1 /*
2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define MAX_ARRAY_DIMENSIONS 255
67
68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
69
70 extern "C" {
71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
72 }
73
74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
75
76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
77
78 if (_verify_byte_codes_fn != nullptr)
79 return _verify_byte_codes_fn;
80
81 MutexLocker locker(Verify_lock);
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 // Load verify dll
87 char buffer[JVM_MAXPATHLEN];
88 char ebuf[1024];
89 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
90 return nullptr; // Caller will throw VerifyError
91
92 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
93 if (lib_handle == nullptr)
94 return nullptr; // Caller will throw VerifyError
95
96 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
97 if (fn == nullptr)
98 return nullptr; // Caller will throw VerifyError
99
100 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
101 }
102
103
104 // Methods in Verifier
105
106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
107 return (class_loader == nullptr || !should_verify_class) ?
108 BytecodeVerificationLocal : BytecodeVerificationRemote;
109 }
110
111 bool Verifier::relax_access_for(oop loader) {
112 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
113 bool need_verify =
114 // verifyAll
115 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
116 // verifyRemote
117 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
118 return !need_verify;
119 }
120
121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
122 assert(verify_class != nullptr, "Unexpected null verify_class");
123 ResourceMark rm;
124 Symbol* s = verify_class->source_file_name();
125 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
126 const char* verify = verify_class->external_name();
127 const char* resolve = resolve_class->external_name();
128 // print in a single call to reduce interleaving between threads
129 if (source_file != nullptr) {
130 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
131 } else {
132 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
133 }
134 }
135
136 // Prints the end-verification message to the appropriate output.
137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
138 if (pending_exception != nullptr) {
139 st->print("Verification for %s has", klassName);
140 oop message = java_lang_Throwable::message(pending_exception);
141 if (message != nullptr) {
142 char* ex_msg = java_lang_String::as_utf8_string(message);
143 st->print_cr(" exception pending '%s %s'",
144 pending_exception->klass()->external_name(), ex_msg);
145 } else {
146 st->print_cr(" exception pending %s ",
147 pending_exception->klass()->external_name());
148 }
149 } else if (exception_name != nullptr) {
150 st->print_cr("Verification for %s failed", klassName);
151 }
152 st->print_cr("End class verification for: %s", klassName);
153 }
154
155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
156 HandleMark hm(THREAD);
157 ResourceMark rm(THREAD);
158
159 // Eagerly allocate the identity hash code for a klass. This is a fallout
160 // from 6320749 and 8059924: hash code generator is not supposed to be called
161 // during the safepoint, but it allows to sneak the hashcode in during
162 // verification. Without this eager hashcode generation, we may end up
163 // installing the hashcode during some other operation, which may be at
164 // safepoint -- blowing up the checks. It was previously done as the side
165 // effect (sic!) for external_name(), but instead of doing that, we opt to
166 // explicitly push the hashcode in here. This is signify the following block
167 // is IMPORTANT:
168 if (klass->java_mirror() != nullptr) {
169 klass->java_mirror()->identity_hash();
170 }
171
172 if (!is_eligible_for_verification(klass, should_verify_class)) {
173 return true;
174 }
175
176 // Timer includes any side effects of class verification (resolution,
177 // etc), but not recursive calls to Verifier::verify().
178 JavaThread* jt = THREAD;
179 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
180 ClassLoader::perf_class_verify_selftime(),
181 ClassLoader::perf_classes_verified(),
182 jt->get_thread_stat()->perf_recursion_counts_addr(),
183 jt->get_thread_stat()->perf_timers_addr(),
184 PerfClassTraceTime::CLASS_VERIFY);
185
186 // If the class should be verified, first see if we can use the split
187 // verifier. If not, or if verification fails and can failover, then
188 // call the inference verifier.
189 Symbol* exception_name = nullptr;
190 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
191 char* message_buffer = nullptr;
192 char* exception_message = nullptr;
193
194 log_info(class, init)("Start class verification for: %s", klass->external_name());
195 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
196 ClassVerifier split_verifier(jt, klass);
197 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
198 split_verifier.verify_class(THREAD);
199 exception_name = split_verifier.result();
200
201 // If DumpSharedSpaces is set then don't fall back to the old verifier on
202 // verification failure. If a class fails verification with the split verifier,
203 // it might fail the CDS runtime verifier constraint check. In that case, we
204 // don't want to share the class. We only archive classes that pass the split
205 // verifier.
206 bool can_failover = !DumpSharedSpaces &&
207 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
208
209 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
210 (exception_name == vmSymbols::java_lang_VerifyError() ||
211 exception_name == vmSymbols::java_lang_ClassFormatError())) {
212 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
213 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
214 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
215 exception_message = message_buffer;
216 exception_name = inference_verify(
217 klass, message_buffer, message_buffer_len, THREAD);
218 }
219 if (exception_name != nullptr) {
220 exception_message = split_verifier.exception_message();
221 }
222 } else {
223 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
224 exception_message = message_buffer;
225 exception_name = inference_verify(
226 klass, message_buffer, message_buffer_len, THREAD);
227 }
228
229 LogTarget(Info, class, init) lt1;
230 if (lt1.is_enabled()) {
231 LogStream ls(lt1);
232 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
233 }
234 LogTarget(Info, verification) lt2;
235 if (lt2.is_enabled()) {
236 LogStream ls(lt2);
237 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
238 }
239
240 if (HAS_PENDING_EXCEPTION) {
241 return false; // use the existing exception
242 } else if (exception_name == nullptr) {
243 return true; // verification succeeded
244 } else { // VerifyError or ClassFormatError to be created and thrown
245 Klass* kls =
246 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
247 if (log_is_enabled(Debug, class, resolve)) {
248 Verifier::trace_class_resolution(kls, klass);
249 }
250
251 while (kls != nullptr) {
252 if (kls == klass) {
253 // If the class being verified is the exception we're creating
254 // or one of it's superclasses, we're in trouble and are going
255 // to infinitely recurse when we try to initialize the exception.
256 // So bail out here by throwing the preallocated VM error.
257 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
258 }
259 kls = kls->super();
260 }
261 if (message_buffer != nullptr) {
262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
263 }
264 assert(exception_message != nullptr, "");
265 THROW_MSG_(exception_name, exception_message, false);
266 }
267 }
268
269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
270 Symbol* name = klass->name();
271 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
272
273 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
274 klass->is_subtype_of(refl_serialization_ctor_klass);
275
276 return (should_verify_for(klass->class_loader(), should_verify_class) &&
277 // return if the class is a bootstrapping class
278 // or defineClass specified not to verify by default (flags override passed arg)
279 // We need to skip the following four for bootstraping
280 name != vmSymbols::java_lang_Object() &&
281 name != vmSymbols::java_lang_Class() &&
282 name != vmSymbols::java_lang_String() &&
283 name != vmSymbols::java_lang_Throwable() &&
284
285 // Can not verify the bytecodes for shared classes because they have
286 // already been rewritten to contain constant pool cache indices,
287 // which the verifier can't understand.
288 // Shared classes shouldn't have stackmaps either.
289 // However, bytecodes for shared old classes can be verified because
290 // they have not been rewritten.
291 !(klass->is_shared() && klass->is_rewritten()) &&
292
293 // As of the fix for 4486457 we disable verification for all of the
294 // dynamically-generated bytecodes associated with
295 // jdk/internal/reflect/SerializationConstructorAccessor.
296 (!is_reflect_accessor));
297 }
298
299 Symbol* Verifier::inference_verify(
300 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
301 JavaThread* thread = THREAD;
302
303 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
304
305 if (verify_func == nullptr) {
306 jio_snprintf(message, message_len, "Could not link verifier");
307 return vmSymbols::java_lang_VerifyError();
308 }
309
310 ResourceMark rm(thread);
311 log_info(verification)("Verifying class %s with old format", klass->external_name());
312
313 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
314 jint result;
315
316 {
317 HandleMark hm(thread);
318 ThreadToNativeFromVM ttn(thread);
319 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
320 // code knows that we have left the VM
321 JNIEnv *env = thread->jni_environment();
322 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
323 }
324
325 JNIHandles::destroy_local(cls);
326
327 // These numbers are chosen so that VerifyClassCodes interface doesn't need
328 // to be changed (still return jboolean (unsigned char)), and result is
329 // 1 when verification is passed.
330 if (result == 0) {
331 return vmSymbols::java_lang_VerifyError();
332 } else if (result == 1) {
333 return nullptr; // verified.
334 } else if (result == 2) {
335 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
336 } else if (result == 3) {
337 return vmSymbols::java_lang_ClassFormatError();
338 } else {
339 ShouldNotReachHere();
340 return nullptr;
341 }
342 }
343
344 TypeOrigin TypeOrigin::null() {
345 return TypeOrigin();
346 }
347 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
348 assert(frame != nullptr, "Must have a frame");
349 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
350 frame->local_at(index));
351 }
352 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
353 assert(frame != nullptr, "Must have a frame");
354 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
355 frame->stack_at(index));
356 }
357 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
358 assert(frame != nullptr, "Must have a frame");
359 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
360 frame->local_at(index));
361 }
362 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
363 assert(frame != nullptr, "Must have a frame");
364 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
365 frame->stack_at(index));
366 }
367 TypeOrigin TypeOrigin::bad_index(int index) {
368 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
369 }
370 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
371 return TypeOrigin(CONST_POOL, index, nullptr, vt);
372 }
373 TypeOrigin TypeOrigin::signature(VerificationType vt) {
374 return TypeOrigin(SIG, 0, nullptr, vt);
375 }
376 TypeOrigin TypeOrigin::implicit(VerificationType t) {
377 return TypeOrigin(IMPLICIT, 0, nullptr, t);
378 }
379 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
380 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
381 VerificationType::bogus_type());
382 }
383
384 void TypeOrigin::reset_frame() {
385 if (_frame != nullptr) {
386 _frame->restore();
387 }
388 }
389
390 void TypeOrigin::details(outputStream* ss) const {
391 _type.print_on(ss);
392 switch (_origin) {
393 case CF_LOCALS:
394 ss->print(" (current frame, locals[%d])", _index);
395 break;
396 case CF_STACK:
397 ss->print(" (current frame, stack[%d])", _index);
398 break;
399 case SM_LOCALS:
400 ss->print(" (stack map, locals[%d])", _index);
401 break;
402 case SM_STACK:
403 ss->print(" (stack map, stack[%d])", _index);
404 break;
405 case CONST_POOL:
406 ss->print(" (constant pool %d)", _index);
407 break;
408 case SIG:
409 ss->print(" (from method signature)");
410 break;
411 case IMPLICIT:
412 case FRAME_ONLY:
413 case NONE:
414 default:
415 ;
416 }
417 }
418
419 #ifdef ASSERT
420 void TypeOrigin::print_on(outputStream* str) const {
421 str->print("{%d,%d,%p:", _origin, _index, _frame);
422 if (_frame != nullptr) {
423 _frame->print_on(str);
424 } else {
425 str->print("null");
426 }
427 str->print(",");
428 _type.print_on(str);
429 str->print("}");
430 }
431 #endif
432
433 void ErrorContext::details(outputStream* ss, const Method* method) const {
434 if (is_valid()) {
435 ss->cr();
436 ss->print_cr("Exception Details:");
437 location_details(ss, method);
438 reason_details(ss);
439 frame_details(ss);
440 bytecode_details(ss, method);
441 handler_details(ss, method);
442 stackmap_details(ss, method);
443 }
444 }
445
446 void ErrorContext::reason_details(outputStream* ss) const {
447 streamIndentor si(ss);
448 ss->indent().print_cr("Reason:");
449 streamIndentor si2(ss);
450 ss->indent().print("%s", "");
451 switch (_fault) {
452 case INVALID_BYTECODE:
453 ss->print("Error exists in the bytecode");
454 break;
455 case WRONG_TYPE:
456 if (_expected.is_valid()) {
457 ss->print("Type ");
458 _type.details(ss);
459 ss->print(" is not assignable to ");
460 _expected.details(ss);
461 } else {
462 ss->print("Invalid type: ");
463 _type.details(ss);
464 }
465 break;
466 case FLAGS_MISMATCH:
467 if (_expected.is_valid()) {
468 ss->print("Current frame's flags are not assignable "
469 "to stack map frame's.");
470 } else {
471 ss->print("Current frame's flags are invalid in this context.");
472 }
473 break;
474 case BAD_CP_INDEX:
475 ss->print("Constant pool index %d is invalid", _type.index());
476 break;
477 case BAD_LOCAL_INDEX:
478 ss->print("Local index %d is invalid", _type.index());
479 break;
480 case LOCALS_SIZE_MISMATCH:
481 ss->print("Current frame's local size doesn't match stackmap.");
482 break;
483 case STACK_SIZE_MISMATCH:
484 ss->print("Current frame's stack size doesn't match stackmap.");
485 break;
486 case STACK_OVERFLOW:
487 ss->print("Exceeded max stack size.");
488 break;
489 case STACK_UNDERFLOW:
490 ss->print("Attempt to pop empty stack.");
491 break;
492 case MISSING_STACKMAP:
493 ss->print("Expected stackmap frame at this location.");
494 break;
495 case BAD_STACKMAP:
496 ss->print("Invalid stackmap specification.");
497 break;
498 case UNKNOWN:
499 default:
500 ShouldNotReachHere();
501 ss->print_cr("Unknown");
502 }
503 ss->cr();
504 }
505
506 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
507 if (_bci != -1 && method != nullptr) {
508 streamIndentor si(ss);
509 const char* bytecode_name = "<invalid>";
510 if (method->validate_bci(_bci) != -1) {
511 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
512 if (Bytecodes::is_defined(code)) {
513 bytecode_name = Bytecodes::name(code);
514 } else {
515 bytecode_name = "<illegal>";
516 }
517 }
518 InstanceKlass* ik = method->method_holder();
519 ss->indent().print_cr("Location:");
520 streamIndentor si2(ss);
521 ss->indent().print_cr("%s.%s%s @%d: %s",
522 ik->name()->as_C_string(), method->name()->as_C_string(),
523 method->signature()->as_C_string(), _bci, bytecode_name);
524 }
525 }
526
527 void ErrorContext::frame_details(outputStream* ss) const {
528 streamIndentor si(ss);
529 if (_type.is_valid() && _type.frame() != nullptr) {
530 ss->indent().print_cr("Current Frame:");
531 streamIndentor si2(ss);
532 _type.frame()->print_on(ss);
533 }
534 if (_expected.is_valid() && _expected.frame() != nullptr) {
535 ss->indent().print_cr("Stackmap Frame:");
536 streamIndentor si2(ss);
537 _expected.frame()->print_on(ss);
538 }
539 }
540
541 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
542 if (method != nullptr) {
543 streamIndentor si(ss);
544 ss->indent().print_cr("Bytecode:");
545 streamIndentor si2(ss);
546 ss->print_data(method->code_base(), method->code_size(), false);
547 }
548 }
549
550 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
551 if (method != nullptr) {
552 streamIndentor si(ss);
553 ExceptionTable table(method);
554 if (table.length() > 0) {
555 ss->indent().print_cr("Exception Handler Table:");
556 streamIndentor si2(ss);
557 for (int i = 0; i < table.length(); ++i) {
558 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
559 table.end_pc(i), table.handler_pc(i));
560 }
561 }
562 }
563 }
564
565 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
566 if (method != nullptr && method->has_stackmap_table()) {
567 streamIndentor si(ss);
568 ss->indent().print_cr("Stackmap Table:");
569 Array<u1>* data = method->stackmap_data();
570 stack_map_table* sm_table =
571 stack_map_table::at((address)data->adr_at(0));
572 stack_map_frame* sm_frame = sm_table->entries();
573 streamIndentor si2(ss);
574 int current_offset = -1;
575 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
576 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
577 ss->indent();
578 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
579 sm_frame->print_truncated(ss, current_offset);
580 return;
581 }
582 sm_frame->print_on(ss, current_offset);
583 ss->cr();
584 current_offset += sm_frame->offset_delta();
585 sm_frame = sm_frame->next();
586 }
587 }
588 }
589
590 // Methods in ClassVerifier
591
592 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
593 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
594 _message(nullptr), _klass(klass) {
595 _this_type = VerificationType::reference_type(klass->name());
596 }
597
598 ClassVerifier::~ClassVerifier() {
599 // Decrement the reference count for any symbols created.
