1 /*
2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "cds/cdsConfig.hpp"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/verifier.hpp"
36 #include "classfile/vmClasses.hpp"
37 #include "classfile/vmSymbols.hpp"
38 #include "interpreter/bytecodes.hpp"
39 #include "interpreter/bytecodeStream.hpp"
40 #include "jvm.h"
41 #include "logging/log.hpp"
42 #include "logging/logStream.hpp"
43 #include "memory/oopFactory.hpp"
44 #include "memory/resourceArea.hpp"
45 #include "memory/universe.hpp"
46 #include "oops/constantPool.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63
64 #define NOFAILOVER_MAJOR_VERSION 51
65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != nullptr)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != nullptr)
85 return _verify_byte_codes_fn;
86
87 // Load verify dll
88 char buffer[JVM_MAXPATHLEN];
89 char ebuf[1024];
90 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
91 return nullptr; // Caller will throw VerifyError
92
93 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
94 if (lib_handle == nullptr)
95 return nullptr; // Caller will throw VerifyError
96
97 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
98 if (fn == nullptr)
99 return nullptr; // Caller will throw VerifyError
100
101 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
102 }
103
104
105 // Methods in Verifier
106
107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
108 return (class_loader == nullptr || !should_verify_class) ?
109 BytecodeVerificationLocal : BytecodeVerificationRemote;
110 }
111
112 bool Verifier::relax_access_for(oop loader) {
113 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
114 bool need_verify =
115 // verifyAll
116 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
117 // verifyRemote
118 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
119 return !need_verify;
120 }
121
122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
123 assert(verify_class != nullptr, "Unexpected null verify_class");
124 ResourceMark rm;
125 Symbol* s = verify_class->source_file_name();
126 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
127 const char* verify = verify_class->external_name();
128 const char* resolve = resolve_class->external_name();
129 // print in a single call to reduce interleaving between threads
130 if (source_file != nullptr) {
131 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
132 } else {
133 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
134 }
135 }
136
137 // Prints the end-verification message to the appropriate output.
138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
139 if (pending_exception != nullptr) {
140 st->print("Verification for %s has", klassName);
141 oop message = java_lang_Throwable::message(pending_exception);
142 if (message != nullptr) {
143 char* ex_msg = java_lang_String::as_utf8_string(message);
144 st->print_cr(" exception pending '%s %s'",
145 pending_exception->klass()->external_name(), ex_msg);
146 } else {
147 st->print_cr(" exception pending %s ",
148 pending_exception->klass()->external_name());
149 }
150 } else if (exception_name != nullptr) {
151 st->print_cr("Verification for %s failed", klassName);
152 }
153 st->print_cr("End class verification for: %s", klassName);
154 }
155
156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
157 HandleMark hm(THREAD);
158 ResourceMark rm(THREAD);
159
160 // Eagerly allocate the identity hash code for a klass. This is a fallout
161 // from 6320749 and 8059924: hash code generator is not supposed to be called
162 // during the safepoint, but it allows to sneak the hashcode in during
163 // verification. Without this eager hashcode generation, we may end up
164 // installing the hashcode during some other operation, which may be at
165 // safepoint -- blowing up the checks. It was previously done as the side
166 // effect (sic!) for external_name(), but instead of doing that, we opt to
167 // explicitly push the hashcode in here. This is signify the following block
168 // is IMPORTANT:
169 if (klass->java_mirror() != nullptr) {
170 klass->java_mirror()->identity_hash();
171 }
172
173 if (!is_eligible_for_verification(klass, should_verify_class)) {
174 return true;
175 }
176
177 // Timer includes any side effects of class verification (resolution,
178 // etc), but not recursive calls to Verifier::verify().
179 JavaThread* jt = THREAD;
180 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
181 ClassLoader::perf_class_verify_selftime(),
182 ClassLoader::perf_classes_verified(),
183 jt->get_thread_stat()->perf_recursion_counts_addr(),
184 jt->get_thread_stat()->perf_timers_addr(),
185 PerfClassTraceTime::CLASS_VERIFY);
186
187 // If the class should be verified, first see if we can use the split
188 // verifier. If not, or if verification fails and can failover, then
189 // call the inference verifier.
190 Symbol* exception_name = nullptr;
191 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
192 char* message_buffer = nullptr;
193 char* exception_message = nullptr;
194
195 log_info(class, init)("Start class verification for: %s", klass->external_name());
196 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
197 ClassVerifier split_verifier(jt, klass);
198 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
199 split_verifier.verify_class(THREAD);
200 exception_name = split_verifier.result();
201
202 // If dumping static archive then don't fall back to the old verifier on
203 // verification failure. If a class fails verification with the split verifier,
204 // it might fail the CDS runtime verifier constraint check. In that case, we
205 // don't want to share the class. We only archive classes that pass the split
206 // verifier.
207 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
208 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
209
210 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
211 (exception_name == vmSymbols::java_lang_VerifyError() ||
212 exception_name == vmSymbols::java_lang_ClassFormatError())) {
213 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
214 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
215 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
216 exception_message = message_buffer;
217 exception_name = inference_verify(
218 klass, message_buffer, message_buffer_len, THREAD);
219 }
220 if (exception_name != nullptr) {
221 exception_message = split_verifier.exception_message();
222 }
223 } else {
224 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
225 exception_message = message_buffer;
226 exception_name = inference_verify(
227 klass, message_buffer, message_buffer_len, THREAD);
228 }
229
230 LogTarget(Info, class, init) lt1;
231 if (lt1.is_enabled()) {
232 LogStream ls(lt1);
233 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
234 }
235 LogTarget(Info, verification) lt2;
236 if (lt2.is_enabled()) {
237 LogStream ls(lt2);
238 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
239 }
240
241 if (HAS_PENDING_EXCEPTION) {
242 return false; // use the existing exception
243 } else if (exception_name == nullptr) {
244 return true; // verification succeeded
245 } else { // VerifyError or ClassFormatError to be created and thrown
246 Klass* kls =
247 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
248 if (log_is_enabled(Debug, class, resolve)) {
249 Verifier::trace_class_resolution(kls, klass);
250 }
251
252 while (kls != nullptr) {
253 if (kls == klass) {
254 // If the class being verified is the exception we're creating
255 // or one of it's superclasses, we're in trouble and are going
256 // to infinitely recurse when we try to initialize the exception.
257 // So bail out here by throwing the preallocated VM error.
258 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
259 }
260 kls = kls->super();
261 }
262 if (message_buffer != nullptr) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != nullptr, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
273
274 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
275 klass->is_subtype_of(refl_serialization_ctor_klass);
276
277 return (should_verify_for(klass->class_loader(), should_verify_class) &&
278 // return if the class is a bootstrapping class
279 // or defineClass specified not to verify by default (flags override passed arg)
280 // We need to skip the following four for bootstraping
281 name != vmSymbols::java_lang_Object() &&
282 name != vmSymbols::java_lang_Class() &&
283 name != vmSymbols::java_lang_String() &&
284 name != vmSymbols::java_lang_Throwable() &&
285
286 // Can not verify the bytecodes for shared classes because they have
287 // already been rewritten to contain constant pool cache indices,
288 // which the verifier can't understand.
289 // Shared classes shouldn't have stackmaps either.
290 // However, bytecodes for shared old classes can be verified because
291 // they have not been rewritten.
292 !(klass->is_shared() && klass->is_rewritten()) &&
293
294 // As of the fix for 4486457 we disable verification for all of the
295 // dynamically-generated bytecodes associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 (!is_reflect_accessor));
298 }
299
300 Symbol* Verifier::inference_verify(
301 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
302 JavaThread* thread = THREAD;
303
304 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
305
306 if (verify_func == nullptr) {
307 jio_snprintf(message, message_len, "Could not link verifier");
308 return vmSymbols::java_lang_VerifyError();
309 }
310
311 ResourceMark rm(thread);
312 log_info(verification)("Verifying class %s with old format", klass->external_name());
313
314 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
315 jint result;
316
317 {
318 HandleMark hm(thread);
319 ThreadToNativeFromVM ttn(thread);
320 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
321 // code knows that we have left the VM
322 JNIEnv *env = thread->jni_environment();
323 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
324 }
325
326 JNIHandles::destroy_local(cls);
327
328 // These numbers are chosen so that VerifyClassCodes interface doesn't need
329 // to be changed (still return jboolean (unsigned char)), and result is
330 // 1 when verification is passed.
331 if (result == 0) {
332 return vmSymbols::java_lang_VerifyError();
333 } else if (result == 1) {
334 return nullptr; // verified.
335 } else if (result == 2) {
336 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
337 } else if (result == 3) {
338 return vmSymbols::java_lang_ClassFormatError();
339 } else {
340 ShouldNotReachHere();
341 return nullptr;
342 }
343 }
344
345 TypeOrigin TypeOrigin::null() {
346 return TypeOrigin();
347 }
348 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
349 assert(frame != nullptr, "Must have a frame");
350 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
351 frame->local_at(index));
352 }
353 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
354 assert(frame != nullptr, "Must have a frame");
355 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
356 frame->stack_at(index));
357 }
358 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
359 assert(frame != nullptr, "Must have a frame");
360 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
361 frame->local_at(index));
362 }
363 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
364 assert(frame != nullptr, "Must have a frame");
365 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
366 frame->stack_at(index));
367 }
368 TypeOrigin TypeOrigin::bad_index(int index) {
369 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
370 }
371 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
372 return TypeOrigin(CONST_POOL, index, nullptr, vt);
373 }
374 TypeOrigin TypeOrigin::signature(VerificationType vt) {
375 return TypeOrigin(SIG, 0, nullptr, vt);
376 }
377 TypeOrigin TypeOrigin::implicit(VerificationType t) {
378 return TypeOrigin(IMPLICIT, 0, nullptr, t);
379 }
380 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
381 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
382 VerificationType::bogus_type());
383 }
384
385 void TypeOrigin::reset_frame() {
386 if (_frame != nullptr) {
387 _frame->restore();
388 }
389 }
390
391 void TypeOrigin::details(outputStream* ss) const {
392 _type.print_on(ss);
393 switch (_origin) {
394 case CF_LOCALS:
395 ss->print(" (current frame, locals[%d])", _index);
396 break;
397 case CF_STACK:
398 ss->print(" (current frame, stack[%d])", _index);
399 break;
400 case SM_LOCALS:
401 ss->print(" (stack map, locals[%d])", _index);
402 break;
403 case SM_STACK:
404 ss->print(" (stack map, stack[%d])", _index);
405 break;
406 case CONST_POOL:
407 ss->print(" (constant pool %d)", _index);
408 break;
409 case SIG:
410 ss->print(" (from method signature)");
411 break;
412 case IMPLICIT:
413 case FRAME_ONLY:
414 case NONE:
415 default:
416 ;
417 }
418 }
419
420 #ifdef ASSERT
421 void TypeOrigin::print_on(outputStream* str) const {
422 str->print("{%d,%d,%p:", _origin, _index, _frame);
423 if (_frame != nullptr) {
424 _frame->print_on(str);
425 } else {
426 str->print("null");
427 }
428 str->print(",");
429 _type.print_on(str);
430 str->print("}");
431 }
432 #endif
433
434 void ErrorContext::details(outputStream* ss, const Method* method) const {
435 if (is_valid()) {
436 ss->cr();
437 ss->print_cr("Exception Details:");
438 location_details(ss, method);
439 reason_details(ss);
440 frame_details(ss);
441 bytecode_details(ss, method);
442 handler_details(ss, method);
443 stackmap_details(ss, method);
444 }
445 }
446
447 void ErrorContext::reason_details(outputStream* ss) const {
448 streamIndentor si(ss);
449 ss->indent().print_cr("Reason:");
450 streamIndentor si2(ss);
451 ss->indent().print("%s", "");
452 switch (_fault) {
453 case INVALID_BYTECODE:
454 ss->print("Error exists in the bytecode");
455 break;
456 case WRONG_TYPE:
457 if (_expected.is_valid()) {
458 ss->print("Type ");
459 _type.details(ss);
460 ss->print(" is not assignable to ");
461 _expected.details(ss);
462 } else {
463 ss->print("Invalid type: ");
464 _type.details(ss);
465 }
466 break;
467 case FLAGS_MISMATCH:
468 if (_expected.is_valid()) {
469 ss->print("Current frame's flags are not assignable "
470 "to stack map frame's.");
471 } else {
472 ss->print("Current frame's flags are invalid in this context.");
473 }
474 break;
475 case BAD_CP_INDEX:
476 ss->print("Constant pool index %d is invalid", _type.index());
477 break;
478 case BAD_LOCAL_INDEX:
479 ss->print("Local index %d is invalid", _type.index());
480 break;
481 case LOCALS_SIZE_MISMATCH:
482 ss->print("Current frame's local size doesn't match stackmap.");
483 break;
484 case STACK_SIZE_MISMATCH:
485 ss->print("Current frame's stack size doesn't match stackmap.");
486 break;
487 case STACK_OVERFLOW:
488 ss->print("Exceeded max stack size.");
489 break;
490 case STACK_UNDERFLOW:
491 ss->print("Attempt to pop empty stack.");
492 break;
493 case MISSING_STACKMAP:
494 ss->print("Expected stackmap frame at this location.");
495 break;
496 case BAD_STACKMAP:
497 ss->print("Invalid stackmap specification.");
498 break;
499 case UNKNOWN:
500 default:
501 ShouldNotReachHere();
502 ss->print_cr("Unknown");
503 }
504 ss->cr();
505 }
506
507 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
508 if (_bci != -1 && method != nullptr) {
509 streamIndentor si(ss);
510 const char* bytecode_name = "<invalid>";
511 if (method->validate_bci(_bci) != -1) {
512 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
513 if (Bytecodes::is_defined(code)) {
514 bytecode_name = Bytecodes::name(code);
515 } else {
516 bytecode_name = "<illegal>";
517 }
518 }
519 InstanceKlass* ik = method->method_holder();
520 ss->indent().print_cr("Location:");
521 streamIndentor si2(ss);
522 ss->indent().print_cr("%s.%s%s @%d: %s",
523 ik->name()->as_C_string(), method->name()->as_C_string(),
524 method->signature()->as_C_string(), _bci, bytecode_name);
525 }
526 }
527
528 void ErrorContext::frame_details(outputStream* ss) const {
529 streamIndentor si(ss);
530 if (_type.is_valid() && _type.frame() != nullptr) {
531 ss->indent().print_cr("Current Frame:");
532 streamIndentor si2(ss);
533 _type.frame()->print_on(ss);
534 }
535 if (_expected.is_valid() && _expected.frame() != nullptr) {
536 ss->indent().print_cr("Stackmap Frame:");
537 streamIndentor si2(ss);
538 _expected.frame()->print_on(ss);
539 }
540 }
541
542 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
543 if (method != nullptr) {
544 streamIndentor si(ss);
545 ss->indent().print_cr("Bytecode:");
546 streamIndentor si2(ss);
547 ss->print_data(method->code_base(), method->code_size(), false);
548 }
549 }
550
551 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
552 if (method != nullptr) {
553 streamIndentor si(ss);
554 ExceptionTable table(method);
555 if (table.length() > 0) {
556 ss->indent().print_cr("Exception Handler Table:");
557 streamIndentor si2(ss);
558 for (int i = 0; i < table.length(); ++i) {
559 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
560 table.end_pc(i), table.handler_pc(i));
561 }
562 }
563 }
564 }
565
566 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
567 if (method != nullptr && method->has_stackmap_table()) {
568 streamIndentor si(ss);
569 ss->indent().print_cr("Stackmap Table:");
570 Array<u1>* data = method->stackmap_data();
571 stack_map_table* sm_table =
572 stack_map_table::at((address)data->adr_at(0));
573 stack_map_frame* sm_frame = sm_table->entries();
574 streamIndentor si2(ss);
575 int current_offset = -1;
576 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
577 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
578 ss->indent();
579 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
580 sm_frame->print_truncated(ss, current_offset);
581 return;
582 }
583 sm_frame->print_on(ss, current_offset);
584 ss->cr();
585 current_offset += sm_frame->offset_delta();
586 sm_frame = sm_frame->next();
587 }
588 }
589 }
590
591 // Methods in ClassVerifier
592
593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
594 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
595 _message(nullptr), _klass(klass) {
596 _this_type = VerificationType::reference_type(klass->name());
597 }
598
599 ClassVerifier::~ClassVerifier() {
600 // Decrement the reference count for any symbols created.
