1 /*
2 * Copyright (c) 1998, 2026, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 void *lib_handle = nullptr;
90 // Load verify dll
91 if (is_vm_statically_linked()) {
92 lib_handle = os::get_default_process_handle();
93 } else {
94 char buffer[JVM_MAXPATHLEN];
95 char ebuf[1024];
96 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
97 return nullptr; // Caller will throw VerifyError
98
99 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
100 if (lib_handle == nullptr)
101 return nullptr; // Caller will throw VerifyError
102 }
103
104 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
105 if (fn == nullptr)
106 return nullptr; // Caller will throw VerifyError
107
108 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
109 }
110
111
112 // Methods in Verifier
113
114 // This method determines whether we run the verifier and class file format checking code.
115 bool Verifier::should_verify_for(oop class_loader) {
116 return class_loader == nullptr ?
117 BytecodeVerificationLocal : BytecodeVerificationRemote;
118 }
119
120 // This method determines whether we allow package access in access checks in reflection.
121 bool Verifier::relax_access_for(oop loader) {
122 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
123 bool need_verify =
124 // verifyAll
125 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
126 // verifyRemote
127 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
128 return !need_verify;
129 }
130
131 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
132 // or pass true for redefinition of any class.
133 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
134 Symbol* name = klass->name();
135
136 return (should_verify_class &&
137 // Can not verify the bytecodes for shared classes because they have
138 // already been rewritten to contain constant pool cache indices,
139 // which the verifier can't understand.
140 // Shared classes shouldn't have stackmaps either.
141 // However, bytecodes for shared old classes can be verified because
142 // they have not been rewritten.
143 !(klass->in_aot_cache() && klass->is_rewritten()));
144 }
145
146 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
147 assert(verify_class != nullptr, "Unexpected null verify_class");
148 ResourceMark rm;
149 Symbol* s = verify_class->source_file_name();
150 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
151 const char* verify = verify_class->external_name();
152 const char* resolve = resolve_class->external_name();
153 // print in a single call to reduce interleaving between threads
154 if (source_file != nullptr) {
155 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
156 } else {
157 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
158 }
159 }
160
161 // Prints the end-verification message to the appropriate output.
162 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
163 if (pending_exception != nullptr) {
164 st->print("Verification for %s has", klassName);
165 oop message = java_lang_Throwable::message(pending_exception);
166 if (message != nullptr) {
167 char* ex_msg = java_lang_String::as_utf8_string(message);
168 st->print_cr(" exception pending '%s %s'",
169 pending_exception->klass()->external_name(), ex_msg);
170 } else {
171 st->print_cr(" exception pending %s ",
172 pending_exception->klass()->external_name());
173 }
174 } else if (exception_name != nullptr) {
175 st->print_cr("Verification for %s failed", klassName);
176 }
177 st->print_cr("End class verification for: %s", klassName);
178 }
179
180 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
181 HandleMark hm(THREAD);
182 ResourceMark rm(THREAD);
183
184 // Eagerly allocate the identity hash code for a klass. This is a fallout
185 // from 6320749 and 8059924: hash code generator is not supposed to be called
186 // during the safepoint, but it allows to sneak the hashcode in during
187 // verification. Without this eager hashcode generation, we may end up
188 // installing the hashcode during some other operation, which may be at
189 // safepoint -- blowing up the checks. It was previously done as the side
190 // effect (sic!) for external_name(), but instead of doing that, we opt to
191 // explicitly push the hashcode in here. This is signify the following block
192 // is IMPORTANT:
193 assert(klass->java_mirror() != nullptr, "must be");
194 klass->java_mirror()->identity_hash();
195
196 if (!is_eligible_for_verification(klass, should_verify_class)) {
197 return true;
198 }
199
200 // Timer includes any side effects of class verification (resolution,
201 // etc), but not recursive calls to Verifier::verify().
202 JavaThread* jt = THREAD;
203 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
204 ClassLoader::perf_class_verify_selftime(),
205 ClassLoader::perf_classes_verified(),
206 jt->get_thread_stat()->perf_recursion_counts_addr(),
207 jt->get_thread_stat()->perf_timers_addr(),
208 PerfClassTraceTime::CLASS_VERIFY);
209
210 // If the class should be verified, first see if we can use the split
211 // verifier. If not, or if verification fails and can failover, then
212 // call the inference verifier.
213 Symbol* exception_name = nullptr;
214 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
215 char* message_buffer = nullptr;
216 char* exception_message = nullptr;
217
218 log_info(class, init)("Start class verification for: %s", klass->external_name());
219 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
220 ClassVerifier split_verifier(jt, klass);
221 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
222 split_verifier.verify_class(THREAD);
223 exception_name = split_verifier.result();
224
225 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
226 // the class will be excluded from the archive anyway.
227 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
228 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
229
230 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
231 (exception_name == vmSymbols::java_lang_VerifyError() ||
232 exception_name == vmSymbols::java_lang_ClassFormatError())) {
233 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
234 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
235 #if INCLUDE_CDS
236 // Exclude any classes that are verified with the old verifier, as the old verifier
237 // doesn't call SystemDictionaryShared::add_verification_constraint()
238 if (CDSConfig::is_dumping_archive()) {
239 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
240 SystemDictionaryShared::set_excluded(klass);
241 }
242 #endif
243 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
244 exception_message = message_buffer;
245 exception_name = inference_verify(
246 klass, message_buffer, message_buffer_len, THREAD);
247 }
248 if (exception_name != nullptr) {
249 exception_message = split_verifier.exception_message();
250 }
251 } else {
252 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
253 exception_message = message_buffer;
254 exception_name = inference_verify(
255 klass, message_buffer, message_buffer_len, THREAD);
256 }
257
258 LogTarget(Info, class, init) lt1;
259 if (lt1.is_enabled()) {
260 LogStream ls(lt1);
261 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
262 }
263 LogTarget(Info, verification) lt2;
264 if (lt2.is_enabled()) {
265 LogStream ls(lt2);
266 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
267 }
268
269 if (HAS_PENDING_EXCEPTION) {
270 return false; // use the existing exception
271 } else if (exception_name == nullptr) {
272 return true; // verification succeeded
273 } else { // VerifyError or ClassFormatError to be created and thrown
274 Klass* kls =
275 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
276 if (log_is_enabled(Debug, class, resolve)) {
277 Verifier::trace_class_resolution(kls, klass);
278 }
279
280 while (kls != nullptr) {
281 if (kls == klass) {
282 // If the class being verified is the exception we're creating
283 // or one of it's superclasses, we're in trouble and are going
284 // to infinitely recurse when we try to initialize the exception.
285 // So bail out here by throwing the preallocated VM error.
286 THROW_OOP_(Universe::internal_error_instance(), false);
287 }
288 kls = kls->super();
289 }
290 if (message_buffer != nullptr) {
291 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
292 }
293 assert(exception_message != nullptr, "");
294 THROW_MSG_(exception_name, exception_message, false);
295 }
296 }
297
298 Symbol* Verifier::inference_verify(
299 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
300 JavaThread* thread = THREAD;
301
302 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
303
304 if (verify_func == nullptr) {
305 jio_snprintf(message, message_len, "Could not link verifier");
306 return vmSymbols::java_lang_VerifyError();
307 }
308
309 ResourceMark rm(thread);
310 log_info(verification)("Verifying class %s with old format", klass->external_name());
311
312 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
313 jint result;
314
315 {
316 HandleMark hm(thread);
317 ThreadToNativeFromVM ttn(thread);
318 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
319 // code knows that we have left the VM
320 JNIEnv *env = thread->jni_environment();
321 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
322 }
323
324 JNIHandles::destroy_local(cls);
325
326 // These numbers are chosen so that VerifyClassCodes interface doesn't need
327 // to be changed (still return jboolean (unsigned char)), and result is
328 // 1 when verification is passed.
329 if (result == 0) {
330 return vmSymbols::java_lang_VerifyError();
331 } else if (result == 1) {
332 return nullptr; // verified.
333 } else if (result == 2) {
334 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
335 } else if (result == 3) {
336 return vmSymbols::java_lang_ClassFormatError();
337 } else {
338 ShouldNotReachHere();
339 return nullptr;
340 }
341 }
342
343 TypeOrigin TypeOrigin::null() {
344 return TypeOrigin();
345 }
346 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
347 assert(frame != nullptr, "Must have a frame");
348 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
349 frame->local_at(index));
350 }
351 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
352 assert(frame != nullptr, "Must have a frame");
353 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
354 frame->stack_at(index));
355 }
356 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
357 assert(frame != nullptr, "Must have a frame");
358 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
359 frame->local_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
362 assert(frame != nullptr, "Must have a frame");
363 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
364 frame->stack_at(index));
365 }
366 TypeOrigin TypeOrigin::bad_index(int index) {
367 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
368 }
369 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
370 return TypeOrigin(CONST_POOL, index, nullptr, vt);
371 }
372 TypeOrigin TypeOrigin::signature(VerificationType vt) {
373 return TypeOrigin(SIG, 0, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::implicit(VerificationType t) {
376 return TypeOrigin(IMPLICIT, 0, nullptr, t);
377 }
378 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
379 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
380 VerificationType::bogus_type());
381 }
382
383 void TypeOrigin::reset_frame() {
384 if (_frame != nullptr) {
385 _frame->restore();
386 }
387 }
388
389 void TypeOrigin::details(outputStream* ss) const {
390 _type.print_on(ss);
391 switch (_origin) {
392 case CF_LOCALS:
393 ss->print(" (current frame, locals[%d])", _index);
394 break;
395 case CF_STACK:
396 ss->print(" (current frame, stack[%d])", _index);
397 break;
398 case SM_LOCALS:
399 ss->print(" (stack map, locals[%d])", _index);
400 break;
401 case SM_STACK:
402 ss->print(" (stack map, stack[%d])", _index);
403 break;
404 case CONST_POOL:
405 ss->print(" (constant pool %d)", _index);
406 break;
407 case SIG:
408 ss->print(" (from method signature)");
409 break;
410 case IMPLICIT:
411 case FRAME_ONLY:
412 case NONE:
413 default:
414 ;
415 }
416 }
417
418 #ifdef ASSERT
419 void TypeOrigin::print_on(outputStream* str) const {
420 str->print("{%d,%d,%p:", _origin, _index, _frame);
421 if (_frame != nullptr) {
422 _frame->print_on(str);
423 } else {
424 str->print("null");
425 }
426 str->print(",");
427 _type.print_on(str);
428 str->print("}");
429 }
430 #endif
431
432 void ErrorContext::details(outputStream* ss, const Method* method) const {
433 if (is_valid()) {
434 ss->cr();
435 ss->print_cr("Exception Details:");
436 location_details(ss, method);
437 reason_details(ss);
438 frame_details(ss);
439 bytecode_details(ss, method);
440 handler_details(ss, method);
441 stackmap_details(ss, method);
442 }
443 }
444
445 void ErrorContext::reason_details(outputStream* ss) const {
446 StreamIndentor si(ss, 2);
447 ss->print_cr("Reason:");
448
449 StreamIndentor si2(ss, 2);
450 switch (_fault) {
451 case INVALID_BYTECODE:
452 ss->print("Error exists in the bytecode");
453 break;
454 case WRONG_TYPE:
455 if (_expected.is_valid()) {
456 ss->print("Type ");
457 _type.details(ss);
458 ss->print(" is not assignable to ");
459 _expected.details(ss);
460 } else {
461 ss->print("Invalid type: ");
462 _type.details(ss);
463 }
464 break;
465 case FLAGS_MISMATCH:
466 if (_expected.is_valid()) {
467 ss->print("Current frame's flags are not assignable "
468 "to stack map frame's.");
469 } else {
470 ss->print("Current frame's flags are invalid in this context.");
471 }
472 break;
473 case BAD_CP_INDEX:
474 ss->print("Constant pool index %d is invalid", _type.index());
475 break;
476 case BAD_LOCAL_INDEX:
477 ss->print("Local index %d is invalid", _type.index());
478 break;
479 case LOCALS_SIZE_MISMATCH:
480 ss->print("Current frame's local size doesn't match stackmap.");
481 break;
482 case STACK_SIZE_MISMATCH:
483 ss->print("Current frame's stack size doesn't match stackmap.");
484 break;
485 case STACK_OVERFLOW:
486 ss->print("Exceeded max stack size.");
487 break;
488 case STACK_UNDERFLOW:
489 ss->print("Attempt to pop empty stack.");
490 break;
491 case MISSING_STACKMAP:
492 ss->print("Expected stackmap frame at this location.");
493 break;
494 case BAD_STACKMAP:
495 ss->print("Invalid stackmap specification.");
496 break;
497 case UNKNOWN:
498 default:
499 ShouldNotReachHere();
500 ss->print_cr("Unknown");
501 }
502 ss->cr();
503 }
504
505 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
506 if (_bci != -1 && method != nullptr) {
507 const char* bytecode_name = "<invalid>";
508 if (method->validate_bci(_bci) != -1) {
509 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
510 if (Bytecodes::is_defined(code)) {
511 bytecode_name = Bytecodes::name(code);
512 } else {
513 bytecode_name = "<illegal>";
514 }
515 }
516 InstanceKlass* ik = method->method_holder();
517
518 StreamIndentor si(ss, 2);
519 ss->print_cr("Location:");
520
521 StreamIndentor si2(ss, 2);
522 ss->print_cr("%s.%s%s @%d: %s",
523 ik->name()->as_C_string(), method->name()->as_C_string(),
524 method->signature()->as_C_string(), _bci, bytecode_name);
525 }
526 }
527
528 void ErrorContext::frame_details(outputStream* ss) const {
529 StreamIndentor si(ss, 2);
530 if (_type.is_valid() && _type.frame() != nullptr) {
531 ss->print_cr("Current Frame:");
532 StreamIndentor si2(ss, 2);
533 _type.frame()->print_on(ss);
534 }
535 if (_expected.is_valid() && _expected.frame() != nullptr) {
536 ss->print_cr("Stackmap Frame:");
537 StreamIndentor si2(ss, 2);
538 _expected.frame()->print_on(ss);
539 }
540 }
541
542 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
543 if (method != nullptr) {
544 StreamIndentor si(ss, 2);
545 ss->print_cr("Bytecode:");
546 StreamIndentor si2(ss, 2);
547 ss->print_data(method->code_base(), method->code_size(), false);
548 }
549 }
550
551 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
552 if (method != nullptr) {
553 StreamIndentor si(ss, 2);
554
555 ExceptionTable table(method);
556 if (table.length() > 0) {
557 ss->print_cr("Exception Handler Table:");
558 StreamIndentor si2(ss, 2);
559 for (int i = 0; i < table.length(); ++i) {
560 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
561 table.end_pc(i), table.handler_pc(i));
562 }
563 }
564 }
565 }
566
567 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
568 if (method != nullptr && method->has_stackmap_table()) {
569 StreamIndentor si(ss, 2);
570 ss->print_cr("Stackmap Table:");
571 Array<u1>* data = method->stackmap_data();
572 stack_map_table* sm_table =
573 stack_map_table::at((address)data->adr_at(0));
574 stack_map_frame* sm_frame = sm_table->entries();
575 StreamIndentor si2(ss, 2);
576 int current_offset = -1;
577 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
578 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
579 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
580 sm_frame->print_truncated(ss, current_offset);
581 return;
582 }
583 sm_frame->print_on(ss, current_offset);
584 ss->cr();
585 current_offset += sm_frame->offset_delta();
586 sm_frame = sm_frame->next();
587 }
588 }
589 }
590
591 // Methods in ClassVerifier
592
593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
594 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
595 _message(nullptr), _klass(klass) {
596 _this_type = VerificationType::reference_type(klass->name());
597 }
598
599 ClassVerifier::~ClassVerifier() {
600 // Decrement the reference count for any symbols created.
