1 /* 2 * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/symbolTable.hpp" 34 #include "classfile/systemDictionary.hpp" 35 #include "classfile/verifier.hpp" 36 #include "classfile/vmClasses.hpp" 37 #include "classfile/vmSymbols.hpp" 38 #include "interpreter/bytecodes.hpp" 39 #include "interpreter/bytecodeStream.hpp" 40 #include "logging/log.hpp" 41 #include "logging/logStream.hpp" 42 #include "memory/oopFactory.hpp" 43 #include "memory/resourceArea.hpp" 44 #include "memory/universe.hpp" 45 #include "oops/constantPool.inline.hpp" 46 #include "oops/instanceKlass.inline.hpp" 47 #include "oops/klass.inline.hpp" 48 #include "oops/oop.inline.hpp" 49 #include "oops/typeArrayOop.hpp" 50 #include "runtime/arguments.hpp" 51 #include "runtime/fieldDescriptor.hpp" 52 #include "runtime/handles.inline.hpp" 53 #include "runtime/interfaceSupport.inline.hpp" 54 #include "runtime/javaCalls.hpp" 55 #include "runtime/jniHandles.inline.hpp" 56 #include "runtime/os.hpp" 57 #include "runtime/safepointVerifiers.hpp" 58 #include "runtime/thread.hpp" 59 #include "services/threadService.hpp" 60 #include "utilities/align.hpp" 61 #include "utilities/bytes.hpp" 62 63 #define NOFAILOVER_MAJOR_VERSION 51 64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 66 #define MAX_ARRAY_DIMENSIONS 255 67 68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 69 70 extern "C" { 71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 72 } 73 74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL; 75 76 static verify_byte_codes_fn_t verify_byte_codes_fn() { 77 78 if (_verify_byte_codes_fn != NULL) 79 return _verify_byte_codes_fn; 80 81 MutexLocker locker(Verify_lock); 82 83 if (_verify_byte_codes_fn != NULL) 84 return _verify_byte_codes_fn; 85 86 // Load verify dll 87 char buffer[JVM_MAXPATHLEN]; 88 char ebuf[1024]; 89 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 90 return NULL; // Caller will throw VerifyError 91 92 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 93 if (lib_handle == NULL) 94 return NULL; // Caller will throw VerifyError 95 96 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 97 if (fn == NULL) 98 return NULL; // Caller will throw VerifyError 99 100 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 101 } 102 103 104 // Methods in Verifier 105 106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 107 return (class_loader == NULL || !should_verify_class) ? 108 BytecodeVerificationLocal : BytecodeVerificationRemote; 109 } 110 111 bool Verifier::relax_access_for(oop loader) { 112 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 113 bool need_verify = 114 // verifyAll 115 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 116 // verifyRemote 117 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 118 return !need_verify; 119 } 120 121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 122 assert(verify_class != NULL, "Unexpected null verify_class"); 123 ResourceMark rm; 124 Symbol* s = verify_class->source_file_name(); 125 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 126 const char* verify = verify_class->external_name(); 127 const char* resolve = resolve_class->external_name(); 128 // print in a single call to reduce interleaving between threads 129 if (source_file != NULL) { 130 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 131 } else { 132 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 133 } 134 } 135 136 // Prints the end-verification message to the appropriate output. 137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 138 if (pending_exception != NULL) { 139 st->print("Verification for %s has", klassName); 140 oop message = java_lang_Throwable::message(pending_exception); 141 if (message != NULL) { 142 char* ex_msg = java_lang_String::as_utf8_string(message); 143 st->print_cr(" exception pending '%s %s'", 144 pending_exception->klass()->external_name(), ex_msg); 145 } else { 146 st->print_cr(" exception pending %s ", 147 pending_exception->klass()->external_name()); 148 } 149 } else if (exception_name != NULL) { 150 st->print_cr("Verification for %s failed", klassName); 151 } 152 st->print_cr("End class verification for: %s", klassName); 153 } 154 155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 156 HandleMark hm(THREAD); 157 ResourceMark rm(THREAD); 158 159 // Eagerly allocate the identity hash code for a klass. This is a fallout 160 // from 6320749 and 8059924: hash code generator is not supposed to be called 161 // during the safepoint, but it allows to sneak the hashcode in during 162 // verification. Without this eager hashcode generation, we may end up 163 // installing the hashcode during some other operation, which may be at 164 // safepoint -- blowing up the checks. It was previously done as the side 165 // effect (sic!) for external_name(), but instead of doing that, we opt to 166 // explicitly push the hashcode in here. This is signify the following block 167 // is IMPORTANT: 168 if (klass->java_mirror() != NULL) { 169 klass->java_mirror()->identity_hash(); 170 } 171 172 if (!is_eligible_for_verification(klass, should_verify_class)) { 173 return true; 174 } 175 176 // Timer includes any side effects of class verification (resolution, 177 // etc), but not recursive calls to Verifier::verify(). 178 JavaThread* jt = THREAD; 179 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 180 ClassLoader::perf_class_verify_selftime(), 181 ClassLoader::perf_classes_verified(), 182 jt->get_thread_stat()->perf_recursion_counts_addr(), 183 jt->get_thread_stat()->perf_timers_addr(), 184 PerfClassTraceTime::CLASS_VERIFY); 185 186 // If the class should be verified, first see if we can use the split 187 // verifier. If not, or if verification fails and can failover, then 188 // call the inference verifier. 189 Symbol* exception_name = NULL; 190 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 191 char* message_buffer = NULL; 192 char* exception_message = NULL; 193 194 log_info(class, init)("Start class verification for: %s", klass->external_name()); 195 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 196 ClassVerifier split_verifier(jt, klass); 197 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 198 split_verifier.verify_class(THREAD); 199 exception_name = split_verifier.result(); 200 201 // If DumpSharedSpaces is set then don't fall back to the old verifier on 202 // verification failure. If a class fails verification with the split verifier, 203 // it might fail the CDS runtime verifier constraint check. In that case, we 204 // don't want to share the class. We only archive classes that pass the split 205 // verifier. 206 bool can_failover = !DumpSharedSpaces && 207 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 208 209 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 210 (exception_name == vmSymbols::java_lang_VerifyError() || 211 exception_name == vmSymbols::java_lang_ClassFormatError())) { 212 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 213 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 214 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 215 exception_message = message_buffer; 216 exception_name = inference_verify( 217 klass, message_buffer, message_buffer_len, THREAD); 218 } 219 if (exception_name != NULL) { 220 exception_message = split_verifier.exception_message(); 221 } 222 } else { 223 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 224 exception_message = message_buffer; 225 exception_name = inference_verify( 226 klass, message_buffer, message_buffer_len, THREAD); 227 } 228 229 LogTarget(Info, class, init) lt1; 230 if (lt1.is_enabled()) { 231 LogStream ls(lt1); 232 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 233 } 234 LogTarget(Info, verification) lt2; 235 if (lt2.is_enabled()) { 236 LogStream ls(lt2); 237 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 238 } 239 240 if (HAS_PENDING_EXCEPTION) { 241 return false; // use the existing exception 242 } else if (exception_name == NULL) { 243 return true; // verification succeeded 244 } else { // VerifyError or ClassFormatError to be created and thrown 245 Klass* kls = 246 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 247 if (log_is_enabled(Debug, class, resolve)) { 248 Verifier::trace_class_resolution(kls, klass); 249 } 250 251 while (kls != NULL) { 252 if (kls == klass) { 253 // If the class being verified is the exception we're creating 254 // or one of it's superclasses, we're in trouble and are going 255 // to infinitely recurse when we try to initialize the exception. 256 // So bail out here by throwing the preallocated VM error. 257 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 258 } 259 kls = kls->super(); 260 } 261 if (message_buffer != NULL) { 262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 263 } 264 assert(exception_message != NULL, ""); 265 THROW_MSG_(exception_name, exception_message, false); 266 } 267 } 268 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 270 Symbol* name = klass->name(); 271 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass(); 272 273 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 274 275 return (should_verify_for(klass->class_loader(), should_verify_class) && 276 // return if the class is a bootstrapping class 277 // or defineClass specified not to verify by default (flags override passed arg) 278 // We need to skip the following four for bootstraping 279 name != vmSymbols::java_lang_Object() && 280 name != vmSymbols::java_lang_Class() && 281 name != vmSymbols::java_lang_String() && 282 name != vmSymbols::java_lang_Throwable() && 283 284 // Can not verify the bytecodes for shared classes because they have 285 // already been rewritten to contain constant pool cache indices, 286 // which the verifier can't understand. 287 // Shared classes shouldn't have stackmaps either. 288 // However, bytecodes for shared old classes can be verified because 289 // they have not been rewritten. 290 !(klass->is_shared() && klass->is_rewritten()) && 291 292 // As of the fix for 4486457 we disable verification for all of the 293 // dynamically-generated bytecodes associated with the 1.4 294 // reflection implementation, not just those associated with 295 // jdk/internal/reflect/SerializationConstructorAccessor. 296 // NOTE: this is called too early in the bootstrapping process to be 297 // guarded by Universe::is_gte_jdk14x_version(). 298 // Also for lambda generated code, gte jdk8 299 (!is_reflect)); 300 } 301 302 Symbol* Verifier::inference_verify( 303 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 304 JavaThread* thread = THREAD; 305 306 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 307 308 if (verify_func == NULL) { 309 jio_snprintf(message, message_len, "Could not link verifier"); 310 return vmSymbols::java_lang_VerifyError(); 311 } 312 313 ResourceMark rm(thread); 314 log_info(verification)("Verifying class %s with old format", klass->external_name()); 315 316 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 317 jint result; 318 319 { 320 HandleMark hm(thread); 321 ThreadToNativeFromVM ttn(thread); 322 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 323 // code knows that we have left the VM 324 JNIEnv *env = thread->jni_environment(); 325 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 326 } 327 328 JNIHandles::destroy_local(cls); 329 330 // These numbers are chosen so that VerifyClassCodes interface doesn't need 331 // to be changed (still return jboolean (unsigned char)), and result is 332 // 1 when verification is passed. 333 if (result == 0) { 334 return vmSymbols::java_lang_VerifyError(); 335 } else if (result == 1) { 336 return NULL; // verified. 337 } else if (result == 2) { 338 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 339 } else if (result == 3) { 340 return vmSymbols::java_lang_ClassFormatError(); 341 } else { 342 ShouldNotReachHere(); 343 return NULL; 344 } 345 } 346 347 TypeOrigin TypeOrigin::null() { 348 return TypeOrigin(); 349 } 350 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 351 assert(frame != NULL, "Must have a frame"); 352 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 353 frame->local_at(index)); 354 } 355 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 356 assert(frame != NULL, "Must have a frame"); 357 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 358 frame->stack_at(index)); 359 } 360 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 361 assert(frame != NULL, "Must have a frame"); 362 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 363 frame->local_at(index)); 364 } 365 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 366 assert(frame != NULL, "Must have a frame"); 367 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 368 frame->stack_at(index)); 369 } 370 TypeOrigin TypeOrigin::bad_index(u2 index) { 371 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 372 } 373 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 374 return TypeOrigin(CONST_POOL, index, NULL, vt); 375 } 376 TypeOrigin TypeOrigin::signature(VerificationType vt) { 377 return TypeOrigin(SIG, 0, NULL, vt); 378 } 379 TypeOrigin TypeOrigin::implicit(VerificationType t) { 380 return TypeOrigin(IMPLICIT, 0, NULL, t); 381 } 382 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 383 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 384 VerificationType::bogus_type()); 385 } 386 387 void TypeOrigin::reset_frame() { 388 if (_frame != NULL) { 389 _frame->restore(); 390 } 391 } 392 393 void TypeOrigin::details(outputStream* ss) const { 394 _type.print_on(ss); 395 switch (_origin) { 396 case CF_LOCALS: 397 ss->print(" (current frame, locals[%d])", _index); 398 break; 399 case CF_STACK: 400 ss->print(" (current frame, stack[%d])", _index); 401 break; 402 case SM_LOCALS: 403 ss->print(" (stack map, locals[%d])", _index); 404 break; 405 case SM_STACK: 406 ss->print(" (stack map, stack[%d])", _index); 407 break; 408 case CONST_POOL: 409 ss->print(" (constant pool %d)", _index); 410 break; 411 case SIG: 412 ss->print(" (from method signature)"); 413 break; 414 case IMPLICIT: 415 case FRAME_ONLY: 416 case NONE: 417 default: 418 ; 419 } 420 } 421 422 #ifdef ASSERT 423 void TypeOrigin::print_on(outputStream* str) const { 424 str->print("{%d,%d,%p:", _origin, _index, _frame); 425 if (_frame != NULL) { 426 _frame->print_on(str); 427 } else { 428 str->print("null"); 429 } 430 str->print(","); 431 _type.print_on(str); 432 str->print("}"); 433 } 434 #endif 435 436 void ErrorContext::details(outputStream* ss, const Method* method) const { 437 if (is_valid()) { 438 ss->cr(); 