600 if (_symbols != nullptr) {
601 for (int i = 0; i < _symbols->length(); i++) {
602 Symbol* s = _symbols->at(i);
603 s->decrement_refcount();
604 }
605 }
606 }
607
608 VerificationType ClassVerifier::object_type() const {
609 return VerificationType::reference_type(vmSymbols::java_lang_Object());
610 }
611
612 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
613 VerificationType vt = VerificationType::reference_type(
614 create_temporary_symbol(sig, (int)strlen(sig)));
615 return TypeOrigin::implicit(vt);
616 }
617
618
619 void ClassVerifier::verify_class(TRAPS) {
620 log_info(verification)("Verifying class %s with new format", _klass->external_name());
621
622 // Either verifying both local and remote classes or just remote classes.
623 assert(BytecodeVerificationRemote, "Should not be here");
624
625 Array<Method*>* methods = _klass->methods();
626 int num_methods = methods->length();
627
628 for (int index = 0; index < num_methods; index++) {
629 // Check for recursive re-verification before each method.
630 if (was_recursively_verified()) return;
631
632 Method* m = methods->at(index);
633 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
634 // If m is native or abstract, skip it. It is checked in class file
635 // parser that methods do not override a final method. Overpass methods
636 // are trusted since the VM generates them.
637 continue;
638 }
639 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
640 }
641
642 if (was_recursively_verified()){
643 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
644 log_info(class, init)("Recursive verification detected for: %s",
645 _klass->external_name());
646 }
647 }
648
649 // Translate the signature entries into verification types and save them in
650 // the growable array. Also, save the count of arguments.
651 void ClassVerifier::translate_signature(Symbol* const method_sig,
652 sig_as_verification_types* sig_verif_types) {
653 SignatureStream sig_stream(method_sig);
654 VerificationType sig_type[2];
655 int sig_i = 0;
656 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
657
658 // Translate the signature arguments into verification types.
659 while (!sig_stream.at_return_type()) {
660 int n = change_sig_to_verificationType(&sig_stream, sig_type);
661 assert(n <= 2, "Unexpected signature type");
662
663 // Store verification type(s). Longs and Doubles each have two verificationTypes.
664 for (int x = 0; x < n; x++) {
665 verif_types->push(sig_type[x]);
666 }
667 sig_i += n;
668 sig_stream.next();
669 }
670
671 // Set final arg count, not including the return type. The final arg count will
672 // be compared with sig_verify_types' length to see if there is a return type.
673 sig_verif_types->set_num_args(sig_i);
674
675 // Store verification type(s) for the return type, if there is one.
676 if (sig_stream.type() != T_VOID) {
677 int n = change_sig_to_verificationType(&sig_stream, sig_type);
678 assert(n <= 2, "Unexpected signature return type");
679 for (int y = 0; y < n; y++) {
680 verif_types->push(sig_type[y]);
681 }
682 }
683 }
684
685 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
686 int sig_index) {
687 // Translate the signature into verification types.
688 ConstantPool* cp = _klass->constants();
689 Symbol* const method_sig = cp->symbol_at(sig_index);
690 translate_signature(method_sig, sig_verif_types);
691
692 // Add the list of this signature's verification types to the table.
693 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
694 assert(is_unique, "Duplicate entries in method_signature_table");
695 }
696
697 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
698 HandleMark hm(THREAD);
699 _method = m; // initialize _method
700 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
701
702 // For clang, the only good constant format string is a literal constant format string.
703 #define bad_type_msg "Bad type on operand stack in %s"
704
705 u2 max_stack = m->verifier_max_stack();
706 u2 max_locals = m->max_locals();
707 constantPoolHandle cp(THREAD, m->constants());
708
709 // Method signature was checked in ClassFileParser.
710 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
711 "Invalid method signature");
712
713 // Initial stack map frame: offset is 0, stack is initially empty.
714 StackMapFrame current_frame(max_locals, max_stack, this);
715 // Set initial locals
716 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
717
718 u2 stackmap_index = 0; // index to the stackmap array
719
720 u4 code_length = m->code_size();
721
722 // Scan the bytecode and map each instruction's start offset to a number.
723 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
724
725 int ex_min = code_length;
726 int ex_max = -1;
727 // Look through each item on the exception table. Each of the fields must refer
728 // to a legal instruction.
729 if (was_recursively_verified()) return;
730 verify_exception_handler_table(
731 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
732
733 // Look through each entry on the local variable table and make sure
734 // its range of code array offsets is valid. (4169817)
735 if (m->has_localvariable_table()) {
736 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
737 }
738
739 Array<u1>* stackmap_data = m->stackmap_data();
740 StackMapStream stream(stackmap_data);
741 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
742 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
743 code_data, code_length, CHECK_VERIFY(this));
744
745 LogTarget(Debug, verification) lt;
746 if (lt.is_enabled()) {
747 ResourceMark rm(THREAD);
748 LogStream ls(lt);
749 stackmap_table.print_on(&ls);
750 }
751
752 RawBytecodeStream bcs(m);
753
754 // Scan the byte code linearly from the start to the end
755 bool no_control_flow = false; // Set to true when there is no direct control
756 // flow from current instruction to the next
757 // instruction in sequence
758
759 Bytecodes::Code opcode;
760 while (!bcs.is_last_bytecode()) {
761 // Check for recursive re-verification before each bytecode.
762 if (was_recursively_verified()) return;
763
764 opcode = bcs.raw_next();
765 int bci = bcs.bci();
766
767 // Set current frame's offset to bci
768 current_frame.set_offset(bci);
769 current_frame.set_mark();
770
771 // Make sure every offset in stackmap table point to the beginning to
772 // an instruction. Match current_frame to stackmap_table entry with
773 // the same offset if exists.
774 stackmap_index = verify_stackmap_table(
775 stackmap_index, bci, ¤t_frame, &stackmap_table,
776 no_control_flow, CHECK_VERIFY(this));
777
778
779 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
780 bool verified_exc_handlers = false;
781
782 // Merge with the next instruction
783 {
784 int target;
785 VerificationType type, type2;
786 VerificationType atype;
787
788 LogTarget(Debug, verification) lt;
789 if (lt.is_enabled()) {
790 ResourceMark rm(THREAD);
791 LogStream ls(lt);
792 current_frame.print_on(&ls);
793 lt.print("offset = %d, opcode = %s", bci,
794 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
795 }
796
797 // Make sure wide instruction is in correct format
798 if (bcs.is_wide()) {
799 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
800 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
801 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
802 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
803 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
804 opcode != Bytecodes::_dstore) {
805 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
806 * if we encounter a wide instruction that modifies an invalid
807 * opcode (not one of the ones listed above) */
808 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
809 return;
810 }
811 }
812
813 // Look for possible jump target in exception handlers and see if it
814 // matches current_frame. Do this check here for astore*, dstore*,
815 // fstore*, istore*, and lstore* opcodes because they can change the type
816 // state by adding a local. JVM Spec says that the incoming type state
817 // should be used for this check. So, do the check here before a possible
818 // local is added to the type state.
819 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
820 if (was_recursively_verified()) return;
821 verify_exception_handler_targets(
822 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
823 verified_exc_handlers = true;
824 }
825
826 if (was_recursively_verified()) return;
827
828 switch (opcode) {
829 case Bytecodes::_nop :
830 no_control_flow = false; break;
831 case Bytecodes::_aconst_null :
832 current_frame.push_stack(
833 VerificationType::null_type(), CHECK_VERIFY(this));
834 no_control_flow = false; break;
835 case Bytecodes::_iconst_m1 :
836 case Bytecodes::_iconst_0 :
837 case Bytecodes::_iconst_1 :
838 case Bytecodes::_iconst_2 :
839 case Bytecodes::_iconst_3 :
840 case Bytecodes::_iconst_4 :
841 case Bytecodes::_iconst_5 :
842 current_frame.push_stack(
843 VerificationType::integer_type(), CHECK_VERIFY(this));
844 no_control_flow = false; break;
845 case Bytecodes::_lconst_0 :
846 case Bytecodes::_lconst_1 :
847 current_frame.push_stack_2(
848 VerificationType::long_type(),
849 VerificationType::long2_type(), CHECK_VERIFY(this));
850 no_control_flow = false; break;
851 case Bytecodes::_fconst_0 :
852 case Bytecodes::_fconst_1 :
853 case Bytecodes::_fconst_2 :
854 current_frame.push_stack(
855 VerificationType::float_type(), CHECK_VERIFY(this));
856 no_control_flow = false; break;
857 case Bytecodes::_dconst_0 :
858 case Bytecodes::_dconst_1 :
859 current_frame.push_stack_2(
860 VerificationType::double_type(),
861 VerificationType::double2_type(), CHECK_VERIFY(this));
862 no_control_flow = false; break;
863 case Bytecodes::_sipush :
864 case Bytecodes::_bipush :
865 current_frame.push_stack(
866 VerificationType::integer_type(), CHECK_VERIFY(this));
867 no_control_flow = false; break;
868 case Bytecodes::_ldc :
869 verify_ldc(
870 opcode, bcs.get_index_u1(), ¤t_frame,
871 cp, bci, CHECK_VERIFY(this));
872 no_control_flow = false; break;
873 case Bytecodes::_ldc_w :
874 case Bytecodes::_ldc2_w :
875 verify_ldc(
876 opcode, bcs.get_index_u2(), ¤t_frame,
877 cp, bci, CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_iload :
880 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
881 no_control_flow = false; break;
882 case Bytecodes::_iload_0 :
883 case Bytecodes::_iload_1 :
884 case Bytecodes::_iload_2 :
885 case Bytecodes::_iload_3 : {
886 int index = opcode - Bytecodes::_iload_0;
887 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
888 no_control_flow = false; break;
889 }
890 case Bytecodes::_lload :
891 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_lload_0 :
894 case Bytecodes::_lload_1 :
895 case Bytecodes::_lload_2 :
896 case Bytecodes::_lload_3 : {
897 int index = opcode - Bytecodes::_lload_0;
898 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 }
901 case Bytecodes::_fload :
902 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
903 no_control_flow = false; break;
904 case Bytecodes::_fload_0 :
905 case Bytecodes::_fload_1 :
906 case Bytecodes::_fload_2 :
907 case Bytecodes::_fload_3 : {
908 int index = opcode - Bytecodes::_fload_0;
909 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
910 no_control_flow = false; break;
911 }
912 case Bytecodes::_dload :
913 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
914 no_control_flow = false; break;
915 case Bytecodes::_dload_0 :