601 if (_symbols != nullptr) {
602 for (int i = 0; i < _symbols->length(); i++) {
603 Symbol* s = _symbols->at(i);
604 s->decrement_refcount();
605 }
606 }
607 }
608
609 VerificationType ClassVerifier::object_type() const {
610 return VerificationType::reference_type(vmSymbols::java_lang_Object());
611 }
612
613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
614 VerificationType vt = VerificationType::reference_type(
615 create_temporary_symbol(sig, (int)strlen(sig)));
616 return TypeOrigin::implicit(vt);
617 }
618
619
620 void ClassVerifier::verify_class(TRAPS) {
621 log_info(verification)("Verifying class %s with new format", _klass->external_name());
622
623 Array<Method*>* methods = _klass->methods();
624 int num_methods = methods->length();
625
626 for (int index = 0; index < num_methods; index++) {
627 // Check for recursive re-verification before each method.
628 if (was_recursively_verified()) return;
629
630 Method* m = methods->at(index);
631 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
632 // If m is native or abstract, skip it. It is checked in class file
633 // parser that methods do not override a final method. Overpass methods
634 // are trusted since the VM generates them.
635 continue;
636 }
637 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
638 }
639
640 if (was_recursively_verified()){
641 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
642 log_info(class, init)("Recursive verification detected for: %s",
643 _klass->external_name());
644 }
645 }
646
647 // Translate the signature entries into verification types and save them in
648 // the growable array. Also, save the count of arguments.
649 void ClassVerifier::translate_signature(Symbol* const method_sig,
650 sig_as_verification_types* sig_verif_types) {
651 SignatureStream sig_stream(method_sig);
652 VerificationType sig_type[2];
653 int sig_i = 0;
654 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
655
656 // Translate the signature arguments into verification types.
657 while (!sig_stream.at_return_type()) {
658 int n = change_sig_to_verificationType(&sig_stream, sig_type);
659 assert(n <= 2, "Unexpected signature type");
660
661 // Store verification type(s). Longs and Doubles each have two verificationTypes.
662 for (int x = 0; x < n; x++) {
663 verif_types->push(sig_type[x]);
664 }
665 sig_i += n;
666 sig_stream.next();
667 }
668
669 // Set final arg count, not including the return type. The final arg count will
670 // be compared with sig_verify_types' length to see if there is a return type.
671 sig_verif_types->set_num_args(sig_i);
672
673 // Store verification type(s) for the return type, if there is one.
674 if (sig_stream.type() != T_VOID) {
675 int n = change_sig_to_verificationType(&sig_stream, sig_type);
676 assert(n <= 2, "Unexpected signature return type");
677 for (int y = 0; y < n; y++) {
678 verif_types->push(sig_type[y]);
679 }
680 }
681 }
682
683 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
684 int sig_index) {
685 // Translate the signature into verification types.
686 ConstantPool* cp = _klass->constants();
687 Symbol* const method_sig = cp->symbol_at(sig_index);
688 translate_signature(method_sig, sig_verif_types);
689
690 // Add the list of this signature's verification types to the table.
691 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
692 assert(is_unique, "Duplicate entries in method_signature_table");
693 }
694
695 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
696 HandleMark hm(THREAD);
697 _method = m; // initialize _method
698 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
699
700 // For clang, the only good constant format string is a literal constant format string.
701 #define bad_type_msg "Bad type on operand stack in %s"
702
703 u2 max_stack = m->verifier_max_stack();
704 u2 max_locals = m->max_locals();
705 constantPoolHandle cp(THREAD, m->constants());
706
707 // Method signature was checked in ClassFileParser.
708 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
709 "Invalid method signature");
710
711 // Initial stack map frame: offset is 0, stack is initially empty.
712 StackMapFrame current_frame(max_locals, max_stack, this);
713 // Set initial locals
714 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
715
716 u2 stackmap_index = 0; // index to the stackmap array
717
718 u4 code_length = m->code_size();
719
720 // Scan the bytecode and map each instruction's start offset to a number.
721 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
722
723 int ex_min = code_length;
724 int ex_max = -1;
725 // Look through each item on the exception table. Each of the fields must refer
726 // to a legal instruction.
727 if (was_recursively_verified()) return;
728 verify_exception_handler_table(
729 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
730
731 // Look through each entry on the local variable table and make sure
732 // its range of code array offsets is valid. (4169817)
733 if (m->has_localvariable_table()) {
734 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
735 }
736
737 Array<u1>* stackmap_data = m->stackmap_data();
738 StackMapStream stream(stackmap_data);
739 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
740 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
741
742 LogTarget(Debug, verification) lt;
743 if (lt.is_enabled()) {
744 LogStream ls(lt);
745 stackmap_table.print_on(&ls);
746 }
747
748 RawBytecodeStream bcs(m);
749
750 // Scan the byte code linearly from the start to the end
751 bool no_control_flow = false; // Set to true when there is no direct control
752 // flow from current instruction to the next
753 // instruction in sequence
754
755 Bytecodes::Code opcode;
756 while (!bcs.is_last_bytecode()) {
757 // Check for recursive re-verification before each bytecode.
758 if (was_recursively_verified()) return;
759
760 opcode = bcs.raw_next();
761 int bci = bcs.bci();
762
763 // Set current frame's offset to bci
764 current_frame.set_offset(bci);
765 current_frame.set_mark();
766
767 // Make sure every offset in stackmap table point to the beginning to
768 // an instruction. Match current_frame to stackmap_table entry with
769 // the same offset if exists.
770 stackmap_index = verify_stackmap_table(
771 stackmap_index, bci, ¤t_frame, &stackmap_table,
772 no_control_flow, CHECK_VERIFY(this));
773
774
775 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
776 bool verified_exc_handlers = false;
777
778 // Merge with the next instruction
779 {
780 VerificationType type, type2;
781 VerificationType atype;
782
783 LogTarget(Debug, verification) lt;
784 if (lt.is_enabled()) {
785 LogStream ls(lt);
786 current_frame.print_on(&ls);
787 lt.print("offset = %d, opcode = %s", bci,
788 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
789 }
790
791 // Make sure wide instruction is in correct format
792 if (bcs.is_wide()) {
793 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
794 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
795 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
796 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
797 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
798 opcode != Bytecodes::_dstore) {
799 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
800 * if we encounter a wide instruction that modifies an invalid
801 * opcode (not one of the ones listed above) */
802 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
803 return;
804 }
805 }
806
807 // Look for possible jump target in exception handlers and see if it
808 // matches current_frame. Do this check here for astore*, dstore*,
809 // fstore*, istore*, and lstore* opcodes because they can change the type
810 // state by adding a local. JVM Spec says that the incoming type state
811 // should be used for this check. So, do the check here before a possible
812 // local is added to the type state.