439 ss->print_cr("Exception Details:"); 440 location_details(ss, method); 441 reason_details(ss); 442 frame_details(ss); 443 bytecode_details(ss, method); 444 handler_details(ss, method); 445 stackmap_details(ss, method); 446 } 447 } 448 449 void ErrorContext::reason_details(outputStream* ss) const { 450 streamIndentor si(ss); 451 ss->indent().print_cr("Reason:"); 452 streamIndentor si2(ss); 453 ss->indent().print("%s", ""); 454 switch (_fault) { 455 case INVALID_BYTECODE: 456 ss->print("Error exists in the bytecode"); 457 break; 458 case WRONG_TYPE: 459 if (_expected.is_valid()) { 460 ss->print("Type "); 461 _type.details(ss); 462 ss->print(" is not assignable to "); 463 _expected.details(ss); 464 } else { 465 ss->print("Invalid type: "); 466 _type.details(ss); 467 } 468 break; 469 case FLAGS_MISMATCH: 470 if (_expected.is_valid()) { 471 ss->print("Current frame's flags are not assignable " 472 "to stack map frame's."); 473 } else { 474 ss->print("Current frame's flags are invalid in this context."); 475 } 476 break; 477 case BAD_CP_INDEX: 478 ss->print("Constant pool index %d is invalid", _type.index()); 479 break; 480 case BAD_LOCAL_INDEX: 481 ss->print("Local index %d is invalid", _type.index()); 482 break; 483 case LOCALS_SIZE_MISMATCH: 484 ss->print("Current frame's local size doesn't match stackmap."); 485 break; 486 case STACK_SIZE_MISMATCH: 487 ss->print("Current frame's stack size doesn't match stackmap."); 488 break; 489 case STACK_OVERFLOW: 490 ss->print("Exceeded max stack size."); 491 break; 492 case STACK_UNDERFLOW: 493 ss->print("Attempt to pop empty stack."); 494 break; 495 case MISSING_STACKMAP: 496 ss->print("Expected stackmap frame at this location."); 497 break; 498 case BAD_STACKMAP: 499 ss->print("Invalid stackmap specification."); 500 break; 501 case UNKNOWN: 502 default: 503 ShouldNotReachHere(); 504 ss->print_cr("Unknown"); 505 } 506 ss->cr(); 507 } 508 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 510 if (_bci != -1 && method != NULL) { 511 streamIndentor si(ss); 512 const char* bytecode_name = "<invalid>"; 513 if (method->validate_bci(_bci) != -1) { 514 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 515 if (Bytecodes::is_defined(code)) { 516 bytecode_name = Bytecodes::name(code); 517 } else { 518 bytecode_name = "<illegal>"; 519 } 520 } 521 InstanceKlass* ik = method->method_holder(); 522 ss->indent().print_cr("Location:"); 523 streamIndentor si2(ss); 524 ss->indent().print_cr("%s.%s%s @%d: %s", 525 ik->name()->as_C_string(), method->name()->as_C_string(), 526 method->signature()->as_C_string(), _bci, bytecode_name); 527 } 528 } 529 530 void ErrorContext::frame_details(outputStream* ss) const { 531 streamIndentor si(ss); 532 if (_type.is_valid() && _type.frame() != NULL) { 533 ss->indent().print_cr("Current Frame:"); 534 streamIndentor si2(ss); 535 _type.frame()->print_on(ss); 536 } 537 if (_expected.is_valid() && _expected.frame() != NULL) { 538 ss->indent().print_cr("Stackmap Frame:"); 539 streamIndentor si2(ss); 540 _expected.frame()->print_on(ss); 541 } 542 } 543 544 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 545 if (method != NULL) { 546 streamIndentor si(ss); 547 ss->indent().print_cr("Bytecode:"); 548 streamIndentor si2(ss); 549 ss->print_data(method->code_base(), method->code_size(), false); 550 } 551 } 552 553 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 554 if (method != NULL) { 555 streamIndentor si(ss); 556 ExceptionTable table(method); 557 if (table.length() > 0) { 558 ss->indent().print_cr("Exception Handler Table:"); 559 streamIndentor si2(ss); 560 for (int i = 0; i < table.length(); ++i) { 561 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 562 table.end_pc(i), table.handler_pc(i)); 563 } 564 } 565 } 566 } 567 568 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 569 if (method != NULL && method->has_stackmap_table()) { 570 streamIndentor si(ss); 571 ss->indent().print_cr("Stackmap Table:"); 572 Array<u1>* data = method->stackmap_data(); 573 stack_map_table* sm_table = 574 stack_map_table::at((address)data->adr_at(0)); 575 stack_map_frame* sm_frame = sm_table->entries(); 576 streamIndentor si2(ss); 577 int current_offset = -1; 578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 580 ss->indent(); 581 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 582 sm_frame->print_truncated(ss, current_offset); 583 return; 584 } 585 sm_frame->print_on(ss, current_offset); 586 ss->cr(); 587 current_offset += sm_frame->offset_delta(); 588 sm_frame = sm_frame->next(); 589 } 590 } 591 } 592 593 // Methods in ClassVerifier 594 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 596 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL), 597 _message(NULL), _method_signatures_table(NULL), _klass(klass) { 598 _this_type = VerificationType::reference_type(klass->name()); 599 } 600 601 ClassVerifier::~ClassVerifier() { 602 // Decrement the reference count for any symbols created. 603 if (_symbols != NULL) { 604 for (int i = 0; i < _symbols->length(); i++) { 605 Symbol* s = _symbols->at(i); 606 s->decrement_refcount(); 607 } 608 } 609 } 610 611 VerificationType ClassVerifier::object_type() const { 612 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 613 } 614 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 616 VerificationType vt = VerificationType::reference_type( 617 create_temporary_symbol(sig, (int)strlen(sig))); 618 return TypeOrigin::implicit(vt); 619 } 620 621 622 void ClassVerifier::verify_class(TRAPS) { 623 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 624 625 // Either verifying both local and remote classes or just remote classes. 626 assert(BytecodeVerificationRemote, "Should not be here"); 627 628 // Create hash table containing method signatures. 629 method_signatures_table_type method_signatures_table; 630 set_method_signatures_table(&method_signatures_table); 631 632 Array<Method*>* methods = _klass->methods(); 633 int num_methods = methods->length(); 634 635 for (int index = 0; index < num_methods; index++) { 636 // Check for recursive re-verification before each method. 637 if (was_recursively_verified()) return; 638 639 Method* m = methods->at(index); 640 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 641 // If m is native or abstract, skip it. It is checked in class file 642 // parser that methods do not override a final method. Overpass methods 643 // are trusted since the VM generates them. 644 continue; 645 } 646 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 647 } 648 649 if (was_recursively_verified()){ 650 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 651 log_info(class, init)("Recursive verification detected for: %s", 652 _klass->external_name()); 653 } 654 } 655 656 // Translate the signature entries into verification types and save them in 657 // the growable array. Also, save the count of arguments. 658 void ClassVerifier::translate_signature(Symbol* const method_sig, 659 sig_as_verification_types* sig_verif_types) { 660 SignatureStream sig_stream(method_sig); 661 VerificationType sig_type[2]; 662 int sig_i = 0; 663 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 664 665 // Translate the signature arguments into verification types. 666 while (!sig_stream.at_return_type()) { 667 int n = change_sig_to_verificationType(&sig_stream, sig_type); 668 assert(n <= 2, "Unexpected signature type"); 669 670 // Store verification type(s). Longs and Doubles each have two verificationTypes. 671 for (int x = 0; x < n; x++) { 672 verif_types->push(sig_type[x]); 673 } 674 sig_i += n; 675 sig_stream.next(); 676 } 677 678 // Set final arg count, not including the return type. The final arg count will 679 // be compared with sig_verify_types' length to see if there is a return type. 680 sig_verif_types->set_num_args(sig_i); 681 682 // Store verification type(s) for the return type, if there is one. 683 if (sig_stream.type() != T_VOID) { 684 int n = change_sig_to_verificationType(&sig_stream, sig_type); 685 assert(n <= 2, "Unexpected signature return type"); 686 for (int y = 0; y < n; y++) { 687 verif_types->push(sig_type[y]); 688 } 689 } 690 } 691 692 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 693 int sig_index) { 694 // Translate the signature into verification types. 695 ConstantPool* cp = _klass->constants(); 696 Symbol* const method_sig = cp->symbol_at(sig_index); 697 translate_signature(method_sig, sig_verif_types); 698 699 // Add the list of this signature's verification types to the table. 700 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 701 assert(is_unique, "Duplicate entries in method_signature_table"); 702 } 703 704 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 705 HandleMark hm(THREAD); 706 _method = m; // initialize _method 707 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 708 709 // For clang, the only good constant format string is a literal constant format string. 710 #define bad_type_msg "Bad type on operand stack in %s" 711 712 int32_t max_stack = m->verifier_max_stack(); 713 int32_t max_locals = m->max_locals(); 714 constantPoolHandle cp(THREAD, m->constants()); 715 716 // Method signature was checked in ClassFileParser. 717 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 718 "Invalid method signature"); 719 720 // Initial stack map frame: offset is 0, stack is initially empty. 721 StackMapFrame current_frame(max_locals, max_stack, this); 722 // Set initial locals 723 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 724 725 int32_t stackmap_index = 0; // index to the stackmap array 726 727 u4 code_length = m->code_size(); 728 729 // Scan the bytecode and map each instruction's start offset to a number. 730 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 731 732 int ex_min = code_length; 733 int ex_max = -1; 734 // Look through each item on the exception table. Each of the fields must refer 735 // to a legal instruction. 736 if (was_recursively_verified()) return; 737 verify_exception_handler_table( 738 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 739 740 // Look through each entry on the local variable table and make sure 741 // its range of code array offsets is valid. (4169817) 742 if (m->has_localvariable_table()) { 743 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 744 } 745 746 Array<u1>* stackmap_data = m->stackmap_data(); 747 StackMapStream stream(stackmap_data); 748 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 749 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 750 code_data, code_length, CHECK_VERIFY(this)); 751 752 LogTarget(Debug, verification) lt; 753 if (lt.is_enabled()) { 754 ResourceMark rm(THREAD); 755 LogStream ls(lt); 756 stackmap_table.print_on(&ls); 757 } 758 759 RawBytecodeStream bcs(m); 760 761 // Scan the byte code linearly from the start to the end 762 bool no_control_flow = false; // Set to true when there is no direct control 763 // flow from current instruction to the next 764 // instruction in sequence 765 766 Bytecodes::Code opcode; 767 while (!bcs.is_last_bytecode()) { 768 // Check for recursive re-verification before each bytecode. 769 if (was_recursively_verified()) return; 770 771 opcode = bcs.raw_next(); 772 u2 bci = bcs.bci(); 773 774 // Set current frame's offset to bci 775 current_frame.set_offset(bci); 776 current_frame.set_mark(); 777 778 // Make sure every offset in stackmap table point to the beginning to 779 // an instruction. Match current_frame to stackmap_table entry with 780 // the same offset if exists. 781 stackmap_index = verify_stackmap_table( 782 stackmap_index, bci, ¤t_frame, &stackmap_table, 783 no_control_flow, CHECK_VERIFY(this)); 784 785 786 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 787 bool verified_exc_handlers = false; 788 789 // Merge with the next instruction 790 { 791 u2 index; 792 int target; 793 VerificationType type, type2; 794 VerificationType atype; 795 796 LogTarget(Debug, verification) lt; 797 if (lt.is_enabled()) { 798 ResourceMark rm(THREAD); 799 LogStream ls(lt); 800 current_frame.print_on(&ls); 801 lt.print("offset = %d, opcode = %s", bci, 802 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 803 } 804 805 // Make sure wide instruction is in correct format 806 if (bcs.is_wide()) { 807 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 808 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 809 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 810 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 811 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 812 opcode != Bytecodes::_dstore) { 813 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 814 * if we encounter a wide instruction that modifies an invalid 815 * opcode (not one of the ones listed above) */ 816 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 817 return; 818 } 819 } 820 821 // Look for possible jump target in exception handlers and see if it 822 // matches current_frame. Do this check here for astore*, dstore*, 823 // fstore*, istore*, and lstore* opcodes because they can change the type 824 // state by adding a local. JVM Spec says that the incoming type state 825 // should be used for this check. So, do the check here before a possible 826 // local is added to the type state. 