // Look through each entry on the local variable table and make sure
 735   // its range of code array offsets is valid. (4169817)
 736   if (m->has_localvariable_table()) {
 737     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 738   }
 739 
 740   Array<u1>* stackmap_data = m->stackmap_data();
 741   StackMapStream stream(stackmap_data);
 742   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 743   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 744                                code_data, code_length, CHECK_VERIFY(this));
 745 
 746   LogTarget(Debug, verification) lt;
 747   if (lt.is_enabled()) {
 748     ResourceMark rm(THREAD);
 749     LogStream ls(lt);
 750     stackmap_table.print_on(&ls);
 751   }
 752 
 753   RawBytecodeStream bcs(m);
 754 
 755   // Scan the byte code linearly from the start to the end
 756   bool no_control_flow = false; // Set to true when there is no direct control
 757                                 // flow from current instruction to the next
 758                                 // instruction in sequence
 759 
 760   Bytecodes::Code opcode;
 761   while (!bcs.is_last_bytecode()) {
 762     // Check for recursive re-verification before each bytecode.
 763     if (was_recursively_verified())  return;
 764 
 765     opcode = bcs.raw_next();
 766     int bci = bcs.bci();
 767 
 768     // Set current frame's offset to bci
 769     current_frame.set_offset(bci);
 770     current_frame.set_mark();
 771 
 772     // Make sure every offset in stackmap table point to the beginning to
 773     // an instruction. Match current_frame to stackmap_table entry with
 774     // the same offset if exists.
 775     stackmap_index = verify_stackmap_table(
 776       stackmap_index, bci, &current_frame, &stackmap_table,
 777       no_control_flow, CHECK_VERIFY(this));
 778 
 779 
 780     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 781     bool verified_exc_handlers = false;
 782 
 783     // Merge with the next instruction
 784     {
 785       int target;
 786       VerificationType type, type2;
 787       VerificationType atype;
 788 
 789       LogTarget(Debug, verification) lt;
 790       if (lt.is_enabled()) {
 791         ResourceMark rm(THREAD);
 792         LogStream ls(lt);
 793         current_frame.print_on(&ls);
 794         lt.print("offset = %d,  opcode = %s", bci,
 795                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 796       }
 797 
 798       // Make sure wide instruction is in correct format
 799       if (bcs.is_wide()) {
 800         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 801             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 802             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 803             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 804             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 805             opcode != Bytecodes::_dstore) {
 806           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 807            * if we encounter a wide instruction that modifies an invalid
 808            * opcode (not one of the ones listed above) */
 809           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 810           return;
 811         }
 812       }
 813 
 814       // Look for possible jump target in exception handlers and see if it
 815       // matches current_frame.  Do this check here for astore*, dstore*,
 816       // fstore*, istore*, and lstore* opcodes because they can change the type
 817       // state by adding a local.  JVM Spec says that the incoming type state
 818       // should be used for this check.  So, do the check here before a possible
 819       // local is added to the type state.
 820       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 821         if (was_recursively_verified()) return;
 822         verify_exception_handler_targets(
 823           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 824         verified_exc_handlers = true;
 825       }
 826 
 827       if (was_recursively_verified()) return;
 828 
 829       switch (opcode) {
 830         case Bytecodes::_nop :
 831           no_control_flow = false; break;
 832         case Bytecodes::_aconst_null :
 833           current_frame.push_stack(
 834             VerificationType::null_type(), CHECK_VERIFY(this));
 835           no_control_flow = false; break;
 836         case Bytecodes::_iconst_m1 :
 837         case Bytecodes::_iconst_0 :
 838         case Bytecodes::_iconst_1 :
 839         case Bytecodes::_iconst_2 :
 840         case Bytecodes::_iconst_3 :
 841         case Bytecodes::_iconst_4 :
 842         case Bytecodes::_iconst_5 :
 843           current_frame.push_stack(
 844             VerificationType::integer_type(), CHECK_VERIFY(this));
 845           no_control_flow = false; break;
 846         case Bytecodes::_lconst_0 :
 847         case Bytecodes::_lconst_1 :
 848           current_frame.push_stack_2(
 849             VerificationType::long_type(),
 850             VerificationType::long2_type(), CHECK_VERIFY(this));
 851           no_control_flow = false; break;
 852         case Bytecodes::_fconst_0 :
 853         case Bytecodes::_fconst_1 :
 854         case Bytecodes::_fconst_2 :
 855           current_frame.push_stack(
 856             VerificationType::float_type(), CHECK_VERIFY(this));
 857           no_control_flow = false; break;
 858         case Bytecodes::_dconst_0 :
 859         case Bytecodes::_dconst_1 :
 860           current_frame.push_stack_2(
 861             VerificationType::double_type(),
 862             VerificationType::double2_type(), CHECK_VERIFY(this));
 863           no_control_flow = false; break;
 864         case Bytecodes::_sipush :
 865         case Bytecodes::_bipush :
 866           current_frame.push_stack(
 867             VerificationType::integer_type(), CHECK_VERIFY(this));
 868           no_control_flow = false; break;
 869         case Bytecodes::_ldc :
 870           verify_ldc(
 871             opcode, bcs.get_index_u1(), &current_frame,
 872             cp, bci, CHECK_VERIFY(this));
 873           no_control_flow = false; break;
 874         case Bytecodes::_ldc_w :
 875         case Bytecodes::_ldc2_w :
 876           verify_ldc(
 877             opcode, bcs.get_index_u2(), &current_frame,
 878             cp, bci, CHECK_VERIFY(this));
 879           no_control_flow = false; break;
 880         case Bytecodes::_iload :
 881           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 882           no_control_flow = false; break;
 883         case Bytecodes::_iload_0 :
 884         case Bytecodes::_iload_1 :
 885         case Bytecodes::_iload_2 :
 886         case Bytecodes::_iload_3 : {
 887           int index = opcode - Bytecodes::_iload_0;
 888           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 889           no_control_flow = false; break;
 890           }
 891         case Bytecodes::_lload :
 892           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 893           no_control_flow = false; break;
 894         case Bytecodes::_lload_0 :
 895         case Bytecodes::_lload_1 :
 896         case Bytecodes::_lload_2 :
 897         case Bytecodes::_lload_3 : {
 898           int index = opcode - Bytecodes::_lload_0;
 899           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 900           no_control_flow = false; break;
 901           }
 902         case Bytecodes::_fload :
 903           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 904           no_control_flow = false; break;
 905         case Bytecodes::_fload_0 :
 906         case Bytecodes::_fload_1 :
 907         case Bytecodes::_fload_2 :
 908         case Bytecodes::_fload_3 : {
 909           int index = opcode - Bytecodes::_fload_0;
 910           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 911           no_control_flow = false; break;
 912           }
 913         case Bytecodes::_dload :
 914           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 915           no_control_flow = false; break;
 916         case Bytecodes::_dload_0 :
 917         case Bytecodes::_dload_1 :
 918         case Bytecodes::_dload_2 :
 919         case Bytecodes::_dload_3 : {
 920           int index = opcode - Bytecodes::_dload_0;
 921           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 922           no_control_flow = false; break;
 923           }
 924         case Bytecodes::_aload :
 925           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 926           no_control_flow = false; break;
 927         case Bytecodes::_aload_0 :
 928         case Bytecodes::_aload_1 :
 929         case Bytecodes::_aload_2 :
 930         case Bytecodes::_aload_3 : {
 931           int index = opcode - Bytecodes::_aload_0;
 932           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 933           no_control_flow = false; break;
 934           }
 935         case Bytecodes::_iaload :
 936           type = current_frame.pop_stack(
 937             VerificationType::integer_type(), CHECK_VERIFY(this));
 938           atype = current_frame.pop_stack(
 939             VerificationType::reference_check(), CHECK_VERIFY(this));
 940           if (!atype.is_int_array()) {
 941             verify_error(ErrorContext::bad_type(bci,
 942                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 943                 bad_type_msg, "iaload");
 944             return;
 945           }
 946           current_frame.push_stack(
 947             VerificationType::integer_type(), CHECK_VERIFY(this));
 948           no_control_flow = false; break;
 949         case Bytecodes::_baload :
 950           type = current_frame.pop_stack(
 951             VerificationType::integer_type(), CHECK_VERIFY(this));
 952           atype = current_frame.pop_stack(
 953             VerificationType::reference_check(), CHECK_VERIFY(this));
 954           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 955             verify_error(
 956                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 957                 bad_type_msg, "baload");
 958             return;
 959           }
 960           current_frame.push_stack(
 961             VerificationType::integer_type(), CHECK_VERIFY(this));
 962           no_control_flow = false; break;
 963         case Bytecodes::_caload :
 964           type = current_frame.pop_stack(
 965             VerificationType::integer_type(), CHECK_VERIFY(this));
 966           atype = current_frame.pop_stack(
 967             VerificationType::reference_check(), CHECK_VERIFY(this));
 968           if (!atype.is_char_array()) {
 969             verify_error(ErrorContext::bad_type(bci,
 970                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 971                 bad_type_msg, "caload");
 972             return;
 973           }
 974           current_frame.push_stack(
 975             VerificationType::integer_type(), CHECK_VERIFY(this));
 976           no_control_flow = false; break;
 977         case Bytecodes::_saload :
 978           type = current_frame.pop_stack(
 979             VerificationType::integer_type(), CHECK_VERIFY(this));
 980           atype = current_frame.pop_stack(
 981             VerificationType::reference_check(), CHECK_VERIFY(this));
 982           if (!atype.is_short_array()) {
 983             verify_error(ErrorContext::bad_type(bci,
 984                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 985                 bad_type_msg, "saload");
 986             return;
 987           }
 988           current_frame.push_stack(
 989             VerificationType::integer_type(), CHECK_VERIFY(this));
 990           no_control_flow = false; break;
 991         case Bytecodes::_laload :
 992           type = current_frame.pop_stack(
 993             VerificationType::integer_type(), CHECK_VERIFY(this));
 994           atype = current_frame.pop_stack(
 995             VerificationType::reference_check(), CHECK_VERIFY(this));
 996           if (!atype.is_long_array()) {
 997             verify_error(ErrorContext::bad_type(bci,
 998                 current_frame.stack_top_ctx(), ref_ctx("[J")),
 999                 bad_type_msg, "laload");
1000             return;
1001           }
1002           current_frame.push_stack_2(
1003             VerificationType::long_type(),
1004             VerificationType::long2_type(), CHECK_VERIFY(this));
1005           no_control_flow = false; break;
1006         case Bytecodes::_faload :
1007           type = current_frame.pop_stack(
1008             VerificationType::integer_type(), CHECK_VERIFY(this));
1009           atype = current_frame.pop_stack(
1010             VerificationType::reference_check(), CHECK_VERIFY(this));
1011           if (!atype.is_float_array()) {
1012             verify_error(ErrorContext::bad_type(bci,
1013                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1014                 bad_type_msg, "faload");
1015             return;
1016           }
1017           current_frame.push_stack(
1018             VerificationType::float_type(), CHECK_VERIFY(this));
1019           no_control_flow = false; break;
1020         case Bytecodes::_daload :
1021           type = current_frame.pop_stack(