813 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
814 if (was_recursively_verified()) return;
815 verify_exception_handler_targets(
816 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
817 verified_exc_handlers = true;
818 }
819
820 if (was_recursively_verified()) return;
821
822 switch (opcode) {
823 case Bytecodes::_nop :
824 no_control_flow = false; break;
825 case Bytecodes::_aconst_null :
826 current_frame.push_stack(
827 VerificationType::null_type(), CHECK_VERIFY(this));
828 no_control_flow = false; break;
829 case Bytecodes::_iconst_m1 :
830 case Bytecodes::_iconst_0 :
831 case Bytecodes::_iconst_1 :
832 case Bytecodes::_iconst_2 :
833 case Bytecodes::_iconst_3 :
834 case Bytecodes::_iconst_4 :
835 case Bytecodes::_iconst_5 :
836 current_frame.push_stack(
837 VerificationType::integer_type(), CHECK_VERIFY(this));
838 no_control_flow = false; break;
839 case Bytecodes::_lconst_0 :
840 case Bytecodes::_lconst_1 :
841 current_frame.push_stack_2(
842 VerificationType::long_type(),
843 VerificationType::long2_type(), CHECK_VERIFY(this));
844 no_control_flow = false; break;
845 case Bytecodes::_fconst_0 :
846 case Bytecodes::_fconst_1 :
847 case Bytecodes::_fconst_2 :
848 current_frame.push_stack(
849 VerificationType::float_type(), CHECK_VERIFY(this));
850 no_control_flow = false; break;
851 case Bytecodes::_dconst_0 :
852 case Bytecodes::_dconst_1 :
853 current_frame.push_stack_2(
854 VerificationType::double_type(),
855 VerificationType::double2_type(), CHECK_VERIFY(this));
856 no_control_flow = false; break;
857 case Bytecodes::_sipush :
858 case Bytecodes::_bipush :
859 current_frame.push_stack(
860 VerificationType::integer_type(), CHECK_VERIFY(this));
861 no_control_flow = false; break;
862 case Bytecodes::_ldc :
863 verify_ldc(
864 opcode, bcs.get_index_u1(), ¤t_frame,
865 cp, bci, CHECK_VERIFY(this));
866 no_control_flow = false; break;
867 case Bytecodes::_ldc_w :
868 case Bytecodes::_ldc2_w :
869 verify_ldc(
870 opcode, bcs.get_index_u2(), ¤t_frame,
871 cp, bci, CHECK_VERIFY(this));
872 no_control_flow = false; break;
873 case Bytecodes::_iload :
874 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
875 no_control_flow = false; break;
876 case Bytecodes::_iload_0 :
877 case Bytecodes::_iload_1 :
878 case Bytecodes::_iload_2 :
879 case Bytecodes::_iload_3 : {
880 int index = opcode - Bytecodes::_iload_0;
881 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
882 no_control_flow = false; break;
883 }
884 case Bytecodes::_lload :
885 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
886 no_control_flow = false; break;
887 case Bytecodes::_lload_0 :
888 case Bytecodes::_lload_1 :
889 case Bytecodes::_lload_2 :
890 case Bytecodes::_lload_3 : {
891 int index = opcode - Bytecodes::_lload_0;
892 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
893 no_control_flow = false; break;
894 }
895 case Bytecodes::_fload :
896 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
897 no_control_flow = false; break;
898 case Bytecodes::_fload_0 :
899 case Bytecodes::_fload_1 :
900 case Bytecodes::_fload_2 :
901 case Bytecodes::_fload_3 : {
902 int index = opcode - Bytecodes::_fload_0;
903 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
904 no_control_flow = false; break;
905 }
906 case Bytecodes::_dload :
907 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
908 no_control_flow = false; break;
909 case Bytecodes::_dload_0 :
910 case Bytecodes::_dload_1 :
911 case Bytecodes::_dload_2 :
912 case Bytecodes::_dload_3 : {
913 int index = opcode - Bytecodes::_dload_0;
914 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
915 no_control_flow = false; break;
916 }
917 case Bytecodes::_aload :
918 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
919 no_control_flow = false; break;
920 case Bytecodes::_aload_0 :
921 case Bytecodes::_aload_1 :
922 case Bytecodes::_aload_2 :
923 case Bytecodes::_aload_3 : {
924 int index = opcode - Bytecodes::_aload_0;
925 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 }
928 case Bytecodes::_iaload :
929 type = current_frame.pop_stack(
930 VerificationType::integer_type(), CHECK_VERIFY(this));
931 atype = current_frame.pop_stack(
932 VerificationType::reference_check(), CHECK_VERIFY(this));
933 if (!atype.is_int_array()) {
934 verify_error(ErrorContext::bad_type(bci,
935 current_frame.stack_top_ctx(), ref_ctx("[I")),
936 bad_type_msg, "iaload");
937 return;
938 }
939 current_frame.push_stack(
940 VerificationType::integer_type(), CHECK_VERIFY(this));
941 no_control_flow = false; break;
942 case Bytecodes::_baload :
943 type = current_frame.pop_stack(
944 VerificationType::integer_type(), CHECK_VERIFY(this));
945 atype = current_frame.pop_stack(
946 VerificationType::reference_check(), CHECK_VERIFY(this));
947 if (!atype.is_bool_array() && !atype.is_byte_array()) {
948 verify_error(
949 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
950 bad_type_msg, "baload");
951 return;
952 }
953 current_frame.push_stack(
954 VerificationType::integer_type(), CHECK_VERIFY(this));
955 no_control_flow = false; break;
956 case Bytecodes::_caload :
957 type = current_frame.pop_stack(
958 VerificationType::integer_type(), CHECK_VERIFY(this));
959 atype = current_frame.pop_stack(
960 VerificationType::reference_check(), CHECK_VERIFY(this));
961 if (!atype.is_char_array()) {
962 verify_error(ErrorContext::bad_type(bci,
963 current_frame.stack_top_ctx(), ref_ctx("[C")),
964 bad_type_msg, "caload");
965 return;
966 }
967 current_frame.push_stack(
968 VerificationType::integer_type(), CHECK_VERIFY(this));
969 no_control_flow = false; break;
970 case Bytecodes::_saload :
971 type = current_frame.pop_stack(
972 VerificationType::integer_type(), CHECK_VERIFY(this));
973 atype = current_frame.pop_stack(
974 VerificationType::reference_check(), CHECK_VERIFY(this));
975 if (!atype.is_short_array()) {
976 verify_error(ErrorContext::bad_type(bci,
977 current_frame.stack_top_ctx(), ref_ctx("[S")),
978 bad_type_msg, "saload");
979 return;
980 }
981 current_frame.push_stack(
982 VerificationType::integer_type(), CHECK_VERIFY(this));
983 no_control_flow = false; break;
984 case Bytecodes::_laload :
985 type = current_frame.pop_stack(
986 VerificationType::integer_type(), CHECK_VERIFY(this));
987 atype = current_frame.pop_stack(
988 VerificationType::reference_check(), CHECK_VERIFY(this));
989 if (!atype.is_long_array()) {
990 verify_error(ErrorContext::bad_type(bci,
991 current_frame.stack_top_ctx(), ref_ctx("[J")),
992 bad_type_msg, "laload");
993 return;
994 }
995 current_frame.push_stack_2(
996 VerificationType::long_type(),
997 VerificationType::long2_type(), CHECK_VERIFY(this));
998 no_control_flow = false; break;
999 case Bytecodes::_faload :
1000 type = current_frame.pop_stack(
1001 VerificationType::integer_type(), CHECK_VERIFY(this));
1002 atype = current_frame.pop_stack(
1003 VerificationType::reference_check(), CHECK_VERIFY(this));
1004 if (!atype.is_float_array()) {
1005 verify_error(ErrorContext::bad_type(bci,
1006 current_frame.stack_top_ctx(), ref_ctx("[F")),
1007 bad_type_msg, "faload");
1008 return;
1009 }
1010 current_frame.push_stack(
1011 VerificationType::float_type(), CHECK_VERIFY(this));
1012 no_control_flow = false; break;
1013 case Bytecodes::_daload :
1014 type = current_frame.pop_stack(
1015 VerificationType::integer_type(), CHECK_VERIFY(this));
1016 atype = current_frame.pop_stack(
1017 VerificationType::reference_check(), CHECK_VERIFY(this));
1018 if (!atype.is_double_array()) {
1019 verify_error(ErrorContext::bad_type(bci,
1020 current_frame.stack_top_ctx(), ref_ctx("[D")),
1021 bad_type_msg, "daload");
1022 return;
1023 }
1024 current_frame.push_stack_2(
1025 VerificationType::double_type(),
1026 VerificationType::double2_type(), CHECK_VERIFY(this));
1027 no_control_flow = false; break;
1028 case Bytecodes::_aaload : {
1029 type = current_frame.pop_stack(
1030 VerificationType::integer_type(), CHECK_VERIFY(this));
1031 atype = current_frame.pop_stack(
1032 VerificationType::reference_check(), CHECK_VERIFY(this));
1033 if (!atype.is_reference_array()) {
1034 verify_error(ErrorContext::bad_type(bci,
1035 current_frame.stack_top_ctx(),
1036 TypeOrigin::implicit(VerificationType::reference_check())),
1037 bad_type_msg, "aaload");
1038 return;
1039 }
1040 if (atype.is_null()) {
1041 current_frame.push_stack(
1042 VerificationType::null_type(), CHECK_VERIFY(this));
1043 } else {
1044 VerificationType component = atype.get_component(this);
1045 current_frame.push_stack(component, CHECK_VERIFY(this));
1046 }
1047 no_control_flow = false; break;
1048 }
1049 case Bytecodes::_istore :
1050 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1051 no_control_flow = false; break;
1052 case Bytecodes::_istore_0 :
1053 case Bytecodes::_istore_1 :
1054 case Bytecodes::_istore_2 :
1055 case Bytecodes::_istore_3 : {
1056 int index = opcode - Bytecodes::_istore_0;
1057 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1058 no_control_flow = false; break;
1059 }
1060 case Bytecodes::_lstore :
1061 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1062 no_control_flow = false; break;
1063 case Bytecodes::_lstore_0 :
1064 case Bytecodes::_lstore_1 :
1065 case Bytecodes::_lstore_2 :
1066 case Bytecodes::_lstore_3 : {
1067 int index = opcode - Bytecodes::_lstore_0;
1068 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1069 no_control_flow = false; break;
1070 }
1071 case Bytecodes::_fstore :
1072 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1073 no_control_flow = false; break;
1074 case Bytecodes::_fstore_0 :
1075 case Bytecodes::_fstore_1 :
1076 case Bytecodes::_fstore_2 :
1077 case Bytecodes::_fstore_3 : {
1078 int index = opcode - Bytecodes::_fstore_0;
1079 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1080 no_control_flow = false; break;
1081 }
1082 case Bytecodes::_dstore :
1083 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1084 no_control_flow = false; break;
1085 case Bytecodes::_dstore_0 :
1086 case Bytecodes::_dstore_1 :
1087 case Bytecodes::_dstore_2 :
1088 case Bytecodes::_dstore_3 : {
1089 int index = opcode - Bytecodes::_dstore_0;
1090 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1091 no_control_flow = false; break;
1092 }
1093 case Bytecodes::_astore :
1094 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1095 no_control_flow = false; break;
1096 case Bytecodes::_astore_0 :
1097 case Bytecodes::_astore_1 :
1098 case Bytecodes::_astore_2 :
1099 case Bytecodes::_astore_3 : {
1100 int index = opcode - Bytecodes::_astore_0;
1101 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 }
1104 case Bytecodes::_iastore :
1105 type = current_frame.pop_stack(
1106 VerificationType::integer_type(), CHECK_VERIFY(this));
1107 type2 = current_frame.pop_stack(
1108 VerificationType::integer_type(), CHECK_VERIFY(this));
1109 atype = current_frame.pop_stack(
1110 VerificationType::reference_check(), CHECK_VERIFY(this));
1111 if (!atype.is_int_array()) {
1112 verify_error(ErrorContext::bad_type(bci,
1113 current_frame.stack_top_ctx(), ref_ctx("[I")),
1114 bad_type_msg, "iastore");
1115 return;
1116 }
1117 no_control_flow = false; break;
1118 case Bytecodes::_bastore :
1119 type = current_frame.pop_stack(
1120 VerificationType::integer_type(), CHECK_VERIFY(this));
1121 type2 = current_frame.pop_stack(
1122 VerificationType::integer_type(), CHECK_VERIFY(this));
1123 atype = current_frame.pop_stack(
1124 VerificationType::reference_check(), CHECK_VERIFY(this));
1125 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1126 verify_error(
1127 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1128 bad_type_msg, "bastore");
1129 return;
1130 }
1131 no_control_flow = false; break;
1132 case Bytecodes::_castore :
1133 current_frame.pop_stack(
1134 VerificationType::integer_type(), CHECK_VERIFY(this));
1135 current_frame.pop_stack(
1136 VerificationType::integer_type(), CHECK_VERIFY(this));
1137 atype = current_frame.pop_stack(
1138 VerificationType::reference_check(), CHECK_VERIFY(this));
1139 if (!atype.is_char_array()) {
1140 verify_error(ErrorContext::bad_type(bci,
1141 current_frame.stack_top_ctx(), ref_ctx("[C")),
1142 bad_type_msg, "castore");
1143 return;
1144 }
1145 no_control_flow = false; break;
1146 case Bytecodes::_sastore :
1147 current_frame.pop_stack(
1148 VerificationType::integer_type(), CHECK_VERIFY(this));
1149 current_frame.pop_stack(
1150 VerificationType::integer_type(), CHECK_VERIFY(this));
1151 atype = current_frame.pop_stack(
1152 VerificationType::reference_check(), CHECK_VERIFY(this));
1153 if (!atype.is_short_array()) {
1154 verify_error(ErrorContext::bad_type(bci,
1155 current_frame.stack_top_ctx(), ref_ctx("[S")),
1156 bad_type_msg, "sastore");
1157 return;
1158 }
1159 no_control_flow = false; break;
1160 case Bytecodes::_lastore :
1161 current_frame.pop_stack_2(
1162 VerificationType::long2_type(),
1163 VerificationType::long_type(), CHECK_VERIFY(this));
1164 current_frame.pop_stack(
1165 VerificationType::integer_type(), CHECK_VERIFY(this));
1166 atype = current_frame.pop_stack(
1167 VerificationType::reference_check(), CHECK_VERIFY(this));
1168 if (!atype.is_long_array()) {
1169 verify_error(ErrorContext::bad_type(bci,
1170 current_frame.stack_top_ctx(), ref_ctx("[J")),
1171 bad_type_msg, "lastore");
1172 return;
1173 }
1174 no_control_flow = false; break;
1175 case Bytecodes::_fastore :
1176 current_frame.pop_stack(
1177 VerificationType::float_type(), CHECK_VERIFY(this));
1178 current_frame.pop_stack
1179 (VerificationType::integer_type(), CHECK_VERIFY(this));
1180 atype = current_frame.pop_stack(
1181 VerificationType::reference_check(), CHECK_VERIFY(this));
1182 if (!atype.is_float_array()) {
1183 verify_error(ErrorContext::bad_type(bci,
1184 current_frame.stack_top_ctx(), ref_ctx("[F")),
1185 bad_type_msg, "fastore");
1186 return;
1187 }
1188 no_control_flow = false; break;
1189 case Bytecodes::_dastore :
1190 current_frame.pop_stack_2(
1191 VerificationType::double2_type(),
1192 VerificationType::double_type(), CHECK_VERIFY(this));
1193 current_frame.pop_stack(
1194 VerificationType::integer_type(), CHECK_VERIFY(this));
1195 atype = current_frame.pop_stack(
1196 VerificationType::reference_check(), CHECK_VERIFY(this));
1197 if (!atype.is_double_array()) {
1198 verify_error(ErrorContext::bad_type(bci,
1199 current_frame.stack_top_ctx(), ref_ctx("[D")),
1200 bad_type_msg, "dastore");
1201 return;
1202 }
1203 no_control_flow = false; break;
1204 case Bytecodes::_aastore :
1205 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1206 type2 = current_frame.pop_stack(
1207 VerificationType::integer_type(), CHECK_VERIFY(this));
1208 atype = current_frame.pop_stack(
1209 VerificationType::reference_check(), CHECK_VERIFY(this));
1210 // more type-checking is done at runtime
1211 if (!atype.is_reference_array()) {
1212 verify_error(ErrorContext::bad_type(bci,
1213 current_frame.stack_top_ctx(),
1214 TypeOrigin::implicit(VerificationType::reference_check())),
1215 bad_type_msg, "aastore");
1216 return;
1217 }
1218 // 4938384: relaxed constraint in JVMS 3rd edition.