827 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 828 if (was_recursively_verified()) return; 829 verify_exception_handler_targets( 830 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 831 verified_exc_handlers = true; 832 } 833 834 if (was_recursively_verified()) return; 835 836 switch (opcode) { 837 case Bytecodes::_nop : 838 no_control_flow = false; break; 839 case Bytecodes::_aconst_null : 840 current_frame.push_stack( 841 VerificationType::null_type(), CHECK_VERIFY(this)); 842 no_control_flow = false; break; 843 case Bytecodes::_iconst_m1 : 844 case Bytecodes::_iconst_0 : 845 case Bytecodes::_iconst_1 : 846 case Bytecodes::_iconst_2 : 847 case Bytecodes::_iconst_3 : 848 case Bytecodes::_iconst_4 : 849 case Bytecodes::_iconst_5 : 850 current_frame.push_stack( 851 VerificationType::integer_type(), CHECK_VERIFY(this)); 852 no_control_flow = false; break; 853 case Bytecodes::_lconst_0 : 854 case Bytecodes::_lconst_1 : 855 current_frame.push_stack_2( 856 VerificationType::long_type(), 857 VerificationType::long2_type(), CHECK_VERIFY(this)); 858 no_control_flow = false; break; 859 case Bytecodes::_fconst_0 : 860 case Bytecodes::_fconst_1 : 861 case Bytecodes::_fconst_2 : 862 current_frame.push_stack( 863 VerificationType::float_type(), CHECK_VERIFY(this)); 864 no_control_flow = false; break; 865 case Bytecodes::_dconst_0 : 866 case Bytecodes::_dconst_1 : 867 current_frame.push_stack_2( 868 VerificationType::double_type(), 869 VerificationType::double2_type(), CHECK_VERIFY(this)); 870 no_control_flow = false; break; 871 case Bytecodes::_sipush : 872 case Bytecodes::_bipush : 873 current_frame.push_stack( 874 VerificationType::integer_type(), CHECK_VERIFY(this)); 875 no_control_flow = false; break; 876 case Bytecodes::_ldc : 877 verify_ldc( 878 opcode, bcs.get_index_u1(), ¤t_frame, 879 cp, bci, CHECK_VERIFY(this)); 880 no_control_flow = false; break; 881 case Bytecodes::_ldc_w : 882 case Bytecodes::_ldc2_w : 883 verify_ldc( 884 opcode, bcs.get_index_u2(), ¤t_frame, 885 cp, bci, CHECK_VERIFY(this)); 886 no_control_flow = false; break; 887 case Bytecodes::_iload : 888 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 889 no_control_flow = false; break; 890 case Bytecodes::_iload_0 : 891 case Bytecodes::_iload_1 : 892 case Bytecodes::_iload_2 : 893 case Bytecodes::_iload_3 : 894 index = opcode - Bytecodes::_iload_0; 895 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 896 no_control_flow = false; break; 897 case Bytecodes::_lload : 898 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_lload_0 : 901 case Bytecodes::_lload_1 : 902 case Bytecodes::_lload_2 : 903 case Bytecodes::_lload_3 : 904 index = opcode - Bytecodes::_lload_0; 905 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 906 no_control_flow = false; break; 907 case Bytecodes::_fload : 908 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 909 no_control_flow = false; break; 910 case Bytecodes::_fload_0 : 911 case Bytecodes::_fload_1 : 912 case Bytecodes::_fload_2 : 913 case Bytecodes::_fload_3 : 914 index = opcode - Bytecodes::_fload_0; 915 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 916 no_control_flow = false; break; 917 case Bytecodes::_dload : 918 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 919 no_control_flow = false; break; 920 case Bytecodes::_dload_0 : 921 case Bytecodes::_dload_1 : 922 case Bytecodes::_dload_2 : 923 case Bytecodes::_dload_3 : 924 index = opcode - Bytecodes::_dload_0; 925 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_aload : 928 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 929 no_control_flow = false; break; 930 case Bytecodes::_aload_0 : 931 case Bytecodes::_aload_1 : 932 case Bytecodes::_aload_2 : 933 case Bytecodes::_aload_3 : 934 index = opcode - Bytecodes::_aload_0; 935 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 936 no_control_flow = false; break; 937 case Bytecodes::_iaload : 938 type = current_frame.pop_stack( 939 VerificationType::integer_type(), CHECK_VERIFY(this)); 940 atype = current_frame.pop_stack( 941 VerificationType::reference_check(), CHECK_VERIFY(this)); 942 if (!atype.is_int_array()) { 943 verify_error(ErrorContext::bad_type(bci, 944 current_frame.stack_top_ctx(), ref_ctx("[I")), 945 bad_type_msg, "iaload"); 946 return; 947 } 948 current_frame.push_stack( 949 VerificationType::integer_type(), CHECK_VERIFY(this)); 950 no_control_flow = false; break; 951 case Bytecodes::_baload : 952 type = current_frame.pop_stack( 953 VerificationType::integer_type(), CHECK_VERIFY(this)); 954 atype = current_frame.pop_stack( 955 VerificationType::reference_check(), CHECK_VERIFY(this)); 956 if (!atype.is_bool_array() && !atype.is_byte_array()) { 957 verify_error( 958 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 959 bad_type_msg, "baload"); 960 return; 961 } 962 current_frame.push_stack( 963 VerificationType::integer_type(), CHECK_VERIFY(this)); 964 no_control_flow = false; break; 965 case Bytecodes::_caload : 966 type = current_frame.pop_stack( 967 VerificationType::integer_type(), CHECK_VERIFY(this)); 968 atype = current_frame.pop_stack( 969 VerificationType::reference_check(), CHECK_VERIFY(this)); 970 if (!atype.is_char_array()) { 971 verify_error(ErrorContext::bad_type(bci, 972 current_frame.stack_top_ctx(), ref_ctx("[C")), 973 bad_type_msg, "caload"); 974 return; 975 } 976 current_frame.push_stack( 977 VerificationType::integer_type(), CHECK_VERIFY(this)); 978 no_control_flow = false; break; 979 case Bytecodes::_saload : 980 type = current_frame.pop_stack( 981 VerificationType::integer_type(), CHECK_VERIFY(this)); 982 atype = current_frame.pop_stack( 983 VerificationType::reference_check(), CHECK_VERIFY(this)); 984 if (!atype.is_short_array()) { 985 verify_error(ErrorContext::bad_type(bci, 986 current_frame.stack_top_ctx(), ref_ctx("[S")), 987 bad_type_msg, "saload"); 988 return; 989 } 990 current_frame.push_stack( 991 VerificationType::integer_type(), CHECK_VERIFY(this)); 992 no_control_flow = false; break; 993 case Bytecodes::_laload : 994 type = current_frame.pop_stack( 995 VerificationType::integer_type(), CHECK_VERIFY(this)); 996 atype = current_frame.pop_stack( 997 VerificationType::reference_check(), CHECK_VERIFY(this)); 998 if (!atype.is_long_array()) { 999 verify_error(ErrorContext::bad_type(bci, 1000 current_frame.stack_top_ctx(), ref_ctx("[J")), 1001 bad_type_msg, "laload"); 1002 return; 1003 } 1004 current_frame.push_stack_2( 1005 VerificationType::long_type(), 1006 VerificationType::long2_type(), CHECK_VERIFY(this)); 1007 no_control_flow = false; break; 1008 case Bytecodes::_faload : 1009 type = current_frame.pop_stack( 1010 VerificationType::integer_type(), CHECK_VERIFY(this)); 1011 atype = current_frame.pop_stack( 1012 VerificationType::reference_check(), CHECK_VERIFY(this)); 1013 if (!atype.is_float_array()) { 1014 verify_error(ErrorContext::bad_type(bci, 1015 current_frame.stack_top_ctx(), ref_ctx("[F")), 1016 bad_type_msg, "faload"); 1017 return; 1018 } 1019 current_frame.push_stack( 1020 VerificationType::float_type(), CHECK_VERIFY(this)); 1021 no_control_flow = false; break; 1022 case Bytecodes::_daload : 1023 type = current_frame.pop_stack( 1024 VerificationType::integer_type(), CHECK_VERIFY(this)); 1025 atype = current_frame.pop_stack( 1026 VerificationType::reference_check(), CHECK_VERIFY(this)); 1027 if (!atype.is_double_array()) { 1028 verify_error(ErrorContext::bad_type(bci, 1029 current_frame.stack_top_ctx(), ref_ctx("[D")), 1030 bad_type_msg, "daload"); 1031 return; 1032 } 1033 current_frame.push_stack_2( 1034 VerificationType::double_type(), 1035 VerificationType::double2_type(), CHECK_VERIFY(this)); 1036 no_control_flow = false; break; 1037 case Bytecodes::_aaload : { 1038 type = current_frame.pop_stack( 1039 VerificationType::integer_type(), CHECK_VERIFY(this)); 1040 atype = current_frame.pop_stack( 1041 VerificationType::reference_check(), CHECK_VERIFY(this)); 1042 if (!atype.is_reference_array()) { 1043 verify_error(ErrorContext::bad_type(bci, 1044 current_frame.stack_top_ctx(), 1045 TypeOrigin::implicit(VerificationType::reference_check())), 1046 bad_type_msg, "aaload"); 1047 return; 1048 } 1049 if (atype.is_null()) { 1050 current_frame.push_stack( 1051 VerificationType::null_type(), CHECK_VERIFY(this)); 1052 } else { 1053 VerificationType component = atype.get_component(this); 1054 current_frame.push_stack(component, CHECK_VERIFY(this)); 1055 } 1056 no_control_flow = false; break; 1057 } 1058 case Bytecodes::_istore : 1059 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1060 no_control_flow = false; break; 1061 case Bytecodes::_istore_0 : 1062 case Bytecodes::_istore_1 : 1063 case Bytecodes::_istore_2 : 1064 case Bytecodes::_istore_3 : 1065 index = opcode - Bytecodes::_istore_0; 1066 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1067 no_control_flow = false; break; 1068 case Bytecodes::_lstore : 1069 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1070 no_control_flow = false; break; 1071 case Bytecodes::_lstore_0 : 1072 case Bytecodes::_lstore_1 : 1073 case Bytecodes::_lstore_2 : 1074 case Bytecodes::_lstore_3 : 1075 index = opcode - Bytecodes::_lstore_0; 1076 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1077 no_control_flow = false; break; 1078 case Bytecodes::_fstore : 1079 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1080 no_control_flow = false; break; 1081 case Bytecodes::_fstore_0 : 1082 case Bytecodes::_fstore_1 : 1083 case Bytecodes::_fstore_2 : 1084 case Bytecodes::_fstore_3 : 1085 index = opcode - Bytecodes::_fstore_0; 1086 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1087 no_control_flow = false; break; 1088 case Bytecodes::_dstore : 1089 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1090 no_control_flow = false; break; 1091 case Bytecodes::_dstore_0 : 1092 case Bytecodes::_dstore_1 : 1093 case Bytecodes::_dstore_2 : 1094 case Bytecodes::_dstore_3 : 1095 index = opcode - Bytecodes::_dstore_0; 1096 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1097 no_control_flow = false; break; 1098 case Bytecodes::_astore : 1099 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1100 no_control_flow = false; break; 1101 case Bytecodes::_astore_0 : 1102 case Bytecodes::_astore_1 : 1103 case Bytecodes::_astore_2 : 1104 case Bytecodes::_astore_3 : 1105 index = opcode - Bytecodes::_astore_0; 1106 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1107 no_control_flow = false; break; 1108 case Bytecodes::_iastore : 1109 type = current_frame.pop_stack( 1110 VerificationType::integer_type(), CHECK_VERIFY(this)); 1111 type2 = current_frame.pop_stack( 1112 VerificationType::integer_type(), CHECK_VERIFY(this)); 1113 atype = current_frame.pop_stack( 1114 VerificationType::reference_check(), CHECK_VERIFY(this)); 1115 if (!atype.is_int_array()) { 1116 verify_error(ErrorContext::bad_type(bci, 1117 current_frame.stack_top_ctx(), ref_ctx("[I")), 1118 bad_type_msg, "iastore"); 1119 return; 1120 } 1121 no_control_flow = false; break; 1122 case Bytecodes::_bastore : 1123 type = current_frame.pop_stack( 1124 VerificationType::integer_type(), CHECK_VERIFY(this)); 1125 type2 = current_frame.pop_stack( 1126 VerificationType::integer_type(), CHECK_VERIFY(this)); 1127 atype = current_frame.pop_stack( 1128 VerificationType::reference_check(), CHECK_VERIFY(this)); 1129 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1130 verify_error( 1131 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1132 bad_type_msg, "bastore"); 1133 return; 1134 } 1135 no_control_flow = false; break; 1136 case Bytecodes::_castore : 1137 current_frame.pop_stack( 1138 VerificationType::integer_type(), CHECK_VERIFY(this)); 1139 current_frame.pop_stack( 1140 VerificationType::integer_type(), CHECK_VERIFY(this)); 1141 atype = current_frame.pop_stack( 1142 VerificationType::reference_check(), CHECK_VERIFY(this)); 1143 if (!atype.is_char_array()) { 1144 verify_error(ErrorContext::bad_type(bci, 1145 current_frame.stack_top_ctx(), ref_ctx("[C")), 1146 bad_type_msg, "castore"); 1147 return; 1148 } 1149 no_control_flow = false; break; 1150 case Bytecodes::_sastore : 1151 current_frame.pop_stack( 1152 VerificationType::integer_type(), CHECK_VERIFY(this)); 1153 current_frame.pop_stack( 1154 VerificationType::integer_type(), CHECK_VERIFY(this)); 1155 atype = current_frame.pop_stack( 1156 VerificationType::reference_check(), CHECK_VERIFY(this)); 1157 if (!atype.is_short_array()) { 1158 verify_error(ErrorContext::bad_type(bci, 1159 current_frame.stack_top_ctx(), ref_ctx("[S")), 1160 bad_type_msg, "sastore"); 1161 return; 1162 } 1163 no_control_flow = false; break; 1164 case Bytecodes::_lastore : 1165 current_frame.pop_stack_2( 1166 VerificationType::long2_type(), 1167 VerificationType::long_type(), CHECK_VERIFY(this)); 1168 current_frame.pop_stack( 1169 VerificationType::integer_type(), CHECK_VERIFY(this)); 1170 atype = current_frame.pop_stack( 1171 VerificationType::reference_check(), CHECK_VERIFY(this)); 1172 if (!atype.is_long_array()) { 1173 verify_error(ErrorContext::bad_type(bci, 1174 current_frame.stack_top_ctx(), ref_ctx("[J")), 1175 bad_type_msg, "lastore"); 1176 return; 1177 } 1178 no_control_flow = false; break; 1179 case Bytecodes::_fastore : 1180 current_frame.pop_stack( 1181 VerificationType::float_type(), CHECK_VERIFY(this)); 1182 current_frame.pop_stack 1183 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1184 atype = current_frame.pop_stack( 1185 VerificationType::reference_check(), CHECK_VERIFY(this)); 1186 if (!atype.is_float_array()) { 1187 verify_error(ErrorContext::bad_type(bci, 1188 current_frame.stack_top_ctx(), ref_ctx("[F")), 1189 bad_type_msg, "fastore"); 1190 return; 1191 } 1192 no_control_flow = false; break; 1193 case Bytecodes::_dastore : 1194 current_frame.pop_stack_2( 1195 VerificationType::double2_type(), 1196 VerificationType::double_type(), CHECK_VERIFY(this)); 1197 current_frame.pop_stack( 1198 VerificationType::integer_type(), CHECK_VERIFY(this)); 1199 atype = current_frame.pop_stack( 1200 VerificationType::reference_check(), CHECK_VERIFY(this)); 1201 if (!atype.is_double_array()) { 1202 verify_error(ErrorContext::bad_type(bci, 1203 current_frame.stack_top_ctx(), ref_ctx("[D")), 1204 bad_type_msg, "dastore"); 1205 return; 1206 } 1207 no_control_flow = false; break; 1208 case Bytecodes::_aastore : 1209 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1210 type2 = current_frame.pop_stack( 1211 VerificationType::integer_type(), CHECK_VERIFY(this)); 1212 atype = current_frame.pop_stack( 1213 VerificationType::reference_check(), CHECK_VERIFY(this)); 1214 // more type-checking is done at runtime 1215 if (!atype.is_reference_array()) { 1216 verify_error(ErrorContext::bad_type(bci, 1217 current_frame.stack_top_ctx(), 1218 TypeOrigin::implicit(VerificationType::reference_check())), 1219 bad_type_msg, "aastore"); 1220 return; 1221 } 1222 // 4938384: relaxed constraint in JVMS 3nd edition. 