916 case Bytecodes::_dload_1 :
917 case Bytecodes::_dload_2 :
918 case Bytecodes::_dload_3 : {
919 int index = opcode - Bytecodes::_dload_0;
920 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 }
923 case Bytecodes::_aload :
924 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
925 no_control_flow = false; break;
926 case Bytecodes::_aload_0 :
927 case Bytecodes::_aload_1 :
928 case Bytecodes::_aload_2 :
929 case Bytecodes::_aload_3 : {
930 int index = opcode - Bytecodes::_aload_0;
931 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 }
934 case Bytecodes::_iaload :
935 type = current_frame.pop_stack(
936 VerificationType::integer_type(), CHECK_VERIFY(this));
937 atype = current_frame.pop_stack(
938 VerificationType::reference_check(), CHECK_VERIFY(this));
939 if (!atype.is_int_array()) {
940 verify_error(ErrorContext::bad_type(bci,
941 current_frame.stack_top_ctx(), ref_ctx("[I")),
942 bad_type_msg, "iaload");
943 return;
944 }
945 current_frame.push_stack(
946 VerificationType::integer_type(), CHECK_VERIFY(this));
947 no_control_flow = false; break;
948 case Bytecodes::_baload :
949 type = current_frame.pop_stack(
950 VerificationType::integer_type(), CHECK_VERIFY(this));
951 atype = current_frame.pop_stack(
952 VerificationType::reference_check(), CHECK_VERIFY(this));
953 if (!atype.is_bool_array() && !atype.is_byte_array()) {
954 verify_error(
955 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
956 bad_type_msg, "baload");
957 return;
958 }
959 current_frame.push_stack(
960 VerificationType::integer_type(), CHECK_VERIFY(this));
961 no_control_flow = false; break;
962 case Bytecodes::_caload :
963 type = current_frame.pop_stack(
964 VerificationType::integer_type(), CHECK_VERIFY(this));
965 atype = current_frame.pop_stack(
966 VerificationType::reference_check(), CHECK_VERIFY(this));
967 if (!atype.is_char_array()) {
968 verify_error(ErrorContext::bad_type(bci,
969 current_frame.stack_top_ctx(), ref_ctx("[C")),
970 bad_type_msg, "caload");
971 return;
972 }
973 current_frame.push_stack(
974 VerificationType::integer_type(), CHECK_VERIFY(this));
975 no_control_flow = false; break;
976 case Bytecodes::_saload :
977 type = current_frame.pop_stack(
978 VerificationType::integer_type(), CHECK_VERIFY(this));
979 atype = current_frame.pop_stack(
980 VerificationType::reference_check(), CHECK_VERIFY(this));
981 if (!atype.is_short_array()) {
982 verify_error(ErrorContext::bad_type(bci,
983 current_frame.stack_top_ctx(), ref_ctx("[S")),
984 bad_type_msg, "saload");
985 return;
986 }
987 current_frame.push_stack(
988 VerificationType::integer_type(), CHECK_VERIFY(this));
989 no_control_flow = false; break;
990 case Bytecodes::_laload :
991 type = current_frame.pop_stack(
992 VerificationType::integer_type(), CHECK_VERIFY(this));
993 atype = current_frame.pop_stack(
994 VerificationType::reference_check(), CHECK_VERIFY(this));
995 if (!atype.is_long_array()) {
996 verify_error(ErrorContext::bad_type(bci,
997 current_frame.stack_top_ctx(), ref_ctx("[J")),
998 bad_type_msg, "laload");
999 return;
1000 }
1001 current_frame.push_stack_2(
1002 VerificationType::long_type(),
1003 VerificationType::long2_type(), CHECK_VERIFY(this));
1004 no_control_flow = false; break;
1005 case Bytecodes::_faload :
1006 type = current_frame.pop_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 atype = current_frame.pop_stack(
1009 VerificationType::reference_check(), CHECK_VERIFY(this));
1010 if (!atype.is_float_array()) {
1011 verify_error(ErrorContext::bad_type(bci,
1012 current_frame.stack_top_ctx(), ref_ctx("[F")),
1013 bad_type_msg, "faload");
1014 return;
1015 }
1016 current_frame.push_stack(
1017 VerificationType::float_type(), CHECK_VERIFY(this));
1018 no_control_flow = false; break;
1019 case Bytecodes::_daload :
1020 type = current_frame.pop_stack(
1021 VerificationType::integer_type(), CHECK_VERIFY(this));
1022 atype = current_frame.pop_stack(
1023 VerificationType::reference_check(), CHECK_VERIFY(this));
1024 if (!atype.is_double_array()) {
1025 verify_error(ErrorContext::bad_type(bci,
1026 current_frame.stack_top_ctx(), ref_ctx("[D")),
1027 bad_type_msg, "daload");
1028 return;
1029 }
1030 current_frame.push_stack_2(
1031 VerificationType::double_type(),
1032 VerificationType::double2_type(), CHECK_VERIFY(this));
1033 no_control_flow = false; break;
1034 case Bytecodes::_aaload : {
1035 type = current_frame.pop_stack(
1036 VerificationType::integer_type(), CHECK_VERIFY(this));
1037 atype = current_frame.pop_stack(
1038 VerificationType::reference_check(), CHECK_VERIFY(this));
1039 if (!atype.is_reference_array()) {
1040 verify_error(ErrorContext::bad_type(bci,
1041 current_frame.stack_top_ctx(),
1042 TypeOrigin::implicit(VerificationType::reference_check())),
1043 bad_type_msg, "aaload");
1044 return;
1045 }
1046 if (atype.is_null()) {
1047 current_frame.push_stack(
1048 VerificationType::null_type(), CHECK_VERIFY(this));
1049 } else {
1050 VerificationType component = atype.get_component(this);
1051 current_frame.push_stack(component, CHECK_VERIFY(this));
1052 }
1053 no_control_flow = false; break;
1054 }
1055 case Bytecodes::_istore :
1056 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1057 no_control_flow = false; break;
1058 case Bytecodes::_istore_0 :
1059 case Bytecodes::_istore_1 :
1060 case Bytecodes::_istore_2 :
1061 case Bytecodes::_istore_3 : {
1062 int index = opcode - Bytecodes::_istore_0;
1063 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1064 no_control_flow = false; break;
1065 }
1066 case Bytecodes::_lstore :
1067 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1068 no_control_flow = false; break;
1069 case Bytecodes::_lstore_0 :
1070 case Bytecodes::_lstore_1 :
1071 case Bytecodes::_lstore_2 :
1072 case Bytecodes::_lstore_3 : {
1073 int index = opcode - Bytecodes::_lstore_0;
1074 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1075 no_control_flow = false; break;
1076 }
1077 case Bytecodes::_fstore :
1078 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1079 no_control_flow = false; break;
1080 case Bytecodes::_fstore_0 :
1081 case Bytecodes::_fstore_1 :
1082 case Bytecodes::_fstore_2 :
1083 case Bytecodes::_fstore_3 : {
1084 int index = opcode - Bytecodes::_fstore_0;
1085 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 }
1088 case Bytecodes::_dstore :
1089 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1090 no_control_flow = false; break;
1091 case Bytecodes::_dstore_0 :
1092 case Bytecodes::_dstore_1 :
1093 case Bytecodes::_dstore_2 :
1094 case Bytecodes::_dstore_3 : {
1095 int index = opcode - Bytecodes::_dstore_0;
1096 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 }
1099 case Bytecodes::_astore :
1100 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1101 no_control_flow = false; break;
1102 case Bytecodes::_astore_0 :
1103 case Bytecodes::_astore_1 :
1104 case Bytecodes::_astore_2 :
1105 case Bytecodes::_astore_3 : {
1106 int index = opcode - Bytecodes::_astore_0;
1107 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 }
1110 case Bytecodes::_iastore :
1111 type = current_frame.pop_stack(
1112 VerificationType::integer_type(), CHECK_VERIFY(this));
1113 type2 = current_frame.pop_stack(
1114 VerificationType::integer_type(), CHECK_VERIFY(this));
1115 atype = current_frame.pop_stack(
1116 VerificationType::reference_check(), CHECK_VERIFY(this));
1117 if (!atype.is_int_array()) {
1118 verify_error(ErrorContext::bad_type(bci,
1119 current_frame.stack_top_ctx(), ref_ctx("[I")),
1120 bad_type_msg, "iastore");
1121 return;
1122 }
1123 no_control_flow = false; break;
1124 case Bytecodes::_bastore :
1125 type = current_frame.pop_stack(
1126 VerificationType::integer_type(), CHECK_VERIFY(this));
1127 type2 = current_frame.pop_stack(
1128 VerificationType::integer_type(), CHECK_VERIFY(this));
1129 atype = current_frame.pop_stack(
1130 VerificationType::reference_check(), CHECK_VERIFY(this));
1131 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1132 verify_error(
1133 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1134 bad_type_msg, "bastore");
1135 return;
1136 }
1137 no_control_flow = false; break;
1138 case Bytecodes::_castore :
1139 current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 current_frame.pop_stack(
1142 VerificationType::integer_type(), CHECK_VERIFY(this));
1143 atype = current_frame.pop_stack(
1144 VerificationType::reference_check(), CHECK_VERIFY(this));
1145 if (!atype.is_char_array()) {
1146 verify_error(ErrorContext::bad_type(bci,
1147 current_frame.stack_top_ctx(), ref_ctx("[C")),
1148 bad_type_msg, "castore");
1149 return;
1150 }
1151 no_control_flow = false; break;
1152 case Bytecodes::_sastore :
1153 current_frame.pop_stack(
1154 VerificationType::integer_type(), CHECK_VERIFY(this));
1155 current_frame.pop_stack(
1156 VerificationType::integer_type(), CHECK_VERIFY(this));
1157 atype = current_frame.pop_stack(
1158 VerificationType::reference_check(), CHECK_VERIFY(this));
1159 if (!atype.is_short_array()) {
1160 verify_error(ErrorContext::bad_type(bci,
1161 current_frame.stack_top_ctx(), ref_ctx("[S")),
1162 bad_type_msg, "sastore");
1163 return;
1164 }
1165 no_control_flow = false; break;
1166 case Bytecodes::_lastore :
1167 current_frame.pop_stack_2(
1168 VerificationType::long2_type(),
1169 VerificationType::long_type(), CHECK_VERIFY(this));
1170 current_frame.pop_stack(
1171 VerificationType::integer_type(), CHECK_VERIFY(this));
1172 atype = current_frame.pop_stack(
1173 VerificationType::reference_check(), CHECK_VERIFY(this));
1174 if (!atype.is_long_array()) {
1175 verify_error(ErrorContext::bad_type(bci,
1176 current_frame.stack_top_ctx(), ref_ctx("[J")),
1177 bad_type_msg, "lastore");
1178 return;
1179 }
1180 no_control_flow = false; break;
1181 case Bytecodes::_fastore :
1182 current_frame.pop_stack(
1183 VerificationType::float_type(), CHECK_VERIFY(this));
1184 current_frame.pop_stack
1185 (VerificationType::integer_type(), CHECK_VERIFY(this));
1186 atype = current_frame.pop_stack(
1187 VerificationType::reference_check(), CHECK_VERIFY(this));
1188 if (!atype.is_float_array()) {
1189 verify_error(ErrorContext::bad_type(bci,
1190 current_frame.stack_top_ctx(), ref_ctx("[F")),
1191 bad_type_msg, "fastore");
1192 return;
1193 }
1194 no_control_flow = false; break;
1195 case Bytecodes::_dastore :
1196 current_frame.pop_stack_2(
1197 VerificationType::double2_type(),
1198 VerificationType::double_type(), CHECK_VERIFY(this));
1199 current_frame.pop_stack(
1200 VerificationType::integer_type(), CHECK_VERIFY(this));
1201 atype = current_frame.pop_stack(
1202 VerificationType::reference_check(), CHECK_VERIFY(this));
1203 if (!atype.is_double_array()) {
1204 verify_error(ErrorContext::bad_type(bci,
1205 current_frame.stack_top_ctx(), ref_ctx("[D")),
1206 bad_type_msg, "dastore");
1207 return;
1208 }
1209 no_control_flow = false; break;
1210 case Bytecodes::_aastore :
1211 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1212 type2 = current_frame.pop_stack(
1213 VerificationType::integer_type(), CHECK_VERIFY(this));
1214 atype = current_frame.pop_stack(
1215 VerificationType::reference_check(), CHECK_VERIFY(this));
1216 // more type-checking is done at runtime
1217 if (!atype.is_reference_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(),
1220 TypeOrigin::implicit(VerificationType::reference_check())),
1221 bad_type_msg, "aastore");
1222 return;
1223 }
1224 // 4938384: relaxed constraint in JVMS 3rd edition.
