1 /*
   2  * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "classfile/classFileStream.hpp"
  27 #include "classfile/classLoader.hpp"
  28 #include "classfile/javaClasses.hpp"
  29 #include "classfile/stackMapTable.hpp"
  30 #include "classfile/stackMapFrame.hpp"
  31 #include "classfile/stackMapTableFormat.hpp"
  32 #include "classfile/symbolTable.hpp"
  33 #include "classfile/systemDictionary.hpp"
  34 #include "classfile/verifier.hpp"
  35 #include "classfile/vmClasses.hpp"
  36 #include "classfile/vmSymbols.hpp"
  37 #include "interpreter/bytecodes.hpp"
  38 #include "interpreter/bytecodeStream.hpp"
  39 #include "jvm.h"
  40 #include "logging/log.hpp"
  41 #include "logging/logStream.hpp"
  42 #include "memory/oopFactory.hpp"
  43 #include "memory/resourceArea.hpp"
  44 #include "memory/universe.hpp"
  45 #include "oops/constantPool.inline.hpp"
  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define MAX_ARRAY_DIMENSIONS 255
  67 
  68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  69 
  70 extern "C" {
  71   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  75 
  76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  77 
  78   if (_verify_byte_codes_fn != nullptr)
  79     return _verify_byte_codes_fn;
  80 
  81   MutexLocker locker(Verify_lock);
  82 
  83   if (_verify_byte_codes_fn != nullptr)
  84     return _verify_byte_codes_fn;
  85 
  86   // Load verify dll
  87   char buffer[JVM_MAXPATHLEN];
  88   char ebuf[1024];
  89   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  90     return nullptr; // Caller will throw VerifyError
  91 
  92   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  93   if (lib_handle == nullptr)
  94     return nullptr; // Caller will throw VerifyError
  95 
  96   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  97   if (fn == nullptr)
  98     return nullptr; // Caller will throw VerifyError
  99 
 100   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 101 }
 102 
 103 
 104 // Methods in Verifier
 105 
 106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 107   return (class_loader == nullptr || !should_verify_class) ?
 108     BytecodeVerificationLocal : BytecodeVerificationRemote;
 109 }
 110 
 111 bool Verifier::relax_access_for(oop loader) {
 112   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 113   bool need_verify =
 114     // verifyAll
 115     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 116     // verifyRemote
 117     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 118   return !need_verify;
 119 }
 120 
 121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 122   assert(verify_class != nullptr, "Unexpected null verify_class");
 123   ResourceMark rm;
 124   Symbol* s = verify_class->source_file_name();
 125   const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
 126   const char* verify = verify_class->external_name();
 127   const char* resolve = resolve_class->external_name();
 128   // print in a single call to reduce interleaving between threads
 129   if (source_file != nullptr) {
 130     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 131   } else {
 132     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 133   }
 134 }
 135 
 136 // Prints the end-verification message to the appropriate output.
 137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 138   if (pending_exception != nullptr) {
 139     st->print("Verification for %s has", klassName);
 140     oop message = java_lang_Throwable::message(pending_exception);
 141     if (message != nullptr) {
 142       char* ex_msg = java_lang_String::as_utf8_string(message);
 143       st->print_cr(" exception pending '%s %s'",
 144                    pending_exception->klass()->external_name(), ex_msg);
 145     } else {
 146       st->print_cr(" exception pending %s ",
 147                    pending_exception->klass()->external_name());
 148     }
 149   } else if (exception_name != nullptr) {
 150     st->print_cr("Verification for %s failed", klassName);
 151   }
 152   st->print_cr("End class verification for: %s", klassName);
 153 }
 154 
 155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 156   HandleMark hm(THREAD);
 157   ResourceMark rm(THREAD);
 158 
 159   // Eagerly allocate the identity hash code for a klass. This is a fallout
 160   // from 6320749 and 8059924: hash code generator is not supposed to be called
 161   // during the safepoint, but it allows to sneak the hashcode in during
 162   // verification. Without this eager hashcode generation, we may end up
 163   // installing the hashcode during some other operation, which may be at
 164   // safepoint -- blowing up the checks. It was previously done as the side
 165   // effect (sic!) for external_name(), but instead of doing that, we opt to
 166   // explicitly push the hashcode in here. This is signify the following block
 167   // is IMPORTANT:
 168   if (klass->java_mirror() != nullptr) {
 169     klass->java_mirror()->identity_hash();
 170   }
 171 
 172   if (!is_eligible_for_verification(klass, should_verify_class)) {
 173     return true;
 174   }
 175 
 176   // Timer includes any side effects of class verification (resolution,
 177   // etc), but not recursive calls to Verifier::verify().
 178   JavaThread* jt = THREAD;
 179   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 180                            ClassLoader::perf_class_verify_selftime(),
 181                            ClassLoader::perf_classes_verified(),
 182                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 183                            jt->get_thread_stat()->perf_timers_addr(),
 184                            PerfClassTraceTime::CLASS_VERIFY);
 185 
 186   // If the class should be verified, first see if we can use the split
 187   // verifier.  If not, or if verification fails and can failover, then
 188   // call the inference verifier.
 189   Symbol* exception_name = nullptr;
 190   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 191   char* message_buffer = nullptr;
 192   char* exception_message = nullptr;
 193 
 194   log_info(class, init)("Start class verification for: %s", klass->external_name());
 195   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 196     ClassVerifier split_verifier(jt, klass);
 197     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 198     split_verifier.verify_class(THREAD);
 199     exception_name = split_verifier.result();
 200 
 201     // If DumpSharedSpaces is set then don't fall back to the old verifier on
 202     // verification failure. If a class fails verification with the split verifier,
 203     // it might fail the CDS runtime verifier constraint check. In that case, we
 204     // don't want to share the class. We only archive classes that pass the split
 205     // verifier.
 206     bool can_failover = !DumpSharedSpaces &&
 207       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 208 
 209     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 210         (exception_name == vmSymbols::java_lang_VerifyError() ||
 211          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 212       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 213       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 214       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 215       exception_message = message_buffer;
 216       exception_name = inference_verify(
 217         klass, message_buffer, message_buffer_len, THREAD);
 218     }
 219     if (exception_name != nullptr) {
 220       exception_message = split_verifier.exception_message();
 221     }
 222   } else {
 223     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 224     exception_message = message_buffer;
 225     exception_name = inference_verify(
 226         klass, message_buffer, message_buffer_len, THREAD);
 227   }
 228 
 229   LogTarget(Info, class, init) lt1;
 230   if (lt1.is_enabled()) {
 231     LogStream ls(lt1);
 232     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 233   }
 234   LogTarget(Info, verification) lt2;
 235   if (lt2.is_enabled()) {
 236     LogStream ls(lt2);
 237     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 238   }
 239 
 240   if (HAS_PENDING_EXCEPTION) {
 241     return false; // use the existing exception
 242   } else if (exception_name == nullptr) {
 243     return true; // verification succeeded
 244   } else { // VerifyError or ClassFormatError to be created and thrown
 245     Klass* kls =
 246       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 247     if (log_is_enabled(Debug, class, resolve)) {
 248       Verifier::trace_class_resolution(kls, klass);
 249     }
 250 
 251     while (kls != nullptr) {
 252       if (kls == klass) {
 253         // If the class being verified is the exception we're creating
 254         // or one of it's superclasses, we're in trouble and are going
 255         // to infinitely recurse when we try to initialize the exception.
 256         // So bail out here by throwing the preallocated VM error.
 257         THROW_OOP_(Universe::virtual_machine_error_instance(), false);
 258       }
 259       kls = kls->super();
 260     }
 261     if (message_buffer != nullptr) {
 262       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 263     }
 264     assert(exception_message != nullptr, "");
 265     THROW_MSG_(exception_name, exception_message, false);
 266   }
 267 }
 268 
 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 270   Symbol* name = klass->name();
 271   Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
 272 
 273   bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
 274                                 klass->is_subtype_of(refl_serialization_ctor_klass);
 275 
 276   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 277     // return if the class is a bootstrapping class
 278     // or defineClass specified not to verify by default (flags override passed arg)
 279     // We need to skip the following four for bootstraping
 280     name != vmSymbols::java_lang_Object() &&
 281     name != vmSymbols::java_lang_Class() &&
 282     name != vmSymbols::java_lang_String() &&
 283     name != vmSymbols::java_lang_Throwable() &&
 284 
 285     // Can not verify the bytecodes for shared classes because they have
 286     // already been rewritten to contain constant pool cache indices,
 287     // which the verifier can't understand.
 288     // Shared classes shouldn't have stackmaps either.
 289     // However, bytecodes for shared old classes can be verified because
 290     // they have not been rewritten.
 291     !(klass->is_shared() && klass->is_rewritten()) &&
 292 
 293     // As of the fix for 4486457 we disable verification for all of the
 294     // dynamically-generated bytecodes associated with
 295     // jdk/internal/reflect/SerializationConstructorAccessor.
 296     (!is_reflect_accessor));
 297 }
 298 
 299 Symbol* Verifier::inference_verify(
 300     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 301   JavaThread* thread = THREAD;
 302 
 303   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 304 
 305   if (verify_func == nullptr) {
 306     jio_snprintf(message, message_len, "Could not link verifier");
 307     return vmSymbols::java_lang_VerifyError();
 308   }
 309 
 310   ResourceMark rm(thread);
 311   log_info(verification)("Verifying class %s with old format", klass->external_name());
 312 
 313   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 314   jint result;
 315 
 316   {
 317     HandleMark hm(thread);
 318     ThreadToNativeFromVM ttn(thread);
 319     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 320     // code knows that we have left the VM
 321     JNIEnv *env = thread->jni_environment();
 322     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 323   }
 324 
 325   JNIHandles::destroy_local(cls);
 326 
 327   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 328   // to be changed (still return jboolean (unsigned char)), and result is
 329   // 1 when verification is passed.
 330   if (result == 0) {
 331     return vmSymbols::java_lang_VerifyError();
 332   } else if (result == 1) {
 333     return nullptr; // verified.
 334   } else if (result == 2) {
 335     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
 336   } else if (result == 3) {
 337     return vmSymbols::java_lang_ClassFormatError();
 338   } else {
 339     ShouldNotReachHere();
 340     return nullptr;
 341   }
 342 }
 343 
 344 TypeOrigin TypeOrigin::null() {
 345   return TypeOrigin();
 346 }
 347 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
 348   assert(frame != nullptr, "Must have a frame");
 349   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 350      frame->local_at(index));
 351 }
 352 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
 353   assert(frame != nullptr, "Must have a frame");
 354   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 355       frame->stack_at(index));
 356 }
 357 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
 358   assert(frame != nullptr, "Must have a frame");
 359   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 360       frame->local_at(index));
 361 }
 362 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
 363   assert(frame != nullptr, "Must have a frame");
 364   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 365       frame->stack_at(index));
 366 }
 367 TypeOrigin TypeOrigin::bad_index(int index) {
 368   return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
 369 }
 370 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
 371   return TypeOrigin(CONST_POOL, index, nullptr, vt);
 372 }
 373 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 374   return TypeOrigin(SIG, 0, nullptr, vt);
 375 }
 376 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 377   return TypeOrigin(IMPLICIT, 0, nullptr, t);
 378 }
 379 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 380   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 381                     VerificationType::bogus_type());
 382 }
 383 
 384 void TypeOrigin::reset_frame() {
 385   if (_frame != nullptr) {
 386     _frame->restore();
 387   }
 388 }
 389 
 390 void TypeOrigin::details(outputStream* ss) const {
 391   _type.print_on(ss);
 392   switch (_origin) {
 393     case CF_LOCALS:
 394       ss->print(" (current frame, locals[%d])", _index);
 395       break;
 396     case CF_STACK:
 397       ss->print(" (current frame, stack[%d])", _index);
 398       break;
 399     case SM_LOCALS:
 400       ss->print(" (stack map, locals[%d])", _index);
 401       break;
 402     case SM_STACK:
 403       ss->print(" (stack map, stack[%d])", _index);
 404       break;
 405     case CONST_POOL:
 406       ss->print(" (constant pool %d)", _index);
 407       break;
 408     case SIG:
 409       ss->print(" (from method signature)");
 410       break;
 411     case IMPLICIT:
 412     case FRAME_ONLY:
 413     case NONE:
 414     default:
 415       ;
 416   }
 417 }
 418 
 419 #ifdef ASSERT
 420 void TypeOrigin::print_on(outputStream* str) const {
 421   str->print("{%d,%d,%p:", _origin, _index, _frame);
 422   if (_frame != nullptr) {
 423     _frame->print_on(str);
 424   } else {
 425     str->print("null");
 426   }
 427   str->print(",");
 428   _type.print_on(str);
 429   str->print("}");
 430 }
 431 #endif
 432 
 433 void ErrorContext::details(outputStream* ss, const Method* method) const {
 434   if (is_valid()) {
 435     ss->cr();
 436     ss->print_cr("Exception Details:");
 437     location_details(ss, method);
 438     reason_details(ss);
 439     frame_details(ss);
 440     bytecode_details(ss, method);
 441     handler_details(ss, method);
 442     stackmap_details(ss, method);
 443   }
 444 }
 445 
 446 void ErrorContext::reason_details(outputStream* ss) const {
 447   streamIndentor si(ss);
 448   ss->indent().print_cr("Reason:");
 449   streamIndentor si2(ss);
 450   ss->indent().print("%s", "");
 451   switch (_fault) {
 452     case INVALID_BYTECODE:
 453       ss->print("Error exists in the bytecode");
 454       break;
 455     case WRONG_TYPE:
 456       if (_expected.is_valid()) {
 457         ss->print("Type ");
 458         _type.details(ss);
 459         ss->print(" is not assignable to ");
 460         _expected.details(ss);
 461       } else {
 462         ss->print("Invalid type: ");
 463         _type.details(ss);
 464       }
 465       break;
 466     case FLAGS_MISMATCH:
 467       if (_expected.is_valid()) {
 468         ss->print("Current frame's flags are not assignable "
 469                   "to stack map frame's.");
 470       } else {
 471         ss->print("Current frame's flags are invalid in this context.");
 472       }
 473       break;
 474     case BAD_CP_INDEX:
 475       ss->print("Constant pool index %d is invalid", _type.index());
 476       break;
 477     case BAD_LOCAL_INDEX:
 478       ss->print("Local index %d is invalid", _type.index());
 479       break;
 480     case LOCALS_SIZE_MISMATCH:
 481       ss->print("Current frame's local size doesn't match stackmap.");
 482       break;
 483     case STACK_SIZE_MISMATCH:
 484       ss->print("Current frame's stack size doesn't match stackmap.");
 485       break;
 486     case STACK_OVERFLOW:
 487       ss->print("Exceeded max stack size.");
 488       break;
 489     case STACK_UNDERFLOW:
 490       ss->print("Attempt to pop empty stack.");
 491       break;
 492     case MISSING_STACKMAP:
 493       ss->print("Expected stackmap frame at this location.");
 494       break;
 495     case BAD_STACKMAP:
 496       ss->print("Invalid stackmap specification.");
 497       break;
 498     case UNKNOWN:
 499     default:
 500       ShouldNotReachHere();
 501       ss->print_cr("Unknown");
 502   }
 503   ss->cr();
 504 }
 505 
 506 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 507   if (_bci != -1 && method != nullptr) {
 508     streamIndentor si(ss);
 509     const char* bytecode_name = "<invalid>";
 510     if (method->validate_bci(_bci) != -1) {
 511       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 512       if (Bytecodes::is_defined(code)) {
 513           bytecode_name = Bytecodes::name(code);
 514       } else {
 515           bytecode_name = "<illegal>";
 516       }
 517     }
 518     InstanceKlass* ik = method->method_holder();
 519     ss->indent().print_cr("Location:");
 520     streamIndentor si2(ss);
 521     ss->indent().print_cr("%s.%s%s @%d: %s",
 522         ik->name()->as_C_string(), method->name()->as_C_string(),
 523         method->signature()->as_C_string(), _bci, bytecode_name);
 524   }
 525 }
 526 
 527 void ErrorContext::frame_details(outputStream* ss) const {
 528   streamIndentor si(ss);
 529   if (_type.is_valid() && _type.frame() != nullptr) {
 530     ss->indent().print_cr("Current Frame:");
 531     streamIndentor si2(ss);
 532     _type.frame()->print_on(ss);
 533   }
 534   if (_expected.is_valid() && _expected.frame() != nullptr) {
 535     ss->indent().print_cr("Stackmap Frame:");
 536     streamIndentor si2(ss);
 537     _expected.frame()->print_on(ss);
 538   }
 539 }
 540 
 541 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 542   if (method != nullptr) {
 543     streamIndentor si(ss);
 544     ss->indent().print_cr("Bytecode:");
 545     streamIndentor si2(ss);
 546     ss->print_data(method->code_base(), method->code_size(), false);
 547   }
 548 }
 549 
 550 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 551   if (method != nullptr) {
 552     streamIndentor si(ss);
 553     ExceptionTable table(method);
 554     if (table.length() > 0) {
 555       ss->indent().print_cr("Exception Handler Table:");
 556       streamIndentor si2(ss);
 557       for (int i = 0; i < table.length(); ++i) {
 558         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 559             table.end_pc(i), table.handler_pc(i));
 560       }
 561     }
 562   }
 563 }
 564 
 565 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 566   if (method != nullptr && method->has_stackmap_table()) {
 567     streamIndentor si(ss);
 568     ss->indent().print_cr("Stackmap Table:");
 569     Array<u1>* data = method->stackmap_data();
 570     stack_map_table* sm_table =
 571         stack_map_table::at((address)data->adr_at(0));
 572     stack_map_frame* sm_frame = sm_table->entries();
 573     streamIndentor si2(ss);
 574     int current_offset = -1;
 575     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 576     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 577       ss->indent();
 578       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 579         sm_frame->print_truncated(ss, current_offset);
 580         return;
 581       }
 582       sm_frame->print_on(ss, current_offset);
 583       ss->cr();
 584       current_offset += sm_frame->offset_delta();
 585       sm_frame = sm_frame->next();
 586     }
 587   }
 588 }
 589 
 590 // Methods in ClassVerifier
 591 
 592 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 593     : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
 594       _message(nullptr), _klass(klass) {
 595   _this_type = VerificationType::reference_type(klass->name());
 596 }
 597 
 598 ClassVerifier::~ClassVerifier() {
 599   // Decrement the reference count for any symbols created.