1223 no_control_flow = false; break; 1224 case Bytecodes::_pop : 1225 current_frame.pop_stack( 1226 VerificationType::category1_check(), CHECK_VERIFY(this)); 1227 no_control_flow = false; break; 1228 case Bytecodes::_pop2 : 1229 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1230 if (type.is_category1()) { 1231 current_frame.pop_stack( 1232 VerificationType::category1_check(), CHECK_VERIFY(this)); 1233 } else if (type.is_category2_2nd()) { 1234 current_frame.pop_stack( 1235 VerificationType::category2_check(), CHECK_VERIFY(this)); 1236 } else { 1237 /* Unreachable? Would need a category2_1st on TOS 1238 * which does not appear possible. */ 1239 verify_error( 1240 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1241 bad_type_msg, "pop2"); 1242 return; 1243 } 1244 no_control_flow = false; break; 1245 case Bytecodes::_dup : 1246 type = current_frame.pop_stack( 1247 VerificationType::category1_check(), CHECK_VERIFY(this)); 1248 current_frame.push_stack(type, CHECK_VERIFY(this)); 1249 current_frame.push_stack(type, CHECK_VERIFY(this)); 1250 no_control_flow = false; break; 1251 case Bytecodes::_dup_x1 : 1252 type = current_frame.pop_stack( 1253 VerificationType::category1_check(), CHECK_VERIFY(this)); 1254 type2 = current_frame.pop_stack( 1255 VerificationType::category1_check(), CHECK_VERIFY(this)); 1256 current_frame.push_stack(type, CHECK_VERIFY(this)); 1257 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1258 current_frame.push_stack(type, CHECK_VERIFY(this)); 1259 no_control_flow = false; break; 1260 case Bytecodes::_dup_x2 : 1261 { 1262 VerificationType type3; 1263 type = current_frame.pop_stack( 1264 VerificationType::category1_check(), CHECK_VERIFY(this)); 1265 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1266 if (type2.is_category1()) { 1267 type3 = current_frame.pop_stack( 1268 VerificationType::category1_check(), CHECK_VERIFY(this)); 1269 } else if (type2.is_category2_2nd()) { 1270 type3 = current_frame.pop_stack( 1271 VerificationType::category2_check(), CHECK_VERIFY(this)); 1272 } else { 1273 /* Unreachable? Would need a category2_1st at stack depth 2 with 1274 * a category1 on TOS which does not appear possible. */ 1275 verify_error(ErrorContext::bad_type( 1276 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1277 return; 1278 } 1279 current_frame.push_stack(type, CHECK_VERIFY(this)); 1280 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1281 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1282 current_frame.push_stack(type, CHECK_VERIFY(this)); 1283 no_control_flow = false; break; 1284 } 1285 case Bytecodes::_dup2 : 1286 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1287 if (type.is_category1()) { 1288 type2 = current_frame.pop_stack( 1289 VerificationType::category1_check(), CHECK_VERIFY(this)); 1290 } else if (type.is_category2_2nd()) { 1291 type2 = current_frame.pop_stack( 1292 VerificationType::category2_check(), CHECK_VERIFY(this)); 1293 } else { 1294 /* Unreachable? Would need a category2_1st on TOS which does not 1295 * appear possible. */ 1296 verify_error( 1297 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1298 bad_type_msg, "dup2"); 1299 return; 1300 } 1301 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1302 current_frame.push_stack(type, CHECK_VERIFY(this)); 1303 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1304 current_frame.push_stack(type, CHECK_VERIFY(this)); 1305 no_control_flow = false; break; 1306 case Bytecodes::_dup2_x1 : 1307 { 1308 VerificationType type3; 1309 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1310 if (type.is_category1()) { 1311 type2 = current_frame.pop_stack( 1312 VerificationType::category1_check(), CHECK_VERIFY(this)); 1313 } else if (type.is_category2_2nd()) { 1314 type2 = current_frame.pop_stack( 1315 VerificationType::category2_check(), CHECK_VERIFY(this)); 1316 } else { 1317 /* Unreachable? Would need a category2_1st on TOS which does 1318 * not appear possible. */ 1319 verify_error( 1320 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1321 bad_type_msg, "dup2_x1"); 1322 return; 1323 } 1324 type3 = current_frame.pop_stack( 1325 VerificationType::category1_check(), CHECK_VERIFY(this)); 1326 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1327 current_frame.push_stack(type, CHECK_VERIFY(this)); 1328 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1329 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1330 current_frame.push_stack(type, CHECK_VERIFY(this)); 1331 no_control_flow = false; break; 1332 } 1333 case Bytecodes::_dup2_x2 : 1334 { 1335 VerificationType type3, type4; 1336 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1337 if (type.is_category1()) { 1338 type2 = current_frame.pop_stack( 1339 VerificationType::category1_check(), CHECK_VERIFY(this)); 1340 } else if (type.is_category2_2nd()) { 1341 type2 = current_frame.pop_stack( 1342 VerificationType::category2_check(), CHECK_VERIFY(this)); 1343 } else { 1344 /* Unreachable? Would need a category2_1st on TOS which does 1345 * not appear possible. */ 1346 verify_error( 1347 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1348 bad_type_msg, "dup2_x2"); 1349 return; 1350 } 1351 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1352 if (type3.is_category1()) { 1353 type4 = current_frame.pop_stack( 1354 VerificationType::category1_check(), CHECK_VERIFY(this)); 1355 } else if (type3.is_category2_2nd()) { 1356 type4 = current_frame.pop_stack( 1357 VerificationType::category2_check(), CHECK_VERIFY(this)); 1358 } else { 1359 /* Unreachable? Would need a category2_1st on TOS after popping 1360 * a long/double or two category 1's, which does not 1361 * appear possible. */ 1362 verify_error( 1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1364 bad_type_msg, "dup2_x2"); 1365 return; 1366 } 1367 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1368 current_frame.push_stack(type, CHECK_VERIFY(this)); 1369 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1370 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1371 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1372 current_frame.push_stack(type, CHECK_VERIFY(this)); 1373 no_control_flow = false; break; 1374 } 1375 case Bytecodes::_swap : 1376 type = current_frame.pop_stack( 1377 VerificationType::category1_check(), CHECK_VERIFY(this)); 1378 type2 = current_frame.pop_stack( 1379 VerificationType::category1_check(), CHECK_VERIFY(this)); 1380 current_frame.push_stack(type, CHECK_VERIFY(this)); 1381 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1382 no_control_flow = false; break; 1383 case Bytecodes::_iadd : 1384 case Bytecodes::_isub : 1385 case Bytecodes::_imul : 1386 case Bytecodes::_idiv : 1387 case Bytecodes::_irem : 1388 case Bytecodes::_ishl : 1389 case Bytecodes::_ishr : 1390 case Bytecodes::_iushr : 1391 case Bytecodes::_ior : 1392 case Bytecodes::_ixor : 1393 case Bytecodes::_iand : 1394 current_frame.pop_stack( 1395 VerificationType::integer_type(), CHECK_VERIFY(this)); 1396 // fall through 1397 case Bytecodes::_ineg : 1398 current_frame.pop_stack( 1399 VerificationType::integer_type(), CHECK_VERIFY(this)); 1400 current_frame.push_stack( 1401 VerificationType::integer_type(), CHECK_VERIFY(this)); 1402 no_control_flow = false; break; 1403 case Bytecodes::_ladd : 1404 case Bytecodes::_lsub : 1405 case Bytecodes::_lmul : 1406 case Bytecodes::_ldiv : 1407 case Bytecodes::_lrem : 1408 case Bytecodes::_land : 1409 case Bytecodes::_lor : 1410 case Bytecodes::_lxor : 1411 current_frame.pop_stack_2( 1412 VerificationType::long2_type(), 1413 VerificationType::long_type(), CHECK_VERIFY(this)); 1414 // fall through 1415 case Bytecodes::_lneg : 1416 current_frame.pop_stack_2( 1417 VerificationType::long2_type(), 1418 VerificationType::long_type(), CHECK_VERIFY(this)); 1419 current_frame.push_stack_2( 1420 VerificationType::long_type(), 1421 VerificationType::long2_type(), CHECK_VERIFY(this)); 1422 no_control_flow = false; break; 1423 case Bytecodes::_lshl : 1424 case Bytecodes::_lshr : 1425 case Bytecodes::_lushr : 1426 current_frame.pop_stack( 1427 VerificationType::integer_type(), CHECK_VERIFY(this)); 1428 current_frame.pop_stack_2( 1429 VerificationType::long2_type(), 1430 VerificationType::long_type(), CHECK_VERIFY(this)); 1431 current_frame.push_stack_2( 1432 VerificationType::long_type(), 1433 VerificationType::long2_type(), CHECK_VERIFY(this)); 1434 no_control_flow = false; break; 1435 case Bytecodes::_fadd : 1436 case Bytecodes::_fsub : 1437 case Bytecodes::_fmul : 1438 case Bytecodes::_fdiv : 1439 case Bytecodes::_frem : 1440 current_frame.pop_stack( 1441 VerificationType::float_type(), CHECK_VERIFY(this)); 1442 // fall through 1443 case Bytecodes::_fneg : 1444 current_frame.pop_stack( 1445 VerificationType::float_type(), CHECK_VERIFY(this)); 1446 current_frame.push_stack( 1447 VerificationType::float_type(), CHECK_VERIFY(this)); 1448 no_control_flow = false; break; 1449 case Bytecodes::_dadd : 1450 case Bytecodes::_dsub : 1451 case Bytecodes::_dmul : 1452 case Bytecodes::_ddiv : 1453 case Bytecodes::_drem : 1454 current_frame.pop_stack_2( 1455 VerificationType::double2_type(), 1456 VerificationType::double_type(), CHECK_VERIFY(this)); 1457 // fall through 1458 case Bytecodes::_dneg : 1459 current_frame.pop_stack_2( 1460 VerificationType::double2_type(), 1461 VerificationType::double_type(), CHECK_VERIFY(this)); 1462 current_frame.push_stack_2( 1463 VerificationType::double_type(), 1464 VerificationType::double2_type(), CHECK_VERIFY(this)); 1465 no_control_flow = false; break; 1466 case Bytecodes::_iinc : 1467 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1468 no_control_flow = false; break; 1469 case Bytecodes::_i2l : 1470 type = current_frame.pop_stack( 1471 VerificationType::integer_type(), CHECK_VERIFY(this)); 1472 current_frame.push_stack_2( 1473 VerificationType::long_type(), 1474 VerificationType::long2_type(), CHECK_VERIFY(this)); 1475 no_control_flow = false; break; 1476 case Bytecodes::_l2i : 1477 current_frame.pop_stack_2( 1478 VerificationType::long2_type(), 1479 VerificationType::long_type(), CHECK_VERIFY(this)); 1480 current_frame.push_stack( 1481 VerificationType::integer_type(), CHECK_VERIFY(this)); 1482 no_control_flow = false; break; 1483 case Bytecodes::_i2f : 1484 current_frame.pop_stack( 1485 VerificationType::integer_type(), CHECK_VERIFY(this)); 1486 current_frame.push_stack( 1487 VerificationType::float_type(), CHECK_VERIFY(this)); 1488 no_control_flow = false; break; 1489 case Bytecodes::_i2d : 1490 current_frame.pop_stack( 1491 VerificationType::integer_type(), CHECK_VERIFY(this)); 1492 current_frame.push_stack_2( 1493 VerificationType::double_type(), 1494 VerificationType::double2_type(), CHECK_VERIFY(this)); 1495 no_control_flow = false; break; 1496 case Bytecodes::_l2f : 1497 current_frame.pop_stack_2( 1498 VerificationType::long2_type(), 1499 VerificationType::long_type(), CHECK_VERIFY(this)); 1500 current_frame.push_stack( 1501 VerificationType::float_type(), CHECK_VERIFY(this)); 1502 no_control_flow = false; break; 1503 case Bytecodes::_l2d : 1504 current_frame.pop_stack_2( 1505 VerificationType::long2_type(), 1506 VerificationType::long_type(), CHECK_VERIFY(this)); 1507 current_frame.push_stack_2( 1508 VerificationType::double_type(), 1509 VerificationType::double2_type(), CHECK_VERIFY(this)); 1510 no_control_flow = false; break; 1511 case Bytecodes::_f2i : 1512 current_frame.pop_stack( 1513 VerificationType::float_type(), CHECK_VERIFY(this)); 1514 current_frame.push_stack( 1515 VerificationType::integer_type(), CHECK_VERIFY(this)); 1516 no_control_flow = false; break; 1517 case Bytecodes::_f2l : 1518 current_frame.pop_stack( 1519 VerificationType::float_type(), CHECK_VERIFY(this)); 1520 current_frame.push_stack_2( 1521 VerificationType::long_type(), 1522 VerificationType::long2_type(), CHECK_VERIFY(this)); 1523 no_control_flow = false; break; 1524 case Bytecodes::_f2d : 1525 current_frame.pop_stack( 1526 VerificationType::float_type(), CHECK_VERIFY(this)); 1527 current_frame.push_stack_2( 1528 VerificationType::double_type(), 1529 VerificationType::double2_type(), CHECK_VERIFY(this)); 1530 no_control_flow = false; break; 1531 case Bytecodes::_d2i : 1532 current_frame.pop_stack_2( 1533 VerificationType::double2_type(), 1534 VerificationType::double_type(), CHECK_VERIFY(this)); 1535 current_frame.push_stack( 1536 VerificationType::integer_type(), CHECK_VERIFY(this)); 1537 no_control_flow = false; break; 1538 case Bytecodes::_d2l : 1539 current_frame.pop_stack_2( 1540 VerificationType::double2_type(), 1541 VerificationType::double_type(), CHECK_VERIFY(this)); 1542 current_frame.push_stack_2( 1543 VerificationType::long_type(), 1544 VerificationType::long2_type(), CHECK_VERIFY(this)); 1545 no_control_flow = false; break; 1546 case Bytecodes::_d2f : 1547 current_frame.pop_stack_2( 1548 VerificationType::double2_type(), 1549 VerificationType::double_type(), CHECK_VERIFY(this)); 1550 current_frame.push_stack( 1551 VerificationType::float_type(), CHECK_VERIFY(this)); 1552 no_control_flow = false; break; 1553 case Bytecodes::_i2b : 1554 case Bytecodes::_i2c : 1555 case Bytecodes::_i2s : 1556 current_frame.pop_stack( 1557 VerificationType::integer_type(), CHECK_VERIFY(this)); 1558 current_frame.push_stack( 1559 VerificationType::integer_type(), CHECK_VERIFY(this)); 1560 no_control_flow = false; break; 1561 case Bytecodes::_lcmp : 1562 current_frame.pop_stack_2( 1563 VerificationType::long2_type(), 1564 VerificationType::long_type(), CHECK_VERIFY(this)); 1565 current_frame.pop_stack_2( 1566 VerificationType::long2_type(), 1567 VerificationType::long_type(), CHECK_VERIFY(this)); 1568 current_frame.push_stack( 1569 VerificationType::integer_type(), CHECK_VERIFY(this)); 1570 no_control_flow = false; break; 1571 case Bytecodes::_fcmpl : 1572 case Bytecodes::_fcmpg : 1573 current_frame.pop_stack( 1574 VerificationType::float_type(), CHECK_VERIFY(this)); 1575 current_frame.pop_stack( 1576 VerificationType::float_type(), CHECK_VERIFY(this)); 1577 current_frame.push_stack( 1578 VerificationType::integer_type(), CHECK_VERIFY(this)); 1579 no_control_flow = false; break; 1580 case Bytecodes::_dcmpl : 1581 case Bytecodes::_dcmpg : 1582 current_frame.pop_stack_2( 1583 VerificationType::double2_type(), 1584 VerificationType::double_type(), CHECK_VERIFY(this)); 1585 current_frame.pop_stack_2( 1586 VerificationType::double2_type(), 1587 VerificationType::double_type(), CHECK_VERIFY(this)); 1588 current_frame.push_stack( 1589 VerificationType::integer_type(), CHECK_VERIFY(this)); 1590 no_control_flow = false; break; 1591 case Bytecodes::_if_icmpeq: 1592 case Bytecodes::_if_icmpne: 1593 case Bytecodes::_if_icmplt: 1594 case Bytecodes::_if_icmpge: 1595 case Bytecodes::_if_icmpgt: 1596 case Bytecodes::_if_icmple: 1597 current_frame.pop_stack( 1598 VerificationType::integer_type(), CHECK_VERIFY(this)); 1599 // fall through 1600 case Bytecodes::_ifeq: 1601 case Bytecodes::_ifne: 1602 case Bytecodes::_iflt: 1603 case Bytecodes::_ifge: 1604 case Bytecodes::_ifgt: 1605 case Bytecodes::_ifle: 1606 current_frame.pop_stack( 1607 VerificationType::integer_type(), CHECK_VERIFY(this)); 1608 target = bcs.dest(); 1609 stackmap_table.check_jump_target( 1610 ¤t_frame, target, CHECK_VERIFY(this)); 1611 no_control_flow = false; break; 1612 case Bytecodes::_if_acmpeq : 1613 case Bytecodes::_if_acmpne : 1614 current_frame.pop_stack( 1615 VerificationType::reference_check(), CHECK_VERIFY(this)); 1616 // fall through 1617 case Bytecodes::_ifnull : 1618 case