1 /*
2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "cds/cdsConfig.hpp"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/systemDictionaryShared.hpp"
36 #include "classfile/verifier.hpp"
37 #include "classfile/vmClasses.hpp"
38 #include "classfile/vmSymbols.hpp"
39 #include "interpreter/bytecodes.hpp"
40 #include "interpreter/bytecodeStream.hpp"
41 #include "jvm.h"
42 #include "logging/log.hpp"
43 #include "logging/logStream.hpp"
44 #include "memory/oopFactory.hpp"
45 #include "memory/resourceArea.hpp"
46 #include "memory/universe.hpp"
47 #include "oops/constantPool.inline.hpp"
48 #include "oops/instanceKlass.inline.hpp"
49 #include "oops/klass.inline.hpp"
50 #include "oops/oop.inline.hpp"
51 #include "oops/typeArrayOop.hpp"
52 #include "runtime/arguments.hpp"
53 #include "runtime/fieldDescriptor.hpp"
54 #include "runtime/handles.inline.hpp"
55 #include "runtime/interfaceSupport.inline.hpp"
56 #include "runtime/javaCalls.hpp"
57 #include "runtime/javaThread.hpp"
58 #include "runtime/jniHandles.inline.hpp"
59 #include "runtime/os.hpp"
60 #include "runtime/safepointVerifiers.hpp"
61 #include "services/threadService.hpp"
62 #include "utilities/align.hpp"
63 #include "utilities/bytes.hpp"
64
65 #define NOFAILOVER_MAJOR_VERSION 51
66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
68 #define MAX_ARRAY_DIMENSIONS 255
69
70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
71
72 extern "C" {
73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
74 }
75
76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
77
78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
79
80 if (_verify_byte_codes_fn != nullptr)
81 return _verify_byte_codes_fn;
82
83 MutexLocker locker(Verify_lock);
84
85 if (_verify_byte_codes_fn != nullptr)
86 return _verify_byte_codes_fn;
87
88 // Load verify dll
89 char buffer[JVM_MAXPATHLEN];
90 char ebuf[1024];
91 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
92 return nullptr; // Caller will throw VerifyError
93
94 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
95 if (lib_handle == nullptr)
96 return nullptr; // Caller will throw VerifyError
97
98 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
99 if (fn == nullptr)
100 return nullptr; // Caller will throw VerifyError
101
102 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
103 }
104
105
106 // Methods in Verifier
107
108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
109 return (class_loader == nullptr || !should_verify_class) ?
110 BytecodeVerificationLocal : BytecodeVerificationRemote;
111 }
112
113 bool Verifier::relax_access_for(oop loader) {
114 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
115 bool need_verify =
116 // verifyAll
117 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
118 // verifyRemote
119 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
120 return !need_verify;
121 }
122
123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
124 assert(verify_class != nullptr, "Unexpected null verify_class");
125 ResourceMark rm;
126 Symbol* s = verify_class->source_file_name();
127 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
128 const char* verify = verify_class->external_name();
129 const char* resolve = resolve_class->external_name();
130 // print in a single call to reduce interleaving between threads
131 if (source_file != nullptr) {
132 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
133 } else {
134 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
135 }
136 }
137
138 // Prints the end-verification message to the appropriate output.
139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
140 if (pending_exception != nullptr) {
141 st->print("Verification for %s has", klassName);
142 oop message = java_lang_Throwable::message(pending_exception);
143 if (message != nullptr) {
144 char* ex_msg = java_lang_String::as_utf8_string(message);
145 st->print_cr(" exception pending '%s %s'",
146 pending_exception->klass()->external_name(), ex_msg);
147 } else {
148 st->print_cr(" exception pending %s ",
149 pending_exception->klass()->external_name());
150 }
151 } else if (exception_name != nullptr) {
152 st->print_cr("Verification for %s failed", klassName);
153 }
154 st->print_cr("End class verification for: %s", klassName);
155 }
156
157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
158 HandleMark hm(THREAD);
159 ResourceMark rm(THREAD);
160
161 // Eagerly allocate the identity hash code for a klass. This is a fallout
162 // from 6320749 and 8059924: hash code generator is not supposed to be called
163 // during the safepoint, but it allows to sneak the hashcode in during
164 // verification. Without this eager hashcode generation, we may end up
165 // installing the hashcode during some other operation, which may be at
166 // safepoint -- blowing up the checks. It was previously done as the side
167 // effect (sic!) for external_name(), but instead of doing that, we opt to
168 // explicitly push the hashcode in here. This is signify the following block
169 // is IMPORTANT:
170 if (klass->java_mirror() != nullptr) {
171 klass->java_mirror()->identity_hash();
172 }
173
174 if (!is_eligible_for_verification(klass, should_verify_class)) {
175 return true;
176 }
177
178 // Timer includes any side effects of class verification (resolution,
179 // etc), but not recursive calls to Verifier::verify().
180 JavaThread* jt = THREAD;
181 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
182 ClassLoader::perf_class_verify_selftime(),
183 ClassLoader::perf_classes_verified(),
184 jt->get_thread_stat()->perf_recursion_counts_addr(),
185 jt->get_thread_stat()->perf_timers_addr(),
186 PerfClassTraceTime::CLASS_VERIFY);
187
188 // If the class should be verified, first see if we can use the split
189 // verifier. If not, or if verification fails and can failover, then
190 // call the inference verifier.
191 Symbol* exception_name = nullptr;
192 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
193 char* message_buffer = nullptr;
194 char* exception_message = nullptr;
195
196 log_info(class, init)("Start class verification for: %s", klass->external_name());
197 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
198 ClassVerifier split_verifier(jt, klass);
199 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
200 split_verifier.verify_class(THREAD);
201 exception_name = split_verifier.result();
202
203 // If dumping static archive then don't fall back to the old verifier on
204 // verification failure. If a class fails verification with the split verifier,
205 // it might fail the CDS runtime verifier constraint check. In that case, we
206 // don't want to share the class. We only archive classes that pass the split
207 // verifier.
208 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
209 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
210
211 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
212 (exception_name == vmSymbols::java_lang_VerifyError() ||
213 exception_name == vmSymbols::java_lang_ClassFormatError())) {
214 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
215 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
216 // Exclude any classes that fail over during dynamic dumping
217 if (CDSConfig::is_dumping_dynamic_archive()) {
218 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
219 SystemDictionaryShared::set_excluded(klass);
220 }
221 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
222 exception_message = message_buffer;
223 exception_name = inference_verify(
224 klass, message_buffer, message_buffer_len, THREAD);
225 }
226 if (exception_name != nullptr) {
227 exception_message = split_verifier.exception_message();
228 }
229 } else {
230 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
231 exception_message = message_buffer;
232 exception_name = inference_verify(
233 klass, message_buffer, message_buffer_len, THREAD);
234 }
235
236 LogTarget(Info, class, init) lt1;
237 if (lt1.is_enabled()) {
238 LogStream ls(lt1);
239 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
240 }
241 LogTarget(Info, verification) lt2;
242 if (lt2.is_enabled()) {
243 LogStream ls(lt2);
244 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
245 }
246
247 if (HAS_PENDING_EXCEPTION) {
248 return false; // use the existing exception
249 } else if (exception_name == nullptr) {
250 return true; // verification succeeded
251 } else { // VerifyError or ClassFormatError to be created and thrown
252 Klass* kls =
253 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
254 if (log_is_enabled(Debug, class, resolve)) {
255 Verifier::trace_class_resolution(kls, klass);
256 }
257
258 while (kls != nullptr) {
259 if (kls == klass) {
260 // If the class being verified is the exception we're creating
261 // or one of it's superclasses, we're in trouble and are going
262 // to infinitely recurse when we try to initialize the exception.
263 // So bail out here by throwing the preallocated VM error.
264 THROW_OOP_(Universe::internal_error_instance(), false);
265 }
266 kls = kls->super();
267 }
268 if (message_buffer != nullptr) {
269 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
270 }
271 assert(exception_message != nullptr, "");
272 THROW_MSG_(exception_name, exception_message, false);
273 }
274 }
275
276 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
277 Symbol* name = klass->name();
278 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
279
280 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
281 klass->is_subtype_of(refl_serialization_ctor_klass);
282
283 return (should_verify_for(klass->class_loader(), should_verify_class) &&
284 // return if the class is a bootstrapping class
285 // or defineClass specified not to verify by default (flags override passed arg)
286 // We need to skip the following four for bootstraping
287 name != vmSymbols::java_lang_Object() &&
288 name != vmSymbols::java_lang_Class() &&
289 name != vmSymbols::java_lang_String() &&
290 name != vmSymbols::java_lang_Throwable() &&
291
292 // Can not verify the bytecodes for shared classes because they have
293 // already been rewritten to contain constant pool cache indices,
294 // which the verifier can't understand.
295 // Shared classes shouldn't have stackmaps either.
296 // However, bytecodes for shared old classes can be verified because
297 // they have not been rewritten.
298 !(klass->is_shared() && klass->is_rewritten()) &&
299
300 // As of the fix for 4486457 we disable verification for all of the
301 // dynamically-generated bytecodes associated with
302 // jdk/internal/reflect/SerializationConstructorAccessor.
303 (!is_reflect_accessor));
304 }
305
306 Symbol* Verifier::inference_verify(
307 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
308 JavaThread* thread = THREAD;
309
310 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
311
312 if (verify_func == nullptr) {
313 jio_snprintf(message, message_len, "Could not link verifier");
314 return vmSymbols::java_lang_VerifyError();
315 }
316
317 ResourceMark rm(thread);
318 log_info(verification)("Verifying class %s with old format", klass->external_name());
319
320 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
321 jint result;
322
323 {
324 HandleMark hm(thread);
325 ThreadToNativeFromVM ttn(thread);
326 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
327 // code knows that we have left the VM
328 JNIEnv *env = thread->jni_environment();
329 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
330 }
331
332 JNIHandles::destroy_local(cls);
333
334 // These numbers are chosen so that VerifyClassCodes interface doesn't need
335 // to be changed (still return jboolean (unsigned char)), and result is
336 // 1 when verification is passed.
337 if (result == 0) {
338 return vmSymbols::java_lang_VerifyError();
339 } else if (result == 1) {
340 return nullptr; // verified.