 600   if (_symbols != nullptr) {
 601     for (int i = 0; i < _symbols->length(); i++) {
 602       Symbol* s = _symbols->at(i);
 603       s->decrement_refcount();
 604     }
 605   }
 606 }
 607 
 608 VerificationType ClassVerifier::object_type() const {
 609   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 610 }
 611 
 612 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 613   VerificationType vt = VerificationType::reference_type(
 614                          create_temporary_symbol(sig, (int)strlen(sig)));
 615   return TypeOrigin::implicit(vt);
 616 }
 617 
 618 
 619 void ClassVerifier::verify_class(TRAPS) {
 620   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 621 
 622   // Either verifying both local and remote classes or just remote classes.
 623   assert(BytecodeVerificationRemote, "Should not be here");
 624 
 625   Array<Method*>* methods = _klass->methods();
 626   int num_methods = methods->length();
 627 
 628   for (int index = 0; index < num_methods; index++) {
 629     // Check for recursive re-verification before each method.
 630     if (was_recursively_verified()) return;
 631 
 632     Method* m = methods->at(index);
 633     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 634       // If m is native or abstract, skip it.  It is checked in class file
 635       // parser that methods do not override a final method.  Overpass methods
 636       // are trusted since the VM generates them.
 637       continue;
 638     }
 639     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 640   }
 641 
 642   if (was_recursively_verified()){
 643     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 644     log_info(class, init)("Recursive verification detected for: %s",
 645                         _klass->external_name());
 646   }
 647 }
 648 
 649 // Translate the signature entries into verification types and save them in
 650 // the growable array.  Also, save the count of arguments.
 651 void ClassVerifier::translate_signature(Symbol* const method_sig,
 652                                         sig_as_verification_types* sig_verif_types) {
 653   SignatureStream sig_stream(method_sig);
 654   VerificationType sig_type[2];
 655   int sig_i = 0;
 656   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 657 
 658   // Translate the signature arguments into verification types.
 659   while (!sig_stream.at_return_type()) {
 660     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 661     assert(n <= 2, "Unexpected signature type");
 662 
 663     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 664     for (int x = 0; x < n; x++) {
 665       verif_types->push(sig_type[x]);
 666     }
 667     sig_i += n;
 668     sig_stream.next();
 669   }
 670 
 671   // Set final arg count, not including the return type.  The final arg count will
 672   // be compared with sig_verify_types' length to see if there is a return type.
 673   sig_verif_types->set_num_args(sig_i);
 674 
 675   // Store verification type(s) for the return type, if there is one.
 676   if (sig_stream.type() != T_VOID) {
 677     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 678     assert(n <= 2, "Unexpected signature return type");
 679     for (int y = 0; y < n; y++) {
 680       verif_types->push(sig_type[y]);
 681     }
 682   }
 683 }
 684 
 685 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 686                                             int sig_index) {
 687   // Translate the signature into verification types.
 688   ConstantPool* cp = _klass->constants();
 689   Symbol* const method_sig = cp->symbol_at(sig_index);
 690   translate_signature(method_sig, sig_verif_types);
 691 
 692   // Add the list of this signature's verification types to the table.
 693   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 694   assert(is_unique, "Duplicate entries in method_signature_table");
 695 }
 696 
 697 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 698   HandleMark hm(THREAD);
 699   _method = m;   // initialize _method
 700   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 701 
 702 // For clang, the only good constant format string is a literal constant format string.
 703 #define bad_type_msg "Bad type on operand stack in %s"
 704 
 705   u2 max_stack = m->verifier_max_stack();
 706   u2 max_locals = m->max_locals();
 707   constantPoolHandle cp(THREAD, m->constants());
 708 
 709   // Method signature was checked in ClassFileParser.
 710   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 711          "Invalid method signature");
 712 
 713   // Initial stack map frame: offset is 0, stack is initially empty.
 714   StackMapFrame current_frame(max_locals, max_stack, this);
 715   // Set initial locals
 716   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 717 
 718   u2 stackmap_index = 0; // index to the stackmap array
 719 
 720   u4 code_length = m->code_size();
 721 
 722   // Scan the bytecode and map each instruction's start offset to a number.
 723   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 724 
 725   int ex_min = code_length;
 726   int ex_max = -1;
 727   // Look through each item on the exception table. Each of the fields must refer
 728   // to a legal instruction.
 729   if (was_recursively_verified()) return;
 730   verify_exception_handler_table(
 731     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 732 
 733   // Look through each entry on the local variable table and make sure
 734   // its range of code array offsets is valid. (4169817)
 735   if (m->has_localvariable_table()) {
 736     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 737   }
 738 
 739   Array<u1>* stackmap_data = m->stackmap_data();
 740   StackMapStream stream(stackmap_data);
 741   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 742   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 743                                code_data, code_length, CHECK_VERIFY(this));
 744 
 745   LogTarget(Debug, verification) lt;
 746   if (lt.is_enabled()) {
 747     ResourceMark rm(THREAD);
 748     LogStream ls(lt);
 749     stackmap_table.print_on(&ls);
 750   }
 751 
 752   RawBytecodeStream bcs(m);
 753 
 754   // Scan the byte code linearly from the start to the end
 755   bool no_control_flow = false; // Set to true when there is no direct control
 756                                 // flow from current instruction to the next
 757                                 // instruction in sequence
 758 
 759   Bytecodes::Code opcode;
 760   while (!bcs.is_last_bytecode()) {
 761     // Check for recursive re-verification before each bytecode.
 762     if (was_recursively_verified())  return;
 763 
 764     opcode = bcs.raw_next();
 765     int bci = bcs.bci();
 766 
 767     // Set current frame's offset to bci
 768     current_frame.set_offset(bci);
 769     current_frame.set_mark();
 770 
 771     // Make sure every offset in stackmap table point to the beginning to
 772     // an instruction. Match current_frame to stackmap_table entry with
 773     // the same offset if exists.
 774     stackmap_index = verify_stackmap_table(
 775       stackmap_index, bci, &current_frame, &stackmap_table,
 776       no_control_flow, CHECK_VERIFY(this));
 777 
 778 
 779     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 780     bool verified_exc_handlers = false;
 781 
 782     // Merge with the next instruction
 783     {
 784       int target;
 785       VerificationType type, type2;
 786       VerificationType atype;
 787 
 788       LogTarget(Debug, verification) lt;
 789       if (lt.is_enabled()) {
 790         ResourceMark rm(THREAD);
 791         LogStream ls(lt);
 792         current_frame.print_on(&ls);
 793         lt.print("offset = %d,  opcode = %s", bci,
 794                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 795       }
 796 
 797       // Make sure wide instruction is in correct format
 798       if (bcs.is_wide()) {
 799         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 800             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 801             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 802             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 803             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 804             opcode != Bytecodes::_dstore) {
 805           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 806            * if we encounter a wide instruction that modifies an invalid
 807            * opcode (not one of the ones listed above) */
 808           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 809           return;
 810         }
 811       }
 812 
 813       // Look for possible jump target in exception handlers and see if it
 814       // matches current_frame.  Do this check here for astore*, dstore*,
 815       // fstore*, istore*, and lstore* opcodes because they can change the type
 816       // state by adding a local.  JVM Spec says that the incoming type state
 817       // should be used for this check.  So, do the check here before a possible
 818       // local is added to the type state.
