1 /*
   2  * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "cds/cdsConfig.hpp"
  27 #include "classfile/classFileStream.hpp"
  28 #include "classfile/classLoader.hpp"
  29 #include "classfile/javaClasses.hpp"
  30 #include "classfile/stackMapTable.hpp"
  31 #include "classfile/stackMapFrame.hpp"
  32 #include "classfile/stackMapTableFormat.hpp"
  33 #include "classfile/symbolTable.hpp"
  34 #include "classfile/systemDictionary.hpp"
  35 #include "classfile/systemDictionaryShared.hpp"
  36 #include "classfile/verifier.hpp"
  37 #include "classfile/vmClasses.hpp"
  38 #include "classfile/vmSymbols.hpp"
  39 #include "interpreter/bytecodes.hpp"
  40 #include "interpreter/bytecodeStream.hpp"
  41 #include "jvm.h"
  42 #include "logging/log.hpp"
  43 #include "logging/logStream.hpp"
  44 #include "memory/oopFactory.hpp"
  45 #include "memory/resourceArea.hpp"
  46 #include "memory/universe.hpp"
  47 #include "oops/constantPool.inline.hpp"
  48 #include "oops/instanceKlass.inline.hpp"
  49 #include "oops/klass.inline.hpp"
  50 #include "oops/oop.inline.hpp"
  51 #include "oops/typeArrayOop.hpp"
  52 #include "runtime/arguments.hpp"
  53 #include "runtime/fieldDescriptor.hpp"
  54 #include "runtime/handles.inline.hpp"
  55 #include "runtime/interfaceSupport.inline.hpp"
  56 #include "runtime/javaCalls.hpp"
  57 #include "runtime/javaThread.hpp"
  58 #include "runtime/jniHandles.inline.hpp"
  59 #include "runtime/os.hpp"
  60 #include "runtime/safepointVerifiers.hpp"
  61 #include "services/threadService.hpp"
  62 #include "utilities/align.hpp"
  63 #include "utilities/bytes.hpp"
  64 
  65 #define NOFAILOVER_MAJOR_VERSION                       51
  66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  68 #define MAX_ARRAY_DIMENSIONS 255
  69 
  70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  71 
  72 extern "C" {
  73   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  74 }
  75 
  76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  77 
  78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  79 
  80   if (_verify_byte_codes_fn != nullptr)
  81     return _verify_byte_codes_fn;
  82 
  83   MutexLocker locker(Verify_lock);
  84 
  85   if (_verify_byte_codes_fn != nullptr)
  86     return _verify_byte_codes_fn;
  87 
  88   // Load verify dll
  89   char buffer[JVM_MAXPATHLEN];
  90   char ebuf[1024];
  91   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  92     return nullptr; // Caller will throw VerifyError
  93 
  94   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  95   if (lib_handle == nullptr)
  96     return nullptr; // Caller will throw VerifyError
  97 
  98   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  99   if (fn == nullptr)
 100     return nullptr; // Caller will throw VerifyError
 101 
 102   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 103 }
 104 
 105 
 106 // Methods in Verifier
 107 
 108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 109   return (class_loader == nullptr || !should_verify_class) ?
 110     BytecodeVerificationLocal : BytecodeVerificationRemote;
 111 }
 112 
 113 bool Verifier::relax_access_for(oop loader) {
 114   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 115   bool need_verify =
 116     // verifyAll
 117     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 118     // verifyRemote
 119     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 120   return !need_verify;
 121 }
 122 
 123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 124   assert(verify_class != nullptr, "Unexpected null verify_class");
 125   ResourceMark rm;
 126   Symbol* s = verify_class->source_file_name();
 127   const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
 128   const char* verify = verify_class->external_name();
 129   const char* resolve = resolve_class->external_name();
 130   // print in a single call to reduce interleaving between threads
 131   if (source_file != nullptr) {
 132     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 133   } else {
 134     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 135   }
 136 }
 137 
 138 // Prints the end-verification message to the appropriate output.
 139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 140   if (pending_exception != nullptr) {
 141     st->print("Verification for %s has", klassName);
 142     oop message = java_lang_Throwable::message(pending_exception);
 143     if (message != nullptr) {
 144       char* ex_msg = java_lang_String::as_utf8_string(message);
 145       st->print_cr(" exception pending '%s %s'",
 146                    pending_exception->klass()->external_name(), ex_msg);
 147     } else {
 148       st->print_cr(" exception pending %s ",
 149                    pending_exception->klass()->external_name());
 150     }
 151   } else if (exception_name != nullptr) {
 152     st->print_cr("Verification for %s failed", klassName);
 153   }
 154   st->print_cr("End class verification for: %s", klassName);
 155 }
 156 
 157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 158   HandleMark hm(THREAD);
 159   ResourceMark rm(THREAD);
 160 
 161   // Eagerly allocate the identity hash code for a klass. This is a fallout
 162   // from 6320749 and 8059924: hash code generator is not supposed to be called
 163   // during the safepoint, but it allows to sneak the hashcode in during
 164   // verification. Without this eager hashcode generation, we may end up
 165   // installing the hashcode during some other operation, which may be at
 166   // safepoint -- blowing up the checks. It was previously done as the side
 167   // effect (sic!) for external_name(), but instead of doing that, we opt to
 168   // explicitly push the hashcode in here. This is signify the following block
 169   // is IMPORTANT:
 170   if (klass->java_mirror() != nullptr) {
 171     klass->java_mirror()->identity_hash();
 172   }
 173 
 174   if (!is_eligible_for_verification(klass, should_verify_class)) {
 175     return true;
 176   }
 177 
 178   // Timer includes any side effects of class verification (resolution,
 179   // etc), but not recursive calls to Verifier::verify().
 180   JavaThread* jt = THREAD;
 181   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 182                            ClassLoader::perf_class_verify_selftime(),
 183                            ClassLoader::perf_classes_verified(),
 184                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 185                            jt->get_thread_stat()->perf_timers_addr(),
 186                            PerfClassTraceTime::CLASS_VERIFY);
 187 
 188   // If the class should be verified, first see if we can use the split
 189   // verifier.  If not, or if verification fails and can failover, then
 190   // call the inference verifier.
 191   Symbol* exception_name = nullptr;
 192   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 193   char* message_buffer = nullptr;
 194   char* exception_message = nullptr;
 195 
 196   log_info(class, init)("Start class verification for: %s", klass->external_name());
 197   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 198     ClassVerifier split_verifier(jt, klass);
 199     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 200     split_verifier.verify_class(THREAD);
 201     exception_name = split_verifier.result();
 202 
 203     // If dumping static archive then don't fall back to the old verifier on
 204     // verification failure. If a class fails verification with the split verifier,
 205     // it might fail the CDS runtime verifier constraint check. In that case, we
 206     // don't want to share the class. We only archive classes that pass the split
 207     // verifier.
 208     bool can_failover = !CDSConfig::is_dumping_static_archive() &&
 209       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 210 
 211     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 212         (exception_name == vmSymbols::java_lang_VerifyError() ||
 213          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 214       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 215       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 216       // Exclude any classes that fail over during dynamic dumping
 217       if (CDSConfig::is_dumping_dynamic_archive()) {
 218         SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
 219         SystemDictionaryShared::set_excluded(klass);
 220       }
 221       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 222       exception_message = message_buffer;
 223       exception_name = inference_verify(
 224         klass, message_buffer, message_buffer_len, THREAD);
 225     }
 226     if (exception_name != nullptr) {
 227       exception_message = split_verifier.exception_message();
 228     }
 229   } else {
 230     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 231     exception_message = message_buffer;
 232     exception_name = inference_verify(
 233         klass, message_buffer, message_buffer_len, THREAD);
 234   }
 235 
 236   LogTarget(Info, class, init) lt1;
 237   if (lt1.is_enabled()) {
 238     LogStream ls(lt1);
 239     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 240   }
 241   LogTarget(Info, verification) lt2;
 242   if (lt2.is_enabled()) {
 243     LogStream ls(lt2);
 244     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 245   }
 246 
 247   if (HAS_PENDING_EXCEPTION) {
 248     return false; // use the existing exception
 249   } else if (exception_name == nullptr) {
 250     return true; // verification succeeded
 251   } else { // VerifyError or ClassFormatError to be created and thrown
 252     Klass* kls =
 253       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 254     if (log_is_enabled(Debug, class, resolve)) {
 255       Verifier::trace_class_resolution(kls, klass);
 256     }
 257 
 258     while (kls != nullptr) {
 259       if (kls == klass) {
 260         // If the class being verified is the exception we're creating
 261         // or one of it's superclasses, we're in trouble and are going
 262         // to infinitely recurse when we try to initialize the exception.
 263         // So bail out here by throwing the preallocated VM error.
 264         THROW_OOP_(Universe::internal_error_instance(), false);
 265       }
 266       kls = kls->super();
 267     }
 268     if (message_buffer != nullptr) {
 269       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 270     }
 271     assert(exception_message != nullptr, "");
 272     THROW_MSG_(exception_name, exception_message, false);
 273   }
 274 }
 275 
 276 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 277   Symbol* name = klass->name();
 278 
 279   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 280     // return if the class is a bootstrapping class
 281     // or defineClass specified not to verify by default (flags override passed arg)
 282     // We need to skip the following four for bootstraping
 283     name != vmSymbols::java_lang_Object() &&
 284     name != vmSymbols::java_lang_Class() &&
 285     name != vmSymbols::java_lang_String() &&
 286     name != vmSymbols::java_lang_Throwable() &&
 287 
 288     // Can not verify the bytecodes for shared classes because they have
 289     // already been rewritten to contain constant pool cache indices,
 290     // which the verifier can't understand.
 291     // Shared classes shouldn't have stackmaps either.
 292     // However, bytecodes for shared old classes can be verified because
 293     // they have not been rewritten.
 294     !(klass->is_shared() && klass->is_rewritten()));
 295 }
 296 
 297 Symbol* Verifier::inference_verify(
 298     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 299   JavaThread* thread = THREAD;
 300 
 301   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 302 
 303   if (verify_func == nullptr) {
 304     jio_snprintf(message, message_len, "Could not link verifier");
 305     return vmSymbols::java_lang_VerifyError();
 306   }
 307 
 308   ResourceMark rm(thread);
 309   log_info(verification)("Verifying class %s with old format", klass->external_name());
 310 
 311   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 312   jint result;
 313 
 314   {
 315     HandleMark hm(thread);
 316     ThreadToNativeFromVM ttn(thread);
 317     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 318     // code knows that we have left the VM
 319     JNIEnv *env = thread->jni_environment();
 320     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 321   }
 322 
 323   JNIHandles::destroy_local(cls);
 324 
 325   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 326   // to be changed (still return jboolean (unsigned char)), and result is
 327   // 1 when verification is passed.
 328   if (result == 0) {
 329     return vmSymbols::java_lang_VerifyError();
 330   } else if (result == 1) {
 331     return nullptr; // verified.