1225 no_control_flow = false; break;
1226 case Bytecodes::_pop :
1227 current_frame.pop_stack(
1228 VerificationType::category1_check(), CHECK_VERIFY(this));
1229 no_control_flow = false; break;
1230 case Bytecodes::_pop2 :
1231 type = current_frame.pop_stack(CHECK_VERIFY(this));
1232 if (type.is_category1()) {
1233 current_frame.pop_stack(
1234 VerificationType::category1_check(), CHECK_VERIFY(this));
1235 } else if (type.is_category2_2nd()) {
1236 current_frame.pop_stack(
1237 VerificationType::category2_check(), CHECK_VERIFY(this));
1238 } else {
1239 /* Unreachable? Would need a category2_1st on TOS
1240 * which does not appear possible. */
1241 verify_error(
1242 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1243 bad_type_msg, "pop2");
1244 return;
1245 }
1246 no_control_flow = false; break;
1247 case Bytecodes::_dup :
1248 type = current_frame.pop_stack(
1249 VerificationType::category1_check(), CHECK_VERIFY(this));
1250 current_frame.push_stack(type, CHECK_VERIFY(this));
1251 current_frame.push_stack(type, CHECK_VERIFY(this));
1252 no_control_flow = false; break;
1253 case Bytecodes::_dup_x1 :
1254 type = current_frame.pop_stack(
1255 VerificationType::category1_check(), CHECK_VERIFY(this));
1256 type2 = current_frame.pop_stack(
1257 VerificationType::category1_check(), CHECK_VERIFY(this));
1258 current_frame.push_stack(type, CHECK_VERIFY(this));
1259 current_frame.push_stack(type2, CHECK_VERIFY(this));
1260 current_frame.push_stack(type, CHECK_VERIFY(this));
1261 no_control_flow = false; break;
1262 case Bytecodes::_dup_x2 :
1263 {
1264 VerificationType type3;
1265 type = current_frame.pop_stack(
1266 VerificationType::category1_check(), CHECK_VERIFY(this));
1267 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1268 if (type2.is_category1()) {
1269 type3 = current_frame.pop_stack(
1270 VerificationType::category1_check(), CHECK_VERIFY(this));
1271 } else if (type2.is_category2_2nd()) {
1272 type3 = current_frame.pop_stack(
1273 VerificationType::category2_check(), CHECK_VERIFY(this));
1274 } else {
1275 /* Unreachable? Would need a category2_1st at stack depth 2 with
1276 * a category1 on TOS which does not appear possible. */
1277 verify_error(ErrorContext::bad_type(
1278 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1279 return;
1280 }
1281 current_frame.push_stack(type, CHECK_VERIFY(this));
1282 current_frame.push_stack(type3, CHECK_VERIFY(this));
1283 current_frame.push_stack(type2, CHECK_VERIFY(this));
1284 current_frame.push_stack(type, CHECK_VERIFY(this));
1285 no_control_flow = false; break;
1286 }
1287 case Bytecodes::_dup2 :
1288 type = current_frame.pop_stack(CHECK_VERIFY(this));
1289 if (type.is_category1()) {
1290 type2 = current_frame.pop_stack(
1291 VerificationType::category1_check(), CHECK_VERIFY(this));
1292 } else if (type.is_category2_2nd()) {
1293 type2 = current_frame.pop_stack(
1294 VerificationType::category2_check(), CHECK_VERIFY(this));
1295 } else {
1296 /* Unreachable? Would need a category2_1st on TOS which does not
1297 * appear possible. */
1298 verify_error(
1299 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1300 bad_type_msg, "dup2");
1301 return;
1302 }
1303 current_frame.push_stack(type2, CHECK_VERIFY(this));
1304 current_frame.push_stack(type, CHECK_VERIFY(this));
1305 current_frame.push_stack(type2, CHECK_VERIFY(this));
1306 current_frame.push_stack(type, CHECK_VERIFY(this));
1307 no_control_flow = false; break;
1308 case Bytecodes::_dup2_x1 :
1309 {
1310 VerificationType type3;
1311 type = current_frame.pop_stack(CHECK_VERIFY(this));
1312 if (type.is_category1()) {
1313 type2 = current_frame.pop_stack(
1314 VerificationType::category1_check(), CHECK_VERIFY(this));
1315 } else if (type.is_category2_2nd()) {
1316 type2 = current_frame.pop_stack(
1317 VerificationType::category2_check(), CHECK_VERIFY(this));
1318 } else {
1319 /* Unreachable? Would need a category2_1st on TOS which does
1320 * not appear possible. */
1321 verify_error(
1322 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1323 bad_type_msg, "dup2_x1");
1324 return;
1325 }
1326 type3 = current_frame.pop_stack(
1327 VerificationType::category1_check(), CHECK_VERIFY(this));
1328 current_frame.push_stack(type2, CHECK_VERIFY(this));
1329 current_frame.push_stack(type, CHECK_VERIFY(this));
1330 current_frame.push_stack(type3, CHECK_VERIFY(this));
1331 current_frame.push_stack(type2, CHECK_VERIFY(this));
1332 current_frame.push_stack(type, CHECK_VERIFY(this));
1333 no_control_flow = false; break;
1334 }
1335 case Bytecodes::_dup2_x2 :
1336 {
1337 VerificationType type3, type4;
1338 type = current_frame.pop_stack(CHECK_VERIFY(this));
1339 if (type.is_category1()) {
1340 type2 = current_frame.pop_stack(
1341 VerificationType::category1_check(), CHECK_VERIFY(this));
1342 } else if (type.is_category2_2nd()) {
1343 type2 = current_frame.pop_stack(
1344 VerificationType::category2_check(), CHECK_VERIFY(this));
1345 } else {
1346 /* Unreachable? Would need a category2_1st on TOS which does
1347 * not appear possible. */
1348 verify_error(
1349 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1350 bad_type_msg, "dup2_x2");
1351 return;
1352 }
1353 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1354 if (type3.is_category1()) {
1355 type4 = current_frame.pop_stack(
1356 VerificationType::category1_check(), CHECK_VERIFY(this));
1357 } else if (type3.is_category2_2nd()) {
1358 type4 = current_frame.pop_stack(
1359 VerificationType::category2_check(), CHECK_VERIFY(this));
1360 } else {
1361 /* Unreachable? Would need a category2_1st on TOS after popping
1362 * a long/double or two category 1's, which does not
1363 * appear possible. */
1364 verify_error(
1365 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1366 bad_type_msg, "dup2_x2");
1367 return;
1368 }
1369 current_frame.push_stack(type2, CHECK_VERIFY(this));
1370 current_frame.push_stack(type, CHECK_VERIFY(this));
1371 current_frame.push_stack(type4, CHECK_VERIFY(this));
1372 current_frame.push_stack(type3, CHECK_VERIFY(this));
1373 current_frame.push_stack(type2, CHECK_VERIFY(this));
1374 current_frame.push_stack(type, CHECK_VERIFY(this));
1375 no_control_flow = false; break;
1376 }
1377 case Bytecodes::_swap :
1378 type = current_frame.pop_stack(
1379 VerificationType::category1_check(), CHECK_VERIFY(this));
1380 type2 = current_frame.pop_stack(
1381 VerificationType::category1_check(), CHECK_VERIFY(this));
1382 current_frame.push_stack(type, CHECK_VERIFY(this));
1383 current_frame.push_stack(type2, CHECK_VERIFY(this));
1384 no_control_flow = false; break;
1385 case Bytecodes::_iadd :
1386 case Bytecodes::_isub :
1387 case Bytecodes::_imul :
1388 case Bytecodes::_idiv :
1389 case Bytecodes::_irem :
1390 case Bytecodes::_ishl :
1391 case Bytecodes::_ishr :
1392 case Bytecodes::_iushr :
1393 case Bytecodes::_ior :
1394 case Bytecodes::_ixor :
1395 case Bytecodes::_iand :
1396 current_frame.pop_stack(
1397 VerificationType::integer_type(), CHECK_VERIFY(this));
1398 // fall through
1399 case Bytecodes::_ineg :
1400 current_frame.pop_stack(
1401 VerificationType::integer_type(), CHECK_VERIFY(this));
1402 current_frame.push_stack(
1403 VerificationType::integer_type(), CHECK_VERIFY(this));
1404 no_control_flow = false; break;
1405 case Bytecodes::_ladd :
1406 case Bytecodes::_lsub :
1407 case Bytecodes::_lmul :
1408 case Bytecodes::_ldiv :
1409 case Bytecodes::_lrem :
1410 case Bytecodes::_land :
1411 case Bytecodes::_lor :
1412 case Bytecodes::_lxor :
1413 current_frame.pop_stack_2(
1414 VerificationType::long2_type(),
1415 VerificationType::long_type(), CHECK_VERIFY(this));
1416 // fall through
1417 case Bytecodes::_lneg :
1418 current_frame.pop_stack_2(
1419 VerificationType::long2_type(),
1420 VerificationType::long_type(), CHECK_VERIFY(this));
1421 current_frame.push_stack_2(
1422 VerificationType::long_type(),
1423 VerificationType::long2_type(), CHECK_VERIFY(this));
1424 no_control_flow = false; break;
1425 case Bytecodes::_lshl :
1426 case Bytecodes::_lshr :
1427 case Bytecodes::_lushr :
1428 current_frame.pop_stack(
1429 VerificationType::integer_type(), CHECK_VERIFY(this));
1430 current_frame.pop_stack_2(
1431 VerificationType::long2_type(),
1432 VerificationType::long_type(), CHECK_VERIFY(this));
1433 current_frame.push_stack_2(
1434 VerificationType::long_type(),
1435 VerificationType::long2_type(), CHECK_VERIFY(this));
1436 no_control_flow = false; break;
1437 case Bytecodes::_fadd :
1438 case Bytecodes::_fsub :
1439 case Bytecodes::_fmul :
1440 case Bytecodes::_fdiv :
1441 case Bytecodes::_frem :
1442 current_frame.pop_stack(
1443 VerificationType::float_type(), CHECK_VERIFY(this));
1444 // fall through
1445 case Bytecodes::_fneg :
1446 current_frame.pop_stack(
1447 VerificationType::float_type(), CHECK_VERIFY(this));
1448 current_frame.push_stack(
1449 VerificationType::float_type(), CHECK_VERIFY(this));
1450 no_control_flow = false; break;
1451 case Bytecodes::_dadd :
1452 case Bytecodes::_dsub :
1453 case Bytecodes::_dmul :
1454 case Bytecodes::_ddiv :
1455 case Bytecodes::_drem :
1456 current_frame.pop_stack_2(
1457 VerificationType::double2_type(),
1458 VerificationType::double_type(), CHECK_VERIFY(this));
1459 // fall through
1460 case Bytecodes::_dneg :
1461 current_frame.pop_stack_2(
1462 VerificationType::double2_type(),
1463 VerificationType::double_type(), CHECK_VERIFY(this));
1464 current_frame.push_stack_2(
1465 VerificationType::double_type(),
1466 VerificationType::double2_type(), CHECK_VERIFY(this));
1467 no_control_flow = false; break;
1468 case Bytecodes::_iinc :
1469 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1470 no_control_flow = false; break;
1471 case Bytecodes::_i2l :
1472 type = current_frame.pop_stack(
1473 VerificationType::integer_type(), CHECK_VERIFY(this));
1474 current_frame.push_stack_2(
1475 VerificationType::long_type(),
1476 VerificationType::long2_type(), CHECK_VERIFY(this));
1477 no_control_flow = false; break;
1478 case Bytecodes::_l2i :
1479 current_frame.pop_stack_2(
1480 VerificationType::long2_type(),
1481 VerificationType::long_type(), CHECK_VERIFY(this));
1482 current_frame.push_stack(
1483 VerificationType::integer_type(), CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_i2f :
1486 current_frame.pop_stack(
1487 VerificationType::integer_type(), CHECK_VERIFY(this));
1488 current_frame.push_stack(
1489 VerificationType::float_type(), CHECK_VERIFY(this));
1490 no_control_flow = false; break;
1491 case Bytecodes::_i2d :
1492 current_frame.pop_stack(
1493 VerificationType::integer_type(), CHECK_VERIFY(this));
1494 current_frame.push_stack_2(
1495 VerificationType::double_type(),
1496 VerificationType::double2_type(), CHECK_VERIFY(this));
1497 no_control_flow = false; break;
1498 case Bytecodes::_l2f :
1499 current_frame.pop_stack_2(
1500 VerificationType::long2_type(),
1501 VerificationType::long_type(), CHECK_VERIFY(this));
1502 current_frame.push_stack(
1503 VerificationType::float_type(), CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_l2d :
1506 current_frame.pop_stack_2(
1507 VerificationType::long2_type(),
1508 VerificationType::long_type(), CHECK_VERIFY(this));
1509 current_frame.push_stack_2(
1510 VerificationType::double_type(),
1511 VerificationType::double2_type(), CHECK_VERIFY(this));
1512 no_control_flow = false; break;
1513 case Bytecodes::_f2i :
1514 current_frame.pop_stack(
1515 VerificationType::float_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack(
1517 VerificationType::integer_type(), CHECK_VERIFY(this));
1518 no_control_flow = false; break;
1519 case Bytecodes::_f2l :
1520 current_frame.pop_stack(
1521 VerificationType::float_type(), CHECK_VERIFY(this));
1522 current_frame.push_stack_2(
1523 VerificationType::long_type(),
1524 VerificationType::long2_type(), CHECK_VERIFY(this));
1525 no_control_flow = false; break;
1526 case Bytecodes::_f2d :
1527 current_frame.pop_stack(
1528 VerificationType::float_type(), CHECK_VERIFY(this));
1529 current_frame.push_stack_2(
1530 VerificationType::double_type(),
1531 VerificationType::double2_type(), CHECK_VERIFY(this));
1532 no_control_flow = false; break;
1533 case Bytecodes::_d2i :
1534 current_frame.pop_stack_2(
1535 VerificationType::double2_type(),
1536 VerificationType::double_type(), CHECK_VERIFY(this));
1537 current_frame.push_stack(
1538 VerificationType::integer_type(), CHECK_VERIFY(this));
1539 no_control_flow = false; break;
1540 case Bytecodes::_d2l :
1541 current_frame.pop_stack_2(
1542 VerificationType::double2_type(),
1543 VerificationType::double_type(), CHECK_VERIFY(this));
1544 current_frame.push_stack_2(
1545 VerificationType::long_type(),
1546 VerificationType::long2_type(), CHECK_VERIFY(this));
1547 no_control_flow = false; break;
1548 case Bytecodes::_d2f :
1549 current_frame.pop_stack_2(
1550 VerificationType::double2_type(),
1551 VerificationType::double_type(), CHECK_VERIFY(this));
1552 current_frame.push_stack(
1553 VerificationType::float_type(), CHECK_VERIFY(this));
1554 no_control_flow = false; break;
1555 case Bytecodes::_i2b :
1556 case Bytecodes::_i2c :
1557 case Bytecodes::_i2s :
1558 current_frame.pop_stack(
1559 VerificationType::integer_type(), CHECK_VERIFY(this));
1560 current_frame.push_stack(
1561 VerificationType::integer_type(), CHECK_VERIFY(this));
1562 no_control_flow = false; break;
1563 case Bytecodes::_lcmp :
1564 current_frame.pop_stack_2(
1565 VerificationType::long2_type(),
1566 VerificationType::long_type(), CHECK_VERIFY(this));
1567 current_frame.pop_stack_2(
1568 VerificationType::long2_type(),
1569 VerificationType::long_type(), CHECK_VERIFY(this));
1570 current_frame.push_stack(
1571 VerificationType::integer_type(), CHECK_VERIFY(this));
1572 no_control_flow = false; break;
1573 case Bytecodes::_fcmpl :
1574 case Bytecodes::_fcmpg :
1575 current_frame.pop_stack(
1576 VerificationType::float_type(), CHECK_VERIFY(this));
1577 current_frame.pop_stack(
1578 VerificationType::float_type(), CHECK_VERIFY(this));
1579 current_frame.push_stack(
1580 VerificationType::integer_type(), CHECK_VERIFY(this));
1581 no_control_flow = false; break;