341 } else if (result == 2) {
342 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
343 } else if (result == 3) {
344 return vmSymbols::java_lang_ClassFormatError();
345 } else {
346 ShouldNotReachHere();
347 return nullptr;
348 }
349 }
350
351 TypeOrigin TypeOrigin::null() {
352 return TypeOrigin();
353 }
354 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
355 assert(frame != nullptr, "Must have a frame");
356 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
357 frame->local_at(index));
358 }
359 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
360 assert(frame != nullptr, "Must have a frame");
361 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
362 frame->stack_at(index));
363 }
364 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
365 assert(frame != nullptr, "Must have a frame");
366 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
367 frame->local_at(index));
368 }
369 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
370 assert(frame != nullptr, "Must have a frame");
371 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
372 frame->stack_at(index));
373 }
374 TypeOrigin TypeOrigin::bad_index(int index) {
375 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
376 }
377 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
378 return TypeOrigin(CONST_POOL, index, nullptr, vt);
379 }
380 TypeOrigin TypeOrigin::signature(VerificationType vt) {
381 return TypeOrigin(SIG, 0, nullptr, vt);
382 }
383 TypeOrigin TypeOrigin::implicit(VerificationType t) {
384 return TypeOrigin(IMPLICIT, 0, nullptr, t);
385 }
386 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
387 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
388 VerificationType::bogus_type());
389 }
390
391 void TypeOrigin::reset_frame() {
392 if (_frame != nullptr) {
393 _frame->restore();
394 }
395 }
396
397 void TypeOrigin::details(outputStream* ss) const {
398 _type.print_on(ss);
399 switch (_origin) {
400 case CF_LOCALS:
401 ss->print(" (current frame, locals[%d])", _index);
402 break;
403 case CF_STACK:
404 ss->print(" (current frame, stack[%d])", _index);
405 break;
406 case SM_LOCALS:
407 ss->print(" (stack map, locals[%d])", _index);
408 break;
409 case SM_STACK:
410 ss->print(" (stack map, stack[%d])", _index);
411 break;
412 case CONST_POOL:
413 ss->print(" (constant pool %d)", _index);
414 break;
415 case SIG:
416 ss->print(" (from method signature)");
417 break;
418 case IMPLICIT:
419 case FRAME_ONLY:
420 case NONE:
421 default:
422 ;
423 }
424 }
425
426 #ifdef ASSERT
427 void TypeOrigin::print_on(outputStream* str) const {
428 str->print("{%d,%d,%p:", _origin, _index, _frame);
429 if (_frame != nullptr) {
430 _frame->print_on(str);
431 } else {
432 str->print("null");
433 }
434 str->print(",");
435 _type.print_on(str);
436 str->print("}");
437 }
438 #endif
439
440 void ErrorContext::details(outputStream* ss, const Method* method) const {
441 if (is_valid()) {
442 ss->cr();
443 ss->print_cr("Exception Details:");
444 location_details(ss, method);
445 reason_details(ss);
446 frame_details(ss);
447 bytecode_details(ss, method);
448 handler_details(ss, method);
449 stackmap_details(ss, method);
450 }
451 }
452
453 void ErrorContext::reason_details(outputStream* ss) const {
454 streamIndentor si(ss);
455 ss->indent().print_cr("Reason:");
456 streamIndentor si2(ss);
457 ss->indent().print("%s", "");
458 switch (_fault) {
459 case INVALID_BYTECODE:
460 ss->print("Error exists in the bytecode");
461 break;
462 case WRONG_TYPE:
463 if (_expected.is_valid()) {
464 ss->print("Type ");
465 _type.details(ss);
466 ss->print(" is not assignable to ");
467 _expected.details(ss);
468 } else {
469 ss->print("Invalid type: ");
470 _type.details(ss);
471 }
472 break;
473 case FLAGS_MISMATCH:
474 if (_expected.is_valid()) {
475 ss->print("Current frame's flags are not assignable "
476 "to stack map frame's.");
477 } else {
478 ss->print("Current frame's flags are invalid in this context.");
479 }
480 break;
481 case BAD_CP_INDEX:
482 ss->print("Constant pool index %d is invalid", _type.index());
483 break;
484 case BAD_LOCAL_INDEX:
485 ss->print("Local index %d is invalid", _type.index());
486 break;
487 case LOCALS_SIZE_MISMATCH:
488 ss->print("Current frame's local size doesn't match stackmap.");
489 break;
490 case STACK_SIZE_MISMATCH:
491 ss->print("Current frame's stack size doesn't match stackmap.");
492 break;
493 case STACK_OVERFLOW:
494 ss->print("Exceeded max stack size.");
495 break;
496 case STACK_UNDERFLOW:
497 ss->print("Attempt to pop empty stack.");
498 break;
499 case MISSING_STACKMAP:
500 ss->print("Expected stackmap frame at this location.");
501 break;
502 case BAD_STACKMAP:
503 ss->print("Invalid stackmap specification.");
504 break;
505 case UNKNOWN:
506 default:
507 ShouldNotReachHere();
508 ss->print_cr("Unknown");
509 }
510 ss->cr();
511 }
512
513 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
514 if (_bci != -1 && method != nullptr) {
515 streamIndentor si(ss);
516 const char* bytecode_name = "<invalid>";
517 if (method->validate_bci(_bci) != -1) {
518 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
519 if (Bytecodes::is_defined(code)) {
520 bytecode_name = Bytecodes::name(code);
521 } else {
522 bytecode_name = "<illegal>";
523 }
524 }
525 InstanceKlass* ik = method->method_holder();
526 ss->indent().print_cr("Location:");
527 streamIndentor si2(ss);
528 ss->indent().print_cr("%s.%s%s @%d: %s",
529 ik->name()->as_C_string(), method->name()->as_C_string(),
530 method->signature()->as_C_string(), _bci, bytecode_name);
531 }
532 }
533
534 void ErrorContext::frame_details(outputStream* ss) const {
535 streamIndentor si(ss);
536 if (_type.is_valid() && _type.frame() != nullptr) {
537 ss->indent().print_cr("Current Frame:");
538 streamIndentor si2(ss);
539 _type.frame()->print_on(ss);
540 }
541 if (_expected.is_valid() && _expected.frame() != nullptr) {
542 ss->indent().print_cr("Stackmap Frame:");
543 streamIndentor si2(ss);
544 _expected.frame()->print_on(ss);
545 }
546 }
547
548 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
549 if (method != nullptr) {
550 streamIndentor si(ss);
551 ss->indent().print_cr("Bytecode:");
552 streamIndentor si2(ss);
553 ss->print_data(method->code_base(), method->code_size(), false);
554 }
555 }
556
557 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
558 if (method != nullptr) {
559 streamIndentor si(ss);
560 ExceptionTable table(method);
561 if (table.length() > 0) {
562 ss->indent().print_cr("Exception Handler Table:");
563 streamIndentor si2(ss);
564 for (int i = 0; i < table.length(); ++i) {
565 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
566 table.end_pc(i), table.handler_pc(i));
567 }
568 }
569 }
570 }
571
572 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
573 if (method != nullptr && method->has_stackmap_table()) {
574 streamIndentor si(ss);
575 ss->indent().print_cr("Stackmap Table:");
576 Array<u1>* data = method->stackmap_data();
577 stack_map_table* sm_table =
578 stack_map_table::at((address)data->adr_at(0));
579 stack_map_frame* sm_frame = sm_table->entries();
580 streamIndentor si2(ss);
581 int current_offset = -1;
582 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
583 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
584 ss->indent();
585 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
586 sm_frame->print_truncated(ss, current_offset);
587 return;
588 }
589 sm_frame->print_on(ss, current_offset);
590 ss->cr();
591 current_offset += sm_frame->offset_delta();
592 sm_frame = sm_frame->next();
593 }
594 }
595 }
596
597 // Methods in ClassVerifier
598
599 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
600 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
601 _message(nullptr), _klass(klass) {
602 _this_type = VerificationType::reference_type(klass->name());
603 }
604
605 ClassVerifier::~ClassVerifier() {
606 // Decrement the reference count for any symbols created.
607 if (_symbols != nullptr) {
608 for (int i = 0; i < _symbols->length(); i++) {
609 Symbol* s = _symbols->at(i);
610 s->decrement_refcount();
611 }
612 }
613 }
614
615 VerificationType ClassVerifier::object_type() const {
616 return VerificationType::reference_type(vmSymbols::java_lang_Object());
617 }
618
619 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
620 VerificationType vt = VerificationType::reference_type(
621 create_temporary_symbol(sig, (int)strlen(sig)));
622 return TypeOrigin::implicit(vt);
623 }
624
625
626 void ClassVerifier::verify_class(TRAPS) {
627 log_info(verification)("Verifying class %s with new format", _klass->external_name());
628
629 // Either verifying both local and remote classes or just remote classes.
630 assert(BytecodeVerificationRemote, "Should not be here");
631
632 Array<Method*>* methods = _klass->methods();
633 int num_methods = methods->length();
634
635 for (int index = 0; index < num_methods; index++) {
636 // Check for recursive re-verification before each method.
637 if (was_recursively_verified()) return;
638
639 Method* m = methods->at(index);
640 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
641 // If m is native or abstract, skip it. It is checked in class file
642 // parser that methods do not override a final method. Overpass methods
643 // are trusted since the VM generates them.
644 continue;
645 }
646 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
647 }
648
649 if (was_recursively_verified()){
650 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
651 log_info(class, init)("Recursive verification detected for: %s",
652 _klass->external_name());
653 }
654 }
655
656 // Translate the signature entries into verification types and save them in
657 // the growable array. Also, save the count of arguments.
658 void ClassVerifier::translate_signature(Symbol* const method_sig,
659 sig_as_verification_types* sig_verif_types) {
660 SignatureStream sig_stream(method_sig);
661 VerificationType sig_type[2];
662 int sig_i = 0;
663 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
664
665 // Translate the signature arguments into verification types.
666 while (!sig_stream.at_return_type()) {
667 int n = change_sig_to_verificationType(&sig_stream, sig_type);
668 assert(n <= 2, "Unexpected signature type");
669
670 // Store verification type(s). Longs and Doubles each have two verificationTypes.
671 for (int x = 0; x < n; x++) {
672 verif_types->push(sig_type[x]);
673 }
674 sig_i += n;
675 sig_stream.next();
676 }
677
678 // Set final arg count, not including the return type. The final arg count will
679 // be compared with sig_verify_types' length to see if there is a return type.
680 sig_verif_types->set_num_args(sig_i);
681
682 // Store verification type(s) for the return type, if there is one.
683 if (sig_stream.type() != T_VOID) {
684 int n = change_sig_to_verificationType(&sig_stream, sig_type);
685 assert(n <= 2, "Unexpected signature return type");
686 for (int y = 0; y < n; y++) {
687 verif_types->push(sig_type[y]);
688 }
689 }
690 }
691
692 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
693 int sig_index) {
694 // Translate the signature into verification types.
695 ConstantPool* cp = _klass->constants();
696 Symbol* const method_sig = cp->symbol_at(sig_index);
697 translate_signature(method_sig, sig_verif_types);
698
699 // Add the list of this signature's verification types to the table.
700 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
701 assert(is_unique, "Duplicate entries in method_signature_table");
702 }
703
704 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
705 HandleMark hm(THREAD);
706 _method = m; // initialize _method
707 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
708
709 // For clang, the only good constant format string is a literal constant format string.
710 #define bad_type_msg "Bad type on operand stack in %s"
711
712 u2 max_stack = m->verifier_max_stack();
713 u2 max_locals = m->max_locals();
714 constantPoolHandle cp(THREAD, m->constants());
715
716 // Method signature was checked in ClassFileParser.
717 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
718 "Invalid method signature");
719
720 // Initial stack map frame: offset is 0, stack is initially empty.
721 StackMapFrame current_frame(max_locals, max_stack, this);
722 // Set initial locals
723 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
724
725 u2 stackmap_index = 0; // index to the stackmap array
726
727 u4 code_length = m->code_size();
728
729 // Scan the bytecode and map each instruction's start offset to a number.
730 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
731
732 int ex_min = code_length;
733 int ex_max = -1;
734 // Look through each item on the exception table. Each of the fields must refer
735 // to a legal instruction.
736 if (was_recursively_verified()) return;
737 verify_exception_handler_table(
738 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
739
740 // Look through each entry on the local variable table and make sure
741 // its range of code array offsets is valid. (4169817)
742 if (m->has_localvariable_table()) {
743 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
744 }
745
746 Array<u1>* stackmap_data = m->stackmap_data();
747 StackMapStream stream(stackmap_data);
748 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
749 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
750 code_data, code_length, CHECK_VERIFY(this));
751
752 LogTarget(Debug, verification) lt;
753 if (lt.is_enabled()) {
754 ResourceMark rm(THREAD);
755 LogStream ls(lt);
756 stackmap_table.print_on(&ls);
757 }
758
759 RawBytecodeStream bcs(m);
760
761 // Scan the byte code linearly from the start to the end
762 bool no_control_flow = false; // Set to true when there is no direct control
763 // flow from current instruction to the next
764 // instruction in sequence
765
766 Bytecodes::Code opcode;
767 while (!bcs.is_last_bytecode()) {
768 // Check for recursive re-verification before each bytecode.
769 if (was_recursively_verified()) return;
770
771 opcode = bcs.raw_next();
772 int bci = bcs.bci();
773
774 // Set current frame's offset to bci
775 current_frame.set_offset(bci);
776 current_frame.set_mark();
777
778 // Make sure every offset in stackmap table point to the beginning to
779 // an instruction. Match current_frame to stackmap_table entry with
780 // the same offset if exists.
781 stackmap_index = verify_stackmap_table(
782 stackmap_index, bci, ¤t_frame, &stackmap_table,
783 no_control_flow, CHECK_VERIFY(this));
784
785
786 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
787 bool verified_exc_handlers = false;
788
789 // Merge with the next instruction
790 {
791 int target;
792 VerificationType type, type2;
793 VerificationType atype;
794
795 LogTarget(Debug, verification) lt;
796 if (lt.is_enabled()) {
797 ResourceMark rm(THREAD);
798 LogStream ls(lt);
799 current_frame.print_on(&ls);
800 lt.print("offset = %d, opcode = %s", bci,
801 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
802 }
803
804 // Make sure wide instruction is in correct format
805 if (bcs.is_wide()) {
806 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
807 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
808 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
809 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
810 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
811 opcode != Bytecodes::_dstore) {
812 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
813 * if we encounter a wide instruction that modifies an invalid
814 * opcode (not one of the ones listed above) */
815 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
816 return;
817 }
818 }
819
820 // Look for possible jump target in exception handlers and see if it
821 // matches current_frame. Do this check here for astore*, dstore*,
822 // fstore*, istore*, and lstore* opcodes because they can change the type
823 // state by adding a local. JVM Spec says that the incoming type state
824 // should be used for this check. So, do the check here before a possible
825 // local is added to the type state.