1022             VerificationType::integer_type(), CHECK_VERIFY(this));
1023           atype = current_frame.pop_stack(
1024             VerificationType::reference_check(), CHECK_VERIFY(this));
1025           if (!atype.is_double_array()) {
1026             verify_error(ErrorContext::bad_type(bci,
1027                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1028                 bad_type_msg, "daload");
1029             return;
1030           }
1031           current_frame.push_stack_2(
1032             VerificationType::double_type(),
1033             VerificationType::double2_type(), CHECK_VERIFY(this));
1034           no_control_flow = false; break;
1035         case Bytecodes::_aaload : {
1036           type = current_frame.pop_stack(
1037             VerificationType::integer_type(), CHECK_VERIFY(this));
1038           atype = current_frame.pop_stack(
1039             VerificationType::reference_check(), CHECK_VERIFY(this));
1040           if (!atype.is_reference_array()) {
1041             verify_error(ErrorContext::bad_type(bci,
1042                 current_frame.stack_top_ctx(),
1043                 TypeOrigin::implicit(VerificationType::reference_check())),
1044                 bad_type_msg, "aaload");
1045             return;
1046           }
1047           if (atype.is_null()) {
1048             current_frame.push_stack(
1049               VerificationType::null_type(), CHECK_VERIFY(this));
1050           } else {
1051             VerificationType component = atype.get_component(this);
1052             current_frame.push_stack(component, CHECK_VERIFY(this));
1053           }
1054           no_control_flow = false; break;
1055         }
1056         case Bytecodes::_istore :
1057           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1058           no_control_flow = false; break;
1059         case Bytecodes::_istore_0 :
1060         case Bytecodes::_istore_1 :
1061         case Bytecodes::_istore_2 :
1062         case Bytecodes::_istore_3 : {
1063           int index = opcode - Bytecodes::_istore_0;
1064           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1065           no_control_flow = false; break;
1066           }
1067         case Bytecodes::_lstore :
1068           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1069           no_control_flow = false; break;
1070         case Bytecodes::_lstore_0 :
1071         case Bytecodes::_lstore_1 :
1072         case Bytecodes::_lstore_2 :
1073         case Bytecodes::_lstore_3 : {
1074           int index = opcode - Bytecodes::_lstore_0;
1075           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1076           no_control_flow = false; break;
1077           }
1078         case Bytecodes::_fstore :
1079           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1080           no_control_flow = false; break;
1081         case Bytecodes::_fstore_0 :
1082         case Bytecodes::_fstore_1 :
1083         case Bytecodes::_fstore_2 :
1084         case Bytecodes::_fstore_3 : {
1085           int index = opcode - Bytecodes::_fstore_0;
1086           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1087           no_control_flow = false; break;
1088           }
1089         case Bytecodes::_dstore :
1090           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1091           no_control_flow = false; break;
1092         case Bytecodes::_dstore_0 :
1093         case Bytecodes::_dstore_1 :
1094         case Bytecodes::_dstore_2 :
1095         case Bytecodes::_dstore_3 : {
1096           int index = opcode - Bytecodes::_dstore_0;
1097           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1098           no_control_flow = false; break;
1099           }
1100         case Bytecodes::_astore :
1101           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1102           no_control_flow = false; break;
1103         case Bytecodes::_astore_0 :
1104         case Bytecodes::_astore_1 :
1105         case Bytecodes::_astore_2 :
1106         case Bytecodes::_astore_3 : {
1107           int index = opcode - Bytecodes::_astore_0;
1108           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1109           no_control_flow = false; break;
1110           }
1111         case Bytecodes::_iastore :
1112           type = current_frame.pop_stack(
1113             VerificationType::integer_type(), CHECK_VERIFY(this));
1114           type2 = current_frame.pop_stack(
1115             VerificationType::integer_type(), CHECK_VERIFY(this));
1116           atype = current_frame.pop_stack(
1117             VerificationType::reference_check(), CHECK_VERIFY(this));
1118           if (!atype.is_int_array()) {
1119             verify_error(ErrorContext::bad_type(bci,
1120                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1121                 bad_type_msg, "iastore");
1122             return;
1123           }
1124           no_control_flow = false; break;
1125         case Bytecodes::_bastore :
1126           type = current_frame.pop_stack(
1127             VerificationType::integer_type(), CHECK_VERIFY(this));
1128           type2 = current_frame.pop_stack(
1129             VerificationType::integer_type(), CHECK_VERIFY(this));
1130           atype = current_frame.pop_stack(
1131             VerificationType::reference_check(), CHECK_VERIFY(this));
1132           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1133             verify_error(
1134                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1135                 bad_type_msg, "bastore");
1136             return;
1137           }
1138           no_control_flow = false; break;
1139         case Bytecodes::_castore :
1140           current_frame.pop_stack(
1141             VerificationType::integer_type(), CHECK_VERIFY(this));
1142           current_frame.pop_stack(
1143             VerificationType::integer_type(), CHECK_VERIFY(this));
1144           atype = current_frame.pop_stack(
1145             VerificationType::reference_check(), CHECK_VERIFY(this));
1146           if (!atype.is_char_array()) {
1147             verify_error(ErrorContext::bad_type(bci,
1148                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1149                 bad_type_msg, "castore");
1150             return;
1151           }
1152           no_control_flow = false; break;
1153         case Bytecodes::_sastore :
1154           current_frame.pop_stack(
1155             VerificationType::integer_type(), CHECK_VERIFY(this));
1156           current_frame.pop_stack(
1157             VerificationType::integer_type(), CHECK_VERIFY(this));
1158           atype = current_frame.pop_stack(
1159             VerificationType::reference_check(), CHECK_VERIFY(this));
1160           if (!atype.is_short_array()) {
1161             verify_error(ErrorContext::bad_type(bci,
1162                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1163                 bad_type_msg, "sastore");
1164             return;
1165           }
1166           no_control_flow = false; break;
1167         case Bytecodes::_lastore :
1168           current_frame.pop_stack_2(
1169             VerificationType::long2_type(),
1170             VerificationType::long_type(), CHECK_VERIFY(this));
1171           current_frame.pop_stack(
1172             VerificationType::integer_type(), CHECK_VERIFY(this));
1173           atype = current_frame.pop_stack(
1174             VerificationType::reference_check(), CHECK_VERIFY(this));
1175           if (!atype.is_long_array()) {
1176             verify_error(ErrorContext::bad_type(bci,
1177                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1178                 bad_type_msg, "lastore");
1179             return;
1180           }
1181           no_control_flow = false; break;
1182         case Bytecodes::_fastore :
1183           current_frame.pop_stack(
1184             VerificationType::float_type(), CHECK_VERIFY(this));
1185           current_frame.pop_stack
1186             (VerificationType::integer_type(), CHECK_VERIFY(this));
1187           atype = current_frame.pop_stack(
1188             VerificationType::reference_check(), CHECK_VERIFY(this));
1189           if (!atype.is_float_array()) {
1190             verify_error(ErrorContext::bad_type(bci,
1191                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1192                 bad_type_msg, "fastore");
1193             return;
1194           }
1195           no_control_flow = false; break;
1196         case Bytecodes::_dastore :
1197           current_frame.pop_stack_2(
1198             VerificationType::double2_type(),
1199             VerificationType::double_type(), CHECK_VERIFY(this));
1200           current_frame.pop_stack(
1201             VerificationType::integer_type(), CHECK_VERIFY(this));
1202           atype = current_frame.pop_stack(
1203             VerificationType::reference_check(), CHECK_VERIFY(this));
1204           if (!atype.is_double_array()) {
1205             verify_error(ErrorContext::bad_type(bci,
1206                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1207                 bad_type_msg, "dastore");
1208             return;
1209           }
1210           no_control_flow = false; break;
1211         case Bytecodes::_aastore :
1212           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1213           type2 = current_frame.pop_stack(
1214             VerificationType::integer_type(), CHECK_VERIFY(this));
1215           atype = current_frame.pop_stack(
1216             VerificationType::reference_check(), CHECK_VERIFY(this));
1217           // more type-checking is done at runtime
1218           if (!atype.is_reference_array()) {
1219             verify_error(ErrorContext::bad_type(bci,
1220                 current_frame.stack_top_ctx(),
1221                 TypeOrigin::implicit(VerificationType::reference_check())),
1222                 bad_type_msg, "aastore");
1223             return;
1224           }
1225           // 4938384: relaxed constraint in JVMS 3rd edition.
1226           no_control_flow = false; break;
1227         case Bytecodes::_pop :
1228           current_frame.pop_stack(
1229             VerificationType::category1_check(), CHECK_VERIFY(this));
1230           no_control_flow = false; break;
1231         case Bytecodes::_pop2 :
1232           type = current_frame.pop_stack(CHECK_VERIFY(this));
1233           if (type.is_category1()) {
1234             current_frame.pop_stack(
1235               VerificationType::category1_check(), CHECK_VERIFY(this));
1236           } else if (type.is_category2_2nd()) {
1237             current_frame.pop_stack(
1238               VerificationType::category2_check(), CHECK_VERIFY(this));
1239           } else {
1240             /* Unreachable? Would need a category2_1st on TOS
1241              * which does not appear possible. */
1242             verify_error(
1243                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1244                 bad_type_msg, "pop2");
1245             return;
1246           }
1247           no_control_flow = false; break;
1248         case Bytecodes::_dup :
1249           type = current_frame.pop_stack(
1250             VerificationType::category1_check(), CHECK_VERIFY(this));
1251           current_frame.push_stack(type, CHECK_VERIFY(this));
1252           current_frame.push_stack(type, CHECK_VERIFY(this));
1253           no_control_flow = false; break;
1254         case Bytecodes::_dup_x1 :
1255           type = current_frame.pop_stack(
1256             VerificationType::category1_check(), CHECK_VERIFY(this));
1257           type2 = current_frame.pop_stack(
1258             VerificationType::category1_check(), CHECK_VERIFY(this));
1259           current_frame.push_stack(type, CHECK_VERIFY(this));
1260           current_frame.push_stack(type2, CHECK_VERIFY(this));
1261           current_frame.push_stack(type, CHECK_VERIFY(this));
1262           no_control_flow = false; break;
1263         case Bytecodes::_dup_x2 :
1264         {
1265           VerificationType type3;
1266           type = current_frame.pop_stack(
1267             VerificationType::category1_check(), CHECK_VERIFY(this));
1268           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1269           if (type2.is_category1()) {
1270             type3 = current_frame.pop_stack(
1271               VerificationType::category1_check(), CHECK_VERIFY(this));
1272           } else if (type2.is_category2_2nd()) {
1273             type3 = current_frame.pop_stack(
1274               VerificationType::category2_check(), CHECK_VERIFY(this));
1275           } else {
1276             /* Unreachable? Would need a category2_1st at stack depth 2 with
1277              * a category1 on TOS which does not appear possible. */
1278             verify_error(ErrorContext::bad_type(
1279                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1280             return;
1281           }
1282           current_frame.push_stack(type, CHECK_VERIFY(this));
1283           current_frame.push_stack(type3, CHECK_VERIFY(this));
1284           current_frame.push_stack(type2, CHECK_VERIFY(this));
1285           current_frame.push_stack(type, CHECK_VERIFY(this));
1286           no_control_flow = false; break;
1287         }
1288         case Bytecodes::_dup2 :