601 if (_symbols != nullptr) {
602 for (int i = 0; i < _symbols->length(); i++) {
603 Symbol* s = _symbols->at(i);
604 s->decrement_refcount();
605 }
606 }
607 }
608
609 VerificationType ClassVerifier::object_type() const {
610 return VerificationType::reference_type(vmSymbols::java_lang_Object());
611 }
612
613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
614 VerificationType vt = VerificationType::reference_type(
615 create_temporary_symbol(sig, (int)strlen(sig)));
616 return TypeOrigin::implicit(vt);
617 }
618
619
620 void ClassVerifier::verify_class(TRAPS) {
621 log_info(verification)("Verifying class %s with new format", _klass->external_name());
622
623 // Either verifying both local and remote classes or just remote classes.
624 assert(BytecodeVerificationRemote, "Should not be here");
625
626 Array<Method*>* methods = _klass->methods();
627 int num_methods = methods->length();
628
629 for (int index = 0; index < num_methods; index++) {
630 // Check for recursive re-verification before each method.
631 if (was_recursively_verified()) return;
632
633 Method* m = methods->at(index);
634 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
635 // If m is native or abstract, skip it. It is checked in class file
636 // parser that methods do not override a final method. Overpass methods
637 // are trusted since the VM generates them.
638 continue;
639 }
640 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
641 }
642
643 if (was_recursively_verified()){
644 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
645 log_info(class, init)("Recursive verification detected for: %s",
646 _klass->external_name());
647 }
648 }
649
650 // Translate the signature entries into verification types and save them in
651 // the growable array. Also, save the count of arguments.
652 void ClassVerifier::translate_signature(Symbol* const method_sig,
653 sig_as_verification_types* sig_verif_types) {
654 SignatureStream sig_stream(method_sig);
655 VerificationType sig_type[2];
656 int sig_i = 0;
657 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
658
659 // Translate the signature arguments into verification types.
660 while (!sig_stream.at_return_type()) {
661 int n = change_sig_to_verificationType(&sig_stream, sig_type);
662 assert(n <= 2, "Unexpected signature type");
663
664 // Store verification type(s). Longs and Doubles each have two verificationTypes.
665 for (int x = 0; x < n; x++) {
666 verif_types->push(sig_type[x]);
667 }
668 sig_i += n;
669 sig_stream.next();
670 }
671
672 // Set final arg count, not including the return type. The final arg count will
673 // be compared with sig_verify_types' length to see if there is a return type.
674 sig_verif_types->set_num_args(sig_i);
675
676 // Store verification type(s) for the return type, if there is one.
677 if (sig_stream.type() != T_VOID) {
678 int n = change_sig_to_verificationType(&sig_stream, sig_type);
679 assert(n <= 2, "Unexpected signature return type");
680 for (int y = 0; y < n; y++) {
681 verif_types->push(sig_type[y]);
682 }
683 }
684 }
685
686 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
687 int sig_index) {
688 // Translate the signature into verification types.
689 ConstantPool* cp = _klass->constants();
690 Symbol* const method_sig = cp->symbol_at(sig_index);
691 translate_signature(method_sig, sig_verif_types);
692
693 // Add the list of this signature's verification types to the table.
694 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
695 assert(is_unique, "Duplicate entries in method_signature_table");
696 }
697
698 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
699 HandleMark hm(THREAD);
700 _method = m; // initialize _method
701 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
702
703 // For clang, the only good constant format string is a literal constant format string.
704 #define bad_type_msg "Bad type on operand stack in %s"
705
706 u2 max_stack = m->verifier_max_stack();
707 u2 max_locals = m->max_locals();
708 constantPoolHandle cp(THREAD, m->constants());
709
710 // Method signature was checked in ClassFileParser.
711 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
712 "Invalid method signature");
713
714 // Initial stack map frame: offset is 0, stack is initially empty.
715 StackMapFrame current_frame(max_locals, max_stack, this);
716 // Set initial locals
717 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
718
719 u2 stackmap_index = 0; // index to the stackmap array
720
721 u4 code_length = m->code_size();
722
723 // Scan the bytecode and map each instruction's start offset to a number.
724 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
725
726 int ex_min = code_length;
727 int ex_max = -1;
728 // Look through each item on the exception table. Each of the fields must refer
729 // to a legal instruction.
730 if (was_recursively_verified()) return;
731 verify_exception_handler_table(
732 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
733
734 // Look through each entry on the local variable table and make sure
735 // its range of code array offsets is valid. (4169817)
736 if (m->has_localvariable_table()) {
737 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
738 }
739
740 Array<u1>* stackmap_data = m->stackmap_data();
741 StackMapStream stream(stackmap_data);
742 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
743 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
744 code_data, code_length, CHECK_VERIFY(this));
745
746 LogTarget(Debug, verification) lt;
747 if (lt.is_enabled()) {
748 ResourceMark rm(THREAD);
749 LogStream ls(lt);
750 stackmap_table.print_on(&ls);
751 }
752
753 RawBytecodeStream bcs(m);
754
755 // Scan the byte code linearly from the start to the end
756 bool no_control_flow = false; // Set to true when there is no direct control
757 // flow from current instruction to the next
758 // instruction in sequence
759
760 Bytecodes::Code opcode;
761 while (!bcs.is_last_bytecode()) {
762 // Check for recursive re-verification before each bytecode.
763 if (was_recursively_verified()) return;
764
765 opcode = bcs.raw_next();
766 int bci = bcs.bci();
767
768 // Set current frame's offset to bci
769 current_frame.set_offset(bci);
770 current_frame.set_mark();
771
772 // Make sure every offset in stackmap table point to the beginning to
773 // an instruction. Match current_frame to stackmap_table entry with
774 // the same offset if exists.
775 stackmap_index = verify_stackmap_table(
776 stackmap_index, bci, ¤t_frame, &stackmap_table,
777 no_control_flow, CHECK_VERIFY(this));
778
779
780 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
781 bool verified_exc_handlers = false;
782
783 // Merge with the next instruction
784 {
785 int target;
786 VerificationType type, type2;
787 VerificationType atype;
788
789 LogTarget(Debug, verification) lt;
790 if (lt.is_enabled()) {
791 ResourceMark rm(THREAD);
792 LogStream ls(lt);
793 current_frame.print_on(&ls);
794 lt.print("offset = %d, opcode = %s", bci,
795 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
796 }
797
798 // Make sure wide instruction is in correct format
799 if (bcs.is_wide()) {
800 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
801 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
802 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
803 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
804 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
805 opcode != Bytecodes::_dstore) {
806 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
807 * if we encounter a wide instruction that modifies an invalid
808 * opcode (not one of the ones listed above) */
809 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
810 return;
811 }
812 }
813
814 // Look for possible jump target in exception handlers and see if it
815 // matches current_frame. Do this check here for astore*, dstore*,
816 // fstore*, istore*, and lstore* opcodes because they can change the type
817 // state by adding a local. JVM Spec says that the incoming type state
818 // should be used for this check. So, do the check here before a possible
819 // local is added to the type state.
820 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
821 if (was_recursively_verified()) return;
822 verify_exception_handler_targets(
823 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
824 verified_exc_handlers = true;
825 }
826
827 if (was_recursively_verified()) return;
828
829 switch (opcode) {
830 case Bytecodes::_nop :
831 no_control_flow = false; break;
832 case Bytecodes::_aconst_null :
833 current_frame.push_stack(
834 VerificationType::null_type(), CHECK_VERIFY(this));
835 no_control_flow = false; break;
836 case Bytecodes::_iconst_m1 :
837 case Bytecodes::_iconst_0 :
838 case Bytecodes::_iconst_1 :
839 case Bytecodes::_iconst_2 :
840 case Bytecodes::_iconst_3 :
841 case Bytecodes::_iconst_4 :
842 case Bytecodes::_iconst_5 :
843 current_frame.push_stack(
844 VerificationType::integer_type(), CHECK_VERIFY(this));
845 no_control_flow = false; break;
846 case Bytecodes::_lconst_0 :
847 case Bytecodes::_lconst_1 :
848 current_frame.push_stack_2(
849 VerificationType::long_type(),
850 VerificationType::long2_type(), CHECK_VERIFY(this));
851 no_control_flow = false; break;
852 case Bytecodes::_fconst_0 :
853 case Bytecodes::_fconst_1 :
854 case Bytecodes::_fconst_2 :
855 current_frame.push_stack(
856 VerificationType::float_type(), CHECK_VERIFY(this));
857 no_control_flow = false; break;
858 case Bytecodes::_dconst_0 :
859 case Bytecodes::_dconst_1 :
860 current_frame.push_stack_2(
861 VerificationType::double_type(),
862 VerificationType::double2_type(), CHECK_VERIFY(this));
863 no_control_flow = false; break;
864 case Bytecodes::_sipush :
865 case Bytecodes::_bipush :
866 current_frame.push_stack(
867 VerificationType::integer_type(), CHECK_VERIFY(this));
868 no_control_flow = false; break;
869 case Bytecodes::_ldc :
870 verify_ldc(
871 opcode, bcs.get_index_u1(), ¤t_frame,
872 cp, bci, CHECK_VERIFY(this));
873 no_control_flow = false; break;
874 case Bytecodes::_ldc_w :
875 case Bytecodes::_ldc2_w :
876 verify_ldc(
877 opcode, bcs.get_index_u2(), ¤t_frame,
878 cp, bci, CHECK_VERIFY(this));
879 no_control_flow = false; break;
880 case Bytecodes::_iload :
881 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
882 no_control_flow = false; break;
883 case Bytecodes::_iload_0 :
884 case Bytecodes::_iload_1 :
885 case Bytecodes::_iload_2 :
886 case Bytecodes::_iload_3 : {
887 int index = opcode - Bytecodes::_iload_0;
888 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
889 no_control_flow = false; break;
890 }
891 case Bytecodes::_lload :
892 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
893 no_control_flow = false; break;
894 case Bytecodes::_lload_0 :
895 case Bytecodes::_lload_1 :
896 case Bytecodes::_lload_2 :
897 case Bytecodes::_lload_3 : {
898 int index = opcode - Bytecodes::_lload_0;
899 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
900 no_control_flow = false; break;
901 }
902 case Bytecodes::_fload :
903 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
904 no_control_flow = false; break;
905 case Bytecodes::_fload_0 :
906 case Bytecodes::_fload_1 :
907 case Bytecodes::_fload_2 :
908 case Bytecodes::_fload_3 : {
909 int index = opcode - Bytecodes::_fload_0;
910 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
911 no_control_flow = false; break;
912 }
913 case Bytecodes::_dload :