1582 case Bytecodes::_dcmpl :
1583 case Bytecodes::_dcmpg :
1584 current_frame.pop_stack_2(
1585 VerificationType::double2_type(),
1586 VerificationType::double_type(), CHECK_VERIFY(this));
1587 current_frame.pop_stack_2(
1588 VerificationType::double2_type(),
1589 VerificationType::double_type(), CHECK_VERIFY(this));
1590 current_frame.push_stack(
1591 VerificationType::integer_type(), CHECK_VERIFY(this));
1592 no_control_flow = false; break;
1593 case Bytecodes::_if_icmpeq:
1594 case Bytecodes::_if_icmpne:
1595 case Bytecodes::_if_icmplt:
1596 case Bytecodes::_if_icmpge:
1597 case Bytecodes::_if_icmpgt:
1598 case Bytecodes::_if_icmple:
1599 current_frame.pop_stack(
1600 VerificationType::integer_type(), CHECK_VERIFY(this));
1601 // fall through
1602 case Bytecodes::_ifeq:
1603 case Bytecodes::_ifne:
1604 case Bytecodes::_iflt:
1605 case Bytecodes::_ifge:
1606 case Bytecodes::_ifgt:
1607 case Bytecodes::_ifle:
1608 current_frame.pop_stack(
1609 VerificationType::integer_type(), CHECK_VERIFY(this));
1610 target = bcs.dest();
1611 stackmap_table.check_jump_target(
1612 ¤t_frame, target, CHECK_VERIFY(this));
1613 no_control_flow = false; break;
1614 case Bytecodes::_if_acmpeq :
1615 case Bytecodes::_if_acmpne :
1616 current_frame.pop_stack(
1617 VerificationType::reference_check(), CHECK_VERIFY(this));
1618 // fall through
1619 case Bytecodes::_ifnull :
1620 case Bytecodes::_ifnonnull :
1621 current_frame.pop_stack(
1622 VerificationType::reference_check(), CHECK_VERIFY(this));
1623 target = bcs.dest();
1624 stackmap_table.check_jump_target
1625 (¤t_frame, target, CHECK_VERIFY(this));
1626 no_control_flow = false; break;
1627 case Bytecodes::_goto :
1628 target = bcs.dest();
1629 stackmap_table.check_jump_target(
1630 ¤t_frame, target, CHECK_VERIFY(this));
1631 no_control_flow = true; break;
1632 case Bytecodes::_goto_w :
1633 target = bcs.dest_w();
1634 stackmap_table.check_jump_target(
1635 ¤t_frame, target, CHECK_VERIFY(this));
1636 no_control_flow = true; break;
1637 case Bytecodes::_tableswitch :
1638 case Bytecodes::_lookupswitch :
1639 verify_switch(
1640 &bcs, code_length, code_data, ¤t_frame,
1641 &stackmap_table, CHECK_VERIFY(this));
1642 no_control_flow = true; break;
1643 case Bytecodes::_ireturn :
1644 type = current_frame.pop_stack(
1645 VerificationType::integer_type(), CHECK_VERIFY(this));
1646 verify_return_value(return_type, type, bci,
1647 ¤t_frame, CHECK_VERIFY(this));
1648 no_control_flow = true; break;
1649 case Bytecodes::_lreturn :
1650 type2 = current_frame.pop_stack(
1651 VerificationType::long2_type(), CHECK_VERIFY(this));
1652 type = current_frame.pop_stack(
1653 VerificationType::long_type(), CHECK_VERIFY(this));
1654 verify_return_value(return_type, type, bci,
1655 ¤t_frame, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1657 case Bytecodes::_freturn :
1658 type = current_frame.pop_stack(
1659 VerificationType::float_type(), CHECK_VERIFY(this));
1660 verify_return_value(return_type, type, bci,
1661 ¤t_frame, CHECK_VERIFY(this));
1662 no_control_flow = true; break;
1663 case Bytecodes::_dreturn :
1664 type2 = current_frame.pop_stack(
1665 VerificationType::double2_type(), CHECK_VERIFY(this));
1666 type = current_frame.pop_stack(
1667 VerificationType::double_type(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_areturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::reference_check(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_return :
1678 if (return_type != VerificationType::bogus_type()) {
1679 verify_error(ErrorContext::bad_code(bci),
1680 "Method expects a return value");
1681 return;
1682 }
1683 // Make sure "this" has been initialized if current method is an
1684 // <init>.
1685 if (_method->name() == vmSymbols::object_initializer_name() &&
1686 current_frame.flag_this_uninit()) {
1687 verify_error(ErrorContext::bad_code(bci),
1688 "Constructor must call super() or this() "
1689 "before return");
1690 return;
1691 }
1692 no_control_flow = true; break;
1693 case Bytecodes::_getstatic :
1694 case Bytecodes::_putstatic :
1695 // pass TRUE, operand can be an array type for getstatic/putstatic.
1696 verify_field_instructions(
1697 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1698 no_control_flow = false; break;
1699 case Bytecodes::_getfield :
1700 case Bytecodes::_putfield :
1701 // pass FALSE, operand can't be an array type for getfield/putfield.
1702 verify_field_instructions(
1703 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1704 no_control_flow = false; break;
1705 case Bytecodes::_invokevirtual :
1706 case Bytecodes::_invokespecial :
1707 case Bytecodes::_invokestatic :
1708 verify_invoke_instructions(
1709 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1710 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711 no_control_flow = false; break;
1712 case Bytecodes::_invokeinterface :
1713 case Bytecodes::_invokedynamic :
1714 verify_invoke_instructions(
1715 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1716 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1717 no_control_flow = false; break;
1718 case Bytecodes::_new :
1719 {
1720 u2 index = bcs.get_index_u2();
1721 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1722 VerificationType new_class_type =
1723 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1724 if (!new_class_type.is_object()) {
1725 verify_error(ErrorContext::bad_type(bci,
1726 TypeOrigin::cp(index, new_class_type)),
1727 "Illegal new instruction");
1728 return;
1729 }
1730 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1731 current_frame.push_stack(type, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 }
1734 case Bytecodes::_newarray :
1735 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1736 current_frame.pop_stack(
1737 VerificationType::integer_type(), CHECK_VERIFY(this));
1738 current_frame.push_stack(type, CHECK_VERIFY(this));
1739 no_control_flow = false; break;
1740 case Bytecodes::_anewarray :
1741 verify_anewarray(
1742 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1743 no_control_flow = false; break;
1744 case Bytecodes::_arraylength :
1745 type = current_frame.pop_stack(
1746 VerificationType::reference_check(), CHECK_VERIFY(this));
1747 if (!(type.is_null() || type.is_array())) {
1748 verify_error(ErrorContext::bad_type(
1749 bci, current_frame.stack_top_ctx()),
1750 bad_type_msg, "arraylength");
1751 }
1752 current_frame.push_stack(
1753 VerificationType::integer_type(), CHECK_VERIFY(this));
1754 no_control_flow = false; break;
1755 case Bytecodes::_checkcast :
1756 {
1757 u2 index = bcs.get_index_u2();
1758 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1759 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1760 VerificationType klass_type = cp_index_to_type(
1761 index, cp, CHECK_VERIFY(this));
1762 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1763 no_control_flow = false; break;
1764 }
1765 case Bytecodes::_instanceof : {
1766 u2 index = bcs.get_index_u2();
1767 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1768 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1769 current_frame.push_stack(
1770 VerificationType::integer_type(), CHECK_VERIFY(this));
1771 no_control_flow = false; break;
1772 }
1773 case Bytecodes::_monitorenter :
1774 case Bytecodes::_monitorexit :
1775 current_frame.pop_stack(
1776 VerificationType::reference_check(), CHECK_VERIFY(this));
1777 no_control_flow = false; break;
1778 case Bytecodes::_multianewarray :
1779 {
1780 u2 index = bcs.get_index_u2();
1781 u2 dim = *(bcs.bcp()+3);
1782 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1783 VerificationType new_array_type =
1784 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1785 if (!new_array_type.is_array()) {
1786 verify_error(ErrorContext::bad_type(bci,
1787 TypeOrigin::cp(index, new_array_type)),
1788 "Illegal constant pool index in multianewarray instruction");
1789 return;
1790 }
1791 if (dim < 1 || new_array_type.dimensions() < dim) {
1792 verify_error(ErrorContext::bad_code(bci),
1793 "Illegal dimension in multianewarray instruction: %d", dim);
1794 return;
1795 }
1796 for (int i = 0; i < dim; i++) {
1797 current_frame.pop_stack(
1798 VerificationType::integer_type(), CHECK_VERIFY(this));
1799 }
1800 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1801 no_control_flow = false; break;
1802 }
1803 case Bytecodes::_athrow :
1804 type = VerificationType::reference_type(
1805 vmSymbols::java_lang_Throwable());
1806 current_frame.pop_stack(type, CHECK_VERIFY(this));
1807 no_control_flow = true; break;
1808 default:
1809 // We only need to check the valid bytecodes in class file.
1810 // And jsr and ret are not in the new class file format in JDK1.6.
1811 verify_error(ErrorContext::bad_code(bci),
1812 "Bad instruction: %02x", opcode);
1813 no_control_flow = false;
1814 return;
1815 } // end switch
1816 } // end Merge with the next instruction
1817
1818 // Look for possible jump target in exception handlers and see if it matches
1819 // current_frame. Don't do this check if it has already been done (for
1820 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1821 // opcodes, such as invokespecial, may set the this_uninit flag.
1822 assert(!(verified_exc_handlers && this_uninit),
1823 "Exception handler targets got verified before this_uninit got set");
1824 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1825 if (was_recursively_verified()) return;
1826 verify_exception_handler_targets(
1827 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1828 }
1829 } // end while
1830
1831 // Make sure that control flow does not fall through end of the method
1832 if (!no_control_flow) {
1833 verify_error(ErrorContext::bad_code(code_length),
1834 "Control flow falls through code end");
1835 return;
1836 }
1837 }
1838
1839 #undef bad_type_message
1840
1841 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1842 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1843 memset(code_data, 0, sizeof(char) * code_length);
1844 RawBytecodeStream bcs(m);
1845
1846 while (!bcs.is_last_bytecode()) {
1847 if (bcs.raw_next() != Bytecodes::_illegal) {
1848 int bci = bcs.bci();
1849 if (bcs.raw_code() == Bytecodes::_new) {
1850 code_data[bci] = NEW_OFFSET;
1851 } else {
1852 code_data[bci] = BYTECODE_OFFSET;
1853 }
1854 } else {
1855 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1856 return nullptr;
1857 }
1858 }
1859
1860 return code_data;
1861 }
1862
1863 // Since this method references the constant pool, call was_recursively_verified()
1864 // before calling this method to make sure a prior class load did not cause the
1865 // current class to get verified.
1866 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1867 ExceptionTable exhandlers(_method());
1868 int exlength = exhandlers.length();
1869 constantPoolHandle cp (THREAD, _method->constants());
1870
1871 for(int i = 0; i < exlength; i++) {
1872 u2 start_pc = exhandlers.start_pc(i);
1873 u2 end_pc = exhandlers.end_pc(i);
1874 u2 handler_pc = exhandlers.handler_pc(i);
1875 if (start_pc >= code_length || code_data[start_pc] == 0) {
1876 class_format_error("Illegal exception table start_pc %d", start_pc);
1877 return;
1878 }
1879 if (end_pc != code_length) { // special case: end_pc == code_length
1880 if (end_pc > code_length || code_data[end_pc] == 0) {
1881 class_format_error("Illegal exception table end_pc %d", end_pc);
1882 return;
1883 }
1884 }
1885 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1886 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1887 return;
1888 }
1889 u2 catch_type_index = exhandlers.catch_type_index(i);
1890 if (catch_type_index != 0) {
1891 VerificationType catch_type = cp_index_to_type(
1892 catch_type_index, cp, CHECK_VERIFY(this));
1893 VerificationType throwable =
1894 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1895 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1896 // do that, and we need to avoid a runtime resolution in case we are trying to
1897 // catch OutOfMemoryError.
1898 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1899 cp->klass_at(catch_type_index, CHECK);
1900 }
1901 bool is_subclass = throwable.is_assignable_from(
1902 catch_type, this, false, CHECK_VERIFY(this));
1903 if (!is_subclass) {
1904 // 4286534: should throw VerifyError according to recent spec change
1905 verify_error(ErrorContext::bad_type(handler_pc,
1906 TypeOrigin::cp(catch_type_index, catch_type),
1907 TypeOrigin::implicit(throwable)),
1908 "Catch type is not a subclass "
1909 "of Throwable in exception handler %d", handler_pc);
1910 return;
1911 }
1912 }
1913 if (start_pc < min) min = start_pc;
1914 if (end_pc > max) max = end_pc;
1915 }
1916 }
1917
1918 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1919 int localvariable_table_length = _method->localvariable_table_length();
1920 if (localvariable_table_length > 0) {
1921 LocalVariableTableElement* table = _method->localvariable_table_start();
1922 for (int i = 0; i < localvariable_table_length; i++) {
1923 u2 start_bci = table[i].start_bci;
1924 u2 length = table[i].length;
1925
1926 if (start_bci >= code_length || code_data[start_bci] == 0) {
1927 class_format_error(
1928 "Illegal local variable table start_pc %d", start_bci);
1929 return;
1930 }
1931 u4 end_bci = (u4)(start_bci + length);
1932 if (end_bci != code_length) {
1933 if (end_bci >= code_length || code_data[end_bci] == 0) {
1934 class_format_error( "Illegal local variable table length %d", length);
1935 return;
1936 }
1937 }
1938 }
1939 }
1940 }
1941
1942 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1943 StackMapFrame* current_frame,
1944 StackMapTable* stackmap_table,
1945 bool no_control_flow, TRAPS) {
1946 if (stackmap_index < stackmap_table->get_frame_count()) {
1947 int this_offset = stackmap_table->get_offset(stackmap_index);
1948 if (no_control_flow && this_offset > bci) {
1949 verify_error(ErrorContext::missing_stackmap(bci),
1950 "Expecting a stack map frame");
1951 return 0;
1952 }
1953 if (this_offset == bci) {
1954 ErrorContext ctx;
1955 // See if current stack map can be assigned to the frame in table.