1289           type = current_frame.pop_stack(CHECK_VERIFY(this));
1290           if (type.is_category1()) {
1291             type2 = current_frame.pop_stack(
1292               VerificationType::category1_check(), CHECK_VERIFY(this));
1293           } else if (type.is_category2_2nd()) {
1294             type2 = current_frame.pop_stack(
1295               VerificationType::category2_check(), CHECK_VERIFY(this));
1296           } else {
1297             /* Unreachable?  Would need a category2_1st on TOS which does not
1298              * appear possible. */
1299             verify_error(
1300                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1301                 bad_type_msg, "dup2");
1302             return;
1303           }
1304           current_frame.push_stack(type2, CHECK_VERIFY(this));
1305           current_frame.push_stack(type, CHECK_VERIFY(this));
1306           current_frame.push_stack(type2, CHECK_VERIFY(this));
1307           current_frame.push_stack(type, CHECK_VERIFY(this));
1308           no_control_flow = false; break;
1309         case Bytecodes::_dup2_x1 :
1310         {
1311           VerificationType type3;
1312           type = current_frame.pop_stack(CHECK_VERIFY(this));
1313           if (type.is_category1()) {
1314             type2 = current_frame.pop_stack(
1315               VerificationType::category1_check(), CHECK_VERIFY(this));
1316           } else if (type.is_category2_2nd()) {
1317             type2 = current_frame.pop_stack(
1318               VerificationType::category2_check(), CHECK_VERIFY(this));
1319           } else {
1320             /* Unreachable?  Would need a category2_1st on TOS which does
1321              * not appear possible. */
1322             verify_error(
1323                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1324                 bad_type_msg, "dup2_x1");
1325             return;
1326           }
1327           type3 = current_frame.pop_stack(
1328             VerificationType::category1_check(), CHECK_VERIFY(this));
1329           current_frame.push_stack(type2, CHECK_VERIFY(this));
1330           current_frame.push_stack(type, CHECK_VERIFY(this));
1331           current_frame.push_stack(type3, CHECK_VERIFY(this));
1332           current_frame.push_stack(type2, CHECK_VERIFY(this));
1333           current_frame.push_stack(type, CHECK_VERIFY(this));
1334           no_control_flow = false; break;
1335         }
1336         case Bytecodes::_dup2_x2 :
1337         {
1338           VerificationType type3, type4;
1339           type = current_frame.pop_stack(CHECK_VERIFY(this));
1340           if (type.is_category1()) {
1341             type2 = current_frame.pop_stack(
1342               VerificationType::category1_check(), CHECK_VERIFY(this));
1343           } else if (type.is_category2_2nd()) {
1344             type2 = current_frame.pop_stack(
1345               VerificationType::category2_check(), CHECK_VERIFY(this));
1346           } else {
1347             /* Unreachable?  Would need a category2_1st on TOS which does
1348              * not appear possible. */
1349             verify_error(
1350                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1351                 bad_type_msg, "dup2_x2");
1352             return;
1353           }
1354           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1355           if (type3.is_category1()) {
1356             type4 = current_frame.pop_stack(
1357               VerificationType::category1_check(), CHECK_VERIFY(this));
1358           } else if (type3.is_category2_2nd()) {
1359             type4 = current_frame.pop_stack(
1360               VerificationType::category2_check(), CHECK_VERIFY(this));
1361           } else {
1362             /* Unreachable?  Would need a category2_1st on TOS after popping
1363              * a long/double or two category 1's, which does not
1364              * appear possible. */
1365             verify_error(
1366                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1367                 bad_type_msg, "dup2_x2");
1368             return;
1369           }
1370           current_frame.push_stack(type2, CHECK_VERIFY(this));
1371           current_frame.push_stack(type, CHECK_VERIFY(this));
1372           current_frame.push_stack(type4, CHECK_VERIFY(this));
1373           current_frame.push_stack(type3, CHECK_VERIFY(this));
1374           current_frame.push_stack(type2, CHECK_VERIFY(this));
1375           current_frame.push_stack(type, CHECK_VERIFY(this));
1376           no_control_flow = false; break;
1377         }
1378         case Bytecodes::_swap :
1379           type = current_frame.pop_stack(
1380             VerificationType::category1_check(), CHECK_VERIFY(this));
1381           type2 = current_frame.pop_stack(
1382             VerificationType::category1_check(), CHECK_VERIFY(this));
1383           current_frame.push_stack(type, CHECK_VERIFY(this));
1384           current_frame.push_stack(type2, CHECK_VERIFY(this));
1385           no_control_flow = false; break;
1386         case Bytecodes::_iadd :
1387         case Bytecodes::_isub :
1388         case Bytecodes::_imul :
1389         case Bytecodes::_idiv :
1390         case Bytecodes::_irem :
1391         case Bytecodes::_ishl :
1392         case Bytecodes::_ishr :
1393         case Bytecodes::_iushr :
1394         case Bytecodes::_ior :
1395         case Bytecodes::_ixor :
1396         case Bytecodes::_iand :
1397           current_frame.pop_stack(
1398             VerificationType::integer_type(), CHECK_VERIFY(this));
1399           // fall through
1400         case Bytecodes::_ineg :
1401           current_frame.pop_stack(
1402             VerificationType::integer_type(), CHECK_VERIFY(this));
1403           current_frame.push_stack(
1404             VerificationType::integer_type(), CHECK_VERIFY(this));
1405           no_control_flow = false; break;
1406         case Bytecodes::_ladd :
1407         case Bytecodes::_lsub :
1408         case Bytecodes::_lmul :
1409         case Bytecodes::_ldiv :
1410         case Bytecodes::_lrem :
1411         case Bytecodes::_land :
1412         case Bytecodes::_lor :
1413         case Bytecodes::_lxor :
1414           current_frame.pop_stack_2(
1415             VerificationType::long2_type(),
1416             VerificationType::long_type(), CHECK_VERIFY(this));
1417           // fall through
1418         case Bytecodes::_lneg :
1419           current_frame.pop_stack_2(
1420             VerificationType::long2_type(),
1421             VerificationType::long_type(), CHECK_VERIFY(this));
1422           current_frame.push_stack_2(
1423             VerificationType::long_type(),
1424             VerificationType::long2_type(), CHECK_VERIFY(this));
1425           no_control_flow = false; break;
1426         case Bytecodes::_lshl :
1427         case Bytecodes::_lshr :
1428         case Bytecodes::_lushr :
1429           current_frame.pop_stack(
1430             VerificationType::integer_type(), CHECK_VERIFY(this));
1431           current_frame.pop_stack_2(
1432             VerificationType::long2_type(),
1433             VerificationType::long_type(), CHECK_VERIFY(this));
1434           current_frame.push_stack_2(
1435             VerificationType::long_type(),
1436             VerificationType::long2_type(), CHECK_VERIFY(this));
1437           no_control_flow = false; break;
1438         case Bytecodes::_fadd :
1439         case Bytecodes::_fsub :
1440         case Bytecodes::_fmul :
1441         case Bytecodes::_fdiv :
1442         case Bytecodes::_frem :
1443           current_frame.pop_stack(
1444             VerificationType::float_type(), CHECK_VERIFY(this));
1445           // fall through
1446         case Bytecodes::_fneg :
1447           current_frame.pop_stack(
1448             VerificationType::float_type(), CHECK_VERIFY(this));
1449           current_frame.push_stack(
1450             VerificationType::float_type(), CHECK_VERIFY(this));
1451           no_control_flow = false; break;
1452         case Bytecodes::_dadd :
1453         case Bytecodes::_dsub :
1454         case Bytecodes::_dmul :
1455         case Bytecodes::_ddiv :
1456         case Bytecodes::_drem :
1457           current_frame.pop_stack_2(
1458             VerificationType::double2_type(),
1459             VerificationType::double_type(), CHECK_VERIFY(this));
1460           // fall through
1461         case Bytecodes::_dneg :
1462           current_frame.pop_stack_2(
1463             VerificationType::double2_type(),
1464             VerificationType::double_type(), CHECK_VERIFY(this));
1465           current_frame.push_stack_2(
1466             VerificationType::double_type(),
1467             VerificationType::double2_type(), CHECK_VERIFY(this));
1468           no_control_flow = false; break;
1469         case Bytecodes::_iinc :
1470           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1471           no_control_flow = false; break;
1472         case Bytecodes::_i2l :
1473           type = current_frame.pop_stack(
1474             VerificationType::integer_type(), CHECK_VERIFY(this));
1475           current_frame.push_stack_2(
1476             VerificationType::long_type(),
1477             VerificationType::long2_type(), CHECK_VERIFY(this));
1478           no_control_flow = false; break;
1479        case Bytecodes::_l2i :
1480           current_frame.pop_stack_2(
1481             VerificationType::long2_type(),
1482             VerificationType::long_type(), CHECK_VERIFY(this));
1483           current_frame.push_stack(
1484             VerificationType::integer_type(), CHECK_VERIFY(this));
1485           no_control_flow = false; break;
1486         case Bytecodes::_i2f :
1487           current_frame.pop_stack(
1488             VerificationType::integer_type(), CHECK_VERIFY(this));
1489           current_frame.push_stack(
1490             VerificationType::float_type(), CHECK_VERIFY(this));
1491           no_control_flow = false; break;
1492         case Bytecodes::_i2d :
1493           current_frame.pop_stack(
1494             VerificationType::integer_type(), CHECK_VERIFY(this));
1495           current_frame.push_stack_2(
1496             VerificationType::double_type(),
1497             VerificationType::double2_type(), CHECK_VERIFY(this));
1498           no_control_flow = false; break;
1499         case Bytecodes::_l2f :
1500           current_frame.pop_stack_2(
1501             VerificationType::long2_type(),
1502             VerificationType::long_type(), CHECK_VERIFY(this));
1503           current_frame.push_stack(
1504             VerificationType::float_type(), CHECK_VERIFY(this));
1505           no_control_flow = false; break;
1506         case Bytecodes::_l2d :
1507           current_frame.pop_stack_2(
1508             VerificationType::long2_type(),
1509             VerificationType::long_type(), CHECK_VERIFY(this));
1510           current_frame.push_stack_2(
1511             VerificationType::double_type(),
1512             VerificationType::double2_type(), CHECK_VERIFY(this));
1513           no_control_flow = false; break;
1514         case Bytecodes::_f2i :
1515           current_frame.pop_stack(
1516             VerificationType::float_type(), CHECK_VERIFY(this));
1517           current_frame.push_stack(
1518             VerificationType::integer_type(), CHECK_VERIFY(this));
1519           no_control_flow = false; break;
1520         case Bytecodes::_f2l :
1521           current_frame.pop_stack(
1522             VerificationType::float_type(), CHECK_VERIFY(this));
1523           current_frame.push_stack_2(
1524             VerificationType::long_type(),
1525             VerificationType::long2_type(), CHECK_VERIFY(this));
1526           no_control_flow = false; break;
1527         case Bytecodes::_f2d :
1528           current_frame.pop_stack(
1529             VerificationType::float_type(), CHECK_VERIFY(this));
1530           current_frame.push_stack_2(
1531             VerificationType::double_type(),
1532             VerificationType::double2_type(), CHECK_VERIFY(this));
1533           no_control_flow = false; break;
1534         case Bytecodes::_d2i :
1535           current_frame.pop_stack_2(
1536             VerificationType::double2_type(),
1537             VerificationType::double_type(), CHECK_VERIFY(this));
1538           current_frame.push_stack(
1539             VerificationType::integer_type(), CHECK_VERIFY(this));
1540           no_control_flow = false; break;
1541         case Bytecodes::_d2l :
1542           current_frame.pop_stack_2(
1543             VerificationType::double2_type(),
1544             VerificationType::double_type(), CHECK_VERIFY(this));
1545           current_frame.push_stack_2(
1546             VerificationType::long_type(),
1547             VerificationType::long2_type(), CHECK_VERIFY(this));
1548           no_control_flow = false; break;
1549         case Bytecodes::_d2f :
1550           current_frame.pop_stack_2(
1551             VerificationType::double2_type(),
1552             VerificationType::double_type(), CHECK_VERIFY(this));
1553           current_frame.push_stack(
1554             VerificationType::float_type(), CHECK_VERIFY(this));
1555           no_control_flow = false; break;
1556         case Bytecodes::_i2b :
1557         case Bytecodes::_i2c :