914 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
915 no_control_flow = false; break;
916 case Bytecodes::_dload_0 :
917 case Bytecodes::_dload_1 :
918 case Bytecodes::_dload_2 :
919 case Bytecodes::_dload_3 : {
920 int index = opcode - Bytecodes::_dload_0;
921 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
922 no_control_flow = false; break;
923 }
924 case Bytecodes::_aload :
925 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_aload_0 :
928 case Bytecodes::_aload_1 :
929 case Bytecodes::_aload_2 :
930 case Bytecodes::_aload_3 : {
931 int index = opcode - Bytecodes::_aload_0;
932 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
933 no_control_flow = false; break;
934 }
935 case Bytecodes::_iaload :
936 type = current_frame.pop_stack(
937 VerificationType::integer_type(), CHECK_VERIFY(this));
938 atype = current_frame.pop_stack(
939 VerificationType::reference_check(), CHECK_VERIFY(this));
940 if (!atype.is_int_array()) {
941 verify_error(ErrorContext::bad_type(bci,
942 current_frame.stack_top_ctx(), ref_ctx("[I")),
943 bad_type_msg, "iaload");
944 return;
945 }
946 current_frame.push_stack(
947 VerificationType::integer_type(), CHECK_VERIFY(this));
948 no_control_flow = false; break;
949 case Bytecodes::_baload :
950 type = current_frame.pop_stack(
951 VerificationType::integer_type(), CHECK_VERIFY(this));
952 atype = current_frame.pop_stack(
953 VerificationType::reference_check(), CHECK_VERIFY(this));
954 if (!atype.is_bool_array() && !atype.is_byte_array()) {
955 verify_error(
956 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
957 bad_type_msg, "baload");
958 return;
959 }
960 current_frame.push_stack(
961 VerificationType::integer_type(), CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_caload :
964 type = current_frame.pop_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 atype = current_frame.pop_stack(
967 VerificationType::reference_check(), CHECK_VERIFY(this));
968 if (!atype.is_char_array()) {
969 verify_error(ErrorContext::bad_type(bci,
970 current_frame.stack_top_ctx(), ref_ctx("[C")),
971 bad_type_msg, "caload");
972 return;
973 }
974 current_frame.push_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 no_control_flow = false; break;
977 case Bytecodes::_saload :
978 type = current_frame.pop_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 atype = current_frame.pop_stack(
981 VerificationType::reference_check(), CHECK_VERIFY(this));
982 if (!atype.is_short_array()) {
983 verify_error(ErrorContext::bad_type(bci,
984 current_frame.stack_top_ctx(), ref_ctx("[S")),
985 bad_type_msg, "saload");
986 return;
987 }
988 current_frame.push_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 no_control_flow = false; break;
991 case Bytecodes::_laload :
992 type = current_frame.pop_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 atype = current_frame.pop_stack(
995 VerificationType::reference_check(), CHECK_VERIFY(this));
996 if (!atype.is_long_array()) {
997 verify_error(ErrorContext::bad_type(bci,
998 current_frame.stack_top_ctx(), ref_ctx("[J")),
999 bad_type_msg, "laload");
1000 return;
1001 }
1002 current_frame.push_stack_2(
1003 VerificationType::long_type(),
1004 VerificationType::long2_type(), CHECK_VERIFY(this));
1005 no_control_flow = false; break;
1006 case Bytecodes::_faload :
1007 type = current_frame.pop_stack(
1008 VerificationType::integer_type(), CHECK_VERIFY(this));
1009 atype = current_frame.pop_stack(
1010 VerificationType::reference_check(), CHECK_VERIFY(this));
1011 if (!atype.is_float_array()) {
1012 verify_error(ErrorContext::bad_type(bci,
1013 current_frame.stack_top_ctx(), ref_ctx("[F")),
1014 bad_type_msg, "faload");
1015 return;
1016 }
1017 current_frame.push_stack(
1018 VerificationType::float_type(), CHECK_VERIFY(this));
1019 no_control_flow = false; break;
1020 case Bytecodes::_daload :
1021 type = current_frame.pop_stack(
1022 VerificationType::integer_type(), CHECK_VERIFY(this));
1023 atype = current_frame.pop_stack(
1024 VerificationType::reference_check(), CHECK_VERIFY(this));
1025 if (!atype.is_double_array()) {
1026 verify_error(ErrorContext::bad_type(bci,
1027 current_frame.stack_top_ctx(), ref_ctx("[D")),
1028 bad_type_msg, "daload");
1029 return;
1030 }
1031 current_frame.push_stack_2(
1032 VerificationType::double_type(),
1033 VerificationType::double2_type(), CHECK_VERIFY(this));
1034 no_control_flow = false; break;
1035 case Bytecodes::_aaload : {
1036 type = current_frame.pop_stack(
1037 VerificationType::integer_type(), CHECK_VERIFY(this));
1038 atype = current_frame.pop_stack(
1039 VerificationType::reference_check(), CHECK_VERIFY(this));
1040 if (!atype.is_reference_array()) {
1041 verify_error(ErrorContext::bad_type(bci,
1042 current_frame.stack_top_ctx(),
1043 TypeOrigin::implicit(VerificationType::reference_check())),
1044 bad_type_msg, "aaload");
1045 return;
1046 }
1047 if (atype.is_null()) {
1048 current_frame.push_stack(
1049 VerificationType::null_type(), CHECK_VERIFY(this));
1050 } else {
1051 VerificationType component = atype.get_component(this);
1052 current_frame.push_stack(component, CHECK_VERIFY(this));
1053 }
1054 no_control_flow = false; break;
1055 }
1056 case Bytecodes::_istore :
1057 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1058 no_control_flow = false; break;
1059 case Bytecodes::_istore_0 :
1060 case Bytecodes::_istore_1 :
1061 case Bytecodes::_istore_2 :
1062 case Bytecodes::_istore_3 : {
1063 int index = opcode - Bytecodes::_istore_0;
1064 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1065 no_control_flow = false; break;
1066 }
1067 case Bytecodes::_lstore :
1068 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1069 no_control_flow = false; break;
1070 case Bytecodes::_lstore_0 :
1071 case Bytecodes::_lstore_1 :
1072 case Bytecodes::_lstore_2 :
1073 case Bytecodes::_lstore_3 : {
1074 int index = opcode - Bytecodes::_lstore_0;
1075 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 }
1078 case Bytecodes::_fstore :
1079 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1080 no_control_flow = false; break;
1081 case Bytecodes::_fstore_0 :
1082 case Bytecodes::_fstore_1 :
1083 case Bytecodes::_fstore_2 :
1084 case Bytecodes::_fstore_3 : {
1085 int index = opcode - Bytecodes::_fstore_0;
1086 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1087 no_control_flow = false; break;
1088 }
1089 case Bytecodes::_dstore :
1090 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1091 no_control_flow = false; break;
1092 case Bytecodes::_dstore_0 :
1093 case Bytecodes::_dstore_1 :
1094 case Bytecodes::_dstore_2 :
1095 case Bytecodes::_dstore_3 : {
1096 int index = opcode - Bytecodes::_dstore_0;
1097 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1098 no_control_flow = false; break;
1099 }
1100 case Bytecodes::_astore :
1101 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 case Bytecodes::_astore_0 :
1104 case Bytecodes::_astore_1 :
1105 case Bytecodes::_astore_2 :
1106 case Bytecodes::_astore_3 : {
1107 int index = opcode - Bytecodes::_astore_0;
1108 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1109 no_control_flow = false; break;
1110 }
1111 case Bytecodes::_iastore :
1112 type = current_frame.pop_stack(
1113 VerificationType::integer_type(), CHECK_VERIFY(this));
1114 type2 = current_frame.pop_stack(
1115 VerificationType::integer_type(), CHECK_VERIFY(this));
1116 atype = current_frame.pop_stack(
1117 VerificationType::reference_check(), CHECK_VERIFY(this));
1118 if (!atype.is_int_array()) {
1119 verify_error(ErrorContext::bad_type(bci,
1120 current_frame.stack_top_ctx(), ref_ctx("[I")),
1121 bad_type_msg, "iastore");
1122 return;
1123 }
1124 no_control_flow = false; break;
1125 case Bytecodes::_bastore :
1126 type = current_frame.pop_stack(
1127 VerificationType::integer_type(), CHECK_VERIFY(this));
1128 type2 = current_frame.pop_stack(
1129 VerificationType::integer_type(), CHECK_VERIFY(this));
1130 atype = current_frame.pop_stack(
1131 VerificationType::reference_check(), CHECK_VERIFY(this));
1132 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1133 verify_error(
1134 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1135 bad_type_msg, "bastore");
1136 return;
1137 }
1138 no_control_flow = false; break;
1139 case Bytecodes::_castore :
1140 current_frame.pop_stack(
1141 VerificationType::integer_type(), CHECK_VERIFY(this));
1142 current_frame.pop_stack(
1143 VerificationType::integer_type(), CHECK_VERIFY(this));
1144 atype = current_frame.pop_stack(
1145 VerificationType::reference_check(), CHECK_VERIFY(this));
1146 if (!atype.is_char_array()) {
1147 verify_error(ErrorContext::bad_type(bci,
1148 current_frame.stack_top_ctx(), ref_ctx("[C")),
1149 bad_type_msg, "castore");
1150 return;
1151 }
1152 no_control_flow = false; break;
1153 case Bytecodes::_sastore :
1154 current_frame.pop_stack(
1155 VerificationType::integer_type(), CHECK_VERIFY(this));
1156 current_frame.pop_stack(
1157 VerificationType::integer_type(), CHECK_VERIFY(this));
1158 atype = current_frame.pop_stack(
1159 VerificationType::reference_check(), CHECK_VERIFY(this));
1160 if (!atype.is_short_array()) {
1161 verify_error(ErrorContext::bad_type(bci,
1162 current_frame.stack_top_ctx(), ref_ctx("[S")),
1163 bad_type_msg, "sastore");
1164 return;
1165 }
1166 no_control_flow = false; break;
1167 case Bytecodes::_lastore :
1168 current_frame.pop_stack_2(
1169 VerificationType::long2_type(),
1170 VerificationType::long_type(), CHECK_VERIFY(this));
1171 current_frame.pop_stack(
1172 VerificationType::integer_type(), CHECK_VERIFY(this));
1173 atype = current_frame.pop_stack(
1174 VerificationType::reference_check(), CHECK_VERIFY(this));
1175 if (!atype.is_long_array()) {
1176 verify_error(ErrorContext::bad_type(bci,
1177 current_frame.stack_top_ctx(), ref_ctx("[J")),
1178 bad_type_msg, "lastore");
1179 return;
1180 }
1181 no_control_flow = false; break;
1182 case Bytecodes::_fastore :
1183 current_frame.pop_stack(
1184 VerificationType::float_type(), CHECK_VERIFY(this));
1185 current_frame.pop_stack
1186 (VerificationType::integer_type(), CHECK_VERIFY(this));
1187 atype = current_frame.pop_stack(
1188 VerificationType::reference_check(), CHECK_VERIFY(this));
1189 if (!atype.is_float_array()) {
1190 verify_error(ErrorContext::bad_type(bci,
1191 current_frame.stack_top_ctx(), ref_ctx("[F")),
1192 bad_type_msg, "fastore");
1193 return;
1194 }
1195 no_control_flow = false; break;
1196 case Bytecodes::_dastore :
1197 current_frame.pop_stack_2(
1198 VerificationType::double2_type(),
1199 VerificationType::double_type(), CHECK_VERIFY(this));
1200 current_frame.pop_stack(
1201 VerificationType::integer_type(), CHECK_VERIFY(this));
1202 atype = current_frame.pop_stack(
1203 VerificationType::reference_check(), CHECK_VERIFY(this));
1204 if (!atype.is_double_array()) {
1205 verify_error(ErrorContext::bad_type(bci,
1206 current_frame.stack_top_ctx(), ref_ctx("[D")),
1207 bad_type_msg, "dastore");
1208 return;
1209 }
1210 no_control_flow = false; break;
1211 case Bytecodes::_aastore :
1212 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1213 type2 = current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 // more type-checking is done at runtime
1218 if (!atype.is_reference_array()) {
1219 verify_error(ErrorContext::bad_type(bci,
1220 current_frame.stack_top_ctx(),
1221 TypeOrigin::implicit(VerificationType::reference_check())),
1222 bad_type_msg, "aastore");
1223 return;
1224 }
1225 // 4938384: relaxed constraint in JVMS 3rd edition.