 819       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 820         if (was_recursively_verified()) return;
 821         verify_exception_handler_targets(
 822           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 823         verified_exc_handlers = true;
 824       }
 825 
 826       if (was_recursively_verified()) return;
 827 
 828       switch (opcode) {
 829         case Bytecodes::_nop :
 830           no_control_flow = false; break;
 831         case Bytecodes::_aconst_null :
 832           current_frame.push_stack(
 833             VerificationType::null_type(), CHECK_VERIFY(this));
 834           no_control_flow = false; break;
 835         case Bytecodes::_iconst_m1 :
 836         case Bytecodes::_iconst_0 :
 837         case Bytecodes::_iconst_1 :
 838         case Bytecodes::_iconst_2 :
 839         case Bytecodes::_iconst_3 :
 840         case Bytecodes::_iconst_4 :
 841         case Bytecodes::_iconst_5 :
 842           current_frame.push_stack(
 843             VerificationType::integer_type(), CHECK_VERIFY(this));
 844           no_control_flow = false; break;
 845         case Bytecodes::_lconst_0 :
 846         case Bytecodes::_lconst_1 :
 847           current_frame.push_stack_2(
 848             VerificationType::long_type(),
 849             VerificationType::long2_type(), CHECK_VERIFY(this));
 850           no_control_flow = false; break;
 851         case Bytecodes::_fconst_0 :
 852         case Bytecodes::_fconst_1 :
 853         case Bytecodes::_fconst_2 :
 854           current_frame.push_stack(
 855             VerificationType::float_type(), CHECK_VERIFY(this));
 856           no_control_flow = false; break;
 857         case Bytecodes::_dconst_0 :
 858         case Bytecodes::_dconst_1 :
 859           current_frame.push_stack_2(
 860             VerificationType::double_type(),
 861             VerificationType::double2_type(), CHECK_VERIFY(this));
 862           no_control_flow = false; break;
 863         case Bytecodes::_sipush :
 864         case Bytecodes::_bipush :
 865           current_frame.push_stack(
 866             VerificationType::integer_type(), CHECK_VERIFY(this));
 867           no_control_flow = false; break;
 868         case Bytecodes::_ldc :
 869           verify_ldc(
 870             opcode, bcs.get_index_u1(), &current_frame,
 871             cp, bci, CHECK_VERIFY(this));
 872           no_control_flow = false; break;
 873         case Bytecodes::_ldc_w :
 874         case Bytecodes::_ldc2_w :
 875           verify_ldc(
 876             opcode, bcs.get_index_u2(), &current_frame,
 877             cp, bci, CHECK_VERIFY(this));
 878           no_control_flow = false; break;
 879         case Bytecodes::_iload :
 880           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 881           no_control_flow = false; break;
 882         case Bytecodes::_iload_0 :
 883         case Bytecodes::_iload_1 :
 884         case Bytecodes::_iload_2 :
 885         case Bytecodes::_iload_3 : {
 886           int index = opcode - Bytecodes::_iload_0;
 887           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 888           no_control_flow = false; break;
 889           }
 890         case Bytecodes::_lload :
 891           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 892           no_control_flow = false; break;
 893         case Bytecodes::_lload_0 :
 894         case Bytecodes::_lload_1 :
 895         case Bytecodes::_lload_2 :
 896         case Bytecodes::_lload_3 : {
 897           int index = opcode - Bytecodes::_lload_0;
 898           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 899           no_control_flow = false; break;
 900           }
 901         case Bytecodes::_fload :
 902           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 903           no_control_flow = false; break;
 904         case Bytecodes::_fload_0 :
 905         case Bytecodes::_fload_1 :
 906         case Bytecodes::_fload_2 :
 907         case Bytecodes::_fload_3 : {
 908           int index = opcode - Bytecodes::_fload_0;
 909           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 910           no_control_flow = false; break;
 911           }
 912         case Bytecodes::_dload :
 913           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 914           no_control_flow = false; break;
 915         case Bytecodes::_dload_0 :
 916         case Bytecodes::_dload_1 :
 917         case Bytecodes::_dload_2 :
 918         case Bytecodes::_dload_3 : {
 919           int index = opcode - Bytecodes::_dload_0;
 920           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 921           no_control_flow = false; break;
 922           }
 923         case Bytecodes::_aload :
 924           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 925           no_control_flow = false; break;
 926         case Bytecodes::_aload_0 :
 927         case Bytecodes::_aload_1 :
 928         case Bytecodes::_aload_2 :
 929         case Bytecodes::_aload_3 : {
 930           int index = opcode - Bytecodes::_aload_0;
 931           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 932           no_control_flow = false; break;
 933           }
 934         case Bytecodes::_iaload :
 935           type = current_frame.pop_stack(
 936             VerificationType::integer_type(), CHECK_VERIFY(this));
 937           atype = current_frame.pop_stack(
 938             VerificationType::reference_check(), CHECK_VERIFY(this));
 939           if (!atype.is_int_array()) {
 940             verify_error(ErrorContext::bad_type(bci,
 941                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 942                 bad_type_msg, "iaload");
 943             return;
 944           }
 945           current_frame.push_stack(
 946             VerificationType::integer_type(), CHECK_VERIFY(this));
 947           no_control_flow = false; break;
 948         case Bytecodes::_baload :
 949           type = current_frame.pop_stack(
 950             VerificationType::integer_type(), CHECK_VERIFY(this));
 951           atype = current_frame.pop_stack(
 952             VerificationType::reference_check(), CHECK_VERIFY(this));
 953           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 954             verify_error(
 955                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 956                 bad_type_msg, "baload");
 957             return;
 958           }
 959           current_frame.push_stack(
 960             VerificationType::integer_type(), CHECK_VERIFY(this));
 961           no_control_flow = false; break;
 962         case Bytecodes::_caload :
 963           type = current_frame.pop_stack(
 964             VerificationType::integer_type(), CHECK_VERIFY(this));
 965           atype = current_frame.pop_stack(
 966             VerificationType::reference_check(), CHECK_VERIFY(this));
 967           if (!atype.is_char_array()) {
 968             verify_error(ErrorContext::bad_type(bci,
 969                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 970                 bad_type_msg, "caload");
 971             return;
 972           }
 973           current_frame.push_stack(
 974             VerificationType::integer_type(), CHECK_VERIFY(this));
 975           no_control_flow = false; break;
 976         case Bytecodes::_saload :
 977           type = current_frame.pop_stack(
 978             VerificationType::integer_type(), CHECK_VERIFY(this));
 979           atype = current_frame.pop_stack(
 980             VerificationType::reference_check(), CHECK_VERIFY(this));
 981           if (!atype.is_short_array()) {
 982             verify_error(ErrorContext::bad_type(bci,
 983                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 984                 bad_type_msg, "saload");
 985             return;
 986           }
 987           current_frame.push_stack(
 988             VerificationType::integer_type(), CHECK_VERIFY(this));
 989           no_control_flow = false; break;
 990         case Bytecodes::_laload :
 991           type = current_frame.pop_stack(
 992             VerificationType::integer_type(), CHECK_VERIFY(this));
 993           atype = current_frame.pop_stack(
 994             VerificationType::reference_check(), CHECK_VERIFY(this));
 995           if (!atype.is_long_array()) {
 996             verify_error(ErrorContext::bad_type(bci,
 997                 current_frame.stack_top_ctx(), ref_ctx("[J")),
 998                 bad_type_msg, "laload");
 999             return;
1000           }
1001           current_frame.push_stack_2(
1002             VerificationType::long_type(),
1003             VerificationType::long2_type(), CHECK_VERIFY(this));
1004           no_control_flow = false; break;
1005         case Bytecodes::_faload :
1006           type = current_frame.pop_stack(
1007             VerificationType::integer_type(), CHECK_VERIFY(this));
1008           atype = current_frame.pop_stack(
1009             VerificationType::reference_check(), CHECK_VERIFY(this));
1010           if (!atype.is_float_array()) {
1011             verify_error(ErrorContext::bad_type(bci,
1012                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1013                 bad_type_msg, "faload");
1014             return;
1015           }
1016           current_frame.push_stack(
1017             VerificationType::float_type(), CHECK_VERIFY(this));
1018           no_control_flow = false; break;
1019         case Bytecodes::_daload :
1020           type = current_frame.pop_stack(
1021             VerificationType::integer_type(), CHECK_VERIFY(this));
1022           atype = current_frame.pop_stack(
1023             VerificationType::reference_check(), CHECK_VERIFY(this));
1024           if (!atype.is_double_array()) {
1025             verify_error(ErrorContext::bad_type(bci,
1026                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1027                 bad_type_msg, "daload");
1028             return;
1029           }
1030           current_frame.push_stack_2(
1031             VerificationType::double_type(),
1032             VerificationType::double2_type(), CHECK_VERIFY(this));
1033           no_control_flow = false; break;
1034         case Bytecodes::_aaload : {
1035           type = current_frame.pop_stack(
1036             VerificationType::integer_type(), CHECK_VERIFY(this));
1037           atype = current_frame.pop_stack(
1038             VerificationType::reference_check(), CHECK_VERIFY(this));
1039           if (!atype.is_reference_array()) {
1040             verify_error(ErrorContext::bad_type(bci,
1041                 current_frame.stack_top_ctx(),
1042                 TypeOrigin::implicit(VerificationType::reference_check())),
1043                 bad_type_msg, "aaload");
1044             return;
1045           }
1046           if (atype.is_null()) {
1047             current_frame.push_stack(
1048               VerificationType::null_type(), CHECK_VERIFY(this));
1049           } else {
1050             VerificationType component = atype.get_component(this);
1051             current_frame.push_stack(component, CHECK_VERIFY(this));
1052           }
1053           no_control_flow = false; break;
1054         }
1055         case Bytecodes::_istore :
1056           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1057           no_control_flow = false; break;
1058         case Bytecodes::_istore_0 :
1059         case Bytecodes::_istore_1 :
1060         case Bytecodes::_istore_2 :
1061         case Bytecodes::_istore_3 : {
1062           int index = opcode - Bytecodes::_istore_0;
1063           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1064           no_control_flow = false; break;
1065           }
1066         case Bytecodes::_lstore :
1067           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1068           no_control_flow = false; break;
1069         case Bytecodes::_lstore_0 :
1070         case Bytecodes::_lstore_1 :
1071         case Bytecodes::_lstore_2 :
1072         case Bytecodes::_lstore_3 : {
1073           int index = opcode - Bytecodes::_lstore_0;
1074           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1075           no_control_flow = false; break;
1076           }
1077         case Bytecodes::_fstore :
1078           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1079           no_control_flow = false; break;
1080         case Bytecodes::_fstore_0 :
1081         case Bytecodes::_fstore_1 :
1082         case Bytecodes::_fstore_2 :
1083         case Bytecodes::_fstore_3 : {
1084           int index = opcode - Bytecodes::_fstore_0;
1085           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1086           no_control_flow = false; break;
1087           }
1088         case Bytecodes::_dstore :
1089           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1090           no_control_flow = false; break;
1091         case Bytecodes::_dstore_0 :
1092         case Bytecodes::_dstore_1 :
1093         case Bytecodes::_dstore_2 :
1094         case Bytecodes::_dstore_3 : {
1095           int index = opcode - Bytecodes::_dstore_0;
1096           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1097           no_control_flow = false; break;
1098           }
1099         case Bytecodes::_astore :
1100           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1101           no_control_flow = false; break;
1102         case Bytecodes::_astore_0 :
1103         case Bytecodes::_astore_1 :
1104         case Bytecodes::_astore_2 :
1105         case Bytecodes::_astore_3 : {
1106           int index = opcode - Bytecodes::_astore_0;
1107           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1108           no_control_flow = false; break;
1109           }
1110         case Bytecodes::_iastore :
1111           type = current_frame.pop_stack(
1112             VerificationType::integer_type(), CHECK_VERIFY(this));
1113           type2 = current_frame.pop_stack(
1114             VerificationType::integer_type(), CHECK_VERIFY(this));
1115           atype = current_frame.pop_stack(
1116             VerificationType::reference_check(), CHECK_VERIFY(this));
1117           if (!atype.is_int_array()) {
1118             verify_error(ErrorContext::bad_type(bci,
1119                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1120                 bad_type_msg, "iastore");
1121             return;
1122           }
1123           no_control_flow = false; break;
1124         case Bytecodes::_bastore :
1125           type = current_frame.pop_stack(
1126             VerificationType::integer_type(), CHECK_VERIFY(this));
1127           type2 = current_frame.pop_stack(
1128             VerificationType::integer_type(), CHECK_VERIFY(this));
1129           atype = current_frame.pop_stack(
1130             VerificationType::reference_check(), CHECK_VERIFY(this));
1131           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1132             verify_error(
1133                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1134                 bad_type_msg, "bastore");
1135             return;
1136           }
1137           no_control_flow = false; break;
1138         case Bytecodes::_castore :
1139           current_frame.pop_stack(
1140             VerificationType::integer_type(), CHECK_VERIFY(this));
1141           current_frame.pop_stack(
1142             VerificationType::integer_type(), CHECK_VERIFY(this));
1143           atype = current_frame.pop_stack(
1144             VerificationType::reference_check(), CHECK_VERIFY(this));
1145           if (!atype.is_char_array()) {
1146             verify_error(ErrorContext::bad_type(bci,
1147                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1148                 bad_type_msg, "castore");
1149             return;
1150           }
1151           no_control_flow = false; break;
1152         case Bytecodes::_sastore :
1153           current_frame.pop_stack(
1154             VerificationType::integer_type(), CHECK_VERIFY(this));
1155           current_frame.pop_stack(
1156             VerificationType::integer_type(), CHECK_VERIFY(this));
1157           atype = current_frame.pop_stack(
1158             VerificationType::reference_check(), CHECK_VERIFY(this));
1159           if (!atype.is_short_array()) {
1160             verify_error(ErrorContext::bad_type(bci,
1161                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1162                 bad_type_msg, "sastore");
1163             return;
1164           }
1165           no_control_flow = false; break;
1166         case Bytecodes::_lastore :
1167           current_frame.pop_stack_2(
1168             VerificationType::long2_type(),
1169             VerificationType::long_type(), CHECK_VERIFY(this));
1170           current_frame.pop_stack(
1171             VerificationType::integer_type(), CHECK_VERIFY(this));
1172           atype = current_frame.pop_stack(
1173             VerificationType::reference_check(), CHECK_VERIFY(this));
1174           if (!atype.is_long_array()) {
1175             verify_error(ErrorContext::bad_type(bci,
1176                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1177                 bad_type_msg, "lastore");
1178             return;
1179           }
1180           no_control_flow = false; break;
1181         case Bytecodes::_fastore :
1182           current_frame.pop_stack(
1183             VerificationType::float_type(), CHECK_VERIFY(this));
1184           current_frame.pop_stack
1185             (VerificationType::integer_type(), CHECK_VERIFY(this));
1186           atype = current_frame.pop_stack(
1187             VerificationType::reference_check(), CHECK_VERIFY(this));
1188           if (!atype.is_float_array()) {
1189             verify_error(ErrorContext::bad_type(bci,
1190                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1191                 bad_type_msg, "fastore");
1192             return;
1193           }
1194           no_control_flow = false; break;
1195         case Bytecodes::_dastore :
1196           current_frame.pop_stack_2(
1197             VerificationType::double2_type(),
1198             VerificationType::double_type(), CHECK_VERIFY(this));
1199           current_frame.pop_stack(
1200             VerificationType::integer_type(), CHECK_VERIFY(this));
1201           atype = current_frame.pop_stack(
1202             VerificationType::reference_check(), CHECK_VERIFY(this));
1203           if (!atype.is_double_array()) {
1204             verify_error(ErrorContext::bad_type(bci,
1205                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1206                 bad_type_msg, "dastore");
1207             return;
1208           }
1209           no_control_flow = false; break;
1210         case Bytecodes::_aastore :
1211           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1212           type2 = current_frame.pop_stack(
1213             VerificationType::integer_type(), CHECK_VERIFY(this));
1214           atype = current_frame.pop_stack(
1215             VerificationType::reference_check(), CHECK_VERIFY(this));
1216           // more type-checking is done at runtime
1217           if (!atype.is_reference_array()) {
1218             verify_error(ErrorContext::bad_type(bci,
1219                 current_frame.stack_top_ctx(),
1220                 TypeOrigin::implicit(VerificationType::reference_check())),
1221                 bad_type_msg, "aastore");
1222             return;
1223           }
1224           // 4938384: relaxed constraint in JVMS 3rd edition.