1558         case Bytecodes::_i2s :
1559           current_frame.pop_stack(
1560             VerificationType::integer_type(), CHECK_VERIFY(this));
1561           current_frame.push_stack(
1562             VerificationType::integer_type(), CHECK_VERIFY(this));
1563           no_control_flow = false; break;
1564         case Bytecodes::_lcmp :
1565           current_frame.pop_stack_2(
1566             VerificationType::long2_type(),
1567             VerificationType::long_type(), CHECK_VERIFY(this));
1568           current_frame.pop_stack_2(
1569             VerificationType::long2_type(),
1570             VerificationType::long_type(), CHECK_VERIFY(this));
1571           current_frame.push_stack(
1572             VerificationType::integer_type(), CHECK_VERIFY(this));
1573           no_control_flow = false; break;
1574         case Bytecodes::_fcmpl :
1575         case Bytecodes::_fcmpg :
1576           current_frame.pop_stack(
1577             VerificationType::float_type(), CHECK_VERIFY(this));
1578           current_frame.pop_stack(
1579             VerificationType::float_type(), CHECK_VERIFY(this));
1580           current_frame.push_stack(
1581             VerificationType::integer_type(), CHECK_VERIFY(this));
1582           no_control_flow = false; break;
1583         case Bytecodes::_dcmpl :
1584         case Bytecodes::_dcmpg :
1585           current_frame.pop_stack_2(
1586             VerificationType::double2_type(),
1587             VerificationType::double_type(), CHECK_VERIFY(this));
1588           current_frame.pop_stack_2(
1589             VerificationType::double2_type(),
1590             VerificationType::double_type(), CHECK_VERIFY(this));
1591           current_frame.push_stack(
1592             VerificationType::integer_type(), CHECK_VERIFY(this));
1593           no_control_flow = false; break;
1594         case Bytecodes::_if_icmpeq:
1595         case Bytecodes::_if_icmpne:
1596         case Bytecodes::_if_icmplt:
1597         case Bytecodes::_if_icmpge:
1598         case Bytecodes::_if_icmpgt:
1599         case Bytecodes::_if_icmple:
1600           current_frame.pop_stack(
1601             VerificationType::integer_type(), CHECK_VERIFY(this));
1602           // fall through
1603         case Bytecodes::_ifeq:
1604         case Bytecodes::_ifne:
1605         case Bytecodes::_iflt:
1606         case Bytecodes::_ifge:
1607         case Bytecodes::_ifgt:
1608         case Bytecodes::_ifle:
1609           current_frame.pop_stack(
1610             VerificationType::integer_type(), CHECK_VERIFY(this));
1611           target = bcs.dest();
1612           stackmap_table.check_jump_target(
1613             &current_frame, target, CHECK_VERIFY(this));
1614           no_control_flow = false; break;
1615         case Bytecodes::_if_acmpeq :
1616         case Bytecodes::_if_acmpne :
1617           current_frame.pop_stack(
1618             VerificationType::reference_check(), CHECK_VERIFY(this));
1619           // fall through
1620         case Bytecodes::_ifnull :
1621         case Bytecodes::_ifnonnull :
1622           current_frame.pop_stack(
1623             VerificationType::reference_check(), CHECK_VERIFY(this));
1624           target = bcs.dest();
1625           stackmap_table.check_jump_target
1626             (&current_frame, target, CHECK_VERIFY(this));
1627           no_control_flow = false; break;
1628         case Bytecodes::_goto :
1629           target = bcs.dest();
1630           stackmap_table.check_jump_target(
1631             &current_frame, target, CHECK_VERIFY(this));
1632           no_control_flow = true; break;
1633         case Bytecodes::_goto_w :
1634           target = bcs.dest_w();
1635           stackmap_table.check_jump_target(
1636             &current_frame, target, CHECK_VERIFY(this));
1637           no_control_flow = true; break;
1638         case Bytecodes::_tableswitch :
1639         case Bytecodes::_lookupswitch :
1640           verify_switch(
1641             &bcs, code_length, code_data, &current_frame,
1642             &stackmap_table, CHECK_VERIFY(this));
1643           no_control_flow = true; break;
1644         case Bytecodes::_ireturn :
1645           type = current_frame.pop_stack(
1646             VerificationType::integer_type(), CHECK_VERIFY(this));
1647           verify_return_value(return_type, type, bci,
1648                               &current_frame, CHECK_VERIFY(this));
1649           no_control_flow = true; break;
1650         case Bytecodes::_lreturn :
1651           type2 = current_frame.pop_stack(
1652             VerificationType::long2_type(), CHECK_VERIFY(this));
1653           type = current_frame.pop_stack(
1654             VerificationType::long_type(), CHECK_VERIFY(this));
1655           verify_return_value(return_type, type, bci,
1656                               &current_frame, CHECK_VERIFY(this));
1657           no_control_flow = true; break;
1658         case Bytecodes::_freturn :
1659           type = current_frame.pop_stack(
1660             VerificationType::float_type(), CHECK_VERIFY(this));
1661           verify_return_value(return_type, type, bci,
1662                               &current_frame, CHECK_VERIFY(this));
1663           no_control_flow = true; break;
1664         case Bytecodes::_dreturn :
1665           type2 = current_frame.pop_stack(
1666             VerificationType::double2_type(),  CHECK_VERIFY(this));
1667           type = current_frame.pop_stack(
1668             VerificationType::double_type(), CHECK_VERIFY(this));
1669           verify_return_value(return_type, type, bci,
1670                               &current_frame, CHECK_VERIFY(this));
1671           no_control_flow = true; break;
1672         case Bytecodes::_areturn :
1673           type = current_frame.pop_stack(
1674             VerificationType::reference_check(), CHECK_VERIFY(this));
1675           verify_return_value(return_type, type, bci,
1676                               &current_frame, CHECK_VERIFY(this));
1677           no_control_flow = true; break;
1678         case Bytecodes::_return :
1679           if (return_type != VerificationType::bogus_type()) {
1680             verify_error(ErrorContext::bad_code(bci),
1681                          "Method expects a return value");
1682             return;
1683           }
1684           // Make sure "this" has been initialized if current method is an
1685           // <init>.
1686           if (_method->name() == vmSymbols::object_initializer_name() &&
1687               current_frame.flag_this_uninit()) {
1688             verify_error(ErrorContext::bad_code(bci),
1689                          "Constructor must call super() or this() "
1690                          "before return");
1691             return;
1692           }
1693           no_control_flow = true; break;
1694         case Bytecodes::_getstatic :
1695         case Bytecodes::_putstatic :
1696           // pass TRUE, operand can be an array type for getstatic/putstatic.
1697           verify_field_instructions(
1698             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1699           no_control_flow = false; break;
1700         case Bytecodes::_getfield :
1701         case Bytecodes::_putfield :
1702           // pass FALSE, operand can't be an array type for getfield/putfield.
1703           verify_field_instructions(
1704             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1705           no_control_flow = false; break;
1706         case Bytecodes::_invokevirtual :
1707         case Bytecodes::_invokespecial :
1708         case Bytecodes::_invokestatic :
1709           verify_invoke_instructions(
1710             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1711             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1712           no_control_flow = false; break;
1713         case Bytecodes::_invokeinterface :
1714         case Bytecodes::_invokedynamic :
1715           verify_invoke_instructions(
1716             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1717             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1718           no_control_flow = false; break;
1719         case Bytecodes::_new :
1720         {
1721           u2 index = bcs.get_index_u2();
1722           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1723           VerificationType new_class_type =
1724             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1725           if (!new_class_type.is_object()) {
1726             verify_error(ErrorContext::bad_type(bci,
1727                 TypeOrigin::cp(index, new_class_type)),
1728                 "Illegal new instruction");
1729             return;
1730           }
1731           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1732           current_frame.push_stack(type, CHECK_VERIFY(this));
1733           no_control_flow = false; break;
1734         }
1735         case Bytecodes::_newarray :
1736           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1737           current_frame.pop_stack(
1738             VerificationType::integer_type(),  CHECK_VERIFY(this));
1739           current_frame.push_stack(type, CHECK_VERIFY(this));
1740           no_control_flow = false; break;
1741         case Bytecodes::_anewarray :
1742           verify_anewarray(
1743             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1744           no_control_flow = false; break;
1745         case Bytecodes::_arraylength :
1746           type = current_frame.pop_stack(
1747             VerificationType::reference_check(), CHECK_VERIFY(this));
1748           if (!(type.is_null() || type.is_array())) {
1749             verify_error(ErrorContext::bad_type(
1750                 bci, current_frame.stack_top_ctx()),
1751                 bad_type_msg, "arraylength");
1752           }
1753           current_frame.push_stack(
1754             VerificationType::integer_type(), CHECK_VERIFY(this));
1755           no_control_flow = false; break;
1756         case Bytecodes::_checkcast :
1757         {
1758           u2 index = bcs.get_index_u2();
1759           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1760           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1761           VerificationType klass_type = cp_index_to_type(
1762             index, cp, CHECK_VERIFY(this));
1763           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1764           no_control_flow = false; break;
1765         }
1766         case Bytecodes::_instanceof : {
1767           u2 index = bcs.get_index_u2();
1768           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1769           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1770           current_frame.push_stack(
1771             VerificationType::integer_type(), CHECK_VERIFY(this));
1772           no_control_flow = false; break;
1773         }
1774         case Bytecodes::_monitorenter :
1775         case Bytecodes::_monitorexit :
1776           current_frame.pop_stack(
1777             VerificationType::reference_check(), CHECK_VERIFY(this));
1778           no_control_flow = false; break;
1779         case Bytecodes::_multianewarray :
1780         {
1781           u2 index = bcs.get_index_u2();
1782           u2 dim = *(bcs.bcp()+3);
1783           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784           VerificationType new_array_type =
1785             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1786           if (!new_array_type.is_array()) {
1787             verify_error(ErrorContext::bad_type(bci,
1788                 TypeOrigin::cp(index, new_array_type)),
1789                 "Illegal constant pool index in multianewarray instruction");
1790             return;
1791           }
1792           if (dim < 1 || new_array_type.dimensions() < dim) {
1793             verify_error(ErrorContext::bad_code(bci),
1794                 "Illegal dimension in multianewarray instruction: %d", dim);
1795             return;
1796           }
1797           for (int i = 0; i < dim; i++) {
1798             current_frame.pop_stack(
1799               VerificationType::integer_type(), CHECK_VERIFY(this));
1800           }
1801           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1802           no_control_flow = false; break;
1803         }
1804         case Bytecodes::_athrow :
1805           type = VerificationType::reference_type(
1806             vmSymbols::java_lang_Throwable());
1807           current_frame.pop_stack(type, CHECK_VERIFY(this));
1808           no_control_flow = true; break;
1809         default:
1810           // We only need to check the valid bytecodes in class file.
1811           // And jsr and ret are not in the new class file format in JDK1.6.
1812           verify_error(ErrorContext::bad_code(bci),
1813               "Bad instruction: %02x", opcode);
1814           no_control_flow = false;
1815           return;
1816       }  // end switch
1817     }  // end Merge with the next instruction
1818 
1819     // Look for possible jump target in exception handlers and see if it matches
1820     // current_frame.  Don't do this check if it has already been done (for
1821     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1822     // opcodes, such as invokespecial, may set the this_uninit flag.