 332   } else if (result == 2) {
 333     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
 334   } else if (result == 3) {
 335     return vmSymbols::java_lang_ClassFormatError();
 336   } else {
 337     ShouldNotReachHere();
 338     return nullptr;
 339   }
 340 }
 341 
 342 TypeOrigin TypeOrigin::null() {
 343   return TypeOrigin();
 344 }
 345 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
 346   assert(frame != nullptr, "Must have a frame");
 347   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 348      frame->local_at(index));
 349 }
 350 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
 351   assert(frame != nullptr, "Must have a frame");
 352   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 353       frame->stack_at(index));
 354 }
 355 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
 356   assert(frame != nullptr, "Must have a frame");
 357   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 358       frame->local_at(index));
 359 }
 360 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
 361   assert(frame != nullptr, "Must have a frame");
 362   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 363       frame->stack_at(index));
 364 }
 365 TypeOrigin TypeOrigin::bad_index(int index) {
 366   return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
 367 }
 368 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
 369   return TypeOrigin(CONST_POOL, index, nullptr, vt);
 370 }
 371 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 372   return TypeOrigin(SIG, 0, nullptr, vt);
 373 }
 374 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 375   return TypeOrigin(IMPLICIT, 0, nullptr, t);
 376 }
 377 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 378   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 379                     VerificationType::bogus_type());
 380 }
 381 
 382 void TypeOrigin::reset_frame() {
 383   if (_frame != nullptr) {
 384     _frame->restore();
 385   }
 386 }
 387 
 388 void TypeOrigin::details(outputStream* ss) const {
 389   _type.print_on(ss);
 390   switch (_origin) {
 391     case CF_LOCALS:
 392       ss->print(" (current frame, locals[%d])", _index);
 393       break;
 394     case CF_STACK:
 395       ss->print(" (current frame, stack[%d])", _index);
 396       break;
 397     case SM_LOCALS:
 398       ss->print(" (stack map, locals[%d])", _index);
 399       break;
 400     case SM_STACK:
 401       ss->print(" (stack map, stack[%d])", _index);
 402       break;
 403     case CONST_POOL:
 404       ss->print(" (constant pool %d)", _index);
 405       break;
 406     case SIG:
 407       ss->print(" (from method signature)");
 408       break;
 409     case IMPLICIT:
 410     case FRAME_ONLY:
 411     case NONE:
 412     default:
 413       ;
 414   }
 415 }
 416 
 417 #ifdef ASSERT
 418 void TypeOrigin::print_on(outputStream* str) const {
 419   str->print("{%d,%d,%p:", _origin, _index, _frame);
 420   if (_frame != nullptr) {
 421     _frame->print_on(str);
 422   } else {
 423     str->print("null");
 424   }
 425   str->print(",");
 426   _type.print_on(str);
 427   str->print("}");
 428 }
 429 #endif
 430 
 431 void ErrorContext::details(outputStream* ss, const Method* method) const {
 432   if (is_valid()) {
 433     ss->cr();
 434     ss->print_cr("Exception Details:");
 435     location_details(ss, method);
 436     reason_details(ss);
 437     frame_details(ss);
 438     bytecode_details(ss, method);
 439     handler_details(ss, method);
 440     stackmap_details(ss, method);
 441   }
 442 }
 443 
 444 void ErrorContext::reason_details(outputStream* ss) const {
 445   streamIndentor si(ss);
 446   ss->indent().print_cr("Reason:");
 447   streamIndentor si2(ss);
 448   ss->indent().print("%s", "");
 449   switch (_fault) {
 450     case INVALID_BYTECODE:
 451       ss->print("Error exists in the bytecode");
 452       break;
 453     case WRONG_TYPE:
 454       if (_expected.is_valid()) {
 455         ss->print("Type ");
 456         _type.details(ss);
 457         ss->print(" is not assignable to ");
 458         _expected.details(ss);
 459       } else {
 460         ss->print("Invalid type: ");
 461         _type.details(ss);
 462       }
 463       break;
 464     case FLAGS_MISMATCH:
 465       if (_expected.is_valid()) {
 466         ss->print("Current frame's flags are not assignable "
 467                   "to stack map frame's.");
 468       } else {
 469         ss->print("Current frame's flags are invalid in this context.");
 470       }
 471       break;
 472     case BAD_CP_INDEX:
 473       ss->print("Constant pool index %d is invalid", _type.index());
 474       break;
 475     case BAD_LOCAL_INDEX:
 476       ss->print("Local index %d is invalid", _type.index());
 477       break;
 478     case LOCALS_SIZE_MISMATCH:
 479       ss->print("Current frame's local size doesn't match stackmap.");
 480       break;
 481     case STACK_SIZE_MISMATCH:
 482       ss->print("Current frame's stack size doesn't match stackmap.");
 483       break;
 484     case STACK_OVERFLOW:
 485       ss->print("Exceeded max stack size.");
 486       break;
 487     case STACK_UNDERFLOW:
 488       ss->print("Attempt to pop empty stack.");
 489       break;
 490     case MISSING_STACKMAP:
 491       ss->print("Expected stackmap frame at this location.");
 492       break;
 493     case BAD_STACKMAP:
 494       ss->print("Invalid stackmap specification.");
 495       break;
 496     case UNKNOWN:
 497     default:
 498       ShouldNotReachHere();
 499       ss->print_cr("Unknown");
 500   }
 501   ss->cr();
 502 }
 503 
 504 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 505   if (_bci != -1 && method != nullptr) {
 506     streamIndentor si(ss);
 507     const char* bytecode_name = "<invalid>";
 508     if (method->validate_bci(_bci) != -1) {
 509       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 510       if (Bytecodes::is_defined(code)) {
 511           bytecode_name = Bytecodes::name(code);
 512       } else {
 513           bytecode_name = "<illegal>";
 514       }
 515     }
 516     InstanceKlass* ik = method->method_holder();
 517     ss->indent().print_cr("Location:");
 518     streamIndentor si2(ss);
 519     ss->indent().print_cr("%s.%s%s @%d: %s",
 520         ik->name()->as_C_string(), method->name()->as_C_string(),
 521         method->signature()->as_C_string(), _bci, bytecode_name);
 522   }
 523 }
 524 
 525 void ErrorContext::frame_details(outputStream* ss) const {
 526   streamIndentor si(ss);
 527   if (_type.is_valid() && _type.frame() != nullptr) {
 528     ss->indent().print_cr("Current Frame:");
 529     streamIndentor si2(ss);
 530     _type.frame()->print_on(ss);
 531   }
 532   if (_expected.is_valid() && _expected.frame() != nullptr) {
 533     ss->indent().print_cr("Stackmap Frame:");
 534     streamIndentor si2(ss);
 535     _expected.frame()->print_on(ss);
 536   }
 537 }
 538 
 539 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 540   if (method != nullptr) {
 541     streamIndentor si(ss);
 542     ss->indent().print_cr("Bytecode:");
 543     streamIndentor si2(ss);
 544     ss->print_data(method->code_base(), method->code_size(), false);
 545   }
 546 }
 547 
 548 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 549   if (method != nullptr) {
 550     streamIndentor si(ss);
 551     ExceptionTable table(method);
 552     if (table.length() > 0) {
 553       ss->indent().print_cr("Exception Handler Table:");
 554       streamIndentor si2(ss);
 555       for (int i = 0; i < table.length(); ++i) {
 556         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 557             table.end_pc(i), table.handler_pc(i));
 558       }
 559     }
 560   }
 561 }
 562 
 563 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 564   if (method != nullptr && method->has_stackmap_table()) {
 565     streamIndentor si(ss);
 566     ss->indent().print_cr("Stackmap Table:");
 567     Array<u1>* data = method->stackmap_data();
 568     stack_map_table* sm_table =
 569         stack_map_table::at((address)data->adr_at(0));
 570     stack_map_frame* sm_frame = sm_table->entries();
 571     streamIndentor si2(ss);
 572     int current_offset = -1;
 573     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 574     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 575       ss->indent();
 576       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 577         sm_frame->print_truncated(ss, current_offset);
 578         return;
 579       }
 580       sm_frame->print_on(ss, current_offset);
 581       ss->cr();
 582       current_offset += sm_frame->offset_delta();
 583       sm_frame = sm_frame->next();
 584     }
 585   }
 586 }
 587 
 588 // Methods in ClassVerifier
 589 
 590 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 591     : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
 592       _message(nullptr), _klass(klass) {
 593   _this_type = VerificationType::reference_type(klass->name());
 594 }
 595 
 596 ClassVerifier::~ClassVerifier() {
 597   // Decrement the reference count for any symbols created.
 598   if (_symbols != nullptr) {
 599     for (int i = 0; i < _symbols->length(); i++) {
 600       Symbol* s = _symbols->at(i);
 601       s->decrement_refcount();
 602     }
 603   }
 604 }
 605 
 606 VerificationType ClassVerifier::object_type() const {
 607   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 608 }
 609 
 610 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 611   VerificationType vt = VerificationType::reference_type(
 612                          create_temporary_symbol(sig, (int)strlen(sig)));
 613   return TypeOrigin::implicit(vt);
 614 }
 615 
 616 
 617 void ClassVerifier::verify_class(TRAPS) {
 618   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 619 
 620   // Either verifying both local and remote classes or just remote classes.
 621   assert(BytecodeVerificationRemote, "Should not be here");
 622 
 623   Array<Method*>* methods = _klass->methods();
 624   int num_methods = methods->length();
 625 
 626   for (int index = 0; index < num_methods; index++) {
 627     // Check for recursive re-verification before each method.
 628     if (was_recursively_verified()) return;
 629 
 630     Method* m = methods->at(index);
 631     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 632       // If m is native or abstract, skip it.  It is checked in class file
 633       // parser that methods do not override a final method.  Overpass methods
 634       // are trusted since the VM generates them.
 635       continue;
 636     }
 637     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 638   }
 639 
 640   if (was_recursively_verified()){
 641     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 642     log_info(class, init)("Recursive verification detected for: %s",
 643                         _klass->external_name());
 644   }
 645 }
 646 
 647 // Translate the signature entries into verification types and save them in
 648 // the growable array.  Also, save the count of arguments.
 649 void ClassVerifier::translate_signature(Symbol* const method_sig,
 650                                         sig_as_verification_types* sig_verif_types) {
 651   SignatureStream sig_stream(method_sig);
 652   VerificationType sig_type[2];
 653   int sig_i = 0;
 654   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 655 
 656   // Translate the signature arguments into verification types.
 657   while (!sig_stream.at_return_type()) {
 658     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 659     assert(n <= 2, "Unexpected signature type");
 660 
 661     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 662     for (int x = 0; x < n; x++) {
 663       verif_types->push(sig_type[x]);
 664     }
 665     sig_i += n;
 666     sig_stream.next();
 667   }
 668 
 669   // Set final arg count, not including the return type.  The final arg count will
 670   // be compared with sig_verify_types' length to see if there is a return type.
 671   sig_verif_types->set_num_args(sig_i);
 672 
 673   // Store verification type(s) for the return type, if there is one.
 674   if (sig_stream.type() != T_VOID) {
 675     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 676     assert(n <= 2, "Unexpected signature return type");
 677     for (int y = 0; y < n; y++) {
 678       verif_types->push(sig_type[y]);
 679     }
 680   }
 681 }
 682 
 683 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 684                                             int sig_index) {
 685   // Translate the signature into verification types.
 686   ConstantPool* cp = _klass->constants();
 687   Symbol* const method_sig = cp->symbol_at(sig_index);
 688   translate_signature(method_sig, sig_verif_types);
 689 
 690   // Add the list of this signature's verification types to the table.
 691   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 692   assert(is_unique, "Duplicate entries in method_signature_table");
 693 }
 694 
 695 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 696   HandleMark hm(THREAD);
 697   _method = m;   // initialize _method
 698   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 699 
 700 // For clang, the only good constant format string is a literal constant format string.
 701 #define bad_type_msg "Bad type on operand stack in %s"
 702 
 703   u2 max_stack = m->verifier_max_stack();
 704   u2 max_locals = m->max_locals();
 705   constantPoolHandle cp(THREAD, m->constants());
 706 
 707   // Method signature was checked in ClassFileParser.
 708   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 709          "Invalid method signature");
 710 
 711   // Initial stack map frame: offset is 0, stack is initially empty.
 712   StackMapFrame current_frame(max_locals, max_stack, this);
 713   // Set initial locals
 714   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 715 
 716   u2 stackmap_index = 0; // index to the stackmap array
 717 
 718   u4 code_length = m->code_size();
 719 
 720   // Scan the bytecode and map each instruction's start offset to a number.
 721   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 722 
 723   int ex_min = code_length;
 724   int ex_max = -1;
 725   // Look through each item on the exception table. Each of the fields must refer
 726   // to a legal instruction.
 727   if (was_recursively_verified()) return;
 728   verify_exception_handler_table(
 729     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 730 
 731   // Look through each entry on the local variable table and make sure
 732   // its range of code array offsets is valid. (4169817)
 733   if (m->has_localvariable_table()) {
 734     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 735   }
 736 
 737   Array<u1>* stackmap_data = m->stackmap_data();
 738   StackMapStream stream(stackmap_data);
 739   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 740   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 741                                code_data, code_length, CHECK_VERIFY(this));
 742 
 743   LogTarget(Debug, verification) lt;
 744   if (lt.is_enabled()) {
 745     ResourceMark rm(THREAD);
 746     LogStream ls(lt);
 747     stackmap_table.print_on(&ls);
 748   }
 749 
 750   RawBytecodeStream bcs(m);
 751 
 752   // Scan the byte code linearly from the start to the end
 753   bool no_control_flow = false; // Set to true when there is no direct control
 754                                 // flow from current instruction to the next
 755                                 // instruction in sequence
 756 
 757   Bytecodes::Code opcode;
 758   while (!bcs.is_last_bytecode()) {
 759     // Check for recursive re-verification before each bytecode.
 760     if (was_recursively_verified())  return;
 761 
 762     opcode = bcs.raw_next();
 763     int bci = bcs.bci();
 764 
 765     // Set current frame's offset to bci
 766     current_frame.set_offset(bci);
 767     current_frame.set_mark();
 768 
 769     // Make sure every offset in stackmap table point to the beginning to
 770     // an instruction. Match current_frame to stackmap_table entry with
 771     // the same offset if exists.
 772     stackmap_index = verify_stackmap_table(
 773       stackmap_index, bci, &current_frame, &stackmap_table,
 774       no_control_flow, CHECK_VERIFY(this));
 775 
 776 
 777     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 778     bool verified_exc_handlers = false;
 779 
 780     // Merge with the next instruction
 781     {
 782       int target;
 783       VerificationType type, type2;
 784       VerificationType atype;
 785 
 786       LogTarget(Debug, verification) lt;
 787       if (lt.is_enabled()) {
 788         ResourceMark rm(THREAD);
 789         LogStream ls(lt);
 790         current_frame.print_on(&ls);
 791         lt.print("offset = %d,  opcode = %s", bci,
 792                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 793       }
 794 
 795       // Make sure wide instruction is in correct format
 796       if (bcs.is_wide()) {
 797         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 798             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 799             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 800             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 801             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 802             opcode != Bytecodes::_dstore) {
 803           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 804            * if we encounter a wide instruction that modifies an invalid
 805            * opcode (not one of the ones listed above) */
 806           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 807           return;
 808         }
 809       }
 810 
 811       // Look for possible jump target in exception handlers and see if it
 812       // matches current_frame.  Do this check here for astore*, dstore*,
 813       // fstore*, istore*, and lstore* opcodes because they can change the type
 814       // state by adding a local.  JVM Spec says that the incoming type state
 815       // should be used for this check.  So, do the check here before a possible
 816       // local is added to the type state.