1225           no_control_flow = false; break;
1226         case Bytecodes::_pop :
1227           current_frame.pop_stack(
1228             VerificationType::category1_check(), CHECK_VERIFY(this));
1229           no_control_flow = false; break;
1230         case Bytecodes::_pop2 :
1231           type = current_frame.pop_stack(CHECK_VERIFY(this));
1232           if (type.is_category1()) {
1233             current_frame.pop_stack(
1234               VerificationType::category1_check(), CHECK_VERIFY(this));
1235           } else if (type.is_category2_2nd()) {
1236             current_frame.pop_stack(
1237               VerificationType::category2_check(), CHECK_VERIFY(this));
1238           } else {
1239             /* Unreachable? Would need a category2_1st on TOS
1240              * which does not appear possible. */
1241             verify_error(
1242                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1243                 bad_type_msg, "pop2");
1244             return;
1245           }
1246           no_control_flow = false; break;
1247         case Bytecodes::_dup :
1248           type = current_frame.pop_stack(
1249             VerificationType::category1_check(), CHECK_VERIFY(this));
1250           current_frame.push_stack(type, CHECK_VERIFY(this));
1251           current_frame.push_stack(type, CHECK_VERIFY(this));
1252           no_control_flow = false; break;
1253         case Bytecodes::_dup_x1 :
1254           type = current_frame.pop_stack(
1255             VerificationType::category1_check(), CHECK_VERIFY(this));
1256           type2 = current_frame.pop_stack(
1257             VerificationType::category1_check(), CHECK_VERIFY(this));
1258           current_frame.push_stack(type, CHECK_VERIFY(this));
1259           current_frame.push_stack(type2, CHECK_VERIFY(this));
1260           current_frame.push_stack(type, CHECK_VERIFY(this));
1261           no_control_flow = false; break;
1262         case Bytecodes::_dup_x2 :
1263         {
1264           VerificationType type3;
1265           type = current_frame.pop_stack(
1266             VerificationType::category1_check(), CHECK_VERIFY(this));
1267           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1268           if (type2.is_category1()) {
1269             type3 = current_frame.pop_stack(
1270               VerificationType::category1_check(), CHECK_VERIFY(this));
1271           } else if (type2.is_category2_2nd()) {
1272             type3 = current_frame.pop_stack(
1273               VerificationType::category2_check(), CHECK_VERIFY(this));
1274           } else {
1275             /* Unreachable? Would need a category2_1st at stack depth 2 with
1276              * a category1 on TOS which does not appear possible. */
1277             verify_error(ErrorContext::bad_type(
1278                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1279             return;
1280           }
1281           current_frame.push_stack(type, CHECK_VERIFY(this));
1282           current_frame.push_stack(type3, CHECK_VERIFY(this));
1283           current_frame.push_stack(type2, CHECK_VERIFY(this));
1284           current_frame.push_stack(type, CHECK_VERIFY(this));
1285           no_control_flow = false; break;
1286         }
1287         case Bytecodes::_dup2 :
1288           type = current_frame.pop_stack(CHECK_VERIFY(this));
1289           if (type.is_category1()) {
1290             type2 = current_frame.pop_stack(
1291               VerificationType::category1_check(), CHECK_VERIFY(this));
1292           } else if (type.is_category2_2nd()) {
1293             type2 = current_frame.pop_stack(
1294               VerificationType::category2_check(), CHECK_VERIFY(this));
1295           } else {
1296             /* Unreachable?  Would need a category2_1st on TOS which does not
1297              * appear possible. */
1298             verify_error(
1299                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1300                 bad_type_msg, "dup2");
1301             return;
1302           }
1303           current_frame.push_stack(type2, CHECK_VERIFY(this));
1304           current_frame.push_stack(type, CHECK_VERIFY(this));
1305           current_frame.push_stack(type2, CHECK_VERIFY(this));
1306           current_frame.push_stack(type, CHECK_VERIFY(this));
1307           no_control_flow = false; break;
1308         case Bytecodes::_dup2_x1 :
1309         {
1310           VerificationType type3;
1311           type = current_frame.pop_stack(CHECK_VERIFY(this));
1312           if (type.is_category1()) {
1313             type2 = current_frame.pop_stack(
1314               VerificationType::category1_check(), CHECK_VERIFY(this));
1315           } else if (type.is_category2_2nd()) {
1316             type2 = current_frame.pop_stack(
1317               VerificationType::category2_check(), CHECK_VERIFY(this));
1318           } else {
1319             /* Unreachable?  Would need a category2_1st on TOS which does
1320              * not appear possible. */
1321             verify_error(
1322                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1323                 bad_type_msg, "dup2_x1");
1324             return;
1325           }
1326           type3 = current_frame.pop_stack(
1327             VerificationType::category1_check(), CHECK_VERIFY(this));
1328           current_frame.push_stack(type2, CHECK_VERIFY(this));
1329           current_frame.push_stack(type, CHECK_VERIFY(this));
1330           current_frame.push_stack(type3, CHECK_VERIFY(this));
1331           current_frame.push_stack(type2, CHECK_VERIFY(this));
1332           current_frame.push_stack(type, CHECK_VERIFY(this));
1333           no_control_flow = false; break;
1334         }
1335         case Bytecodes::_dup2_x2 :
1336         {
1337           VerificationType type3, type4;
1338           type = current_frame.pop_stack(CHECK_VERIFY(this));
1339           if (type.is_category1()) {
1340             type2 = current_frame.pop_stack(
1341               VerificationType::category1_check(), CHECK_VERIFY(this));
1342           } else if (type.is_category2_2nd()) {
1343             type2 = current_frame.pop_stack(
1344               VerificationType::category2_check(), CHECK_VERIFY(this));
1345           } else {
1346             /* Unreachable?  Would need a category2_1st on TOS which does
1347              * not appear possible. */
1348             verify_error(
1349                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1350                 bad_type_msg, "dup2_x2");
1351             return;
1352           }
1353           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1354           if (type3.is_category1()) {
1355             type4 = current_frame.pop_stack(
1356               VerificationType::category1_check(), CHECK_VERIFY(this));
1357           } else if (type3.is_category2_2nd()) {
1358             type4 = current_frame.pop_stack(
1359               VerificationType::category2_check(), CHECK_VERIFY(this));
1360           } else {
1361             /* Unreachable?  Would need a category2_1st on TOS after popping
1362              * a long/double or two category 1's, which does not
1363              * appear possible. */
1364             verify_error(
1365                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1366                 bad_type_msg, "dup2_x2");
1367             return;
1368           }
1369           current_frame.push_stack(type2, CHECK_VERIFY(this));
1370           current_frame.push_stack(type, CHECK_VERIFY(this));
1371           current_frame.push_stack(type4, CHECK_VERIFY(this));
1372           current_frame.push_stack(type3, CHECK_VERIFY(this));
1373           current_frame.push_stack(type2, CHECK_VERIFY(this));
1374           current_frame.push_stack(type, CHECK_VERIFY(this));
1375           no_control_flow = false; break;
1376         }
1377         case Bytecodes::_swap :
1378           type = current_frame.pop_stack(
1379             VerificationType::category1_check(), CHECK_VERIFY(this));
1380           type2 = current_frame.pop_stack(
1381             VerificationType::category1_check(), CHECK_VERIFY(this));
1382           current_frame.push_stack(type, CHECK_VERIFY(this));
1383           current_frame.push_stack(type2, CHECK_VERIFY(this));
1384           no_control_flow = false; break;
1385         case Bytecodes::_iadd :
1386         case Bytecodes::_isub :
1387         case Bytecodes::_imul :
1388         case Bytecodes::_idiv :
1389         case Bytecodes::_irem :
1390         case Bytecodes::_ishl :
1391         case Bytecodes::_ishr :
1392         case Bytecodes::_iushr :
1393         case Bytecodes::_ior :
1394         case Bytecodes::_ixor :
1395         case Bytecodes::_iand :
1396           current_frame.pop_stack(
1397             VerificationType::integer_type(), CHECK_VERIFY(this));
1398           // fall through
1399         case Bytecodes::_ineg :
1400           current_frame.pop_stack(
1401             VerificationType::integer_type(), CHECK_VERIFY(this));
1402           current_frame.push_stack(
1403             VerificationType::integer_type(), CHECK_VERIFY(this));
1404           no_control_flow = false; break;
1405         case Bytecodes::_ladd :
1406         case Bytecodes::_lsub :
1407         case Bytecodes::_lmul :
1408         case Bytecodes::_ldiv :
1409         case Bytecodes::_lrem :
1410         case Bytecodes::_land :
1411         case Bytecodes::_lor :
1412         case Bytecodes::_lxor :
1413           current_frame.pop_stack_2(
1414             VerificationType::long2_type(),
1415             VerificationType::long_type(), CHECK_VERIFY(this));
1416           // fall through
1417         case Bytecodes::_lneg :
1418           current_frame.pop_stack_2(
1419             VerificationType::long2_type(),
1420             VerificationType::long_type(), CHECK_VERIFY(this));
1421           current_frame.push_stack_2(
1422             VerificationType::long_type(),
1423             VerificationType::long2_type(), CHECK_VERIFY(this));
1424           no_control_flow = false; break;
1425         case Bytecodes::_lshl :
1426         case Bytecodes::_lshr :
1427         case Bytecodes::_lushr :
1428           current_frame.pop_stack(
1429             VerificationType::integer_type(), CHECK_VERIFY(this));
1430           current_frame.pop_stack_2(
1431             VerificationType::long2_type(),
1432             VerificationType::long_type(), CHECK_VERIFY(this));
1433           current_frame.push_stack_2(
1434             VerificationType::long_type(),
1435             VerificationType::long2_type(), CHECK_VERIFY(this));
1436           no_control_flow = false; break;
1437         case Bytecodes::_fadd :
1438         case Bytecodes::_fsub :
1439         case Bytecodes::_fmul :
1440         case Bytecodes::_fdiv :
1441         case Bytecodes::_frem :
1442           current_frame.pop_stack(
1443             VerificationType::float_type(), CHECK_VERIFY(this));
1444           // fall through
1445         case Bytecodes::_fneg :
1446           current_frame.pop_stack(
1447             VerificationType::float_type(), CHECK_VERIFY(this));
1448           current_frame.push_stack(
1449             VerificationType::float_type(), CHECK_VERIFY(this));
1450           no_control_flow = false; break;
1451         case Bytecodes::_dadd :
1452         case Bytecodes::_dsub :
1453         case Bytecodes::_dmul :
1454         case Bytecodes::_ddiv :
1455         case Bytecodes::_drem :
1456           current_frame.pop_stack_2(
1457             VerificationType::double2_type(),
1458             VerificationType::double_type(), CHECK_VERIFY(this));
1459           // fall through
1460         case Bytecodes::_dneg :
1461           current_frame.pop_stack_2(
1462             VerificationType::double2_type(),
1463             VerificationType::double_type(), CHECK_VERIFY(this));
1464           current_frame.push_stack_2(
1465             VerificationType::double_type(),
1466             VerificationType::double2_type(), CHECK_VERIFY(this));
1467           no_control_flow = false; break;
1468         case Bytecodes::_iinc :
1469           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1470           no_control_flow = false; break;
1471         case Bytecodes::_i2l :
1472           type = current_frame.pop_stack(
1473             VerificationType::integer_type(), CHECK_VERIFY(this));
1474           current_frame.push_stack_2(
1475             VerificationType::long_type(),
1476             VerificationType::long2_type(), CHECK_VERIFY(this));
1477           no_control_flow = false; break;
1478        case Bytecodes::_l2i :
1479           current_frame.pop_stack_2(
1480             VerificationType::long2_type(),
1481             VerificationType::long_type(), CHECK_VERIFY(this));
1482           current_frame.push_stack(
1483             VerificationType::integer_type(), CHECK_VERIFY(this));
1484           no_control_flow = false; break;
1485         case Bytecodes::_i2f :
1486           current_frame.pop_stack(
1487             VerificationType::integer_type(), CHECK_VERIFY(this));
1488           current_frame.push_stack(
1489             VerificationType::float_type(), CHECK_VERIFY(this));
1490           no_control_flow = false; break;
1491         case Bytecodes::_i2d :
1492           current_frame.pop_stack(
1493             VerificationType::integer_type(), CHECK_VERIFY(this));
1494           current_frame.push_stack_2(
1495             VerificationType::double_type(),
1496             VerificationType::double2_type(), CHECK_VERIFY(this));
1497           no_control_flow = false; break;
1498         case Bytecodes::_l2f :
1499           current_frame.pop_stack_2(
1500             VerificationType::long2_type(),
1501             VerificationType::long_type(), CHECK_VERIFY(this));
1502           current_frame.push_stack(
1503             VerificationType::float_type(), CHECK_VERIFY(this));
1504           no_control_flow = false; break;
1505         case Bytecodes::_l2d :
1506           current_frame.pop_stack_2(
1507             VerificationType::long2_type(),
1508             VerificationType::long_type(), CHECK_VERIFY(this));
1509           current_frame.push_stack_2(
1510             VerificationType::double_type(),
1511             VerificationType::double2_type(), CHECK_VERIFY(this));
1512           no_control_flow = false; break;
1513         case Bytecodes::_f2i :
1514           current_frame.pop_stack(
1515             VerificationType::float_type(), CHECK_VERIFY(this));
1516           current_frame.push_stack(
1517             VerificationType::integer_type(), CHECK_VERIFY(this));
1518           no_control_flow = false; break;
1519         case Bytecodes::_f2l :
1520           current_frame.pop_stack(
1521             VerificationType::float_type(), CHECK_VERIFY(this));
1522           current_frame.push_stack_2(
1523             VerificationType::long_type(),
1524             VerificationType::long2_type(), CHECK_VERIFY(this));
1525           no_control_flow = false; break;
1526         case Bytecodes::_f2d :
1527           current_frame.pop_stack(
1528             VerificationType::float_type(), CHECK_VERIFY(this));
1529           current_frame.push_stack_2(
1530             VerificationType::double_type(),
1531             VerificationType::double2_type(), CHECK_VERIFY(this));
1532           no_control_flow = false; break;
1533         case Bytecodes::_d2i :
1534           current_frame.pop_stack_2(
1535             VerificationType::double2_type(),
1536             VerificationType::double_type(), CHECK_VERIFY(this));
1537           current_frame.push_stack(
1538             VerificationType::integer_type(), CHECK_VERIFY(this));
1539           no_control_flow = false; break;
1540         case Bytecodes::_d2l :
1541           current_frame.pop_stack_2(
1542             VerificationType::double2_type(),
1543             VerificationType::double_type(), CHECK_VERIFY(this));
1544           current_frame.push_stack_2(
1545             VerificationType::long_type(),
1546             VerificationType::long2_type(), CHECK_VERIFY(this));
1547           no_control_flow = false; break;
1548         case Bytecodes::_d2f :
1549           current_frame.pop_stack_2(
1550             VerificationType::double2_type(),
1551             VerificationType::double_type(), CHECK_VERIFY(this));
1552           current_frame.push_stack(