826 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
827 if (was_recursively_verified()) return;
828 verify_exception_handler_targets(
829 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
830 verified_exc_handlers = true;
831 }
832
833 if (was_recursively_verified()) return;
834
835 switch (opcode) {
836 case Bytecodes::_nop :
837 no_control_flow = false; break;
838 case Bytecodes::_aconst_null :
839 current_frame.push_stack(
840 VerificationType::null_type(), CHECK_VERIFY(this));
841 no_control_flow = false; break;
842 case Bytecodes::_iconst_m1 :
843 case Bytecodes::_iconst_0 :
844 case Bytecodes::_iconst_1 :
845 case Bytecodes::_iconst_2 :
846 case Bytecodes::_iconst_3 :
847 case Bytecodes::_iconst_4 :
848 case Bytecodes::_iconst_5 :
849 current_frame.push_stack(
850 VerificationType::integer_type(), CHECK_VERIFY(this));
851 no_control_flow = false; break;
852 case Bytecodes::_lconst_0 :
853 case Bytecodes::_lconst_1 :
854 current_frame.push_stack_2(
855 VerificationType::long_type(),
856 VerificationType::long2_type(), CHECK_VERIFY(this));
857 no_control_flow = false; break;
858 case Bytecodes::_fconst_0 :
859 case Bytecodes::_fconst_1 :
860 case Bytecodes::_fconst_2 :
861 current_frame.push_stack(
862 VerificationType::float_type(), CHECK_VERIFY(this));
863 no_control_flow = false; break;
864 case Bytecodes::_dconst_0 :
865 case Bytecodes::_dconst_1 :
866 current_frame.push_stack_2(
867 VerificationType::double_type(),
868 VerificationType::double2_type(), CHECK_VERIFY(this));
869 no_control_flow = false; break;
870 case Bytecodes::_sipush :
871 case Bytecodes::_bipush :
872 current_frame.push_stack(
873 VerificationType::integer_type(), CHECK_VERIFY(this));
874 no_control_flow = false; break;
875 case Bytecodes::_ldc :
876 verify_ldc(
877 opcode, bcs.get_index_u1(), ¤t_frame,
878 cp, bci, CHECK_VERIFY(this));
879 no_control_flow = false; break;
880 case Bytecodes::_ldc_w :
881 case Bytecodes::_ldc2_w :
882 verify_ldc(
883 opcode, bcs.get_index_u2(), ¤t_frame,
884 cp, bci, CHECK_VERIFY(this));
885 no_control_flow = false; break;
886 case Bytecodes::_iload :
887 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
888 no_control_flow = false; break;
889 case Bytecodes::_iload_0 :
890 case Bytecodes::_iload_1 :
891 case Bytecodes::_iload_2 :
892 case Bytecodes::_iload_3 : {
893 int index = opcode - Bytecodes::_iload_0;
894 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
895 no_control_flow = false; break;
896 }
897 case Bytecodes::_lload :
898 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_lload_0 :
901 case Bytecodes::_lload_1 :
902 case Bytecodes::_lload_2 :
903 case Bytecodes::_lload_3 : {
904 int index = opcode - Bytecodes::_lload_0;
905 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
906 no_control_flow = false; break;
907 }
908 case Bytecodes::_fload :
909 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
910 no_control_flow = false; break;
911 case Bytecodes::_fload_0 :
912 case Bytecodes::_fload_1 :
913 case Bytecodes::_fload_2 :
914 case Bytecodes::_fload_3 : {
915 int index = opcode - Bytecodes::_fload_0;
916 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
917 no_control_flow = false; break;
918 }
919 case Bytecodes::_dload :
920 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 case Bytecodes::_dload_0 :
923 case Bytecodes::_dload_1 :
924 case Bytecodes::_dload_2 :
925 case Bytecodes::_dload_3 : {
926 int index = opcode - Bytecodes::_dload_0;
927 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 }
930 case Bytecodes::_aload :
931 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 case Bytecodes::_aload_0 :
934 case Bytecodes::_aload_1 :
935 case Bytecodes::_aload_2 :
936 case Bytecodes::_aload_3 : {
937 int index = opcode - Bytecodes::_aload_0;
938 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
939 no_control_flow = false; break;
940 }
941 case Bytecodes::_iaload :
942 type = current_frame.pop_stack(
943 VerificationType::integer_type(), CHECK_VERIFY(this));
944 atype = current_frame.pop_stack(
945 VerificationType::reference_check(), CHECK_VERIFY(this));
946 if (!atype.is_int_array()) {
947 verify_error(ErrorContext::bad_type(bci,
948 current_frame.stack_top_ctx(), ref_ctx("[I")),
949 bad_type_msg, "iaload");
950 return;
951 }
952 current_frame.push_stack(
953 VerificationType::integer_type(), CHECK_VERIFY(this));
954 no_control_flow = false; break;
955 case Bytecodes::_baload :
956 type = current_frame.pop_stack(
957 VerificationType::integer_type(), CHECK_VERIFY(this));
958 atype = current_frame.pop_stack(
959 VerificationType::reference_check(), CHECK_VERIFY(this));
960 if (!atype.is_bool_array() && !atype.is_byte_array()) {
961 verify_error(
962 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
963 bad_type_msg, "baload");
964 return;
965 }
966 current_frame.push_stack(
967 VerificationType::integer_type(), CHECK_VERIFY(this));
968 no_control_flow = false; break;
969 case Bytecodes::_caload :
970 type = current_frame.pop_stack(
971 VerificationType::integer_type(), CHECK_VERIFY(this));
972 atype = current_frame.pop_stack(
973 VerificationType::reference_check(), CHECK_VERIFY(this));
974 if (!atype.is_char_array()) {
975 verify_error(ErrorContext::bad_type(bci,
976 current_frame.stack_top_ctx(), ref_ctx("[C")),
977 bad_type_msg, "caload");
978 return;
979 }
980 current_frame.push_stack(
981 VerificationType::integer_type(), CHECK_VERIFY(this));
982 no_control_flow = false; break;
983 case Bytecodes::_saload :
984 type = current_frame.pop_stack(
985 VerificationType::integer_type(), CHECK_VERIFY(this));
986 atype = current_frame.pop_stack(
987 VerificationType::reference_check(), CHECK_VERIFY(this));
988 if (!atype.is_short_array()) {
989 verify_error(ErrorContext::bad_type(bci,
990 current_frame.stack_top_ctx(), ref_ctx("[S")),
991 bad_type_msg, "saload");
992 return;
993 }
994 current_frame.push_stack(
995 VerificationType::integer_type(), CHECK_VERIFY(this));
996 no_control_flow = false; break;
997 case Bytecodes::_laload :
998 type = current_frame.pop_stack(
999 VerificationType::integer_type(), CHECK_VERIFY(this));
1000 atype = current_frame.pop_stack(
1001 VerificationType::reference_check(), CHECK_VERIFY(this));
1002 if (!atype.is_long_array()) {
1003 verify_error(ErrorContext::bad_type(bci,
1004 current_frame.stack_top_ctx(), ref_ctx("[J")),
1005 bad_type_msg, "laload");
1006 return;
1007 }
1008 current_frame.push_stack_2(
1009 VerificationType::long_type(),
1010 VerificationType::long2_type(), CHECK_VERIFY(this));
1011 no_control_flow = false; break;
1012 case Bytecodes::_faload :
1013 type = current_frame.pop_stack(
1014 VerificationType::integer_type(), CHECK_VERIFY(this));
1015 atype = current_frame.pop_stack(
1016 VerificationType::reference_check(), CHECK_VERIFY(this));
1017 if (!atype.is_float_array()) {
1018 verify_error(ErrorContext::bad_type(bci,
1019 current_frame.stack_top_ctx(), ref_ctx("[F")),
1020 bad_type_msg, "faload");
1021 return;
1022 }
1023 current_frame.push_stack(
1024 VerificationType::float_type(), CHECK_VERIFY(this));
1025 no_control_flow = false; break;
1026 case Bytecodes::_daload :
1027 type = current_frame.pop_stack(
1028 VerificationType::integer_type(), CHECK_VERIFY(this));
1029 atype = current_frame.pop_stack(
1030 VerificationType::reference_check(), CHECK_VERIFY(this));
1031 if (!atype.is_double_array()) {
1032 verify_error(ErrorContext::bad_type(bci,
1033 current_frame.stack_top_ctx(), ref_ctx("[D")),
1034 bad_type_msg, "daload");
1035 return;
1036 }
1037 current_frame.push_stack_2(
1038 VerificationType::double_type(),
1039 VerificationType::double2_type(), CHECK_VERIFY(this));
1040 no_control_flow = false; break;
1041 case Bytecodes::_aaload : {
1042 type = current_frame.pop_stack(
1043 VerificationType::integer_type(), CHECK_VERIFY(this));
1044 atype = current_frame.pop_stack(
1045 VerificationType::reference_check(), CHECK_VERIFY(this));
1046 if (!atype.is_reference_array()) {
1047 verify_error(ErrorContext::bad_type(bci,
1048 current_frame.stack_top_ctx(),
1049 TypeOrigin::implicit(VerificationType::reference_check())),
1050 bad_type_msg, "aaload");
1051 return;
1052 }
1053 if (atype.is_null()) {
1054 current_frame.push_stack(
1055 VerificationType::null_type(), CHECK_VERIFY(this));
1056 } else {
1057 VerificationType component = atype.get_component(this);
1058 current_frame.push_stack(component, CHECK_VERIFY(this));
1059 }
1060 no_control_flow = false; break;
1061 }
1062 case Bytecodes::_istore :
1063 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1064 no_control_flow = false; break;
1065 case Bytecodes::_istore_0 :
1066 case Bytecodes::_istore_1 :
1067 case Bytecodes::_istore_2 :
1068 case Bytecodes::_istore_3 : {
1069 int index = opcode - Bytecodes::_istore_0;
1070 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1071 no_control_flow = false; break;
1072 }
1073 case Bytecodes::_lstore :
1074 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1075 no_control_flow = false; break;
1076 case Bytecodes::_lstore_0 :
1077 case Bytecodes::_lstore_1 :
1078 case Bytecodes::_lstore_2 :
1079 case Bytecodes::_lstore_3 : {
1080 int index = opcode - Bytecodes::_lstore_0;
1081 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1082 no_control_flow = false; break;
1083 }
1084 case Bytecodes::_fstore :
1085 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 case Bytecodes::_fstore_0 :
1088 case Bytecodes::_fstore_1 :
1089 case Bytecodes::_fstore_2 :
1090 case Bytecodes::_fstore_3 : {
1091 int index = opcode - Bytecodes::_fstore_0;
1092 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1093 no_control_flow = false; break;
1094 }
1095 case Bytecodes::_dstore :
1096 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 case Bytecodes::_dstore_0 :
1099 case Bytecodes::_dstore_1 :
1100 case Bytecodes::_dstore_2 :
1101 case Bytecodes::_dstore_3 : {
1102 int index = opcode - Bytecodes::_dstore_0;
1103 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1104 no_control_flow = false; break;
1105 }
1106 case Bytecodes::_astore :
1107 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 case Bytecodes::_astore_0 :
1110 case Bytecodes::_astore_1 :
1111 case Bytecodes::_astore_2 :
1112 case Bytecodes::_astore_3 : {
1113 int index = opcode - Bytecodes::_astore_0;
1114 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1115 no_control_flow = false; break;
1116 }
1117 case Bytecodes::_iastore :
1118 type = current_frame.pop_stack(
1119 VerificationType::integer_type(), CHECK_VERIFY(this));
1120 type2 = current_frame.pop_stack(
1121 VerificationType::integer_type(), CHECK_VERIFY(this));
1122 atype = current_frame.pop_stack(
1123 VerificationType::reference_check(), CHECK_VERIFY(this));
1124 if (!atype.is_int_array()) {
1125 verify_error(ErrorContext::bad_type(bci,
1126 current_frame.stack_top_ctx(), ref_ctx("[I")),
1127 bad_type_msg, "iastore");
1128 return;
1129 }
1130 no_control_flow = false; break;
1131 case Bytecodes::_bastore :
1132 type = current_frame.pop_stack(
1133 VerificationType::integer_type(), CHECK_VERIFY(this));
1134 type2 = current_frame.pop_stack(
1135 VerificationType::integer_type(), CHECK_VERIFY(this));
1136 atype = current_frame.pop_stack(
1137 VerificationType::reference_check(), CHECK_VERIFY(this));
1138 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1139 verify_error(
1140 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1141 bad_type_msg, "bastore");
1142 return;
1143 }
1144 no_control_flow = false; break;
1145 case Bytecodes::_castore :
1146 current_frame.pop_stack(
1147 VerificationType::integer_type(), CHECK_VERIFY(this));
1148 current_frame.pop_stack(
1149 VerificationType::integer_type(), CHECK_VERIFY(this));
1150 atype = current_frame.pop_stack(
1151 VerificationType::reference_check(), CHECK_VERIFY(this));
1152 if (!atype.is_char_array()) {
1153 verify_error(ErrorContext::bad_type(bci,
1154 current_frame.stack_top_ctx(), ref_ctx("[C")),
1155 bad_type_msg, "castore");
1156 return;
1157 }
1158 no_control_flow = false; break;
1159 case Bytecodes::_sastore :
1160 current_frame.pop_stack(
1161 VerificationType::integer_type(), CHECK_VERIFY(this));
1162 current_frame.pop_stack(
1163 VerificationType::integer_type(), CHECK_VERIFY(this));
1164 atype = current_frame.pop_stack(
1165 VerificationType::reference_check(), CHECK_VERIFY(this));
1166 if (!atype.is_short_array()) {
1167 verify_error(ErrorContext::bad_type(bci,
1168 current_frame.stack_top_ctx(), ref_ctx("[S")),
1169 bad_type_msg, "sastore");
1170 return;
1171 }
1172 no_control_flow = false; break;
1173 case Bytecodes::_lastore :
1174 current_frame.pop_stack_2(
1175 VerificationType::long2_type(),
1176 VerificationType::long_type(), CHECK_VERIFY(this));
1177 current_frame.pop_stack(
1178 VerificationType::integer_type(), CHECK_VERIFY(this));
1179 atype = current_frame.pop_stack(
1180 VerificationType::reference_check(), CHECK_VERIFY(this));
1181 if (!atype.is_long_array()) {
1182 verify_error(ErrorContext::bad_type(bci,
1183 current_frame.stack_top_ctx(), ref_ctx("[J")),
1184 bad_type_msg, "lastore");
1185 return;
1186 }
1187 no_control_flow = false; break;
1188 case Bytecodes::_fastore :
1189 current_frame.pop_stack(
1190 VerificationType::float_type(), CHECK_VERIFY(this));
1191 current_frame.pop_stack
1192 (VerificationType::integer_type(), CHECK_VERIFY(this));
1193 atype = current_frame.pop_stack(
1194 VerificationType::reference_check(), CHECK_VERIFY(this));
1195 if (!atype.is_float_array()) {
1196 verify_error(ErrorContext::bad_type(bci,
1197 current_frame.stack_top_ctx(), ref_ctx("[F")),
1198 bad_type_msg, "fastore");
1199 return;
1200 }
1201 no_control_flow = false; break;
1202 case Bytecodes::_dastore :
1203 current_frame.pop_stack_2(
1204 VerificationType::double2_type(),
1205 VerificationType::double_type(), CHECK_VERIFY(this));
1206 current_frame.pop_stack(
1207 VerificationType::integer_type(), CHECK_VERIFY(this));
1208 atype = current_frame.pop_stack(
1209 VerificationType::reference_check(), CHECK_VERIFY(this));
1210 if (!atype.is_double_array()) {
1211 verify_error(ErrorContext::bad_type(bci,
1212 current_frame.stack_top_ctx(), ref_ctx("[D")),
1213 bad_type_msg, "dastore");
1214 return;
1215 }
1216 no_control_flow = false; break;
1217 case Bytecodes::_aastore :
1218 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1219 type2 = current_frame.pop_stack(
1220 VerificationType::integer_type(), CHECK_VERIFY(this));
1221 atype = current_frame.pop_stack(
1222 VerificationType::reference_check(), CHECK_VERIFY(this));
1223 // more type-checking is done at runtime
1224 if (!atype.is_reference_array()) {
1225 verify_error(ErrorContext::bad_type(bci,
1226 current_frame.stack_top_ctx(),
1227 TypeOrigin::implicit(VerificationType::reference_check())),
1228 bad_type_msg, "aastore");
1229 return;
1230 }
1231 // 4938384: relaxed constraint in JVMS 3rd edition.