1823     assert(!(verified_exc_handlers && this_uninit),
1824       "Exception handler targets got verified before this_uninit got set");
1825     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1826       if (was_recursively_verified()) return;
1827       verify_exception_handler_targets(
1828         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1829     }
1830   } // end while
1831 
1832   // Make sure that control flow does not fall through end of the method
1833   if (!no_control_flow) {
1834     verify_error(ErrorContext::bad_code(code_length),
1835         "Control flow falls through code end");
1836     return;
1837   }
1838 }
1839 
1840 #undef bad_type_message
1841 
1842 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1843   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1844   memset(code_data, 0, sizeof(char) * code_length);
1845   RawBytecodeStream bcs(m);
1846 
1847   while (!bcs.is_last_bytecode()) {
1848     if (bcs.raw_next() != Bytecodes::_illegal) {
1849       int bci = bcs.bci();
1850       if (bcs.raw_code() == Bytecodes::_new) {
1851         code_data[bci] = NEW_OFFSET;
1852       } else {
1853         code_data[bci] = BYTECODE_OFFSET;
1854       }
1855     } else {
1856       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1857       return nullptr;
1858     }
1859   }
1860 
1861   return code_data;
1862 }
1863 
1864 // Since this method references the constant pool, call was_recursively_verified()
1865 // before calling this method to make sure a prior class load did not cause the
1866 // current class to get verified.
1867 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1868   ExceptionTable exhandlers(_method());
1869   int exlength = exhandlers.length();
1870   constantPoolHandle cp (THREAD, _method->constants());
1871 
1872   for(int i = 0; i < exlength; i++) {
1873     u2 start_pc = exhandlers.start_pc(i);
1874     u2 end_pc = exhandlers.end_pc(i);
1875     u2 handler_pc = exhandlers.handler_pc(i);
1876     if (start_pc >= code_length || code_data[start_pc] == 0) {
1877       class_format_error("Illegal exception table start_pc %d", start_pc);
1878       return;
1879     }
1880     if (end_pc != code_length) {   // special case: end_pc == code_length
1881       if (end_pc > code_length || code_data[end_pc] == 0) {
1882         class_format_error("Illegal exception table end_pc %d", end_pc);
1883         return;
1884       }
1885     }
1886     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1887       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1888       return;
1889     }
1890     u2 catch_type_index = exhandlers.catch_type_index(i);
1891     if (catch_type_index != 0) {
1892       VerificationType catch_type = cp_index_to_type(
1893         catch_type_index, cp, CHECK_VERIFY(this));
1894       VerificationType throwable =
1895         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1896       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1897       // do that, and we need to avoid a runtime resolution in case we are trying to
1898       // catch OutOfMemoryError.
1899       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1900         cp->klass_at(catch_type_index, CHECK);
1901       }
1902       bool is_subclass = throwable.is_assignable_from(
1903         catch_type, this, false, CHECK_VERIFY(this));
1904       if (!is_subclass) {
1905         // 4286534: should throw VerifyError according to recent spec change
1906         verify_error(ErrorContext::bad_type(handler_pc,
1907             TypeOrigin::cp(catch_type_index, catch_type),
1908             TypeOrigin::implicit(throwable)),
1909             "Catch type is not a subclass "
1910             "of Throwable in exception handler %d", handler_pc);
1911         return;
1912       }
1913     }
1914     if (start_pc < min) min = start_pc;
1915     if (end_pc > max) max = end_pc;
1916   }
1917 }
1918 
1919 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1920   int localvariable_table_length = _method->localvariable_table_length();
1921   if (localvariable_table_length > 0) {
1922     LocalVariableTableElement* table = _method->localvariable_table_start();
1923     for (int i = 0; i < localvariable_table_length; i++) {
1924       u2 start_bci = table[i].start_bci;
1925       u2 length = table[i].length;
1926 
1927       if (start_bci >= code_length || code_data[start_bci] == 0) {
1928         class_format_error(
1929           "Illegal local variable table start_pc %d", start_bci);
1930         return;
1931       }
1932       u4 end_bci = (u4)(start_bci + length);
1933       if (end_bci != code_length) {
1934         if (end_bci >= code_length || code_data[end_bci] == 0) {
1935           class_format_error( "Illegal local variable table length %d", length);
1936           return;
1937         }
1938       }
1939     }
1940   }
1941 }
1942 
1943 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1944                                         StackMapFrame* current_frame,
1945                                         StackMapTable* stackmap_table,
1946                                         bool no_control_flow, TRAPS) {
1947   if (stackmap_index < stackmap_table->get_frame_count()) {
1948     int this_offset = stackmap_table->get_offset(stackmap_index);
1949     if (no_control_flow && this_offset > bci) {
1950       verify_error(ErrorContext::missing_stackmap(bci),
1951                    "Expecting a stack map frame");
1952       return 0;
1953     }
1954     if (this_offset == bci) {
1955       ErrorContext ctx;
1956       // See if current stack map can be assigned to the frame in table.
1957       // current_frame is the stackmap frame got from the last instruction.
1958       // If matched, current_frame will be updated by this method.
1959       bool matches = stackmap_table->match_stackmap(
1960         current_frame, this_offset, stackmap_index,
1961         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1962       if (!matches) {
1963         // report type error
1964         verify_error(ctx, "Instruction type does not match stack map");
1965         return 0;
1966       }
1967       stackmap_index++;
1968     } else if (this_offset < bci) {
1969       // current_offset should have met this_offset.
1970       class_format_error("Bad stack map offset %d", this_offset);
1971       return 0;
1972     }
1973   } else if (no_control_flow) {
1974     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1975     return 0;
1976   }
1977   return stackmap_index;
1978 }
1979 
1980 // Since this method references the constant pool, call was_recursively_verified()
1981 // before calling this method to make sure a prior class load did not cause the
1982 // current class to get verified.
1983 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1984                                                      StackMapFrame* current_frame,
1985                                                      StackMapTable* stackmap_table, TRAPS) {
1986   constantPoolHandle cp (THREAD, _method->constants());
1987   ExceptionTable exhandlers(_method());
1988   int exlength = exhandlers.length();
1989   for(int i = 0; i < exlength; i++) {
1990     u2 start_pc = exhandlers.start_pc(i);
1991     u2 end_pc = exhandlers.end_pc(i);
1992     u2 handler_pc = exhandlers.handler_pc(i);
1993     int catch_type_index = exhandlers.catch_type_index(i);
1994     if(bci >= start_pc && bci < end_pc) {
1995       u1 flags = current_frame->flags();
1996       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
1997       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1998       if (catch_type_index != 0) {
1999         if (was_recursively_verified()) return;
2000         // We know that this index refers to a subclass of Throwable
2001         VerificationType catch_type = cp_index_to_type(
2002           catch_type_index, cp, CHECK_VERIFY(this));
2003         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2004       } else {
2005         VerificationType throwable =
2006           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2007         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2008       }
2009       ErrorContext ctx;
2010       bool matches = stackmap_table->match_stackmap(
2011         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2012       if (!matches) {
2013         verify_error(ctx, "Stack map does not match the one at "
2014             "exception handler %d", handler_pc);
2015         return;
2016       }
2017     }
2018   }
2019 }
2020 
2021 void ClassVerifier::verify_cp_index(
2022     int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2023   int nconstants = cp->length();
2024   if ((index <= 0) || (index >= nconstants)) {
2025     verify_error(ErrorContext::bad_cp_index(bci, index),
2026         "Illegal constant pool index %d in class %s",
2027         index, cp->pool_holder()->external_name());
2028     return;
2029   }
2030 }
2031 
2032 void ClassVerifier::verify_cp_type(
2033     int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2034 
2035   // In some situations, bytecode rewriting may occur while we're verifying.
2036   // In this case, a constant pool cache exists and some indices refer to that
2037   // instead.  Be sure we don't pick up such indices by accident.
2038   // We must check was_recursively_verified() before we get here.
2039   guarantee(cp->cache() == nullptr, "not rewritten yet");
2040 
2041   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2042   unsigned int tag = cp->tag_at(index).value();
2043   if ((types & (1 << tag)) == 0) {
2044     verify_error(ErrorContext::bad_cp_index(bci, index),
2045       "Illegal type at constant pool entry %d in class %s",
2046       index, cp->pool_holder()->external_name());
2047     return;
2048   }
2049 }
2050 
2051 void ClassVerifier::verify_cp_class_type(
2052     int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2053   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2054   constantTag tag = cp->tag_at(index);
2055   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2056     verify_error(ErrorContext::bad_cp_index(bci, index),
2057         "Illegal type at constant pool entry %d in class %s",
2058         index, cp->pool_holder()->external_name());
2059     return;
2060   }
2061 }
2062 
2063 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2064   stringStream ss;
2065 
2066   ctx.reset_frames();
2067   _exception_type = vmSymbols::java_lang_VerifyError();
2068   _error_context = ctx;
2069   va_list va;
2070   va_start(va, msg);
2071   ss.vprint(msg, va);
2072   va_end(va);
2073   _message = ss.as_string();
2074 #ifdef ASSERT
2075   ResourceMark rm;
2076   const char* exception_name = _exception_type->as_C_string();
2077   Exceptions::debug_check_abort(exception_name, nullptr);
2078 #endif // ndef ASSERT
2079 }
2080 
2081 void ClassVerifier::class_format_error(const char* msg, ...) {
2082   stringStream ss;
2083   _exception_type = vmSymbols::java_lang_ClassFormatError();
2084   va_list va;
2085   va_start(va, msg);
2086   ss.vprint(msg, va);
2087   va_end(va);
2088   if (!_method.is_null()) {
2089     ss.print(" in method '");
2090     _method->print_external_name(&ss);
2091     ss.print("'");
2092   }
2093   _message = ss.as_string();
2094 }
2095 
2096 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2097   HandleMark hm(THREAD);
2098   // Get current loader and protection domain first.
2099   oop loader = current_class()->class_loader();
2100   oop protection_domain = current_class()->protection_domain();
2101 
2102   assert(name_in_supers(name, current_class()), "name should be a super class");
2103 
2104   Klass* kls = SystemDictionary::resolve_or_fail(
2105     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2106     true, THREAD);
2107 
2108   if (kls != nullptr) {
2109     if (log_is_enabled(Debug, class, resolve)) {
2110       Verifier::trace_class_resolution(kls, current_class());
2111     }
2112   }
2113   return kls;
2114 }
2115 
2116 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2117                                         Klass* target_class,
2118                                         Symbol* field_name,
2119                                         Symbol* field_sig,
2120                                         bool is_method) {
2121   NoSafepointVerifier nosafepoint;
2122 
2123   // If target class isn't a super class of this class, we don't worry about this case
2124   if (!this_class->is_subclass_of(target_class)) {
2125     return false;
2126   }
2127   // Check if the specified method or field is protected
2128   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2129   fieldDescriptor fd;
2130   if (is_method) {
2131     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2132     if (m != nullptr && m->is_protected()) {
2133       if (!this_class->is_same_class_package(m->method_holder())) {
2134         return true;
2135       }
2136     }
2137   } else {
2138     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2139     if (member_klass != nullptr && fd.is_protected()) {
2140       if (!this_class->is_same_class_package(member_klass)) {
2141         return true;
2142       }
2143     }
2144   }
2145   return false;
2146 }
2147 
2148 void ClassVerifier::verify_ldc(
2149     int opcode, u2 index, StackMapFrame* current_frame,
2150     const constantPoolHandle& cp, int bci, TRAPS) {
2151   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2152   constantTag tag = cp->tag_at(index);
2153   unsigned int types = 0;
2154   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2155     if (!tag.is_unresolved_klass()) {
2156       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2157             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2158             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2159             | (1 << JVM_CONSTANT_Dynamic);
2160       // Note:  The class file parser already verified the legality of
2161       // MethodHandle and MethodType constants.