1219 no_control_flow = false; break;
1220 case Bytecodes::_pop :
1221 current_frame.pop_stack(
1222 VerificationType::category1_check(), CHECK_VERIFY(this));
1223 no_control_flow = false; break;
1224 case Bytecodes::_pop2 :
1225 type = current_frame.pop_stack(CHECK_VERIFY(this));
1226 if (type.is_category1()) {
1227 current_frame.pop_stack(
1228 VerificationType::category1_check(), CHECK_VERIFY(this));
1229 } else if (type.is_category2_2nd()) {
1230 current_frame.pop_stack(
1231 VerificationType::category2_check(), CHECK_VERIFY(this));
1232 } else {
1233 /* Unreachable? Would need a category2_1st on TOS
1234 * which does not appear possible. */
1235 verify_error(
1236 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1237 bad_type_msg, "pop2");
1238 return;
1239 }
1240 no_control_flow = false; break;
1241 case Bytecodes::_dup :
1242 type = current_frame.pop_stack(
1243 VerificationType::category1_check(), CHECK_VERIFY(this));
1244 current_frame.push_stack(type, CHECK_VERIFY(this));
1245 current_frame.push_stack(type, CHECK_VERIFY(this));
1246 no_control_flow = false; break;
1247 case Bytecodes::_dup_x1 :
1248 type = current_frame.pop_stack(
1249 VerificationType::category1_check(), CHECK_VERIFY(this));
1250 type2 = current_frame.pop_stack(
1251 VerificationType::category1_check(), CHECK_VERIFY(this));
1252 current_frame.push_stack(type, CHECK_VERIFY(this));
1253 current_frame.push_stack(type2, CHECK_VERIFY(this));
1254 current_frame.push_stack(type, CHECK_VERIFY(this));
1255 no_control_flow = false; break;
1256 case Bytecodes::_dup_x2 :
1257 {
1258 VerificationType type3;
1259 type = current_frame.pop_stack(
1260 VerificationType::category1_check(), CHECK_VERIFY(this));
1261 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1262 if (type2.is_category1()) {
1263 type3 = current_frame.pop_stack(
1264 VerificationType::category1_check(), CHECK_VERIFY(this));
1265 } else if (type2.is_category2_2nd()) {
1266 type3 = current_frame.pop_stack(
1267 VerificationType::category2_check(), CHECK_VERIFY(this));
1268 } else {
1269 /* Unreachable? Would need a category2_1st at stack depth 2 with
1270 * a category1 on TOS which does not appear possible. */
1271 verify_error(ErrorContext::bad_type(
1272 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1273 return;
1274 }
1275 current_frame.push_stack(type, CHECK_VERIFY(this));
1276 current_frame.push_stack(type3, CHECK_VERIFY(this));
1277 current_frame.push_stack(type2, CHECK_VERIFY(this));
1278 current_frame.push_stack(type, CHECK_VERIFY(this));
1279 no_control_flow = false; break;
1280 }
1281 case Bytecodes::_dup2 :
1282 type = current_frame.pop_stack(CHECK_VERIFY(this));
1283 if (type.is_category1()) {
1284 type2 = current_frame.pop_stack(
1285 VerificationType::category1_check(), CHECK_VERIFY(this));
1286 } else if (type.is_category2_2nd()) {
1287 type2 = current_frame.pop_stack(
1288 VerificationType::category2_check(), CHECK_VERIFY(this));
1289 } else {
1290 /* Unreachable? Would need a category2_1st on TOS which does not
1291 * appear possible. */
1292 verify_error(
1293 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1294 bad_type_msg, "dup2");
1295 return;
1296 }
1297 current_frame.push_stack(type2, CHECK_VERIFY(this));
1298 current_frame.push_stack(type, CHECK_VERIFY(this));
1299 current_frame.push_stack(type2, CHECK_VERIFY(this));
1300 current_frame.push_stack(type, CHECK_VERIFY(this));
1301 no_control_flow = false; break;
1302 case Bytecodes::_dup2_x1 :
1303 {
1304 VerificationType type3;
1305 type = current_frame.pop_stack(CHECK_VERIFY(this));
1306 if (type.is_category1()) {
1307 type2 = current_frame.pop_stack(
1308 VerificationType::category1_check(), CHECK_VERIFY(this));
1309 } else if (type.is_category2_2nd()) {
1310 type2 = current_frame.pop_stack(
1311 VerificationType::category2_check(), CHECK_VERIFY(this));
1312 } else {
1313 /* Unreachable? Would need a category2_1st on TOS which does
1314 * not appear possible. */
1315 verify_error(
1316 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1317 bad_type_msg, "dup2_x1");
1318 return;
1319 }
1320 type3 = current_frame.pop_stack(
1321 VerificationType::category1_check(), CHECK_VERIFY(this));
1322 current_frame.push_stack(type2, CHECK_VERIFY(this));
1323 current_frame.push_stack(type, CHECK_VERIFY(this));
1324 current_frame.push_stack(type3, CHECK_VERIFY(this));
1325 current_frame.push_stack(type2, CHECK_VERIFY(this));
1326 current_frame.push_stack(type, CHECK_VERIFY(this));
1327 no_control_flow = false; break;
1328 }
1329 case Bytecodes::_dup2_x2 :
1330 {
1331 VerificationType type3, type4;
1332 type = current_frame.pop_stack(CHECK_VERIFY(this));
1333 if (type.is_category1()) {
1334 type2 = current_frame.pop_stack(
1335 VerificationType::category1_check(), CHECK_VERIFY(this));
1336 } else if (type.is_category2_2nd()) {
1337 type2 = current_frame.pop_stack(
1338 VerificationType::category2_check(), CHECK_VERIFY(this));
1339 } else {
1340 /* Unreachable? Would need a category2_1st on TOS which does
1341 * not appear possible. */
1342 verify_error(
1343 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1344 bad_type_msg, "dup2_x2");
1345 return;
1346 }
1347 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1348 if (type3.is_category1()) {
1349 type4 = current_frame.pop_stack(
1350 VerificationType::category1_check(), CHECK_VERIFY(this));
1351 } else if (type3.is_category2_2nd()) {
1352 type4 = current_frame.pop_stack(
1353 VerificationType::category2_check(), CHECK_VERIFY(this));
1354 } else {
1355 /* Unreachable? Would need a category2_1st on TOS after popping
1356 * a long/double or two category 1's, which does not
1357 * appear possible. */
1358 verify_error(
1359 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1360 bad_type_msg, "dup2_x2");
1361 return;
1362 }
1363 current_frame.push_stack(type2, CHECK_VERIFY(this));
1364 current_frame.push_stack(type, CHECK_VERIFY(this));
1365 current_frame.push_stack(type4, CHECK_VERIFY(this));
1366 current_frame.push_stack(type3, CHECK_VERIFY(this));
1367 current_frame.push_stack(type2, CHECK_VERIFY(this));
1368 current_frame.push_stack(type, CHECK_VERIFY(this));
1369 no_control_flow = false; break;
1370 }
1371 case Bytecodes::_swap :
1372 type = current_frame.pop_stack(
1373 VerificationType::category1_check(), CHECK_VERIFY(this));
1374 type2 = current_frame.pop_stack(
1375 VerificationType::category1_check(), CHECK_VERIFY(this));
1376 current_frame.push_stack(type, CHECK_VERIFY(this));
1377 current_frame.push_stack(type2, CHECK_VERIFY(this));
1378 no_control_flow = false; break;
1379 case Bytecodes::_iadd :
1380 case Bytecodes::_isub :
1381 case Bytecodes::_imul :
1382 case Bytecodes::_idiv :
1383 case Bytecodes::_irem :
1384 case Bytecodes::_ishl :
1385 case Bytecodes::_ishr :
1386 case Bytecodes::_iushr :
1387 case Bytecodes::_ior :
1388 case Bytecodes::_ixor :
1389 case Bytecodes::_iand :
1390 current_frame.pop_stack(
1391 VerificationType::integer_type(), CHECK_VERIFY(this));
1392 // fall through
1393 case Bytecodes::_ineg :
1394 current_frame.pop_stack(
1395 VerificationType::integer_type(), CHECK_VERIFY(this));
1396 current_frame.push_stack(
1397 VerificationType::integer_type(), CHECK_VERIFY(this));
1398 no_control_flow = false; break;
1399 case Bytecodes::_ladd :
1400 case Bytecodes::_lsub :
1401 case Bytecodes::_lmul :
1402 case Bytecodes::_ldiv :
1403 case Bytecodes::_lrem :
1404 case Bytecodes::_land :
1405 case Bytecodes::_lor :
1406 case Bytecodes::_lxor :
1407 current_frame.pop_stack_2(
1408 VerificationType::long2_type(),
1409 VerificationType::long_type(), CHECK_VERIFY(this));
1410 // fall through
1411 case Bytecodes::_lneg :
1412 current_frame.pop_stack_2(
1413 VerificationType::long2_type(),
1414 VerificationType::long_type(), CHECK_VERIFY(this));
1415 current_frame.push_stack_2(
1416 VerificationType::long_type(),
1417 VerificationType::long2_type(), CHECK_VERIFY(this));
1418 no_control_flow = false; break;
1419 case Bytecodes::_lshl :
1420 case Bytecodes::_lshr :
1421 case Bytecodes::_lushr :
1422 current_frame.pop_stack(
1423 VerificationType::integer_type(), CHECK_VERIFY(this));
1424 current_frame.pop_stack_2(
1425 VerificationType::long2_type(),
1426 VerificationType::long_type(), CHECK_VERIFY(this));
1427 current_frame.push_stack_2(
1428 VerificationType::long_type(),
1429 VerificationType::long2_type(), CHECK_VERIFY(this));
1430 no_control_flow = false; break;
1431 case Bytecodes::_fadd :
1432 case Bytecodes::_fsub :
1433 case Bytecodes::_fmul :
1434 case Bytecodes::_fdiv :
1435 case Bytecodes::_frem :
1436 current_frame.pop_stack(
1437 VerificationType::float_type(), CHECK_VERIFY(this));
1438 // fall through
1439 case Bytecodes::_fneg :
1440 current_frame.pop_stack(
1441 VerificationType::float_type(), CHECK_VERIFY(this));
1442 current_frame.push_stack(
1443 VerificationType::float_type(), CHECK_VERIFY(this));
1444 no_control_flow = false; break;
1445 case Bytecodes::_dadd :
1446 case Bytecodes::_dsub :
1447 case Bytecodes::_dmul :
1448 case Bytecodes::_ddiv :
1449 case Bytecodes::_drem :
1450 current_frame.pop_stack_2(
1451 VerificationType::double2_type(),
1452 VerificationType::double_type(), CHECK_VERIFY(this));
1453 // fall through
1454 case Bytecodes::_dneg :
1455 current_frame.pop_stack_2(
1456 VerificationType::double2_type(),
1457 VerificationType::double_type(), CHECK_VERIFY(this));
1458 current_frame.push_stack_2(
1459 VerificationType::double_type(),
1460 VerificationType::double2_type(), CHECK_VERIFY(this));
1461 no_control_flow = false; break;
1462 case Bytecodes::_iinc :
1463 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1464 no_control_flow = false; break;
1465 case Bytecodes::_i2l :
1466 type = current_frame.pop_stack(
1467 VerificationType::integer_type(), CHECK_VERIFY(this));
1468 current_frame.push_stack_2(
1469 VerificationType::long_type(),
1470 VerificationType::long2_type(), CHECK_VERIFY(this));
1471 no_control_flow = false; break;
1472 case Bytecodes::_l2i :
1473 current_frame.pop_stack_2(
1474 VerificationType::long2_type(),
1475 VerificationType::long_type(), CHECK_VERIFY(this));
1476 current_frame.push_stack(
1477 VerificationType::integer_type(), CHECK_VERIFY(this));
1478 no_control_flow = false; break;
1479 case Bytecodes::_i2f :
1480 current_frame.pop_stack(
1481 VerificationType::integer_type(), CHECK_VERIFY(this));
1482 current_frame.push_stack(
1483 VerificationType::float_type(), CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_i2d :
1486 current_frame.pop_stack(
1487 VerificationType::integer_type(), CHECK_VERIFY(this));
1488 current_frame.push_stack_2(
1489 VerificationType::double_type(),
1490 VerificationType::double2_type(), CHECK_VERIFY(this));
1491 no_control_flow = false; break;
1492 case Bytecodes::_l2f :
1493 current_frame.pop_stack_2(
1494 VerificationType::long2_type(),
1495 VerificationType::long_type(), CHECK_VERIFY(this));
1496 current_frame.push_stack(
1497 VerificationType::float_type(), CHECK_VERIFY(this));
1498 no_control_flow = false; break;
1499 case Bytecodes::_l2d :
1500 current_frame.pop_stack_2(
1501 VerificationType::long2_type(),
1502 VerificationType::long_type(), CHECK_VERIFY(this));
1503 current_frame.push_stack_2(
1504 VerificationType::double_type(),
1505 VerificationType::double2_type(), CHECK_VERIFY(this));
1506 no_control_flow = false; break;
1507 case Bytecodes::_f2i :
1508 current_frame.pop_stack(
1509 VerificationType::float_type(), CHECK_VERIFY(this));
1510 current_frame.push_stack(
1511 VerificationType::integer_type(), CHECK_VERIFY(this));
1512 no_control_flow = false; break;
1513 case Bytecodes::_f2l :