1232 no_control_flow = false; break;
1233 case Bytecodes::_pop :
1234 current_frame.pop_stack(
1235 VerificationType::category1_check(), CHECK_VERIFY(this));
1236 no_control_flow = false; break;
1237 case Bytecodes::_pop2 :
1238 type = current_frame.pop_stack(CHECK_VERIFY(this));
1239 if (type.is_category1()) {
1240 current_frame.pop_stack(
1241 VerificationType::category1_check(), CHECK_VERIFY(this));
1242 } else if (type.is_category2_2nd()) {
1243 current_frame.pop_stack(
1244 VerificationType::category2_check(), CHECK_VERIFY(this));
1245 } else {
1246 /* Unreachable? Would need a category2_1st on TOS
1247 * which does not appear possible. */
1248 verify_error(
1249 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1250 bad_type_msg, "pop2");
1251 return;
1252 }
1253 no_control_flow = false; break;
1254 case Bytecodes::_dup :
1255 type = current_frame.pop_stack(
1256 VerificationType::category1_check(), CHECK_VERIFY(this));
1257 current_frame.push_stack(type, CHECK_VERIFY(this));
1258 current_frame.push_stack(type, CHECK_VERIFY(this));
1259 no_control_flow = false; break;
1260 case Bytecodes::_dup_x1 :
1261 type = current_frame.pop_stack(
1262 VerificationType::category1_check(), CHECK_VERIFY(this));
1263 type2 = current_frame.pop_stack(
1264 VerificationType::category1_check(), CHECK_VERIFY(this));
1265 current_frame.push_stack(type, CHECK_VERIFY(this));
1266 current_frame.push_stack(type2, CHECK_VERIFY(this));
1267 current_frame.push_stack(type, CHECK_VERIFY(this));
1268 no_control_flow = false; break;
1269 case Bytecodes::_dup_x2 :
1270 {
1271 VerificationType type3;
1272 type = current_frame.pop_stack(
1273 VerificationType::category1_check(), CHECK_VERIFY(this));
1274 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1275 if (type2.is_category1()) {
1276 type3 = current_frame.pop_stack(
1277 VerificationType::category1_check(), CHECK_VERIFY(this));
1278 } else if (type2.is_category2_2nd()) {
1279 type3 = current_frame.pop_stack(
1280 VerificationType::category2_check(), CHECK_VERIFY(this));
1281 } else {
1282 /* Unreachable? Would need a category2_1st at stack depth 2 with
1283 * a category1 on TOS which does not appear possible. */
1284 verify_error(ErrorContext::bad_type(
1285 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1286 return;
1287 }
1288 current_frame.push_stack(type, CHECK_VERIFY(this));
1289 current_frame.push_stack(type3, CHECK_VERIFY(this));
1290 current_frame.push_stack(type2, CHECK_VERIFY(this));
1291 current_frame.push_stack(type, CHECK_VERIFY(this));
1292 no_control_flow = false; break;
1293 }
1294 case Bytecodes::_dup2 :
1295 type = current_frame.pop_stack(CHECK_VERIFY(this));
1296 if (type.is_category1()) {
1297 type2 = current_frame.pop_stack(
1298 VerificationType::category1_check(), CHECK_VERIFY(this));
1299 } else if (type.is_category2_2nd()) {
1300 type2 = current_frame.pop_stack(
1301 VerificationType::category2_check(), CHECK_VERIFY(this));
1302 } else {
1303 /* Unreachable? Would need a category2_1st on TOS which does not
1304 * appear possible. */
1305 verify_error(
1306 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1307 bad_type_msg, "dup2");
1308 return;
1309 }
1310 current_frame.push_stack(type2, CHECK_VERIFY(this));
1311 current_frame.push_stack(type, CHECK_VERIFY(this));
1312 current_frame.push_stack(type2, CHECK_VERIFY(this));
1313 current_frame.push_stack(type, CHECK_VERIFY(this));
1314 no_control_flow = false; break;
1315 case Bytecodes::_dup2_x1 :
1316 {
1317 VerificationType type3;
1318 type = current_frame.pop_stack(CHECK_VERIFY(this));
1319 if (type.is_category1()) {
1320 type2 = current_frame.pop_stack(
1321 VerificationType::category1_check(), CHECK_VERIFY(this));
1322 } else if (type.is_category2_2nd()) {
1323 type2 = current_frame.pop_stack(
1324 VerificationType::category2_check(), CHECK_VERIFY(this));
1325 } else {
1326 /* Unreachable? Would need a category2_1st on TOS which does
1327 * not appear possible. */
1328 verify_error(
1329 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1330 bad_type_msg, "dup2_x1");
1331 return;
1332 }
1333 type3 = current_frame.pop_stack(
1334 VerificationType::category1_check(), CHECK_VERIFY(this));
1335 current_frame.push_stack(type2, CHECK_VERIFY(this));
1336 current_frame.push_stack(type, CHECK_VERIFY(this));
1337 current_frame.push_stack(type3, CHECK_VERIFY(this));
1338 current_frame.push_stack(type2, CHECK_VERIFY(this));
1339 current_frame.push_stack(type, CHECK_VERIFY(this));
1340 no_control_flow = false; break;
1341 }
1342 case Bytecodes::_dup2_x2 :
1343 {
1344 VerificationType type3, type4;
1345 type = current_frame.pop_stack(CHECK_VERIFY(this));
1346 if (type.is_category1()) {
1347 type2 = current_frame.pop_stack(
1348 VerificationType::category1_check(), CHECK_VERIFY(this));
1349 } else if (type.is_category2_2nd()) {
1350 type2 = current_frame.pop_stack(
1351 VerificationType::category2_check(), CHECK_VERIFY(this));
1352 } else {
1353 /* Unreachable? Would need a category2_1st on TOS which does
1354 * not appear possible. */
1355 verify_error(
1356 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1357 bad_type_msg, "dup2_x2");
1358 return;
1359 }
1360 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1361 if (type3.is_category1()) {
1362 type4 = current_frame.pop_stack(
1363 VerificationType::category1_check(), CHECK_VERIFY(this));
1364 } else if (type3.is_category2_2nd()) {
1365 type4 = current_frame.pop_stack(
1366 VerificationType::category2_check(), CHECK_VERIFY(this));
1367 } else {
1368 /* Unreachable? Would need a category2_1st on TOS after popping
1369 * a long/double or two category 1's, which does not
1370 * appear possible. */
1371 verify_error(
1372 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1373 bad_type_msg, "dup2_x2");
1374 return;
1375 }
1376 current_frame.push_stack(type2, CHECK_VERIFY(this));
1377 current_frame.push_stack(type, CHECK_VERIFY(this));
1378 current_frame.push_stack(type4, CHECK_VERIFY(this));
1379 current_frame.push_stack(type3, CHECK_VERIFY(this));
1380 current_frame.push_stack(type2, CHECK_VERIFY(this));
1381 current_frame.push_stack(type, CHECK_VERIFY(this));
1382 no_control_flow = false; break;
1383 }
1384 case Bytecodes::_swap :
1385 type = current_frame.pop_stack(
1386 VerificationType::category1_check(), CHECK_VERIFY(this));
1387 type2 = current_frame.pop_stack(
1388 VerificationType::category1_check(), CHECK_VERIFY(this));
1389 current_frame.push_stack(type, CHECK_VERIFY(this));
1390 current_frame.push_stack(type2, CHECK_VERIFY(this));
1391 no_control_flow = false; break;
1392 case Bytecodes::_iadd :
1393 case Bytecodes::_isub :
1394 case Bytecodes::_imul :
1395 case Bytecodes::_idiv :
1396 case Bytecodes::_irem :
1397 case Bytecodes::_ishl :
1398 case Bytecodes::_ishr :
1399 case Bytecodes::_iushr :
1400 case Bytecodes::_ior :
1401 case Bytecodes::_ixor :
1402 case Bytecodes::_iand :
1403 current_frame.pop_stack(
1404 VerificationType::integer_type(), CHECK_VERIFY(this));
1405 // fall through
1406 case Bytecodes::_ineg :
1407 current_frame.pop_stack(
1408 VerificationType::integer_type(), CHECK_VERIFY(this));
1409 current_frame.push_stack(
1410 VerificationType::integer_type(), CHECK_VERIFY(this));
1411 no_control_flow = false; break;
1412 case Bytecodes::_ladd :
1413 case Bytecodes::_lsub :
1414 case Bytecodes::_lmul :
1415 case Bytecodes::_ldiv :
1416 case Bytecodes::_lrem :
1417 case Bytecodes::_land :
1418 case Bytecodes::_lor :
1419 case Bytecodes::_lxor :
1420 current_frame.pop_stack_2(
1421 VerificationType::long2_type(),
1422 VerificationType::long_type(), CHECK_VERIFY(this));
1423 // fall through
1424 case Bytecodes::_lneg :
1425 current_frame.pop_stack_2(
1426 VerificationType::long2_type(),
1427 VerificationType::long_type(), CHECK_VERIFY(this));
1428 current_frame.push_stack_2(
1429 VerificationType::long_type(),
1430 VerificationType::long2_type(), CHECK_VERIFY(this));
1431 no_control_flow = false; break;
1432 case Bytecodes::_lshl :
1433 case Bytecodes::_lshr :
1434 case Bytecodes::_lushr :
1435 current_frame.pop_stack(
1436 VerificationType::integer_type(), CHECK_VERIFY(this));
1437 current_frame.pop_stack_2(
1438 VerificationType::long2_type(),
1439 VerificationType::long_type(), CHECK_VERIFY(this));
1440 current_frame.push_stack_2(
1441 VerificationType::long_type(),
1442 VerificationType::long2_type(), CHECK_VERIFY(this));
1443 no_control_flow = false; break;
1444 case Bytecodes::_fadd :
1445 case Bytecodes::_fsub :
1446 case Bytecodes::_fmul :
1447 case Bytecodes::_fdiv :
1448 case Bytecodes::_frem :
1449 current_frame.pop_stack(
1450 VerificationType::float_type(), CHECK_VERIFY(this));
1451 // fall through
1452 case Bytecodes::_fneg :
1453 current_frame.pop_stack(
1454 VerificationType::float_type(), CHECK_VERIFY(this));
1455 current_frame.push_stack(
1456 VerificationType::float_type(), CHECK_VERIFY(this));
1457 no_control_flow = false; break;
1458 case Bytecodes::_dadd :
1459 case Bytecodes::_dsub :
1460 case Bytecodes::_dmul :
1461 case Bytecodes::_ddiv :
1462 case Bytecodes::_drem :
1463 current_frame.pop_stack_2(
1464 VerificationType::double2_type(),
1465 VerificationType::double_type(), CHECK_VERIFY(this));
1466 // fall through
1467 case Bytecodes::_dneg :
1468 current_frame.pop_stack_2(
1469 VerificationType::double2_type(),
1470 VerificationType::double_type(), CHECK_VERIFY(this));
1471 current_frame.push_stack_2(
1472 VerificationType::double_type(),
1473 VerificationType::double2_type(), CHECK_VERIFY(this));
1474 no_control_flow = false; break;
1475 case Bytecodes::_iinc :
1476 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1477 no_control_flow = false; break;
1478 case Bytecodes::_i2l :
1479 type = current_frame.pop_stack(
1480 VerificationType::integer_type(), CHECK_VERIFY(this));
1481 current_frame.push_stack_2(
1482 VerificationType::long_type(),
1483 VerificationType::long2_type(), CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_l2i :
1486 current_frame.pop_stack_2(
1487 VerificationType::long2_type(),
1488 VerificationType::long_type(), CHECK_VERIFY(this));
1489 current_frame.push_stack(
1490 VerificationType::integer_type(), CHECK_VERIFY(this));
1491 no_control_flow = false; break;
1492 case Bytecodes::_i2f :
1493 current_frame.pop_stack(
1494 VerificationType::integer_type(), CHECK_VERIFY(this));
1495 current_frame.push_stack(
1496 VerificationType::float_type(), CHECK_VERIFY(this));
1497 no_control_flow = false; break;
1498 case Bytecodes::_i2d :
1499 current_frame.pop_stack(
1500 VerificationType::integer_type(), CHECK_VERIFY(this));
1501 current_frame.push_stack_2(
1502 VerificationType::double_type(),
1503 VerificationType::double2_type(), CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_l2f :
1506 current_frame.pop_stack_2(
1507 VerificationType::long2_type(),
1508 VerificationType::long_type(), CHECK_VERIFY(this));
1509 current_frame.push_stack(
1510 VerificationType::float_type(), CHECK_VERIFY(this));
1511 no_control_flow = false; break;
1512 case Bytecodes::_l2d :
1513 current_frame.pop_stack_2(
1514 VerificationType::long2_type(),
1515 VerificationType::long_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack_2(
1517 VerificationType::double_type(),
1518 VerificationType::double2_type(), CHECK_VERIFY(this));
1519 no_control_flow = false; break;
1520 case Bytecodes::_f2i :
1521 current_frame.pop_stack(
1522 VerificationType::float_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack(
1524 VerificationType::integer_type(), CHECK_VERIFY(this));
1525 no_control_flow = false; break;
1526 case Bytecodes::_f2l :
1527 current_frame.pop_stack(
1528 VerificationType::float_type(), CHECK_VERIFY(this));
1529 current_frame.push_stack_2(
1530 VerificationType::long_type(),
1531 VerificationType::long2_type(), CHECK_VERIFY(this));
1532 no_control_flow = false; break;
1533 case Bytecodes::_f2d :
1534 current_frame.pop_stack(
1535 VerificationType::float_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack_2(
1537 VerificationType::double_type(),
1538 VerificationType::double2_type(), CHECK_VERIFY(this));
1539 no_control_flow = false; break;
1540 case Bytecodes::_d2i :
1541 current_frame.pop_stack_2(
1542 VerificationType::double2_type(),
1543 VerificationType::double_type(), CHECK_VERIFY(this));
1544 current_frame.push_stack(
1545 VerificationType::integer_type(), CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_d2l :
1548 current_frame.pop_stack_2(
1549 VerificationType::double2_type(),
1550 VerificationType::double_type(), CHECK_VERIFY(this));
1551 current_frame.push_stack_2(
1552 VerificationType::long_type(),
1553 VerificationType::long2_type(), CHECK_VERIFY(this));
1554 no_control_flow = false; break;
1555 case Bytecodes::_d2f :
1556 current_frame.pop_stack_2(
1557 VerificationType::double2_type(),
1558 VerificationType::double_type(), CHECK_VERIFY(this));
1559 current_frame.push_stack(
1560 VerificationType::float_type(), CHECK_VERIFY(this));
1561 no_control_flow = false; break;