1553             VerificationType::float_type(), CHECK_VERIFY(this));
1554           no_control_flow = false; break;
1555         case Bytecodes::_i2b :
1556         case Bytecodes::_i2c :
1557         case Bytecodes::_i2s :
1558           current_frame.pop_stack(
1559             VerificationType::integer_type(), CHECK_VERIFY(this));
1560           current_frame.push_stack(
1561             VerificationType::integer_type(), CHECK_VERIFY(this));
1562           no_control_flow = false; break;
1563         case Bytecodes::_lcmp :
1564           current_frame.pop_stack_2(
1565             VerificationType::long2_type(),
1566             VerificationType::long_type(), CHECK_VERIFY(this));
1567           current_frame.pop_stack_2(
1568             VerificationType::long2_type(),
1569             VerificationType::long_type(), CHECK_VERIFY(this));
1570           current_frame.push_stack(
1571             VerificationType::integer_type(), CHECK_VERIFY(this));
1572           no_control_flow = false; break;
1573         case Bytecodes::_fcmpl :
1574         case Bytecodes::_fcmpg :
1575           current_frame.pop_stack(
1576             VerificationType::float_type(), CHECK_VERIFY(this));
1577           current_frame.pop_stack(
1578             VerificationType::float_type(), CHECK_VERIFY(this));
1579           current_frame.push_stack(
1580             VerificationType::integer_type(), CHECK_VERIFY(this));
1581           no_control_flow = false; break;
1582         case Bytecodes::_dcmpl :
1583         case Bytecodes::_dcmpg :
1584           current_frame.pop_stack_2(
1585             VerificationType::double2_type(),
1586             VerificationType::double_type(), CHECK_VERIFY(this));
1587           current_frame.pop_stack_2(
1588             VerificationType::double2_type(),
1589             VerificationType::double_type(), CHECK_VERIFY(this));
1590           current_frame.push_stack(
1591             VerificationType::integer_type(), CHECK_VERIFY(this));
1592           no_control_flow = false; break;
1593         case Bytecodes::_if_icmpeq:
1594         case Bytecodes::_if_icmpne:
1595         case Bytecodes::_if_icmplt:
1596         case Bytecodes::_if_icmpge:
1597         case Bytecodes::_if_icmpgt:
1598         case Bytecodes::_if_icmple:
1599           current_frame.pop_stack(
1600             VerificationType::integer_type(), CHECK_VERIFY(this));
1601           // fall through
1602         case Bytecodes::_ifeq:
1603         case Bytecodes::_ifne:
1604         case Bytecodes::_iflt:
1605         case Bytecodes::_ifge:
1606         case Bytecodes::_ifgt:
1607         case Bytecodes::_ifle:
1608           current_frame.pop_stack(
1609             VerificationType::integer_type(), CHECK_VERIFY(this));
1610           target = bcs.dest();
1611           stackmap_table.check_jump_target(
1612             &current_frame, target, CHECK_VERIFY(this));
1613           no_control_flow = false; break;
1614         case Bytecodes::_if_acmpeq :
1615         case Bytecodes::_if_acmpne :
1616           current_frame.pop_stack(
1617             VerificationType::reference_check(), CHECK_VERIFY(this));
1618           // fall through
1619         case Bytecodes::_ifnull :
1620         case Bytecodes::_ifnonnull :
1621           current_frame.pop_stack(
1622             VerificationType::reference_check(), CHECK_VERIFY(this));
1623           target = bcs.dest();
1624           stackmap_table.check_jump_target
1625             (&current_frame, target, CHECK_VERIFY(this));
1626           no_control_flow = false; break;
1627         case Bytecodes::_goto :
1628           target = bcs.dest();
1629           stackmap_table.check_jump_target(
1630             &current_frame, target, CHECK_VERIFY(this));
1631           no_control_flow = true; break;
1632         case Bytecodes::_goto_w :
1633           target = bcs.dest_w();
1634           stackmap_table.check_jump_target(
1635             &current_frame, target, CHECK_VERIFY(this));
1636           no_control_flow = true; break;
1637         case Bytecodes::_tableswitch :
1638         case Bytecodes::_lookupswitch :
1639           verify_switch(
1640             &bcs, code_length, code_data, &current_frame,
1641             &stackmap_table, CHECK_VERIFY(this));
1642           no_control_flow = true; break;
1643         case Bytecodes::_ireturn :
1644           type = current_frame.pop_stack(
1645             VerificationType::integer_type(), CHECK_VERIFY(this));
1646           verify_return_value(return_type, type, bci,
1647                               &current_frame, CHECK_VERIFY(this));
1648           no_control_flow = true; break;
1649         case Bytecodes::_lreturn :
1650           type2 = current_frame.pop_stack(
1651             VerificationType::long2_type(), CHECK_VERIFY(this));
1652           type = current_frame.pop_stack(
1653             VerificationType::long_type(), CHECK_VERIFY(this));
1654           verify_return_value(return_type, type, bci,
1655                               &current_frame, CHECK_VERIFY(this));
1656           no_control_flow = true; break;
1657         case Bytecodes::_freturn :
1658           type = current_frame.pop_stack(
1659             VerificationType::float_type(), CHECK_VERIFY(this));
1660           verify_return_value(return_type, type, bci,
1661                               &current_frame, CHECK_VERIFY(this));
1662           no_control_flow = true; break;
1663         case Bytecodes::_dreturn :
1664           type2 = current_frame.pop_stack(
1665             VerificationType::double2_type(),  CHECK_VERIFY(this));
1666           type = current_frame.pop_stack(
1667             VerificationType::double_type(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_areturn :
1672           type = current_frame.pop_stack(
1673             VerificationType::reference_check(), CHECK_VERIFY(this));
1674           verify_return_value(return_type, type, bci,
1675                               &current_frame, CHECK_VERIFY(this));
1676           no_control_flow = true; break;
1677         case Bytecodes::_return :
1678           if (return_type != VerificationType::bogus_type()) {
1679             verify_error(ErrorContext::bad_code(bci),
1680                          "Method expects a return value");
1681             return;
1682           }
1683           // Make sure "this" has been initialized if current method is an
1684           // <init>.
1685           if (_method->name() == vmSymbols::object_initializer_name() &&
1686               current_frame.flag_this_uninit()) {
1687             verify_error(ErrorContext::bad_code(bci),
1688                          "Constructor must call super() or this() "
1689                          "before return");
1690             return;
1691           }
1692           no_control_flow = true; break;
1693         case Bytecodes::_getstatic :
1694         case Bytecodes::_putstatic :
1695           // pass TRUE, operand can be an array type for getstatic/putstatic.
1696           verify_field_instructions(
1697             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1698           no_control_flow = false; break;
1699         case Bytecodes::_getfield :
1700         case Bytecodes::_putfield :
1701           // pass FALSE, operand can't be an array type for getfield/putfield.
1702           verify_field_instructions(
1703             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1704           no_control_flow = false; break;
1705         case Bytecodes::_invokevirtual :
1706         case Bytecodes::_invokespecial :
1707         case Bytecodes::_invokestatic :
1708           verify_invoke_instructions(
1709             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1710             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711           no_control_flow = false; break;
1712         case Bytecodes::_invokeinterface :
1713         case Bytecodes::_invokedynamic :
1714           verify_invoke_instructions(
1715             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1716             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1717           no_control_flow = false; break;
1718         case Bytecodes::_new :
1719         {
1720           u2 index = bcs.get_index_u2();
1721           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1722           VerificationType new_class_type =
1723             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1724           if (!new_class_type.is_object()) {
1725             verify_error(ErrorContext::bad_type(bci,
1726                 TypeOrigin::cp(index, new_class_type)),
1727                 "Illegal new instruction");
1728             return;
1729           }
1730           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1731           current_frame.push_stack(type, CHECK_VERIFY(this));
1732           no_control_flow = false; break;
1733         }
1734         case Bytecodes::_newarray :
1735           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1736           current_frame.pop_stack(
1737             VerificationType::integer_type(),  CHECK_VERIFY(this));
1738           current_frame.push_stack(type, CHECK_VERIFY(this));
1739           no_control_flow = false; break;
1740         case Bytecodes::_anewarray :
1741           verify_anewarray(
1742             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1743           no_control_flow = false; break;
1744         case Bytecodes::_arraylength :
1745           type = current_frame.pop_stack(
1746             VerificationType::reference_check(), CHECK_VERIFY(this));
1747           if (!(type.is_null() || type.is_array())) {
1748             verify_error(ErrorContext::bad_type(
1749                 bci, current_frame.stack_top_ctx()),
1750                 bad_type_msg, "arraylength");
1751           }
1752           current_frame.push_stack(
1753             VerificationType::integer_type(), CHECK_VERIFY(this));
1754           no_control_flow = false; break;
1755         case Bytecodes::_checkcast :
1756         {
1757           u2 index = bcs.get_index_u2();
1758           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1759           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1760           VerificationType klass_type = cp_index_to_type(
1761             index, cp, CHECK_VERIFY(this));
1762           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1763           no_control_flow = false; break;
1764         }
1765         case Bytecodes::_instanceof : {
1766           u2 index = bcs.get_index_u2();
1767           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1768           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1769           current_frame.push_stack(
1770             VerificationType::integer_type(), CHECK_VERIFY(this));
1771           no_control_flow = false; break;
1772         }
1773         case Bytecodes::_monitorenter :
1774         case Bytecodes::_monitorexit :
1775           current_frame.pop_stack(
1776             VerificationType::reference_check(), CHECK_VERIFY(this));
1777           no_control_flow = false; break;
1778         case Bytecodes::_multianewarray :
1779         {
1780           u2 index = bcs.get_index_u2();
1781           u2 dim = *(bcs.bcp()+3);
1782           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1783           VerificationType new_array_type =
1784             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1785           if (!new_array_type.is_array()) {
1786             verify_error(ErrorContext::bad_type(bci,
1787                 TypeOrigin::cp(index, new_array_type)),
1788                 "Illegal constant pool index in multianewarray instruction");
1789             return;
1790           }
1791           if (dim < 1 || new_array_type.dimensions() < dim) {
1792             verify_error(ErrorContext::bad_code(bci),
1793                 "Illegal dimension in multianewarray instruction: %d", dim);
1794             return;
1795           }
1796           for (int i = 0; i < dim; i++) {
1797             current_frame.pop_stack(
1798               VerificationType::integer_type(), CHECK_VERIFY(this));
1799           }
1800           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1801           no_control_flow = false; break;
1802         }
1803         case Bytecodes::_athrow :
1804           type = VerificationType::reference_type(
1805             vmSymbols::java_lang_Throwable());
1806           current_frame.pop_stack(type, CHECK_VERIFY(this));
1807           no_control_flow = true; break;
1808         default:
1809           // We only need to check the valid bytecodes in class file.
1810           // And jsr and ret are not in the new class file format in JDK1.6.
1811           verify_error(ErrorContext::bad_code(bci),
1812               "Bad instruction: %02x", opcode);
1813           no_control_flow = false;
1814           return;
1815       }  // end switch
1816     }  // end Merge with the next instruction
1817 
1818     // Look for possible jump target in exception handlers and see if it matches
1819     // current_frame.  Don't do this check if it has already been done (for
1820     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1821     // opcodes, such as invokespecial, may set the this_uninit flag.
1822     assert(!(verified_exc_handlers && this_uninit),
1823       "Exception handler targets got verified before this_uninit got set");
1824     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1825       if (was_recursively_verified()) return;
1826       verify_exception_handler_targets(
1827         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1828     }
1829   } // end while
1830 
1831   // Make sure that control flow does not fall through end of the method
1832   if (!no_control_flow) {
1833     verify_error(ErrorContext::bad_code(code_length),
1834         "Control flow falls through code end");
1835     return;
1836   }
1837 }
1838 
1839 #undef bad_type_message
1840 
1841 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1842   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1843   memset(code_data, 0, sizeof(char) * code_length);
1844   RawBytecodeStream bcs(m);
1845 
1846   while (!bcs.is_last_bytecode()) {
1847     if (bcs.raw_next() != Bytecodes::_illegal) {
1848       int bci = bcs.bci();
1849       if (bcs.raw_code() == Bytecodes::_new) {
1850         code_data[bci] = NEW_OFFSET;
1851       } else {
1852         code_data[bci] = BYTECODE_OFFSET;
1853       }
1854     } else {
1855       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1856       return nullptr;
1857     }
1858   }
1859 
1860   return code_data;
1861 }
1862 
1863 // Since this method references the constant pool, call was_recursively_verified()
1864 // before calling this method to make sure a prior class load did not cause the
1865 // current class to get verified.
1866 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1867   ExceptionTable exhandlers(_method());
1868   int exlength = exhandlers.length();
1869   constantPoolHandle cp (THREAD, _method->constants());
1870 
1871   for(int i = 0; i < exlength; i++) {
1872     u2 start_pc = exhandlers.start_pc(i);
1873     u2 end_pc = exhandlers.end_pc(i);
1874     u2 handler_pc = exhandlers.handler_pc(i);
1875     if (start_pc >= code_length || code_data[start_pc] == 0) {
1876       class_format_error("Illegal exception table start_pc %d", start_pc);
1877       return;
1878     }
1879     if (end_pc != code_length) {   // special case: end_pc == code_length
1880       if (end_pc > code_length || code_data[end_pc] == 0) {
1881         class_format_error("Illegal exception table end_pc %d", end_pc);
1882         return;
1883       }
1884     }
1885     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1886       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1887       return;
1888     }
1889     u2 catch_type_index = exhandlers.catch_type_index(i);
1890     if (catch_type_index != 0) {
1891       VerificationType catch_type = cp_index_to_type(
1892         catch_type_index, cp, CHECK_VERIFY(this));
1893       VerificationType throwable =
1894         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1895       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1896       // do that, and we need to avoid a runtime resolution in case we are trying to
1897       // catch OutOfMemoryError.