1514 current_frame.pop_stack(
1515 VerificationType::float_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack_2(
1517 VerificationType::long_type(),
1518 VerificationType::long2_type(), CHECK_VERIFY(this));
1519 no_control_flow = false; break;
1520 case Bytecodes::_f2d :
1521 current_frame.pop_stack(
1522 VerificationType::float_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack_2(
1524 VerificationType::double_type(),
1525 VerificationType::double2_type(), CHECK_VERIFY(this));
1526 no_control_flow = false; break;
1527 case Bytecodes::_d2i :
1528 current_frame.pop_stack_2(
1529 VerificationType::double2_type(),
1530 VerificationType::double_type(), CHECK_VERIFY(this));
1531 current_frame.push_stack(
1532 VerificationType::integer_type(), CHECK_VERIFY(this));
1533 no_control_flow = false; break;
1534 case Bytecodes::_d2l :
1535 current_frame.pop_stack_2(
1536 VerificationType::double2_type(),
1537 VerificationType::double_type(), CHECK_VERIFY(this));
1538 current_frame.push_stack_2(
1539 VerificationType::long_type(),
1540 VerificationType::long2_type(), CHECK_VERIFY(this));
1541 no_control_flow = false; break;
1542 case Bytecodes::_d2f :
1543 current_frame.pop_stack_2(
1544 VerificationType::double2_type(),
1545 VerificationType::double_type(), CHECK_VERIFY(this));
1546 current_frame.push_stack(
1547 VerificationType::float_type(), CHECK_VERIFY(this));
1548 no_control_flow = false; break;
1549 case Bytecodes::_i2b :
1550 case Bytecodes::_i2c :
1551 case Bytecodes::_i2s :
1552 current_frame.pop_stack(
1553 VerificationType::integer_type(), CHECK_VERIFY(this));
1554 current_frame.push_stack(
1555 VerificationType::integer_type(), CHECK_VERIFY(this));
1556 no_control_flow = false; break;
1557 case Bytecodes::_lcmp :
1558 current_frame.pop_stack_2(
1559 VerificationType::long2_type(),
1560 VerificationType::long_type(), CHECK_VERIFY(this));
1561 current_frame.pop_stack_2(
1562 VerificationType::long2_type(),
1563 VerificationType::long_type(), CHECK_VERIFY(this));
1564 current_frame.push_stack(
1565 VerificationType::integer_type(), CHECK_VERIFY(this));
1566 no_control_flow = false; break;
1567 case Bytecodes::_fcmpl :
1568 case Bytecodes::_fcmpg :
1569 current_frame.pop_stack(
1570 VerificationType::float_type(), CHECK_VERIFY(this));
1571 current_frame.pop_stack(
1572 VerificationType::float_type(), CHECK_VERIFY(this));
1573 current_frame.push_stack(
1574 VerificationType::integer_type(), CHECK_VERIFY(this));
1575 no_control_flow = false; break;
1576 case Bytecodes::_dcmpl :
1577 case Bytecodes::_dcmpg :
1578 current_frame.pop_stack_2(
1579 VerificationType::double2_type(),
1580 VerificationType::double_type(), CHECK_VERIFY(this));
1581 current_frame.pop_stack_2(
1582 VerificationType::double2_type(),
1583 VerificationType::double_type(), CHECK_VERIFY(this));
1584 current_frame.push_stack(
1585 VerificationType::integer_type(), CHECK_VERIFY(this));
1586 no_control_flow = false; break;
1587 case Bytecodes::_if_icmpeq:
1588 case Bytecodes::_if_icmpne:
1589 case Bytecodes::_if_icmplt:
1590 case Bytecodes::_if_icmpge:
1591 case Bytecodes::_if_icmpgt:
1592 case Bytecodes::_if_icmple:
1593 current_frame.pop_stack(
1594 VerificationType::integer_type(), CHECK_VERIFY(this));
1595 // fall through
1596 case Bytecodes::_ifeq:
1597 case Bytecodes::_ifne:
1598 case Bytecodes::_iflt:
1599 case Bytecodes::_ifge:
1600 case Bytecodes::_ifgt:
1601 case Bytecodes::_ifle:
1602 current_frame.pop_stack(
1603 VerificationType::integer_type(), CHECK_VERIFY(this));
1604 stackmap_table.check_jump_target(
1605 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 case Bytecodes::_if_acmpeq :
1608 case Bytecodes::_if_acmpne :
1609 current_frame.pop_stack(
1610 object_type(), CHECK_VERIFY(this));
1611 // fall through
1612 case Bytecodes::_ifnull :
1613 case Bytecodes::_ifnonnull :
1614 current_frame.pop_stack(
1615 object_type(), CHECK_VERIFY(this));
1616 stackmap_table.check_jump_target
1617 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1618 no_control_flow = false; break;
1619 case Bytecodes::_goto :
1620 stackmap_table.check_jump_target(
1621 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1622 no_control_flow = true; break;
1623 case Bytecodes::_goto_w :
1624 stackmap_table.check_jump_target(
1625 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1626 no_control_flow = true; break;
1627 case Bytecodes::_tableswitch :
1628 case Bytecodes::_lookupswitch :
1629 verify_switch(
1630 &bcs, code_length, code_data, ¤t_frame,
1631 &stackmap_table, CHECK_VERIFY(this));
1632 no_control_flow = true; break;
1633 case Bytecodes::_ireturn :
1634 type = current_frame.pop_stack(
1635 VerificationType::integer_type(), CHECK_VERIFY(this));
1636 verify_return_value(return_type, type, bci,
1637 ¤t_frame, CHECK_VERIFY(this));
1638 no_control_flow = true; break;
1639 case Bytecodes::_lreturn :
1640 type2 = current_frame.pop_stack(
1641 VerificationType::long2_type(), CHECK_VERIFY(this));
1642 type = current_frame.pop_stack(
1643 VerificationType::long_type(), CHECK_VERIFY(this));
1644 verify_return_value(return_type, type, bci,
1645 ¤t_frame, CHECK_VERIFY(this));
1646 no_control_flow = true; break;
1647 case Bytecodes::_freturn :
1648 type = current_frame.pop_stack(
1649 VerificationType::float_type(), CHECK_VERIFY(this));
1650 verify_return_value(return_type, type, bci,
1651 ¤t_frame, CHECK_VERIFY(this));
1652 no_control_flow = true; break;
1653 case Bytecodes::_dreturn :
1654 type2 = current_frame.pop_stack(
1655 VerificationType::double2_type(), CHECK_VERIFY(this));
1656 type = current_frame.pop_stack(
1657 VerificationType::double_type(), CHECK_VERIFY(this));
1658 verify_return_value(return_type, type, bci,
1659 ¤t_frame, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_areturn :
1662 type = current_frame.pop_stack(
1663 VerificationType::reference_check(), CHECK_VERIFY(this));
1664 verify_return_value(return_type, type, bci,
1665 ¤t_frame, CHECK_VERIFY(this));
1666 no_control_flow = true; break;
1667 case Bytecodes::_return :
1668 if (return_type != VerificationType::bogus_type()) {
1669 verify_error(ErrorContext::bad_code(bci),
1670 "Method expects a return value");
1671 return;
1672 }
1673 // Make sure "this" has been initialized if current method is an
1674 // <init>.
1675 if (_method->name() == vmSymbols::object_initializer_name() &&
1676 current_frame.flag_this_uninit()) {
1677 verify_error(ErrorContext::bad_code(bci),
1678 "Constructor must call super() or this() "
1679 "before return");
1680 return;
1681 }
1682 no_control_flow = true; break;
1683 case Bytecodes::_getstatic :
1684 case Bytecodes::_putstatic :
1685 // pass TRUE, operand can be an array type for getstatic/putstatic.
1686 verify_field_instructions(
1687 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1688 no_control_flow = false; break;
1689 case Bytecodes::_getfield :
1690 case Bytecodes::_putfield :
1691 // pass FALSE, operand can't be an array type for getfield/putfield.
1692 verify_field_instructions(
1693 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1694 no_control_flow = false; break;
1695 case Bytecodes::_invokevirtual :
1696 case Bytecodes::_invokespecial :
1697 case Bytecodes::_invokestatic :
1698 verify_invoke_instructions(
1699 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1700 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1701 no_control_flow = false; break;
1702 case Bytecodes::_invokeinterface :
1703 case Bytecodes::_invokedynamic :
1704 verify_invoke_instructions(
1705 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1706 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1707 no_control_flow = false; break;
1708 case Bytecodes::_new :
1709 {
1710 u2 index = bcs.get_index_u2();
1711 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1712 VerificationType new_class_type =
1713 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1714 if (!new_class_type.is_object()) {
1715 verify_error(ErrorContext::bad_type(bci,
1716 TypeOrigin::cp(index, new_class_type)),
1717 "Illegal new instruction");
1718 return;
1719 }
1720 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1721 current_frame.push_stack(type, CHECK_VERIFY(this));
1722 no_control_flow = false; break;
1723 }
1724 case Bytecodes::_newarray :
1725 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1726 current_frame.pop_stack(
1727 VerificationType::integer_type(), CHECK_VERIFY(this));
1728 current_frame.push_stack(type, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_anewarray :
1731 verify_anewarray(
1732 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_arraylength :
1735 type = current_frame.pop_stack(
1736 VerificationType::reference_check(), CHECK_VERIFY(this));
1737 if (!(type.is_null() || type.is_array())) {
1738 verify_error(ErrorContext::bad_type(
1739 bci, current_frame.stack_top_ctx()),
1740 bad_type_msg, "arraylength");
1741 }
1742 current_frame.push_stack(
1743 VerificationType::integer_type(), CHECK_VERIFY(this));
1744 no_control_flow = false; break;
1745 case Bytecodes::_checkcast :
1746 {
1747 u2 index = bcs.get_index_u2();
1748 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1749 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1750 VerificationType klass_type = cp_index_to_type(
1751 index, cp, CHECK_VERIFY(this));
1752 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_instanceof : {
1756 u2 index = bcs.get_index_u2();
1757 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1758 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1759 current_frame.push_stack(
1760 VerificationType::integer_type(), CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 }
1763 case Bytecodes::_monitorenter :
1764 case Bytecodes::_monitorexit :
1765 current_frame.pop_stack(
1766 VerificationType::reference_check(), CHECK_VERIFY(this));
1767 no_control_flow = false; break;
1768 case Bytecodes::_multianewarray :
1769 {
1770 u2 index = bcs.get_index_u2();
1771 u2 dim = *(bcs.bcp()+3);
1772 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1773 VerificationType new_array_type =
1774 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1775 if (!new_array_type.is_array()) {
1776 verify_error(ErrorContext::bad_type(bci,
1777 TypeOrigin::cp(index, new_array_type)),
1778 "Illegal constant pool index in multianewarray instruction");
1779 return;
1780 }
1781 if (dim < 1 || new_array_type.dimensions() < dim) {
1782 verify_error(ErrorContext::bad_code(bci),
1783 "Illegal dimension in multianewarray instruction: %d", dim);
1784 return;
1785 }
1786 for (int i = 0; i < dim; i++) {
1787 current_frame.pop_stack(
1788 VerificationType::integer_type(), CHECK_VERIFY(this));
1789 }
1790 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1791 no_control_flow = false; break;
1792 }
1793 case Bytecodes::_athrow :
1794 type = VerificationType::reference_type(
1795 vmSymbols::java_lang_Throwable());
1796 current_frame.pop_stack(type, CHECK_VERIFY(this));
1797 no_control_flow = true; break;
1798 default:
1799 // We only need to check the valid bytecodes in class file.
1800 // And jsr and ret are not in the new class file format in JDK1.6.
1801 verify_error(ErrorContext::bad_code(bci),
1802 "Bad instruction: %02x", opcode);
1803 no_control_flow = false;
1804 return;
1805 } // end switch
1806 } // end Merge with the next instruction
1807
1808 // Look for possible jump target in exception handlers and see if it matches
1809 // current_frame. Don't do this check if it has already been done (for
1810 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1811 // opcodes, such as invokespecial, may set the this_uninit flag.