1562 case Bytecodes::_i2b :
1563 case Bytecodes::_i2c :
1564 case Bytecodes::_i2s :
1565 current_frame.pop_stack(
1566 VerificationType::integer_type(), CHECK_VERIFY(this));
1567 current_frame.push_stack(
1568 VerificationType::integer_type(), CHECK_VERIFY(this));
1569 no_control_flow = false; break;
1570 case Bytecodes::_lcmp :
1571 current_frame.pop_stack_2(
1572 VerificationType::long2_type(),
1573 VerificationType::long_type(), CHECK_VERIFY(this));
1574 current_frame.pop_stack_2(
1575 VerificationType::long2_type(),
1576 VerificationType::long_type(), CHECK_VERIFY(this));
1577 current_frame.push_stack(
1578 VerificationType::integer_type(), CHECK_VERIFY(this));
1579 no_control_flow = false; break;
1580 case Bytecodes::_fcmpl :
1581 case Bytecodes::_fcmpg :
1582 current_frame.pop_stack(
1583 VerificationType::float_type(), CHECK_VERIFY(this));
1584 current_frame.pop_stack(
1585 VerificationType::float_type(), CHECK_VERIFY(this));
1586 current_frame.push_stack(
1587 VerificationType::integer_type(), CHECK_VERIFY(this));
1588 no_control_flow = false; break;
1589 case Bytecodes::_dcmpl :
1590 case Bytecodes::_dcmpg :
1591 current_frame.pop_stack_2(
1592 VerificationType::double2_type(),
1593 VerificationType::double_type(), CHECK_VERIFY(this));
1594 current_frame.pop_stack_2(
1595 VerificationType::double2_type(),
1596 VerificationType::double_type(), CHECK_VERIFY(this));
1597 current_frame.push_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 no_control_flow = false; break;
1600 case Bytecodes::_if_icmpeq:
1601 case Bytecodes::_if_icmpne:
1602 case Bytecodes::_if_icmplt:
1603 case Bytecodes::_if_icmpge:
1604 case Bytecodes::_if_icmpgt:
1605 case Bytecodes::_if_icmple:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 // fall through
1609 case Bytecodes::_ifeq:
1610 case Bytecodes::_ifne:
1611 case Bytecodes::_iflt:
1612 case Bytecodes::_ifge:
1613 case Bytecodes::_ifgt:
1614 case Bytecodes::_ifle:
1615 current_frame.pop_stack(
1616 VerificationType::integer_type(), CHECK_VERIFY(this));
1617 target = bcs.dest();
1618 stackmap_table.check_jump_target(
1619 ¤t_frame, target, CHECK_VERIFY(this));
1620 no_control_flow = false; break;
1621 case Bytecodes::_if_acmpeq :
1622 case Bytecodes::_if_acmpne :
1623 current_frame.pop_stack(
1624 VerificationType::reference_check(), CHECK_VERIFY(this));
1625 // fall through
1626 case Bytecodes::_ifnull :
1627 case Bytecodes::_ifnonnull :
1628 current_frame.pop_stack(
1629 VerificationType::reference_check(), CHECK_VERIFY(this));
1630 target = bcs.dest();
1631 stackmap_table.check_jump_target
1632 (¤t_frame, target, CHECK_VERIFY(this));
1633 no_control_flow = false; break;
1634 case Bytecodes::_goto :
1635 target = bcs.dest();
1636 stackmap_table.check_jump_target(
1637 ¤t_frame, target, CHECK_VERIFY(this));
1638 no_control_flow = true; break;
1639 case Bytecodes::_goto_w :
1640 target = bcs.dest_w();
1641 stackmap_table.check_jump_target(
1642 ¤t_frame, target, CHECK_VERIFY(this));
1643 no_control_flow = true; break;
1644 case Bytecodes::_tableswitch :
1645 case Bytecodes::_lookupswitch :
1646 verify_switch(
1647 &bcs, code_length, code_data, ¤t_frame,
1648 &stackmap_table, CHECK_VERIFY(this));
1649 no_control_flow = true; break;
1650 case Bytecodes::_ireturn :
1651 type = current_frame.pop_stack(
1652 VerificationType::integer_type(), CHECK_VERIFY(this));
1653 verify_return_value(return_type, type, bci,
1654 ¤t_frame, CHECK_VERIFY(this));
1655 no_control_flow = true; break;
1656 case Bytecodes::_lreturn :
1657 type2 = current_frame.pop_stack(
1658 VerificationType::long2_type(), CHECK_VERIFY(this));
1659 type = current_frame.pop_stack(
1660 VerificationType::long_type(), CHECK_VERIFY(this));
1661 verify_return_value(return_type, type, bci,
1662 ¤t_frame, CHECK_VERIFY(this));
1663 no_control_flow = true; break;
1664 case Bytecodes::_freturn :
1665 type = current_frame.pop_stack(
1666 VerificationType::float_type(), CHECK_VERIFY(this));
1667 verify_return_value(return_type, type, bci,
1668 ¤t_frame, CHECK_VERIFY(this));
1669 no_control_flow = true; break;
1670 case Bytecodes::_dreturn :
1671 type2 = current_frame.pop_stack(
1672 VerificationType::double2_type(), CHECK_VERIFY(this));
1673 type = current_frame.pop_stack(
1674 VerificationType::double_type(), CHECK_VERIFY(this));
1675 verify_return_value(return_type, type, bci,
1676 ¤t_frame, CHECK_VERIFY(this));
1677 no_control_flow = true; break;
1678 case Bytecodes::_areturn :
1679 type = current_frame.pop_stack(
1680 VerificationType::reference_check(), CHECK_VERIFY(this));
1681 verify_return_value(return_type, type, bci,
1682 ¤t_frame, CHECK_VERIFY(this));
1683 no_control_flow = true; break;
1684 case Bytecodes::_return :
1685 if (return_type != VerificationType::bogus_type()) {
1686 verify_error(ErrorContext::bad_code(bci),
1687 "Method expects a return value");
1688 return;
1689 }
1690 // Make sure "this" has been initialized if current method is an
1691 // <init>.
1692 if (_method->name() == vmSymbols::object_initializer_name() &&
1693 current_frame.flag_this_uninit()) {
1694 verify_error(ErrorContext::bad_code(bci),
1695 "Constructor must call super() or this() "
1696 "before return");
1697 return;
1698 }
1699 no_control_flow = true; break;
1700 case Bytecodes::_getstatic :
1701 case Bytecodes::_putstatic :
1702 // pass TRUE, operand can be an array type for getstatic/putstatic.
1703 verify_field_instructions(
1704 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_getfield :
1707 case Bytecodes::_putfield :
1708 // pass FALSE, operand can't be an array type for getfield/putfield.
1709 verify_field_instructions(
1710 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1711 no_control_flow = false; break;
1712 case Bytecodes::_invokevirtual :
1713 case Bytecodes::_invokespecial :
1714 case Bytecodes::_invokestatic :
1715 verify_invoke_instructions(
1716 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1717 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_invokeinterface :
1720 case Bytecodes::_invokedynamic :
1721 verify_invoke_instructions(
1722 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1723 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1724 no_control_flow = false; break;
1725 case Bytecodes::_new :
1726 {
1727 u2 index = bcs.get_index_u2();
1728 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1729 VerificationType new_class_type =
1730 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1731 if (!new_class_type.is_object()) {
1732 verify_error(ErrorContext::bad_type(bci,
1733 TypeOrigin::cp(index, new_class_type)),
1734 "Illegal new instruction");
1735 return;
1736 }
1737 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1738 current_frame.push_stack(type, CHECK_VERIFY(this));
1739 no_control_flow = false; break;
1740 }
1741 case Bytecodes::_newarray :
1742 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1743 current_frame.pop_stack(
1744 VerificationType::integer_type(), CHECK_VERIFY(this));
1745 current_frame.push_stack(type, CHECK_VERIFY(this));
1746 no_control_flow = false; break;
1747 case Bytecodes::_anewarray :
1748 verify_anewarray(
1749 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1750 no_control_flow = false; break;
1751 case Bytecodes::_arraylength :
1752 type = current_frame.pop_stack(
1753 VerificationType::reference_check(), CHECK_VERIFY(this));
1754 if (!(type.is_null() || type.is_array())) {
1755 verify_error(ErrorContext::bad_type(
1756 bci, current_frame.stack_top_ctx()),
1757 bad_type_msg, "arraylength");
1758 }
1759 current_frame.push_stack(
1760 VerificationType::integer_type(), CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 case Bytecodes::_checkcast :
1763 {
1764 u2 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 VerificationType klass_type = cp_index_to_type(
1768 index, cp, CHECK_VERIFY(this));
1769 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 }
1772 case Bytecodes::_instanceof : {
1773 u2 index = bcs.get_index_u2();
1774 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1775 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1776 current_frame.push_stack(
1777 VerificationType::integer_type(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 }
1780 case Bytecodes::_monitorenter :
1781 case Bytecodes::_monitorexit :
1782 current_frame.pop_stack(
1783 VerificationType::reference_check(), CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 case Bytecodes::_multianewarray :
1786 {
1787 u2 index = bcs.get_index_u2();
1788 u2 dim = *(bcs.bcp()+3);
1789 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1790 VerificationType new_array_type =
1791 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1792 if (!new_array_type.is_array()) {
1793 verify_error(ErrorContext::bad_type(bci,
1794 TypeOrigin::cp(index, new_array_type)),
1795 "Illegal constant pool index in multianewarray instruction");
1796 return;
1797 }
1798 if (dim < 1 || new_array_type.dimensions() < dim) {
1799 verify_error(ErrorContext::bad_code(bci),
1800 "Illegal dimension in multianewarray instruction: %d", dim);
1801 return;
1802 }
1803 for (int i = 0; i < dim; i++) {
1804 current_frame.pop_stack(
1805 VerificationType::integer_type(), CHECK_VERIFY(this));
1806 }
1807 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1808 no_control_flow = false; break;
1809 }
1810 case Bytecodes::_athrow :
1811 type = VerificationType::reference_type(
1812 vmSymbols::java_lang_Throwable());
1813 current_frame.pop_stack(type, CHECK_VERIFY(this));
1814 no_control_flow = true; break;
1815 default:
1816 // We only need to check the valid bytecodes in class file.
1817 // And jsr and ret are not in the new class file format in JDK1.6.
1818 verify_error(ErrorContext::bad_code(bci),
1819 "Bad instruction: %02x", opcode);
1820 no_control_flow = false;
1821 return;
1822 } // end switch
1823 } // end Merge with the next instruction
1824
1825 // Look for possible jump target in exception handlers and see if it matches
1826 // current_frame. Don't do this check if it has already been done (for
1827 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1828 // opcodes, such as invokespecial, may set the this_uninit flag.
1829 assert(!(verified_exc_handlers && this_uninit),
1830 "Exception handler targets got verified before this_uninit got set");
1831 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1832 if (was_recursively_verified()) return;
1833 verify_exception_handler_targets(
1834 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1835 }
1836 } // end while
1837
1838 // Make sure that control flow does not fall through end of the method
1839 if (!no_control_flow) {
1840 verify_error(ErrorContext::bad_code(code_length),
1841 "Control flow falls through code end");
1842 return;
1843 }
1844 }
1845
1846 #undef bad_type_message
1847
1848 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1849 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1850 memset(code_data, 0, sizeof(char) * code_length);
1851 RawBytecodeStream bcs(m);
1852
1853 while (!bcs.is_last_bytecode()) {
1854 if (bcs.raw_next() != Bytecodes::_illegal) {
1855 int bci = bcs.bci();
1856 if (bcs.raw_code() == Bytecodes::_new) {
1857 code_data[bci] = NEW_OFFSET;
1858 } else {
1859 code_data[bci] = BYTECODE_OFFSET;
1860 }
1861 } else {
1862 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1863 return nullptr;
1864 }
1865 }
1866
1867 return code_data;
1868 }
1869
1870 // Since this method references the constant pool, call was_recursively_verified()
1871 // before calling this method to make sure a prior class load did not cause the
1872 // current class to get verified.
1873 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1874 ExceptionTable exhandlers(_method());
1875 int exlength = exhandlers.length();
1876 constantPoolHandle cp (THREAD, _method->constants());
1877
1878 for(int i = 0; i < exlength; i++) {
1879 u2 start_pc = exhandlers.start_pc(i);
1880 u2 end_pc = exhandlers.end_pc(i);
1881 u2 handler_pc = exhandlers.handler_pc(i);
1882 if (start_pc >= code_length || code_data[start_pc] == 0) {
1883 class_format_error("Illegal exception table start_pc %d", start_pc);
1884 return;
1885 }
1886 if (end_pc != code_length) { // special case: end_pc == code_length
1887 if (end_pc > code_length || code_data[end_pc] == 0) {
1888 class_format_error("Illegal exception table end_pc %d", end_pc);
1889 return;
1890 }
1891 }
1892 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1893 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1894 return;
1895 }
1896 u2 catch_type_index = exhandlers.catch_type_index(i);
1897 if (catch_type_index != 0) {
1898 VerificationType catch_type = cp_index_to_type(
1899 catch_type_index, cp, CHECK_VERIFY(this));
1900 VerificationType throwable =
1901 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1902 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1903 // do that, and we need to avoid a runtime resolution in case we are trying to
1904 // catch OutOfMemoryError.