1226 no_control_flow = false; break;
1227 case Bytecodes::_pop :
1228 current_frame.pop_stack(
1229 VerificationType::category1_check(), CHECK_VERIFY(this));
1230 no_control_flow = false; break;
1231 case Bytecodes::_pop2 :
1232 type = current_frame.pop_stack(CHECK_VERIFY(this));
1233 if (type.is_category1()) {
1234 current_frame.pop_stack(
1235 VerificationType::category1_check(), CHECK_VERIFY(this));
1236 } else if (type.is_category2_2nd()) {
1237 current_frame.pop_stack(
1238 VerificationType::category2_check(), CHECK_VERIFY(this));
1239 } else {
1240 /* Unreachable? Would need a category2_1st on TOS
1241 * which does not appear possible. */
1242 verify_error(
1243 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1244 bad_type_msg, "pop2");
1245 return;
1246 }
1247 no_control_flow = false; break;
1248 case Bytecodes::_dup :
1249 type = current_frame.pop_stack(
1250 VerificationType::category1_check(), CHECK_VERIFY(this));
1251 current_frame.push_stack(type, CHECK_VERIFY(this));
1252 current_frame.push_stack(type, CHECK_VERIFY(this));
1253 no_control_flow = false; break;
1254 case Bytecodes::_dup_x1 :
1255 type = current_frame.pop_stack(
1256 VerificationType::category1_check(), CHECK_VERIFY(this));
1257 type2 = current_frame.pop_stack(
1258 VerificationType::category1_check(), CHECK_VERIFY(this));
1259 current_frame.push_stack(type, CHECK_VERIFY(this));
1260 current_frame.push_stack(type2, CHECK_VERIFY(this));
1261 current_frame.push_stack(type, CHECK_VERIFY(this));
1262 no_control_flow = false; break;
1263 case Bytecodes::_dup_x2 :
1264 {
1265 VerificationType type3;
1266 type = current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1269 if (type2.is_category1()) {
1270 type3 = current_frame.pop_stack(
1271 VerificationType::category1_check(), CHECK_VERIFY(this));
1272 } else if (type2.is_category2_2nd()) {
1273 type3 = current_frame.pop_stack(
1274 VerificationType::category2_check(), CHECK_VERIFY(this));
1275 } else {
1276 /* Unreachable? Would need a category2_1st at stack depth 2 with
1277 * a category1 on TOS which does not appear possible. */
1278 verify_error(ErrorContext::bad_type(
1279 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1280 return;
1281 }
1282 current_frame.push_stack(type, CHECK_VERIFY(this));
1283 current_frame.push_stack(type3, CHECK_VERIFY(this));
1284 current_frame.push_stack(type2, CHECK_VERIFY(this));
1285 current_frame.push_stack(type, CHECK_VERIFY(this));
1286 no_control_flow = false; break;
1287 }
1288 case Bytecodes::_dup2 :
1289 type = current_frame.pop_stack(CHECK_VERIFY(this));
1290 if (type.is_category1()) {
1291 type2 = current_frame.pop_stack(
1292 VerificationType::category1_check(), CHECK_VERIFY(this));
1293 } else if (type.is_category2_2nd()) {
1294 type2 = current_frame.pop_stack(
1295 VerificationType::category2_check(), CHECK_VERIFY(this));
1296 } else {
1297 /* Unreachable? Would need a category2_1st on TOS which does not
1298 * appear possible. */
1299 verify_error(
1300 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1301 bad_type_msg, "dup2");
1302 return;
1303 }
1304 current_frame.push_stack(type2, CHECK_VERIFY(this));
1305 current_frame.push_stack(type, CHECK_VERIFY(this));
1306 current_frame.push_stack(type2, CHECK_VERIFY(this));
1307 current_frame.push_stack(type, CHECK_VERIFY(this));
1308 no_control_flow = false; break;
1309 case Bytecodes::_dup2_x1 :
1310 {
1311 VerificationType type3;
1312 type = current_frame.pop_stack(CHECK_VERIFY(this));
1313 if (type.is_category1()) {
1314 type2 = current_frame.pop_stack(
1315 VerificationType::category1_check(), CHECK_VERIFY(this));
1316 } else if (type.is_category2_2nd()) {
1317 type2 = current_frame.pop_stack(
1318 VerificationType::category2_check(), CHECK_VERIFY(this));
1319 } else {
1320 /* Unreachable? Would need a category2_1st on TOS which does
1321 * not appear possible. */
1322 verify_error(
1323 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1324 bad_type_msg, "dup2_x1");
1325 return;
1326 }
1327 type3 = current_frame.pop_stack(
1328 VerificationType::category1_check(), CHECK_VERIFY(this));
1329 current_frame.push_stack(type2, CHECK_VERIFY(this));
1330 current_frame.push_stack(type, CHECK_VERIFY(this));
1331 current_frame.push_stack(type3, CHECK_VERIFY(this));
1332 current_frame.push_stack(type2, CHECK_VERIFY(this));
1333 current_frame.push_stack(type, CHECK_VERIFY(this));
1334 no_control_flow = false; break;
1335 }
1336 case Bytecodes::_dup2_x2 :
1337 {
1338 VerificationType type3, type4;
1339 type = current_frame.pop_stack(CHECK_VERIFY(this));
1340 if (type.is_category1()) {
1341 type2 = current_frame.pop_stack(
1342 VerificationType::category1_check(), CHECK_VERIFY(this));
1343 } else if (type.is_category2_2nd()) {
1344 type2 = current_frame.pop_stack(
1345 VerificationType::category2_check(), CHECK_VERIFY(this));
1346 } else {
1347 /* Unreachable? Would need a category2_1st on TOS which does
1348 * not appear possible. */
1349 verify_error(
1350 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1351 bad_type_msg, "dup2_x2");
1352 return;
1353 }
1354 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1355 if (type3.is_category1()) {
1356 type4 = current_frame.pop_stack(
1357 VerificationType::category1_check(), CHECK_VERIFY(this));
1358 } else if (type3.is_category2_2nd()) {
1359 type4 = current_frame.pop_stack(
1360 VerificationType::category2_check(), CHECK_VERIFY(this));
1361 } else {
1362 /* Unreachable? Would need a category2_1st on TOS after popping
1363 * a long/double or two category 1's, which does not
1364 * appear possible. */
1365 verify_error(
1366 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1367 bad_type_msg, "dup2_x2");
1368 return;
1369 }
1370 current_frame.push_stack(type2, CHECK_VERIFY(this));
1371 current_frame.push_stack(type, CHECK_VERIFY(this));
1372 current_frame.push_stack(type4, CHECK_VERIFY(this));
1373 current_frame.push_stack(type3, CHECK_VERIFY(this));
1374 current_frame.push_stack(type2, CHECK_VERIFY(this));
1375 current_frame.push_stack(type, CHECK_VERIFY(this));
1376 no_control_flow = false; break;
1377 }
1378 case Bytecodes::_swap :
1379 type = current_frame.pop_stack(
1380 VerificationType::category1_check(), CHECK_VERIFY(this));
1381 type2 = current_frame.pop_stack(
1382 VerificationType::category1_check(), CHECK_VERIFY(this));
1383 current_frame.push_stack(type, CHECK_VERIFY(this));
1384 current_frame.push_stack(type2, CHECK_VERIFY(this));
1385 no_control_flow = false; break;
1386 case Bytecodes::_iadd :
1387 case Bytecodes::_isub :
1388 case Bytecodes::_imul :
1389 case Bytecodes::_idiv :
1390 case Bytecodes::_irem :
1391 case Bytecodes::_ishl :
1392 case Bytecodes::_ishr :
1393 case Bytecodes::_iushr :
1394 case Bytecodes::_ior :
1395 case Bytecodes::_ixor :
1396 case Bytecodes::_iand :
1397 current_frame.pop_stack(
1398 VerificationType::integer_type(), CHECK_VERIFY(this));
1399 // fall through
1400 case Bytecodes::_ineg :
1401 current_frame.pop_stack(
1402 VerificationType::integer_type(), CHECK_VERIFY(this));
1403 current_frame.push_stack(
1404 VerificationType::integer_type(), CHECK_VERIFY(this));
1405 no_control_flow = false; break;
1406 case Bytecodes::_ladd :
1407 case Bytecodes::_lsub :
1408 case Bytecodes::_lmul :
1409 case Bytecodes::_ldiv :
1410 case Bytecodes::_lrem :
1411 case Bytecodes::_land :
1412 case Bytecodes::_lor :
1413 case Bytecodes::_lxor :
1414 current_frame.pop_stack_2(
1415 VerificationType::long2_type(),
1416 VerificationType::long_type(), CHECK_VERIFY(this));
1417 // fall through
1418 case Bytecodes::_lneg :
1419 current_frame.pop_stack_2(
1420 VerificationType::long2_type(),
1421 VerificationType::long_type(), CHECK_VERIFY(this));
1422 current_frame.push_stack_2(
1423 VerificationType::long_type(),
1424 VerificationType::long2_type(), CHECK_VERIFY(this));
1425 no_control_flow = false; break;
1426 case Bytecodes::_lshl :
1427 case Bytecodes::_lshr :
1428 case Bytecodes::_lushr :
1429 current_frame.pop_stack(
1430 VerificationType::integer_type(), CHECK_VERIFY(this));
1431 current_frame.pop_stack_2(
1432 VerificationType::long2_type(),
1433 VerificationType::long_type(), CHECK_VERIFY(this));
1434 current_frame.push_stack_2(
1435 VerificationType::long_type(),
1436 VerificationType::long2_type(), CHECK_VERIFY(this));
1437 no_control_flow = false; break;
1438 case Bytecodes::_fadd :
1439 case Bytecodes::_fsub :
1440 case Bytecodes::_fmul :
1441 case Bytecodes::_fdiv :
1442 case Bytecodes::_frem :
1443 current_frame.pop_stack(
1444 VerificationType::float_type(), CHECK_VERIFY(this));
1445 // fall through
1446 case Bytecodes::_fneg :
1447 current_frame.pop_stack(
1448 VerificationType::float_type(), CHECK_VERIFY(this));
1449 current_frame.push_stack(
1450 VerificationType::float_type(), CHECK_VERIFY(this));
1451 no_control_flow = false; break;
1452 case Bytecodes::_dadd :
1453 case Bytecodes::_dsub :
1454 case Bytecodes::_dmul :
1455 case Bytecodes::_ddiv :
1456 case Bytecodes::_drem :
1457 current_frame.pop_stack_2(
1458 VerificationType::double2_type(),
1459 VerificationType::double_type(), CHECK_VERIFY(this));
1460 // fall through
1461 case Bytecodes::_dneg :
1462 current_frame.pop_stack_2(
1463 VerificationType::double2_type(),
1464 VerificationType::double_type(), CHECK_VERIFY(this));
1465 current_frame.push_stack_2(
1466 VerificationType::double_type(),
1467 VerificationType::double2_type(), CHECK_VERIFY(this));
1468 no_control_flow = false; break;
1469 case Bytecodes::_iinc :
1470 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1471 no_control_flow = false; break;
1472 case Bytecodes::_i2l :
1473 type = current_frame.pop_stack(
1474 VerificationType::integer_type(), CHECK_VERIFY(this));
1475 current_frame.push_stack_2(
1476 VerificationType::long_type(),
1477 VerificationType::long2_type(), CHECK_VERIFY(this));
1478 no_control_flow = false; break;
1479 case Bytecodes::_l2i :
1480 current_frame.pop_stack_2(
1481 VerificationType::long2_type(),
1482 VerificationType::long_type(), CHECK_VERIFY(this));
1483 current_frame.push_stack(
1484 VerificationType::integer_type(), CHECK_VERIFY(this));
1485 no_control_flow = false; break;
1486 case Bytecodes::_i2f :
1487 current_frame.pop_stack(
1488 VerificationType::integer_type(), CHECK_VERIFY(this));
1489 current_frame.push_stack(
1490 VerificationType::float_type(), CHECK_VERIFY(this));
1491 no_control_flow = false; break;
1492 case Bytecodes::_i2d :
1493 current_frame.pop_stack(
1494 VerificationType::integer_type(), CHECK_VERIFY(this));
1495 current_frame.push_stack_2(
1496 VerificationType::double_type(),
1497 VerificationType::double2_type(), CHECK_VERIFY(this));
1498 no_control_flow = false; break;
1499 case Bytecodes::_l2f :
1500 current_frame.pop_stack_2(
1501 VerificationType::long2_type(),
1502 VerificationType::long_type(), CHECK_VERIFY(this));
1503 current_frame.push_stack(
1504 VerificationType::float_type(), CHECK_VERIFY(this));
1505 no_control_flow = false; break;
1506 case Bytecodes::_l2d :
1507 current_frame.pop_stack_2(
1508 VerificationType::long2_type(),
1509 VerificationType::long_type(), CHECK_VERIFY(this));
1510 current_frame.push_stack_2(
1511 VerificationType::double_type(),
1512 VerificationType::double2_type(), CHECK_VERIFY(this));
1513 no_control_flow = false; break;
1514 case Bytecodes::_f2i :
1515 current_frame.pop_stack(
1516 VerificationType::float_type(), CHECK_VERIFY(this));
1517 current_frame.push_stack(
1518 VerificationType::integer_type(), CHECK_VERIFY(this));
1519 no_control_flow = false; break;
1520 case Bytecodes::_f2l :
1521 current_frame.pop_stack(
1522 VerificationType::float_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack_2(
1524 VerificationType::long_type(),
1525 VerificationType::long2_type(), CHECK_VERIFY(this));
1526 no_control_flow = false; break;
1527 case Bytecodes::_f2d :
1528 current_frame.pop_stack(
1529 VerificationType::float_type(), CHECK_VERIFY(this));
1530 current_frame.push_stack_2(
1531 VerificationType::double_type(),
1532 VerificationType::double2_type(), CHECK_VERIFY(this));
1533 no_control_flow = false; break;
1534 case Bytecodes::_d2i :
1535 current_frame.pop_stack_2(
1536 VerificationType::double2_type(),
1537 VerificationType::double_type(), CHECK_VERIFY(this));
1538 current_frame.push_stack(
1539 VerificationType::integer_type(), CHECK_VERIFY(this));
1540 no_control_flow = false; break;
1541 case Bytecodes::_d2l :
1542 current_frame.pop_stack_2(
1543 VerificationType::double2_type(),
1544 VerificationType::double_type(), CHECK_VERIFY(this));
1545 current_frame.push_stack_2(
1546 VerificationType::long_type(),
1547 VerificationType::long2_type(), CHECK_VERIFY(this));
1548 no_control_flow = false; break;
1549 case Bytecodes::_d2f :
1550 current_frame.pop_stack_2(
1551 VerificationType::double2_type(),
1552 VerificationType::double_type(), CHECK_VERIFY(this));
1553 current_frame.push_stack(
1554 VerificationType::float_type(), CHECK_VERIFY(this));
1555 no_control_flow = false; break;
1556 case Bytecodes::_i2b :
1557 case Bytecodes::_i2c :
1558 case Bytecodes::_i2s :
1559 current_frame.pop_stack(
1560 VerificationType::integer_type(), CHECK_VERIFY(this));
1561 current_frame.push_stack(
1562 VerificationType::integer_type(), CHECK_VERIFY(this));
1563 no_control_flow = false; break;
1564 case Bytecodes::_lcmp :
1565 current_frame.pop_stack_2(
1566 VerificationType::long2_type(),
1567 VerificationType::long_type(), CHECK_VERIFY(this));
1568 current_frame.pop_stack_2(
1569 VerificationType::long2_type(),
1570 VerificationType::long_type(), CHECK_VERIFY(this));
1571 current_frame.push_stack(
1572 VerificationType::integer_type(), CHECK_VERIFY(this));
1573 no_control_flow = false; break;
1574 case Bytecodes::_fcmpl :
1575 case Bytecodes::_fcmpg :
1576 current_frame.pop_stack(
1577 VerificationType::float_type(), CHECK_VERIFY(this));
1578 current_frame.pop_stack(
1579 VerificationType::float_type(), CHECK_VERIFY(this));
1580 current_frame.push_stack(
1581 VerificationType::integer_type(), CHECK_VERIFY(this));
1582 no_control_flow = false; break;