1812 assert(!(verified_exc_handlers && this_uninit),
1813 "Exception handler targets got verified before this_uninit got set");
1814 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1815 if (was_recursively_verified()) return;
1816 verify_exception_handler_targets(
1817 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1818 }
1819 } // end while
1820
1821 // Make sure that control flow does not fall through end of the method
1822 if (!no_control_flow) {
1823 verify_error(ErrorContext::bad_code(code_length),
1824 "Control flow falls through code end");
1825 return;
1826 }
1827 }
1828
1829 #undef bad_type_message
1830
1831 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1832 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1833 memset(code_data, 0, sizeof(char) * code_length);
1834 RawBytecodeStream bcs(m);
1835
1836 while (!bcs.is_last_bytecode()) {
1837 if (bcs.raw_next() != Bytecodes::_illegal) {
1838 int bci = bcs.bci();
1839 if (bcs.raw_code() == Bytecodes::_new) {
1840 code_data[bci] = NEW_OFFSET;
1841 } else {
1842 code_data[bci] = BYTECODE_OFFSET;
1843 }
1844 } else {
1845 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1846 return nullptr;
1847 }
1848 }
1849
1850 return code_data;
1851 }
1852
1853 // Since this method references the constant pool, call was_recursively_verified()
1854 // before calling this method to make sure a prior class load did not cause the
1855 // current class to get verified.
1856 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1857 ExceptionTable exhandlers(_method());
1858 int exlength = exhandlers.length();
1859 constantPoolHandle cp (THREAD, _method->constants());
1860
1861 for(int i = 0; i < exlength; i++) {
1862 u2 start_pc = exhandlers.start_pc(i);
1863 u2 end_pc = exhandlers.end_pc(i);
1864 u2 handler_pc = exhandlers.handler_pc(i);
1865 if (start_pc >= code_length || code_data[start_pc] == 0) {
1866 class_format_error("Illegal exception table start_pc %d", start_pc);
1867 return;
1868 }
1869 if (end_pc != code_length) { // special case: end_pc == code_length
1870 if (end_pc > code_length || code_data[end_pc] == 0) {
1871 class_format_error("Illegal exception table end_pc %d", end_pc);
1872 return;
1873 }
1874 }
1875 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1876 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1877 return;
1878 }
1879 u2 catch_type_index = exhandlers.catch_type_index(i);
1880 if (catch_type_index != 0) {
1881 VerificationType catch_type = cp_index_to_type(
1882 catch_type_index, cp, CHECK_VERIFY(this));
1883 VerificationType throwable =
1884 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1885 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1886 // do that, and we need to avoid a runtime resolution in case we are trying to
1887 // catch OutOfMemoryError.
1888 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1889 cp->klass_at(catch_type_index, CHECK);
1890 }
1891 bool is_subclass = throwable.is_assignable_from(
1892 catch_type, this, false, CHECK_VERIFY(this));
1893 if (!is_subclass) {
1894 // 4286534: should throw VerifyError according to recent spec change
1895 verify_error(ErrorContext::bad_type(handler_pc,
1896 TypeOrigin::cp(catch_type_index, catch_type),
1897 TypeOrigin::implicit(throwable)),
1898 "Catch type is not a subclass "
1899 "of Throwable in exception handler %d", handler_pc);
1900 return;
1901 }
1902 }
1903 if (start_pc < min) min = start_pc;
1904 if (end_pc > max) max = end_pc;
1905 }
1906 }
1907
1908 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1909 int localvariable_table_length = _method->localvariable_table_length();
1910 if (localvariable_table_length > 0) {
1911 LocalVariableTableElement* table = _method->localvariable_table_start();
1912 for (int i = 0; i < localvariable_table_length; i++) {
1913 u2 start_bci = table[i].start_bci;
1914 u2 length = table[i].length;
1915
1916 if (start_bci >= code_length || code_data[start_bci] == 0) {
1917 class_format_error(
1918 "Illegal local variable table start_pc %d", start_bci);
1919 return;
1920 }
1921 u4 end_bci = (u4)(start_bci + length);
1922 if (end_bci != code_length) {
1923 if (end_bci >= code_length || code_data[end_bci] == 0) {
1924 class_format_error( "Illegal local variable table length %d", length);
1925 return;
1926 }
1927 }
1928 }
1929 }
1930 }
1931
1932 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1933 StackMapFrame* current_frame,
1934 StackMapTable* stackmap_table,
1935 bool no_control_flow, TRAPS) {
1936 if (stackmap_index < stackmap_table->get_frame_count()) {
1937 int this_offset = stackmap_table->get_offset(stackmap_index);
1938 if (no_control_flow && this_offset > bci) {
1939 verify_error(ErrorContext::missing_stackmap(bci),
1940 "Expecting a stack map frame");
1941 return 0;
1942 }
1943 if (this_offset == bci) {
1944 ErrorContext ctx;
1945 // See if current stack map can be assigned to the frame in table.
1946 // current_frame is the stackmap frame got from the last instruction.
1947 // If matched, current_frame will be updated by this method.
1948 bool matches = stackmap_table->match_stackmap(
1949 current_frame, this_offset, stackmap_index,
1950 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1951 if (!matches) {
1952 // report type error
1953 verify_error(ctx, "Instruction type does not match stack map");
1954 return 0;
1955 }
1956 stackmap_index++;
1957 } else if (this_offset < bci) {
1958 // current_offset should have met this_offset.
1959 class_format_error("Bad stack map offset %d", this_offset);
1960 return 0;
1961 }
1962 } else if (no_control_flow) {
1963 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1964 return 0;
1965 }
1966 return stackmap_index;
1967 }
1968
1969 // Since this method references the constant pool, call was_recursively_verified()
1970 // before calling this method to make sure a prior class load did not cause the
1971 // current class to get verified.
1972 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1973 StackMapFrame* current_frame,
1974 StackMapTable* stackmap_table, TRAPS) {
1975 constantPoolHandle cp (THREAD, _method->constants());
1976 ExceptionTable exhandlers(_method());
1977 int exlength = exhandlers.length();
1978 for(int i = 0; i < exlength; i++) {
1979 u2 start_pc = exhandlers.start_pc(i);
1980 u2 end_pc = exhandlers.end_pc(i);
1981 u2 handler_pc = exhandlers.handler_pc(i);
1982 int catch_type_index = exhandlers.catch_type_index(i);
1983 if(bci >= start_pc && bci < end_pc) {
1984 u1 flags = current_frame->flags();
1985 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1986 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1987 if (catch_type_index != 0) {
1988 if (was_recursively_verified()) return;
1989 // We know that this index refers to a subclass of Throwable
1990 VerificationType catch_type = cp_index_to_type(
1991 catch_type_index, cp, CHECK_VERIFY(this));
1992 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1993 } else {
1994 VerificationType throwable =
1995 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1996 new_frame->push_stack(throwable, CHECK_VERIFY(this));
1997 }
1998 ErrorContext ctx;
1999 bool matches = stackmap_table->match_stackmap(
2000 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2001 if (!matches) {
2002 verify_error(ctx, "Stack map does not match the one at "
2003 "exception handler %d", handler_pc);
2004 return;
2005 }
2006 }
2007 }
2008 }
2009
2010 void ClassVerifier::verify_cp_index(
2011 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2012 int nconstants = cp->length();
2013 if ((index <= 0) || (index >= nconstants)) {
2014 verify_error(ErrorContext::bad_cp_index(bci, index),
2015 "Illegal constant pool index %d in class %s",
2016 index, cp->pool_holder()->external_name());
2017 return;
2018 }
2019 }
2020
2021 void ClassVerifier::verify_cp_type(
2022 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2023
2024 // In some situations, bytecode rewriting may occur while we're verifying.
2025 // In this case, a constant pool cache exists and some indices refer to that
2026 // instead. Be sure we don't pick up such indices by accident.
2027 // We must check was_recursively_verified() before we get here.
2028 guarantee(cp->cache() == nullptr, "not rewritten yet");
2029
2030 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2031 unsigned int tag = cp->tag_at(index).value();
2032 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2033 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2034 verify_error(ErrorContext::bad_cp_index(bci, index),
2035 "Illegal type at constant pool entry %d in class %s",
2036 index, cp->pool_holder()->external_name());
2037 return;
2038 }
2039 }
2040
2041 void ClassVerifier::verify_cp_class_type(
2042 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2043 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2044 constantTag tag = cp->tag_at(index);
2045 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2046 verify_error(ErrorContext::bad_cp_index(bci, index),
2047 "Illegal type at constant pool entry %d in class %s",
2048 index, cp->pool_holder()->external_name());
2049 return;
2050 }
2051 }
2052
2053 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2054 stringStream ss;
2055
2056 ctx.reset_frames();
2057 _exception_type = vmSymbols::java_lang_VerifyError();
2058 _error_context = ctx;
2059 va_list va;
2060 va_start(va, msg);
2061 ss.vprint(msg, va);
2062 va_end(va);
2063 _message = ss.as_string();
2064 #ifdef ASSERT
2065 ResourceMark rm;
2066 const char* exception_name = _exception_type->as_C_string();
2067 Exceptions::debug_check_abort(exception_name, nullptr);
2068 #endif // ndef ASSERT
2069 }
2070
2071 void ClassVerifier::class_format_error(const char* msg, ...) {
2072 stringStream ss;
2073 _exception_type = vmSymbols::java_lang_ClassFormatError();
2074 va_list va;
2075 va_start(va, msg);
2076 ss.vprint(msg, va);
2077 va_end(va);
2078 if (!_method.is_null()) {
2079 ss.print(" in method '");
2080 _method->print_external_name(&ss);
2081 ss.print("'");
2082 }
2083 _message = ss.as_string();
2084 }
2085
2086 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2087 HandleMark hm(THREAD);
2088 // Get current loader first.
2089 oop loader = current_class()->class_loader();
2090
2091 assert(name_in_supers(name, current_class()), "name should be a super class");
2092
2093 Klass* kls = SystemDictionary::resolve_or_fail(
2094 name, Handle(THREAD, loader), true, THREAD);
2095
2096 if (kls != nullptr) {
2097 if (log_is_enabled(Debug, class, resolve)) {
2098 Verifier::trace_class_resolution(kls, current_class());
2099 }
2100 }
2101 return kls;
2102 }
2103
2104 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2105 Klass* target_class,
2106 Symbol* field_name,
2107 Symbol* field_sig,
2108 bool is_method) {
2109 NoSafepointVerifier nosafepoint;
2110
2111 // If target class isn't a super class of this class, we don't worry about this case
2112 if (!this_class->is_subclass_of(target_class)) {
2113 return false;
2114 }
2115 // Check if the specified method or field is protected
2116 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2117 fieldDescriptor fd;
2118 if (is_method) {
2119 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2120 if (m != nullptr && m->is_protected()) {
2121 if (!this_class->is_same_class_package(m->method_holder())) {
2122 return true;
2123 }
2124 }
2125 } else {
2126 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2127 if (member_klass != nullptr && fd.is_protected()) {
2128 if (!this_class->is_same_class_package(member_klass)) {
2129 return true;
2130 }
2131 }
2132 }
2133 return false;
2134 }
2135
2136 void ClassVerifier::verify_ldc(
2137 int opcode, u2 index, StackMapFrame* current_frame,
2138 const constantPoolHandle& cp, int bci, TRAPS) {
2139 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2140 constantTag tag = cp->tag_at(index);
2141 unsigned int types = 0;
2142 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2143 if (!tag.is_unresolved_klass()) {
2144 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2145 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2146 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2147 | (1 << JVM_CONSTANT_Dynamic);
2148 // Note: The class file parser already verified the legality of
2149 // MethodHandle and MethodType constants.
2150 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2151 }
2152 } else {
2153 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2154 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2155 | (1 << JVM_CONSTANT_Dynamic);
2156 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2157 }
2158 if (tag.is_string()) {
2159 current_frame->push_stack(
2160 VerificationType::reference_type(
2161 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2162 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2163 current_frame->push_stack(
2164 VerificationType::reference_type(
2165 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2166 } else if (tag.is_int()) {
2167 current_frame->push_stack(
2168 VerificationType::integer_type(), CHECK_VERIFY(this));
2169 } else if (tag.is_float()) {
2170 current_frame->push_stack(
2171 VerificationType::float_type(), CHECK_VERIFY(this));
2172 } else if (tag.is_double()) {
2173 current_frame->push_stack_2(
2174 VerificationType::double_type(),
2175 VerificationType::double2_type(), CHECK_VERIFY(this));
2176 } else if (tag.is_long()) {
2177 current_frame->push_stack_2(
2178 VerificationType::long_type(),
2179 VerificationType::long2_type(), CHECK_VERIFY(this));
2180 } else if (tag.is_method_handle()) {
2181 current_frame->push_stack(
2182 VerificationType::reference_type(
2183 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2184 } else if (tag.is_method_type()) {
2185 current_frame->push_stack(
2186 VerificationType::reference_type(
2187 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2188 } else if (tag.is_dynamic_constant()) {
2189 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2190 // Field signature was checked in ClassFileParser.