Bytecodes::_ifnonnull : 1619 current_frame.pop_stack( 1620 VerificationType::reference_check(), CHECK_VERIFY(this)); 1621 target = bcs.dest(); 1622 stackmap_table.check_jump_target 1623 (¤t_frame, target, CHECK_VERIFY(this)); 1624 no_control_flow = false; break; 1625 case Bytecodes::_goto : 1626 target = bcs.dest(); 1627 stackmap_table.check_jump_target( 1628 ¤t_frame, target, CHECK_VERIFY(this)); 1629 no_control_flow = true; break; 1630 case Bytecodes::_goto_w : 1631 target = bcs.dest_w(); 1632 stackmap_table.check_jump_target( 1633 ¤t_frame, target, CHECK_VERIFY(this)); 1634 no_control_flow = true; break; 1635 case Bytecodes::_tableswitch : 1636 case Bytecodes::_lookupswitch : 1637 verify_switch( 1638 &bcs, code_length, code_data, ¤t_frame, 1639 &stackmap_table, CHECK_VERIFY(this)); 1640 no_control_flow = true; break; 1641 case Bytecodes::_ireturn : 1642 type = current_frame.pop_stack( 1643 VerificationType::integer_type(), CHECK_VERIFY(this)); 1644 verify_return_value(return_type, type, bci, 1645 ¤t_frame, CHECK_VERIFY(this)); 1646 no_control_flow = true; break; 1647 case Bytecodes::_lreturn : 1648 type2 = current_frame.pop_stack( 1649 VerificationType::long2_type(), CHECK_VERIFY(this)); 1650 type = current_frame.pop_stack( 1651 VerificationType::long_type(), CHECK_VERIFY(this)); 1652 verify_return_value(return_type, type, bci, 1653 ¤t_frame, CHECK_VERIFY(this)); 1654 no_control_flow = true; break; 1655 case Bytecodes::_freturn : 1656 type = current_frame.pop_stack( 1657 VerificationType::float_type(), CHECK_VERIFY(this)); 1658 verify_return_value(return_type, type, bci, 1659 ¤t_frame, CHECK_VERIFY(this)); 1660 no_control_flow = true; break; 1661 case Bytecodes::_dreturn : 1662 type2 = current_frame.pop_stack( 1663 VerificationType::double2_type(), CHECK_VERIFY(this)); 1664 type = current_frame.pop_stack( 1665 VerificationType::double_type(), CHECK_VERIFY(this)); 1666 verify_return_value(return_type, type, bci, 1667 ¤t_frame, CHECK_VERIFY(this)); 1668 no_control_flow = true; break; 1669 case Bytecodes::_areturn : 1670 type = current_frame.pop_stack( 1671 VerificationType::reference_check(), CHECK_VERIFY(this)); 1672 verify_return_value(return_type, type, bci, 1673 ¤t_frame, CHECK_VERIFY(this)); 1674 no_control_flow = true; break; 1675 case Bytecodes::_return : 1676 if (return_type != VerificationType::bogus_type()) { 1677 verify_error(ErrorContext::bad_code(bci), 1678 "Method expects a return value"); 1679 return; 1680 } 1681 // Make sure "this" has been initialized if current method is an 1682 // <init>. 1683 if (_method->name() == vmSymbols::object_initializer_name() && 1684 current_frame.flag_this_uninit()) { 1685 verify_error(ErrorContext::bad_code(bci), 1686 "Constructor must call super() or this() " 1687 "before return"); 1688 return; 1689 } 1690 no_control_flow = true; break; 1691 case Bytecodes::_getstatic : 1692 case Bytecodes::_putstatic : 1693 // pass TRUE, operand can be an array type for getstatic/putstatic. 1694 verify_field_instructions( 1695 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1696 no_control_flow = false; break; 1697 case Bytecodes::_getfield : 1698 case Bytecodes::_putfield : 1699 // pass FALSE, operand can't be an array type for getfield/putfield. 1700 verify_field_instructions( 1701 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1702 no_control_flow = false; break; 1703 case Bytecodes::_invokevirtual : 1704 case Bytecodes::_invokespecial : 1705 case Bytecodes::_invokestatic : 1706 verify_invoke_instructions( 1707 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1708 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1709 no_control_flow = false; break; 1710 case Bytecodes::_invokeinterface : 1711 case Bytecodes::_invokedynamic : 1712 verify_invoke_instructions( 1713 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1714 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1715 no_control_flow = false; break; 1716 case Bytecodes::_new : 1717 { 1718 index = bcs.get_index_u2(); 1719 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1720 VerificationType new_class_type = 1721 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1722 if (!new_class_type.is_object()) { 1723 verify_error(ErrorContext::bad_type(bci, 1724 TypeOrigin::cp(index, new_class_type)), 1725 "Illegal new instruction"); 1726 return; 1727 } 1728 type = VerificationType::uninitialized_type(bci); 1729 current_frame.push_stack(type, CHECK_VERIFY(this)); 1730 no_control_flow = false; break; 1731 } 1732 case Bytecodes::_newarray : 1733 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1734 current_frame.pop_stack( 1735 VerificationType::integer_type(), CHECK_VERIFY(this)); 1736 current_frame.push_stack(type, CHECK_VERIFY(this)); 1737 no_control_flow = false; break; 1738 case Bytecodes::_anewarray : 1739 verify_anewarray( 1740 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1741 no_control_flow = false; break; 1742 case Bytecodes::_arraylength : 1743 type = current_frame.pop_stack( 1744 VerificationType::reference_check(), CHECK_VERIFY(this)); 1745 if (!(type.is_null() || type.is_array())) { 1746 verify_error(ErrorContext::bad_type( 1747 bci, current_frame.stack_top_ctx()), 1748 bad_type_msg, "arraylength"); 1749 } 1750 current_frame.push_stack( 1751 VerificationType::integer_type(), CHECK_VERIFY(this)); 1752 no_control_flow = false; break; 1753 case Bytecodes::_checkcast : 1754 { 1755 index = bcs.get_index_u2(); 1756 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1757 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1758 VerificationType klass_type = cp_index_to_type( 1759 index, cp, CHECK_VERIFY(this)); 1760 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1761 no_control_flow = false; break; 1762 } 1763 case Bytecodes::_instanceof : { 1764 index = bcs.get_index_u2(); 1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1767 current_frame.push_stack( 1768 VerificationType::integer_type(), CHECK_VERIFY(this)); 1769 no_control_flow = false; break; 1770 } 1771 case Bytecodes::_monitorenter : 1772 case Bytecodes::_monitorexit : 1773 current_frame.pop_stack( 1774 VerificationType::reference_check(), CHECK_VERIFY(this)); 1775 no_control_flow = false; break; 1776 case Bytecodes::_multianewarray : 1777 { 1778 index = bcs.get_index_u2(); 1779 u2 dim = *(bcs.bcp()+3); 1780 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1781 VerificationType new_array_type = 1782 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1783 if (!new_array_type.is_array()) { 1784 verify_error(ErrorContext::bad_type(bci, 1785 TypeOrigin::cp(index, new_array_type)), 1786 "Illegal constant pool index in multianewarray instruction"); 1787 return; 1788 } 1789 if (dim < 1 || new_array_type.dimensions() < dim) { 1790 verify_error(ErrorContext::bad_code(bci), 1791 "Illegal dimension in multianewarray instruction: %d", dim); 1792 return; 1793 } 1794 for (int i = 0; i < dim; i++) { 1795 current_frame.pop_stack( 1796 VerificationType::integer_type(), CHECK_VERIFY(this)); 1797 } 1798 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1799 no_control_flow = false; break; 1800 } 1801 case Bytecodes::_athrow : 1802 type = VerificationType::reference_type( 1803 vmSymbols::java_lang_Throwable()); 1804 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1805 no_control_flow = true; break; 1806 default: 1807 // We only need to check the valid bytecodes in class file. 1808 // And jsr and ret are not in the new class file format in JDK1.6. 1809 verify_error(ErrorContext::bad_code(bci), 1810 "Bad instruction: %02x", opcode); 1811 no_control_flow = false; 1812 return; 1813 } // end switch 1814 } // end Merge with the next instruction 1815 1816 // Look for possible jump target in exception handlers and see if it matches 1817 // current_frame. Don't do this check if it has already been done (for 1818 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1819 // opcodes, such as invokespecial, may set the this_uninit flag. 1820 assert(!(verified_exc_handlers && this_uninit), 1821 "Exception handler targets got verified before this_uninit got set"); 1822 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1823 if (was_recursively_verified()) return; 1824 verify_exception_handler_targets( 1825 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1826 } 1827 } // end while 1828 1829 // Make sure that control flow does not fall through end of the method 1830 if (!no_control_flow) { 1831 verify_error(ErrorContext::bad_code(code_length), 1832 "Control flow falls through code end"); 1833 return; 1834 } 1835 } 1836 1837 #undef bad_type_message 1838 1839 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1840 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1841 memset(code_data, 0, sizeof(char) * code_length); 1842 RawBytecodeStream bcs(m); 1843 1844 while (!bcs.is_last_bytecode()) { 1845 if (bcs.raw_next() != Bytecodes::_illegal) { 1846 int bci = bcs.bci(); 1847 if (bcs.raw_code() == Bytecodes::_new) { 1848 code_data[bci] = NEW_OFFSET; 1849 } else { 1850 code_data[bci] = BYTECODE_OFFSET; 1851 } 1852 } else { 1853 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1854 return NULL; 1855 } 1856 } 1857 1858 return code_data; 1859 } 1860 1861 // Since this method references the constant pool, call was_recursively_verified() 1862 // before calling this method to make sure a prior class load did not cause the 1863 // current class to get verified. 1864 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1865 ExceptionTable exhandlers(_method()); 1866 int exlength = exhandlers.length(); 1867 constantPoolHandle cp (THREAD, _method->constants()); 1868 1869 for(int i = 0; i < exlength; i++) { 1870 u2 start_pc = exhandlers.start_pc(i); 1871 u2 end_pc = exhandlers.end_pc(i); 1872 u2 handler_pc = exhandlers.handler_pc(i); 1873 if (start_pc >= code_length || code_data[start_pc] == 0) { 1874 class_format_error("Illegal exception table start_pc %d", start_pc); 1875 return; 1876 } 1877 if (end_pc != code_length) { // special case: end_pc == code_length 1878 if (end_pc > code_length || code_data[end_pc] == 0) { 1879 class_format_error("Illegal exception table end_pc %d", end_pc); 1880 return; 1881 } 1882 } 1883 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1884 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1885 return; 1886 } 1887 int catch_type_index = exhandlers.catch_type_index(i); 1888 if (catch_type_index != 0) { 1889 VerificationType catch_type = cp_index_to_type( 1890 catch_type_index, cp, CHECK_VERIFY(this)); 1891 VerificationType throwable = 1892 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1893 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1894 // do that, and we need to avoid a runtime resolution in case we are trying to 1895 // catch OutOfMemoryError. 1896 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1897 cp->klass_at(catch_type_index, CHECK); 1898 } 1899 bool is_subclass = throwable.is_assignable_from( 1900 catch_type, this, false, CHECK_VERIFY(this)); 1901 if (!is_subclass) { 1902 // 4286534: should throw VerifyError according to recent spec change 1903 verify_error(ErrorContext::bad_type(handler_pc, 1904 TypeOrigin::cp(catch_type_index, catch_type), 1905 TypeOrigin::implicit(throwable)), 1906 "Catch type is not a subclass " 1907 "of Throwable in exception handler %d", handler_pc); 1908 return; 1909 } 1910 } 1911 if (start_pc < min) min = start_pc; 1912 if (end_pc > max) max = end_pc; 1913 } 1914 } 1915 1916 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1917 int localvariable_table_length = _method->localvariable_table_length(); 1918 if (localvariable_table_length > 0) { 1919 LocalVariableTableElement* table = _method->localvariable_table_start(); 1920 for (int i = 0; i < localvariable_table_length; i++) { 1921 u2 start_bci = table[i].start_bci; 1922 u2 length = table[i].length; 1923 1924 if (start_bci >= code_length || code_data[start_bci] == 0) { 1925 class_format_error( 1926 "Illegal local variable table start_pc %d", start_bci); 1927 return; 1928 } 1929 u4 end_bci = (u4)(start_bci + length); 1930 if (end_bci != code_length) { 1931 if (end_bci >= code_length || code_data[end_bci] == 0) { 1932 class_format_error( "Illegal local variable table length %d", length); 1933 return; 1934 } 1935 } 1936 } 1937 } 1938 } 1939 1940 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1941 StackMapFrame* current_frame, 1942 StackMapTable* stackmap_table, 1943 bool no_control_flow, TRAPS) { 1944 if (stackmap_index < stackmap_table->get_frame_count()) { 1945 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1946 if (no_control_flow && this_offset > bci) { 1947 verify_error(ErrorContext::missing_stackmap(bci), 1948 "Expecting a stack map frame"); 1949 return 0; 1950 } 1951 if (this_offset == bci) { 1952 ErrorContext ctx; 1953 // See if current stack map can be assigned to the frame in table. 1954 // current_frame is the stackmap frame got from the last instruction. 1955 // If matched, current_frame will be updated by this method. 1956 bool matches = stackmap_table->match_stackmap( 1957 current_frame, this_offset, stackmap_index, 1958 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1959 if (!matches) { 1960 // report type error 1961 verify_error(ctx, "Instruction type does not match stack map"); 1962 return 0; 1963 } 1964 stackmap_index++; 1965 } else if (this_offset < bci) { 1966 // current_offset should have met this_offset. 1967 class_format_error("Bad stack map offset %d", this_offset); 1968 return 0; 1969 } 1970 } else if (no_control_flow) { 1971 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1972 return 0; 1973 } 1974 return stackmap_index; 1975 } 1976 1977 // Since this method references the constant pool, call was_recursively_verified() 1978 // before calling this method to make sure a prior class load did not cause the 1979 // current class to get verified. 