1583 case Bytecodes::_dcmpl :
1584 case Bytecodes::_dcmpg :
1585 current_frame.pop_stack_2(
1586 VerificationType::double2_type(),
1587 VerificationType::double_type(), CHECK_VERIFY(this));
1588 current_frame.pop_stack_2(
1589 VerificationType::double2_type(),
1590 VerificationType::double_type(), CHECK_VERIFY(this));
1591 current_frame.push_stack(
1592 VerificationType::integer_type(), CHECK_VERIFY(this));
1593 no_control_flow = false; break;
1594 case Bytecodes::_if_icmpeq:
1595 case Bytecodes::_if_icmpne:
1596 case Bytecodes::_if_icmplt:
1597 case Bytecodes::_if_icmpge:
1598 case Bytecodes::_if_icmpgt:
1599 case Bytecodes::_if_icmple:
1600 current_frame.pop_stack(
1601 VerificationType::integer_type(), CHECK_VERIFY(this));
1602 // fall through
1603 case Bytecodes::_ifeq:
1604 case Bytecodes::_ifne:
1605 case Bytecodes::_iflt:
1606 case Bytecodes::_ifge:
1607 case Bytecodes::_ifgt:
1608 case Bytecodes::_ifle:
1609 current_frame.pop_stack(
1610 VerificationType::integer_type(), CHECK_VERIFY(this));
1611 target = bcs.dest();
1612 stackmap_table.check_jump_target(
1613 ¤t_frame, target, CHECK_VERIFY(this));
1614 no_control_flow = false; break;
1615 case Bytecodes::_if_acmpeq :
1616 case Bytecodes::_if_acmpne :
1617 current_frame.pop_stack(
1618 VerificationType::reference_check(), CHECK_VERIFY(this));
1619 // fall through
1620 case Bytecodes::_ifnull :
1621 case Bytecodes::_ifnonnull :
1622 current_frame.pop_stack(
1623 VerificationType::reference_check(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target
1626 (¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_goto :
1629 target = bcs.dest();
1630 stackmap_table.check_jump_target(
1631 ¤t_frame, target, CHECK_VERIFY(this));
1632 no_control_flow = true; break;
1633 case Bytecodes::_goto_w :
1634 target = bcs.dest_w();
1635 stackmap_table.check_jump_target(
1636 ¤t_frame, target, CHECK_VERIFY(this));
1637 no_control_flow = true; break;
1638 case Bytecodes::_tableswitch :
1639 case Bytecodes::_lookupswitch :
1640 verify_switch(
1641 &bcs, code_length, code_data, ¤t_frame,
1642 &stackmap_table, CHECK_VERIFY(this));
1643 no_control_flow = true; break;
1644 case Bytecodes::_ireturn :
1645 type = current_frame.pop_stack(
1646 VerificationType::integer_type(), CHECK_VERIFY(this));
1647 verify_return_value(return_type, type, bci,
1648 ¤t_frame, CHECK_VERIFY(this));
1649 no_control_flow = true; break;
1650 case Bytecodes::_lreturn :
1651 type2 = current_frame.pop_stack(
1652 VerificationType::long2_type(), CHECK_VERIFY(this));
1653 type = current_frame.pop_stack(
1654 VerificationType::long_type(), CHECK_VERIFY(this));
1655 verify_return_value(return_type, type, bci,
1656 ¤t_frame, CHECK_VERIFY(this));
1657 no_control_flow = true; break;
1658 case Bytecodes::_freturn :
1659 type = current_frame.pop_stack(
1660 VerificationType::float_type(), CHECK_VERIFY(this));
1661 verify_return_value(return_type, type, bci,
1662 ¤t_frame, CHECK_VERIFY(this));
1663 no_control_flow = true; break;
1664 case Bytecodes::_dreturn :
1665 type2 = current_frame.pop_stack(
1666 VerificationType::double2_type(), CHECK_VERIFY(this));
1667 type = current_frame.pop_stack(
1668 VerificationType::double_type(), CHECK_VERIFY(this));
1669 verify_return_value(return_type, type, bci,
1670 ¤t_frame, CHECK_VERIFY(this));
1671 no_control_flow = true; break;
1672 case Bytecodes::_areturn :
1673 type = current_frame.pop_stack(
1674 VerificationType::reference_check(), CHECK_VERIFY(this));
1675 verify_return_value(return_type, type, bci,
1676 ¤t_frame, CHECK_VERIFY(this));
1677 no_control_flow = true; break;
1678 case Bytecodes::_return :
1679 if (return_type != VerificationType::bogus_type()) {
1680 verify_error(ErrorContext::bad_code(bci),
1681 "Method expects a return value");
1682 return;
1683 }
1684 // Make sure "this" has been initialized if current method is an
1685 // <init>.
1686 if (_method->name() == vmSymbols::object_initializer_name() &&
1687 current_frame.flag_this_uninit()) {
1688 verify_error(ErrorContext::bad_code(bci),
1689 "Constructor must call super() or this() "
1690 "before return");
1691 return;
1692 }
1693 no_control_flow = true; break;
1694 case Bytecodes::_getstatic :
1695 case Bytecodes::_putstatic :
1696 // pass TRUE, operand can be an array type for getstatic/putstatic.
1697 verify_field_instructions(
1698 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1699 no_control_flow = false; break;
1700 case Bytecodes::_getfield :
1701 case Bytecodes::_putfield :
1702 // pass FALSE, operand can't be an array type for getfield/putfield.
1703 verify_field_instructions(
1704 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_invokevirtual :
1707 case Bytecodes::_invokespecial :
1708 case Bytecodes::_invokestatic :
1709 verify_invoke_instructions(
1710 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1711 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_invokeinterface :
1714 case Bytecodes::_invokedynamic :
1715 verify_invoke_instructions(
1716 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1717 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_new :
1720 {
1721 u2 index = bcs.get_index_u2();
1722 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1723 VerificationType new_class_type =
1724 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1725 if (!new_class_type.is_object()) {
1726 verify_error(ErrorContext::bad_type(bci,
1727 TypeOrigin::cp(index, new_class_type)),
1728 "Illegal new instruction");
1729 return;
1730 }
1731 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1732 current_frame.push_stack(type, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 }
1735 case Bytecodes::_newarray :
1736 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1737 current_frame.pop_stack(
1738 VerificationType::integer_type(), CHECK_VERIFY(this));
1739 current_frame.push_stack(type, CHECK_VERIFY(this));
1740 no_control_flow = false; break;
1741 case Bytecodes::_anewarray :
1742 verify_anewarray(
1743 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1744 no_control_flow = false; break;
1745 case Bytecodes::_arraylength :
1746 type = current_frame.pop_stack(
1747 VerificationType::reference_check(), CHECK_VERIFY(this));
1748 if (!(type.is_null() || type.is_array())) {
1749 verify_error(ErrorContext::bad_type(
1750 bci, current_frame.stack_top_ctx()),
1751 bad_type_msg, "arraylength");
1752 }
1753 current_frame.push_stack(
1754 VerificationType::integer_type(), CHECK_VERIFY(this));
1755 no_control_flow = false; break;
1756 case Bytecodes::_checkcast :
1757 {
1758 u2 index = bcs.get_index_u2();
1759 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1760 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1761 VerificationType klass_type = cp_index_to_type(
1762 index, cp, CHECK_VERIFY(this));
1763 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 }
1766 case Bytecodes::_instanceof : {
1767 u2 index = bcs.get_index_u2();
1768 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1769 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1770 current_frame.push_stack(
1771 VerificationType::integer_type(), CHECK_VERIFY(this));
1772 no_control_flow = false; break;
1773 }
1774 case Bytecodes::_monitorenter :
1775 case Bytecodes::_monitorexit :
1776 current_frame.pop_stack(
1777 VerificationType::reference_check(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 case Bytecodes::_multianewarray :
1780 {
1781 u2 index = bcs.get_index_u2();
1782 u2 dim = *(bcs.bcp()+3);
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 VerificationType new_array_type =
1785 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1786 if (!new_array_type.is_array()) {
1787 verify_error(ErrorContext::bad_type(bci,
1788 TypeOrigin::cp(index, new_array_type)),
1789 "Illegal constant pool index in multianewarray instruction");
1790 return;
1791 }
1792 if (dim < 1 || new_array_type.dimensions() < dim) {
1793 verify_error(ErrorContext::bad_code(bci),
1794 "Illegal dimension in multianewarray instruction: %d", dim);
1795 return;
1796 }
1797 for (int i = 0; i < dim; i++) {
1798 current_frame.pop_stack(
1799 VerificationType::integer_type(), CHECK_VERIFY(this));
1800 }
1801 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1802 no_control_flow = false; break;
1803 }
1804 case Bytecodes::_athrow :
1805 type = VerificationType::reference_type(
1806 vmSymbols::java_lang_Throwable());
1807 current_frame.pop_stack(type, CHECK_VERIFY(this));
1808 no_control_flow = true; break;
1809 default:
1810 // We only need to check the valid bytecodes in class file.
1811 // And jsr and ret are not in the new class file format in JDK1.6.
1812 verify_error(ErrorContext::bad_code(bci),
1813 "Bad instruction: %02x", opcode);
1814 no_control_flow = false;
1815 return;
1816 } // end switch
1817 } // end Merge with the next instruction
1818
1819 // Look for possible jump target in exception handlers and see if it matches
1820 // current_frame. Don't do this check if it has already been done (for
1821 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1822 // opcodes, such as invokespecial, may set the this_uninit flag.
1823 assert(!(verified_exc_handlers && this_uninit),
1824 "Exception handler targets got verified before this_uninit got set");
1825 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1826 if (was_recursively_verified()) return;
1827 verify_exception_handler_targets(
1828 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1829 }
1830 } // end while
1831
1832 // Make sure that control flow does not fall through end of the method
1833 if (!no_control_flow) {
1834 verify_error(ErrorContext::bad_code(code_length),
1835 "Control flow falls through code end");
1836 return;
1837 }
1838 }
1839
1840 #undef bad_type_message
1841
1842 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1843 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1844 memset(code_data, 0, sizeof(char) * code_length);
1845 RawBytecodeStream bcs(m);
1846
1847 while (!bcs.is_last_bytecode()) {
1848 if (bcs.raw_next() != Bytecodes::_illegal) {
1849 int bci = bcs.bci();
1850 if (bcs.raw_code() == Bytecodes::_new) {
1851 code_data[bci] = NEW_OFFSET;
1852 } else {
1853 code_data[bci] = BYTECODE_OFFSET;
1854 }
1855 } else {
1856 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1857 return nullptr;
1858 }
1859 }
1860
1861 return code_data;
1862 }
1863
1864 // Since this method references the constant pool, call was_recursively_verified()
1865 // before calling this method to make sure a prior class load did not cause the
1866 // current class to get verified.
1867 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1868 ExceptionTable exhandlers(_method());
1869 int exlength = exhandlers.length();
1870 constantPoolHandle cp (THREAD, _method->constants());
1871
1872 for(int i = 0; i < exlength; i++) {
1873 u2 start_pc = exhandlers.start_pc(i);
1874 u2 end_pc = exhandlers.end_pc(i);
1875 u2 handler_pc = exhandlers.handler_pc(i);
1876 if (start_pc >= code_length || code_data[start_pc] == 0) {
1877 class_format_error("Illegal exception table start_pc %d", start_pc);
1878 return;
1879 }
1880 if (end_pc != code_length) { // special case: end_pc == code_length
1881 if (end_pc > code_length || code_data[end_pc] == 0) {
1882 class_format_error("Illegal exception table end_pc %d", end_pc);
1883 return;
1884 }
1885 }
1886 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1887 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1888 return;
1889 }
1890 u2 catch_type_index = exhandlers.catch_type_index(i);
1891 if (catch_type_index != 0) {
1892 VerificationType catch_type = cp_index_to_type(
1893 catch_type_index, cp, CHECK_VERIFY(this));
1894 VerificationType throwable =
1895 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1896 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1897 // do that, and we need to avoid a runtime resolution in case we are trying to
1898 // catch OutOfMemoryError.
1899 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1900 cp->klass_at(catch_type_index, CHECK);
1901 }
1902 bool is_subclass = throwable.is_assignable_from(
1903 catch_type, this, false, CHECK_VERIFY(this));
1904 if (!is_subclass) {
1905 // 4286534: should throw VerifyError according to recent spec change
1906 verify_error(ErrorContext::bad_type(handler_pc,
1907 TypeOrigin::cp(catch_type_index, catch_type),
1908 TypeOrigin::implicit(throwable)),
1909 "Catch type is not a subclass "
1910 "of Throwable in exception handler %d", handler_pc);
1911 return;
1912 }
1913 }
1914 if (start_pc < min) min = start_pc;
1915 if (end_pc > max) max = end_pc;
1916 }
1917 }
1918
1919 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1920 int localvariable_table_length = _method->localvariable_table_length();
1921 if (localvariable_table_length > 0) {
1922 LocalVariableTableElement* table = _method->localvariable_table_start();
1923 for (int i = 0; i < localvariable_table_length; i++) {
1924 u2 start_bci = table[i].start_bci;
1925 u2 length = table[i].length;
1926
1927 if (start_bci >= code_length || code_data[start_bci] == 0) {
1928 class_format_error(
1929 "Illegal local variable table start_pc %d", start_bci);
1930 return;
1931 }
1932 u4 end_bci = (u4)(start_bci + length);
1933 if (end_bci != code_length) {
1934 if (end_bci >= code_length || code_data[end_bci] == 0) {
1935 class_format_error( "Illegal local variable table length %d", length);
1936 return;
1937 }
1938 }
1939 }
1940 }
1941 }
1942
1943 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1944 StackMapFrame* current_frame,
1945 StackMapTable* stackmap_table,
1946 bool no_control_flow, TRAPS) {
1947 if (stackmap_index < stackmap_table->get_frame_count()) {
1948 int this_offset = stackmap_table->get_offset(stackmap_index);
1949 if (no_control_flow && this_offset > bci) {
1950 verify_error(ErrorContext::missing_stackmap(bci),
1951 "Expecting a stack map frame");
1952 return 0;
1953 }
1954 if (this_offset == bci) {
1955 ErrorContext ctx;
1956 // See if current stack map can be assigned to the frame in table.