1956 // current_frame is the stackmap frame got from the last instruction.
1957 // If matched, current_frame will be updated by this method.
1958 bool matches = stackmap_table->match_stackmap(
1959 current_frame, this_offset, stackmap_index,
1960 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1961 if (!matches) {
1962 // report type error
1963 verify_error(ctx, "Instruction type does not match stack map");
1964 return 0;
1965 }
1966 stackmap_index++;
1967 } else if (this_offset < bci) {
1968 // current_offset should have met this_offset.
1969 class_format_error("Bad stack map offset %d", this_offset);
1970 return 0;
1971 }
1972 } else if (no_control_flow) {
1973 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1974 return 0;
1975 }
1976 return stackmap_index;
1977 }
1978
1979 // Since this method references the constant pool, call was_recursively_verified()
1980 // before calling this method to make sure a prior class load did not cause the
1981 // current class to get verified.
1982 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1983 StackMapFrame* current_frame,
1984 StackMapTable* stackmap_table, TRAPS) {
1985 constantPoolHandle cp (THREAD, _method->constants());
1986 ExceptionTable exhandlers(_method());
1987 int exlength = exhandlers.length();
1988 for(int i = 0; i < exlength; i++) {
1989 u2 start_pc = exhandlers.start_pc(i);
1990 u2 end_pc = exhandlers.end_pc(i);
1991 u2 handler_pc = exhandlers.handler_pc(i);
1992 int catch_type_index = exhandlers.catch_type_index(i);
1993 if(bci >= start_pc && bci < end_pc) {
1994 u1 flags = current_frame->flags();
1995 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1996 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1997 if (catch_type_index != 0) {
1998 if (was_recursively_verified()) return;
1999 // We know that this index refers to a subclass of Throwable
2000 VerificationType catch_type = cp_index_to_type(
2001 catch_type_index, cp, CHECK_VERIFY(this));
2002 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2003 } else {
2004 VerificationType throwable =
2005 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2006 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2007 }
2008 ErrorContext ctx;
2009 bool matches = stackmap_table->match_stackmap(
2010 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2011 if (!matches) {
2012 verify_error(ctx, "Stack map does not match the one at "
2013 "exception handler %d", handler_pc);
2014 return;
2015 }
2016 }
2017 }
2018 }
2019
2020 void ClassVerifier::verify_cp_index(
2021 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2022 int nconstants = cp->length();
2023 if ((index <= 0) || (index >= nconstants)) {
2024 verify_error(ErrorContext::bad_cp_index(bci, index),
2025 "Illegal constant pool index %d in class %s",
2026 index, cp->pool_holder()->external_name());
2027 return;
2028 }
2029 }
2030
2031 void ClassVerifier::verify_cp_type(
2032 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2033
2034 // In some situations, bytecode rewriting may occur while we're verifying.
2035 // In this case, a constant pool cache exists and some indices refer to that
2036 // instead. Be sure we don't pick up such indices by accident.
2037 // We must check was_recursively_verified() before we get here.
2038 guarantee(cp->cache() == nullptr, "not rewritten yet");
2039
2040 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2041 unsigned int tag = cp->tag_at(index).value();
2042 if ((types & (1 << tag)) == 0) {
2043 verify_error(ErrorContext::bad_cp_index(bci, index),
2044 "Illegal type at constant pool entry %d in class %s",
2045 index, cp->pool_holder()->external_name());
2046 return;
2047 }
2048 }
2049
2050 void ClassVerifier::verify_cp_class_type(
2051 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2052 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2053 constantTag tag = cp->tag_at(index);
2054 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2055 verify_error(ErrorContext::bad_cp_index(bci, index),
2056 "Illegal type at constant pool entry %d in class %s",
2057 index, cp->pool_holder()->external_name());
2058 return;
2059 }
2060 }
2061
2062 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2063 stringStream ss;
2064
2065 ctx.reset_frames();
2066 _exception_type = vmSymbols::java_lang_VerifyError();
2067 _error_context = ctx;
2068 va_list va;
2069 va_start(va, msg);
2070 ss.vprint(msg, va);
2071 va_end(va);
2072 _message = ss.as_string();
2073 #ifdef ASSERT
2074 ResourceMark rm;
2075 const char* exception_name = _exception_type->as_C_string();
2076 Exceptions::debug_check_abort(exception_name, nullptr);
2077 #endif // ndef ASSERT
2078 }
2079
2080 void ClassVerifier::class_format_error(const char* msg, ...) {
2081 stringStream ss;
2082 _exception_type = vmSymbols::java_lang_ClassFormatError();
2083 va_list va;
2084 va_start(va, msg);
2085 ss.vprint(msg, va);
2086 va_end(va);
2087 if (!_method.is_null()) {
2088 ss.print(" in method '");
2089 _method->print_external_name(&ss);
2090 ss.print("'");
2091 }
2092 _message = ss.as_string();
2093 }
2094
2095 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2096 HandleMark hm(THREAD);
2097 // Get current loader and protection domain first.
2098 oop loader = current_class()->class_loader();
2099 oop protection_domain = current_class()->protection_domain();
2100
2101 assert(name_in_supers(name, current_class()), "name should be a super class");
2102
2103 Klass* kls = SystemDictionary::resolve_or_fail(
2104 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2105 true, THREAD);
2106
2107 if (kls != nullptr) {
2108 if (log_is_enabled(Debug, class, resolve)) {
2109 Verifier::trace_class_resolution(kls, current_class());
2110 }
2111 }
2112 return kls;
2113 }
2114
2115 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2116 Klass* target_class,
2117 Symbol* field_name,
2118 Symbol* field_sig,
2119 bool is_method) {
2120 NoSafepointVerifier nosafepoint;
2121
2122 // If target class isn't a super class of this class, we don't worry about this case
2123 if (!this_class->is_subclass_of(target_class)) {
2124 return false;
2125 }
2126 // Check if the specified method or field is protected
2127 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2128 fieldDescriptor fd;
2129 if (is_method) {
2130 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2131 if (m != nullptr && m->is_protected()) {
2132 if (!this_class->is_same_class_package(m->method_holder())) {
2133 return true;
2134 }
2135 }
2136 } else {
2137 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2138 if (member_klass != nullptr && fd.is_protected()) {
2139 if (!this_class->is_same_class_package(member_klass)) {
2140 return true;
2141 }
2142 }
2143 }
2144 return false;
2145 }
2146
2147 void ClassVerifier::verify_ldc(
2148 int opcode, u2 index, StackMapFrame* current_frame,
2149 const constantPoolHandle& cp, int bci, TRAPS) {
2150 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2151 constantTag tag = cp->tag_at(index);
2152 unsigned int types = 0;
2153 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2154 if (!tag.is_unresolved_klass()) {
2155 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2156 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2157 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2158 | (1 << JVM_CONSTANT_Dynamic);
2159 // Note: The class file parser already verified the legality of
2160 // MethodHandle and MethodType constants.
2161 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2162 }
2163 } else {
2164 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2165 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2166 | (1 << JVM_CONSTANT_Dynamic);
2167 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2168 }
2169 if (tag.is_string()) {
2170 current_frame->push_stack(
2171 VerificationType::reference_type(
2172 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2173 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2174 current_frame->push_stack(
2175 VerificationType::reference_type(
2176 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2177 } else if (tag.is_int()) {
2178 current_frame->push_stack(
2179 VerificationType::integer_type(), CHECK_VERIFY(this));
2180 } else if (tag.is_float()) {
2181 current_frame->push_stack(
2182 VerificationType::float_type(), CHECK_VERIFY(this));
2183 } else if (tag.is_double()) {
2184 current_frame->push_stack_2(
2185 VerificationType::double_type(),
2186 VerificationType::double2_type(), CHECK_VERIFY(this));
2187 } else if (tag.is_long()) {
2188 current_frame->push_stack_2(
2189 VerificationType::long_type(),
2190 VerificationType::long2_type(), CHECK_VERIFY(this));
2191 } else if (tag.is_method_handle()) {
2192 current_frame->push_stack(
2193 VerificationType::reference_type(
2194 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2195 } else if (tag.is_method_type()) {
2196 current_frame->push_stack(
2197 VerificationType::reference_type(
2198 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2199 } else if (tag.is_dynamic_constant()) {
2200 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2201 // Field signature was checked in ClassFileParser.
2202 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2203 "Invalid type for dynamic constant");
2204 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2205 "buffer type must match VerificationType size");
2206 uintptr_t constant_type_buffer[2];
2207 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2208 SignatureStream sig_stream(constant_type, false);
2209 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2210 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2211 if (n != opcode_n) {
2212 // wrong kind of ldc; reverify against updated type mask
2213 types &= ~(1 << JVM_CONSTANT_Dynamic);
2214 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2215 }
2216 for (int i = 0; i < n; i++) {
2217 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2218 }
2219 } else {
2220 /* Unreachable? verify_cp_type has already validated the cp type. */
2221 verify_error(
2222 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2223 return;
2224 }
2225 }
2226
2227 void ClassVerifier::verify_switch(
2228 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2229 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2230 int bci = bcs->bci();
2231 address bcp = bcs->bcp();
2232 address aligned_bcp = align_up(bcp + 1, jintSize);
2233
2234 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2235 // 4639449 & 4647081: padding bytes must be 0
2236 u2 padding_offset = 1;
2237 while ((bcp + padding_offset) < aligned_bcp) {
2238 if(*(bcp + padding_offset) != 0) {
2239 verify_error(ErrorContext::bad_code(bci),
2240 "Nonzero padding byte in lookupswitch or tableswitch");
2241 return;
2242 }
2243 padding_offset++;
2244 }
2245 }
2246
2247 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2248 int keys, delta;
2249 current_frame->pop_stack(
2250 VerificationType::integer_type(), CHECK_VERIFY(this));
2251 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2252 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2253 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2254 if (low > high) {
2255 verify_error(ErrorContext::bad_code(bci),
2256 "low must be less than or equal to high in tableswitch");
2257 return;
2258 }
2259 keys = high - low + 1;
2260 if (keys < 0) {
2261 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2262 return;
2263 }
2264 delta = 1;
2265 } else {
2266 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2267 if (keys < 0) {
2268 verify_error(ErrorContext::bad_code(bci),
2269 "number of keys in lookupswitch less than 0");
2270 return;
2271 }
2272 delta = 2;
2273 // Make sure that the lookupswitch items are sorted
2274 for (int i = 0; i < (keys - 1); i++) {
2275 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2276 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2277 if (this_key >= next_key) {
2278 verify_error(ErrorContext::bad_code(bci),
2279 "Bad lookupswitch instruction");
2280 return;
2281 }
2282 }
2283 }
2284 int target = bci + default_offset;
2285 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2286 for (int i = 0; i < keys; i++) {
2287 // Because check_jump_target() may safepoint, the bytecode could have
2288 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2289 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2290 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2291 stackmap_table->check_jump_target(
2292 current_frame, target, CHECK_VERIFY(this));
2293 }
2294 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2295 }
2296
2297 bool ClassVerifier::name_in_supers(
2298 Symbol* ref_name, InstanceKlass* current) {
2299 Klass* super = current->super();
2300 while (super != nullptr) {
2301 if (super->name() == ref_name) {
2302 return true;
2303 }
2304 super = super->super();
2305 }
2306 return false;
2307 }
2308
2309 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2310 StackMapFrame* current_frame,
2311 const constantPoolHandle& cp,
2312 bool allow_arrays,
2313 TRAPS) {
2314 u2 index = bcs->get_index_u2();
2315 verify_cp_type(bcs->bci(), index, cp,
2316 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2317
2318 // Get field name and signature
2319 Symbol* field_name = cp->uncached_name_ref_at(index);
2320 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2321 bool is_getfield = false;
2322
2323 // Field signature was checked in ClassFileParser.
2324 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2325 "Invalid field signature");
2326
2327 // Get referenced class type
2328 VerificationType ref_class_type = cp_ref_index_to_type(
2329 index, cp, CHECK_VERIFY(this));
2330 if (!ref_class_type.is_object() &&
2331 (!allow_arrays || !ref_class_type.is_array())) {
2332 verify_error(ErrorContext::bad_type(bcs->bci(),
2333 TypeOrigin::cp(index, ref_class_type)),
2334 "Expecting reference to class in class %s at constant pool index %d",
2335 _klass->external_name(), index);
2336 return;
2337 }
2338 VerificationType target_class_type = ref_class_type;
2339
2340 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2341 "buffer type must match VerificationType size");
2342 uintptr_t field_type_buffer[2];
2343 VerificationType* field_type = (VerificationType*)field_type_buffer;
2344 // If we make a VerificationType[2] array directly, the compiler calls
2345 // to the c-runtime library to do the allocation instead of just
2346 // stack allocating it. Plus it would run constructors. This shows up
2347 // in performance profiles.