 817       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 818         if (was_recursively_verified()) return;
 819         verify_exception_handler_targets(
 820           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 821         verified_exc_handlers = true;
 822       }
 823 
 824       if (was_recursively_verified()) return;
 825 
 826       switch (opcode) {
 827         case Bytecodes::_nop :
 828           no_control_flow = false; break;
 829         case Bytecodes::_aconst_null :
 830           current_frame.push_stack(
 831             VerificationType::null_type(), CHECK_VERIFY(this));
 832           no_control_flow = false; break;
 833         case Bytecodes::_iconst_m1 :
 834         case Bytecodes::_iconst_0 :
 835         case Bytecodes::_iconst_1 :
 836         case Bytecodes::_iconst_2 :
 837         case Bytecodes::_iconst_3 :
 838         case Bytecodes::_iconst_4 :
 839         case Bytecodes::_iconst_5 :
 840           current_frame.push_stack(
 841             VerificationType::integer_type(), CHECK_VERIFY(this));
 842           no_control_flow = false; break;
 843         case Bytecodes::_lconst_0 :
 844         case Bytecodes::_lconst_1 :
 845           current_frame.push_stack_2(
 846             VerificationType::long_type(),
 847             VerificationType::long2_type(), CHECK_VERIFY(this));
 848           no_control_flow = false; break;
 849         case Bytecodes::_fconst_0 :
 850         case Bytecodes::_fconst_1 :
 851         case Bytecodes::_fconst_2 :
 852           current_frame.push_stack(
 853             VerificationType::float_type(), CHECK_VERIFY(this));
 854           no_control_flow = false; break;
 855         case Bytecodes::_dconst_0 :
 856         case Bytecodes::_dconst_1 :
 857           current_frame.push_stack_2(
 858             VerificationType::double_type(),
 859             VerificationType::double2_type(), CHECK_VERIFY(this));
 860           no_control_flow = false; break;
 861         case Bytecodes::_sipush :
 862         case Bytecodes::_bipush :
 863           current_frame.push_stack(
 864             VerificationType::integer_type(), CHECK_VERIFY(this));
 865           no_control_flow = false; break;
 866         case Bytecodes::_ldc :
 867           verify_ldc(
 868             opcode, bcs.get_index_u1(), &current_frame,
 869             cp, bci, CHECK_VERIFY(this));
 870           no_control_flow = false; break;
 871         case Bytecodes::_ldc_w :
 872         case Bytecodes::_ldc2_w :
 873           verify_ldc(
 874             opcode, bcs.get_index_u2(), &current_frame,
 875             cp, bci, CHECK_VERIFY(this));
 876           no_control_flow = false; break;
 877         case Bytecodes::_iload :
 878           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 879           no_control_flow = false; break;
 880         case Bytecodes::_iload_0 :
 881         case Bytecodes::_iload_1 :
 882         case Bytecodes::_iload_2 :
 883         case Bytecodes::_iload_3 : {
 884           int index = opcode - Bytecodes::_iload_0;
 885           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 886           no_control_flow = false; break;
 887           }
 888         case Bytecodes::_lload :
 889           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 890           no_control_flow = false; break;
 891         case Bytecodes::_lload_0 :
 892         case Bytecodes::_lload_1 :
 893         case Bytecodes::_lload_2 :
 894         case Bytecodes::_lload_3 : {
 895           int index = opcode - Bytecodes::_lload_0;
 896           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 897           no_control_flow = false; break;
 898           }
 899         case Bytecodes::_fload :
 900           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 901           no_control_flow = false; break;
 902         case Bytecodes::_fload_0 :
 903         case Bytecodes::_fload_1 :
 904         case Bytecodes::_fload_2 :
 905         case Bytecodes::_fload_3 : {
 906           int index = opcode - Bytecodes::_fload_0;
 907           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 908           no_control_flow = false; break;
 909           }
 910         case Bytecodes::_dload :
 911           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 912           no_control_flow = false; break;
 913         case Bytecodes::_dload_0 :
 914         case Bytecodes::_dload_1 :
 915         case Bytecodes::_dload_2 :
 916         case Bytecodes::_dload_3 : {
 917           int index = opcode - Bytecodes::_dload_0;
 918           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 919           no_control_flow = false; break;
 920           }
 921         case Bytecodes::_aload :
 922           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 923           no_control_flow = false; break;
 924         case Bytecodes::_aload_0 :
 925         case Bytecodes::_aload_1 :
 926         case Bytecodes::_aload_2 :
 927         case Bytecodes::_aload_3 : {
 928           int index = opcode - Bytecodes::_aload_0;
 929           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 930           no_control_flow = false; break;
 931           }
 932         case Bytecodes::_iaload :
 933           type = current_frame.pop_stack(
 934             VerificationType::integer_type(), CHECK_VERIFY(this));
 935           atype = current_frame.pop_stack(
 936             VerificationType::reference_check(), CHECK_VERIFY(this));
 937           if (!atype.is_int_array()) {
 938             verify_error(ErrorContext::bad_type(bci,
 939                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 940                 bad_type_msg, "iaload");
 941             return;
 942           }
 943           current_frame.push_stack(
 944             VerificationType::integer_type(), CHECK_VERIFY(this));
 945           no_control_flow = false; break;
 946         case Bytecodes::_baload :
 947           type = current_frame.pop_stack(
 948             VerificationType::integer_type(), CHECK_VERIFY(this));
 949           atype = current_frame.pop_stack(
 950             VerificationType::reference_check(), CHECK_VERIFY(this));
 951           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 952             verify_error(
 953                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 954                 bad_type_msg, "baload");
 955             return;
 956           }
 957           current_frame.push_stack(
 958             VerificationType::integer_type(), CHECK_VERIFY(this));
 959           no_control_flow = false; break;
 960         case Bytecodes::_caload :
 961           type = current_frame.pop_stack(
 962             VerificationType::integer_type(), CHECK_VERIFY(this));
 963           atype = current_frame.pop_stack(
 964             VerificationType::reference_check(), CHECK_VERIFY(this));
 965           if (!atype.is_char_array()) {
 966             verify_error(ErrorContext::bad_type(bci,
 967                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 968                 bad_type_msg, "caload");
 969             return;
 970           }
 971           current_frame.push_stack(
 972             VerificationType::integer_type(), CHECK_VERIFY(this));
 973           no_control_flow = false; break;
 974         case Bytecodes::_saload :
 975           type = current_frame.pop_stack(
 976             VerificationType::integer_type(), CHECK_VERIFY(this));
 977           atype = current_frame.pop_stack(
 978             VerificationType::reference_check(), CHECK_VERIFY(this));
 979           if (!atype.is_short_array()) {
 980             verify_error(ErrorContext::bad_type(bci,
 981                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 982                 bad_type_msg, "saload");
 983             return;
 984           }
 985           current_frame.push_stack(
 986             VerificationType::integer_type(), CHECK_VERIFY(this));
 987           no_control_flow = false; break;
 988         case Bytecodes::_laload :
 989           type = current_frame.pop_stack(
 990             VerificationType::integer_type(), CHECK_VERIFY(this));
 991           atype = current_frame.pop_stack(
 992             VerificationType::reference_check(), CHECK_VERIFY(this));
 993           if (!atype.is_long_array()) {
 994             verify_error(ErrorContext::bad_type(bci,
 995                 current_frame.stack_top_ctx(), ref_ctx("[J")),
 996                 bad_type_msg, "laload");
 997             return;
 998           }
 999           current_frame.push_stack_2(
1000             VerificationType::long_type(),
1001             VerificationType::long2_type(), CHECK_VERIFY(this));
1002           no_control_flow = false; break;
1003         case Bytecodes::_faload :
1004           type = current_frame.pop_stack(
1005             VerificationType::integer_type(), CHECK_VERIFY(this));
1006           atype = current_frame.pop_stack(
1007             VerificationType::reference_check(), CHECK_VERIFY(this));
1008           if (!atype.is_float_array()) {
1009             verify_error(ErrorContext::bad_type(bci,
1010                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1011                 bad_type_msg, "faload");
1012             return;
1013           }
1014           current_frame.push_stack(
1015             VerificationType::float_type(), CHECK_VERIFY(this));
1016           no_control_flow = false; break;
1017         case Bytecodes::_daload :
1018           type = current_frame.pop_stack(
1019             VerificationType::integer_type(), CHECK_VERIFY(this));
1020           atype = current_frame.pop_stack(
1021             VerificationType::reference_check(), CHECK_VERIFY(this));
1022           if (!atype.is_double_array()) {
1023             verify_error(ErrorContext::bad_type(bci,
1024                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1025                 bad_type_msg, "daload");
1026             return;
1027           }
1028           current_frame.push_stack_2(
1029             VerificationType::double_type(),
1030             VerificationType::double2_type(), CHECK_VERIFY(this));
1031           no_control_flow = false; break;
1032         case Bytecodes::_aaload : {
1033           type = current_frame.pop_stack(
1034             VerificationType::integer_type(), CHECK_VERIFY(this));
1035           atype = current_frame.pop_stack(
1036             VerificationType::reference_check(), CHECK_VERIFY(this));
1037           if (!atype.is_reference_array()) {
1038             verify_error(ErrorContext::bad_type(bci,
1039                 current_frame.stack_top_ctx(),
1040                 TypeOrigin::implicit(VerificationType::reference_check())),
1041                 bad_type_msg, "aaload");
1042             return;
1043           }
1044           if (atype.is_null()) {
1045             current_frame.push_stack(
1046               VerificationType::null_type(), CHECK_VERIFY(this));
1047           } else {
1048             VerificationType component = atype.get_component(this);
1049             current_frame.push_stack(component, CHECK_VERIFY(this));
1050           }
1051           no_control_flow = false; break;
1052         }
1053         case Bytecodes::_istore :
1054           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1055           no_control_flow = false; break;
1056         case Bytecodes::_istore_0 :
1057         case Bytecodes::_istore_1 :
1058         case Bytecodes::_istore_2 :
1059         case Bytecodes::_istore_3 : {
1060           int index = opcode - Bytecodes::_istore_0;
1061           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1062           no_control_flow = false; break;
1063           }
1064         case Bytecodes::_lstore :
1065           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1066           no_control_flow = false; break;
1067         case Bytecodes::_lstore_0 :
1068         case Bytecodes::_lstore_1 :
1069         case Bytecodes::_lstore_2 :
1070         case Bytecodes::_lstore_3 : {
1071           int index = opcode - Bytecodes::_lstore_0;
1072           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1073           no_control_flow = false; break;
1074           }
1075         case Bytecodes::_fstore :
1076           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1077           no_control_flow = false; break;
1078         case Bytecodes::_fstore_0 :
1079         case Bytecodes::_fstore_1 :
1080         case Bytecodes::_fstore_2 :
1081         case Bytecodes::_fstore_3 : {
1082           int index = opcode - Bytecodes::_fstore_0;
1083           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1084           no_control_flow = false; break;
1085           }
1086         case Bytecodes::_dstore :
1087           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1088           no_control_flow = false; break;
1089         case Bytecodes::_dstore_0 :
1090         case Bytecodes::_dstore_1 :
1091         case Bytecodes::_dstore_2 :
1092         case Bytecodes::_dstore_3 : {
1093           int index = opcode - Bytecodes::_dstore_0;
1094           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1095           no_control_flow = false; break;
1096           }
1097         case Bytecodes::_astore :
1098           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1099           no_control_flow = false; break;
1100         case Bytecodes::_astore_0 :
1101         case Bytecodes::_astore_1 :
1102         case Bytecodes::_astore_2 :
1103         case Bytecodes::_astore_3 : {
1104           int index = opcode - Bytecodes::_astore_0;
1105           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1106           no_control_flow = false; break;
1107           }
1108         case Bytecodes::_iastore :
1109           type = current_frame.pop_stack(
1110             VerificationType::integer_type(), CHECK_VERIFY(this));
1111           type2 = current_frame.pop_stack(
1112             VerificationType::integer_type(), CHECK_VERIFY(this));
1113           atype = current_frame.pop_stack(
1114             VerificationType::reference_check(), CHECK_VERIFY(this));
1115           if (!atype.is_int_array()) {
1116             verify_error(ErrorContext::bad_type(bci,
1117                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1118                 bad_type_msg, "iastore");
1119             return;
1120           }
1121           no_control_flow = false; break;
1122         case Bytecodes::_bastore :
1123           type = current_frame.pop_stack(
1124             VerificationType::integer_type(), CHECK_VERIFY(this));
1125           type2 = current_frame.pop_stack(
1126             VerificationType::integer_type(), CHECK_VERIFY(this));
1127           atype = current_frame.pop_stack(
1128             VerificationType::reference_check(), CHECK_VERIFY(this));
1129           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1130             verify_error(
1131                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1132                 bad_type_msg, "bastore");
1133             return;
1134           }
1135           no_control_flow = false; break;
1136         case Bytecodes::_castore :
1137           current_frame.pop_stack(
1138             VerificationType::integer_type(), CHECK_VERIFY(this));
1139           current_frame.pop_stack(
1140             VerificationType::integer_type(), CHECK_VERIFY(this));
1141           atype = current_frame.pop_stack(
1142             VerificationType::reference_check(), CHECK_VERIFY(this));
1143           if (!atype.is_char_array()) {
1144             verify_error(ErrorContext::bad_type(bci,
1145                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1146                 bad_type_msg, "castore");
1147             return;
1148           }
1149           no_control_flow = false; break;
1150         case Bytecodes::_sastore :
1151           current_frame.pop_stack(
1152             VerificationType::integer_type(), CHECK_VERIFY(this));
1153           current_frame.pop_stack(
1154             VerificationType::integer_type(), CHECK_VERIFY(this));
1155           atype = current_frame.pop_stack(
1156             VerificationType::reference_check(), CHECK_VERIFY(this));
1157           if (!atype.is_short_array()) {
1158             verify_error(ErrorContext::bad_type(bci,
1159                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1160                 bad_type_msg, "sastore");
1161             return;
1162           }
1163           no_control_flow = false; break;
1164         case Bytecodes::_lastore :
1165           current_frame.pop_stack_2(
1166             VerificationType::long2_type(),
1167             VerificationType::long_type(), CHECK_VERIFY(this));
1168           current_frame.pop_stack(
1169             VerificationType::integer_type(), CHECK_VERIFY(this));
1170           atype = current_frame.pop_stack(
1171             VerificationType::reference_check(), CHECK_VERIFY(this));
1172           if (!atype.is_long_array()) {
1173             verify_error(ErrorContext::bad_type(bci,
1174                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1175                 bad_type_msg, "lastore");
1176             return;
1177           }
1178           no_control_flow = false; break;
1179         case Bytecodes::_fastore :
1180           current_frame.pop_stack(
1181             VerificationType::float_type(), CHECK_VERIFY(this));
1182           current_frame.pop_stack
1183             (VerificationType::integer_type(), CHECK_VERIFY(this));
1184           atype = current_frame.pop_stack(
1185             VerificationType::reference_check(), CHECK_VERIFY(this));
1186           if (!atype.is_float_array()) {
1187             verify_error(ErrorContext::bad_type(bci,
1188                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1189                 bad_type_msg, "fastore");
1190             return;
1191           }
1192           no_control_flow = false; break;
1193         case Bytecodes::_dastore :
1194           current_frame.pop_stack_2(
1195             VerificationType::double2_type(),
1196             VerificationType::double_type(), CHECK_VERIFY(this));
1197           current_frame.pop_stack(
1198             VerificationType::integer_type(), CHECK_VERIFY(this));
1199           atype = current_frame.pop_stack(
1200             VerificationType::reference_check(), CHECK_VERIFY(this));
1201           if (!atype.is_double_array()) {
1202             verify_error(ErrorContext::bad_type(bci,
1203                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204                 bad_type_msg, "dastore");
1205             return;
1206           }
1207           no_control_flow = false; break;
1208         case Bytecodes::_aastore :
1209           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210           type2 = current_frame.pop_stack(
1211             VerificationType::integer_type(), CHECK_VERIFY(this));
1212           atype = current_frame.pop_stack(
1213             VerificationType::reference_check(), CHECK_VERIFY(this));
1214           // more type-checking is done at runtime
1215           if (!atype.is_reference_array()) {
1216             verify_error(ErrorContext::bad_type(bci,
1217                 current_frame.stack_top_ctx(),
1218                 TypeOrigin::implicit(VerificationType::reference_check())),
1219                 bad_type_msg, "aastore");
1220             return;
1221           }
1222           // 4938384: relaxed constraint in JVMS 3rd edition.