1957 // current_frame is the stackmap frame got from the last instruction.
1958 // If matched, current_frame will be updated by this method.
1959 bool matches = stackmap_table->match_stackmap(
1960 current_frame, this_offset, stackmap_index,
1961 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1962 if (!matches) {
1963 // report type error
1964 verify_error(ctx, "Instruction type does not match stack map");
1965 return 0;
1966 }
1967 stackmap_index++;
1968 } else if (this_offset < bci) {
1969 // current_offset should have met this_offset.
1970 class_format_error("Bad stack map offset %d", this_offset);
1971 return 0;
1972 }
1973 } else if (no_control_flow) {
1974 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1975 return 0;
1976 }
1977 return stackmap_index;
1978 }
1979
1980 // Since this method references the constant pool, call was_recursively_verified()
1981 // before calling this method to make sure a prior class load did not cause the
1982 // current class to get verified.
1983 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1984 StackMapFrame* current_frame,
1985 StackMapTable* stackmap_table, TRAPS) {
1986 constantPoolHandle cp (THREAD, _method->constants());
1987 ExceptionTable exhandlers(_method());
1988 int exlength = exhandlers.length();
1989 for(int i = 0; i < exlength; i++) {
1990 u2 start_pc = exhandlers.start_pc(i);
1991 u2 end_pc = exhandlers.end_pc(i);
1992 u2 handler_pc = exhandlers.handler_pc(i);
1993 int catch_type_index = exhandlers.catch_type_index(i);
1994 if(bci >= start_pc && bci < end_pc) {
1995 u1 flags = current_frame->flags();
1996 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1997 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1998 if (catch_type_index != 0) {
1999 if (was_recursively_verified()) return;
2000 // We know that this index refers to a subclass of Throwable
2001 VerificationType catch_type = cp_index_to_type(
2002 catch_type_index, cp, CHECK_VERIFY(this));
2003 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2004 } else {
2005 VerificationType throwable =
2006 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2007 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2008 }
2009 ErrorContext ctx;
2010 bool matches = stackmap_table->match_stackmap(
2011 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2012 if (!matches) {
2013 verify_error(ctx, "Stack map does not match the one at "
2014 "exception handler %d", handler_pc);
2015 return;
2016 }
2017 }
2018 }
2019 }
2020
2021 void ClassVerifier::verify_cp_index(
2022 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2023 int nconstants = cp->length();
2024 if ((index <= 0) || (index >= nconstants)) {
2025 verify_error(ErrorContext::bad_cp_index(bci, index),
2026 "Illegal constant pool index %d in class %s",
2027 index, cp->pool_holder()->external_name());
2028 return;
2029 }
2030 }
2031
2032 void ClassVerifier::verify_cp_type(
2033 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2034
2035 // In some situations, bytecode rewriting may occur while we're verifying.
2036 // In this case, a constant pool cache exists and some indices refer to that
2037 // instead. Be sure we don't pick up such indices by accident.
2038 // We must check was_recursively_verified() before we get here.
2039 guarantee(cp->cache() == nullptr, "not rewritten yet");
2040
2041 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2042 unsigned int tag = cp->tag_at(index).value();
2043 if ((types & (1 << tag)) == 0) {
2044 verify_error(ErrorContext::bad_cp_index(bci, index),
2045 "Illegal type at constant pool entry %d in class %s",
2046 index, cp->pool_holder()->external_name());
2047 return;
2048 }
2049 }
2050
2051 void ClassVerifier::verify_cp_class_type(
2052 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2053 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2054 constantTag tag = cp->tag_at(index);
2055 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2056 verify_error(ErrorContext::bad_cp_index(bci, index),
2057 "Illegal type at constant pool entry %d in class %s",
2058 index, cp->pool_holder()->external_name());
2059 return;
2060 }
2061 }
2062
2063 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2064 stringStream ss;
2065
2066 ctx.reset_frames();
2067 _exception_type = vmSymbols::java_lang_VerifyError();
2068 _error_context = ctx;
2069 va_list va;
2070 va_start(va, msg);
2071 ss.vprint(msg, va);
2072 va_end(va);
2073 _message = ss.as_string();
2074 #ifdef ASSERT
2075 ResourceMark rm;
2076 const char* exception_name = _exception_type->as_C_string();
2077 Exceptions::debug_check_abort(exception_name, nullptr);
2078 #endif // ndef ASSERT
2079 }
2080
2081 void ClassVerifier::class_format_error(const char* msg, ...) {
2082 stringStream ss;
2083 _exception_type = vmSymbols::java_lang_ClassFormatError();
2084 va_list va;
2085 va_start(va, msg);
2086 ss.vprint(msg, va);
2087 va_end(va);
2088 if (!_method.is_null()) {
2089 ss.print(" in method '");
2090 _method->print_external_name(&ss);
2091 ss.print("'");
2092 }
2093 _message = ss.as_string();
2094 }
2095
2096 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2097 HandleMark hm(THREAD);
2098 // Get current loader and protection domain first.
2099 oop loader = current_class()->class_loader();
2100 oop protection_domain = current_class()->protection_domain();
2101
2102 assert(name_in_supers(name, current_class()), "name should be a super class");
2103
2104 Klass* kls = SystemDictionary::resolve_or_fail(
2105 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2106 true, THREAD);
2107
2108 if (kls != nullptr) {
2109 if (log_is_enabled(Debug, class, resolve)) {
2110 Verifier::trace_class_resolution(kls, current_class());
2111 }
2112 }
2113 return kls;
2114 }
2115
2116 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2117 Klass* target_class,
2118 Symbol* field_name,
2119 Symbol* field_sig,
2120 bool is_method) {
2121 NoSafepointVerifier nosafepoint;
2122
2123 // If target class isn't a super class of this class, we don't worry about this case
2124 if (!this_class->is_subclass_of(target_class)) {
2125 return false;
2126 }
2127 // Check if the specified method or field is protected
2128 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2129 fieldDescriptor fd;
2130 if (is_method) {
2131 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2132 if (m != nullptr && m->is_protected()) {
2133 if (!this_class->is_same_class_package(m->method_holder())) {
2134 return true;
2135 }
2136 }
2137 } else {
2138 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2139 if (member_klass != nullptr && fd.is_protected()) {
2140 if (!this_class->is_same_class_package(member_klass)) {
2141 return true;
2142 }
2143 }
2144 }
2145 return false;
2146 }
2147
2148 void ClassVerifier::verify_ldc(
2149 int opcode, u2 index, StackMapFrame* current_frame,
2150 const constantPoolHandle& cp, int bci, TRAPS) {
2151 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2152 constantTag tag = cp->tag_at(index);
2153 unsigned int types = 0;
2154 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2155 if (!tag.is_unresolved_klass()) {
2156 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2157 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2158 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2159 | (1 << JVM_CONSTANT_Dynamic);
2160 // Note: The class file parser already verified the legality of
2161 // MethodHandle and MethodType constants.
2162 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2163 }
2164 } else {
2165 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2166 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2167 | (1 << JVM_CONSTANT_Dynamic);
2168 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2169 }
2170 if (tag.is_string()) {
2171 current_frame->push_stack(
2172 VerificationType::reference_type(
2173 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2174 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2175 current_frame->push_stack(
2176 VerificationType::reference_type(
2177 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2178 } else if (tag.is_int()) {
2179 current_frame->push_stack(
2180 VerificationType::integer_type(), CHECK_VERIFY(this));
2181 } else if (tag.is_float()) {
2182 current_frame->push_stack(
2183 VerificationType::float_type(), CHECK_VERIFY(this));
2184 } else if (tag.is_double()) {
2185 current_frame->push_stack_2(
2186 VerificationType::double_type(),
2187 VerificationType::double2_type(), CHECK_VERIFY(this));
2188 } else if (tag.is_long()) {
2189 current_frame->push_stack_2(
2190 VerificationType::long_type(),
2191 VerificationType::long2_type(), CHECK_VERIFY(this));
2192 } else if (tag.is_method_handle()) {
2193 current_frame->push_stack(
2194 VerificationType::reference_type(
2195 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2196 } else if (tag.is_method_type()) {
2197 current_frame->push_stack(
2198 VerificationType::reference_type(
2199 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2200 } else if (tag.is_dynamic_constant()) {
2201 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2202 // Field signature was checked in ClassFileParser.
2203 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2204 "Invalid type for dynamic constant");
2205 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2206 "buffer type must match VerificationType size");
2207 uintptr_t constant_type_buffer[2];
2208 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2209 SignatureStream sig_stream(constant_type, false);
2210 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2211 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2212 if (n != opcode_n) {
2213 // wrong kind of ldc; reverify against updated type mask
2214 types &= ~(1 << JVM_CONSTANT_Dynamic);
2215 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2216 }
2217 for (int i = 0; i < n; i++) {
2218 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2219 }
2220 } else {
2221 /* Unreachable? verify_cp_type has already validated the cp type. */
2222 verify_error(
2223 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2224 return;
2225 }
2226 }
2227
2228 void ClassVerifier::verify_switch(
2229 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2230 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2231 int bci = bcs->bci();
2232 address bcp = bcs->bcp();
2233 address aligned_bcp = align_up(bcp + 1, jintSize);
2234
2235 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2236 // 4639449 & 4647081: padding bytes must be 0
2237 u2 padding_offset = 1;
2238 while ((bcp + padding_offset) < aligned_bcp) {
2239 if(*(bcp + padding_offset) != 0) {
2240 verify_error(ErrorContext::bad_code(bci),
2241 "Nonzero padding byte in lookupswitch or tableswitch");
2242 return;
2243 }
2244 padding_offset++;
2245 }
2246 }
2247
2248 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2249 int keys, delta;
2250 current_frame->pop_stack(
2251 VerificationType::integer_type(), CHECK_VERIFY(this));
2252 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2253 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2254 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2255 if (low > high) {
2256 verify_error(ErrorContext::bad_code(bci),
2257 "low must be less than or equal to high in tableswitch");
2258 return;
2259 }
2260 keys = high - low + 1;
2261 if (keys < 0) {
2262 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2263 return;
2264 }
2265 delta = 1;
2266 } else {
2267 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2268 if (keys < 0) {
2269 verify_error(ErrorContext::bad_code(bci),
2270 "number of keys in lookupswitch less than 0");
2271 return;
2272 }
2273 delta = 2;
2274 // Make sure that the lookupswitch items are sorted
2275 for (int i = 0; i < (keys - 1); i++) {
2276 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2277 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2278 if (this_key >= next_key) {
2279 verify_error(ErrorContext::bad_code(bci),
2280 "Bad lookupswitch instruction");
2281 return;
2282 }
2283 }
2284 }
2285 int target = bci + default_offset;
2286 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2287 for (int i = 0; i < keys; i++) {
2288 // Because check_jump_target() may safepoint, the bytecode could have
2289 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2290 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2291 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2292 stackmap_table->check_jump_target(
2293 current_frame, target, CHECK_VERIFY(this));
2294 }
2295 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2296 }
2297
2298 bool ClassVerifier::name_in_supers(
2299 Symbol* ref_name, InstanceKlass* current) {
2300 Klass* super = current->super();
2301 while (super != nullptr) {
2302 if (super->name() == ref_name) {
2303 return true;
2304 }
2305 super = super->super();
2306 }
2307 return false;
2308 }
2309
2310 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2311 StackMapFrame* current_frame,
2312 const constantPoolHandle& cp,
2313 bool allow_arrays,
2314 TRAPS) {
2315 u2 index = bcs->get_index_u2();
2316 verify_cp_type(bcs->bci(), index, cp,
2317 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2318
2319 // Get field name and signature
2320 Symbol* field_name = cp->uncached_name_ref_at(index);
2321 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2322 bool is_getfield = false;
2323
2324 // Field signature was checked in ClassFileParser.
2325 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2326 "Invalid field signature");
2327
2328 // Get referenced class type
2329 VerificationType ref_class_type = cp_ref_index_to_type(
2330 index, cp, CHECK_VERIFY(this));
2331 if (!ref_class_type.is_object() &&
2332 (!allow_arrays || !ref_class_type.is_array())) {
2333 verify_error(ErrorContext::bad_type(bcs->bci(),
2334 TypeOrigin::cp(index, ref_class_type)),
2335 "Expecting reference to class in class %s at constant pool index %d",
2336 _klass->external_name(), index);
2337 return;
2338 }
2339 VerificationType target_class_type = ref_class_type;
2340
2341 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2342 "buffer type must match VerificationType size");
2343 uintptr_t field_type_buffer[2];
2344 VerificationType* field_type = (VerificationType*)field_type_buffer;
2345 // If we make a VerificationType[2] array directly, the compiler calls
2346 // to the c-runtime library to do the allocation instead of just
2347 // stack allocating it. Plus it would run constructors. This shows up
2348 // in performance profiles.