2348
2349 SignatureStream sig_stream(field_sig, false);
2350 VerificationType stack_object_type;
2351 int n = change_sig_to_verificationType(&sig_stream, field_type);
2352 int bci = bcs->bci();
2353 bool is_assignable;
2354 switch (bcs->raw_code()) {
2355 case Bytecodes::_getstatic: {
2356 for (int i = 0; i < n; i++) {
2357 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2358 }
2359 break;
2360 }
2361 case Bytecodes::_putstatic: {
2362 for (int i = n - 1; i >= 0; i--) {
2363 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2364 }
2365 break;
2366 }
2367 case Bytecodes::_getfield: {
2368 is_getfield = true;
2369 stack_object_type = current_frame->pop_stack(
2370 target_class_type, CHECK_VERIFY(this));
2371 goto check_protected;
2372 }
2373 case Bytecodes::_putfield: {
2374 for (int i = n - 1; i >= 0; i--) {
2375 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2376 }
2377 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2378
2379 // The JVMS 2nd edition allows field initialization before the superclass
2380 // initializer, if the field is defined within the current class.
2381 fieldDescriptor fd;
2382 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2383 target_class_type.equals(current_type()) &&
2384 _klass->find_local_field(field_name, field_sig, &fd)) {
2385 stack_object_type = current_type();
2386 }
2387 is_assignable = target_class_type.is_assignable_from(
2388 stack_object_type, this, false, CHECK_VERIFY(this));
2389 if (!is_assignable) {
2390 verify_error(ErrorContext::bad_type(bci,
2391 current_frame->stack_top_ctx(),
2392 TypeOrigin::cp(index, target_class_type)),
2393 "Bad type on operand stack in putfield");
2394 return;
2395 }
2396 }
2397 check_protected: {
2398 if (_this_type == stack_object_type)
2399 break; // stack_object_type must be assignable to _current_class_type
2400 if (was_recursively_verified()) {
2401 if (is_getfield) {
2402 // Push field type for getfield.
2403 for (int i = 0; i < n; i++) {
2404 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2405 }
2406 }
2407 return;
2408 }
2409 Symbol* ref_class_name =
2410 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2411 if (!name_in_supers(ref_class_name, current_class()))
2412 // stack_object_type must be assignable to _current_class_type since:
2413 // 1. stack_object_type must be assignable to ref_class.
2414 // 2. ref_class must be _current_class or a subclass of it. It can't
2415 // be a superclass of it. See revised JVMS 5.4.4.
2416 break;
2417
2418 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2419 if (is_protected_access(current_class(), ref_class_oop, field_name,
2420 field_sig, false)) {
2421 // It's protected access, check if stack object is assignable to
2422 // current class.
2423 is_assignable = current_type().is_assignable_from(
2424 stack_object_type, this, true, CHECK_VERIFY(this));
2425 if (!is_assignable) {
2426 verify_error(ErrorContext::bad_type(bci,
2427 current_frame->stack_top_ctx(),
2428 TypeOrigin::implicit(current_type())),
2429 "Bad access to protected data in %s",
2430 is_getfield ? "getfield" : "putfield");
2431 return;
2432 }
2433 }
2434 break;
2435 }
2436 default: ShouldNotReachHere();
2437 }
2438 if (is_getfield) {
2439 // Push field type for getfield after doing protection check.
2440 for (int i = 0; i < n; i++) {
2441 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2442 }
2443 }
2444 }
2445
2446 // Look at the method's handlers. If the bci is in the handler's try block
2447 // then check if the handler_pc is already on the stack. If not, push it
2448 // unless the handler has already been scanned.
2449 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2450 GrowableArray<u4>* handler_list,
2451 GrowableArray<u4>* handler_stack,
2452 u4 bci) {
2453 int exlength = exhandlers->length();
2454 for(int x = 0; x < exlength; x++) {
2455 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2456 u4 exhandler_pc = exhandlers->handler_pc(x);
2457 if (!handler_list->contains(exhandler_pc)) {
2458 handler_stack->append_if_missing(exhandler_pc);
2459 handler_list->append(exhandler_pc);
2460 }
2461 }
2462 }
2463 }
2464
2465 // Return TRUE if all code paths starting with start_bc_offset end in
2466 // bytecode athrow or loop.
2467 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2468 ResourceMark rm;
2469 // Create bytecode stream.
2470 RawBytecodeStream bcs(method());
2471 int code_length = method()->code_size();
2472 bcs.set_start(start_bc_offset);
2473
2474 // Create stack for storing bytecode start offsets for if* and *switch.
2475 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2476 // Create stack for handlers for try blocks containing this handler.
2477 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2478 // Create list of handlers that have been pushed onto the handler_stack
2479 // so that handlers embedded inside of their own TRY blocks only get
2480 // scanned once.
2481 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2482 // Create list of visited branch opcodes (goto* and if*).
2483 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2484 ExceptionTable exhandlers(_method());
2485
2486 while (true) {
2487 if (bcs.is_last_bytecode()) {
2488 // if no more starting offsets to parse or if at the end of the
2489 // method then return false.
2490 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2491 return false;
2492 // Pop a bytecode starting offset and scan from there.
2493 bcs.set_start(bci_stack->pop());
2494 }
2495 Bytecodes::Code opcode = bcs.raw_next();
2496 int bci = bcs.bci();
2497
2498 // If the bytecode is in a TRY block, push its handlers so they
2499 // will get parsed.
2500 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2501
2502 switch (opcode) {
2503 case Bytecodes::_if_icmpeq:
2504 case Bytecodes::_if_icmpne:
2505 case Bytecodes::_if_icmplt:
2506 case Bytecodes::_if_icmpge:
2507 case Bytecodes::_if_icmpgt:
2508 case Bytecodes::_if_icmple:
2509 case Bytecodes::_ifeq:
2510 case Bytecodes::_ifne:
2511 case Bytecodes::_iflt:
2512 case Bytecodes::_ifge:
2513 case Bytecodes::_ifgt:
2514 case Bytecodes::_ifle:
2515 case Bytecodes::_if_acmpeq:
2516 case Bytecodes::_if_acmpne:
2517 case Bytecodes::_ifnull:
2518 case Bytecodes::_ifnonnull: {
2519 int target = bcs.dest();
2520 if (visited_branches->contains(bci)) {
2521 if (bci_stack->is_empty()) {
2522 if (handler_stack->is_empty()) {
2523 return true;
2524 } else {
2525 // Parse the catch handlers for try blocks containing athrow.
2526 bcs.set_start(handler_stack->pop());
2527 }
2528 } else {
2529 // Pop a bytecode starting offset and scan from there.
2530 bcs.set_start(bci_stack->pop());
2531 }
2532 } else {
2533 if (target > bci) { // forward branch
2534 if (target >= code_length) return false;
2535 // Push the branch target onto the stack.
2536 bci_stack->push(target);
2537 // then, scan bytecodes starting with next.
2538 bcs.set_start(bcs.next_bci());
2539 } else { // backward branch
2540 // Push bytecode offset following backward branch onto the stack.
2541 bci_stack->push(bcs.next_bci());
2542 // Check bytecodes starting with branch target.
2543 bcs.set_start(target);
2544 }
2545 // Record target so we don't branch here again.
2546 visited_branches->append(bci);
2547 }
2548 break;
2549 }
2550
2551 case Bytecodes::_goto:
2552 case Bytecodes::_goto_w: {
2553 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2554 if (visited_branches->contains(bci)) {
2555 if (bci_stack->is_empty()) {
2556 if (handler_stack->is_empty()) {
2557 return true;
2558 } else {
2559 // Parse the catch handlers for try blocks containing athrow.
2560 bcs.set_start(handler_stack->pop());
2561 }
2562 } else {
2563 // Been here before, pop new starting offset from stack.
2564 bcs.set_start(bci_stack->pop());
2565 }
2566 } else {
2567 if (target >= code_length) return false;
2568 // Continue scanning from the target onward.
2569 bcs.set_start(target);
2570 // Record target so we don't branch here again.
2571 visited_branches->append(bci);
2572 }
2573 break;
2574 }
2575
2576 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2577 // is difficult to determine where each switch alternative ends, parse
2578 // each switch alternative until either hit a 'return', 'athrow', or reach
2579 // the end of the method's bytecodes. This is gross but should be okay
2580 // because:
2581 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2582 // constructor invocations should be rare.
2583 // 2. if each switch alternative ends in an athrow then the parsing should be
2584 // short. If there is no athrow then it is bogus code, anyway.
2585 case Bytecodes::_lookupswitch:
2586 case Bytecodes::_tableswitch:
2587 {
2588 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2589 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2590 int keys, delta;
2591 if (opcode == Bytecodes::_tableswitch) {
2592 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2593 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2594 // This is invalid, but let the regular bytecode verifier
2595 // report this because the user will get a better error message.
2596 if (low > high) return true;
2597 keys = high - low + 1;
2598 delta = 1;
2599 } else {
2600 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2601 delta = 2;
2602 }
2603 // Invalid, let the regular bytecode verifier deal with it.
2604 if (keys < 0) return true;
2605
2606 // Push the offset of the next bytecode onto the stack.
2607 bci_stack->push(bcs.next_bci());
2608
2609 // Push the switch alternatives onto the stack.
2610 for (int i = 0; i < keys; i++) {
2611 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2612 if (target > code_length) return false;
2613 bci_stack->push(target);
2614 }
2615
2616 // Start bytecode parsing for the switch at the default alternative.
2617 if (default_offset > code_length) return false;
2618 bcs.set_start(default_offset);
2619 break;
2620 }
2621
2622 case Bytecodes::_return:
2623 return false;
2624
2625 case Bytecodes::_athrow:
2626 {
2627 if (bci_stack->is_empty()) {
2628 if (handler_stack->is_empty()) {
2629 return true;
2630 } else {
2631 // Parse the catch handlers for try blocks containing athrow.
2632 bcs.set_start(handler_stack->pop());
2633 }
2634 } else {
2635 // Pop a bytecode offset and starting scanning from there.
2636 bcs.set_start(bci_stack->pop());
2637 }
2638 }
2639 break;
2640
2641 default:
2642 ;
2643 } // end switch
2644 } // end while loop
2645
2646 return false;
2647 }
2648
2649 void ClassVerifier::verify_invoke_init(
2650 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2651 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2652 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2653 TRAPS) {
2654 int bci = bcs->bci();
2655 VerificationType type = current_frame->pop_stack(
2656 VerificationType::reference_check(), CHECK_VERIFY(this));
2657 if (type == VerificationType::uninitialized_this_type()) {
2658 // The method must be an <init> method of this class or its superclass
2659 Klass* superk = current_class()->super();
2660 if (ref_class_type.name() != current_class()->name() &&
2661 ref_class_type.name() != superk->name()) {
2662 verify_error(ErrorContext::bad_type(bci,
2663 TypeOrigin::implicit(ref_class_type),
2664 TypeOrigin::implicit(current_type())),
2665 "Bad <init> method call");
2666 return;
2667 }
2668
2669 // If this invokespecial call is done from inside of a TRY block then make
2670 // sure that all catch clause paths end in a throw. Otherwise, this can
2671 // result in returning an incomplete object.
2672 if (in_try_block) {
2673 ExceptionTable exhandlers(_method());
2674 int exlength = exhandlers.length();
2675 for(int i = 0; i < exlength; i++) {
2676 u2 start_pc = exhandlers.start_pc(i);
2677 u2 end_pc = exhandlers.end_pc(i);
2678
2679 if (bci >= start_pc && bci < end_pc) {
2680 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2681 verify_error(ErrorContext::bad_code(bci),
2682 "Bad <init> method call from after the start of a try block");
2683 return;
2684 } else if (log_is_enabled(Debug, verification)) {
2685 ResourceMark rm(THREAD);
2686 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2687 current_class()->name()->as_C_string());
2688 }
2689 }
2690 }
2691
2692 // Check the exception handler target stackmaps with the locals from the
2693 // incoming stackmap (before initialize_object() changes them to outgoing
2694 // state).
2695 if (was_recursively_verified()) return;
2696 verify_exception_handler_targets(bci, true, current_frame,
2697 stackmap_table, CHECK_VERIFY(this));
2698 } // in_try_block
2699
2700 current_frame->initialize_object(type, current_type());
2701 *this_uninit = true;
2702 } else if (type.is_uninitialized()) {
2703 u2 new_offset = type.bci();
2704 address new_bcp = bcs->bcp() - bci + new_offset;
2705 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2706 /* Unreachable? Stack map parsing ensures valid type and new
2707 * instructions have a valid BCI. */
2708 verify_error(ErrorContext::bad_code(new_offset),
2709 "Expecting new instruction");
2710 return;
2711 }
2712 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2713 if (was_recursively_verified()) return;
2714 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2715
2716 // The method must be an <init> method of the indicated class
2717 VerificationType new_class_type = cp_index_to_type(
2718 new_class_index, cp, CHECK_VERIFY(this));
2719 if (!new_class_type.equals(ref_class_type)) {
2720 verify_error(ErrorContext::bad_type(bci,
2721 TypeOrigin::cp(new_class_index, new_class_type),
2722 TypeOrigin::cp(ref_class_index, ref_class_type)),
2723 "Call to wrong <init> method");
2724 return;
2725 }
2726 // According to the VM spec, if the referent class is a superclass of the
2727 // current class, and is in a different runtime package, and the method is
2728 // protected, then the objectref must be the current class or a subclass
2729 // of the current class.
2730 VerificationType objectref_type = new_class_type;
2731 if (name_in_supers(ref_class_type.name(), current_class())) {
2732 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2733 if (was_recursively_verified()) return;
2734 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2735 vmSymbols::object_initializer_name(),
2736 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2737 Klass::OverpassLookupMode::find);
2738 // Do nothing if method is not found. Let resolution detect the error.
2739 if (m != nullptr) {
2740 InstanceKlass* mh = m->method_holder();
2741 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2742 bool assignable = current_type().is_assignable_from(
2743 objectref_type, this, true, CHECK_VERIFY(this));
2744 if (!assignable) {
2745 verify_error(ErrorContext::bad_type(bci,
2746 TypeOrigin::cp(new_class_index, objectref_type),
2747 TypeOrigin::implicit(current_type())),
2748 "Bad access to protected <init> method");
2749 return;
2750 }
2751 }
2752 }
2753 }
2754 // Check the exception handler target stackmaps with the locals from the
2755 // incoming stackmap (before initialize_object() changes them to outgoing
2756 // state).