1980 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1981 StackMapFrame* current_frame, 1982 StackMapTable* stackmap_table, TRAPS) { 1983 constantPoolHandle cp (THREAD, _method->constants()); 1984 ExceptionTable exhandlers(_method()); 1985 int exlength = exhandlers.length(); 1986 for(int i = 0; i < exlength; i++) { 1987 u2 start_pc = exhandlers.start_pc(i); 1988 u2 end_pc = exhandlers.end_pc(i); 1989 u2 handler_pc = exhandlers.handler_pc(i); 1990 int catch_type_index = exhandlers.catch_type_index(i); 1991 if(bci >= start_pc && bci < end_pc) { 1992 u1 flags = current_frame->flags(); 1993 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1994 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1995 if (catch_type_index != 0) { 1996 if (was_recursively_verified()) return; 1997 // We know that this index refers to a subclass of Throwable 1998 VerificationType catch_type = cp_index_to_type( 1999 catch_type_index, cp, CHECK_VERIFY(this)); 2000 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2001 } else { 2002 VerificationType throwable = 2003 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2004 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2005 } 2006 ErrorContext ctx; 2007 bool matches = stackmap_table->match_stackmap( 2008 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2009 if (!matches) { 2010 verify_error(ctx, "Stack map does not match the one at " 2011 "exception handler %d", handler_pc); 2012 return; 2013 } 2014 } 2015 } 2016 } 2017 2018 void ClassVerifier::verify_cp_index( 2019 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2020 int nconstants = cp->length(); 2021 if ((index <= 0) || (index >= nconstants)) { 2022 verify_error(ErrorContext::bad_cp_index(bci, index), 2023 "Illegal constant pool index %d in class %s", 2024 index, cp->pool_holder()->external_name()); 2025 return; 2026 } 2027 } 2028 2029 void ClassVerifier::verify_cp_type( 2030 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2031 2032 // In some situations, bytecode rewriting may occur while we're verifying. 2033 // In this case, a constant pool cache exists and some indices refer to that 2034 // instead. Be sure we don't pick up such indices by accident. 2035 // We must check was_recursively_verified() before we get here. 2036 guarantee(cp->cache() == NULL, "not rewritten yet"); 2037 2038 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2039 unsigned int tag = cp->tag_at(index).value(); 2040 if ((types & (1 << tag)) == 0) { 2041 verify_error(ErrorContext::bad_cp_index(bci, index), 2042 "Illegal type at constant pool entry %d in class %s", 2043 index, cp->pool_holder()->external_name()); 2044 return; 2045 } 2046 } 2047 2048 void ClassVerifier::verify_cp_class_type( 2049 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2050 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2051 constantTag tag = cp->tag_at(index); 2052 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2053 verify_error(ErrorContext::bad_cp_index(bci, index), 2054 "Illegal type at constant pool entry %d in class %s", 2055 index, cp->pool_holder()->external_name()); 2056 return; 2057 } 2058 } 2059 2060 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2061 stringStream ss; 2062 2063 ctx.reset_frames(); 2064 _exception_type = vmSymbols::java_lang_VerifyError(); 2065 _error_context = ctx; 2066 va_list va; 2067 va_start(va, msg); 2068 ss.vprint(msg, va); 2069 va_end(va); 2070 _message = ss.as_string(); 2071 #ifdef ASSERT 2072 ResourceMark rm; 2073 const char* exception_name = _exception_type->as_C_string(); 2074 Exceptions::debug_check_abort(exception_name, NULL); 2075 #endif // ndef ASSERT 2076 } 2077 2078 void ClassVerifier::class_format_error(const char* msg, ...) { 2079 stringStream ss; 2080 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2081 va_list va; 2082 va_start(va, msg); 2083 ss.vprint(msg, va); 2084 va_end(va); 2085 if (!_method.is_null()) { 2086 ss.print(" in method '"); 2087 _method->print_external_name(&ss); 2088 ss.print("'"); 2089 } 2090 _message = ss.as_string(); 2091 } 2092 2093 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2094 HandleMark hm(THREAD); 2095 // Get current loader and protection domain first. 2096 oop loader = current_class()->class_loader(); 2097 oop protection_domain = current_class()->protection_domain(); 2098 2099 assert(name_in_supers(name, current_class()), "name should be a super class"); 2100 2101 Klass* kls = SystemDictionary::resolve_or_fail( 2102 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2103 true, THREAD); 2104 2105 if (kls != NULL) { 2106 if (log_is_enabled(Debug, class, resolve)) { 2107 Verifier::trace_class_resolution(kls, current_class()); 2108 } 2109 } 2110 return kls; 2111 } 2112 2113 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2114 Klass* target_class, 2115 Symbol* field_name, 2116 Symbol* field_sig, 2117 bool is_method) { 2118 NoSafepointVerifier nosafepoint; 2119 2120 // If target class isn't a super class of this class, we don't worry about this case 2121 if (!this_class->is_subclass_of(target_class)) { 2122 return false; 2123 } 2124 // Check if the specified method or field is protected 2125 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2126 fieldDescriptor fd; 2127 if (is_method) { 2128 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2129 if (m != NULL && m->is_protected()) { 2130 if (!this_class->is_same_class_package(m->method_holder())) { 2131 return true; 2132 } 2133 } 2134 } else { 2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2136 if (member_klass != NULL && fd.is_protected()) { 2137 if (!this_class->is_same_class_package(member_klass)) { 2138 return true; 2139 } 2140 } 2141 } 2142 return false; 2143 } 2144 2145 void ClassVerifier::verify_ldc( 2146 int opcode, u2 index, StackMapFrame* current_frame, 2147 const constantPoolHandle& cp, u2 bci, TRAPS) { 2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2149 constantTag tag = cp->tag_at(index); 2150 unsigned int types = 0; 2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2152 if (!tag.is_unresolved_klass()) { 2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2156 | (1 << JVM_CONSTANT_Dynamic); 2157 // Note: The class file parser already verified the legality of 2158 // MethodHandle and MethodType constants. 2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2160 } 2161 } else { 2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2164 | (1 << JVM_CONSTANT_Dynamic); 2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2166 } 2167 if (tag.is_string()) { 2168 current_frame->push_stack( 2169 VerificationType::reference_type( 2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2172 current_frame->push_stack( 2173 VerificationType::reference_type( 2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2175 } else if (tag.is_int()) { 2176 current_frame->push_stack( 2177 VerificationType::integer_type(), CHECK_VERIFY(this)); 2178 } else if (tag.is_float()) { 2179 current_frame->push_stack( 2180 VerificationType::float_type(), CHECK_VERIFY(this)); 2181 } else if (tag.is_double()) { 2182 current_frame->push_stack_2( 2183 VerificationType::double_type(), 2184 VerificationType::double2_type(), CHECK_VERIFY(this)); 2185 } else if (tag.is_long()) { 2186 current_frame->push_stack_2( 2187 VerificationType::long_type(), 2188 VerificationType::long2_type(), CHECK_VERIFY(this)); 2189 } else if (tag.is_method_handle()) { 2190 current_frame->push_stack( 2191 VerificationType::reference_type( 2192 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2193 } else if (tag.is_method_type()) { 2194 current_frame->push_stack( 2195 VerificationType::reference_type( 2196 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2197 } else if (tag.is_dynamic_constant()) { 2198 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2199 // Field signature was checked in ClassFileParser. 2200 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2201 "Invalid type for dynamic constant"); 2202 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2203 "buffer type must match VerificationType size"); 2204 uintptr_t constant_type_buffer[2]; 2205 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2206 SignatureStream sig_stream(constant_type, false); 2207 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2208 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2209 if (n != opcode_n) { 2210 // wrong kind of ldc; reverify against updated type mask 2211 types &= ~(1 << JVM_CONSTANT_Dynamic); 2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2213 } 2214 for (int i = 0; i < n; i++) { 2215 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2216 } 2217 } else { 2218 /* Unreachable? verify_cp_type has already validated the cp type. */ 2219 verify_error( 2220 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2221 return; 2222 } 2223 } 2224 2225 void ClassVerifier::verify_switch( 2226 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2227 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2228 int bci = bcs->bci(); 2229 address bcp = bcs->bcp(); 2230 address aligned_bcp = align_up(bcp + 1, jintSize); 2231 2232 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2233 // 4639449 & 4647081: padding bytes must be 0 2234 u2 padding_offset = 1; 2235 while ((bcp + padding_offset) < aligned_bcp) { 2236 if(*(bcp + padding_offset) != 0) { 2237 verify_error(ErrorContext::bad_code(bci), 2238 "Nonzero padding byte in lookupswitch or tableswitch"); 2239 return; 2240 } 2241 padding_offset++; 2242 } 2243 } 2244 2245 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2246 int keys, delta; 2247 current_frame->pop_stack( 2248 VerificationType::integer_type(), CHECK_VERIFY(this)); 2249 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2250 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2251 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2252 if (low > high) { 2253 verify_error(ErrorContext::bad_code(bci), 2254 "low must be less than or equal to high in tableswitch"); 2255 return; 2256 } 2257 keys = high - low + 1; 2258 if (keys < 0) { 2259 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2260 return; 2261 } 2262 delta = 1; 2263 } else { 2264 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2265 if (keys < 0) { 2266 verify_error(ErrorContext::bad_code(bci), 2267 "number of keys in lookupswitch less than 0"); 2268 return; 2269 } 2270 delta = 2; 2271 // Make sure that the lookupswitch items are sorted 2272 for (int i = 0; i < (keys - 1); i++) { 2273 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2274 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2275 if (this_key >= next_key) { 2276 verify_error(ErrorContext::bad_code(bci), 2277 "Bad lookupswitch instruction"); 2278 return; 2279 } 2280 } 2281 } 2282 int target = bci + default_offset; 2283 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2284 for (int i = 0; i < keys; i++) { 2285 // Because check_jump_target() may safepoint, the bytecode could have 2286 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2287 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2288 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2289 stackmap_table->check_jump_target( 2290 current_frame, target, CHECK_VERIFY(this)); 2291 } 2292 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2293 } 2294 2295 bool ClassVerifier::name_in_supers( 2296 Symbol* ref_name, InstanceKlass* current) { 2297 Klass* super = current->super(); 2298 while (super != NULL) { 2299 if (super->name() == ref_name) { 2300 return true; 2301 } 2302 super = super->super(); 2303 } 2304 return false; 2305 } 2306 2307 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2308 StackMapFrame* current_frame, 2309 const constantPoolHandle& cp, 2310 bool allow_arrays, 2311 TRAPS) { 2312 u2 index = bcs->get_index_u2(); 2313 verify_cp_type(bcs->bci(), index, cp, 2314 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2315 2316 // Get field name and signature 2317 Symbol* field_name = cp->name_ref_at(index); 2318 Symbol* field_sig = cp->signature_ref_at(index); 2319 bool is_getfield = false; 2320 2321 // Field signature was checked in ClassFileParser. 2322 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2323 "Invalid field signature"); 2324 2325 // Get referenced class type 2326 VerificationType ref_class_type = cp_ref_index_to_type( 2327 index, cp, CHECK_VERIFY(this)); 2328 if (!ref_class_type.is_object() && 2329 (!allow_arrays || !ref_class_type.is_array())) { 2330 verify_error(ErrorContext::bad_type(bcs->bci(), 2331 TypeOrigin::cp(index, ref_class_type)), 2332 "Expecting reference to class in class %s at constant pool index %d", 2333 _klass->external_name(), index); 2334 return; 2335 } 2336 VerificationType target_class_type = ref_class_type; 2337 2338 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2339 "buffer type must match VerificationType size"); 2340 uintptr_t field_type_buffer[2]; 2341 VerificationType* field_type = (VerificationType*)field_type_buffer; 2342 // If we make a VerificationType[2] array directly, the compiler calls 2343 // to the c-runtime library to do the allocation instead of just 2344 // stack allocating it. Plus it would run constructors. This shows up 2345 // in performance profiles. 2346 2347 SignatureStream sig_stream(field_sig, false); 2348 VerificationType stack_object_type; 2349 int n = change_sig_to_verificationType(&sig_stream, field_type); 2350 u2 bci = bcs->bci(); 2351 bool is_assignable; 2352 switch (bcs->raw_code()) { 2353 case Bytecodes::_getstatic: { 2354 for (int i = 0; i < n; i++) { 2355 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2356 } 2357 break; 2358 } 2359 case Bytecodes::_putstatic: { 2360 for (int i = n - 1; i >= 0; i--) { 2361 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2362 } 2363 break; 2364 } 2365 case Bytecodes::_getfield: { 2366 is_getfield = true; 2367 stack_object_type = current_frame->pop_stack( 2368 target_class_type, CHECK_VERIFY(this)); 2369 goto check_protected; 2370 } 2371 case Bytecodes::_putfield: { 2372 for (int i = n - 1; i >= 0; i--) { 2373 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2374 } 2375 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2376 2377 // The JVMS 2nd edition allows field initialization before the superclass 2378 // initializer, if the field is defined within the current class. 2379 fieldDescriptor fd; 2380 if (stack_object_type == VerificationType::uninitialized_this_type() && 2381 target_class_type.equals(current_type()) && 2382 _klass->find_local_field(field_name, field_sig, &fd)) { 2383 stack_object_type = current_type(); 2384 } 2385 is_assignable = target_class_type.is_assignable_from( 2386 stack_object_type, this, false, CHECK_VERIFY(this)); 2387 if (!is_assignable) { 2388 verify_error(ErrorContext::bad_type(bci, 2389 current_frame->stack_top_ctx(), 2390 TypeOrigin::cp(index, target_class_type)), 2391 "Bad type on operand stack in putfield"); 2392 return; 2393 } 2394 } 2395 check_protected: { 2396 if (_this_type == stack_object_type) 2397 break; // stack_object_type must be assignable to _current_class_type 2398 if (was_recursively_verified()) { 2399 if (is_getfield) { 2400 // Push field type for getfield. 