2349
2350 SignatureStream sig_stream(field_sig, false);
2351 VerificationType stack_object_type;
2352 int n = change_sig_to_verificationType(&sig_stream, field_type);
2353 int bci = bcs->bci();
2354 bool is_assignable;
2355 switch (bcs->raw_code()) {
2356 case Bytecodes::_getstatic: {
2357 for (int i = 0; i < n; i++) {
2358 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2359 }
2360 break;
2361 }
2362 case Bytecodes::_putstatic: {
2363 for (int i = n - 1; i >= 0; i--) {
2364 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2365 }
2366 break;
2367 }
2368 case Bytecodes::_getfield: {
2369 is_getfield = true;
2370 stack_object_type = current_frame->pop_stack(
2371 target_class_type, CHECK_VERIFY(this));
2372 goto check_protected;
2373 }
2374 case Bytecodes::_putfield: {
2375 for (int i = n - 1; i >= 0; i--) {
2376 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2377 }
2378 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2379
2380 // The JVMS 2nd edition allows field initialization before the superclass
2381 // initializer, if the field is defined within the current class.
2382 fieldDescriptor fd;
2383 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2384 target_class_type.equals(current_type()) &&
2385 _klass->find_local_field(field_name, field_sig, &fd)) {
2386 stack_object_type = current_type();
2387 }
2388 is_assignable = target_class_type.is_assignable_from(
2389 stack_object_type, this, false, CHECK_VERIFY(this));
2390 if (!is_assignable) {
2391 verify_error(ErrorContext::bad_type(bci,
2392 current_frame->stack_top_ctx(),
2393 TypeOrigin::cp(index, target_class_type)),
2394 "Bad type on operand stack in putfield");
2395 return;
2396 }
2397 }
2398 check_protected: {
2399 if (_this_type == stack_object_type)
2400 break; // stack_object_type must be assignable to _current_class_type
2401 if (was_recursively_verified()) {
2402 if (is_getfield) {
2403 // Push field type for getfield.
2404 for (int i = 0; i < n; i++) {
2405 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2406 }
2407 }
2408 return;
2409 }
2410 Symbol* ref_class_name =
2411 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2412 if (!name_in_supers(ref_class_name, current_class()))
2413 // stack_object_type must be assignable to _current_class_type since:
2414 // 1. stack_object_type must be assignable to ref_class.
2415 // 2. ref_class must be _current_class or a subclass of it. It can't
2416 // be a superclass of it. See revised JVMS 5.4.4.
2417 break;
2418
2419 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2420 if (is_protected_access(current_class(), ref_class_oop, field_name,
2421 field_sig, false)) {
2422 // It's protected access, check if stack object is assignable to
2423 // current class.
2424 is_assignable = current_type().is_assignable_from(
2425 stack_object_type, this, true, CHECK_VERIFY(this));
2426 if (!is_assignable) {
2427 verify_error(ErrorContext::bad_type(bci,
2428 current_frame->stack_top_ctx(),
2429 TypeOrigin::implicit(current_type())),
2430 "Bad access to protected data in %s",
2431 is_getfield ? "getfield" : "putfield");
2432 return;
2433 }
2434 }
2435 break;
2436 }
2437 default: ShouldNotReachHere();
2438 }
2439 if (is_getfield) {
2440 // Push field type for getfield after doing protection check.
2441 for (int i = 0; i < n; i++) {
2442 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2443 }
2444 }
2445 }
2446
2447 // Look at the method's handlers. If the bci is in the handler's try block
2448 // then check if the handler_pc is already on the stack. If not, push it
2449 // unless the handler has already been scanned.
2450 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2451 GrowableArray<u4>* handler_list,
2452 GrowableArray<u4>* handler_stack,
2453 u4 bci) {
2454 int exlength = exhandlers->length();
2455 for(int x = 0; x < exlength; x++) {
2456 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2457 u4 exhandler_pc = exhandlers->handler_pc(x);
2458 if (!handler_list->contains(exhandler_pc)) {
2459 handler_stack->append_if_missing(exhandler_pc);
2460 handler_list->append(exhandler_pc);
2461 }
2462 }
2463 }
2464 }
2465
2466 // Return TRUE if all code paths starting with start_bc_offset end in
2467 // bytecode athrow or loop.
2468 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2469 ResourceMark rm;
2470 // Create bytecode stream.
2471 RawBytecodeStream bcs(method());
2472 int code_length = method()->code_size();
2473 bcs.set_start(start_bc_offset);
2474
2475 // Create stack for storing bytecode start offsets for if* and *switch.
2476 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2477 // Create stack for handlers for try blocks containing this handler.
2478 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2479 // Create list of handlers that have been pushed onto the handler_stack
2480 // so that handlers embedded inside of their own TRY blocks only get
2481 // scanned once.
2482 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2483 // Create list of visited branch opcodes (goto* and if*).
2484 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2485 ExceptionTable exhandlers(_method());
2486
2487 while (true) {
2488 if (bcs.is_last_bytecode()) {
2489 // if no more starting offsets to parse or if at the end of the
2490 // method then return false.
2491 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2492 return false;
2493 // Pop a bytecode starting offset and scan from there.
2494 bcs.set_start(bci_stack->pop());
2495 }
2496 Bytecodes::Code opcode = bcs.raw_next();
2497 int bci = bcs.bci();
2498
2499 // If the bytecode is in a TRY block, push its handlers so they
2500 // will get parsed.
2501 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2502
2503 switch (opcode) {
2504 case Bytecodes::_if_icmpeq:
2505 case Bytecodes::_if_icmpne:
2506 case Bytecodes::_if_icmplt:
2507 case Bytecodes::_if_icmpge:
2508 case Bytecodes::_if_icmpgt:
2509 case Bytecodes::_if_icmple:
2510 case Bytecodes::_ifeq:
2511 case Bytecodes::_ifne:
2512 case Bytecodes::_iflt:
2513 case Bytecodes::_ifge:
2514 case Bytecodes::_ifgt:
2515 case Bytecodes::_ifle:
2516 case Bytecodes::_if_acmpeq:
2517 case Bytecodes::_if_acmpne:
2518 case Bytecodes::_ifnull:
2519 case Bytecodes::_ifnonnull: {
2520 int target = bcs.dest();
2521 if (visited_branches->contains(bci)) {
2522 if (bci_stack->is_empty()) {
2523 if (handler_stack->is_empty()) {
2524 return true;
2525 } else {
2526 // Parse the catch handlers for try blocks containing athrow.
2527 bcs.set_start(handler_stack->pop());
2528 }
2529 } else {
2530 // Pop a bytecode starting offset and scan from there.
2531 bcs.set_start(bci_stack->pop());
2532 }
2533 } else {
2534 if (target > bci) { // forward branch
2535 if (target >= code_length) return false;
2536 // Push the branch target onto the stack.
2537 bci_stack->push(target);
2538 // then, scan bytecodes starting with next.
2539 bcs.set_start(bcs.next_bci());
2540 } else { // backward branch
2541 // Push bytecode offset following backward branch onto the stack.
2542 bci_stack->push(bcs.next_bci());
2543 // Check bytecodes starting with branch target.
2544 bcs.set_start(target);
2545 }
2546 // Record target so we don't branch here again.
2547 visited_branches->append(bci);
2548 }
2549 break;
2550 }
2551
2552 case Bytecodes::_goto:
2553 case Bytecodes::_goto_w: {
2554 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2555 if (visited_branches->contains(bci)) {
2556 if (bci_stack->is_empty()) {
2557 if (handler_stack->is_empty()) {
2558 return true;
2559 } else {
2560 // Parse the catch handlers for try blocks containing athrow.
2561 bcs.set_start(handler_stack->pop());
2562 }
2563 } else {
2564 // Been here before, pop new starting offset from stack.
2565 bcs.set_start(bci_stack->pop());
2566 }
2567 } else {
2568 if (target >= code_length) return false;
2569 // Continue scanning from the target onward.
2570 bcs.set_start(target);
2571 // Record target so we don't branch here again.
2572 visited_branches->append(bci);
2573 }
2574 break;
2575 }
2576
2577 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2578 // is difficult to determine where each switch alternative ends, parse
2579 // each switch alternative until either hit a 'return', 'athrow', or reach
2580 // the end of the method's bytecodes. This is gross but should be okay
2581 // because:
2582 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2583 // constructor invocations should be rare.
2584 // 2. if each switch alternative ends in an athrow then the parsing should be
2585 // short. If there is no athrow then it is bogus code, anyway.
2586 case Bytecodes::_lookupswitch:
2587 case Bytecodes::_tableswitch:
2588 {
2589 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2590 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2591 int keys, delta;
2592 if (opcode == Bytecodes::_tableswitch) {
2593 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2594 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2595 // This is invalid, but let the regular bytecode verifier
2596 // report this because the user will get a better error message.
2597 if (low > high) return true;
2598 keys = high - low + 1;
2599 delta = 1;
2600 } else {
2601 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2602 delta = 2;
2603 }
2604 // Invalid, let the regular bytecode verifier deal with it.
2605 if (keys < 0) return true;
2606
2607 // Push the offset of the next bytecode onto the stack.
2608 bci_stack->push(bcs.next_bci());
2609
2610 // Push the switch alternatives onto the stack.
2611 for (int i = 0; i < keys; i++) {
2612 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2613 if (target > code_length) return false;
2614 bci_stack->push(target);
2615 }
2616
2617 // Start bytecode parsing for the switch at the default alternative.
2618 if (default_offset > code_length) return false;
2619 bcs.set_start(default_offset);
2620 break;
2621 }
2622
2623 case Bytecodes::_return:
2624 return false;
2625
2626 case Bytecodes::_athrow:
2627 {
2628 if (bci_stack->is_empty()) {
2629 if (handler_stack->is_empty()) {
2630 return true;
2631 } else {
2632 // Parse the catch handlers for try blocks containing athrow.
2633 bcs.set_start(handler_stack->pop());
2634 }
2635 } else {
2636 // Pop a bytecode offset and starting scanning from there.
2637 bcs.set_start(bci_stack->pop());
2638 }
2639 }
2640 break;
2641
2642 default:
2643 ;
2644 } // end switch
2645 } // end while loop
2646
2647 return false;
2648 }
2649
2650 void ClassVerifier::verify_invoke_init(
2651 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2652 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2653 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2654 TRAPS) {
2655 int bci = bcs->bci();
2656 VerificationType type = current_frame->pop_stack(
2657 VerificationType::reference_check(), CHECK_VERIFY(this));
2658 if (type == VerificationType::uninitialized_this_type()) {
2659 // The method must be an <init> method of this class or its superclass
2660 Klass* superk = current_class()->super();
2661 if (ref_class_type.name() != current_class()->name() &&
2662 ref_class_type.name() != superk->name()) {
2663 verify_error(ErrorContext::bad_type(bci,
2664 TypeOrigin::implicit(ref_class_type),
2665 TypeOrigin::implicit(current_type())),
2666 "Bad <init> method call");
2667 return;
2668 }
2669
2670 // If this invokespecial call is done from inside of a TRY block then make
2671 // sure that all catch clause paths end in a throw. Otherwise, this can
2672 // result in returning an incomplete object.
2673 if (in_try_block) {
2674 ExceptionTable exhandlers(_method());
2675 int exlength = exhandlers.length();
2676 for(int i = 0; i < exlength; i++) {
2677 u2 start_pc = exhandlers.start_pc(i);
2678 u2 end_pc = exhandlers.end_pc(i);
2679
2680 if (bci >= start_pc && bci < end_pc) {
2681 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2682 verify_error(ErrorContext::bad_code(bci),
2683 "Bad <init> method call from after the start of a try block");
2684 return;
2685 } else if (log_is_enabled(Debug, verification)) {
2686 ResourceMark rm(THREAD);
2687 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2688 current_class()->name()->as_C_string());
2689 }
2690 }
2691 }
2692
2693 // Check the exception handler target stackmaps with the locals from the
2694 // incoming stackmap (before initialize_object() changes them to outgoing
2695 // state).
2696 if (was_recursively_verified()) return;
2697 verify_exception_handler_targets(bci, true, current_frame,
2698 stackmap_table, CHECK_VERIFY(this));
2699 } // in_try_block
2700
2701 current_frame->initialize_object(type, current_type());
2702 *this_uninit = true;
2703 } else if (type.is_uninitialized()) {
2704 u2 new_offset = type.bci();
2705 address new_bcp = bcs->bcp() - bci + new_offset;
2706 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2707 /* Unreachable? Stack map parsing ensures valid type and new
2708 * instructions have a valid BCI. */
2709 verify_error(ErrorContext::bad_code(new_offset),
2710 "Expecting new instruction");
2711 return;
2712 }
2713 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2714 if (was_recursively_verified()) return;
2715 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2716
2717 // The method must be an <init> method of the indicated class
2718 VerificationType new_class_type = cp_index_to_type(
2719 new_class_index, cp, CHECK_VERIFY(this));
2720 if (!new_class_type.equals(ref_class_type)) {
2721 verify_error(ErrorContext::bad_type(bci,
2722 TypeOrigin::cp(new_class_index, new_class_type),
2723 TypeOrigin::cp(ref_class_index, ref_class_type)),
2724 "Call to wrong <init> method");
2725 return;
2726 }
2727 // According to the VM spec, if the referent class is a superclass of the
2728 // current class, and is in a different runtime package, and the method is
2729 // protected, then the objectref must be the current class or a subclass
2730 // of the current class.
2731 VerificationType objectref_type = new_class_type;
2732 if (name_in_supers(ref_class_type.name(), current_class())) {
2733 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2734 if (was_recursively_verified()) return;
2735 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2736 vmSymbols::object_initializer_name(),
2737 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2738 Klass::OverpassLookupMode::find);
2739 // Do nothing if method is not found. Let resolution detect the error.