1905 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1906 cp->klass_at(catch_type_index, CHECK);
1907 }
1908 bool is_subclass = throwable.is_assignable_from(
1909 catch_type, this, false, CHECK_VERIFY(this));
1910 if (!is_subclass) {
1911 // 4286534: should throw VerifyError according to recent spec change
1912 verify_error(ErrorContext::bad_type(handler_pc,
1913 TypeOrigin::cp(catch_type_index, catch_type),
1914 TypeOrigin::implicit(throwable)),
1915 "Catch type is not a subclass "
1916 "of Throwable in exception handler %d", handler_pc);
1917 return;
1918 }
1919 }
1920 if (start_pc < min) min = start_pc;
1921 if (end_pc > max) max = end_pc;
1922 }
1923 }
1924
1925 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1926 int localvariable_table_length = _method->localvariable_table_length();
1927 if (localvariable_table_length > 0) {
1928 LocalVariableTableElement* table = _method->localvariable_table_start();
1929 for (int i = 0; i < localvariable_table_length; i++) {
1930 u2 start_bci = table[i].start_bci;
1931 u2 length = table[i].length;
1932
1933 if (start_bci >= code_length || code_data[start_bci] == 0) {
1934 class_format_error(
1935 "Illegal local variable table start_pc %d", start_bci);
1936 return;
1937 }
1938 u4 end_bci = (u4)(start_bci + length);
1939 if (end_bci != code_length) {
1940 if (end_bci >= code_length || code_data[end_bci] == 0) {
1941 class_format_error( "Illegal local variable table length %d", length);
1942 return;
1943 }
1944 }
1945 }
1946 }
1947 }
1948
1949 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1950 StackMapFrame* current_frame,
1951 StackMapTable* stackmap_table,
1952 bool no_control_flow, TRAPS) {
1953 if (stackmap_index < stackmap_table->get_frame_count()) {
1954 int this_offset = stackmap_table->get_offset(stackmap_index);
1955 if (no_control_flow && this_offset > bci) {
1956 verify_error(ErrorContext::missing_stackmap(bci),
1957 "Expecting a stack map frame");
1958 return 0;
1959 }
1960 if (this_offset == bci) {
1961 ErrorContext ctx;
1962 // See if current stack map can be assigned to the frame in table.
1963 // current_frame is the stackmap frame got from the last instruction.
1964 // If matched, current_frame will be updated by this method.
1965 bool matches = stackmap_table->match_stackmap(
1966 current_frame, this_offset, stackmap_index,
1967 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1968 if (!matches) {
1969 // report type error
1970 verify_error(ctx, "Instruction type does not match stack map");
1971 return 0;
1972 }
1973 stackmap_index++;
1974 } else if (this_offset < bci) {
1975 // current_offset should have met this_offset.
1976 class_format_error("Bad stack map offset %d", this_offset);
1977 return 0;
1978 }
1979 } else if (no_control_flow) {
1980 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1981 return 0;
1982 }
1983 return stackmap_index;
1984 }
1985
1986 // Since this method references the constant pool, call was_recursively_verified()
1987 // before calling this method to make sure a prior class load did not cause the
1988 // current class to get verified.
1989 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1990 StackMapFrame* current_frame,
1991 StackMapTable* stackmap_table, TRAPS) {
1992 constantPoolHandle cp (THREAD, _method->constants());
1993 ExceptionTable exhandlers(_method());
1994 int exlength = exhandlers.length();
1995 for(int i = 0; i < exlength; i++) {
1996 u2 start_pc = exhandlers.start_pc(i);
1997 u2 end_pc = exhandlers.end_pc(i);
1998 u2 handler_pc = exhandlers.handler_pc(i);
1999 int catch_type_index = exhandlers.catch_type_index(i);
2000 if(bci >= start_pc && bci < end_pc) {
2001 u1 flags = current_frame->flags();
2002 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2003 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2004 if (catch_type_index != 0) {
2005 if (was_recursively_verified()) return;
2006 // We know that this index refers to a subclass of Throwable
2007 VerificationType catch_type = cp_index_to_type(
2008 catch_type_index, cp, CHECK_VERIFY(this));
2009 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2010 } else {
2011 VerificationType throwable =
2012 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2013 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2014 }
2015 ErrorContext ctx;
2016 bool matches = stackmap_table->match_stackmap(
2017 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2018 if (!matches) {
2019 verify_error(ctx, "Stack map does not match the one at "
2020 "exception handler %d", handler_pc);
2021 return;
2022 }
2023 }
2024 }
2025 }
2026
2027 void ClassVerifier::verify_cp_index(
2028 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2029 int nconstants = cp->length();
2030 if ((index <= 0) || (index >= nconstants)) {
2031 verify_error(ErrorContext::bad_cp_index(bci, index),
2032 "Illegal constant pool index %d in class %s",
2033 index, cp->pool_holder()->external_name());
2034 return;
2035 }
2036 }
2037
2038 void ClassVerifier::verify_cp_type(
2039 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2040
2041 // In some situations, bytecode rewriting may occur while we're verifying.
2042 // In this case, a constant pool cache exists and some indices refer to that
2043 // instead. Be sure we don't pick up such indices by accident.
2044 // We must check was_recursively_verified() before we get here.
2045 guarantee(cp->cache() == nullptr, "not rewritten yet");
2046
2047 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2048 unsigned int tag = cp->tag_at(index).value();
2049 if ((types & (1 << tag)) == 0) {
2050 verify_error(ErrorContext::bad_cp_index(bci, index),
2051 "Illegal type at constant pool entry %d in class %s",
2052 index, cp->pool_holder()->external_name());
2053 return;
2054 }
2055 }
2056
2057 void ClassVerifier::verify_cp_class_type(
2058 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2059 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2060 constantTag tag = cp->tag_at(index);
2061 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2062 verify_error(ErrorContext::bad_cp_index(bci, index),
2063 "Illegal type at constant pool entry %d in class %s",
2064 index, cp->pool_holder()->external_name());
2065 return;
2066 }
2067 }
2068
2069 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2070 stringStream ss;
2071
2072 ctx.reset_frames();
2073 _exception_type = vmSymbols::java_lang_VerifyError();
2074 _error_context = ctx;
2075 va_list va;
2076 va_start(va, msg);
2077 ss.vprint(msg, va);
2078 va_end(va);
2079 _message = ss.as_string();
2080 #ifdef ASSERT
2081 ResourceMark rm;
2082 const char* exception_name = _exception_type->as_C_string();
2083 Exceptions::debug_check_abort(exception_name, nullptr);
2084 #endif // ndef ASSERT
2085 }
2086
2087 void ClassVerifier::class_format_error(const char* msg, ...) {
2088 stringStream ss;
2089 _exception_type = vmSymbols::java_lang_ClassFormatError();
2090 va_list va;
2091 va_start(va, msg);
2092 ss.vprint(msg, va);
2093 va_end(va);
2094 if (!_method.is_null()) {
2095 ss.print(" in method '");
2096 _method->print_external_name(&ss);
2097 ss.print("'");
2098 }
2099 _message = ss.as_string();
2100 }
2101
2102 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2103 HandleMark hm(THREAD);
2104 // Get current loader and protection domain first.
2105 oop loader = current_class()->class_loader();
2106 oop protection_domain = current_class()->protection_domain();
2107
2108 assert(name_in_supers(name, current_class()), "name should be a super class");
2109
2110 Klass* kls = SystemDictionary::resolve_or_fail(
2111 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2112 true, THREAD);
2113
2114 if (kls != nullptr) {
2115 if (log_is_enabled(Debug, class, resolve)) {
2116 Verifier::trace_class_resolution(kls, current_class());
2117 }
2118 }
2119 return kls;
2120 }
2121
2122 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2123 Klass* target_class,
2124 Symbol* field_name,
2125 Symbol* field_sig,
2126 bool is_method) {
2127 NoSafepointVerifier nosafepoint;
2128
2129 // If target class isn't a super class of this class, we don't worry about this case
2130 if (!this_class->is_subclass_of(target_class)) {
2131 return false;
2132 }
2133 // Check if the specified method or field is protected
2134 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2135 fieldDescriptor fd;
2136 if (is_method) {
2137 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2138 if (m != nullptr && m->is_protected()) {
2139 if (!this_class->is_same_class_package(m->method_holder())) {
2140 return true;
2141 }
2142 }
2143 } else {
2144 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2145 if (member_klass != nullptr && fd.is_protected()) {
2146 if (!this_class->is_same_class_package(member_klass)) {
2147 return true;
2148 }
2149 }
2150 }
2151 return false;
2152 }
2153
2154 void ClassVerifier::verify_ldc(
2155 int opcode, u2 index, StackMapFrame* current_frame,
2156 const constantPoolHandle& cp, int bci, TRAPS) {
2157 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2158 constantTag tag = cp->tag_at(index);
2159 unsigned int types = 0;
2160 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2161 if (!tag.is_unresolved_klass()) {
2162 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2163 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2164 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2165 | (1 << JVM_CONSTANT_Dynamic);
2166 // Note: The class file parser already verified the legality of
2167 // MethodHandle and MethodType constants.
2168 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2169 }
2170 } else {
2171 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2172 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2173 | (1 << JVM_CONSTANT_Dynamic);
2174 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2175 }
2176 if (tag.is_string()) {
2177 current_frame->push_stack(
2178 VerificationType::reference_type(
2179 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2180 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2181 current_frame->push_stack(
2182 VerificationType::reference_type(
2183 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2184 } else if (tag.is_int()) {
2185 current_frame->push_stack(
2186 VerificationType::integer_type(), CHECK_VERIFY(this));
2187 } else if (tag.is_float()) {
2188 current_frame->push_stack(
2189 VerificationType::float_type(), CHECK_VERIFY(this));
2190 } else if (tag.is_double()) {
2191 current_frame->push_stack_2(
2192 VerificationType::double_type(),
2193 VerificationType::double2_type(), CHECK_VERIFY(this));
2194 } else if (tag.is_long()) {
2195 current_frame->push_stack_2(
2196 VerificationType::long_type(),
2197 VerificationType::long2_type(), CHECK_VERIFY(this));
2198 } else if (tag.is_method_handle()) {
2199 current_frame->push_stack(
2200 VerificationType::reference_type(
2201 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2202 } else if (tag.is_method_type()) {
2203 current_frame->push_stack(
2204 VerificationType::reference_type(
2205 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2206 } else if (tag.is_dynamic_constant()) {
2207 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2208 // Field signature was checked in ClassFileParser.
2209 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2210 "Invalid type for dynamic constant");
2211 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2212 "buffer type must match VerificationType size");
2213 uintptr_t constant_type_buffer[2];
2214 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2215 SignatureStream sig_stream(constant_type, false);
2216 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2217 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2218 if (n != opcode_n) {
2219 // wrong kind of ldc; reverify against updated type mask
2220 types &= ~(1 << JVM_CONSTANT_Dynamic);
2221 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2222 }
2223 for (int i = 0; i < n; i++) {
2224 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2225 }
2226 } else {
2227 /* Unreachable? verify_cp_type has already validated the cp type. */
2228 verify_error(
2229 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2230 return;
2231 }
2232 }
2233
2234 void ClassVerifier::verify_switch(
2235 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2236 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2237 int bci = bcs->bci();
2238 address bcp = bcs->bcp();
2239 address aligned_bcp = align_up(bcp + 1, jintSize);
2240
2241 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2242 // 4639449 & 4647081: padding bytes must be 0
2243 u2 padding_offset = 1;
2244 while ((bcp + padding_offset) < aligned_bcp) {
2245 if(*(bcp + padding_offset) != 0) {
2246 verify_error(ErrorContext::bad_code(bci),
2247 "Nonzero padding byte in lookupswitch or tableswitch");
2248 return;
2249 }
2250 padding_offset++;
2251 }
2252 }
2253
2254 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2255 int keys, delta;
2256 current_frame->pop_stack(
2257 VerificationType::integer_type(), CHECK_VERIFY(this));
2258 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2259 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2260 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2261 if (low > high) {
2262 verify_error(ErrorContext::bad_code(bci),
2263 "low must be less than or equal to high in tableswitch");
2264 return;
2265 }
2266 int64_t keys64 = ((int64_t)high - low) + 1;
2267 if (keys64 > 65535) { // Max code length
2268 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2269 return;
2270 }
2271 keys = (int)keys64;
2272 delta = 1;
2273 } else {
2274 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2275 if (keys < 0) {
2276 verify_error(ErrorContext::bad_code(bci),
2277 "number of keys in lookupswitch less than 0");
2278 return;
2279 }
2280 delta = 2;
2281 // Make sure that the lookupswitch items are sorted
2282 for (int i = 0; i < (keys - 1); i++) {
2283 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2284 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2285 if (this_key >= next_key) {
2286 verify_error(ErrorContext::bad_code(bci),
2287 "Bad lookupswitch instruction");
2288 return;
2289 }
2290 }
2291 }
2292 int target = bci + default_offset;
2293 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2294 for (int i = 0; i < keys; i++) {
2295 // Because check_jump_target() may safepoint, the bytecode could have
2296 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2297 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2298 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2299 stackmap_table->check_jump_target(
2300 current_frame, target, CHECK_VERIFY(this));
2301 }
2302 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2303 }
2304
2305 bool ClassVerifier::name_in_supers(
2306 Symbol* ref_name, InstanceKlass* current) {
2307 Klass* super = current->super();
2308 while (super != nullptr) {
2309 if (super->name() == ref_name) {
2310 return true;
2311 }
2312 super = super->super();
2313 }
2314 return false;
2315 }
2316
2317 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2318 StackMapFrame* current_frame,
2319 const constantPoolHandle& cp,
2320 bool allow_arrays,
2321 TRAPS) {
2322 u2 index = bcs->get_index_u2();
2323 verify_cp_type(bcs->bci(), index, cp,
2324 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2325
2326 // Get field name and signature
2327 Symbol* field_name = cp->uncached_name_ref_at(index);
2328 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2329 bool is_getfield = false;
2330
2331 // Field signature was checked in ClassFileParser.
2332 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2333 "Invalid field signature");
2334
2335 // Get referenced class type
2336 VerificationType ref_class_type = cp_ref_index_to_type(
2337 index, cp, CHECK_VERIFY(this));
2338 if (!ref_class_type.is_object() &&
2339 (!allow_arrays || !ref_class_type.is_array())) {
2340 verify_error(ErrorContext::bad_type(bcs->bci(),
2341 TypeOrigin::cp(index, ref_class_type)),
2342 "Expecting reference to class in class %s at constant pool index %d",
2343 _klass->external_name(), index);
2344 return;
2345 }
2346 VerificationType target_class_type = ref_class_type;
2347
2348 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2349 "buffer type must match VerificationType size");
2350 uintptr_t field_type_buffer[2];
2351 VerificationType* field_type = (VerificationType*)field_type_buffer;
2352 // If we make a VerificationType[2] array directly, the compiler calls
2353 // to the c-runtime library to do the allocation instead of just
2354 // stack allocating it. Plus it would run constructors. This shows up
2355 // in performance profiles.