1898       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1899         cp->klass_at(catch_type_index, CHECK);
1900       }
1901       bool is_subclass = throwable.is_assignable_from(
1902         catch_type, this, false, CHECK_VERIFY(this));
1903       if (!is_subclass) {
1904         // 4286534: should throw VerifyError according to recent spec change
1905         verify_error(ErrorContext::bad_type(handler_pc,
1906             TypeOrigin::cp(catch_type_index, catch_type),
1907             TypeOrigin::implicit(throwable)),
1908             "Catch type is not a subclass "
1909             "of Throwable in exception handler %d", handler_pc);
1910         return;
1911       }
1912     }
1913     if (start_pc < min) min = start_pc;
1914     if (end_pc > max) max = end_pc;
1915   }
1916 }
1917 
1918 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1919   int localvariable_table_length = _method->localvariable_table_length();
1920   if (localvariable_table_length > 0) {
1921     LocalVariableTableElement* table = _method->localvariable_table_start();
1922     for (int i = 0; i < localvariable_table_length; i++) {
1923       u2 start_bci = table[i].start_bci;
1924       u2 length = table[i].length;
1925 
1926       if (start_bci >= code_length || code_data[start_bci] == 0) {
1927         class_format_error(
1928           "Illegal local variable table start_pc %d", start_bci);
1929         return;
1930       }
1931       u4 end_bci = (u4)(start_bci + length);
1932       if (end_bci != code_length) {
1933         if (end_bci >= code_length || code_data[end_bci] == 0) {
1934           class_format_error( "Illegal local variable table length %d", length);
1935           return;
1936         }
1937       }
1938     }
1939   }
1940 }
1941 
1942 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1943                                         StackMapFrame* current_frame,
1944                                         StackMapTable* stackmap_table,
1945                                         bool no_control_flow, TRAPS) {
1946   if (stackmap_index < stackmap_table->get_frame_count()) {
1947     int this_offset = stackmap_table->get_offset(stackmap_index);
1948     if (no_control_flow && this_offset > bci) {
1949       verify_error(ErrorContext::missing_stackmap(bci),
1950                    "Expecting a stack map frame");
1951       return 0;
1952     }
1953     if (this_offset == bci) {
1954       ErrorContext ctx;
1955       // See if current stack map can be assigned to the frame in table.
1956       // current_frame is the stackmap frame got from the last instruction.
1957       // If matched, current_frame will be updated by this method.
1958       bool matches = stackmap_table->match_stackmap(
1959         current_frame, this_offset, stackmap_index,
1960         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1961       if (!matches) {
1962         // report type error
1963         verify_error(ctx, "Instruction type does not match stack map");
1964         return 0;
1965       }
1966       stackmap_index++;
1967     } else if (this_offset < bci) {
1968       // current_offset should have met this_offset.
1969       class_format_error("Bad stack map offset %d", this_offset);
1970       return 0;
1971     }
1972   } else if (no_control_flow) {
1973     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1974     return 0;
1975   }
1976   return stackmap_index;
1977 }
1978 
1979 // Since this method references the constant pool, call was_recursively_verified()
1980 // before calling this method to make sure a prior class load did not cause the
1981 // current class to get verified.
1982 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1983                                                      StackMapFrame* current_frame,
1984                                                      StackMapTable* stackmap_table, TRAPS) {
1985   constantPoolHandle cp (THREAD, _method->constants());
1986   ExceptionTable exhandlers(_method());
1987   int exlength = exhandlers.length();
1988   for(int i = 0; i < exlength; i++) {
1989     u2 start_pc = exhandlers.start_pc(i);
1990     u2 end_pc = exhandlers.end_pc(i);
1991     u2 handler_pc = exhandlers.handler_pc(i);
1992     int catch_type_index = exhandlers.catch_type_index(i);
1993     if(bci >= start_pc && bci < end_pc) {
1994       u1 flags = current_frame->flags();
1995       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
1996       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1997       if (catch_type_index != 0) {
1998         if (was_recursively_verified()) return;
1999         // We know that this index refers to a subclass of Throwable
2000         VerificationType catch_type = cp_index_to_type(
2001           catch_type_index, cp, CHECK_VERIFY(this));
2002         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2003       } else {
2004         VerificationType throwable =
2005           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2006         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2007       }
2008       ErrorContext ctx;
2009       bool matches = stackmap_table->match_stackmap(
2010         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2011       if (!matches) {
2012         verify_error(ctx, "Stack map does not match the one at "
2013             "exception handler %d", handler_pc);
2014         return;
2015       }
2016     }
2017   }
2018 }
2019 
2020 void ClassVerifier::verify_cp_index(
2021     int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2022   int nconstants = cp->length();
2023   if ((index <= 0) || (index >= nconstants)) {
2024     verify_error(ErrorContext::bad_cp_index(bci, index),
2025         "Illegal constant pool index %d in class %s",
2026         index, cp->pool_holder()->external_name());
2027     return;
2028   }
2029 }
2030 
2031 void ClassVerifier::verify_cp_type(
2032     int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2033 
2034   // In some situations, bytecode rewriting may occur while we're verifying.
2035   // In this case, a constant pool cache exists and some indices refer to that
2036   // instead.  Be sure we don't pick up such indices by accident.
2037   // We must check was_recursively_verified() before we get here.
2038   guarantee(cp->cache() == nullptr, "not rewritten yet");
2039 
2040   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2041   unsigned int tag = cp->tag_at(index).value();
2042   if ((types & (1 << tag)) == 0) {
2043     verify_error(ErrorContext::bad_cp_index(bci, index),
2044       "Illegal type at constant pool entry %d in class %s",
2045       index, cp->pool_holder()->external_name());
2046     return;
2047   }
2048 }
2049 
2050 void ClassVerifier::verify_cp_class_type(
2051     int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2052   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2053   constantTag tag = cp->tag_at(index);
2054   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2055     verify_error(ErrorContext::bad_cp_index(bci, index),
2056         "Illegal type at constant pool entry %d in class %s",
2057         index, cp->pool_holder()->external_name());
2058     return;
2059   }
2060 }
2061 
2062 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2063   stringStream ss;
2064 
2065   ctx.reset_frames();
2066   _exception_type = vmSymbols::java_lang_VerifyError();
2067   _error_context = ctx;
2068   va_list va;
2069   va_start(va, msg);
2070   ss.vprint(msg, va);
2071   va_end(va);
2072   _message = ss.as_string();
2073 #ifdef ASSERT
2074   ResourceMark rm;
2075   const char* exception_name = _exception_type->as_C_string();
2076   Exceptions::debug_check_abort(exception_name, nullptr);
2077 #endif // ndef ASSERT
2078 }
2079 
2080 void ClassVerifier::class_format_error(const char* msg, ...) {
2081   stringStream ss;
2082   _exception_type = vmSymbols::java_lang_ClassFormatError();
2083   va_list va;
2084   va_start(va, msg);
2085   ss.vprint(msg, va);
2086   va_end(va);
2087   if (!_method.is_null()) {
2088     ss.print(" in method '");
2089     _method->print_external_name(&ss);
2090     ss.print("'");
2091   }
2092   _message = ss.as_string();
2093 }
2094 
2095 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2096   HandleMark hm(THREAD);
2097   // Get current loader and protection domain first.
2098   oop loader = current_class()->class_loader();
2099   oop protection_domain = current_class()->protection_domain();
2100 
2101   assert(name_in_supers(name, current_class()), "name should be a super class");
2102 
2103   Klass* kls = SystemDictionary::resolve_or_fail(
2104     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2105     true, THREAD);
2106 
2107   if (kls != nullptr) {
2108     if (log_is_enabled(Debug, class, resolve)) {
2109       Verifier::trace_class_resolution(kls, current_class());
2110     }
2111   }
2112   return kls;
2113 }
2114 
2115 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2116                                         Klass* target_class,
2117                                         Symbol* field_name,
2118                                         Symbol* field_sig,
2119                                         bool is_method) {
2120   NoSafepointVerifier nosafepoint;
2121 
2122   // If target class isn't a super class of this class, we don't worry about this case
2123   if (!this_class->is_subclass_of(target_class)) {
2124     return false;
2125   }
2126   // Check if the specified method or field is protected
2127   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2128   fieldDescriptor fd;
2129   if (is_method) {
2130     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2131     if (m != nullptr && m->is_protected()) {
2132       if (!this_class->is_same_class_package(m->method_holder())) {
2133         return true;
2134       }
2135     }
2136   } else {
2137     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2138     if (member_klass != nullptr && fd.is_protected()) {
2139       if (!this_class->is_same_class_package(member_klass)) {
2140         return true;
2141       }
2142     }
2143   }
2144   return false;
2145 }
2146 
2147 void ClassVerifier::verify_ldc(
2148     int opcode, u2 index, StackMapFrame* current_frame,
2149     const constantPoolHandle& cp, int bci, TRAPS) {
2150   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2151   constantTag tag = cp->tag_at(index);
2152   unsigned int types = 0;
2153   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2154     if (!tag.is_unresolved_klass()) {
2155       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2156             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2157             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2158             | (1 << JVM_CONSTANT_Dynamic);
2159       // Note:  The class file parser already verified the legality of
2160       // MethodHandle and MethodType constants.
2161       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2162     }
2163   } else {
2164     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2165     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2166           | (1 << JVM_CONSTANT_Dynamic);
2167     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2168   }
2169   if (tag.is_string()) {
2170     current_frame->push_stack(
2171       VerificationType::reference_type(
2172         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2173   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2174     current_frame->push_stack(
2175       VerificationType::reference_type(
2176         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2177   } else if (tag.is_int()) {
2178     current_frame->push_stack(
2179       VerificationType::integer_type(), CHECK_VERIFY(this));
2180   } else if (tag.is_float()) {
2181     current_frame->push_stack(
2182       VerificationType::float_type(), CHECK_VERIFY(this));
2183   } else if (tag.is_double()) {
2184     current_frame->push_stack_2(
2185       VerificationType::double_type(),
2186       VerificationType::double2_type(), CHECK_VERIFY(this));
2187   } else if (tag.is_long()) {
2188     current_frame->push_stack_2(
2189       VerificationType::long_type(),
2190       VerificationType::long2_type(), CHECK_VERIFY(this));
2191   } else if (tag.is_method_handle()) {
2192     current_frame->push_stack(
2193       VerificationType::reference_type(
2194         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2195   } else if (tag.is_method_type()) {
2196     current_frame->push_stack(
2197       VerificationType::reference_type(
2198         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2199   } else if (tag.is_dynamic_constant()) {
2200     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2201     // Field signature was checked in ClassFileParser.
2202     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2203            "Invalid type for dynamic constant");
2204     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2205           "buffer type must match VerificationType size");
2206     uintptr_t constant_type_buffer[2];
2207     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2208     SignatureStream sig_stream(constant_type, false);
2209     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2210     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2211     if (n != opcode_n) {
2212       // wrong kind of ldc; reverify against updated type mask
2213       types &= ~(1 << JVM_CONSTANT_Dynamic);
2214       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2215     }
2216     for (int i = 0; i < n; i++) {
2217       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2218     }
2219   } else {
2220     /* Unreachable? verify_cp_type has already validated the cp type. */
2221     verify_error(
2222         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2223     return;
2224   }
2225 }
2226 
2227 void ClassVerifier::verify_switch(
2228     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2229     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2230   int bci = bcs->bci();
2231   address bcp = bcs->bcp();
2232   address aligned_bcp = align_up(bcp + 1, jintSize);
2233 
2234   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2235     // 4639449 & 4647081: padding bytes must be 0
2236     u2 padding_offset = 1;
2237     while ((bcp + padding_offset) < aligned_bcp) {
2238       if(*(bcp + padding_offset) != 0) {
2239         verify_error(ErrorContext::bad_code(bci),
2240                      "Nonzero padding byte in lookupswitch or tableswitch");
2241         return;
2242       }
2243       padding_offset++;
2244     }
2245   }
2246 
2247   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2248   int keys, delta;
2249   current_frame->pop_stack(
2250     VerificationType::integer_type(), CHECK_VERIFY(this));
2251   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2252     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2253     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2254     if (low > high) {
2255       verify_error(ErrorContext::bad_code(bci),
2256           "low must be less than or equal to high in tableswitch");
2257       return;
2258     }
2259     keys = high - low + 1;
2260     if (keys < 0) {
2261       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2262       return;
2263     }
2264     delta = 1;
2265   } else {
2266     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2267     if (keys < 0) {
2268       verify_error(ErrorContext::bad_code(bci),
2269                    "number of keys in lookupswitch less than 0");
2270       return;
2271     }
2272     delta = 2;
2273     // Make sure that the lookupswitch items are sorted
2274     for (int i = 0; i < (keys - 1); i++) {
2275       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2276       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2277       if (this_key >= next_key) {
2278         verify_error(ErrorContext::bad_code(bci),
2279                      "Bad lookupswitch instruction");
2280         return;
2281       }
2282     }
2283   }
2284   int target = bci + default_offset;
2285   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2286   for (int i = 0; i < keys; i++) {
2287     // Because check_jump_target() may safepoint, the bytecode could have
2288     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2289     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2290     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2291     stackmap_table->check_jump_target(
2292       current_frame, target, CHECK_VERIFY(this));
2293   }
2294   NOT_PRODUCT(aligned_bcp = nullptr);  // no longer valid at this point
2295 }
2296 
2297 bool ClassVerifier::name_in_supers(
2298     Symbol* ref_name, InstanceKlass* current) {
2299   Klass* super = current->super();
2300   while (super != nullptr) {
2301     if (super->name() == ref_name) {
2302       return true;
2303     }
2304     super = super->super();
2305   }
2306   return false;
2307 }
2308 
2309 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2310                                               StackMapFrame* current_frame,
2311                                               const constantPoolHandle& cp,
2312                                               bool allow_arrays,
2313                                               TRAPS) {
2314   u2 index = bcs->get_index_u2();
2315   verify_cp_type(bcs->bci(), index, cp,
2316       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2317 
2318   // Get field name and signature
2319   Symbol* field_name = cp->uncached_name_ref_at(index);
2320   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2321   bool is_getfield = false;
2322 
2323   // Field signature was checked in ClassFileParser.
2324   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2325          "Invalid field signature");
2326 
2327   // Get referenced class type
2328   VerificationType ref_class_type = cp_ref_index_to_type(
2329     index, cp, CHECK_VERIFY(this));
2330   if (!ref_class_type.is_object() &&
2331     (!allow_arrays || !ref_class_type.is_array())) {
2332     verify_error(ErrorContext::bad_type(bcs->bci(),
2333         TypeOrigin::cp(index, ref_class_type)),
2334         "Expecting reference to class in class %s at constant pool index %d",
2335         _klass->external_name(), index);
2336     return;
2337   }
2338   VerificationType target_class_type = ref_class_type;
2339 
2340   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2341         "buffer type must match VerificationType size");
2342   uintptr_t field_type_buffer[2];
2343   VerificationType* field_type = (VerificationType*)field_type_buffer;
2344   // If we make a VerificationType[2] array directly, the compiler calls
2345   // to the c-runtime library to do the allocation instead of just
2346   // stack allocating it.  Plus it would run constructors.  This shows up
2347   // in performance profiles.