2162       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2163     }
2164   } else {
2165     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2166     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2167           | (1 << JVM_CONSTANT_Dynamic);
2168     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2169   }
2170   if (tag.is_string()) {
2171     current_frame->push_stack(
2172       VerificationType::reference_type(
2173         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2174   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2175     current_frame->push_stack(
2176       VerificationType::reference_type(
2177         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2178   } else if (tag.is_int()) {
2179     current_frame->push_stack(
2180       VerificationType::integer_type(), CHECK_VERIFY(this));
2181   } else if (tag.is_float()) {
2182     current_frame->push_stack(
2183       VerificationType::float_type(), CHECK_VERIFY(this));
2184   } else if (tag.is_double()) {
2185     current_frame->push_stack_2(
2186       VerificationType::double_type(),
2187       VerificationType::double2_type(), CHECK_VERIFY(this));
2188   } else if (tag.is_long()) {
2189     current_frame->push_stack_2(
2190       VerificationType::long_type(),
2191       VerificationType::long2_type(), CHECK_VERIFY(this));
2192   } else if (tag.is_method_handle()) {
2193     current_frame->push_stack(
2194       VerificationType::reference_type(
2195         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2196   } else if (tag.is_method_type()) {
2197     current_frame->push_stack(
2198       VerificationType::reference_type(
2199         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2200   } else if (tag.is_dynamic_constant()) {
2201     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2202     // Field signature was checked in ClassFileParser.
2203     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2204            "Invalid type for dynamic constant");
2205     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2206           "buffer type must match VerificationType size");
2207     uintptr_t constant_type_buffer[2];
2208     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2209     SignatureStream sig_stream(constant_type, false);
2210     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2211     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2212     if (n != opcode_n) {
2213       // wrong kind of ldc; reverify against updated type mask
2214       types &= ~(1 << JVM_CONSTANT_Dynamic);
2215       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2216     }
2217     for (int i = 0; i < n; i++) {
2218       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2219     }
2220   } else {
2221     /* Unreachable? verify_cp_type has already validated the cp type. */
2222     verify_error(
2223         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2224     return;
2225   }
2226 }
2227 
2228 void ClassVerifier::verify_switch(
2229     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2230     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2231   int bci = bcs->bci();
2232   address bcp = bcs->bcp();
2233   address aligned_bcp = align_up(bcp + 1, jintSize);
2234 
2235   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2236     // 4639449 & 4647081: padding bytes must be 0
2237     u2 padding_offset = 1;
2238     while ((bcp + padding_offset) < aligned_bcp) {
2239       if(*(bcp + padding_offset) != 0) {
2240         verify_error(ErrorContext::bad_code(bci),
2241                      "Nonzero padding byte in lookupswitch or tableswitch");
2242         return;
2243       }
2244       padding_offset++;
2245     }
2246   }
2247 
2248   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2249   int keys, delta;
2250   current_frame->pop_stack(
2251     VerificationType::integer_type(), CHECK_VERIFY(this));
2252   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2253     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2254     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2255     if (low > high) {
2256       verify_error(ErrorContext::bad_code(bci),
2257           "low must be less than or equal to high in tableswitch");
2258       return;
2259     }
2260     int64_t keys64 = ((int64_t)high - low) + 1;
2261     if (keys64 > 65535) {  // Max code length
2262       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2263       return;
2264     }
2265     keys = (int)keys64;
2266     delta = 1;
2267   } else {
2268     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2269     if (keys < 0) {
2270       verify_error(ErrorContext::bad_code(bci),
2271                    "number of keys in lookupswitch less than 0");
2272       return;
2273     }
2274     delta = 2;
2275     // Make sure that the lookupswitch items are sorted
2276     for (int i = 0; i < (keys - 1); i++) {
2277       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2278       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2279       if (this_key >= next_key) {
2280         verify_error(ErrorContext::bad_code(bci),
2281                      "Bad lookupswitch instruction");
2282         return;
2283       }
2284     }
2285   }
2286   int target = bci + default_offset;
2287   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2288   for (int i = 0; i < keys; i++) {
2289     // Because check_jump_target() may safepoint, the bytecode could have
2290     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2291     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2292     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2293     stackmap_table->check_jump_target(
2294       current_frame, target, CHECK_VERIFY(this));
2295   }
2296   NOT_PRODUCT(aligned_bcp = nullptr);  // no longer valid at this point
2297 }
2298 
2299 bool ClassVerifier::name_in_supers(
2300     Symbol* ref_name, InstanceKlass* current) {
2301   Klass* super = current->super();
2302   while (super != nullptr) {
2303     if (super->name() == ref_name) {
2304       return true;
2305     }
2306     super = super->super();
2307   }
2308   return false;
2309 }
2310 
2311 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2312                                               StackMapFrame* current_frame,
2313                                               const constantPoolHandle& cp,
2314                                               bool allow_arrays,
2315                                               TRAPS) {
2316   u2 index = bcs->get_index_u2();
2317   verify_cp_type(bcs->bci(), index, cp,
2318       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2319 
2320   // Get field name and signature
2321   Symbol* field_name = cp->uncached_name_ref_at(index);
2322   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2323   bool is_getfield = false;
2324 
2325   // Field signature was checked in ClassFileParser.
2326   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2327          "Invalid field signature");
2328 
2329   // Get referenced class type
2330   VerificationType ref_class_type = cp_ref_index_to_type(
2331     index, cp, CHECK_VERIFY(this));
2332   if (!ref_class_type.is_object() &&
2333     (!allow_arrays || !ref_class_type.is_array())) {
2334     verify_error(ErrorContext::bad_type(bcs->bci(),
2335         TypeOrigin::cp(index, ref_class_type)),
2336         "Expecting reference to class in class %s at constant pool index %d",
2337         _klass->external_name(), index);
2338     return;
2339   }
2340   VerificationType target_class_type = ref_class_type;
2341 
2342   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2343         "buffer type must match VerificationType size");
2344   uintptr_t field_type_buffer[2];
2345   VerificationType* field_type = (VerificationType*)field_type_buffer;
2346   // If we make a VerificationType[2] array directly, the compiler calls
2347   // to the c-runtime library to do the allocation instead of just
2348   // stack allocating it.  Plus it would run constructors.  This shows up
2349   // in performance profiles.
2350 
2351   SignatureStream sig_stream(field_sig, false);
2352   VerificationType stack_object_type;
2353   int n = change_sig_to_verificationType(&sig_stream, field_type);
2354   int bci = bcs->bci();
2355   bool is_assignable;
2356   switch (bcs->raw_code()) {
2357     case Bytecodes::_getstatic: {
2358       for (int i = 0; i < n; i++) {
2359         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2360       }
2361       break;
2362     }
2363     case Bytecodes::_putstatic: {
2364       for (int i = n - 1; i >= 0; i--) {
2365         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2366       }
2367       break;
2368     }
2369     case Bytecodes::_getfield: {
2370       is_getfield = true;
2371       stack_object_type = current_frame->pop_stack(
2372         target_class_type, CHECK_VERIFY(this));
2373       goto check_protected;
2374     }
2375     case Bytecodes::_putfield: {
2376       for (int i = n - 1; i >= 0; i--) {
2377         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2378       }
2379       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2380 
2381       // The JVMS 2nd edition allows field initialization before the superclass
2382       // initializer, if the field is defined within the current class.
2383       fieldDescriptor fd;
2384       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2385           target_class_type.equals(current_type()) &&
2386           _klass->find_local_field(field_name, field_sig, &fd)) {
2387         stack_object_type = current_type();
2388       }
2389       is_assignable = target_class_type.is_assignable_from(
2390         stack_object_type, this, false, CHECK_VERIFY(this));
2391       if (!is_assignable) {
2392         verify_error(ErrorContext::bad_type(bci,
2393             current_frame->stack_top_ctx(),
2394             TypeOrigin::cp(index, target_class_type)),
2395             "Bad type on operand stack in putfield");
2396         return;
2397       }
2398     }
2399     check_protected: {
2400       if (_this_type == stack_object_type)
2401         break; // stack_object_type must be assignable to _current_class_type
2402       if (was_recursively_verified()) {
2403         if (is_getfield) {
2404           // Push field type for getfield.
2405           for (int i = 0; i < n; i++) {
2406             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2407           }
2408         }
2409         return;
2410       }
2411       Symbol* ref_class_name =
2412         cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2413       if (!name_in_supers(ref_class_name, current_class()))
2414         // stack_object_type must be assignable to _current_class_type since:
2415         // 1. stack_object_type must be assignable to ref_class.
2416         // 2. ref_class must be _current_class or a subclass of it. It can't
2417         //    be a superclass of it. See revised JVMS 5.4.4.
2418         break;
2419 
2420       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2421       if (is_protected_access(current_class(), ref_class_oop, field_name,
2422                               field_sig, false)) {
2423         // It's protected access, check if stack object is assignable to
2424         // current class.
2425         is_assignable = current_type().is_assignable_from(
2426           stack_object_type, this, true, CHECK_VERIFY(this));
2427         if (!is_assignable) {
2428           verify_error(ErrorContext::bad_type(bci,
2429               current_frame->stack_top_ctx(),
2430               TypeOrigin::implicit(current_type())),
2431               "Bad access to protected data in %s",
2432               is_getfield ? "getfield" : "putfield");
2433           return;
2434         }
2435       }
2436       break;
2437     }
2438     default: ShouldNotReachHere();
2439   }
2440   if (is_getfield) {
2441     // Push field type for getfield after doing protection check.
2442     for (int i = 0; i < n; i++) {
2443       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2444     }
2445   }
2446 }
2447 
2448 // Look at the method's handlers.  If the bci is in the handler's try block
2449 // then check if the handler_pc is already on the stack.  If not, push it
2450 // unless the handler has already been scanned.
2451 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2452                                   GrowableArray<u4>* handler_list,
2453                                   GrowableArray<u4>* handler_stack,
2454                                   u4 bci) {
2455   int exlength = exhandlers->length();
2456   for(int x = 0; x < exlength; x++) {
2457     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2458       u4 exhandler_pc = exhandlers->handler_pc(x);
2459       if (!handler_list->contains(exhandler_pc)) {
2460         handler_stack->append_if_missing(exhandler_pc);
2461         handler_list->append(exhandler_pc);
2462       }
2463     }
2464   }
2465 }
2466 
2467 // Return TRUE if all code paths starting with start_bc_offset end in
2468 // bytecode athrow or loop.
2469 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2470   ResourceMark rm;
2471   // Create bytecode stream.
2472   RawBytecodeStream bcs(method());
2473   int code_length = method()->code_size();
2474   bcs.set_start(start_bc_offset);
2475 
2476   // Create stack for storing bytecode start offsets for if* and *switch.
2477   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2478   // Create stack for handlers for try blocks containing this handler.
2479   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2480   // Create list of handlers that have been pushed onto the handler_stack
2481   // so that handlers embedded inside of their own TRY blocks only get
2482   // scanned once.
2483   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2484   // Create list of visited branch opcodes (goto* and if*).
2485   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2486   ExceptionTable exhandlers(_method());
2487 
2488   while (true) {
2489     if (bcs.is_last_bytecode()) {
2490       // if no more starting offsets to parse or if at the end of the
2491       // method then return false.
2492       if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2493         return false;
2494       // Pop a bytecode starting offset and scan from there.
2495       bcs.set_start(bci_stack->pop());
2496     }
2497     Bytecodes::Code opcode = bcs.raw_next();
2498     int bci = bcs.bci();
2499 
2500     // If the bytecode is in a TRY block, push its handlers so they
2501     // will get parsed.