1223           no_control_flow = false; break;
1224         case Bytecodes::_pop :
1225           current_frame.pop_stack(
1226             VerificationType::category1_check(), CHECK_VERIFY(this));
1227           no_control_flow = false; break;
1228         case Bytecodes::_pop2 :
1229           type = current_frame.pop_stack(CHECK_VERIFY(this));
1230           if (type.is_category1()) {
1231             current_frame.pop_stack(
1232               VerificationType::category1_check(), CHECK_VERIFY(this));
1233           } else if (type.is_category2_2nd()) {
1234             current_frame.pop_stack(
1235               VerificationType::category2_check(), CHECK_VERIFY(this));
1236           } else {
1237             /* Unreachable? Would need a category2_1st on TOS
1238              * which does not appear possible. */
1239             verify_error(
1240                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1241                 bad_type_msg, "pop2");
1242             return;
1243           }
1244           no_control_flow = false; break;
1245         case Bytecodes::_dup :
1246           type = current_frame.pop_stack(
1247             VerificationType::category1_check(), CHECK_VERIFY(this));
1248           current_frame.push_stack(type, CHECK_VERIFY(this));
1249           current_frame.push_stack(type, CHECK_VERIFY(this));
1250           no_control_flow = false; break;
1251         case Bytecodes::_dup_x1 :
1252           type = current_frame.pop_stack(
1253             VerificationType::category1_check(), CHECK_VERIFY(this));
1254           type2 = current_frame.pop_stack(
1255             VerificationType::category1_check(), CHECK_VERIFY(this));
1256           current_frame.push_stack(type, CHECK_VERIFY(this));
1257           current_frame.push_stack(type2, CHECK_VERIFY(this));
1258           current_frame.push_stack(type, CHECK_VERIFY(this));
1259           no_control_flow = false; break;
1260         case Bytecodes::_dup_x2 :
1261         {
1262           VerificationType type3;
1263           type = current_frame.pop_stack(
1264             VerificationType::category1_check(), CHECK_VERIFY(this));
1265           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1266           if (type2.is_category1()) {
1267             type3 = current_frame.pop_stack(
1268               VerificationType::category1_check(), CHECK_VERIFY(this));
1269           } else if (type2.is_category2_2nd()) {
1270             type3 = current_frame.pop_stack(
1271               VerificationType::category2_check(), CHECK_VERIFY(this));
1272           } else {
1273             /* Unreachable? Would need a category2_1st at stack depth 2 with
1274              * a category1 on TOS which does not appear possible. */
1275             verify_error(ErrorContext::bad_type(
1276                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1277             return;
1278           }
1279           current_frame.push_stack(type, CHECK_VERIFY(this));
1280           current_frame.push_stack(type3, CHECK_VERIFY(this));
1281           current_frame.push_stack(type2, CHECK_VERIFY(this));
1282           current_frame.push_stack(type, CHECK_VERIFY(this));
1283           no_control_flow = false; break;
1284         }
1285         case Bytecodes::_dup2 :
1286           type = current_frame.pop_stack(CHECK_VERIFY(this));
1287           if (type.is_category1()) {
1288             type2 = current_frame.pop_stack(
1289               VerificationType::category1_check(), CHECK_VERIFY(this));
1290           } else if (type.is_category2_2nd()) {
1291             type2 = current_frame.pop_stack(
1292               VerificationType::category2_check(), CHECK_VERIFY(this));
1293           } else {
1294             /* Unreachable?  Would need a category2_1st on TOS which does not
1295              * appear possible. */
1296             verify_error(
1297                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1298                 bad_type_msg, "dup2");
1299             return;
1300           }
1301           current_frame.push_stack(type2, CHECK_VERIFY(this));
1302           current_frame.push_stack(type, CHECK_VERIFY(this));
1303           current_frame.push_stack(type2, CHECK_VERIFY(this));
1304           current_frame.push_stack(type, CHECK_VERIFY(this));
1305           no_control_flow = false; break;
1306         case Bytecodes::_dup2_x1 :
1307         {
1308           VerificationType type3;
1309           type = current_frame.pop_stack(CHECK_VERIFY(this));
1310           if (type.is_category1()) {
1311             type2 = current_frame.pop_stack(
1312               VerificationType::category1_check(), CHECK_VERIFY(this));
1313           } else if (type.is_category2_2nd()) {
1314             type2 = current_frame.pop_stack(
1315               VerificationType::category2_check(), CHECK_VERIFY(this));
1316           } else {
1317             /* Unreachable?  Would need a category2_1st on TOS which does
1318              * not appear possible. */
1319             verify_error(
1320                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1321                 bad_type_msg, "dup2_x1");
1322             return;
1323           }
1324           type3 = current_frame.pop_stack(
1325             VerificationType::category1_check(), CHECK_VERIFY(this));
1326           current_frame.push_stack(type2, CHECK_VERIFY(this));
1327           current_frame.push_stack(type, CHECK_VERIFY(this));
1328           current_frame.push_stack(type3, CHECK_VERIFY(this));
1329           current_frame.push_stack(type2, CHECK_VERIFY(this));
1330           current_frame.push_stack(type, CHECK_VERIFY(this));
1331           no_control_flow = false; break;
1332         }
1333         case Bytecodes::_dup2_x2 :
1334         {
1335           VerificationType type3, type4;
1336           type = current_frame.pop_stack(CHECK_VERIFY(this));
1337           if (type.is_category1()) {
1338             type2 = current_frame.pop_stack(
1339               VerificationType::category1_check(), CHECK_VERIFY(this));
1340           } else if (type.is_category2_2nd()) {
1341             type2 = current_frame.pop_stack(
1342               VerificationType::category2_check(), CHECK_VERIFY(this));
1343           } else {
1344             /* Unreachable?  Would need a category2_1st on TOS which does
1345              * not appear possible. */
1346             verify_error(
1347                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1348                 bad_type_msg, "dup2_x2");
1349             return;
1350           }
1351           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1352           if (type3.is_category1()) {
1353             type4 = current_frame.pop_stack(
1354               VerificationType::category1_check(), CHECK_VERIFY(this));
1355           } else if (type3.is_category2_2nd()) {
1356             type4 = current_frame.pop_stack(
1357               VerificationType::category2_check(), CHECK_VERIFY(this));
1358           } else {
1359             /* Unreachable?  Would need a category2_1st on TOS after popping
1360              * a long/double or two category 1's, which does not
1361              * appear possible. */
1362             verify_error(
1363                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364                 bad_type_msg, "dup2_x2");
1365             return;
1366           }
1367           current_frame.push_stack(type2, CHECK_VERIFY(this));
1368           current_frame.push_stack(type, CHECK_VERIFY(this));
1369           current_frame.push_stack(type4, CHECK_VERIFY(this));
1370           current_frame.push_stack(type3, CHECK_VERIFY(this));
1371           current_frame.push_stack(type2, CHECK_VERIFY(this));
1372           current_frame.push_stack(type, CHECK_VERIFY(this));
1373           no_control_flow = false; break;
1374         }
1375         case Bytecodes::_swap :
1376           type = current_frame.pop_stack(
1377             VerificationType::category1_check(), CHECK_VERIFY(this));
1378           type2 = current_frame.pop_stack(
1379             VerificationType::category1_check(), CHECK_VERIFY(this));
1380           current_frame.push_stack(type, CHECK_VERIFY(this));
1381           current_frame.push_stack(type2, CHECK_VERIFY(this));
1382           no_control_flow = false; break;
1383         case Bytecodes::_iadd :
1384         case Bytecodes::_isub :
1385         case Bytecodes::_imul :
1386         case Bytecodes::_idiv :
1387         case Bytecodes::_irem :
1388         case Bytecodes::_ishl :
1389         case Bytecodes::_ishr :
1390         case Bytecodes::_iushr :
1391         case Bytecodes::_ior :
1392         case Bytecodes::_ixor :
1393         case Bytecodes::_iand :
1394           current_frame.pop_stack(
1395             VerificationType::integer_type(), CHECK_VERIFY(this));
1396           // fall through
1397         case Bytecodes::_ineg :
1398           current_frame.pop_stack(
1399             VerificationType::integer_type(), CHECK_VERIFY(this));
1400           current_frame.push_stack(
1401             VerificationType::integer_type(), CHECK_VERIFY(this));
1402           no_control_flow = false; break;
1403         case Bytecodes::_ladd :
1404         case Bytecodes::_lsub :
1405         case Bytecodes::_lmul :
1406         case Bytecodes::_ldiv :
1407         case Bytecodes::_lrem :
1408         case Bytecodes::_land :
1409         case Bytecodes::_lor :
1410         case Bytecodes::_lxor :
1411           current_frame.pop_stack_2(
1412             VerificationType::long2_type(),
1413             VerificationType::long_type(), CHECK_VERIFY(this));
1414           // fall through
1415         case Bytecodes::_lneg :
1416           current_frame.pop_stack_2(
1417             VerificationType::long2_type(),
1418             VerificationType::long_type(), CHECK_VERIFY(this));
1419           current_frame.push_stack_2(
1420             VerificationType::long_type(),
1421             VerificationType::long2_type(), CHECK_VERIFY(this));
1422           no_control_flow = false; break;
1423         case Bytecodes::_lshl :
1424         case Bytecodes::_lshr :
1425         case Bytecodes::_lushr :
1426           current_frame.pop_stack(
1427             VerificationType::integer_type(), CHECK_VERIFY(this));
1428           current_frame.pop_stack_2(
1429             VerificationType::long2_type(),
1430             VerificationType::long_type(), CHECK_VERIFY(this));
1431           current_frame.push_stack_2(
1432             VerificationType::long_type(),
1433             VerificationType::long2_type(), CHECK_VERIFY(this));
1434           no_control_flow = false; break;
1435         case Bytecodes::_fadd :
1436         case Bytecodes::_fsub :
1437         case Bytecodes::_fmul :
1438         case Bytecodes::_fdiv :
1439         case Bytecodes::_frem :
1440           current_frame.pop_stack(
1441             VerificationType::float_type(), CHECK_VERIFY(this));
1442           // fall through
1443         case Bytecodes::_fneg :
1444           current_frame.pop_stack(
1445             VerificationType::float_type(), CHECK_VERIFY(this));
1446           current_frame.push_stack(
1447             VerificationType::float_type(), CHECK_VERIFY(this));
1448           no_control_flow = false; break;
1449         case Bytecodes::_dadd :
1450         case Bytecodes::_dsub :
1451         case Bytecodes::_dmul :
1452         case Bytecodes::_ddiv :
1453         case Bytecodes::_drem :
1454           current_frame.pop_stack_2(
1455             VerificationType::double2_type(),
1456             VerificationType::double_type(), CHECK_VERIFY(this));
1457           // fall through
1458         case Bytecodes::_dneg :
1459           current_frame.pop_stack_2(
1460             VerificationType::double2_type(),
1461             VerificationType::double_type(), CHECK_VERIFY(this));
1462           current_frame.push_stack_2(
1463             VerificationType::double_type(),
1464             VerificationType::double2_type(), CHECK_VERIFY(this));
1465           no_control_flow = false; break;
1466         case Bytecodes::_iinc :
1467           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1468           no_control_flow = false; break;
1469         case Bytecodes::_i2l :
1470           type = current_frame.pop_stack(
1471             VerificationType::integer_type(), CHECK_VERIFY(this));
1472           current_frame.push_stack_2(
1473             VerificationType::long_type(),
1474             VerificationType::long2_type(), CHECK_VERIFY(this));
1475           no_control_flow = false; break;
1476        case Bytecodes::_l2i :
1477           current_frame.pop_stack_2(
1478             VerificationType::long2_type(),
1479             VerificationType::long_type(), CHECK_VERIFY(this));
1480           current_frame.push_stack(
1481             VerificationType::integer_type(), CHECK_VERIFY(this));
1482           no_control_flow = false; break;
1483         case Bytecodes::_i2f :
1484           current_frame.pop_stack(
1485             VerificationType::integer_type(), CHECK_VERIFY(this));
1486           current_frame.push_stack(
1487             VerificationType::float_type(), CHECK_VERIFY(this));
1488           no_control_flow = false; break;
1489         case Bytecodes::_i2d :
1490           current_frame.pop_stack(
1491             VerificationType::integer_type(), CHECK_VERIFY(this));
1492           current_frame.push_stack_2(
1493             VerificationType::double_type(),
1494             VerificationType::double2_type(), CHECK_VERIFY(this));
1495           no_control_flow = false; break;
1496         case Bytecodes::_l2f :
1497           current_frame.pop_stack_2(
1498             VerificationType::long2_type(),
1499             VerificationType::long_type(), CHECK_VERIFY(this));
1500           current_frame.push_stack(
1501             VerificationType::float_type(), CHECK_VERIFY(this));
1502           no_control_flow = false; break;
1503         case Bytecodes::_l2d :
1504           current_frame.pop_stack_2(
1505             VerificationType::long2_type(),
1506             VerificationType::long_type(), CHECK_VERIFY(this));
1507           current_frame.push_stack_2(
1508             VerificationType::double_type(),
1509             VerificationType::double2_type(), CHECK_VERIFY(this));
1510           no_control_flow = false; break;
1511         case Bytecodes::_f2i :
1512           current_frame.pop_stack(
1513             VerificationType::float_type(), CHECK_VERIFY(this));
1514           current_frame.push_stack(
1515             VerificationType::integer_type(), CHECK_VERIFY(this));
1516           no_control_flow = false; break;
1517         case Bytecodes::_f2l :
1518           current_frame.pop_stack(
1519             VerificationType::float_type(), CHECK_VERIFY(this));
1520           current_frame.push_stack_2(
1521             VerificationType::long_type(),
1522             VerificationType::long2_type(), CHECK_VERIFY(this));
1523           no_control_flow = false; break;
1524         case Bytecodes::_f2d :
1525           current_frame.pop_stack(
1526             VerificationType::float_type(), CHECK_VERIFY(this));
1527           current_frame.push_stack_2(
1528             VerificationType::double_type(),
1529             VerificationType::double2_type(), CHECK_VERIFY(this));
1530           no_control_flow = false; break;
1531         case Bytecodes::_d2i :
1532           current_frame.pop_stack_2(
1533             VerificationType::double2_type(),
1534             VerificationType::double_type(), CHECK_VERIFY(this));
1535           current_frame.push_stack(
1536             VerificationType::integer_type(), CHECK_VERIFY(this));
1537           no_control_flow = false; break;
1538         case Bytecodes::_d2l :
1539           current_frame.pop_stack_2(
1540             VerificationType::double2_type(),
1541             VerificationType::double_type(), CHECK_VERIFY(this));
1542           current_frame.push_stack_2(
1543             VerificationType::long_type(),
1544             VerificationType::long2_type(), CHECK_VERIFY(this));
1545           no_control_flow = false; break;
1546         case Bytecodes::_d2f :
1547           current_frame.pop_stack_2(
1548             VerificationType::double2_type(),
1549             VerificationType::double_type(), CHECK_VERIFY(this));
1550           current_frame.push_stack(