2401 for (int i = 0; i < n; i++) { 2402 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2403 } 2404 } 2405 return; 2406 } 2407 Symbol* ref_class_name = 2408 cp->klass_name_at(cp->klass_ref_index_at(index)); 2409 if (!name_in_supers(ref_class_name, current_class())) 2410 // stack_object_type must be assignable to _current_class_type since: 2411 // 1. stack_object_type must be assignable to ref_class. 2412 // 2. ref_class must be _current_class or a subclass of it. It can't 2413 // be a superclass of it. See revised JVMS 5.4.4. 2414 break; 2415 2416 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2417 if (is_protected_access(current_class(), ref_class_oop, field_name, 2418 field_sig, false)) { 2419 // It's protected access, check if stack object is assignable to 2420 // current class. 2421 is_assignable = current_type().is_assignable_from( 2422 stack_object_type, this, true, CHECK_VERIFY(this)); 2423 if (!is_assignable) { 2424 verify_error(ErrorContext::bad_type(bci, 2425 current_frame->stack_top_ctx(), 2426 TypeOrigin::implicit(current_type())), 2427 "Bad access to protected data in %s", 2428 is_getfield ? "getfield" : "putfield"); 2429 return; 2430 } 2431 } 2432 break; 2433 } 2434 default: ShouldNotReachHere(); 2435 } 2436 if (is_getfield) { 2437 // Push field type for getfield after doing protection check. 2438 for (int i = 0; i < n; i++) { 2439 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2440 } 2441 } 2442 } 2443 2444 // Look at the method's handlers. If the bci is in the handler's try block 2445 // then check if the handler_pc is already on the stack. If not, push it 2446 // unless the handler has already been scanned. 2447 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2448 GrowableArray<u4>* handler_list, 2449 GrowableArray<u4>* handler_stack, 2450 u4 bci) { 2451 int exlength = exhandlers->length(); 2452 for(int x = 0; x < exlength; x++) { 2453 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2454 u4 exhandler_pc = exhandlers->handler_pc(x); 2455 if (!handler_list->contains(exhandler_pc)) { 2456 handler_stack->append_if_missing(exhandler_pc); 2457 handler_list->append(exhandler_pc); 2458 } 2459 } 2460 } 2461 } 2462 2463 // Return TRUE if all code paths starting with start_bc_offset end in 2464 // bytecode athrow or loop. 2465 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2466 ResourceMark rm; 2467 // Create bytecode stream. 2468 RawBytecodeStream bcs(method()); 2469 u4 code_length = method()->code_size(); 2470 bcs.set_start(start_bc_offset); 2471 u4 target; 2472 // Create stack for storing bytecode start offsets for if* and *switch. 2473 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2474 // Create stack for handlers for try blocks containing this handler. 2475 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2476 // Create list of handlers that have been pushed onto the handler_stack 2477 // so that handlers embedded inside of their own TRY blocks only get 2478 // scanned once. 2479 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2480 // Create list of visited branch opcodes (goto* and if*). 2481 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2482 ExceptionTable exhandlers(_method()); 2483 2484 while (true) { 2485 if (bcs.is_last_bytecode()) { 2486 // if no more starting offsets to parse or if at the end of the 2487 // method then return false. 2488 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2489 return false; 2490 // Pop a bytecode starting offset and scan from there. 2491 bcs.set_start(bci_stack->pop()); 2492 } 2493 Bytecodes::Code opcode = bcs.raw_next(); 2494 u4 bci = bcs.bci(); 2495 2496 // If the bytecode is in a TRY block, push its handlers so they 2497 // will get parsed. 2498 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2499 2500 switch (opcode) { 2501 case Bytecodes::_if_icmpeq: 2502 case Bytecodes::_if_icmpne: 2503 case Bytecodes::_if_icmplt: 2504 case Bytecodes::_if_icmpge: 2505 case Bytecodes::_if_icmpgt: 2506 case Bytecodes::_if_icmple: 2507 case Bytecodes::_ifeq: 2508 case Bytecodes::_ifne: 2509 case Bytecodes::_iflt: 2510 case Bytecodes::_ifge: 2511 case Bytecodes::_ifgt: 2512 case Bytecodes::_ifle: 2513 case Bytecodes::_if_acmpeq: 2514 case Bytecodes::_if_acmpne: 2515 case Bytecodes::_ifnull: 2516 case Bytecodes::_ifnonnull: 2517 target = bcs.dest(); 2518 if (visited_branches->contains(bci)) { 2519 if (bci_stack->is_empty()) { 2520 if (handler_stack->is_empty()) { 2521 return true; 2522 } else { 2523 // Parse the catch handlers for try blocks containing athrow. 2524 bcs.set_start(handler_stack->pop()); 2525 } 2526 } else { 2527 // Pop a bytecode starting offset and scan from there. 2528 bcs.set_start(bci_stack->pop()); 2529 } 2530 } else { 2531 if (target > bci) { // forward branch 2532 if (target >= code_length) return false; 2533 // Push the branch target onto the stack. 2534 bci_stack->push(target); 2535 // then, scan bytecodes starting with next. 2536 bcs.set_start(bcs.next_bci()); 2537 } else { // backward branch 2538 // Push bytecode offset following backward branch onto the stack. 2539 bci_stack->push(bcs.next_bci()); 2540 // Check bytecodes starting with branch target. 2541 bcs.set_start(target); 2542 } 2543 // Record target so we don't branch here again. 2544 visited_branches->append(bci); 2545 } 2546 break; 2547 2548 case Bytecodes::_goto: 2549 case Bytecodes::_goto_w: 2550 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2551 if (visited_branches->contains(bci)) { 2552 if (bci_stack->is_empty()) { 2553 if (handler_stack->is_empty()) { 2554 return true; 2555 } else { 2556 // Parse the catch handlers for try blocks containing athrow. 2557 bcs.set_start(handler_stack->pop()); 2558 } 2559 } else { 2560 // Been here before, pop new starting offset from stack. 2561 bcs.set_start(bci_stack->pop()); 2562 } 2563 } else { 2564 if (target >= code_length) return false; 2565 // Continue scanning from the target onward. 2566 bcs.set_start(target); 2567 // Record target so we don't branch here again. 2568 visited_branches->append(bci); 2569 } 2570 break; 2571 2572 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2573 // is difficult to determine where each switch alternative ends, parse 2574 // each switch alternative until either hit a 'return', 'athrow', or reach 2575 // the end of the method's bytecodes. This is gross but should be okay 2576 // because: 2577 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2578 // constructor invocations should be rare. 2579 // 2. if each switch alternative ends in an athrow then the parsing should be 2580 // short. If there is no athrow then it is bogus code, anyway. 2581 case Bytecodes::_lookupswitch: 2582 case Bytecodes::_tableswitch: 2583 { 2584 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2585 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2586 int keys, delta; 2587 if (opcode == Bytecodes::_tableswitch) { 2588 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2589 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2590 // This is invalid, but let the regular bytecode verifier 2591 // report this because the user will get a better error message. 2592 if (low > high) return true; 2593 keys = high - low + 1; 2594 delta = 1; 2595 } else { 2596 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2597 delta = 2; 2598 } 2599 // Invalid, let the regular bytecode verifier deal with it. 2600 if (keys < 0) return true; 2601 2602 // Push the offset of the next bytecode onto the stack. 2603 bci_stack->push(bcs.next_bci()); 2604 2605 // Push the switch alternatives onto the stack. 2606 for (int i = 0; i < keys; i++) { 2607 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2608 if (target > code_length) return false; 2609 bci_stack->push(target); 2610 } 2611 2612 // Start bytecode parsing for the switch at the default alternative. 2613 if (default_offset > code_length) return false; 2614 bcs.set_start(default_offset); 2615 break; 2616 } 2617 2618 case Bytecodes::_return: 2619 return false; 2620 2621 case Bytecodes::_athrow: 2622 { 2623 if (bci_stack->is_empty()) { 2624 if (handler_stack->is_empty()) { 2625 return true; 2626 } else { 2627 // Parse the catch handlers for try blocks containing athrow. 2628 bcs.set_start(handler_stack->pop()); 2629 } 2630 } else { 2631 // Pop a bytecode offset and starting scanning from there. 2632 bcs.set_start(bci_stack->pop()); 2633 } 2634 } 2635 break; 2636 2637 default: 2638 ; 2639 } // end switch 2640 } // end while loop 2641 2642 return false; 2643 } 2644 2645 void ClassVerifier::verify_invoke_init( 2646 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2647 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2648 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2649 TRAPS) { 2650 u2 bci = bcs->bci(); 2651 VerificationType type = current_frame->pop_stack( 2652 VerificationType::reference_check(), CHECK_VERIFY(this)); 2653 if (type == VerificationType::uninitialized_this_type()) { 2654 // The method must be an <init> method of this class or its superclass 2655 Klass* superk = current_class()->super(); 2656 if (ref_class_type.name() != current_class()->name() && 2657 ref_class_type.name() != superk->name()) { 2658 verify_error(ErrorContext::bad_type(bci, 2659 TypeOrigin::implicit(ref_class_type), 2660 TypeOrigin::implicit(current_type())), 2661 "Bad <init> method call"); 2662 return; 2663 } 2664 2665 // If this invokespecial call is done from inside of a TRY block then make 2666 // sure that all catch clause paths end in a throw. Otherwise, this can 2667 // result in returning an incomplete object. 2668 if (in_try_block) { 2669 ExceptionTable exhandlers(_method()); 2670 int exlength = exhandlers.length(); 2671 for(int i = 0; i < exlength; i++) { 2672 u2 start_pc = exhandlers.start_pc(i); 2673 u2 end_pc = exhandlers.end_pc(i); 2674 2675 if (bci >= start_pc && bci < end_pc) { 2676 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2677 verify_error(ErrorContext::bad_code(bci), 2678 "Bad <init> method call from after the start of a try block"); 2679 return; 2680 } else if (log_is_enabled(Debug, verification)) { 2681 ResourceMark rm(THREAD); 2682 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2683 current_class()->name()->as_C_string()); 2684 } 2685 } 2686 } 2687 2688 // Check the exception handler target stackmaps with the locals from the 2689 // incoming stackmap (before initialize_object() changes them to outgoing 2690 // state). 2691 if (was_recursively_verified()) return; 2692 verify_exception_handler_targets(bci, true, current_frame, 2693 stackmap_table, CHECK_VERIFY(this)); 2694 } // in_try_block 2695 2696 current_frame->initialize_object(type, current_type()); 2697 *this_uninit = true; 2698 } else if (type.is_uninitialized()) { 2699 u2 new_offset = type.bci(); 2700 address new_bcp = bcs->bcp() - bci + new_offset; 2701 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2702 /* Unreachable? Stack map parsing ensures valid type and new 2703 * instructions have a valid BCI. */ 2704 verify_error(ErrorContext::bad_code(new_offset), 2705 "Expecting new instruction"); 2706 return; 2707 } 2708 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2709 if (was_recursively_verified()) return; 2710 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2711 2712 // The method must be an <init> method of the indicated class 2713 VerificationType new_class_type = cp_index_to_type( 2714 new_class_index, cp, CHECK_VERIFY(this)); 2715 if (!new_class_type.equals(ref_class_type)) { 2716 verify_error(ErrorContext::bad_type(bci, 2717 TypeOrigin::cp(new_class_index, new_class_type), 2718 TypeOrigin::cp(ref_class_index, ref_class_type)), 2719 "Call to wrong <init> method"); 2720 return; 2721 } 2722 // According to the VM spec, if the referent class is a superclass of the 2723 // current class, and is in a different runtime package, and the method is 2724 // protected, then the objectref must be the current class or a subclass 2725 // of the current class. 2726 VerificationType objectref_type = new_class_type; 2727 if (name_in_supers(ref_class_type.name(), current_class())) { 2728 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2729 if (was_recursively_verified()) return; 2730 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2731 vmSymbols::object_initializer_name(), 2732 cp->signature_ref_at(bcs->get_index_u2()), 2733 Klass::OverpassLookupMode::find); 2734 // Do nothing if method is not found. Let resolution detect the error. 2735 if (m != NULL) { 2736 InstanceKlass* mh = m->method_holder(); 2737 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2738 bool assignable = current_type().is_assignable_from( 2739 objectref_type, this, true, CHECK_VERIFY(this)); 2740 if (!assignable) { 2741 verify_error(ErrorContext::bad_type(bci, 2742 TypeOrigin::cp(new_class_index, objectref_type), 2743 TypeOrigin::implicit(current_type())), 2744 "Bad access to protected <init> method"); 2745 return; 2746 } 2747 } 2748 } 2749 } 2750 // Check the exception handler target stackmaps with the locals from the 2751 // incoming stackmap (before initialize_object() changes them to outgoing 2752 // state). 2753 if (in_try_block) { 2754 if (was_recursively_verified()) return; 2755 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2756 stackmap_table, CHECK_VERIFY(this)); 2757 } 2758 current_frame->initialize_object(type, new_class_type); 2759 } else { 2760 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2761 "Bad operand type when invoking <init>"); 2762 return; 2763 } 2764 } 2765 2766 bool ClassVerifier::is_same_or_direct_interface( 2767 InstanceKlass* klass, 2768 VerificationType klass_type, 2769 VerificationType ref_class_type) { 2770 if (ref_class_type.equals(klass_type)) return true; 2771 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2772 if (local_interfaces != NULL) { 2773 for (int x = 0; x < local_interfaces->length(); x++) { 2774 InstanceKlass* k = local_interfaces->at(x); 2775 assert (k != NULL && k->is_interface(), "invalid interface"); 2776 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2777 return true; 2778 } 2779 } 2780 } 2781 return false; 2782 } 2783 2784 void ClassVerifier::verify_invoke_instructions( 2785 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2786 bool in_try_block, bool *this_uninit, VerificationType return_type, 2787 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2788 // Make sure the constant pool item is the right type 2789 u2 index = bcs->get_index_u2(); 2790 Bytecodes::Code opcode = bcs->raw_code(); 2791 unsigned int types = 0; 2792 switch (opcode) { 2793 case Bytecodes::_invokeinterface: 2794 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2795 break; 2796 case Bytecodes::_invokedynamic: 2797 types = 1 << JVM_CONSTANT_InvokeDynamic; 2798 break; 2799 case Bytecodes::_invokespecial: 2800 case Bytecodes::_invokestatic: 2801 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2802 (1 << JVM_CONSTANT_Methodref) : 2803 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2804 break; 2805 default: 2806 types = 1 << JVM_CONSTANT_Methodref; 2807 } 2808 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2809 2810 // Get method name and signature 2811 Symbol* method_name = cp->name_ref_at(index); 2812 Symbol* method_sig = cp->signature_ref_at(index); 2813 2814 // Method signature was checked in ClassFileParser. 