2191 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2192 "Invalid type for dynamic constant");
2193 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2194 "buffer type must match VerificationType size");
2195 uintptr_t constant_type_buffer[2];
2196 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2197 SignatureStream sig_stream(constant_type, false);
2198 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2199 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2200 if (n != opcode_n) {
2201 // wrong kind of ldc; reverify against updated type mask
2202 types &= ~(1 << JVM_CONSTANT_Dynamic);
2203 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2204 }
2205 for (int i = 0; i < n; i++) {
2206 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2207 }
2208 } else {
2209 /* Unreachable? verify_cp_type has already validated the cp type. */
2210 verify_error(
2211 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2212 return;
2213 }
2214 }
2215
2216 void ClassVerifier::verify_switch(
2217 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2218 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2219 int bci = bcs->bci();
2220 address bcp = bcs->bcp();
2221 address aligned_bcp = align_up(bcp + 1, jintSize);
2222
2223 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2224 // 4639449 & 4647081: padding bytes must be 0
2225 u2 padding_offset = 1;
2226 while ((bcp + padding_offset) < aligned_bcp) {
2227 if(*(bcp + padding_offset) != 0) {
2228 verify_error(ErrorContext::bad_code(bci),
2229 "Nonzero padding byte in lookupswitch or tableswitch");
2230 return;
2231 }
2232 padding_offset++;
2233 }
2234 }
2235
2236 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2237 int keys, delta;
2238 current_frame->pop_stack(
2239 VerificationType::integer_type(), CHECK_VERIFY(this));
2240 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2241 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2242 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2243 if (low > high) {
2244 verify_error(ErrorContext::bad_code(bci),
2245 "low must be less than or equal to high in tableswitch");
2246 return;
2247 }
2248 int64_t keys64 = ((int64_t)high - low) + 1;
2249 if (keys64 > 65535) { // Max code length
2250 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2251 return;
2252 }
2253 keys = (int)keys64;
2254 delta = 1;
2255 } else {
2256 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2257 if (keys < 0) {
2258 verify_error(ErrorContext::bad_code(bci),
2259 "number of keys in lookupswitch less than 0");
2260 return;
2261 }
2262 delta = 2;
2263 // Make sure that the lookupswitch items are sorted
2264 for (int i = 0; i < (keys - 1); i++) {
2265 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2266 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2267 if (this_key >= next_key) {
2268 verify_error(ErrorContext::bad_code(bci),
2269 "Bad lookupswitch instruction");
2270 return;
2271 }
2272 }
2273 }
2274 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2275 for (int i = 0; i < keys; i++) {
2276 // Because check_jump_target() may safepoint, the bytecode could have
2277 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2278 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2279 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2280 stackmap_table->check_jump_target(
2281 current_frame, bci, offset, CHECK_VERIFY(this));
2282 }
2283 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2284 }
2285
2286 bool ClassVerifier::name_in_supers(
2287 Symbol* ref_name, InstanceKlass* current) {
2288 Klass* super = current->super();
2289 while (super != nullptr) {
2290 if (super->name() == ref_name) {
2291 return true;
2292 }
2293 super = super->super();
2294 }
2295 return false;
2296 }
2297
2298 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2299 StackMapFrame* current_frame,
2300 const constantPoolHandle& cp,
2301 bool allow_arrays,
2302 TRAPS) {
2303 u2 index = bcs->get_index_u2();
2304 verify_cp_type(bcs->bci(), index, cp,
2305 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2306
2307 // Get field name and signature
2308 Symbol* field_name = cp->uncached_name_ref_at(index);
2309 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2310 bool is_getfield = false;
2311
2312 // Field signature was checked in ClassFileParser.
2313 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2314 "Invalid field signature");
2315
2316 // Get referenced class type
2317 VerificationType ref_class_type = cp_ref_index_to_type(
2318 index, cp, CHECK_VERIFY(this));
2319 if (!ref_class_type.is_object() &&
2320 (!allow_arrays || !ref_class_type.is_array())) {
2321 verify_error(ErrorContext::bad_type(bcs->bci(),
2322 TypeOrigin::cp(index, ref_class_type)),
2323 "Expecting reference to class in class %s at constant pool index %d",
2324 _klass->external_name(), index);
2325 return;
2326 }
2327 VerificationType target_class_type = ref_class_type;
2328
2329 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2330 "buffer type must match VerificationType size");
2331 uintptr_t field_type_buffer[2];
2332 VerificationType* field_type = (VerificationType*)field_type_buffer;
2333 // If we make a VerificationType[2] array directly, the compiler calls
2334 // to the c-runtime library to do the allocation instead of just
2335 // stack allocating it. Plus it would run constructors. This shows up
2336 // in performance profiles.
2337
2338 SignatureStream sig_stream(field_sig, false);
2339 VerificationType stack_object_type;
2340 int n = change_sig_to_verificationType(&sig_stream, field_type);
2341 int bci = bcs->bci();
2342 bool is_assignable;
2343 switch (bcs->raw_code()) {
2344 case Bytecodes::_getstatic: {
2345 for (int i = 0; i < n; i++) {
2346 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2347 }
2348 break;
2349 }
2350 case Bytecodes::_putstatic: {
2351 for (int i = n - 1; i >= 0; i--) {
2352 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2353 }
2354 break;
2355 }
2356 case Bytecodes::_getfield: {
2357 is_getfield = true;
2358 stack_object_type = current_frame->pop_stack(
2359 target_class_type, CHECK_VERIFY(this));
2360 goto check_protected;
2361 }
2362 case Bytecodes::_putfield: {
2363 for (int i = n - 1; i >= 0; i--) {
2364 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2365 }
2366 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2367
2368 // The JVMS 2nd edition allows field initialization before the superclass
2369 // initializer, if the field is defined within the current class.
2370 fieldDescriptor fd;
2371 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2372 target_class_type.equals(current_type()) &&
2373 _klass->find_local_field(field_name, field_sig, &fd)) {
2374 stack_object_type = current_type();
2375 }
2376 is_assignable = target_class_type.is_assignable_from(
2377 stack_object_type, this, false, CHECK_VERIFY(this));
2378 if (!is_assignable) {
2379 verify_error(ErrorContext::bad_type(bci,
2380 current_frame->stack_top_ctx(),
2381 TypeOrigin::cp(index, target_class_type)),
2382 "Bad type on operand stack in putfield");
2383 return;
2384 }
2385 }
2386 check_protected: {
2387 if (_this_type == stack_object_type)
2388 break; // stack_object_type must be assignable to _current_class_type
2389 if (was_recursively_verified()) {
2390 if (is_getfield) {
2391 // Push field type for getfield.
2392 for (int i = 0; i < n; i++) {
2393 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2394 }
2395 }
2396 return;
2397 }
2398 Symbol* ref_class_name =
2399 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2400 if (!name_in_supers(ref_class_name, current_class()))
2401 // stack_object_type must be assignable to _current_class_type since:
2402 // 1. stack_object_type must be assignable to ref_class.
2403 // 2. ref_class must be _current_class or a subclass of it. It can't
2404 // be a superclass of it. See revised JVMS 5.4.4.
2405 break;
2406
2407 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2408 if (is_protected_access(current_class(), ref_class_oop, field_name,
2409 field_sig, false)) {
2410 // It's protected access, check if stack object is assignable to
2411 // current class.
2412 is_assignable = current_type().is_assignable_from(
2413 stack_object_type, this, true, CHECK_VERIFY(this));
2414 if (!is_assignable) {
2415 verify_error(ErrorContext::bad_type(bci,
2416 current_frame->stack_top_ctx(),
2417 TypeOrigin::implicit(current_type())),
2418 "Bad access to protected data in %s",
2419 is_getfield ? "getfield" : "putfield");
2420 return;
2421 }
2422 }
2423 break;
2424 }
2425 default: ShouldNotReachHere();
2426 }
2427 if (is_getfield) {
2428 // Push field type for getfield after doing protection check.
2429 for (int i = 0; i < n; i++) {
2430 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2431 }
2432 }
2433 }
2434
2435 void ClassVerifier::verify_invoke_init(
2436 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2437 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2438 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2439 TRAPS) {
2440 int bci = bcs->bci();
2441 VerificationType type = current_frame->pop_stack(
2442 VerificationType::reference_check(), CHECK_VERIFY(this));
2443 if (type == VerificationType::uninitialized_this_type()) {
2444 // The method must be an <init> method of this class or its superclass
2445 Klass* superk = current_class()->super();
2446 if (ref_class_type.name() != current_class()->name() &&
2447 ref_class_type.name() != superk->name()) {
2448 verify_error(ErrorContext::bad_type(bci,
2449 TypeOrigin::implicit(ref_class_type),
2450 TypeOrigin::implicit(current_type())),
2451 "Bad <init> method call");
2452 return;
2453 }
2454
2455 // If this invokespecial call is done from inside of a TRY block then make
2456 // sure that all catch clause paths end in a throw. Otherwise, this can
2457 // result in returning an incomplete object.
2458 if (in_try_block) {
2459 // Check the exception handler target stackmaps with the locals from the
2460 // incoming stackmap (before initialize_object() changes them to outgoing
2461 // state).
2462 if (was_recursively_verified()) return;
2463 verify_exception_handler_targets(bci, true, current_frame,
2464 stackmap_table, CHECK_VERIFY(this));
2465 } // in_try_block
2466
2467 current_frame->initialize_object(type, current_type());
2468 *this_uninit = true;
2469 } else if (type.is_uninitialized()) {
2470 u2 new_offset = type.bci();
2471 address new_bcp = bcs->bcp() - bci + new_offset;
2472 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2473 /* Unreachable? Stack map parsing ensures valid type and new
2474 * instructions have a valid BCI. */
2475 verify_error(ErrorContext::bad_code(new_offset),
2476 "Expecting new instruction");
2477 return;
2478 }
2479 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2480 if (was_recursively_verified()) return;
2481 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2482
2483 // The method must be an <init> method of the indicated class
2484 VerificationType new_class_type = cp_index_to_type(
2485 new_class_index, cp, CHECK_VERIFY(this));
2486 if (!new_class_type.equals(ref_class_type)) {
2487 verify_error(ErrorContext::bad_type(bci,
2488 TypeOrigin::cp(new_class_index, new_class_type),
2489 TypeOrigin::cp(ref_class_index, ref_class_type)),
2490 "Call to wrong <init> method");
2491 return;
2492 }
2493 // According to the VM spec, if the referent class is a superclass of the
2494 // current class, and is in a different runtime package, and the method is
2495 // protected, then the objectref must be the current class or a subclass
2496 // of the current class.
2497 VerificationType objectref_type = new_class_type;
2498 if (name_in_supers(ref_class_type.name(), current_class())) {
2499 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2500 if (was_recursively_verified()) return;
2501 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2502 vmSymbols::object_initializer_name(),
2503 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2504 Klass::OverpassLookupMode::find);
2505 // Do nothing if method is not found. Let resolution detect the error.
2506 if (m != nullptr) {
2507 InstanceKlass* mh = m->method_holder();
2508 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2509 bool assignable = current_type().is_assignable_from(
2510 objectref_type, this, true, CHECK_VERIFY(this));
2511 if (!assignable) {
2512 verify_error(ErrorContext::bad_type(bci,
2513 TypeOrigin::cp(new_class_index, objectref_type),
2514 TypeOrigin::implicit(current_type())),
2515 "Bad access to protected <init> method");
2516 return;
2517 }
2518 }
2519 }
2520 }
2521 // Check the exception handler target stackmaps with the locals from the
2522 // incoming stackmap (before initialize_object() changes them to outgoing
2523 // state).
2524 if (in_try_block) {
2525 if (was_recursively_verified()) return;
2526 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2527 stackmap_table, CHECK_VERIFY(this));
2528 }
2529 current_frame->initialize_object(type, new_class_type);
2530 } else {
2531 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2532 "Bad operand type when invoking <init>");
2533 return;
2534 }
2535 }
2536
2537 bool ClassVerifier::is_same_or_direct_interface(
2538 InstanceKlass* klass,
2539 VerificationType klass_type,
2540 VerificationType ref_class_type) {
2541 if (ref_class_type.equals(klass_type)) return true;
2542 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2543 if (local_interfaces != nullptr) {
2544 for (int x = 0; x < local_interfaces->length(); x++) {
2545 InstanceKlass* k = local_interfaces->at(x);
2546 assert (k != nullptr && k->is_interface(), "invalid interface");
2547 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2548 return true;
2549 }
2550 }
2551 }
2552 return false;
2553 }
2554
2555 void ClassVerifier::verify_invoke_instructions(
2556 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2557 bool in_try_block, bool *this_uninit, VerificationType return_type,
2558 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2559 // Make sure the constant pool item is the right type
2560 u2 index = bcs->get_index_u2();
2561 Bytecodes::Code opcode = bcs->raw_code();
2562 unsigned int types = 0;
2563 switch (opcode) {
2564 case Bytecodes::_invokeinterface:
2565 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2566 break;
2567 case Bytecodes::_invokedynamic:
2568 types = 1 << JVM_CONSTANT_InvokeDynamic;
2569 break;
2570 case Bytecodes::_invokespecial:
2571 case Bytecodes::_invokestatic:
2572 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2573 (1 << JVM_CONSTANT_Methodref) :
2574 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2575 break;
2576 default:
2577 types = 1 << JVM_CONSTANT_Methodref;
2578 }
2579 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2580
2581 // Get method name and signature
2582 Symbol* method_name = cp->uncached_name_ref_at(index);
2583 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2584
2585 // Method signature was checked in ClassFileParser.