2502     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2503 
2504     switch (opcode) {
2505       case Bytecodes::_if_icmpeq:
2506       case Bytecodes::_if_icmpne:
2507       case Bytecodes::_if_icmplt:
2508       case Bytecodes::_if_icmpge:
2509       case Bytecodes::_if_icmpgt:
2510       case Bytecodes::_if_icmple:
2511       case Bytecodes::_ifeq:
2512       case Bytecodes::_ifne:
2513       case Bytecodes::_iflt:
2514       case Bytecodes::_ifge:
2515       case Bytecodes::_ifgt:
2516       case Bytecodes::_ifle:
2517       case Bytecodes::_if_acmpeq:
2518       case Bytecodes::_if_acmpne:
2519       case Bytecodes::_ifnull:
2520       case Bytecodes::_ifnonnull: {
2521         int target = bcs.dest();
2522         if (visited_branches->contains(bci)) {
2523           if (bci_stack->is_empty()) {
2524             if (handler_stack->is_empty()) {
2525               return true;
2526             } else {
2527               // Parse the catch handlers for try blocks containing athrow.
2528               bcs.set_start(handler_stack->pop());
2529             }
2530           } else {
2531             // Pop a bytecode starting offset and scan from there.
2532             bcs.set_start(bci_stack->pop());
2533           }
2534         } else {
2535           if (target > bci) { // forward branch
2536             if (target >= code_length) return false;
2537             // Push the branch target onto the stack.
2538             bci_stack->push(target);
2539             // then, scan bytecodes starting with next.
2540             bcs.set_start(bcs.next_bci());
2541           } else { // backward branch
2542             // Push bytecode offset following backward branch onto the stack.
2543             bci_stack->push(bcs.next_bci());
2544             // Check bytecodes starting with branch target.
2545             bcs.set_start(target);
2546           }
2547           // Record target so we don't branch here again.
2548           visited_branches->append(bci);
2549         }
2550         break;
2551         }
2552 
2553       case Bytecodes::_goto:
2554       case Bytecodes::_goto_w: {
2555         int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2556         if (visited_branches->contains(bci)) {
2557           if (bci_stack->is_empty()) {
2558             if (handler_stack->is_empty()) {
2559               return true;
2560             } else {
2561               // Parse the catch handlers for try blocks containing athrow.
2562               bcs.set_start(handler_stack->pop());
2563             }
2564           } else {
2565             // Been here before, pop new starting offset from stack.
2566             bcs.set_start(bci_stack->pop());
2567           }
2568         } else {
2569           if (target >= code_length) return false;
2570           // Continue scanning from the target onward.
2571           bcs.set_start(target);
2572           // Record target so we don't branch here again.
2573           visited_branches->append(bci);
2574         }
2575         break;
2576         }
2577 
2578       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2579       // is  difficult to determine where each switch alternative ends, parse
2580       // each switch alternative until either hit a 'return', 'athrow', or reach
2581       // the end of the method's bytecodes.  This is gross but should be okay
2582       // because:
2583       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2584       //    constructor invocations should be rare.
2585       // 2. if each switch alternative ends in an athrow then the parsing should be
2586       //    short.  If there is no athrow then it is bogus code, anyway.
2587       case Bytecodes::_lookupswitch:
2588       case Bytecodes::_tableswitch:
2589         {
2590           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2591           int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2592           int keys, delta;
2593           if (opcode == Bytecodes::_tableswitch) {
2594             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2595             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2596             // This is invalid, but let the regular bytecode verifier
2597             // report this because the user will get a better error message.
2598             if (low > high) return true;
2599             keys = high - low + 1;
2600             delta = 1;
2601           } else {
2602             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2603             delta = 2;
2604           }
2605           // Invalid, let the regular bytecode verifier deal with it.
2606           if (keys < 0) return true;
2607 
2608           // Push the offset of the next bytecode onto the stack.
2609           bci_stack->push(bcs.next_bci());
2610 
2611           // Push the switch alternatives onto the stack.
2612           for (int i = 0; i < keys; i++) {
2613             int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2614             if (target > code_length) return false;
2615             bci_stack->push(target);
2616           }
2617 
2618           // Start bytecode parsing for the switch at the default alternative.
2619           if (default_offset > code_length) return false;
2620           bcs.set_start(default_offset);
2621           break;
2622         }
2623 
2624       case Bytecodes::_return:
2625         return false;
2626 
2627       case Bytecodes::_athrow:
2628         {
2629           if (bci_stack->is_empty()) {
2630             if (handler_stack->is_empty()) {
2631               return true;
2632             } else {
2633               // Parse the catch handlers for try blocks containing athrow.
2634               bcs.set_start(handler_stack->pop());
2635             }
2636           } else {
2637             // Pop a bytecode offset and starting scanning from there.
2638             bcs.set_start(bci_stack->pop());
2639           }
2640         }
2641         break;
2642 
2643       default:
2644         ;
2645     } // end switch
2646   } // end while loop
2647 
2648   return false;
2649 }
2650 
2651 void ClassVerifier::verify_invoke_init(
2652     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2653     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2654     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2655     TRAPS) {
2656   int bci = bcs->bci();
2657   VerificationType type = current_frame->pop_stack(
2658     VerificationType::reference_check(), CHECK_VERIFY(this));
2659   if (type == VerificationType::uninitialized_this_type()) {
2660     // The method must be an <init> method of this class or its superclass
2661     Klass* superk = current_class()->super();
2662     if (ref_class_type.name() != current_class()->name() &&
2663         ref_class_type.name() != superk->name()) {
2664       verify_error(ErrorContext::bad_type(bci,
2665           TypeOrigin::implicit(ref_class_type),
2666           TypeOrigin::implicit(current_type())),
2667           "Bad <init> method call");
2668       return;
2669     }
2670 
2671     // If this invokespecial call is done from inside of a TRY block then make
2672     // sure that all catch clause paths end in a throw.  Otherwise, this can
2673     // result in returning an incomplete object.
2674     if (in_try_block) {
2675       ExceptionTable exhandlers(_method());
2676       int exlength = exhandlers.length();
2677       for(int i = 0; i < exlength; i++) {
2678         u2 start_pc = exhandlers.start_pc(i);
2679         u2 end_pc = exhandlers.end_pc(i);
2680 
2681         if (bci >= start_pc && bci < end_pc) {
2682           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2683             verify_error(ErrorContext::bad_code(bci),
2684               "Bad <init> method call from after the start of a try block");
2685             return;
2686           } else if (log_is_enabled(Debug, verification)) {
2687             ResourceMark rm(THREAD);
2688             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2689                                           current_class()->name()->as_C_string());
2690           }
2691         }
2692       }
2693 
2694       // Check the exception handler target stackmaps with the locals from the
2695       // incoming stackmap (before initialize_object() changes them to outgoing
2696       // state).
2697       if (was_recursively_verified()) return;
2698       verify_exception_handler_targets(bci, true, current_frame,
2699                                        stackmap_table, CHECK_VERIFY(this));
2700     } // in_try_block
2701 
2702     current_frame->initialize_object(type, current_type());
2703     *this_uninit = true;
2704   } else if (type.is_uninitialized()) {
2705     u2 new_offset = type.bci();
2706     address new_bcp = bcs->bcp() - bci + new_offset;
2707     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2708       /* Unreachable?  Stack map parsing ensures valid type and new
2709        * instructions have a valid BCI. */
2710       verify_error(ErrorContext::bad_code(new_offset),
2711                    "Expecting new instruction");
2712       return;
2713     }
2714     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2715     if (was_recursively_verified()) return;
2716     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2717 
2718     // The method must be an <init> method of the indicated class
2719     VerificationType new_class_type = cp_index_to_type(
2720       new_class_index, cp, CHECK_VERIFY(this));
2721     if (!new_class_type.equals(ref_class_type)) {
2722       verify_error(ErrorContext::bad_type(bci,
2723           TypeOrigin::cp(new_class_index, new_class_type),
2724           TypeOrigin::cp(ref_class_index, ref_class_type)),
2725           "Call to wrong <init> method");
2726       return;
2727     }
2728     // According to the VM spec, if the referent class is a superclass of the
2729     // current class, and is in a different runtime package, and the method is
2730     // protected, then the objectref must be the current class or a subclass
2731     // of the current class.
2732     VerificationType objectref_type = new_class_type;
2733     if (name_in_supers(ref_class_type.name(), current_class())) {
2734       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2735       if (was_recursively_verified()) return;
2736       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2737         vmSymbols::object_initializer_name(),
2738         cp->uncached_signature_ref_at(bcs->get_index_u2()),
2739         Klass::OverpassLookupMode::find);
2740       // Do nothing if method is not found.  Let resolution detect the error.
2741       if (m != nullptr) {
2742         InstanceKlass* mh = m->method_holder();
2743         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2744           bool assignable = current_type().is_assignable_from(
2745             objectref_type, this, true, CHECK_VERIFY(this));
2746           if (!assignable) {
2747             verify_error(ErrorContext::bad_type(bci,
2748                 TypeOrigin::cp(new_class_index, objectref_type),
2749                 TypeOrigin::implicit(current_type())),
2750                 "Bad access to protected <init> method");
2751             return;
2752           }
2753         }
2754       }
2755     }
2756     // Check the exception handler target stackmaps with the locals from the
2757     // incoming stackmap (before initialize_object() changes them to outgoing
2758     // state).
2759     if (in_try_block) {
2760       if (was_recursively_verified()) return;
2761       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2762                                        stackmap_table, CHECK_VERIFY(this));
2763     }
2764     current_frame->initialize_object(type, new_class_type);
2765   } else {
2766     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2767         "Bad operand type when invoking <init>");
2768     return;
2769   }
2770 }
2771 
2772 bool ClassVerifier::is_same_or_direct_interface(
2773     InstanceKlass* klass,
2774     VerificationType klass_type,
2775     VerificationType ref_class_type) {
2776   if (ref_class_type.equals(klass_type)) return true;
2777   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2778   if (local_interfaces != nullptr) {
2779     for (int x = 0; x < local_interfaces->length(); x++) {
2780       InstanceKlass* k = local_interfaces->at(x);
2781       assert (k != nullptr && k->is_interface(), "invalid interface");
2782       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2783         return true;
2784       }
2785     }
2786   }
2787   return false;
2788 }
2789 
2790 void ClassVerifier::verify_invoke_instructions(
2791     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2792     bool in_try_block, bool *this_uninit, VerificationType return_type,
2793     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2794   // Make sure the constant pool item is the right type
2795   u2 index = bcs->get_index_u2();
2796   Bytecodes::Code opcode = bcs->raw_code();
2797   unsigned int types = 0;
2798   switch (opcode) {
2799     case Bytecodes::_invokeinterface:
2800       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2801       break;
2802     case Bytecodes::_invokedynamic:
2803       types = 1 << JVM_CONSTANT_InvokeDynamic;
2804       break;
2805     case Bytecodes::_invokespecial:
2806     case Bytecodes::_invokestatic:
2807       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2808         (1 << JVM_CONSTANT_Methodref) :
2809         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2810       break;
2811     default:
2812       types = 1 << JVM_CONSTANT_Methodref;
2813   }
2814   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2815 
2816   // Get method name and signature
2817   Symbol* method_name = cp->uncached_name_ref_at(index);
2818   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2819 
2820   // Method signature was checked in ClassFileParser.