2356
2357 SignatureStream sig_stream(field_sig, false);
2358 VerificationType stack_object_type;
2359 int n = change_sig_to_verificationType(&sig_stream, field_type);
2360 int bci = bcs->bci();
2361 bool is_assignable;
2362 switch (bcs->raw_code()) {
2363 case Bytecodes::_getstatic: {
2364 for (int i = 0; i < n; i++) {
2365 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2366 }
2367 break;
2368 }
2369 case Bytecodes::_putstatic: {
2370 for (int i = n - 1; i >= 0; i--) {
2371 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2372 }
2373 break;
2374 }
2375 case Bytecodes::_getfield: {
2376 is_getfield = true;
2377 stack_object_type = current_frame->pop_stack(
2378 target_class_type, CHECK_VERIFY(this));
2379 goto check_protected;
2380 }
2381 case Bytecodes::_putfield: {
2382 for (int i = n - 1; i >= 0; i--) {
2383 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2384 }
2385 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2386
2387 // The JVMS 2nd edition allows field initialization before the superclass
2388 // initializer, if the field is defined within the current class.
2389 fieldDescriptor fd;
2390 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2391 target_class_type.equals(current_type()) &&
2392 _klass->find_local_field(field_name, field_sig, &fd)) {
2393 stack_object_type = current_type();
2394 }
2395 is_assignable = target_class_type.is_assignable_from(
2396 stack_object_type, this, false, CHECK_VERIFY(this));
2397 if (!is_assignable) {
2398 verify_error(ErrorContext::bad_type(bci,
2399 current_frame->stack_top_ctx(),
2400 TypeOrigin::cp(index, target_class_type)),
2401 "Bad type on operand stack in putfield");
2402 return;
2403 }
2404 }
2405 check_protected: {
2406 if (_this_type == stack_object_type)
2407 break; // stack_object_type must be assignable to _current_class_type
2408 if (was_recursively_verified()) {
2409 if (is_getfield) {
2410 // Push field type for getfield.
2411 for (int i = 0; i < n; i++) {
2412 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2413 }
2414 }
2415 return;
2416 }
2417 Symbol* ref_class_name =
2418 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2419 if (!name_in_supers(ref_class_name, current_class()))
2420 // stack_object_type must be assignable to _current_class_type since:
2421 // 1. stack_object_type must be assignable to ref_class.
2422 // 2. ref_class must be _current_class or a subclass of it. It can't
2423 // be a superclass of it. See revised JVMS 5.4.4.
2424 break;
2425
2426 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2427 if (is_protected_access(current_class(), ref_class_oop, field_name,
2428 field_sig, false)) {
2429 // It's protected access, check if stack object is assignable to
2430 // current class.
2431 is_assignable = current_type().is_assignable_from(
2432 stack_object_type, this, true, CHECK_VERIFY(this));
2433 if (!is_assignable) {
2434 verify_error(ErrorContext::bad_type(bci,
2435 current_frame->stack_top_ctx(),
2436 TypeOrigin::implicit(current_type())),
2437 "Bad access to protected data in %s",
2438 is_getfield ? "getfield" : "putfield");
2439 return;
2440 }
2441 }
2442 break;
2443 }
2444 default: ShouldNotReachHere();
2445 }
2446 if (is_getfield) {
2447 // Push field type for getfield after doing protection check.
2448 for (int i = 0; i < n; i++) {
2449 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2450 }
2451 }
2452 }
2453
2454 // Look at the method's handlers. If the bci is in the handler's try block
2455 // then check if the handler_pc is already on the stack. If not, push it
2456 // unless the handler has already been scanned.
2457 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2458 GrowableArray<u4>* handler_list,
2459 GrowableArray<u4>* handler_stack,
2460 u4 bci) {
2461 int exlength = exhandlers->length();
2462 for(int x = 0; x < exlength; x++) {
2463 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2464 u4 exhandler_pc = exhandlers->handler_pc(x);
2465 if (!handler_list->contains(exhandler_pc)) {
2466 handler_stack->append_if_missing(exhandler_pc);
2467 handler_list->append(exhandler_pc);
2468 }
2469 }
2470 }
2471 }
2472
2473 // Return TRUE if all code paths starting with start_bc_offset end in
2474 // bytecode athrow or loop.
2475 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2476 ResourceMark rm;
2477 // Create bytecode stream.
2478 RawBytecodeStream bcs(method());
2479 int code_length = method()->code_size();
2480 bcs.set_start(start_bc_offset);
2481
2482 // Create stack for storing bytecode start offsets for if* and *switch.
2483 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2484 // Create stack for handlers for try blocks containing this handler.
2485 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2486 // Create list of handlers that have been pushed onto the handler_stack
2487 // so that handlers embedded inside of their own TRY blocks only get
2488 // scanned once.
2489 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2490 // Create list of visited branch opcodes (goto* and if*).
2491 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2492 ExceptionTable exhandlers(_method());
2493
2494 while (true) {
2495 if (bcs.is_last_bytecode()) {
2496 // if no more starting offsets to parse or if at the end of the
2497 // method then return false.
2498 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2499 return false;
2500 // Pop a bytecode starting offset and scan from there.
2501 bcs.set_start(bci_stack->pop());
2502 }
2503 Bytecodes::Code opcode = bcs.raw_next();
2504 int bci = bcs.bci();
2505
2506 // If the bytecode is in a TRY block, push its handlers so they
2507 // will get parsed.
2508 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2509
2510 switch (opcode) {
2511 case Bytecodes::_if_icmpeq:
2512 case Bytecodes::_if_icmpne:
2513 case Bytecodes::_if_icmplt:
2514 case Bytecodes::_if_icmpge:
2515 case Bytecodes::_if_icmpgt:
2516 case Bytecodes::_if_icmple:
2517 case Bytecodes::_ifeq:
2518 case Bytecodes::_ifne:
2519 case Bytecodes::_iflt:
2520 case Bytecodes::_ifge:
2521 case Bytecodes::_ifgt:
2522 case Bytecodes::_ifle:
2523 case Bytecodes::_if_acmpeq:
2524 case Bytecodes::_if_acmpne:
2525 case Bytecodes::_ifnull:
2526 case Bytecodes::_ifnonnull: {
2527 int target = bcs.dest();
2528 if (visited_branches->contains(bci)) {
2529 if (bci_stack->is_empty()) {
2530 if (handler_stack->is_empty()) {
2531 return true;
2532 } else {
2533 // Parse the catch handlers for try blocks containing athrow.
2534 bcs.set_start(handler_stack->pop());
2535 }
2536 } else {
2537 // Pop a bytecode starting offset and scan from there.
2538 bcs.set_start(bci_stack->pop());
2539 }
2540 } else {
2541 if (target > bci) { // forward branch
2542 if (target >= code_length) return false;
2543 // Push the branch target onto the stack.
2544 bci_stack->push(target);
2545 // then, scan bytecodes starting with next.
2546 bcs.set_start(bcs.next_bci());
2547 } else { // backward branch
2548 // Push bytecode offset following backward branch onto the stack.
2549 bci_stack->push(bcs.next_bci());
2550 // Check bytecodes starting with branch target.
2551 bcs.set_start(target);
2552 }
2553 // Record target so we don't branch here again.
2554 visited_branches->append(bci);
2555 }
2556 break;
2557 }
2558
2559 case Bytecodes::_goto:
2560 case Bytecodes::_goto_w: {
2561 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2562 if (visited_branches->contains(bci)) {
2563 if (bci_stack->is_empty()) {
2564 if (handler_stack->is_empty()) {
2565 return true;
2566 } else {
2567 // Parse the catch handlers for try blocks containing athrow.
2568 bcs.set_start(handler_stack->pop());
2569 }
2570 } else {
2571 // Been here before, pop new starting offset from stack.
2572 bcs.set_start(bci_stack->pop());
2573 }
2574 } else {
2575 if (target >= code_length) return false;
2576 // Continue scanning from the target onward.
2577 bcs.set_start(target);
2578 // Record target so we don't branch here again.
2579 visited_branches->append(bci);
2580 }
2581 break;
2582 }
2583
2584 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2585 // is difficult to determine where each switch alternative ends, parse
2586 // each switch alternative until either hit a 'return', 'athrow', or reach
2587 // the end of the method's bytecodes. This is gross but should be okay
2588 // because:
2589 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2590 // constructor invocations should be rare.
2591 // 2. if each switch alternative ends in an athrow then the parsing should be
2592 // short. If there is no athrow then it is bogus code, anyway.
2593 case Bytecodes::_lookupswitch:
2594 case Bytecodes::_tableswitch:
2595 {
2596 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2597 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2598 int keys, delta;
2599 if (opcode == Bytecodes::_tableswitch) {
2600 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2601 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2602 // This is invalid, but let the regular bytecode verifier
2603 // report this because the user will get a better error message.
2604 if (low > high) return true;
2605 keys = high - low + 1;
2606 delta = 1;
2607 } else {
2608 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2609 delta = 2;
2610 }
2611 // Invalid, let the regular bytecode verifier deal with it.
2612 if (keys < 0) return true;
2613
2614 // Push the offset of the next bytecode onto the stack.
2615 bci_stack->push(bcs.next_bci());
2616
2617 // Push the switch alternatives onto the stack.
2618 for (int i = 0; i < keys; i++) {
2619 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2620 if (target > code_length) return false;
2621 bci_stack->push(target);
2622 }
2623
2624 // Start bytecode parsing for the switch at the default alternative.
2625 if (default_offset > code_length) return false;
2626 bcs.set_start(default_offset);
2627 break;
2628 }
2629
2630 case Bytecodes::_return:
2631 return false;
2632
2633 case Bytecodes::_athrow:
2634 {
2635 if (bci_stack->is_empty()) {
2636 if (handler_stack->is_empty()) {
2637 return true;
2638 } else {
2639 // Parse the catch handlers for try blocks containing athrow.
2640 bcs.set_start(handler_stack->pop());
2641 }
2642 } else {
2643 // Pop a bytecode offset and starting scanning from there.
2644 bcs.set_start(bci_stack->pop());
2645 }
2646 }
2647 break;
2648
2649 default:
2650 ;
2651 } // end switch
2652 } // end while loop
2653
2654 return false;
2655 }
2656
2657 void ClassVerifier::verify_invoke_init(
2658 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2659 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2660 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2661 TRAPS) {
2662 int bci = bcs->bci();
2663 VerificationType type = current_frame->pop_stack(
2664 VerificationType::reference_check(), CHECK_VERIFY(this));
2665 if (type == VerificationType::uninitialized_this_type()) {
2666 // The method must be an <init> method of this class or its superclass
2667 Klass* superk = current_class()->super();
2668 if (ref_class_type.name() != current_class()->name() &&
2669 ref_class_type.name() != superk->name()) {
2670 verify_error(ErrorContext::bad_type(bci,
2671 TypeOrigin::implicit(ref_class_type),
2672 TypeOrigin::implicit(current_type())),
2673 "Bad <init> method call");
2674 return;
2675 }
2676
2677 // If this invokespecial call is done from inside of a TRY block then make
2678 // sure that all catch clause paths end in a throw. Otherwise, this can
2679 // result in returning an incomplete object.
2680 if (in_try_block) {
2681 ExceptionTable exhandlers(_method());
2682 int exlength = exhandlers.length();
2683 for(int i = 0; i < exlength; i++) {
2684 u2 start_pc = exhandlers.start_pc(i);
2685 u2 end_pc = exhandlers.end_pc(i);
2686
2687 if (bci >= start_pc && bci < end_pc) {
2688 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2689 verify_error(ErrorContext::bad_code(bci),
2690 "Bad <init> method call from after the start of a try block");
2691 return;
2692 } else if (log_is_enabled(Debug, verification)) {
2693 ResourceMark rm(THREAD);
2694 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2695 current_class()->name()->as_C_string());
2696 }
2697 }
2698 }
2699
2700 // Check the exception handler target stackmaps with the locals from the
2701 // incoming stackmap (before initialize_object() changes them to outgoing
2702 // state).
2703 if (was_recursively_verified()) return;
2704 verify_exception_handler_targets(bci, true, current_frame,
2705 stackmap_table, CHECK_VERIFY(this));
2706 } // in_try_block
2707
2708 current_frame->initialize_object(type, current_type());
2709 *this_uninit = true;
2710 } else if (type.is_uninitialized()) {
2711 u2 new_offset = type.bci();
2712 address new_bcp = bcs->bcp() - bci + new_offset;
2713 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2714 /* Unreachable? Stack map parsing ensures valid type and new
2715 * instructions have a valid BCI. */
2716 verify_error(ErrorContext::bad_code(new_offset),
2717 "Expecting new instruction");
2718 return;
2719 }
2720 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2721 if (was_recursively_verified()) return;
2722 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2723
2724 // The method must be an <init> method of the indicated class
2725 VerificationType new_class_type = cp_index_to_type(
2726 new_class_index, cp, CHECK_VERIFY(this));
2727 if (!new_class_type.equals(ref_class_type)) {
2728 verify_error(ErrorContext::bad_type(bci,
2729 TypeOrigin::cp(new_class_index, new_class_type),
2730 TypeOrigin::cp(ref_class_index, ref_class_type)),
2731 "Call to wrong <init> method");
2732 return;
2733 }
2734 // According to the VM spec, if the referent class is a superclass of the
2735 // current class, and is in a different runtime package, and the method is
2736 // protected, then the objectref must be the current class or a subclass
2737 // of the current class.
2738 VerificationType objectref_type = new_class_type;
2739 if (name_in_supers(ref_class_type.name(), current_class())) {
2740 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2741 if (was_recursively_verified()) return;
2742 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2743 vmSymbols::object_initializer_name(),
2744 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2745 Klass::OverpassLookupMode::find);
2746 // Do nothing if method is not found. Let resolution detect the error.