2348 
2349   SignatureStream sig_stream(field_sig, false);
2350   VerificationType stack_object_type;
2351   int n = change_sig_to_verificationType(&sig_stream, field_type);
2352   int bci = bcs->bci();
2353   bool is_assignable;
2354   switch (bcs->raw_code()) {
2355     case Bytecodes::_getstatic: {
2356       for (int i = 0; i < n; i++) {
2357         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2358       }
2359       break;
2360     }
2361     case Bytecodes::_putstatic: {
2362       for (int i = n - 1; i >= 0; i--) {
2363         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2364       }
2365       break;
2366     }
2367     case Bytecodes::_getfield: {
2368       is_getfield = true;
2369       stack_object_type = current_frame->pop_stack(
2370         target_class_type, CHECK_VERIFY(this));
2371       goto check_protected;
2372     }
2373     case Bytecodes::_putfield: {
2374       for (int i = n - 1; i >= 0; i--) {
2375         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2376       }
2377       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2378 
2379       // The JVMS 2nd edition allows field initialization before the superclass
2380       // initializer, if the field is defined within the current class.
2381       fieldDescriptor fd;
2382       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2383           target_class_type.equals(current_type()) &&
2384           _klass->find_local_field(field_name, field_sig, &fd)) {
2385         stack_object_type = current_type();
2386       }
2387       is_assignable = target_class_type.is_assignable_from(
2388         stack_object_type, this, false, CHECK_VERIFY(this));
2389       if (!is_assignable) {
2390         verify_error(ErrorContext::bad_type(bci,
2391             current_frame->stack_top_ctx(),
2392             TypeOrigin::cp(index, target_class_type)),
2393             "Bad type on operand stack in putfield");
2394         return;
2395       }
2396     }
2397     check_protected: {
2398       if (_this_type == stack_object_type)
2399         break; // stack_object_type must be assignable to _current_class_type
2400       if (was_recursively_verified()) {
2401         if (is_getfield) {
2402           // Push field type for getfield.
2403           for (int i = 0; i < n; i++) {
2404             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2405           }
2406         }
2407         return;
2408       }
2409       Symbol* ref_class_name =
2410         cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2411       if (!name_in_supers(ref_class_name, current_class()))
2412         // stack_object_type must be assignable to _current_class_type since:
2413         // 1. stack_object_type must be assignable to ref_class.
2414         // 2. ref_class must be _current_class or a subclass of it. It can't
2415         //    be a superclass of it. See revised JVMS 5.4.4.
2416         break;
2417 
2418       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2419       if (is_protected_access(current_class(), ref_class_oop, field_name,
2420                               field_sig, false)) {
2421         // It's protected access, check if stack object is assignable to
2422         // current class.
2423         is_assignable = current_type().is_assignable_from(
2424           stack_object_type, this, true, CHECK_VERIFY(this));
2425         if (!is_assignable) {
2426           verify_error(ErrorContext::bad_type(bci,
2427               current_frame->stack_top_ctx(),
2428               TypeOrigin::implicit(current_type())),
2429               "Bad access to protected data in %s",
2430               is_getfield ? "getfield" : "putfield");
2431           return;
2432         }
2433       }
2434       break;
2435     }
2436     default: ShouldNotReachHere();
2437   }
2438   if (is_getfield) {
2439     // Push field type for getfield after doing protection check.
2440     for (int i = 0; i < n; i++) {
2441       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2442     }
2443   }
2444 }
2445 
2446 // Look at the method's handlers.  If the bci is in the handler's try block
2447 // then check if the handler_pc is already on the stack.  If not, push it
2448 // unless the handler has already been scanned.
2449 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2450                                   GrowableArray<u4>* handler_list,
2451                                   GrowableArray<u4>* handler_stack,
2452                                   u4 bci) {
2453   int exlength = exhandlers->length();
2454   for(int x = 0; x < exlength; x++) {
2455     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2456       u4 exhandler_pc = exhandlers->handler_pc(x);
2457       if (!handler_list->contains(exhandler_pc)) {
2458         handler_stack->append_if_missing(exhandler_pc);
2459         handler_list->append(exhandler_pc);
2460       }
2461     }
2462   }
2463 }
2464 
2465 // Return TRUE if all code paths starting with start_bc_offset end in
2466 // bytecode athrow or loop.
2467 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2468   ResourceMark rm;
2469   // Create bytecode stream.
2470   RawBytecodeStream bcs(method());
2471   int code_length = method()->code_size();
2472   bcs.set_start(start_bc_offset);
2473 
2474   // Create stack for storing bytecode start offsets for if* and *switch.
2475   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2476   // Create stack for handlers for try blocks containing this handler.
2477   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2478   // Create list of handlers that have been pushed onto the handler_stack
2479   // so that handlers embedded inside of their own TRY blocks only get
2480   // scanned once.
2481   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2482   // Create list of visited branch opcodes (goto* and if*).
2483   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2484   ExceptionTable exhandlers(_method());
2485 
2486   while (true) {
2487     if (bcs.is_last_bytecode()) {
2488       // if no more starting offsets to parse or if at the end of the
2489       // method then return false.
2490       if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2491         return false;
2492       // Pop a bytecode starting offset and scan from there.
2493       bcs.set_start(bci_stack->pop());
2494     }
2495     Bytecodes::Code opcode = bcs.raw_next();
2496     int bci = bcs.bci();
2497 
2498     // If the bytecode is in a TRY block, push its handlers so they
2499     // will get parsed.
2500     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2501 
2502     switch (opcode) {
2503       case Bytecodes::_if_icmpeq:
2504       case Bytecodes::_if_icmpne:
2505       case Bytecodes::_if_icmplt:
2506       case Bytecodes::_if_icmpge:
2507       case Bytecodes::_if_icmpgt:
2508       case Bytecodes::_if_icmple:
2509       case Bytecodes::_ifeq:
2510       case Bytecodes::_ifne:
2511       case Bytecodes::_iflt:
2512       case Bytecodes::_ifge:
2513       case Bytecodes::_ifgt:
2514       case Bytecodes::_ifle:
2515       case Bytecodes::_if_acmpeq:
2516       case Bytecodes::_if_acmpne:
2517       case Bytecodes::_ifnull:
2518       case Bytecodes::_ifnonnull: {
2519         int target = bcs.dest();
2520         if (visited_branches->contains(bci)) {
2521           if (bci_stack->is_empty()) {
2522             if (handler_stack->is_empty()) {
2523               return true;
2524             } else {
2525               // Parse the catch handlers for try blocks containing athrow.
2526               bcs.set_start(handler_stack->pop());
2527             }
2528           } else {
2529             // Pop a bytecode starting offset and scan from there.
2530             bcs.set_start(bci_stack->pop());
2531           }
2532         } else {
2533           if (target > bci) { // forward branch
2534             if (target >= code_length) return false;
2535             // Push the branch target onto the stack.
2536             bci_stack->push(target);
2537             // then, scan bytecodes starting with next.
2538             bcs.set_start(bcs.next_bci());
2539           } else { // backward branch
2540             // Push bytecode offset following backward branch onto the stack.
2541             bci_stack->push(bcs.next_bci());
2542             // Check bytecodes starting with branch target.
2543             bcs.set_start(target);
2544           }
2545           // Record target so we don't branch here again.
2546           visited_branches->append(bci);
2547         }
2548         break;
2549         }
2550 
2551       case Bytecodes::_goto:
2552       case Bytecodes::_goto_w: {
2553         int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2554         if (visited_branches->contains(bci)) {
2555           if (bci_stack->is_empty()) {
2556             if (handler_stack->is_empty()) {
2557               return true;
2558             } else {
2559               // Parse the catch handlers for try blocks containing athrow.
2560               bcs.set_start(handler_stack->pop());
2561             }
2562           } else {
2563             // Been here before, pop new starting offset from stack.
2564             bcs.set_start(bci_stack->pop());
2565           }
2566         } else {
2567           if (target >= code_length) return false;
2568           // Continue scanning from the target onward.
2569           bcs.set_start(target);
2570           // Record target so we don't branch here again.
2571           visited_branches->append(bci);
2572         }
2573         break;
2574         }
2575 
2576       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2577       // is  difficult to determine where each switch alternative ends, parse
2578       // each switch alternative until either hit a 'return', 'athrow', or reach
2579       // the end of the method's bytecodes.  This is gross but should be okay
2580       // because:
2581       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2582       //    constructor invocations should be rare.
2583       // 2. if each switch alternative ends in an athrow then the parsing should be
2584       //    short.  If there is no athrow then it is bogus code, anyway.
2585       case Bytecodes::_lookupswitch:
2586       case Bytecodes::_tableswitch:
2587         {
2588           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2589           int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2590           int keys, delta;
2591           if (opcode == Bytecodes::_tableswitch) {
2592             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2593             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2594             // This is invalid, but let the regular bytecode verifier
2595             // report this because the user will get a better error message.
2596             if (low > high) return true;
2597             keys = high - low + 1;
2598             delta = 1;
2599           } else {
2600             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2601             delta = 2;
2602           }
2603           // Invalid, let the regular bytecode verifier deal with it.
2604           if (keys < 0) return true;
2605 
2606           // Push the offset of the next bytecode onto the stack.
2607           bci_stack->push(bcs.next_bci());
2608 
2609           // Push the switch alternatives onto the stack.
2610           for (int i = 0; i < keys; i++) {
2611             int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2612             if (target > code_length) return false;
2613             bci_stack->push(target);
2614           }
2615 
2616           // Start bytecode parsing for the switch at the default alternative.
2617           if (default_offset > code_length) return false;
2618           bcs.set_start(default_offset);
2619           break;
2620         }
2621 
2622       case Bytecodes::_return:
2623         return false;
2624 
2625       case Bytecodes::_athrow:
2626         {
2627           if (bci_stack->is_empty()) {
2628             if (handler_stack->is_empty()) {
2629               return true;
2630             } else {
2631               // Parse the catch handlers for try blocks containing athrow.
2632               bcs.set_start(handler_stack->pop());
2633             }
2634           } else {
2635             // Pop a bytecode offset and starting scanning from there.
2636             bcs.set_start(bci_stack->pop());
2637           }
2638         }
2639         break;
2640 
2641       default:
2642         ;
2643     } // end switch
2644   } // end while loop
2645 
2646   return false;
2647 }
2648 
2649 void ClassVerifier::verify_invoke_init(
2650     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2651     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2652     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2653     TRAPS) {
2654   int bci = bcs->bci();
2655   VerificationType type = current_frame->pop_stack(
2656     VerificationType::reference_check(), CHECK_VERIFY(this));
2657   if (type == VerificationType::uninitialized_this_type()) {
2658     // The method must be an <init> method of this class or its superclass
2659     Klass* superk = current_class()->super();
2660     if (ref_class_type.name() != current_class()->name() &&
2661         ref_class_type.name() != superk->name()) {
2662       verify_error(ErrorContext::bad_type(bci,
2663           TypeOrigin::implicit(ref_class_type),
2664           TypeOrigin::implicit(current_type())),
2665           "Bad <init> method call");
2666       return;
2667     }
2668 
2669     // If this invokespecial call is done from inside of a TRY block then make
2670     // sure that all catch clause paths end in a throw.  Otherwise, this can
2671     // result in returning an incomplete object.
2672     if (in_try_block) {
2673       ExceptionTable exhandlers(_method());
2674       int exlength = exhandlers.length();
2675       for(int i = 0; i < exlength; i++) {
2676         u2 start_pc = exhandlers.start_pc(i);
2677         u2 end_pc = exhandlers.end_pc(i);
2678 
2679         if (bci >= start_pc && bci < end_pc) {
2680           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2681             verify_error(ErrorContext::bad_code(bci),
2682               "Bad <init> method call from after the start of a try block");
2683             return;
2684           } else if (log_is_enabled(Debug, verification)) {
2685             ResourceMark rm(THREAD);
2686             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2687                                           current_class()->name()->as_C_string());
2688           }
2689         }
2690       }
2691 
2692       // Check the exception handler target stackmaps with the locals from the
2693       // incoming stackmap (before initialize_object() changes them to outgoing
2694       // state).
2695       if (was_recursively_verified()) return;
2696       verify_exception_handler_targets(bci, true, current_frame,
2697                                        stackmap_table, CHECK_VERIFY(this));
2698     } // in_try_block
2699 
2700     current_frame->initialize_object(type, current_type());
2701     *this_uninit = true;
2702   } else if (type.is_uninitialized()) {
2703     u2 new_offset = type.bci();
2704     address new_bcp = bcs->bcp() - bci + new_offset;
2705     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2706       /* Unreachable?  Stack map parsing ensures valid type and new
2707        * instructions have a valid BCI. */
2708       verify_error(ErrorContext::bad_code(new_offset),
2709                    "Expecting new instruction");
2710       return;
2711     }
2712     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2713     if (was_recursively_verified()) return;
2714     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2715 
2716     // The method must be an <init> method of the indicated class
2717     VerificationType new_class_type = cp_index_to_type(
2718       new_class_index, cp, CHECK_VERIFY(this));
2719     if (!new_class_type.equals(ref_class_type)) {
2720       verify_error(ErrorContext::bad_type(bci,
2721           TypeOrigin::cp(new_class_index, new_class_type),
2722           TypeOrigin::cp(ref_class_index, ref_class_type)),
2723           "Call to wrong <init> method");
2724       return;
2725     }
2726     // According to the VM spec, if the referent class is a superclass of the
2727     // current class, and is in a different runtime package, and the method is
2728     // protected, then the objectref must be the current class or a subclass
2729     // of the current class.
2730     VerificationType objectref_type = new_class_type;
2731     if (name_in_supers(ref_class_type.name(), current_class())) {
2732       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2733       if (was_recursively_verified()) return;
2734       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2735         vmSymbols::object_initializer_name(),
2736         cp->uncached_signature_ref_at(bcs->get_index_u2()),
2737         Klass::OverpassLookupMode::find);
2738       // Do nothing if method is not found.  Let resolution detect the error.