1551             VerificationType::float_type(), CHECK_VERIFY(this));
1552           no_control_flow = false; break;
1553         case Bytecodes::_i2b :
1554         case Bytecodes::_i2c :
1555         case Bytecodes::_i2s :
1556           current_frame.pop_stack(
1557             VerificationType::integer_type(), CHECK_VERIFY(this));
1558           current_frame.push_stack(
1559             VerificationType::integer_type(), CHECK_VERIFY(this));
1560           no_control_flow = false; break;
1561         case Bytecodes::_lcmp :
1562           current_frame.pop_stack_2(
1563             VerificationType::long2_type(),
1564             VerificationType::long_type(), CHECK_VERIFY(this));
1565           current_frame.pop_stack_2(
1566             VerificationType::long2_type(),
1567             VerificationType::long_type(), CHECK_VERIFY(this));
1568           current_frame.push_stack(
1569             VerificationType::integer_type(), CHECK_VERIFY(this));
1570           no_control_flow = false; break;
1571         case Bytecodes::_fcmpl :
1572         case Bytecodes::_fcmpg :
1573           current_frame.pop_stack(
1574             VerificationType::float_type(), CHECK_VERIFY(this));
1575           current_frame.pop_stack(
1576             VerificationType::float_type(), CHECK_VERIFY(this));
1577           current_frame.push_stack(
1578             VerificationType::integer_type(), CHECK_VERIFY(this));
1579           no_control_flow = false; break;
1580         case Bytecodes::_dcmpl :
1581         case Bytecodes::_dcmpg :
1582           current_frame.pop_stack_2(
1583             VerificationType::double2_type(),
1584             VerificationType::double_type(), CHECK_VERIFY(this));
1585           current_frame.pop_stack_2(
1586             VerificationType::double2_type(),
1587             VerificationType::double_type(), CHECK_VERIFY(this));
1588           current_frame.push_stack(
1589             VerificationType::integer_type(), CHECK_VERIFY(this));
1590           no_control_flow = false; break;
1591         case Bytecodes::_if_icmpeq:
1592         case Bytecodes::_if_icmpne:
1593         case Bytecodes::_if_icmplt:
1594         case Bytecodes::_if_icmpge:
1595         case Bytecodes::_if_icmpgt:
1596         case Bytecodes::_if_icmple:
1597           current_frame.pop_stack(
1598             VerificationType::integer_type(), CHECK_VERIFY(this));
1599           // fall through
1600         case Bytecodes::_ifeq:
1601         case Bytecodes::_ifne:
1602         case Bytecodes::_iflt:
1603         case Bytecodes::_ifge:
1604         case Bytecodes::_ifgt:
1605         case Bytecodes::_ifle:
1606           current_frame.pop_stack(
1607             VerificationType::integer_type(), CHECK_VERIFY(this));
1608           target = bcs.dest();
1609           stackmap_table.check_jump_target(
1610             &current_frame, target, CHECK_VERIFY(this));
1611           no_control_flow = false; break;
1612         case Bytecodes::_if_acmpeq :
1613         case Bytecodes::_if_acmpne :
1614           current_frame.pop_stack(
1615             VerificationType::reference_check(), CHECK_VERIFY(this));
1616           // fall through
1617         case Bytecodes::_ifnull :
1618         case Bytecodes::_ifnonnull :
1619           current_frame.pop_stack(
1620             VerificationType::reference_check(), CHECK_VERIFY(this));
1621           target = bcs.dest();
1622           stackmap_table.check_jump_target
1623             (&current_frame, target, CHECK_VERIFY(this));
1624           no_control_flow = false; break;
1625         case Bytecodes::_goto :
1626           target = bcs.dest();
1627           stackmap_table.check_jump_target(
1628             &current_frame, target, CHECK_VERIFY(this));
1629           no_control_flow = true; break;
1630         case Bytecodes::_goto_w :
1631           target = bcs.dest_w();
1632           stackmap_table.check_jump_target(
1633             &current_frame, target, CHECK_VERIFY(this));
1634           no_control_flow = true; break;
1635         case Bytecodes::_tableswitch :
1636         case Bytecodes::_lookupswitch :
1637           verify_switch(
1638             &bcs, code_length, code_data, &current_frame,
1639             &stackmap_table, CHECK_VERIFY(this));
1640           no_control_flow = true; break;
1641         case Bytecodes::_ireturn :
1642           type = current_frame.pop_stack(
1643             VerificationType::integer_type(), CHECK_VERIFY(this));
1644           verify_return_value(return_type, type, bci,
1645                               &current_frame, CHECK_VERIFY(this));
1646           no_control_flow = true; break;
1647         case Bytecodes::_lreturn :
1648           type2 = current_frame.pop_stack(
1649             VerificationType::long2_type(), CHECK_VERIFY(this));
1650           type = current_frame.pop_stack(
1651             VerificationType::long_type(), CHECK_VERIFY(this));
1652           verify_return_value(return_type, type, bci,
1653                               &current_frame, CHECK_VERIFY(this));
1654           no_control_flow = true; break;
1655         case Bytecodes::_freturn :
1656           type = current_frame.pop_stack(
1657             VerificationType::float_type(), CHECK_VERIFY(this));
1658           verify_return_value(return_type, type, bci,
1659                               &current_frame, CHECK_VERIFY(this));
1660           no_control_flow = true; break;
1661         case Bytecodes::_dreturn :
1662           type2 = current_frame.pop_stack(
1663             VerificationType::double2_type(),  CHECK_VERIFY(this));
1664           type = current_frame.pop_stack(
1665             VerificationType::double_type(), CHECK_VERIFY(this));
1666           verify_return_value(return_type, type, bci,
1667                               &current_frame, CHECK_VERIFY(this));
1668           no_control_flow = true; break;
1669         case Bytecodes::_areturn :
1670           type = current_frame.pop_stack(
1671             VerificationType::reference_check(), CHECK_VERIFY(this));
1672           verify_return_value(return_type, type, bci,
1673                               &current_frame, CHECK_VERIFY(this));
1674           no_control_flow = true; break;
1675         case Bytecodes::_return :
1676           if (return_type != VerificationType::bogus_type()) {
1677             verify_error(ErrorContext::bad_code(bci),
1678                          "Method expects a return value");
1679             return;
1680           }
1681           // Make sure "this" has been initialized if current method is an
1682           // <init>.
1683           if (_method->name() == vmSymbols::object_initializer_name() &&
1684               current_frame.flag_this_uninit()) {
1685             verify_error(ErrorContext::bad_code(bci),
1686                          "Constructor must call super() or this() "
1687                          "before return");
1688             return;
1689           }
1690           no_control_flow = true; break;
1691         case Bytecodes::_getstatic :
1692         case Bytecodes::_putstatic :
1693           // pass TRUE, operand can be an array type for getstatic/putstatic.
1694           verify_field_instructions(
1695             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1696           no_control_flow = false; break;
1697         case Bytecodes::_getfield :
1698         case Bytecodes::_putfield :
1699           // pass FALSE, operand can't be an array type for getfield/putfield.
1700           verify_field_instructions(
1701             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1702           no_control_flow = false; break;
1703         case Bytecodes::_invokevirtual :
1704         case Bytecodes::_invokespecial :
1705         case Bytecodes::_invokestatic :
1706           verify_invoke_instructions(
1707             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1708             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709           no_control_flow = false; break;
1710         case Bytecodes::_invokeinterface :
1711         case Bytecodes::_invokedynamic :
1712           verify_invoke_instructions(
1713             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1714             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715           no_control_flow = false; break;
1716         case Bytecodes::_new :
1717         {
1718           u2 index = bcs.get_index_u2();
1719           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720           VerificationType new_class_type =
1721             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722           if (!new_class_type.is_object()) {
1723             verify_error(ErrorContext::bad_type(bci,
1724                 TypeOrigin::cp(index, new_class_type)),
1725                 "Illegal new instruction");
1726             return;
1727           }
1728           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1729           current_frame.push_stack(type, CHECK_VERIFY(this));
1730           no_control_flow = false; break;
1731         }
1732         case Bytecodes::_newarray :
1733           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734           current_frame.pop_stack(
1735             VerificationType::integer_type(),  CHECK_VERIFY(this));
1736           current_frame.push_stack(type, CHECK_VERIFY(this));
1737           no_control_flow = false; break;
1738         case Bytecodes::_anewarray :
1739           verify_anewarray(
1740             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1741           no_control_flow = false; break;
1742         case Bytecodes::_arraylength :
1743           type = current_frame.pop_stack(
1744             VerificationType::reference_check(), CHECK_VERIFY(this));
1745           if (!(type.is_null() || type.is_array())) {
1746             verify_error(ErrorContext::bad_type(
1747                 bci, current_frame.stack_top_ctx()),
1748                 bad_type_msg, "arraylength");
1749           }
1750           current_frame.push_stack(
1751             VerificationType::integer_type(), CHECK_VERIFY(this));
1752           no_control_flow = false; break;
1753         case Bytecodes::_checkcast :
1754         {
1755           u2 index = bcs.get_index_u2();
1756           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758           VerificationType klass_type = cp_index_to_type(
1759             index, cp, CHECK_VERIFY(this));
1760           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761           no_control_flow = false; break;
1762         }
1763         case Bytecodes::_instanceof : {
1764           u2 index = bcs.get_index_u2();
1765           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767           current_frame.push_stack(
1768             VerificationType::integer_type(), CHECK_VERIFY(this));
1769           no_control_flow = false; break;
1770         }
1771         case Bytecodes::_monitorenter :
1772         case Bytecodes::_monitorexit :
1773           current_frame.pop_stack(
1774             VerificationType::reference_check(), CHECK_VERIFY(this));
1775           no_control_flow = false; break;
1776         case Bytecodes::_multianewarray :
1777         {
1778           u2 index = bcs.get_index_u2();
1779           u2 dim = *(bcs.bcp()+3);
1780           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781           VerificationType new_array_type =
1782             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783           if (!new_array_type.is_array()) {
1784             verify_error(ErrorContext::bad_type(bci,
1785                 TypeOrigin::cp(index, new_array_type)),
1786                 "Illegal constant pool index in multianewarray instruction");
1787             return;
1788           }
1789           if (dim < 1 || new_array_type.dimensions() < dim) {
1790             verify_error(ErrorContext::bad_code(bci),
1791                 "Illegal dimension in multianewarray instruction: %d", dim);
1792             return;
1793           }
1794           for (int i = 0; i < dim; i++) {
1795             current_frame.pop_stack(
1796               VerificationType::integer_type(), CHECK_VERIFY(this));
1797           }
1798           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1799           no_control_flow = false; break;
1800         }
1801         case Bytecodes::_athrow :
1802           type = VerificationType::reference_type(
1803             vmSymbols::java_lang_Throwable());
1804           current_frame.pop_stack(type, CHECK_VERIFY(this));
1805           no_control_flow = true; break;
1806         default:
1807           // We only need to check the valid bytecodes in class file.
1808           // And jsr and ret are not in the new class file format in JDK1.6.
1809           verify_error(ErrorContext::bad_code(bci),
1810               "Bad instruction: %02x", opcode);
1811           no_control_flow = false;
1812           return;
1813       }  // end switch
1814     }  // end Merge with the next instruction
1815 
1816     // Look for possible jump target in exception handlers and see if it matches
1817     // current_frame.  Don't do this check if it has already been done (for
1818     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1819     // opcodes, such as invokespecial, may set the this_uninit flag.
1820     assert(!(verified_exc_handlers && this_uninit),
1821       "Exception handler targets got verified before this_uninit got set");
1822     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1823       if (was_recursively_verified()) return;
1824       verify_exception_handler_targets(
1825         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1826     }
1827   } // end while
1828 
1829   // Make sure that control flow does not fall through end of the method
1830   if (!no_control_flow) {
1831     verify_error(ErrorContext::bad_code(code_length),
1832         "Control flow falls through code end");
1833     return;
1834   }
1835 }
1836 
1837 #undef bad_type_message
1838 
1839 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1840   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1841   memset(code_data, 0, sizeof(char) * code_length);
1842   RawBytecodeStream bcs(m);
1843 
1844   while (!bcs.is_last_bytecode()) {
1845     if (bcs.raw_next() != Bytecodes::_illegal) {
1846       int bci = bcs.bci();
1847       if (bcs.raw_code() == Bytecodes::_new) {
1848         code_data[bci] = NEW_OFFSET;
1849       } else {
1850         code_data[bci] = BYTECODE_OFFSET;
1851       }
1852     } else {
1853       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1854       return nullptr;
1855     }
1856   }
1857 
1858   return code_data;
1859 }
1860 
1861 // Since this method references the constant pool, call was_recursively_verified()
1862 // before calling this method to make sure a prior class load did not cause the
1863 // current class to get verified.
1864 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1865   ExceptionTable exhandlers(_method());
1866   int exlength = exhandlers.length();
1867   constantPoolHandle cp (THREAD, _method->constants());
1868 
1869   for(int i = 0; i < exlength; i++) {
1870     u2 start_pc = exhandlers.start_pc(i);
1871     u2 end_pc = exhandlers.end_pc(i);
1872     u2 handler_pc = exhandlers.handler_pc(i);
1873     if (start_pc >= code_length || code_data[start_pc] == 0) {
1874       class_format_error("Illegal exception table start_pc %d", start_pc);
1875       return;
1876     }
1877     if (end_pc != code_length) {   // special case: end_pc == code_length
1878       if (end_pc > code_length || code_data[end_pc] == 0) {
1879         class_format_error("Illegal exception table end_pc %d", end_pc);
1880         return;
1881       }
1882     }
1883     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1884       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1885       return;
1886     }
1887     u2 catch_type_index = exhandlers.catch_type_index(i);
1888     if (catch_type_index != 0) {
1889       VerificationType catch_type = cp_index_to_type(
1890         catch_type_index, cp, CHECK_VERIFY(this));
1891       VerificationType throwable =
1892         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1893       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1894       // do that, and we need to avoid a runtime resolution in case we are trying to
1895       // catch OutOfMemoryError.