2757 if (in_try_block) {
2758 if (was_recursively_verified()) return;
2759 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2760 stackmap_table, CHECK_VERIFY(this));
2761 }
2762 current_frame->initialize_object(type, new_class_type);
2763 } else {
2764 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2765 "Bad operand type when invoking <init>");
2766 return;
2767 }
2768 }
2769
2770 bool ClassVerifier::is_same_or_direct_interface(
2771 InstanceKlass* klass,
2772 VerificationType klass_type,
2773 VerificationType ref_class_type) {
2774 if (ref_class_type.equals(klass_type)) return true;
2775 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2776 if (local_interfaces != nullptr) {
2777 for (int x = 0; x < local_interfaces->length(); x++) {
2778 InstanceKlass* k = local_interfaces->at(x);
2779 assert (k != nullptr && k->is_interface(), "invalid interface");
2780 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2781 return true;
2782 }
2783 }
2784 }
2785 return false;
2786 }
2787
2788 void ClassVerifier::verify_invoke_instructions(
2789 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2790 bool in_try_block, bool *this_uninit, VerificationType return_type,
2791 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2792 // Make sure the constant pool item is the right type
2793 u2 index = bcs->get_index_u2();
2794 Bytecodes::Code opcode = bcs->raw_code();
2795 unsigned int types = 0;
2796 switch (opcode) {
2797 case Bytecodes::_invokeinterface:
2798 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2799 break;
2800 case Bytecodes::_invokedynamic:
2801 types = 1 << JVM_CONSTANT_InvokeDynamic;
2802 break;
2803 case Bytecodes::_invokespecial:
2804 case Bytecodes::_invokestatic:
2805 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2806 (1 << JVM_CONSTANT_Methodref) :
2807 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2808 break;
2809 default:
2810 types = 1 << JVM_CONSTANT_Methodref;
2811 }
2812 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2813
2814 // Get method name and signature
2815 Symbol* method_name = cp->uncached_name_ref_at(index);
2816 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2817
2818 // Method signature was checked in ClassFileParser.
2819 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2820 "Invalid method signature");
2821
2822 // Get referenced class type
2823 VerificationType ref_class_type;
2824 if (opcode == Bytecodes::_invokedynamic) {
2825 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2826 class_format_error(
2827 "invokedynamic instructions not supported by this class file version (%d), class %s",
2828 _klass->major_version(), _klass->external_name());
2829 return;
2830 }
2831 } else {
2832 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2833 }
2834
2835 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2836 "buffer type must match VerificationType size");
2837
2838 // Get the UTF8 index for this signature.
2839 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2840
2841 // Get the signature's verification types.
2842 sig_as_verification_types* mth_sig_verif_types;
2843 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2844 if (mth_sig_verif_types_ptr != nullptr) {
2845 // Found the entry for the signature's verification types in the hash table.
2846 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2847 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2848 } else {
2849 // Not found, add the entry to the table.
2850 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2851 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2852 create_method_sig_entry(mth_sig_verif_types, sig_index);
2853 }
2854
2855 // Get the number of arguments for this signature.
2856 int nargs = mth_sig_verif_types->num_args();
2857
2858 // Check instruction operands
2859 int bci = bcs->bci();
2860 if (opcode == Bytecodes::_invokeinterface) {
2861 address bcp = bcs->bcp();
2862 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2863 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2864 // the difference between the size of the operand stack before and after the instruction
2865 // executes.
2866 if (*(bcp+3) != (nargs+1)) {
2867 verify_error(ErrorContext::bad_code(bci),
2868 "Inconsistent args count operand in invokeinterface");
2869 return;
2870 }
2871 if (*(bcp+4) != 0) {
2872 verify_error(ErrorContext::bad_code(bci),
2873 "Fourth operand byte of invokeinterface must be zero");
2874 return;
2875 }
2876 }
2877
2878 if (opcode == Bytecodes::_invokedynamic) {
2879 address bcp = bcs->bcp();
2880 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2881 verify_error(ErrorContext::bad_code(bci),
2882 "Third and fourth operand bytes of invokedynamic must be zero");
2883 return;
2884 }
2885 }
2886
2887 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2888 // Make sure <init> can only be invoked by invokespecial
2889 if (opcode != Bytecodes::_invokespecial ||
2890 method_name != vmSymbols::object_initializer_name()) {
2891 verify_error(ErrorContext::bad_code(bci),
2892 "Illegal call to internal method");
2893 return;
2894 }
2895 } else if (opcode == Bytecodes::_invokespecial
2896 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2897 && !ref_class_type.equals(VerificationType::reference_type(
2898 current_class()->super()->name()))) {
2899 bool subtype = false;
2900 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2901 subtype = ref_class_type.is_assignable_from(
2902 current_type(), this, false, CHECK_VERIFY(this));
2903 if (!subtype) {
2904 verify_error(ErrorContext::bad_code(bci),
2905 "Bad invokespecial instruction: "
2906 "current class isn't assignable to reference class.");
2907 return;
2908 } else if (have_imr_indirect) {
2909 verify_error(ErrorContext::bad_code(bci),
2910 "Bad invokespecial instruction: "
2911 "interface method reference is in an indirect superinterface.");
2912 return;
2913 }
2914
2915 }
2916
2917 // Get the verification types for the method's arguments.
2918 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2919 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2920 // Match method descriptor with operand stack
2921 // The arguments are on the stack in descending order.
2922 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2923 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2924 }
2925
2926 // Check objectref on operand stack
2927 if (opcode != Bytecodes::_invokestatic &&
2928 opcode != Bytecodes::_invokedynamic) {
2929 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2930 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2931 code_length, in_try_block, this_uninit, cp, stackmap_table,
2932 CHECK_VERIFY(this));
2933 if (was_recursively_verified()) return;
2934 } else { // other methods
2935 // Ensures that target class is assignable to method class.
2936 if (opcode == Bytecodes::_invokespecial) {
2937 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2938 } else if (opcode == Bytecodes::_invokevirtual) {
2939 VerificationType stack_object_type =
2940 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2941 if (current_type() != stack_object_type) {
2942 if (was_recursively_verified()) return;
2943 assert(cp->cache() == nullptr, "not rewritten yet");
2944 Symbol* ref_class_name =
2945 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2946 // See the comments in verify_field_instructions() for
2947 // the rationale behind this.
2948 if (name_in_supers(ref_class_name, current_class())) {
2949 Klass* ref_class = load_class(ref_class_name, CHECK);
2950 if (is_protected_access(
2951 _klass, ref_class, method_name, method_sig, true)) {
2952 // It's protected access, check if stack object is
2953 // assignable to current class.
2954 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2955 && stack_object_type.is_array()
2956 && method_name == vmSymbols::clone_name()) {
2957 // Special case: arrays pretend to implement public Object
2958 // clone().
2959 } else {
2960 bool is_assignable = current_type().is_assignable_from(
2961 stack_object_type, this, true, CHECK_VERIFY(this));
2962 if (!is_assignable) {
2963 verify_error(ErrorContext::bad_type(bci,
2964 current_frame->stack_top_ctx(),
2965 TypeOrigin::implicit(current_type())),
2966 "Bad access to protected data in invokevirtual");
2967 return;
2968 }
2969 }
2970 }
2971 }
2972 }
2973 } else {
2974 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2975 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2976 }
2977 }
2978 }
2979 // Push the result type.
2980 int sig_verif_types_len = sig_verif_types->length();
2981 if (sig_verif_types_len > nargs) { // There's a return type
2982 if (method_name == vmSymbols::object_initializer_name()) {
2983 // <init> method must have a void return type
2984 /* Unreachable? Class file parser verifies that methods with '<' have
2985 * void return */
2986 verify_error(ErrorContext::bad_code(bci),
2987 "Return type must be void in <init> method");
2988 return;
2989 }
2990
2991 assert(sig_verif_types_len <= nargs + 2,
2992 "Signature verification types array return type is bogus");
2993 for (int i = nargs; i < sig_verif_types_len; i++) {
2994 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2995 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2996 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2997 }
2998 }
2999 }
3000
3001 VerificationType ClassVerifier::get_newarray_type(
3002 u2 index, int bci, TRAPS) {
3003 const char* from_bt[] = {
3004 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3005 };
3006 if (index < T_BOOLEAN || index > T_LONG) {
3007 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3008 return VerificationType::bogus_type();
3009 }
3010
3011 // from_bt[index] contains the array signature which has a length of 2
3012 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3013 return VerificationType::reference_type(sig);
3014 }
3015
3016 void ClassVerifier::verify_anewarray(
3017 int bci, u2 index, const constantPoolHandle& cp,
3018 StackMapFrame* current_frame, TRAPS) {
3019 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3020 current_frame->pop_stack(
3021 VerificationType::integer_type(), CHECK_VERIFY(this));
3022
3023 if (was_recursively_verified()) return;
3024 VerificationType component_type =
3025 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3026 int length;
3027 char* arr_sig_str;
3028 if (component_type.is_array()) { // it's an array
3029 const char* component_name = component_type.name()->as_utf8();
3030 // Check for more than MAX_ARRAY_DIMENSIONS
3031 length = (int)strlen(component_name);
3032 if (length > MAX_ARRAY_DIMENSIONS &&
3033 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3034 verify_error(ErrorContext::bad_code(bci),
3035 "Illegal anewarray instruction, array has more than 255 dimensions");
3036 }
3037 // add one dimension to component
3038 length++;
3039 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3040 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3041 JVM_SIGNATURE_ARRAY, component_name);
3042 assert(n == length, "Unexpected number of characters in string");
3043 } else { // it's an object or interface
3044 const char* component_name = component_type.name()->as_utf8();
3045 // add one dimension to component with 'L' prepended and ';' postpended.
3046 length = (int)strlen(component_name) + 3;
3047 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3048 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3049 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3050 assert(n == length, "Unexpected number of characters in string");
3051 }
3052 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3053 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3054 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3055 }
3056
3057 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3058 current_frame->get_local(
3059 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3060 current_frame->push_stack(
3061 VerificationType::integer_type(), CHECK_VERIFY(this));
3062 }
3063
3064 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3065 current_frame->get_local_2(
3066 index, VerificationType::long_type(),
3067 VerificationType::long2_type(), CHECK_VERIFY(this));
3068 current_frame->push_stack_2(
3069 VerificationType::long_type(),
3070 VerificationType::long2_type(), CHECK_VERIFY(this));
3071 }
3072
3073 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3074 current_frame->get_local(
3075 index, VerificationType::float_type(), CHECK_VERIFY(this));
3076 current_frame->push_stack(
3077 VerificationType::float_type(), CHECK_VERIFY(this));
3078 }
3079
3080 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3081 current_frame->get_local_2(
3082 index, VerificationType::double_type(),
3083 VerificationType::double2_type(), CHECK_VERIFY(this));
3084 current_frame->push_stack_2(
3085 VerificationType::double_type(),
3086 VerificationType::double2_type(), CHECK_VERIFY(this));
3087 }
3088
3089 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3090 VerificationType type = current_frame->get_local(
3091 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3092 current_frame->push_stack(type, CHECK_VERIFY(this));
3093 }
3094
3095 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3096 current_frame->pop_stack(
3097 VerificationType::integer_type(), CHECK_VERIFY(this));
3098 current_frame->set_local(
3099 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3100 }
3101
3102 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3103 current_frame->pop_stack_2(
3104 VerificationType::long2_type(),
3105 VerificationType::long_type(), CHECK_VERIFY(this));
3106 current_frame->set_local_2(
3107 index, VerificationType::long_type(),
3108 VerificationType::long2_type(), CHECK_VERIFY(this));
3109 }
3110
3111 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3112 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3113 current_frame->set_local(
3114 index, VerificationType::float_type(), CHECK_VERIFY(this));
3115 }
3116
3117 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3118 current_frame->pop_stack_2(
3119 VerificationType::double2_type(),
3120 VerificationType::double_type(), CHECK_VERIFY(this));
3121 current_frame->set_local_2(
3122 index, VerificationType::double_type(),
3123 VerificationType::double2_type(), CHECK_VERIFY(this));
3124 }
3125
3126 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3127 VerificationType type = current_frame->pop_stack(
3128 VerificationType::reference_check(), CHECK_VERIFY(this));
3129 current_frame->set_local(index, type, CHECK_VERIFY(this));
3130 }
3131
3132 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3133 VerificationType type = current_frame->get_local(
3134 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3135 current_frame->set_local(index, type, CHECK_VERIFY(this));
3136 }
3137
3138 void ClassVerifier::verify_return_value(
3139 VerificationType return_type, VerificationType type, int bci,
3140 StackMapFrame* current_frame, TRAPS) {
3141 if (return_type == VerificationType::bogus_type()) {
3142 verify_error(ErrorContext::bad_type(bci,
3143 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3144 "Method does not expect a return value");
3145 return;
3146 }
3147 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3148 if (!match) {
3149 verify_error(ErrorContext::bad_type(bci,
3150 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3151 "Bad return type");
3152 return;
3153 }
3154 }
3155
3156 // The verifier creates symbols which are substrings of Symbols.
3157 // These are stored in the verifier until the end of verification so that
3158 // they can be reference counted.
3159 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3160 // Quick deduplication check
3161 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3162 return _previous_symbol;
3163 }
3164 Symbol* sym = SymbolTable::new_symbol(name, length);
3165 if (!sym->is_permanent()) {
3166 if (_symbols == nullptr) {
3167 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3168 }
3169 _symbols->push(sym);
3170 }
3171 _previous_symbol = sym;
3172 return sym;
3173 }