2747 if (m != nullptr) {
2748 InstanceKlass* mh = m->method_holder();
2749 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2750 bool assignable = current_type().is_assignable_from(
2751 objectref_type, this, true, CHECK_VERIFY(this));
2752 if (!assignable) {
2753 verify_error(ErrorContext::bad_type(bci,
2754 TypeOrigin::cp(new_class_index, objectref_type),
2755 TypeOrigin::implicit(current_type())),
2756 "Bad access to protected <init> method");
2757 return;
2758 }
2759 }
2760 }
2761 }
2762 // Check the exception handler target stackmaps with the locals from the
2763 // incoming stackmap (before initialize_object() changes them to outgoing
2764 // state).
2765 if (in_try_block) {
2766 if (was_recursively_verified()) return;
2767 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2768 stackmap_table, CHECK_VERIFY(this));
2769 }
2770 current_frame->initialize_object(type, new_class_type);
2771 } else {
2772 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2773 "Bad operand type when invoking <init>");
2774 return;
2775 }
2776 }
2777
2778 bool ClassVerifier::is_same_or_direct_interface(
2779 InstanceKlass* klass,
2780 VerificationType klass_type,
2781 VerificationType ref_class_type) {
2782 if (ref_class_type.equals(klass_type)) return true;
2783 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2784 if (local_interfaces != nullptr) {
2785 for (int x = 0; x < local_interfaces->length(); x++) {
2786 InstanceKlass* k = local_interfaces->at(x);
2787 assert (k != nullptr && k->is_interface(), "invalid interface");
2788 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2789 return true;
2790 }
2791 }
2792 }
2793 return false;
2794 }
2795
2796 void ClassVerifier::verify_invoke_instructions(
2797 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2798 bool in_try_block, bool *this_uninit, VerificationType return_type,
2799 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2800 // Make sure the constant pool item is the right type
2801 u2 index = bcs->get_index_u2();
2802 Bytecodes::Code opcode = bcs->raw_code();
2803 unsigned int types = 0;
2804 switch (opcode) {
2805 case Bytecodes::_invokeinterface:
2806 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2807 break;
2808 case Bytecodes::_invokedynamic:
2809 types = 1 << JVM_CONSTANT_InvokeDynamic;
2810 break;
2811 case Bytecodes::_invokespecial:
2812 case Bytecodes::_invokestatic:
2813 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2814 (1 << JVM_CONSTANT_Methodref) :
2815 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2816 break;
2817 default:
2818 types = 1 << JVM_CONSTANT_Methodref;
2819 }
2820 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2821
2822 // Get method name and signature
2823 Symbol* method_name = cp->uncached_name_ref_at(index);
2824 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2825
2826 // Method signature was checked in ClassFileParser.
2827 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2828 "Invalid method signature");
2829
2830 // Get referenced class type
2831 VerificationType ref_class_type;
2832 if (opcode == Bytecodes::_invokedynamic) {
2833 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2834 class_format_error(
2835 "invokedynamic instructions not supported by this class file version (%d), class %s",
2836 _klass->major_version(), _klass->external_name());
2837 return;
2838 }
2839 } else {
2840 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2841 }
2842
2843 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2844 "buffer type must match VerificationType size");
2845
2846 // Get the UTF8 index for this signature.
2847 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2848
2849 // Get the signature's verification types.
2850 sig_as_verification_types* mth_sig_verif_types;
2851 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2852 if (mth_sig_verif_types_ptr != nullptr) {
2853 // Found the entry for the signature's verification types in the hash table.
2854 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2855 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2856 } else {
2857 // Not found, add the entry to the table.
2858 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2859 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2860 create_method_sig_entry(mth_sig_verif_types, sig_index);
2861 }
2862
2863 // Get the number of arguments for this signature.
2864 int nargs = mth_sig_verif_types->num_args();
2865
2866 // Check instruction operands
2867 int bci = bcs->bci();
2868 if (opcode == Bytecodes::_invokeinterface) {
2869 address bcp = bcs->bcp();
2870 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2871 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2872 // the difference between the size of the operand stack before and after the instruction
2873 // executes.
2874 if (*(bcp+3) != (nargs+1)) {
2875 verify_error(ErrorContext::bad_code(bci),
2876 "Inconsistent args count operand in invokeinterface");
2877 return;
2878 }
2879 if (*(bcp+4) != 0) {
2880 verify_error(ErrorContext::bad_code(bci),
2881 "Fourth operand byte of invokeinterface must be zero");
2882 return;
2883 }
2884 }
2885
2886 if (opcode == Bytecodes::_invokedynamic) {
2887 address bcp = bcs->bcp();
2888 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2889 verify_error(ErrorContext::bad_code(bci),
2890 "Third and fourth operand bytes of invokedynamic must be zero");
2891 return;
2892 }
2893 }
2894
2895 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2896 // Make sure <init> can only be invoked by invokespecial
2897 if (opcode != Bytecodes::_invokespecial ||
2898 method_name != vmSymbols::object_initializer_name()) {
2899 verify_error(ErrorContext::bad_code(bci),
2900 "Illegal call to internal method");
2901 return;
2902 }
2903 } else if (opcode == Bytecodes::_invokespecial
2904 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2905 && !ref_class_type.equals(VerificationType::reference_type(
2906 current_class()->super()->name()))) {
2907 bool subtype = false;
2908 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2909 subtype = ref_class_type.is_assignable_from(
2910 current_type(), this, false, CHECK_VERIFY(this));
2911 if (!subtype) {
2912 verify_error(ErrorContext::bad_code(bci),
2913 "Bad invokespecial instruction: "
2914 "current class isn't assignable to reference class.");
2915 return;
2916 } else if (have_imr_indirect) {
2917 verify_error(ErrorContext::bad_code(bci),
2918 "Bad invokespecial instruction: "
2919 "interface method reference is in an indirect superinterface.");
2920 return;
2921 }
2922
2923 }
2924
2925 // Get the verification types for the method's arguments.
2926 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2927 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2928 // Match method descriptor with operand stack
2929 // The arguments are on the stack in descending order.
2930 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2931 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2932 }
2933
2934 // Check objectref on operand stack
2935 if (opcode != Bytecodes::_invokestatic &&
2936 opcode != Bytecodes::_invokedynamic) {
2937 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2938 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2939 code_length, in_try_block, this_uninit, cp, stackmap_table,
2940 CHECK_VERIFY(this));
2941 if (was_recursively_verified()) return;
2942 } else { // other methods
2943 // Ensures that target class is assignable to method class.
2944 if (opcode == Bytecodes::_invokespecial) {
2945 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2946 } else if (opcode == Bytecodes::_invokevirtual) {
2947 VerificationType stack_object_type =
2948 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2949 if (current_type() != stack_object_type) {
2950 if (was_recursively_verified()) return;
2951 assert(cp->cache() == nullptr, "not rewritten yet");
2952 Symbol* ref_class_name =
2953 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2954 // See the comments in verify_field_instructions() for
2955 // the rationale behind this.
2956 if (name_in_supers(ref_class_name, current_class())) {
2957 Klass* ref_class = load_class(ref_class_name, CHECK);
2958 if (is_protected_access(
2959 _klass, ref_class, method_name, method_sig, true)) {
2960 // It's protected access, check if stack object is
2961 // assignable to current class.
2962 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2963 && stack_object_type.is_array()
2964 && method_name == vmSymbols::clone_name()) {
2965 // Special case: arrays pretend to implement public Object
2966 // clone().
2967 } else {
2968 bool is_assignable = current_type().is_assignable_from(
2969 stack_object_type, this, true, CHECK_VERIFY(this));
2970 if (!is_assignable) {
2971 verify_error(ErrorContext::bad_type(bci,
2972 current_frame->stack_top_ctx(),
2973 TypeOrigin::implicit(current_type())),
2974 "Bad access to protected data in invokevirtual");
2975 return;
2976 }
2977 }
2978 }
2979 }
2980 }
2981 } else {
2982 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2983 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2984 }
2985 }
2986 }
2987 // Push the result type.
2988 int sig_verif_types_len = sig_verif_types->length();
2989 if (sig_verif_types_len > nargs) { // There's a return type
2990 if (method_name == vmSymbols::object_initializer_name()) {
2991 // <init> method must have a void return type
2992 /* Unreachable? Class file parser verifies that methods with '<' have
2993 * void return */
2994 verify_error(ErrorContext::bad_code(bci),
2995 "Return type must be void in <init> method");
2996 return;
2997 }
2998
2999 assert(sig_verif_types_len <= nargs + 2,
3000 "Signature verification types array return type is bogus");
3001 for (int i = nargs; i < sig_verif_types_len; i++) {
3002 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3003 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3004 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3005 }
3006 }
3007 }
3008
3009 VerificationType ClassVerifier::get_newarray_type(
3010 u2 index, int bci, TRAPS) {
3011 const char* from_bt[] = {
3012 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3013 };
3014 if (index < T_BOOLEAN || index > T_LONG) {
3015 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3016 return VerificationType::bogus_type();
3017 }
3018
3019 // from_bt[index] contains the array signature which has a length of 2
3020 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3021 return VerificationType::reference_type(sig);
3022 }
3023
3024 void ClassVerifier::verify_anewarray(
3025 int bci, u2 index, const constantPoolHandle& cp,
3026 StackMapFrame* current_frame, TRAPS) {
3027 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3028 current_frame->pop_stack(
3029 VerificationType::integer_type(), CHECK_VERIFY(this));
3030
3031 if (was_recursively_verified()) return;
3032 VerificationType component_type =
3033 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3034 int length;
3035 char* arr_sig_str;
3036 if (component_type.is_array()) { // it's an array
3037 const char* component_name = component_type.name()->as_utf8();
3038 // Check for more than MAX_ARRAY_DIMENSIONS
3039 length = (int)strlen(component_name);
3040 if (length > MAX_ARRAY_DIMENSIONS &&
3041 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3042 verify_error(ErrorContext::bad_code(bci),
3043 "Illegal anewarray instruction, array has more than 255 dimensions");
3044 }
3045 // add one dimension to component
3046 length++;
3047 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3048 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3049 JVM_SIGNATURE_ARRAY, component_name);
3050 assert(n == length, "Unexpected number of characters in string");
3051 } else { // it's an object or interface
3052 const char* component_name = component_type.name()->as_utf8();
3053 // add one dimension to component with 'L' prepended and ';' postpended.
3054 length = (int)strlen(component_name) + 3;
3055 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3056 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3057 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3058 assert(n == length, "Unexpected number of characters in string");
3059 }
3060 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3061 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3062 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3063 }
3064
3065 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3066 current_frame->get_local(
3067 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3068 current_frame->push_stack(
3069 VerificationType::integer_type(), CHECK_VERIFY(this));
3070 }
3071
3072 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3073 current_frame->get_local_2(
3074 index, VerificationType::long_type(),
3075 VerificationType::long2_type(), CHECK_VERIFY(this));
3076 current_frame->push_stack_2(
3077 VerificationType::long_type(),
3078 VerificationType::long2_type(), CHECK_VERIFY(this));
3079 }
3080
3081 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3082 current_frame->get_local(
3083 index, VerificationType::float_type(), CHECK_VERIFY(this));
3084 current_frame->push_stack(
3085 VerificationType::float_type(), CHECK_VERIFY(this));
3086 }
3087
3088 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3089 current_frame->get_local_2(
3090 index, VerificationType::double_type(),
3091 VerificationType::double2_type(), CHECK_VERIFY(this));
3092 current_frame->push_stack_2(
3093 VerificationType::double_type(),
3094 VerificationType::double2_type(), CHECK_VERIFY(this));
3095 }
3096
3097 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3098 VerificationType type = current_frame->get_local(
3099 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3100 current_frame->push_stack(type, CHECK_VERIFY(this));
3101 }
3102
3103 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3104 current_frame->pop_stack(
3105 VerificationType::integer_type(), CHECK_VERIFY(this));
3106 current_frame->set_local(
3107 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3108 }
3109
3110 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3111 current_frame->pop_stack_2(
3112 VerificationType::long2_type(),
3113 VerificationType::long_type(), CHECK_VERIFY(this));
3114 current_frame->set_local_2(
3115 index, VerificationType::long_type(),
3116 VerificationType::long2_type(), CHECK_VERIFY(this));
3117 }
3118
3119 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3120 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3121 current_frame->set_local(
3122 index, VerificationType::float_type(), CHECK_VERIFY(this));
3123 }
3124
3125 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3126 current_frame->pop_stack_2(
3127 VerificationType::double2_type(),
3128 VerificationType::double_type(), CHECK_VERIFY(this));
3129 current_frame->set_local_2(
3130 index, VerificationType::double_type(),
3131 VerificationType::double2_type(), CHECK_VERIFY(this));
3132 }
3133
3134 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3135 VerificationType type = current_frame->pop_stack(
3136 VerificationType::reference_check(), CHECK_VERIFY(this));
3137 current_frame->set_local(index, type, CHECK_VERIFY(this));
3138 }
3139
3140 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3141 VerificationType type = current_frame->get_local(
3142 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3143 current_frame->set_local(index, type, CHECK_VERIFY(this));
3144 }
3145
3146 void ClassVerifier::verify_return_value(
3147 VerificationType return_type, VerificationType type, int bci,
3148 StackMapFrame* current_frame, TRAPS) {
3149 if (return_type == VerificationType::bogus_type()) {
3150 verify_error(ErrorContext::bad_type(bci,
3151 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3152 "Method does not expect a return value");
3153 return;
3154 }
3155 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3156 if (!match) {
3157 verify_error(ErrorContext::bad_type(bci,
3158 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3159 "Bad return type");
3160 return;
3161 }
3162 }
3163
3164 // The verifier creates symbols which are substrings of Symbols.
3165 // These are stored in the verifier until the end of verification so that
3166 // they can be reference counted.
3167 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3168 // Quick deduplication check
3169 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3170 return _previous_symbol;
3171 }
3172 Symbol* sym = SymbolTable::new_symbol(name, length);
3173 if (!sym->is_permanent()) {
3174 if (_symbols == nullptr) {
3175 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3176 }
3177 _symbols->push(sym);
3178 }
3179 _previous_symbol = sym;
3180 return sym;
3181 }