1896       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1897         cp->klass_at(catch_type_index, CHECK);
1898       }
1899       bool is_subclass = throwable.is_assignable_from(
1900         catch_type, this, false, CHECK_VERIFY(this));
1901       if (!is_subclass) {
1902         // 4286534: should throw VerifyError according to recent spec change
1903         verify_error(ErrorContext::bad_type(handler_pc,
1904             TypeOrigin::cp(catch_type_index, catch_type),
1905             TypeOrigin::implicit(throwable)),
1906             "Catch type is not a subclass "
1907             "of Throwable in exception handler %d", handler_pc);
1908         return;
1909       }
1910     }
1911     if (start_pc < min) min = start_pc;
1912     if (end_pc > max) max = end_pc;
1913   }
1914 }
1915 
1916 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1917   int localvariable_table_length = _method->localvariable_table_length();
1918   if (localvariable_table_length > 0) {
1919     LocalVariableTableElement* table = _method->localvariable_table_start();
1920     for (int i = 0; i < localvariable_table_length; i++) {
1921       u2 start_bci = table[i].start_bci;
1922       u2 length = table[i].length;
1923 
1924       if (start_bci >= code_length || code_data[start_bci] == 0) {
1925         class_format_error(
1926           "Illegal local variable table start_pc %d", start_bci);
1927         return;
1928       }
1929       u4 end_bci = (u4)(start_bci + length);
1930       if (end_bci != code_length) {
1931         if (end_bci >= code_length || code_data[end_bci] == 0) {
1932           class_format_error( "Illegal local variable table length %d", length);
1933           return;
1934         }
1935       }
1936     }
1937   }
1938 }
1939 
1940 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1941                                         StackMapFrame* current_frame,
1942                                         StackMapTable* stackmap_table,
1943                                         bool no_control_flow, TRAPS) {
1944   if (stackmap_index < stackmap_table->get_frame_count()) {
1945     int this_offset = stackmap_table->get_offset(stackmap_index);
1946     if (no_control_flow && this_offset > bci) {
1947       verify_error(ErrorContext::missing_stackmap(bci),
1948                    "Expecting a stack map frame");
1949       return 0;
1950     }
1951     if (this_offset == bci) {
1952       ErrorContext ctx;
1953       // See if current stack map can be assigned to the frame in table.
1954       // current_frame is the stackmap frame got from the last instruction.
1955       // If matched, current_frame will be updated by this method.
1956       bool matches = stackmap_table->match_stackmap(
1957         current_frame, this_offset, stackmap_index,
1958         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1959       if (!matches) {
1960         // report type error
1961         verify_error(ctx, "Instruction type does not match stack map");
1962         return 0;
1963       }
1964       stackmap_index++;
1965     } else if (this_offset < bci) {
1966       // current_offset should have met this_offset.
1967       class_format_error("Bad stack map offset %d", this_offset);
1968       return 0;
1969     }
1970   } else if (no_control_flow) {
1971     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1972     return 0;
1973   }
1974   return stackmap_index;
1975 }
1976 
1977 // Since this method references the constant pool, call was_recursively_verified()
1978 // before calling this method to make sure a prior class load did not cause the
1979 // current class to get verified.
1980 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1981                                                      StackMapFrame* current_frame,
1982                                                      StackMapTable* stackmap_table, TRAPS) {
1983   constantPoolHandle cp (THREAD, _method->constants());
1984   ExceptionTable exhandlers(_method());
1985   int exlength = exhandlers.length();
1986   for(int i = 0; i < exlength; i++) {
1987     u2 start_pc = exhandlers.start_pc(i);
1988     u2 end_pc = exhandlers.end_pc(i);
1989     u2 handler_pc = exhandlers.handler_pc(i);
1990     int catch_type_index = exhandlers.catch_type_index(i);
1991     if(bci >= start_pc && bci < end_pc) {
1992       u1 flags = current_frame->flags();
1993       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
1994       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1995       if (catch_type_index != 0) {
1996         if (was_recursively_verified()) return;
1997         // We know that this index refers to a subclass of Throwable
1998         VerificationType catch_type = cp_index_to_type(
1999           catch_type_index, cp, CHECK_VERIFY(this));
2000         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2001       } else {
2002         VerificationType throwable =
2003           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2004         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2005       }
2006       ErrorContext ctx;
2007       bool matches = stackmap_table->match_stackmap(
2008         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2009       if (!matches) {
2010         verify_error(ctx, "Stack map does not match the one at "
2011             "exception handler %d", handler_pc);
2012         return;
2013       }
2014     }
2015   }
2016 }
2017 
2018 void ClassVerifier::verify_cp_index(
2019     int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2020   int nconstants = cp->length();
2021   if ((index <= 0) || (index >= nconstants)) {
2022     verify_error(ErrorContext::bad_cp_index(bci, index),
2023         "Illegal constant pool index %d in class %s",
2024         index, cp->pool_holder()->external_name());
2025     return;
2026   }
2027 }
2028 
2029 void ClassVerifier::verify_cp_type(
2030     int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031 
2032   // In some situations, bytecode rewriting may occur while we're verifying.
2033   // In this case, a constant pool cache exists and some indices refer to that
2034   // instead.  Be sure we don't pick up such indices by accident.
2035   // We must check was_recursively_verified() before we get here.
2036   guarantee(cp->cache() == nullptr, "not rewritten yet");
2037 
2038   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039   unsigned int tag = cp->tag_at(index).value();
2040   if ((types & (1 << tag)) == 0) {
2041     verify_error(ErrorContext::bad_cp_index(bci, index),
2042       "Illegal type at constant pool entry %d in class %s",
2043       index, cp->pool_holder()->external_name());
2044     return;
2045   }
2046 }
2047 
2048 void ClassVerifier::verify_cp_class_type(
2049     int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2050   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051   constantTag tag = cp->tag_at(index);
2052   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053     verify_error(ErrorContext::bad_cp_index(bci, index),
2054         "Illegal type at constant pool entry %d in class %s",
2055         index, cp->pool_holder()->external_name());
2056     return;
2057   }
2058 }
2059 
2060 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2061   stringStream ss;
2062 
2063   ctx.reset_frames();
2064   _exception_type = vmSymbols::java_lang_VerifyError();
2065   _error_context = ctx;
2066   va_list va;
2067   va_start(va, msg);
2068   ss.vprint(msg, va);
2069   va_end(va);
2070   _message = ss.as_string();
2071 #ifdef ASSERT
2072   ResourceMark rm;
2073   const char* exception_name = _exception_type->as_C_string();
2074   Exceptions::debug_check_abort(exception_name, nullptr);
2075 #endif // ndef ASSERT
2076 }
2077 
2078 void ClassVerifier::class_format_error(const char* msg, ...) {
2079   stringStream ss;
2080   _exception_type = vmSymbols::java_lang_ClassFormatError();
2081   va_list va;
2082   va_start(va, msg);
2083   ss.vprint(msg, va);
2084   va_end(va);
2085   if (!_method.is_null()) {
2086     ss.print(" in method '");
2087     _method->print_external_name(&ss);
2088     ss.print("'");
2089   }
2090   _message = ss.as_string();
2091 }
2092 
2093 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2094   HandleMark hm(THREAD);
2095   // Get current loader and protection domain first.
2096   oop loader = current_class()->class_loader();
2097   oop protection_domain = current_class()->protection_domain();
2098 
2099   assert(name_in_supers(name, current_class()), "name should be a super class");
2100 
2101   Klass* kls = SystemDictionary::resolve_or_fail(
2102     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2103     true, THREAD);
2104 
2105   if (kls != nullptr) {
2106     if (log_is_enabled(Debug, class, resolve)) {
2107       Verifier::trace_class_resolution(kls, current_class());
2108     }
2109   }
2110   return kls;
2111 }
2112 
2113 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2114                                         Klass* target_class,
2115                                         Symbol* field_name,
2116                                         Symbol* field_sig,
2117                                         bool is_method) {
2118   NoSafepointVerifier nosafepoint;
2119 
2120   // If target class isn't a super class of this class, we don't worry about this case
2121   if (!this_class->is_subclass_of(target_class)) {
2122     return false;
2123   }
2124   // Check if the specified method or field is protected
2125   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2126   fieldDescriptor fd;
2127   if (is_method) {
2128     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2129     if (m != nullptr && m->is_protected()) {
2130       if (!this_class->is_same_class_package(m->method_holder())) {
2131         return true;
2132       }
2133     }
2134   } else {
2135     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136     if (member_klass != nullptr && fd.is_protected()) {
2137       if (!this_class->is_same_class_package(member_klass)) {
2138         return true;
2139       }
2140     }
2141   }
2142   return false;
2143 }
2144 
2145 void ClassVerifier::verify_ldc(
2146     int opcode, u2 index, StackMapFrame* current_frame,
2147     const constantPoolHandle& cp, int bci, TRAPS) {
2148   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149   constantTag tag = cp->tag_at(index);
2150   unsigned int types = 0;
2151   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152     if (!tag.is_unresolved_klass()) {
2153       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2155             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156             | (1 << JVM_CONSTANT_Dynamic);
2157       // Note:  The class file parser already verified the legality of
2158       // MethodHandle and MethodType constants.
2159       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160     }
2161   } else {
2162     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164           | (1 << JVM_CONSTANT_Dynamic);
2165     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166   }
2167   if (tag.is_string()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172     current_frame->push_stack(
2173       VerificationType::reference_type(
2174         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2175   } else if (tag.is_int()) {
2176     current_frame->push_stack(
2177       VerificationType::integer_type(), CHECK_VERIFY(this));
2178   } else if (tag.is_float()) {
2179     current_frame->push_stack(
2180       VerificationType::float_type(), CHECK_VERIFY(this));
2181   } else if (tag.is_double()) {
2182     current_frame->push_stack_2(
2183       VerificationType::double_type(),
2184       VerificationType::double2_type(), CHECK_VERIFY(this));
2185   } else if (tag.is_long()) {
2186     current_frame->push_stack_2(
2187       VerificationType::long_type(),
2188       VerificationType::long2_type(), CHECK_VERIFY(this));
2189   } else if (tag.is_method_handle()) {
2190     current_frame->push_stack(
2191       VerificationType::reference_type(
2192         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2193   } else if (tag.is_method_type()) {
2194     current_frame->push_stack(
2195       VerificationType::reference_type(
2196         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2197   } else if (tag.is_dynamic_constant()) {
2198     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2199     // Field signature was checked in ClassFileParser.
2200     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2201            "Invalid type for dynamic constant");
2202     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2203           "buffer type must match VerificationType size");
2204     uintptr_t constant_type_buffer[2];
2205     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2206     SignatureStream sig_stream(constant_type, false);
2207     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2208     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2209     if (n != opcode_n) {
2210       // wrong kind of ldc; reverify against updated type mask
2211       types &= ~(1 << JVM_CONSTANT_Dynamic);
2212       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213     }
2214     for (int i = 0; i < n; i++) {
2215       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2216     }
2217   } else {
2218     /* Unreachable? verify_cp_type has already validated the cp type. */
2219     verify_error(
2220         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2221     return;
2222   }
2223 }
2224 
2225 void ClassVerifier::verify_switch(
2226     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2227     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2228   int bci = bcs->bci();
2229   address bcp = bcs->bcp();
2230   address aligned_bcp = align_up(bcp + 1, jintSize);
2231 
2232   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2233     // 4639449 & 4647081: padding bytes must be 0
2234     u2 padding_offset = 1;
2235     while ((bcp + padding_offset) < aligned_bcp) {
2236       if(*(bcp + padding_offset) != 0) {
2237         verify_error(ErrorContext::bad_code(bci),
2238                      "Nonzero padding byte in lookupswitch or tableswitch");
2239         return;
2240       }
2241       padding_offset++;
2242     }
2243   }
2244 
2245   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2246   int keys, delta;
2247   current_frame->pop_stack(
2248     VerificationType::integer_type(), CHECK_VERIFY(this));
2249   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2250     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2251     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2252     if (low > high) {
2253       verify_error(ErrorContext::bad_code(bci),
2254           "low must be less than or equal to high in tableswitch");
2255       return;
2256     }
2257     int64_t keys64 = ((int64_t)high - low) + 1;
2258     if (keys64 > 65535) {  // Max code length
2259       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2260       return;
2261     }
2262     keys = (int)keys64;
2263     delta = 1;
2264   } else {
2265     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2266     if (keys < 0) {
2267       verify_error(ErrorContext::bad_code(bci),
2268                    "number of keys in lookupswitch less than 0");
2269       return;
2270     }
2271     delta = 2;
2272     // Make sure that the lookupswitch items are sorted
2273     for (int i = 0; i < (keys - 1); i++) {
2274       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2275       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2276       if (this_key >= next_key) {
2277         verify_error(ErrorContext::bad_code(bci),
2278                      "Bad lookupswitch instruction");
2279         return;
2280       }
2281     }
2282   }
2283   int target = bci + default_offset;
2284   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2285   for (int i = 0; i < keys; i++) {
2286     // Because check_jump_target() may safepoint, the bytecode could have
2287     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2288     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2289     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2290     stackmap_table->check_jump_target(
2291       current_frame, target, CHECK_VERIFY(this));
2292   }
2293   NOT_PRODUCT(aligned_bcp = nullptr);  // no longer valid at this point
2294 }
2295 
2296 bool ClassVerifier::name_in_supers(
2297     Symbol* ref_name, InstanceKlass* current) {
2298   Klass* super = current->super();
2299   while (super != nullptr) {
2300     if (super->name() == ref_name) {
2301       return true;
2302     }
2303     super = super->super();
2304   }
2305   return false;
2306 }
2307 
2308 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2309                                               StackMapFrame* current_frame,
2310                                               const constantPoolHandle& cp,
2311                                               bool allow_arrays,
2312                                               TRAPS) {
2313   u2 index = bcs->get_index_u2();
2314   verify_cp_type(bcs->bci(), index, cp,
2315       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2316 
2317   // Get field name and signature
2318   Symbol* field_name = cp->uncached_name_ref_at(index);
2319   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2320   bool is_getfield = false;
2321 
2322   // Field signature was checked in ClassFileParser.