2739       if (m != nullptr) {
2740         InstanceKlass* mh = m->method_holder();
2741         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2742           bool assignable = current_type().is_assignable_from(
2743             objectref_type, this, true, CHECK_VERIFY(this));
2744           if (!assignable) {
2745             verify_error(ErrorContext::bad_type(bci,
2746                 TypeOrigin::cp(new_class_index, objectref_type),
2747                 TypeOrigin::implicit(current_type())),
2748                 "Bad access to protected <init> method");
2749             return;
2750           }
2751         }
2752       }
2753     }
2754     // Check the exception handler target stackmaps with the locals from the
2755     // incoming stackmap (before initialize_object() changes them to outgoing
2756     // state).
2757     if (in_try_block) {
2758       if (was_recursively_verified()) return;
2759       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2760                                        stackmap_table, CHECK_VERIFY(this));
2761     }
2762     current_frame->initialize_object(type, new_class_type);
2763   } else {
2764     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2765         "Bad operand type when invoking <init>");
2766     return;
2767   }
2768 }
2769 
2770 bool ClassVerifier::is_same_or_direct_interface(
2771     InstanceKlass* klass,
2772     VerificationType klass_type,
2773     VerificationType ref_class_type) {
2774   if (ref_class_type.equals(klass_type)) return true;
2775   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2776   if (local_interfaces != nullptr) {
2777     for (int x = 0; x < local_interfaces->length(); x++) {
2778       InstanceKlass* k = local_interfaces->at(x);
2779       assert (k != nullptr && k->is_interface(), "invalid interface");
2780       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2781         return true;
2782       }
2783     }
2784   }
2785   return false;
2786 }
2787 
2788 void ClassVerifier::verify_invoke_instructions(
2789     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2790     bool in_try_block, bool *this_uninit, VerificationType return_type,
2791     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2792   // Make sure the constant pool item is the right type
2793   u2 index = bcs->get_index_u2();
2794   Bytecodes::Code opcode = bcs->raw_code();
2795   unsigned int types = 0;
2796   switch (opcode) {
2797     case Bytecodes::_invokeinterface:
2798       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2799       break;
2800     case Bytecodes::_invokedynamic:
2801       types = 1 << JVM_CONSTANT_InvokeDynamic;
2802       break;
2803     case Bytecodes::_invokespecial:
2804     case Bytecodes::_invokestatic:
2805       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2806         (1 << JVM_CONSTANT_Methodref) :
2807         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2808       break;
2809     default:
2810       types = 1 << JVM_CONSTANT_Methodref;
2811   }
2812   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2813 
2814   // Get method name and signature
2815   Symbol* method_name = cp->uncached_name_ref_at(index);
2816   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2817 
2818   // Method signature was checked in ClassFileParser.
2819   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2820          "Invalid method signature");
2821 
2822   // Get referenced class type
2823   VerificationType ref_class_type;
2824   if (opcode == Bytecodes::_invokedynamic) {
2825     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2826       class_format_error(
2827         "invokedynamic instructions not supported by this class file version (%d), class %s",
2828         _klass->major_version(), _klass->external_name());
2829       return;
2830     }
2831   } else {
2832     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2833   }
2834 
2835   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2836         "buffer type must match VerificationType size");
2837 
2838   // Get the UTF8 index for this signature.
2839   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2840 
2841   // Get the signature's verification types.
2842   sig_as_verification_types* mth_sig_verif_types;
2843   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2844   if (mth_sig_verif_types_ptr != nullptr) {
2845     // Found the entry for the signature's verification types in the hash table.
2846     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2847     assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2848   } else {
2849     // Not found, add the entry to the table.
2850     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2851     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2852     create_method_sig_entry(mth_sig_verif_types, sig_index);
2853   }
2854 
2855   // Get the number of arguments for this signature.
2856   int nargs = mth_sig_verif_types->num_args();
2857 
2858   // Check instruction operands
2859   int bci = bcs->bci();
2860   if (opcode == Bytecodes::_invokeinterface) {
2861     address bcp = bcs->bcp();
2862     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2863     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2864     // the difference between the size of the operand stack before and after the instruction
2865     // executes.
2866     if (*(bcp+3) != (nargs+1)) {
2867       verify_error(ErrorContext::bad_code(bci),
2868           "Inconsistent args count operand in invokeinterface");
2869       return;
2870     }
2871     if (*(bcp+4) != 0) {
2872       verify_error(ErrorContext::bad_code(bci),
2873           "Fourth operand byte of invokeinterface must be zero");
2874       return;
2875     }
2876   }
2877 
2878   if (opcode == Bytecodes::_invokedynamic) {
2879     address bcp = bcs->bcp();
2880     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2881       verify_error(ErrorContext::bad_code(bci),
2882           "Third and fourth operand bytes of invokedynamic must be zero");
2883       return;
2884     }
2885   }
2886 
2887   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2888     // Make sure <init> can only be invoked by invokespecial
2889     if (opcode != Bytecodes::_invokespecial ||
2890         method_name != vmSymbols::object_initializer_name()) {
2891       verify_error(ErrorContext::bad_code(bci),
2892           "Illegal call to internal method");
2893       return;
2894     }
2895   } else if (opcode == Bytecodes::_invokespecial
2896              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2897              && !ref_class_type.equals(VerificationType::reference_type(
2898                   current_class()->super()->name()))) {
2899     bool subtype = false;
2900     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2901     subtype = ref_class_type.is_assignable_from(
2902                current_type(), this, false, CHECK_VERIFY(this));
2903     if (!subtype) {
2904       verify_error(ErrorContext::bad_code(bci),
2905           "Bad invokespecial instruction: "
2906           "current class isn't assignable to reference class.");
2907        return;
2908     } else if (have_imr_indirect) {
2909       verify_error(ErrorContext::bad_code(bci),
2910           "Bad invokespecial instruction: "
2911           "interface method reference is in an indirect superinterface.");
2912       return;
2913     }
2914 
2915   }
2916 
2917   // Get the verification types for the method's arguments.
2918   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2919   assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2920   // Match method descriptor with operand stack
2921   // The arguments are on the stack in descending order.
2922   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2923     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2924   }
2925 
2926   // Check objectref on operand stack
2927   if (opcode != Bytecodes::_invokestatic &&
2928       opcode != Bytecodes::_invokedynamic) {
2929     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2930       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2931         code_length, in_try_block, this_uninit, cp, stackmap_table,
2932         CHECK_VERIFY(this));
2933       if (was_recursively_verified()) return;
2934     } else {   // other methods
2935       // Ensures that target class is assignable to method class.
2936       if (opcode == Bytecodes::_invokespecial) {
2937         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2938       } else if (opcode == Bytecodes::_invokevirtual) {
2939         VerificationType stack_object_type =
2940           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2941         if (current_type() != stack_object_type) {
2942           if (was_recursively_verified()) return;
2943           assert(cp->cache() == nullptr, "not rewritten yet");
2944           Symbol* ref_class_name =
2945             cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2946           // See the comments in verify_field_instructions() for
2947           // the rationale behind this.
2948           if (name_in_supers(ref_class_name, current_class())) {
2949             Klass* ref_class = load_class(ref_class_name, CHECK);
2950             if (is_protected_access(
2951                   _klass, ref_class, method_name, method_sig, true)) {
2952               // It's protected access, check if stack object is
2953               // assignable to current class.
2954               if (ref_class_type.name() == vmSymbols::java_lang_Object()
2955                   && stack_object_type.is_array()
2956                   && method_name == vmSymbols::clone_name()) {
2957                 // Special case: arrays pretend to implement public Object
2958                 // clone().
2959               } else {
2960                 bool is_assignable = current_type().is_assignable_from(
2961                   stack_object_type, this, true, CHECK_VERIFY(this));
2962                 if (!is_assignable) {
2963                   verify_error(ErrorContext::bad_type(bci,
2964                       current_frame->stack_top_ctx(),
2965                       TypeOrigin::implicit(current_type())),
2966                       "Bad access to protected data in invokevirtual");
2967                   return;
2968                 }
2969               }
2970             }
2971           }
2972         }
2973       } else {
2974         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2975         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2976       }
2977     }
2978   }
2979   // Push the result type.
2980   int sig_verif_types_len = sig_verif_types->length();
2981   if (sig_verif_types_len > nargs) {  // There's a return type
2982     if (method_name == vmSymbols::object_initializer_name()) {
2983       // <init> method must have a void return type
2984       /* Unreachable?  Class file parser verifies that methods with '<' have
2985        * void return */
2986       verify_error(ErrorContext::bad_code(bci),
2987           "Return type must be void in <init> method");
2988       return;
2989     }
2990 
2991     assert(sig_verif_types_len <= nargs + 2,
2992            "Signature verification types array return type is bogus");
2993     for (int i = nargs; i < sig_verif_types_len; i++) {
2994       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2995              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2996       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2997     }
2998   }
2999 }
3000 
3001 VerificationType ClassVerifier::get_newarray_type(
3002     u2 index, int bci, TRAPS) {
3003   const char* from_bt[] = {
3004     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3005   };
3006   if (index < T_BOOLEAN || index > T_LONG) {
3007     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3008     return VerificationType::bogus_type();
3009   }
3010 
3011   // from_bt[index] contains the array signature which has a length of 2
3012   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3013   return VerificationType::reference_type(sig);
3014 }
3015 
3016 void ClassVerifier::verify_anewarray(
3017     int bci, u2 index, const constantPoolHandle& cp,
3018     StackMapFrame* current_frame, TRAPS) {
3019   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3020   current_frame->pop_stack(
3021     VerificationType::integer_type(), CHECK_VERIFY(this));
3022 
3023   if (was_recursively_verified()) return;
3024   VerificationType component_type =
3025     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3026   int length;
3027   char* arr_sig_str;
3028   if (component_type.is_array()) {     // it's an array
3029     const char* component_name = component_type.name()->as_utf8();
3030     // Check for more than MAX_ARRAY_DIMENSIONS
3031     length = (int)strlen(component_name);
3032     if (length > MAX_ARRAY_DIMENSIONS &&
3033         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3034       verify_error(ErrorContext::bad_code(bci),
3035         "Illegal anewarray instruction, array has more than 255 dimensions");
3036     }
3037     // add one dimension to component
3038     length++;
3039     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3040     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3041                          JVM_SIGNATURE_ARRAY, component_name);
3042     assert(n == length, "Unexpected number of characters in string");
3043   } else {         // it's an object or interface
3044     const char* component_name = component_type.name()->as_utf8();
3045     // add one dimension to component with 'L' prepended and ';' postpended.
3046     length = (int)strlen(component_name) + 3;
3047     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3048     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3049                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3050     assert(n == length, "Unexpected number of characters in string");
3051   }
3052   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3053   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3054   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3055 }
3056 
3057 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3058   current_frame->get_local(
3059     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3060   current_frame->push_stack(
3061     VerificationType::integer_type(), CHECK_VERIFY(this));
3062 }
3063 
3064 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3065   current_frame->get_local_2(
3066     index, VerificationType::long_type(),
3067     VerificationType::long2_type(), CHECK_VERIFY(this));
3068   current_frame->push_stack_2(
3069     VerificationType::long_type(),
3070     VerificationType::long2_type(), CHECK_VERIFY(this));
3071 }
3072 
3073 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3074   current_frame->get_local(
3075     index, VerificationType::float_type(), CHECK_VERIFY(this));
3076   current_frame->push_stack(
3077     VerificationType::float_type(), CHECK_VERIFY(this));
3078 }
3079 
3080 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3081   current_frame->get_local_2(
3082     index, VerificationType::double_type(),
3083     VerificationType::double2_type(), CHECK_VERIFY(this));
3084   current_frame->push_stack_2(
3085     VerificationType::double_type(),
3086     VerificationType::double2_type(), CHECK_VERIFY(this));
3087 }
3088 
3089 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3090   VerificationType type = current_frame->get_local(
3091     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3092   current_frame->push_stack(type, CHECK_VERIFY(this));
3093 }
3094 
3095 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3096   current_frame->pop_stack(
3097     VerificationType::integer_type(), CHECK_VERIFY(this));
3098   current_frame->set_local(
3099     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3100 }
3101 
3102 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3103   current_frame->pop_stack_2(
3104     VerificationType::long2_type(),
3105     VerificationType::long_type(), CHECK_VERIFY(this));
3106   current_frame->set_local_2(
3107     index, VerificationType::long_type(),
3108     VerificationType::long2_type(), CHECK_VERIFY(this));
3109 }
3110 
3111 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3112   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3113   current_frame->set_local(
3114     index, VerificationType::float_type(), CHECK_VERIFY(this));
3115 }
3116 
3117 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3118   current_frame->pop_stack_2(
3119     VerificationType::double2_type(),
3120     VerificationType::double_type(), CHECK_VERIFY(this));
3121   current_frame->set_local_2(
3122     index, VerificationType::double_type(),
3123     VerificationType::double2_type(), CHECK_VERIFY(this));
3124 }
3125 
3126 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3127   VerificationType type = current_frame->pop_stack(
3128     VerificationType::reference_check(), CHECK_VERIFY(this));
3129   current_frame->set_local(index, type, CHECK_VERIFY(this));
3130 }
3131 
3132 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3133   VerificationType type = current_frame->get_local(
3134     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3135   current_frame->set_local(index, type, CHECK_VERIFY(this));
3136 }
3137 
3138 void ClassVerifier::verify_return_value(
3139     VerificationType return_type, VerificationType type, int bci,
3140     StackMapFrame* current_frame, TRAPS) {
3141   if (return_type == VerificationType::bogus_type()) {
3142     verify_error(ErrorContext::bad_type(bci,
3143         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3144         "Method does not expect a return value");
3145     return;
3146   }
3147   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3148   if (!match) {
3149     verify_error(ErrorContext::bad_type(bci,
3150         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3151         "Bad return type");
3152     return;
3153   }
3154 }
3155 
3156 // The verifier creates symbols which are substrings of Symbols.
3157 // These are stored in the verifier until the end of verification so that
3158 // they can be reference counted.
3159 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3160   // Quick deduplication check
3161   if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3162     return _previous_symbol;
3163   }
3164   Symbol* sym = SymbolTable::new_symbol(name, length);
3165   if (!sym->is_permanent()) {
3166     if (_symbols == nullptr) {
3167       _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3168     }
3169     _symbols->push(sym);
3170   }
3171   _previous_symbol = sym;
3172   return sym;
3173 }