2586 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2587 "Invalid method signature");
2588
2589 // Get referenced class type
2590 VerificationType ref_class_type;
2591 if (opcode == Bytecodes::_invokedynamic) {
2592 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2593 class_format_error(
2594 "invokedynamic instructions not supported by this class file version (%d), class %s",
2595 _klass->major_version(), _klass->external_name());
2596 return;
2597 }
2598 } else {
2599 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2600 }
2601
2602 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2603 "buffer type must match VerificationType size");
2604
2605 // Get the UTF8 index for this signature.
2606 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2607
2608 // Get the signature's verification types.
2609 sig_as_verification_types* mth_sig_verif_types;
2610 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2611 if (mth_sig_verif_types_ptr != nullptr) {
2612 // Found the entry for the signature's verification types in the hash table.
2613 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2614 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2615 } else {
2616 // Not found, add the entry to the table.
2617 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2618 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2619 create_method_sig_entry(mth_sig_verif_types, sig_index);
2620 }
2621
2622 // Get the number of arguments for this signature.
2623 int nargs = mth_sig_verif_types->num_args();
2624
2625 // Check instruction operands
2626 int bci = bcs->bci();
2627 if (opcode == Bytecodes::_invokeinterface) {
2628 address bcp = bcs->bcp();
2629 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2630 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2631 // the difference between the size of the operand stack before and after the instruction
2632 // executes.
2633 if (*(bcp+3) != (nargs+1)) {
2634 verify_error(ErrorContext::bad_code(bci),
2635 "Inconsistent args count operand in invokeinterface");
2636 return;
2637 }
2638 if (*(bcp+4) != 0) {
2639 verify_error(ErrorContext::bad_code(bci),
2640 "Fourth operand byte of invokeinterface must be zero");
2641 return;
2642 }
2643 }
2644
2645 if (opcode == Bytecodes::_invokedynamic) {
2646 address bcp = bcs->bcp();
2647 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2648 verify_error(ErrorContext::bad_code(bci),
2649 "Third and fourth operand bytes of invokedynamic must be zero");
2650 return;
2651 }
2652 }
2653
2654 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2655 // Make sure <init> can only be invoked by invokespecial
2656 if (opcode != Bytecodes::_invokespecial ||
2657 method_name != vmSymbols::object_initializer_name()) {
2658 verify_error(ErrorContext::bad_code(bci),
2659 "Illegal call to internal method");
2660 return;
2661 }
2662 }
2663 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2664 // or any superclass (including Object).
2665 else if (opcode == Bytecodes::_invokespecial
2666 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2667 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) {
2668
2669 // We know it is not current class, direct superinterface or immediate superclass. That means it
2670 // could be:
2671 // - a totally unrelated class or interface
2672 // - an indirect superinterface
2673 // - an indirect superclass (including Object)
2674 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2675 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2676 // implemented as assignability treats all interfaces as Object.
2677
2678 bool is_interface = false; // This can only be set true if the assignability check will return true
2679 // and we loaded the class. For any other "true" returns (e.g. same class
2680 // or Object) we either can't get here (same class already excluded above)
2681 // or we know it is not an interface (i.e. Object).
2682 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2683 &is_interface, CHECK_VERIFY(this));
2684 if (!subtype) { // Totally unrelated class
2685 verify_error(ErrorContext::bad_code(bci),
2686 "Bad invokespecial instruction: "
2687 "current class isn't assignable to reference class.");
2688 return;
2689 } else {
2690 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2691 // Any interface use is an error.
2692 if (is_interface) {
2693 verify_error(ErrorContext::bad_code(bci),
2694 "Bad invokespecial instruction: "
2695 "interface method to invoke is not in a direct superinterface.");
2696 return;
2697 }
2698 }
2699 }
2700
2701 // Get the verification types for the method's arguments.
2702 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2703 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2704 // Match method descriptor with operand stack
2705 // The arguments are on the stack in descending order.
2706 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2707 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2708 }
2709
2710 // Check objectref on operand stack
2711 if (opcode != Bytecodes::_invokestatic &&
2712 opcode != Bytecodes::_invokedynamic) {
2713 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2714 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2715 code_length, in_try_block, this_uninit, cp, stackmap_table,
2716 CHECK_VERIFY(this));
2717 if (was_recursively_verified()) return;
2718 } else { // other methods
2719 // Ensures that target class is assignable to method class.
2720 if (opcode == Bytecodes::_invokespecial) {
2721 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2722 } else if (opcode == Bytecodes::_invokevirtual) {
2723 VerificationType stack_object_type =
2724 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2725 if (current_type() != stack_object_type) {
2726 if (was_recursively_verified()) return;
2727 assert(cp->cache() == nullptr, "not rewritten yet");
2728 Symbol* ref_class_name =
2729 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2730 // See the comments in verify_field_instructions() for
2731 // the rationale behind this.
2732 if (name_in_supers(ref_class_name, current_class())) {
2733 Klass* ref_class = load_class(ref_class_name, CHECK);
2734 if (is_protected_access(
2735 _klass, ref_class, method_name, method_sig, true)) {
2736 // It's protected access, check if stack object is
2737 // assignable to current class.
2738 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2739 && stack_object_type.is_array()
2740 && method_name == vmSymbols::clone_name()) {
2741 // Special case: arrays pretend to implement public Object
2742 // clone().
2743 } else {
2744 bool is_assignable = current_type().is_assignable_from(
2745 stack_object_type, this, true, CHECK_VERIFY(this));
2746 if (!is_assignable) {
2747 verify_error(ErrorContext::bad_type(bci,
2748 current_frame->stack_top_ctx(),
2749 TypeOrigin::implicit(current_type())),
2750 "Bad access to protected data in invokevirtual");
2751 return;
2752 }
2753 }
2754 }
2755 }
2756 }
2757 } else {
2758 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2759 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2760 }
2761 }
2762 }
2763 // Push the result type.
2764 int sig_verif_types_len = sig_verif_types->length();
2765 if (sig_verif_types_len > nargs) { // There's a return type
2766 if (method_name == vmSymbols::object_initializer_name()) {
2767 // <init> method must have a void return type
2768 /* Unreachable? Class file parser verifies that methods with '<' have
2769 * void return */
2770 verify_error(ErrorContext::bad_code(bci),
2771 "Return type must be void in <init> method");
2772 return;
2773 }
2774
2775 assert(sig_verif_types_len <= nargs + 2,
2776 "Signature verification types array return type is bogus");
2777 for (int i = nargs; i < sig_verif_types_len; i++) {
2778 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2779 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2780 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2781 }
2782 }
2783 }
2784
2785 VerificationType ClassVerifier::get_newarray_type(
2786 u2 index, int bci, TRAPS) {
2787 const char* from_bt[] = {
2788 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2789 };
2790 if (index < T_BOOLEAN || index > T_LONG) {
2791 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2792 return VerificationType::bogus_type();
2793 }
2794
2795 // from_bt[index] contains the array signature which has a length of 2
2796 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2797 return VerificationType::reference_type(sig);
2798 }
2799
2800 void ClassVerifier::verify_anewarray(
2801 int bci, u2 index, const constantPoolHandle& cp,
2802 StackMapFrame* current_frame, TRAPS) {
2803 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2804 current_frame->pop_stack(
2805 VerificationType::integer_type(), CHECK_VERIFY(this));
2806
2807 if (was_recursively_verified()) return;
2808 VerificationType component_type =
2809 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2810 int length;
2811 char* arr_sig_str;
2812 if (component_type.is_array()) { // it's an array
2813 const char* component_name = component_type.name()->as_utf8();
2814 // Check for more than MAX_ARRAY_DIMENSIONS
2815 length = (int)strlen(component_name);
2816 if (length > MAX_ARRAY_DIMENSIONS &&
2817 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2818 verify_error(ErrorContext::bad_code(bci),
2819 "Illegal anewarray instruction, array has more than 255 dimensions");
2820 }
2821 // add one dimension to component
2822 length++;
2823 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2824 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2825 JVM_SIGNATURE_ARRAY, component_name);
2826 assert(n == length, "Unexpected number of characters in string");
2827 } else { // it's an object or interface
2828 const char* component_name = component_type.name()->as_utf8();
2829 // add one dimension to component with 'L' prepended and ';' postpended.
2830 length = (int)strlen(component_name) + 3;
2831 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2832 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2833 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2834 assert(n == length, "Unexpected number of characters in string");
2835 }
2836 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2837 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2838 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2839 }
2840
2841 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2842 current_frame->get_local(
2843 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2844 current_frame->push_stack(
2845 VerificationType::integer_type(), CHECK_VERIFY(this));
2846 }
2847
2848 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2849 current_frame->get_local_2(
2850 index, VerificationType::long_type(),
2851 VerificationType::long2_type(), CHECK_VERIFY(this));
2852 current_frame->push_stack_2(
2853 VerificationType::long_type(),
2854 VerificationType::long2_type(), CHECK_VERIFY(this));
2855 }
2856
2857 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2858 current_frame->get_local(
2859 index, VerificationType::float_type(), CHECK_VERIFY(this));
2860 current_frame->push_stack(
2861 VerificationType::float_type(), CHECK_VERIFY(this));
2862 }
2863
2864 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2865 current_frame->get_local_2(
2866 index, VerificationType::double_type(),
2867 VerificationType::double2_type(), CHECK_VERIFY(this));
2868 current_frame->push_stack_2(
2869 VerificationType::double_type(),
2870 VerificationType::double2_type(), CHECK_VERIFY(this));
2871 }
2872
2873 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2874 VerificationType type = current_frame->get_local(
2875 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2876 current_frame->push_stack(type, CHECK_VERIFY(this));
2877 }
2878
2879 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2880 current_frame->pop_stack(
2881 VerificationType::integer_type(), CHECK_VERIFY(this));
2882 current_frame->set_local(
2883 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2884 }
2885
2886 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2887 current_frame->pop_stack_2(
2888 VerificationType::long2_type(),
2889 VerificationType::long_type(), CHECK_VERIFY(this));
2890 current_frame->set_local_2(
2891 index, VerificationType::long_type(),
2892 VerificationType::long2_type(), CHECK_VERIFY(this));
2893 }
2894
2895 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2896 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2897 current_frame->set_local(
2898 index, VerificationType::float_type(), CHECK_VERIFY(this));
2899 }
2900
2901 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2902 current_frame->pop_stack_2(
2903 VerificationType::double2_type(),
2904 VerificationType::double_type(), CHECK_VERIFY(this));
2905 current_frame->set_local_2(
2906 index, VerificationType::double_type(),
2907 VerificationType::double2_type(), CHECK_VERIFY(this));
2908 }
2909
2910 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2911 VerificationType type = current_frame->pop_stack(
2912 VerificationType::reference_check(), CHECK_VERIFY(this));
2913 current_frame->set_local(index, type, CHECK_VERIFY(this));
2914 }
2915
2916 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2917 VerificationType type = current_frame->get_local(
2918 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2919 current_frame->set_local(index, type, CHECK_VERIFY(this));
2920 }
2921
2922 void ClassVerifier::verify_return_value(
2923 VerificationType return_type, VerificationType type, int bci,
2924 StackMapFrame* current_frame, TRAPS) {
2925 if (return_type == VerificationType::bogus_type()) {
2926 verify_error(ErrorContext::bad_type(bci,
2927 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2928 "Method does not expect a return value");
2929 return;
2930 }
2931 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2932 if (!match) {
2933 verify_error(ErrorContext::bad_type(bci,
2934 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2935 "Bad return type");
2936 return;
2937 }
2938 }
2939
2940 // The verifier creates symbols which are substrings of Symbols.
2941 // These are stored in the verifier until the end of verification so that
2942 // they can be reference counted.
2943 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
2944 // Quick deduplication check
2945 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
2946 return _previous_symbol;
2947 }
2948 Symbol* sym = SymbolTable::new_symbol(name, length);
2949 if (!sym->is_permanent()) {
2950 if (_symbols == nullptr) {
2951 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
2952 }
2953 _symbols->push(sym);
2954 }
2955 _previous_symbol = sym;
2956 return sym;
2957 }