2323   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2324          "Invalid field signature");
2325 
2326   // Get referenced class type
2327   VerificationType ref_class_type = cp_ref_index_to_type(
2328     index, cp, CHECK_VERIFY(this));
2329   if (!ref_class_type.is_object() &&
2330     (!allow_arrays || !ref_class_type.is_array())) {
2331     verify_error(ErrorContext::bad_type(bcs->bci(),
2332         TypeOrigin::cp(index, ref_class_type)),
2333         "Expecting reference to class in class %s at constant pool index %d",
2334         _klass->external_name(), index);
2335     return;
2336   }
2337   VerificationType target_class_type = ref_class_type;
2338 
2339   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2340         "buffer type must match VerificationType size");
2341   uintptr_t field_type_buffer[2];
2342   VerificationType* field_type = (VerificationType*)field_type_buffer;
2343   // If we make a VerificationType[2] array directly, the compiler calls
2344   // to the c-runtime library to do the allocation instead of just
2345   // stack allocating it.  Plus it would run constructors.  This shows up
2346   // in performance profiles.
2347 
2348   SignatureStream sig_stream(field_sig, false);
2349   VerificationType stack_object_type;
2350   int n = change_sig_to_verificationType(&sig_stream, field_type);
2351   int bci = bcs->bci();
2352   bool is_assignable;
2353   switch (bcs->raw_code()) {
2354     case Bytecodes::_getstatic: {
2355       for (int i = 0; i < n; i++) {
2356         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2357       }
2358       break;
2359     }
2360     case Bytecodes::_putstatic: {
2361       for (int i = n - 1; i >= 0; i--) {
2362         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2363       }
2364       break;
2365     }
2366     case Bytecodes::_getfield: {
2367       is_getfield = true;
2368       stack_object_type = current_frame->pop_stack(
2369         target_class_type, CHECK_VERIFY(this));
2370       goto check_protected;
2371     }
2372     case Bytecodes::_putfield: {
2373       for (int i = n - 1; i >= 0; i--) {
2374         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375       }
2376       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377 
2378       // The JVMS 2nd edition allows field initialization before the superclass
2379       // initializer, if the field is defined within the current class.
2380       fieldDescriptor fd;
2381       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382           target_class_type.equals(current_type()) &&
2383           _klass->find_local_field(field_name, field_sig, &fd)) {
2384         stack_object_type = current_type();
2385       }
2386       is_assignable = target_class_type.is_assignable_from(
2387         stack_object_type, this, false, CHECK_VERIFY(this));
2388       if (!is_assignable) {
2389         verify_error(ErrorContext::bad_type(bci,
2390             current_frame->stack_top_ctx(),
2391             TypeOrigin::cp(index, target_class_type)),
2392             "Bad type on operand stack in putfield");
2393         return;
2394       }
2395     }
2396     check_protected: {
2397       if (_this_type == stack_object_type)
2398         break; // stack_object_type must be assignable to _current_class_type
2399       if (was_recursively_verified()) {
2400         if (is_getfield) {
2401           // Push field type for getfield.
2402           for (int i = 0; i < n; i++) {
2403             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404           }
2405         }
2406         return;
2407       }
2408       Symbol* ref_class_name =
2409         cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2410       if (!name_in_supers(ref_class_name, current_class()))
2411         // stack_object_type must be assignable to _current_class_type since:
2412         // 1. stack_object_type must be assignable to ref_class.
2413         // 2. ref_class must be _current_class or a subclass of it. It can't
2414         //    be a superclass of it. See revised JVMS 5.4.4.
2415         break;
2416 
2417       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2418       if (is_protected_access(current_class(), ref_class_oop, field_name,
2419                               field_sig, false)) {
2420         // It's protected access, check if stack object is assignable to
2421         // current class.
2422         is_assignable = current_type().is_assignable_from(
2423           stack_object_type, this, true, CHECK_VERIFY(this));
2424         if (!is_assignable) {
2425           verify_error(ErrorContext::bad_type(bci,
2426               current_frame->stack_top_ctx(),
2427               TypeOrigin::implicit(current_type())),
2428               "Bad access to protected data in %s",
2429               is_getfield ? "getfield" : "putfield");
2430           return;
2431         }
2432       }
2433       break;
2434     }
2435     default: ShouldNotReachHere();
2436   }
2437   if (is_getfield) {
2438     // Push field type for getfield after doing protection check.
2439     for (int i = 0; i < n; i++) {
2440       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2441     }
2442   }
2443 }
2444 
2445 // Look at the method's handlers.  If the bci is in the handler's try block
2446 // then check if the handler_pc is already on the stack.  If not, push it
2447 // unless the handler has already been scanned.
2448 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2449                                   GrowableArray<u4>* handler_list,
2450                                   GrowableArray<u4>* handler_stack,
2451                                   u4 bci) {
2452   int exlength = exhandlers->length();
2453   for(int x = 0; x < exlength; x++) {
2454     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2455       u4 exhandler_pc = exhandlers->handler_pc(x);
2456       if (!handler_list->contains(exhandler_pc)) {
2457         handler_stack->append_if_missing(exhandler_pc);
2458         handler_list->append(exhandler_pc);
2459       }
2460     }
2461   }
2462 }
2463 
2464 // Return TRUE if all code paths starting with start_bc_offset end in
2465 // bytecode athrow or loop.
2466 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2467   ResourceMark rm;
2468   // Create bytecode stream.
2469   RawBytecodeStream bcs(method());
2470   int code_length = method()->code_size();
2471   bcs.set_start(start_bc_offset);
2472 
2473   // Create stack for storing bytecode start offsets for if* and *switch.
2474   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2475   // Create stack for handlers for try blocks containing this handler.
2476   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2477   // Create list of handlers that have been pushed onto the handler_stack
2478   // so that handlers embedded inside of their own TRY blocks only get
2479   // scanned once.
2480   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2481   // Create list of visited branch opcodes (goto* and if*).
2482   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2483   ExceptionTable exhandlers(_method());
2484 
2485   while (true) {
2486     if (bcs.is_last_bytecode()) {
2487       // if no more starting offsets to parse or if at the end of the
2488       // method then return false.
2489       if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2490         return false;
2491       // Pop a bytecode starting offset and scan from there.
2492       bcs.set_start(bci_stack->pop());
2493     }
2494     Bytecodes::Code opcode = bcs.raw_next();
2495     int bci = bcs.bci();
2496 
2497     // If the bytecode is in a TRY block, push its handlers so they
2498     // will get parsed.
2499     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2500 
2501     switch (opcode) {
2502       case Bytecodes::_if_icmpeq:
2503       case Bytecodes::_if_icmpne:
2504       case Bytecodes::_if_icmplt:
2505       case Bytecodes::_if_icmpge:
2506       case Bytecodes::_if_icmpgt:
2507       case Bytecodes::_if_icmple:
2508       case Bytecodes::_ifeq:
2509       case Bytecodes::_ifne:
2510       case Bytecodes::_iflt:
2511       case Bytecodes::_ifge:
2512       case Bytecodes::_ifgt:
2513       case Bytecodes::_ifle:
2514       case Bytecodes::_if_acmpeq:
2515       case Bytecodes::_if_acmpne:
2516       case Bytecodes::_ifnull:
2517       case Bytecodes::_ifnonnull: {
2518         int target = bcs.dest();
2519         if (visited_branches->contains(bci)) {
2520           if (bci_stack->is_empty()) {
2521             if (handler_stack->is_empty()) {
2522               return true;
2523             } else {
2524               // Parse the catch handlers for try blocks containing athrow.
2525               bcs.set_start(handler_stack->pop());
2526             }
2527           } else {
2528             // Pop a bytecode starting offset and scan from there.
2529             bcs.set_start(bci_stack->pop());
2530           }
2531         } else {
2532           if (target > bci) { // forward branch
2533             if (target >= code_length) return false;
2534             // Push the branch target onto the stack.
2535             bci_stack->push(target);
2536             // then, scan bytecodes starting with next.
2537             bcs.set_start(bcs.next_bci());
2538           } else { // backward branch
2539             // Push bytecode offset following backward branch onto the stack.
2540             bci_stack->push(bcs.next_bci());
2541             // Check bytecodes starting with branch target.
2542             bcs.set_start(target);
2543           }
2544           // Record target so we don't branch here again.
2545           visited_branches->append(bci);
2546         }
2547         break;
2548         }
2549 
2550       case Bytecodes::_goto:
2551       case Bytecodes::_goto_w: {
2552         int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2553         if (visited_branches->contains(bci)) {
2554           if (bci_stack->is_empty()) {
2555             if (handler_stack->is_empty()) {
2556               return true;
2557             } else {
2558               // Parse the catch handlers for try blocks containing athrow.
2559               bcs.set_start(handler_stack->pop());
2560             }
2561           } else {
2562             // Been here before, pop new starting offset from stack.
2563             bcs.set_start(bci_stack->pop());
2564           }
2565         } else {
2566           if (target >= code_length) return false;
2567           // Continue scanning from the target onward.
2568           bcs.set_start(target);
2569           // Record target so we don't branch here again.
2570           visited_branches->append(bci);
2571         }
2572         break;
2573         }
2574 
2575       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2576       // is  difficult to determine where each switch alternative ends, parse
2577       // each switch alternative until either hit a 'return', 'athrow', or reach
2578       // the end of the method's bytecodes.  This is gross but should be okay
2579       // because:
2580       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2581       //    constructor invocations should be rare.
2582       // 2. if each switch alternative ends in an athrow then the parsing should be
2583       //    short.  If there is no athrow then it is bogus code, anyway.
2584       case Bytecodes::_lookupswitch:
2585       case Bytecodes::_tableswitch:
2586         {
2587           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2588           int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2589           int keys, delta;
2590           if (opcode == Bytecodes::_tableswitch) {
2591             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2592             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2593             // This is invalid, but let the regular bytecode verifier
2594             // report this because the user will get a better error message.
2595             if (low > high) return true;
2596             keys = high - low + 1;
2597             delta = 1;
2598           } else {
2599             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2600             delta = 2;
2601           }
2602           // Invalid, let the regular bytecode verifier deal with it.
2603           if (keys < 0) return true;
2604 
2605           // Push the offset of the next bytecode onto the stack.
2606           bci_stack->push(bcs.next_bci());
2607 
2608           // Push the switch alternatives onto the stack.
2609           for (int i = 0; i < keys; i++) {
2610             int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2611             if (target > code_length) return false;
2612             bci_stack->push(target);
2613           }
2614 
2615           // Start bytecode parsing for the switch at the default alternative.
2616           if (default_offset > code_length) return false;
2617           bcs.set_start(default_offset);
2618           break;
2619         }
2620 
2621       case Bytecodes::_return:
2622         return false;
2623 
2624       case Bytecodes::_athrow:
2625         {
2626           if (bci_stack->is_empty()) {
2627             if (handler_stack->is_empty()) {
2628               return true;
2629             } else {
2630               // Parse the catch handlers for try blocks containing athrow.
2631               bcs.set_start(handler_stack->pop());
2632             }
2633           } else {
2634             // Pop a bytecode offset and starting scanning from there.
2635             bcs.set_start(bci_stack->pop());
2636           }
2637         }
2638         break;
2639 
2640       default:
2641         ;
2642     } // end switch
2643   } // end while loop
2644 
2645   return false;
2646 }
2647 
2648 void ClassVerifier::verify_invoke_init(
2649     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2650     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2651     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2652     TRAPS) {
2653   int bci = bcs->bci();
2654   VerificationType type = current_frame->pop_stack(
2655     VerificationType::reference_check(), CHECK_VERIFY(this));
2656   if (type == VerificationType::uninitialized_this_type()) {
2657     // The method must be an <init> method of this class or its superclass
2658     Klass* superk = current_class()->super();
2659     if (ref_class_type.name() != current_class()->name() &&
2660         ref_class_type.name() != superk->name()) {
2661       verify_error(ErrorContext::bad_type(bci,
2662           TypeOrigin::implicit(ref_class_type),
2663           TypeOrigin::implicit(current_type())),
2664           "Bad <init> method call");
2665       return;
2666     }
2667 
2668     // If this invokespecial call is done from inside of a TRY block then make
2669     // sure that all catch clause paths end in a throw.  Otherwise, this can
2670     // result in returning an incomplete object.
2671     if (in_try_block) {
2672       ExceptionTable exhandlers(_method());
2673       int exlength = exhandlers.length();
2674       for(int i = 0; i < exlength; i++) {
2675         u2 start_pc = exhandlers.start_pc(i);
2676         u2 end_pc = exhandlers.end_pc(i);
2677 
2678         if (bci >= start_pc && bci < end_pc) {
2679           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2680             verify_error(ErrorContext::bad_code(bci),
2681               "Bad <init> method call from after the start of a try block");
2682             return;
2683           } else if (log_is_enabled(Debug, verification)) {
2684             ResourceMark rm(THREAD);
2685             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2686                                           current_class()->name()->as_C_string());
2687           }
2688         }
2689       }
2690 
2691       // Check the exception handler target stackmaps with the locals from the
2692       // incoming stackmap (before initialize_object() changes them to outgoing
2693       // state).
2694       if (was_recursively_verified()) return;
2695       verify_exception_handler_targets(bci, true, current_frame,
2696                                        stackmap_table, CHECK_VERIFY(this));
2697     } // in_try_block
2698 
2699     current_frame->initialize_object(type, current_type());
2700     *this_uninit = true;
2701   } else if (type.is_uninitialized()) {
2702     u2 new_offset = type.bci();
2703     address new_bcp = bcs->bcp() - bci + new_offset;
2704     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2705       /* Unreachable?  Stack map parsing ensures valid type and new
2706        * instructions have a valid BCI. */
2707       verify_error(ErrorContext::bad_code(new_offset),
2708                    "Expecting new instruction");
2709       return;
2710     }
2711     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2712     if (was_recursively_verified()) return;
2713     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2714 
2715     // The method must be an <init> method of the indicated class
2716     VerificationType new_class_type = cp_index_to_type(
2717       new_class_index, cp, CHECK_VERIFY(this));
2718     if (!new_class_type.equals(ref_class_type)) {
2719       verify_error(ErrorContext::bad_type(bci,
2720           TypeOrigin::cp(new_class_index, new_class_type),
2721           TypeOrigin::cp(ref_class_index, ref_class_type)),
2722           "Call to wrong <init> method");
2723       return;
2724     }
2725     // According to the VM spec, if the referent class is a superclass of the
2726     // current class, and is in a different runtime package, and the method is
2727     // protected, then the objectref must be the current class or a subclass
2728     // of the current class.
2729     VerificationType objectref_type = new_class_type;
2730     if (name_in_supers(ref_class_type.name(), current_class())) {
2731       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2732       if (was_recursively_verified()) return;
2733       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2734         vmSymbols::object_initializer_name(),
2735         cp->uncached_signature_ref_at(bcs->get_index_u2()),
2736         Klass::OverpassLookupMode::find);
2737       // Do nothing if method is not found.  Let resolution detect the error.