2821   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2822          "Invalid method signature");
2823 
2824   // Get referenced class type
2825   VerificationType ref_class_type;
2826   if (opcode == Bytecodes::_invokedynamic) {
2827     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2828       class_format_error(
2829         "invokedynamic instructions not supported by this class file version (%d), class %s",
2830         _klass->major_version(), _klass->external_name());
2831       return;
2832     }
2833   } else {
2834     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2835   }
2836 
2837   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2838         "buffer type must match VerificationType size");
2839 
2840   // Get the UTF8 index for this signature.
2841   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2842 
2843   // Get the signature's verification types.
2844   sig_as_verification_types* mth_sig_verif_types;
2845   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2846   if (mth_sig_verif_types_ptr != nullptr) {
2847     // Found the entry for the signature's verification types in the hash table.
2848     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2849     assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2850   } else {
2851     // Not found, add the entry to the table.
2852     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2853     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2854     create_method_sig_entry(mth_sig_verif_types, sig_index);
2855   }
2856 
2857   // Get the number of arguments for this signature.
2858   int nargs = mth_sig_verif_types->num_args();
2859 
2860   // Check instruction operands
2861   int bci = bcs->bci();
2862   if (opcode == Bytecodes::_invokeinterface) {
2863     address bcp = bcs->bcp();
2864     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2865     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2866     // the difference between the size of the operand stack before and after the instruction
2867     // executes.
2868     if (*(bcp+3) != (nargs+1)) {
2869       verify_error(ErrorContext::bad_code(bci),
2870           "Inconsistent args count operand in invokeinterface");
2871       return;
2872     }
2873     if (*(bcp+4) != 0) {
2874       verify_error(ErrorContext::bad_code(bci),
2875           "Fourth operand byte of invokeinterface must be zero");
2876       return;
2877     }
2878   }
2879 
2880   if (opcode == Bytecodes::_invokedynamic) {
2881     address bcp = bcs->bcp();
2882     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2883       verify_error(ErrorContext::bad_code(bci),
2884           "Third and fourth operand bytes of invokedynamic must be zero");
2885       return;
2886     }
2887   }
2888 
2889   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2890     // Make sure <init> can only be invoked by invokespecial
2891     if (opcode != Bytecodes::_invokespecial ||
2892         method_name != vmSymbols::object_initializer_name()) {
2893       verify_error(ErrorContext::bad_code(bci),
2894           "Illegal call to internal method");
2895       return;
2896     }
2897   } else if (opcode == Bytecodes::_invokespecial
2898              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2899              && !ref_class_type.equals(VerificationType::reference_type(
2900                   current_class()->super()->name()))) {
2901     bool subtype = false;
2902     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2903     subtype = ref_class_type.is_assignable_from(
2904                current_type(), this, false, CHECK_VERIFY(this));
2905     if (!subtype) {
2906       verify_error(ErrorContext::bad_code(bci),
2907           "Bad invokespecial instruction: "
2908           "current class isn't assignable to reference class.");
2909        return;
2910     } else if (have_imr_indirect) {
2911       verify_error(ErrorContext::bad_code(bci),
2912           "Bad invokespecial instruction: "
2913           "interface method reference is in an indirect superinterface.");
2914       return;
2915     }
2916 
2917   }
2918 
2919   // Get the verification types for the method's arguments.
2920   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2921   assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2922   // Match method descriptor with operand stack
2923   // The arguments are on the stack in descending order.
2924   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2925     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2926   }
2927 
2928   // Check objectref on operand stack
2929   if (opcode != Bytecodes::_invokestatic &&
2930       opcode != Bytecodes::_invokedynamic) {
2931     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2932       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2933         code_length, in_try_block, this_uninit, cp, stackmap_table,
2934         CHECK_VERIFY(this));
2935       if (was_recursively_verified()) return;
2936     } else {   // other methods
2937       // Ensures that target class is assignable to method class.
2938       if (opcode == Bytecodes::_invokespecial) {
2939         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2940       } else if (opcode == Bytecodes::_invokevirtual) {
2941         VerificationType stack_object_type =
2942           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2943         if (current_type() != stack_object_type) {
2944           if (was_recursively_verified()) return;
2945           assert(cp->cache() == nullptr, "not rewritten yet");
2946           Symbol* ref_class_name =
2947             cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2948           // See the comments in verify_field_instructions() for
2949           // the rationale behind this.
2950           if (name_in_supers(ref_class_name, current_class())) {
2951             Klass* ref_class = load_class(ref_class_name, CHECK);
2952             if (is_protected_access(
2953                   _klass, ref_class, method_name, method_sig, true)) {
2954               // It's protected access, check if stack object is
2955               // assignable to current class.
2956               if (ref_class_type.name() == vmSymbols::java_lang_Object()
2957                   && stack_object_type.is_array()
2958                   && method_name == vmSymbols::clone_name()) {
2959                 // Special case: arrays pretend to implement public Object
2960                 // clone().
2961               } else {
2962                 bool is_assignable = current_type().is_assignable_from(
2963                   stack_object_type, this, true, CHECK_VERIFY(this));
2964                 if (!is_assignable) {
2965                   verify_error(ErrorContext::bad_type(bci,
2966                       current_frame->stack_top_ctx(),
2967                       TypeOrigin::implicit(current_type())),
2968                       "Bad access to protected data in invokevirtual");
2969                   return;
2970                 }
2971               }
2972             }
2973           }
2974         }
2975       } else {
2976         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2977         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2978       }
2979     }
2980   }
2981   // Push the result type.
2982   int sig_verif_types_len = sig_verif_types->length();
2983   if (sig_verif_types_len > nargs) {  // There's a return type
2984     if (method_name == vmSymbols::object_initializer_name()) {
2985       // <init> method must have a void return type
2986       /* Unreachable?  Class file parser verifies that methods with '<' have
2987        * void return */
2988       verify_error(ErrorContext::bad_code(bci),
2989           "Return type must be void in <init> method");
2990       return;
2991     }
2992 
2993     assert(sig_verif_types_len <= nargs + 2,
2994            "Signature verification types array return type is bogus");
2995     for (int i = nargs; i < sig_verif_types_len; i++) {
2996       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2997              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2998       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2999     }
3000   }
3001 }
3002 
3003 VerificationType ClassVerifier::get_newarray_type(
3004     u2 index, int bci, TRAPS) {
3005   const char* from_bt[] = {
3006     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3007   };
3008   if (index < T_BOOLEAN || index > T_LONG) {
3009     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3010     return VerificationType::bogus_type();
3011   }
3012 
3013   // from_bt[index] contains the array signature which has a length of 2
3014   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3015   return VerificationType::reference_type(sig);
3016 }
3017 
3018 void ClassVerifier::verify_anewarray(
3019     int bci, u2 index, const constantPoolHandle& cp,
3020     StackMapFrame* current_frame, TRAPS) {
3021   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3022   current_frame->pop_stack(
3023     VerificationType::integer_type(), CHECK_VERIFY(this));
3024 
3025   if (was_recursively_verified()) return;
3026   VerificationType component_type =
3027     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3028   int length;
3029   char* arr_sig_str;
3030   if (component_type.is_array()) {     // it's an array
3031     const char* component_name = component_type.name()->as_utf8();
3032     // Check for more than MAX_ARRAY_DIMENSIONS
3033     length = (int)strlen(component_name);
3034     if (length > MAX_ARRAY_DIMENSIONS &&
3035         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3036       verify_error(ErrorContext::bad_code(bci),
3037         "Illegal anewarray instruction, array has more than 255 dimensions");
3038     }
3039     // add one dimension to component
3040     length++;
3041     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3042     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3043                          JVM_SIGNATURE_ARRAY, component_name);
3044     assert(n == length, "Unexpected number of characters in string");
3045   } else {         // it's an object or interface
3046     const char* component_name = component_type.name()->as_utf8();
3047     // add one dimension to component with 'L' prepended and ';' postpended.
3048     length = (int)strlen(component_name) + 3;
3049     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3050     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3051                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3052     assert(n == length, "Unexpected number of characters in string");
3053   }
3054   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3055   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3056   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3057 }
3058 
3059 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3060   current_frame->get_local(
3061     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3062   current_frame->push_stack(
3063     VerificationType::integer_type(), CHECK_VERIFY(this));
3064 }
3065 
3066 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3067   current_frame->get_local_2(
3068     index, VerificationType::long_type(),
3069     VerificationType::long2_type(), CHECK_VERIFY(this));
3070   current_frame->push_stack_2(
3071     VerificationType::long_type(),
3072     VerificationType::long2_type(), CHECK_VERIFY(this));
3073 }
3074 
3075 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3076   current_frame->get_local(
3077     index, VerificationType::float_type(), CHECK_VERIFY(this));
3078   current_frame->push_stack(
3079     VerificationType::float_type(), CHECK_VERIFY(this));
3080 }
3081 
3082 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3083   current_frame->get_local_2(
3084     index, VerificationType::double_type(),
3085     VerificationType::double2_type(), CHECK_VERIFY(this));
3086   current_frame->push_stack_2(
3087     VerificationType::double_type(),
3088     VerificationType::double2_type(), CHECK_VERIFY(this));
3089 }
3090 
3091 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3092   VerificationType type = current_frame->get_local(
3093     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3094   current_frame->push_stack(type, CHECK_VERIFY(this));
3095 }
3096 
3097 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3098   current_frame->pop_stack(
3099     VerificationType::integer_type(), CHECK_VERIFY(this));
3100   current_frame->set_local(
3101     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3102 }
3103 
3104 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3105   current_frame->pop_stack_2(
3106     VerificationType::long2_type(),
3107     VerificationType::long_type(), CHECK_VERIFY(this));
3108   current_frame->set_local_2(
3109     index, VerificationType::long_type(),
3110     VerificationType::long2_type(), CHECK_VERIFY(this));
3111 }
3112 
3113 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3114   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3115   current_frame->set_local(
3116     index, VerificationType::float_type(), CHECK_VERIFY(this));
3117 }
3118 
3119 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3120   current_frame->pop_stack_2(
3121     VerificationType::double2_type(),
3122     VerificationType::double_type(), CHECK_VERIFY(this));
3123   current_frame->set_local_2(
3124     index, VerificationType::double_type(),
3125     VerificationType::double2_type(), CHECK_VERIFY(this));
3126 }
3127 
3128 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3129   VerificationType type = current_frame->pop_stack(
3130     VerificationType::reference_check(), CHECK_VERIFY(this));
3131   current_frame->set_local(index, type, CHECK_VERIFY(this));
3132 }
3133 
3134 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3135   VerificationType type = current_frame->get_local(
3136     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3137   current_frame->set_local(index, type, CHECK_VERIFY(this));
3138 }
3139 
3140 void ClassVerifier::verify_return_value(
3141     VerificationType return_type, VerificationType type, int bci,
3142     StackMapFrame* current_frame, TRAPS) {
3143   if (return_type == VerificationType::bogus_type()) {
3144     verify_error(ErrorContext::bad_type(bci,
3145         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3146         "Method does not expect a return value");
3147     return;
3148   }
3149   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3150   if (!match) {
3151     verify_error(ErrorContext::bad_type(bci,
3152         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3153         "Bad return type");
3154     return;
3155   }
3156 }
3157 
3158 // The verifier creates symbols which are substrings of Symbols.
3159 // These are stored in the verifier until the end of verification so that
3160 // they can be reference counted.
3161 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3162   // Quick deduplication check
3163   if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3164     return _previous_symbol;
3165   }
3166   Symbol* sym = SymbolTable::new_symbol(name, length);
3167   if (!sym->is_permanent()) {
3168     if (_symbols == nullptr) {
3169       _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3170     }
3171     _symbols->push(sym);
3172   }
3173   _previous_symbol = sym;
3174   return sym;
3175 }