2815 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2816 "Invalid method signature"); 2817 2818 // Get referenced class type 2819 VerificationType ref_class_type; 2820 if (opcode == Bytecodes::_invokedynamic) { 2821 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2822 class_format_error( 2823 "invokedynamic instructions not supported by this class file version (%d), class %s", 2824 _klass->major_version(), _klass->external_name()); 2825 return; 2826 } 2827 } else { 2828 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2829 } 2830 2831 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2832 "buffer type must match VerificationType size"); 2833 2834 // Get the UTF8 index for this signature. 2835 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index)); 2836 2837 // Get the signature's verification types. 2838 sig_as_verification_types* mth_sig_verif_types; 2839 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2840 if (mth_sig_verif_types_ptr != NULL) { 2841 // Found the entry for the signature's verification types in the hash table. 2842 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2843 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value"); 2844 } else { 2845 // Not found, add the entry to the table. 2846 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2847 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2848 create_method_sig_entry(mth_sig_verif_types, sig_index); 2849 } 2850 2851 // Get the number of arguments for this signature. 2852 int nargs = mth_sig_verif_types->num_args(); 2853 2854 // Check instruction operands 2855 u2 bci = bcs->bci(); 2856 if (opcode == Bytecodes::_invokeinterface) { 2857 address bcp = bcs->bcp(); 2858 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2859 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2860 // the difference between the size of the operand stack before and after the instruction 2861 // executes. 2862 if (*(bcp+3) != (nargs+1)) { 2863 verify_error(ErrorContext::bad_code(bci), 2864 "Inconsistent args count operand in invokeinterface"); 2865 return; 2866 } 2867 if (*(bcp+4) != 0) { 2868 verify_error(ErrorContext::bad_code(bci), 2869 "Fourth operand byte of invokeinterface must be zero"); 2870 return; 2871 } 2872 } 2873 2874 if (opcode == Bytecodes::_invokedynamic) { 2875 address bcp = bcs->bcp(); 2876 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2877 verify_error(ErrorContext::bad_code(bci), 2878 "Third and fourth operand bytes of invokedynamic must be zero"); 2879 return; 2880 } 2881 } 2882 2883 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2884 // Make sure <init> can only be invoked by invokespecial 2885 if (opcode != Bytecodes::_invokespecial || 2886 method_name != vmSymbols::object_initializer_name()) { 2887 verify_error(ErrorContext::bad_code(bci), 2888 "Illegal call to internal method"); 2889 return; 2890 } 2891 } else if (opcode == Bytecodes::_invokespecial 2892 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2893 && !ref_class_type.equals(VerificationType::reference_type( 2894 current_class()->super()->name()))) { 2895 bool subtype = false; 2896 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2897 subtype = ref_class_type.is_assignable_from( 2898 current_type(), this, false, CHECK_VERIFY(this)); 2899 if (!subtype) { 2900 verify_error(ErrorContext::bad_code(bci), 2901 "Bad invokespecial instruction: " 2902 "current class isn't assignable to reference class."); 2903 return; 2904 } else if (have_imr_indirect) { 2905 verify_error(ErrorContext::bad_code(bci), 2906 "Bad invokespecial instruction: " 2907 "interface method reference is in an indirect superinterface."); 2908 return; 2909 } 2910 2911 } 2912 2913 // Get the verification types for the method's arguments. 2914 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2915 assert(sig_verif_types != NULL, "Missing signature's array of verification types"); 2916 // Match method descriptor with operand stack 2917 // The arguments are on the stack in descending order. 2918 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2919 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2920 } 2921 2922 // Check objectref on operand stack 2923 if (opcode != Bytecodes::_invokestatic && 2924 opcode != Bytecodes::_invokedynamic) { 2925 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2926 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2927 code_length, in_try_block, this_uninit, cp, stackmap_table, 2928 CHECK_VERIFY(this)); 2929 if (was_recursively_verified()) return; 2930 } else { // other methods 2931 // Ensures that target class is assignable to method class. 2932 if (opcode == Bytecodes::_invokespecial) { 2933 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2934 } else if (opcode == Bytecodes::_invokevirtual) { 2935 VerificationType stack_object_type = 2936 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2937 if (current_type() != stack_object_type) { 2938 if (was_recursively_verified()) return; 2939 assert(cp->cache() == NULL, "not rewritten yet"); 2940 Symbol* ref_class_name = 2941 cp->klass_name_at(cp->klass_ref_index_at(index)); 2942 // See the comments in verify_field_instructions() for 2943 // the rationale behind this. 2944 if (name_in_supers(ref_class_name, current_class())) { 2945 Klass* ref_class = load_class(ref_class_name, CHECK); 2946 if (is_protected_access( 2947 _klass, ref_class, method_name, method_sig, true)) { 2948 // It's protected access, check if stack object is 2949 // assignable to current class. 2950 bool is_assignable = current_type().is_assignable_from( 2951 stack_object_type, this, true, CHECK_VERIFY(this)); 2952 if (!is_assignable) { 2953 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2954 && stack_object_type.is_array() 2955 && method_name == vmSymbols::clone_name()) { 2956 // Special case: arrays pretend to implement public Object 2957 // clone(). 2958 } else { 2959 verify_error(ErrorContext::bad_type(bci, 2960 current_frame->stack_top_ctx(), 2961 TypeOrigin::implicit(current_type())), 2962 "Bad access to protected data in invokevirtual"); 2963 return; 2964 } 2965 } 2966 } 2967 } 2968 } 2969 } else { 2970 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2971 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2972 } 2973 } 2974 } 2975 // Push the result type. 2976 int sig_verif_types_len = sig_verif_types->length(); 2977 if (sig_verif_types_len > nargs) { // There's a return type 2978 if (method_name == vmSymbols::object_initializer_name()) { 2979 // <init> method must have a void return type 2980 /* Unreachable? Class file parser verifies that methods with '<' have 2981 * void return */ 2982 verify_error(ErrorContext::bad_code(bci), 2983 "Return type must be void in <init> method"); 2984 return; 2985 } 2986 2987 assert(sig_verif_types_len <= nargs + 2, 2988 "Signature verification types array return type is bogus"); 2989 for (int i = nargs; i < sig_verif_types_len; i++) { 2990 assert(i == nargs || sig_verif_types->at(i).is_long2() || 2991 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 2992 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2993 } 2994 } 2995 } 2996 2997 VerificationType ClassVerifier::get_newarray_type( 2998 u2 index, u2 bci, TRAPS) { 2999 const char* from_bt[] = { 3000 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3001 }; 3002 if (index < T_BOOLEAN || index > T_LONG) { 3003 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3004 return VerificationType::bogus_type(); 3005 } 3006 3007 // from_bt[index] contains the array signature which has a length of 2 3008 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3009 return VerificationType::reference_type(sig); 3010 } 3011 3012 void ClassVerifier::verify_anewarray( 3013 u2 bci, u2 index, const constantPoolHandle& cp, 3014 StackMapFrame* current_frame, TRAPS) { 3015 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3016 current_frame->pop_stack( 3017 VerificationType::integer_type(), CHECK_VERIFY(this)); 3018 3019 if (was_recursively_verified()) return; 3020 VerificationType component_type = 3021 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3022 int length; 3023 char* arr_sig_str; 3024 if (component_type.is_array()) { // it's an array 3025 const char* component_name = component_type.name()->as_utf8(); 3026 // Check for more than MAX_ARRAY_DIMENSIONS 3027 length = (int)strlen(component_name); 3028 if (length > MAX_ARRAY_DIMENSIONS && 3029 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3030 verify_error(ErrorContext::bad_code(bci), 3031 "Illegal anewarray instruction, array has more than 255 dimensions"); 3032 } 3033 // add one dimension to component 3034 length++; 3035 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3036 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3037 JVM_SIGNATURE_ARRAY, component_name); 3038 assert(n == length, "Unexpected number of characters in string"); 3039 } else { // it's an object or interface 3040 const char* component_name = component_type.name()->as_utf8(); 3041 // add one dimension to component with 'L' prepended and ';' postpended. 3042 length = (int)strlen(component_name) + 3; 3043 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3044 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3045 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3046 assert(n == length, "Unexpected number of characters in string"); 3047 } 3048 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3049 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3050 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3051 } 3052 3053 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3054 current_frame->get_local( 3055 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3056 current_frame->push_stack( 3057 VerificationType::integer_type(), CHECK_VERIFY(this)); 3058 } 3059 3060 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3061 current_frame->get_local_2( 3062 index, VerificationType::long_type(), 3063 VerificationType::long2_type(), CHECK_VERIFY(this)); 3064 current_frame->push_stack_2( 3065 VerificationType::long_type(), 3066 VerificationType::long2_type(), CHECK_VERIFY(this)); 3067 } 3068 3069 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3070 current_frame->get_local( 3071 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3072 current_frame->push_stack( 3073 VerificationType::float_type(), CHECK_VERIFY(this)); 3074 } 3075 3076 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3077 current_frame->get_local_2( 3078 index, VerificationType::double_type(), 3079 VerificationType::double2_type(), CHECK_VERIFY(this)); 3080 current_frame->push_stack_2( 3081 VerificationType::double_type(), 3082 VerificationType::double2_type(), CHECK_VERIFY(this)); 3083 } 3084 3085 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3086 VerificationType type = current_frame->get_local( 3087 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3088 current_frame->push_stack(type, CHECK_VERIFY(this)); 3089 } 3090 3091 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3092 current_frame->pop_stack( 3093 VerificationType::integer_type(), CHECK_VERIFY(this)); 3094 current_frame->set_local( 3095 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3096 } 3097 3098 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3099 current_frame->pop_stack_2( 3100 VerificationType::long2_type(), 3101 VerificationType::long_type(), CHECK_VERIFY(this)); 3102 current_frame->set_local_2( 3103 index, VerificationType::long_type(), 3104 VerificationType::long2_type(), CHECK_VERIFY(this)); 3105 } 3106 3107 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3108 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3109 current_frame->set_local( 3110 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3111 } 3112 3113 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3114 current_frame->pop_stack_2( 3115 VerificationType::double2_type(), 3116 VerificationType::double_type(), CHECK_VERIFY(this)); 3117 current_frame->set_local_2( 3118 index, VerificationType::double_type(), 3119 VerificationType::double2_type(), CHECK_VERIFY(this)); 3120 } 3121 3122 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3123 VerificationType type = current_frame->pop_stack( 3124 VerificationType::reference_check(), CHECK_VERIFY(this)); 3125 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3126 } 3127 3128 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3129 VerificationType type = current_frame->get_local( 3130 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3131 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3132 } 3133 3134 void ClassVerifier::verify_return_value( 3135 VerificationType return_type, VerificationType type, u2 bci, 3136 StackMapFrame* current_frame, TRAPS) { 3137 if (return_type == VerificationType::bogus_type()) { 3138 verify_error(ErrorContext::bad_type(bci, 3139 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3140 "Method does not expect a return value"); 3141 return; 3142 } 3143 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3144 if (!match) { 3145 verify_error(ErrorContext::bad_type(bci, 3146 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3147 "Bad return type"); 3148 return; 3149 } 3150 } 3151 3152 // The verifier creates symbols which are substrings of Symbols. 3153 // These are stored in the verifier until the end of verification so that 3154 // they can be reference counted. 3155 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3156 // Quick deduplication check 3157 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) { 3158 return _previous_symbol; 3159 } 3160 Symbol* sym = SymbolTable::new_symbol(name, length); 3161 if (!sym->is_permanent()) { 3162 if (_symbols == NULL) { 3163 _symbols = new GrowableArray<Symbol*>(50, 0, NULL); 3164 } 3165 _symbols->push(sym); 3166 } 3167 _previous_symbol = sym; 3168 return sym; 3169 }