2738       if (m != nullptr) {
2739         InstanceKlass* mh = m->method_holder();
2740         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2741           bool assignable = current_type().is_assignable_from(
2742             objectref_type, this, true, CHECK_VERIFY(this));
2743           if (!assignable) {
2744             verify_error(ErrorContext::bad_type(bci,
2745                 TypeOrigin::cp(new_class_index, objectref_type),
2746                 TypeOrigin::implicit(current_type())),
2747                 "Bad access to protected <init> method");
2748             return;
2749           }
2750         }
2751       }
2752     }
2753     // Check the exception handler target stackmaps with the locals from the
2754     // incoming stackmap (before initialize_object() changes them to outgoing
2755     // state).
2756     if (in_try_block) {
2757       if (was_recursively_verified()) return;
2758       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2759                                        stackmap_table, CHECK_VERIFY(this));
2760     }
2761     current_frame->initialize_object(type, new_class_type);
2762   } else {
2763     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2764         "Bad operand type when invoking <init>");
2765     return;
2766   }
2767 }
2768 
2769 bool ClassVerifier::is_same_or_direct_interface(
2770     InstanceKlass* klass,
2771     VerificationType klass_type,
2772     VerificationType ref_class_type) {
2773   if (ref_class_type.equals(klass_type)) return true;
2774   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2775   if (local_interfaces != nullptr) {
2776     for (int x = 0; x < local_interfaces->length(); x++) {
2777       InstanceKlass* k = local_interfaces->at(x);
2778       assert (k != nullptr && k->is_interface(), "invalid interface");
2779       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2780         return true;
2781       }
2782     }
2783   }
2784   return false;
2785 }
2786 
2787 void ClassVerifier::verify_invoke_instructions(
2788     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2789     bool in_try_block, bool *this_uninit, VerificationType return_type,
2790     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2791   // Make sure the constant pool item is the right type
2792   u2 index = bcs->get_index_u2();
2793   Bytecodes::Code opcode = bcs->raw_code();
2794   unsigned int types = 0;
2795   switch (opcode) {
2796     case Bytecodes::_invokeinterface:
2797       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2798       break;
2799     case Bytecodes::_invokedynamic:
2800       types = 1 << JVM_CONSTANT_InvokeDynamic;
2801       break;
2802     case Bytecodes::_invokespecial:
2803     case Bytecodes::_invokestatic:
2804       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2805         (1 << JVM_CONSTANT_Methodref) :
2806         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2807       break;
2808     default:
2809       types = 1 << JVM_CONSTANT_Methodref;
2810   }
2811   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2812 
2813   // Get method name and signature
2814   Symbol* method_name = cp->uncached_name_ref_at(index);
2815   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2816 
2817   // Method signature was checked in ClassFileParser.
2818   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2819          "Invalid method signature");
2820 
2821   // Get referenced class type
2822   VerificationType ref_class_type;
2823   if (opcode == Bytecodes::_invokedynamic) {
2824     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2825       class_format_error(
2826         "invokedynamic instructions not supported by this class file version (%d), class %s",
2827         _klass->major_version(), _klass->external_name());
2828       return;
2829     }
2830   } else {
2831     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2832   }
2833 
2834   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2835         "buffer type must match VerificationType size");
2836 
2837   // Get the UTF8 index for this signature.
2838   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2839 
2840   // Get the signature's verification types.
2841   sig_as_verification_types* mth_sig_verif_types;
2842   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2843   if (mth_sig_verif_types_ptr != nullptr) {
2844     // Found the entry for the signature's verification types in the hash table.
2845     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2846     assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2847   } else {
2848     // Not found, add the entry to the table.
2849     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2850     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2851     create_method_sig_entry(mth_sig_verif_types, sig_index);
2852   }
2853 
2854   // Get the number of arguments for this signature.
2855   int nargs = mth_sig_verif_types->num_args();
2856 
2857   // Check instruction operands
2858   int bci = bcs->bci();
2859   if (opcode == Bytecodes::_invokeinterface) {
2860     address bcp = bcs->bcp();
2861     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2862     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2863     // the difference between the size of the operand stack before and after the instruction
2864     // executes.
2865     if (*(bcp+3) != (nargs+1)) {
2866       verify_error(ErrorContext::bad_code(bci),
2867           "Inconsistent args count operand in invokeinterface");
2868       return;
2869     }
2870     if (*(bcp+4) != 0) {
2871       verify_error(ErrorContext::bad_code(bci),
2872           "Fourth operand byte of invokeinterface must be zero");
2873       return;
2874     }
2875   }
2876 
2877   if (opcode == Bytecodes::_invokedynamic) {
2878     address bcp = bcs->bcp();
2879     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2880       verify_error(ErrorContext::bad_code(bci),
2881           "Third and fourth operand bytes of invokedynamic must be zero");
2882       return;
2883     }
2884   }
2885 
2886   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2887     // Make sure <init> can only be invoked by invokespecial
2888     if (opcode != Bytecodes::_invokespecial ||
2889         method_name != vmSymbols::object_initializer_name()) {
2890       verify_error(ErrorContext::bad_code(bci),
2891           "Illegal call to internal method");
2892       return;
2893     }
2894   } else if (opcode == Bytecodes::_invokespecial
2895              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2896              && !ref_class_type.equals(VerificationType::reference_type(
2897                   current_class()->super()->name()))) {
2898     bool subtype = false;
2899     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2900     subtype = ref_class_type.is_assignable_from(
2901                current_type(), this, false, CHECK_VERIFY(this));
2902     if (!subtype) {
2903       verify_error(ErrorContext::bad_code(bci),
2904           "Bad invokespecial instruction: "
2905           "current class isn't assignable to reference class.");
2906        return;
2907     } else if (have_imr_indirect) {
2908       verify_error(ErrorContext::bad_code(bci),
2909           "Bad invokespecial instruction: "
2910           "interface method reference is in an indirect superinterface.");
2911       return;
2912     }
2913 
2914   }
2915 
2916   // Get the verification types for the method's arguments.
2917   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2918   assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2919   // Match method descriptor with operand stack
2920   // The arguments are on the stack in descending order.
2921   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2922     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2923   }
2924 
2925   // Check objectref on operand stack
2926   if (opcode != Bytecodes::_invokestatic &&
2927       opcode != Bytecodes::_invokedynamic) {
2928     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2929       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2930         code_length, in_try_block, this_uninit, cp, stackmap_table,
2931         CHECK_VERIFY(this));
2932       if (was_recursively_verified()) return;
2933     } else {   // other methods
2934       // Ensures that target class is assignable to method class.
2935       if (opcode == Bytecodes::_invokespecial) {
2936         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2937       } else if (opcode == Bytecodes::_invokevirtual) {
2938         VerificationType stack_object_type =
2939           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2940         if (current_type() != stack_object_type) {
2941           if (was_recursively_verified()) return;
2942           assert(cp->cache() == nullptr, "not rewritten yet");
2943           Symbol* ref_class_name =
2944             cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2945           // See the comments in verify_field_instructions() for
2946           // the rationale behind this.
2947           if (name_in_supers(ref_class_name, current_class())) {
2948             Klass* ref_class = load_class(ref_class_name, CHECK);
2949             if (is_protected_access(
2950                   _klass, ref_class, method_name, method_sig, true)) {
2951               // It's protected access, check if stack object is
2952               // assignable to current class.
2953               if (ref_class_type.name() == vmSymbols::java_lang_Object()
2954                   && stack_object_type.is_array()
2955                   && method_name == vmSymbols::clone_name()) {
2956                 // Special case: arrays pretend to implement public Object
2957                 // clone().
2958               } else {
2959                 bool is_assignable = current_type().is_assignable_from(
2960                   stack_object_type, this, true, CHECK_VERIFY(this));
2961                 if (!is_assignable) {
2962                   verify_error(ErrorContext::bad_type(bci,
2963                       current_frame->stack_top_ctx(),
2964                       TypeOrigin::implicit(current_type())),
2965                       "Bad access to protected data in invokevirtual");
2966                   return;
2967                 }
2968               }
2969             }
2970           }
2971         }
2972       } else {
2973         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2974         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2975       }
2976     }
2977   }
2978   // Push the result type.
2979   int sig_verif_types_len = sig_verif_types->length();
2980   if (sig_verif_types_len > nargs) {  // There's a return type
2981     if (method_name == vmSymbols::object_initializer_name()) {
2982       // <init> method must have a void return type
2983       /* Unreachable?  Class file parser verifies that methods with '<' have
2984        * void return */
2985       verify_error(ErrorContext::bad_code(bci),
2986           "Return type must be void in <init> method");
2987       return;
2988     }
2989 
2990     assert(sig_verif_types_len <= nargs + 2,
2991            "Signature verification types array return type is bogus");
2992     for (int i = nargs; i < sig_verif_types_len; i++) {
2993       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2994              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2995       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2996     }
2997   }
2998 }
2999 
3000 VerificationType ClassVerifier::get_newarray_type(
3001     u2 index, int bci, TRAPS) {
3002   const char* from_bt[] = {
3003     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3004   };
3005   if (index < T_BOOLEAN || index > T_LONG) {
3006     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3007     return VerificationType::bogus_type();
3008   }
3009 
3010   // from_bt[index] contains the array signature which has a length of 2
3011   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3012   return VerificationType::reference_type(sig);
3013 }
3014 
3015 void ClassVerifier::verify_anewarray(
3016     int bci, u2 index, const constantPoolHandle& cp,
3017     StackMapFrame* current_frame, TRAPS) {
3018   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3019   current_frame->pop_stack(
3020     VerificationType::integer_type(), CHECK_VERIFY(this));
3021 
3022   if (was_recursively_verified()) return;
3023   VerificationType component_type =
3024     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3025   int length;
3026   char* arr_sig_str;
3027   if (component_type.is_array()) {     // it's an array
3028     const char* component_name = component_type.name()->as_utf8();
3029     // Check for more than MAX_ARRAY_DIMENSIONS
3030     length = (int)strlen(component_name);
3031     if (length > MAX_ARRAY_DIMENSIONS &&
3032         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3033       verify_error(ErrorContext::bad_code(bci),
3034         "Illegal anewarray instruction, array has more than 255 dimensions");
3035     }
3036     // add one dimension to component
3037     length++;
3038     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3039     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3040                          JVM_SIGNATURE_ARRAY, component_name);
3041     assert(n == length, "Unexpected number of characters in string");
3042   } else {         // it's an object or interface
3043     const char* component_name = component_type.name()->as_utf8();
3044     // add one dimension to component with 'L' prepended and ';' postpended.
3045     length = (int)strlen(component_name) + 3;
3046     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3047     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3048                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3049     assert(n == length, "Unexpected number of characters in string");
3050   }
3051   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3052   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3053   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3054 }
3055 
3056 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3057   current_frame->get_local(
3058     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3059   current_frame->push_stack(
3060     VerificationType::integer_type(), CHECK_VERIFY(this));
3061 }
3062 
3063 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3064   current_frame->get_local_2(
3065     index, VerificationType::long_type(),
3066     VerificationType::long2_type(), CHECK_VERIFY(this));
3067   current_frame->push_stack_2(
3068     VerificationType::long_type(),
3069     VerificationType::long2_type(), CHECK_VERIFY(this));
3070 }
3071 
3072 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3073   current_frame->get_local(
3074     index, VerificationType::float_type(), CHECK_VERIFY(this));
3075   current_frame->push_stack(
3076     VerificationType::float_type(), CHECK_VERIFY(this));
3077 }
3078 
3079 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3080   current_frame->get_local_2(
3081     index, VerificationType::double_type(),
3082     VerificationType::double2_type(), CHECK_VERIFY(this));
3083   current_frame->push_stack_2(
3084     VerificationType::double_type(),
3085     VerificationType::double2_type(), CHECK_VERIFY(this));
3086 }
3087 
3088 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3089   VerificationType type = current_frame->get_local(
3090     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3091   current_frame->push_stack(type, CHECK_VERIFY(this));
3092 }
3093 
3094 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3095   current_frame->pop_stack(
3096     VerificationType::integer_type(), CHECK_VERIFY(this));
3097   current_frame->set_local(
3098     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3099 }
3100 
3101 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3102   current_frame->pop_stack_2(
3103     VerificationType::long2_type(),
3104     VerificationType::long_type(), CHECK_VERIFY(this));
3105   current_frame->set_local_2(
3106     index, VerificationType::long_type(),
3107     VerificationType::long2_type(), CHECK_VERIFY(this));
3108 }
3109 
3110 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3111   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3112   current_frame->set_local(
3113     index, VerificationType::float_type(), CHECK_VERIFY(this));
3114 }
3115 
3116 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3117   current_frame->pop_stack_2(
3118     VerificationType::double2_type(),
3119     VerificationType::double_type(), CHECK_VERIFY(this));
3120   current_frame->set_local_2(
3121     index, VerificationType::double_type(),
3122     VerificationType::double2_type(), CHECK_VERIFY(this));
3123 }
3124 
3125 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3126   VerificationType type = current_frame->pop_stack(
3127     VerificationType::reference_check(), CHECK_VERIFY(this));
3128   current_frame->set_local(index, type, CHECK_VERIFY(this));
3129 }
3130 
3131 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3132   VerificationType type = current_frame->get_local(
3133     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3134   current_frame->set_local(index, type, CHECK_VERIFY(this));
3135 }
3136 
3137 void ClassVerifier::verify_return_value(
3138     VerificationType return_type, VerificationType type, int bci,
3139     StackMapFrame* current_frame, TRAPS) {
3140   if (return_type == VerificationType::bogus_type()) {
3141     verify_error(ErrorContext::bad_type(bci,
3142         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3143         "Method does not expect a return value");
3144     return;
3145   }
3146   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3147   if (!match) {
3148     verify_error(ErrorContext::bad_type(bci,
3149         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3150         "Bad return type");
3151     return;
3152   }
3153 }
3154 
3155 // The verifier creates symbols which are substrings of Symbols.
3156 // These are stored in the verifier until the end of verification so that
3157 // they can be reference counted.
3158 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3159   // Quick deduplication check
3160   if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3161     return _previous_symbol;
3162   }
3163   Symbol* sym = SymbolTable::new_symbol(name, length);
3164   if (!sym->is_permanent()) {
3165     if (_symbols == nullptr) {
3166       _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3167     }
3168     _symbols->push(sym);
3169   }
3170   _previous_symbol = sym;
3171   return sym;
3172 }