2740 if (m != nullptr) {
2741 InstanceKlass* mh = m->method_holder();
2742 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2743 bool assignable = current_type().is_assignable_from(
2744 objectref_type, this, true, CHECK_VERIFY(this));
2745 if (!assignable) {
2746 verify_error(ErrorContext::bad_type(bci,
2747 TypeOrigin::cp(new_class_index, objectref_type),
2748 TypeOrigin::implicit(current_type())),
2749 "Bad access to protected <init> method");
2750 return;
2751 }
2752 }
2753 }
2754 }
2755 // Check the exception handler target stackmaps with the locals from the
2756 // incoming stackmap (before initialize_object() changes them to outgoing
2757 // state).
2758 if (in_try_block) {
2759 if (was_recursively_verified()) return;
2760 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2761 stackmap_table, CHECK_VERIFY(this));
2762 }
2763 current_frame->initialize_object(type, new_class_type);
2764 } else {
2765 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2766 "Bad operand type when invoking <init>");
2767 return;
2768 }
2769 }
2770
2771 bool ClassVerifier::is_same_or_direct_interface(
2772 InstanceKlass* klass,
2773 VerificationType klass_type,
2774 VerificationType ref_class_type) {
2775 if (ref_class_type.equals(klass_type)) return true;
2776 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2777 if (local_interfaces != nullptr) {
2778 for (int x = 0; x < local_interfaces->length(); x++) {
2779 InstanceKlass* k = local_interfaces->at(x);
2780 assert (k != nullptr && k->is_interface(), "invalid interface");
2781 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2782 return true;
2783 }
2784 }
2785 }
2786 return false;
2787 }
2788
2789 void ClassVerifier::verify_invoke_instructions(
2790 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2791 bool in_try_block, bool *this_uninit, VerificationType return_type,
2792 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2793 // Make sure the constant pool item is the right type
2794 u2 index = bcs->get_index_u2();
2795 Bytecodes::Code opcode = bcs->raw_code();
2796 unsigned int types = 0;
2797 switch (opcode) {
2798 case Bytecodes::_invokeinterface:
2799 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2800 break;
2801 case Bytecodes::_invokedynamic:
2802 types = 1 << JVM_CONSTANT_InvokeDynamic;
2803 break;
2804 case Bytecodes::_invokespecial:
2805 case Bytecodes::_invokestatic:
2806 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2807 (1 << JVM_CONSTANT_Methodref) :
2808 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2809 break;
2810 default:
2811 types = 1 << JVM_CONSTANT_Methodref;
2812 }
2813 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2814
2815 // Get method name and signature
2816 Symbol* method_name = cp->uncached_name_ref_at(index);
2817 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2818
2819 // Method signature was checked in ClassFileParser.
2820 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2821 "Invalid method signature");
2822
2823 // Get referenced class type
2824 VerificationType ref_class_type;
2825 if (opcode == Bytecodes::_invokedynamic) {
2826 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2827 class_format_error(
2828 "invokedynamic instructions not supported by this class file version (%d), class %s",
2829 _klass->major_version(), _klass->external_name());
2830 return;
2831 }
2832 } else {
2833 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2834 }
2835
2836 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2837 "buffer type must match VerificationType size");
2838
2839 // Get the UTF8 index for this signature.
2840 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2841
2842 // Get the signature's verification types.
2843 sig_as_verification_types* mth_sig_verif_types;
2844 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2845 if (mth_sig_verif_types_ptr != nullptr) {
2846 // Found the entry for the signature's verification types in the hash table.
2847 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2848 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2849 } else {
2850 // Not found, add the entry to the table.
2851 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2852 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2853 create_method_sig_entry(mth_sig_verif_types, sig_index);
2854 }
2855
2856 // Get the number of arguments for this signature.
2857 int nargs = mth_sig_verif_types->num_args();
2858
2859 // Check instruction operands
2860 int bci = bcs->bci();
2861 if (opcode == Bytecodes::_invokeinterface) {
2862 address bcp = bcs->bcp();
2863 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2864 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2865 // the difference between the size of the operand stack before and after the instruction
2866 // executes.
2867 if (*(bcp+3) != (nargs+1)) {
2868 verify_error(ErrorContext::bad_code(bci),
2869 "Inconsistent args count operand in invokeinterface");
2870 return;
2871 }
2872 if (*(bcp+4) != 0) {
2873 verify_error(ErrorContext::bad_code(bci),
2874 "Fourth operand byte of invokeinterface must be zero");
2875 return;
2876 }
2877 }
2878
2879 if (opcode == Bytecodes::_invokedynamic) {
2880 address bcp = bcs->bcp();
2881 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2882 verify_error(ErrorContext::bad_code(bci),
2883 "Third and fourth operand bytes of invokedynamic must be zero");
2884 return;
2885 }
2886 }
2887
2888 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2889 // Make sure <init> can only be invoked by invokespecial
2890 if (opcode != Bytecodes::_invokespecial ||
2891 method_name != vmSymbols::object_initializer_name()) {
2892 verify_error(ErrorContext::bad_code(bci),
2893 "Illegal call to internal method");
2894 return;
2895 }
2896 } else if (opcode == Bytecodes::_invokespecial
2897 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2898 && !ref_class_type.equals(VerificationType::reference_type(
2899 current_class()->super()->name()))) {
2900 bool subtype = false;
2901 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2902 subtype = ref_class_type.is_assignable_from(
2903 current_type(), this, false, CHECK_VERIFY(this));
2904 if (!subtype) {
2905 verify_error(ErrorContext::bad_code(bci),
2906 "Bad invokespecial instruction: "
2907 "current class isn't assignable to reference class.");
2908 return;
2909 } else if (have_imr_indirect) {
2910 verify_error(ErrorContext::bad_code(bci),
2911 "Bad invokespecial instruction: "
2912 "interface method reference is in an indirect superinterface.");
2913 return;
2914 }
2915
2916 }
2917
2918 // Get the verification types for the method's arguments.
2919 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2920 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2921 // Match method descriptor with operand stack
2922 // The arguments are on the stack in descending order.
2923 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2924 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2925 }
2926
2927 // Check objectref on operand stack
2928 if (opcode != Bytecodes::_invokestatic &&
2929 opcode != Bytecodes::_invokedynamic) {
2930 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2931 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2932 code_length, in_try_block, this_uninit, cp, stackmap_table,
2933 CHECK_VERIFY(this));
2934 if (was_recursively_verified()) return;
2935 } else { // other methods
2936 // Ensures that target class is assignable to method class.
2937 if (opcode == Bytecodes::_invokespecial) {
2938 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2939 } else if (opcode == Bytecodes::_invokevirtual) {
2940 VerificationType stack_object_type =
2941 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2942 if (current_type() != stack_object_type) {
2943 if (was_recursively_verified()) return;
2944 assert(cp->cache() == nullptr, "not rewritten yet");
2945 Symbol* ref_class_name =
2946 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2947 // See the comments in verify_field_instructions() for
2948 // the rationale behind this.
2949 if (name_in_supers(ref_class_name, current_class())) {
2950 Klass* ref_class = load_class(ref_class_name, CHECK);
2951 if (is_protected_access(
2952 _klass, ref_class, method_name, method_sig, true)) {
2953 // It's protected access, check if stack object is
2954 // assignable to current class.
2955 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2956 && stack_object_type.is_array()
2957 && method_name == vmSymbols::clone_name()) {
2958 // Special case: arrays pretend to implement public Object
2959 // clone().
2960 } else {
2961 bool is_assignable = current_type().is_assignable_from(
2962 stack_object_type, this, true, CHECK_VERIFY(this));
2963 if (!is_assignable) {
2964 verify_error(ErrorContext::bad_type(bci,
2965 current_frame->stack_top_ctx(),
2966 TypeOrigin::implicit(current_type())),
2967 "Bad access to protected data in invokevirtual");
2968 return;
2969 }
2970 }
2971 }
2972 }
2973 }
2974 } else {
2975 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2976 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2977 }
2978 }
2979 }
2980 // Push the result type.
2981 int sig_verif_types_len = sig_verif_types->length();
2982 if (sig_verif_types_len > nargs) { // There's a return type
2983 if (method_name == vmSymbols::object_initializer_name()) {
2984 // <init> method must have a void return type
2985 /* Unreachable? Class file parser verifies that methods with '<' have
2986 * void return */
2987 verify_error(ErrorContext::bad_code(bci),
2988 "Return type must be void in <init> method");
2989 return;
2990 }
2991
2992 assert(sig_verif_types_len <= nargs + 2,
2993 "Signature verification types array return type is bogus");
2994 for (int i = nargs; i < sig_verif_types_len; i++) {
2995 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2996 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2997 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2998 }
2999 }
3000 }
3001
3002 VerificationType ClassVerifier::get_newarray_type(
3003 u2 index, int bci, TRAPS) {
3004 const char* from_bt[] = {
3005 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3006 };
3007 if (index < T_BOOLEAN || index > T_LONG) {
3008 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3009 return VerificationType::bogus_type();
3010 }
3011
3012 // from_bt[index] contains the array signature which has a length of 2
3013 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3014 return VerificationType::reference_type(sig);
3015 }
3016
3017 void ClassVerifier::verify_anewarray(
3018 int bci, u2 index, const constantPoolHandle& cp,
3019 StackMapFrame* current_frame, TRAPS) {
3020 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3021 current_frame->pop_stack(
3022 VerificationType::integer_type(), CHECK_VERIFY(this));
3023
3024 if (was_recursively_verified()) return;
3025 VerificationType component_type =
3026 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3027 int length;
3028 char* arr_sig_str;
3029 if (component_type.is_array()) { // it's an array
3030 const char* component_name = component_type.name()->as_utf8();
3031 // Check for more than MAX_ARRAY_DIMENSIONS
3032 length = (int)strlen(component_name);
3033 if (length > MAX_ARRAY_DIMENSIONS &&
3034 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3035 verify_error(ErrorContext::bad_code(bci),
3036 "Illegal anewarray instruction, array has more than 255 dimensions");
3037 }
3038 // add one dimension to component
3039 length++;
3040 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3041 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3042 JVM_SIGNATURE_ARRAY, component_name);
3043 assert(n == length, "Unexpected number of characters in string");
3044 } else { // it's an object or interface
3045 const char* component_name = component_type.name()->as_utf8();
3046 // add one dimension to component with 'L' prepended and ';' postpended.
3047 length = (int)strlen(component_name) + 3;
3048 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3049 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3050 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3051 assert(n == length, "Unexpected number of characters in string");
3052 }
3053 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3054 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3055 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3056 }
3057
3058 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3059 current_frame->get_local(
3060 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3061 current_frame->push_stack(
3062 VerificationType::integer_type(), CHECK_VERIFY(this));
3063 }
3064
3065 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3066 current_frame->get_local_2(
3067 index, VerificationType::long_type(),
3068 VerificationType::long2_type(), CHECK_VERIFY(this));
3069 current_frame->push_stack_2(
3070 VerificationType::long_type(),
3071 VerificationType::long2_type(), CHECK_VERIFY(this));
3072 }
3073
3074 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3075 current_frame->get_local(
3076 index, VerificationType::float_type(), CHECK_VERIFY(this));
3077 current_frame->push_stack(
3078 VerificationType::float_type(), CHECK_VERIFY(this));
3079 }
3080
3081 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3082 current_frame->get_local_2(
3083 index, VerificationType::double_type(),
3084 VerificationType::double2_type(), CHECK_VERIFY(this));
3085 current_frame->push_stack_2(
3086 VerificationType::double_type(),
3087 VerificationType::double2_type(), CHECK_VERIFY(this));
3088 }
3089
3090 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3091 VerificationType type = current_frame->get_local(
3092 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3093 current_frame->push_stack(type, CHECK_VERIFY(this));
3094 }
3095
3096 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3097 current_frame->pop_stack(
3098 VerificationType::integer_type(), CHECK_VERIFY(this));
3099 current_frame->set_local(
3100 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3101 }
3102
3103 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3104 current_frame->pop_stack_2(
3105 VerificationType::long2_type(),
3106 VerificationType::long_type(), CHECK_VERIFY(this));
3107 current_frame->set_local_2(
3108 index, VerificationType::long_type(),
3109 VerificationType::long2_type(), CHECK_VERIFY(this));
3110 }
3111
3112 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3113 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3114 current_frame->set_local(
3115 index, VerificationType::float_type(), CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3119 current_frame->pop_stack_2(
3120 VerificationType::double2_type(),
3121 VerificationType::double_type(), CHECK_VERIFY(this));
3122 current_frame->set_local_2(
3123 index, VerificationType::double_type(),
3124 VerificationType::double2_type(), CHECK_VERIFY(this));
3125 }
3126
3127 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3128 VerificationType type = current_frame->pop_stack(
3129 VerificationType::reference_check(), CHECK_VERIFY(this));
3130 current_frame->set_local(index, type, CHECK_VERIFY(this));
3131 }
3132
3133 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3134 VerificationType type = current_frame->get_local(
3135 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3136 current_frame->set_local(index, type, CHECK_VERIFY(this));
3137 }
3138
3139 void ClassVerifier::verify_return_value(
3140 VerificationType return_type, VerificationType type, int bci,
3141 StackMapFrame* current_frame, TRAPS) {
3142 if (return_type == VerificationType::bogus_type()) {
3143 verify_error(ErrorContext::bad_type(bci,
3144 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3145 "Method does not expect a return value");
3146 return;
3147 }
3148 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3149 if (!match) {
3150 verify_error(ErrorContext::bad_type(bci,
3151 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3152 "Bad return type");
3153 return;
3154 }
3155 }
3156
3157 // The verifier creates symbols which are substrings of Symbols.
3158 // These are stored in the verifier until the end of verification so that
3159 // they can be reference counted.
3160 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3161 // Quick deduplication check
3162 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3163 return _previous_symbol;
3164 }
3165 Symbol* sym = SymbolTable::new_symbol(name, length);
3166 if (!sym->is_permanent()) {
3167 if (_symbols == nullptr) {
3168 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3169 }
3170 _symbols->push(sym);
3171 }
3172 _previous_symbol = sym;
3173 return sym;
3174 }