1 /* 2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/classLoader.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/symbolTable.hpp" 33 #include "classfile/systemDictionary.hpp" 34 #include "classfile/verifier.hpp" 35 #include "classfile/vmClasses.hpp" 36 #include "classfile/vmSymbols.hpp" 37 #include "interpreter/bytecodes.hpp" 38 #include "interpreter/bytecodeStream.hpp" 39 #include "jvm.h" 40 #include "logging/log.hpp" 41 #include "logging/logStream.hpp" 42 #include "memory/oopFactory.hpp" 43 #include "memory/resourceArea.hpp" 44 #include "memory/universe.hpp" 45 #include "oops/constantPool.inline.hpp" 46 #include "oops/instanceKlass.inline.hpp" 47 #include "oops/klass.inline.hpp" 48 #include "oops/oop.inline.hpp" 49 #include "oops/typeArrayOop.hpp" 50 #include "runtime/arguments.hpp" 51 #include "runtime/fieldDescriptor.hpp" 52 #include "runtime/handles.inline.hpp" 53 #include "runtime/interfaceSupport.inline.hpp" 54 #include "runtime/javaCalls.hpp" 55 #include "runtime/javaThread.hpp" 56 #include "runtime/jniHandles.inline.hpp" 57 #include "runtime/os.hpp" 58 #include "runtime/safepointVerifiers.hpp" 59 #include "services/threadService.hpp" 60 #include "utilities/align.hpp" 61 #include "utilities/bytes.hpp" 62 63 #define NOFAILOVER_MAJOR_VERSION 51 64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 66 #define MAX_ARRAY_DIMENSIONS 255 67 68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 69 70 extern "C" { 71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 72 } 73 74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr; 75 76 static verify_byte_codes_fn_t verify_byte_codes_fn() { 77 78 if (_verify_byte_codes_fn != nullptr) 79 return _verify_byte_codes_fn; 80 81 MutexLocker locker(Verify_lock); 82 83 if (_verify_byte_codes_fn != nullptr) 84 return _verify_byte_codes_fn; 85 86 // Load verify dll 87 char buffer[JVM_MAXPATHLEN]; 88 char ebuf[1024]; 89 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 90 return nullptr; // Caller will throw VerifyError 91 92 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 93 if (lib_handle == nullptr) 94 return nullptr; // Caller will throw VerifyError 95 96 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 97 if (fn == nullptr) 98 return nullptr; // Caller will throw VerifyError 99 100 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 101 } 102 103 104 // Methods in Verifier 105 106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 107 return (class_loader == nullptr || !should_verify_class) ? 108 BytecodeVerificationLocal : BytecodeVerificationRemote; 109 } 110 111 bool Verifier::relax_access_for(oop loader) { 112 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 113 bool need_verify = 114 // verifyAll 115 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 116 // verifyRemote 117 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 118 return !need_verify; 119 } 120 121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 122 assert(verify_class != nullptr, "Unexpected null verify_class"); 123 ResourceMark rm; 124 Symbol* s = verify_class->source_file_name(); 125 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr); 126 const char* verify = verify_class->external_name(); 127 const char* resolve = resolve_class->external_name(); 128 // print in a single call to reduce interleaving between threads 129 if (source_file != nullptr) { 130 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 131 } else { 132 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 133 } 134 } 135 136 // Prints the end-verification message to the appropriate output. 137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 138 if (pending_exception != nullptr) { 139 st->print("Verification for %s has", klassName); 140 oop message = java_lang_Throwable::message(pending_exception); 141 if (message != nullptr) { 142 char* ex_msg = java_lang_String::as_utf8_string(message); 143 st->print_cr(" exception pending '%s %s'", 144 pending_exception->klass()->external_name(), ex_msg); 145 } else { 146 st->print_cr(" exception pending %s ", 147 pending_exception->klass()->external_name()); 148 } 149 } else if (exception_name != nullptr) { 150 st->print_cr("Verification for %s failed", klassName); 151 } 152 st->print_cr("End class verification for: %s", klassName); 153 } 154 155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 156 HandleMark hm(THREAD); 157 ResourceMark rm(THREAD); 158 159 // Eagerly allocate the identity hash code for a klass. This is a fallout 160 // from 6320749 and 8059924: hash code generator is not supposed to be called 161 // during the safepoint, but it allows to sneak the hashcode in during 162 // verification. Without this eager hashcode generation, we may end up 163 // installing the hashcode during some other operation, which may be at 164 // safepoint -- blowing up the checks. It was previously done as the side 165 // effect (sic!) for external_name(), but instead of doing that, we opt to 166 // explicitly push the hashcode in here. This is signify the following block 167 // is IMPORTANT: 168 if (klass->java_mirror() != nullptr) { 169 klass->java_mirror()->identity_hash(); 170 } 171 172 if (!is_eligible_for_verification(klass, should_verify_class)) { 173 return true; 174 } 175 176 // Timer includes any side effects of class verification (resolution, 177 // etc), but not recursive calls to Verifier::verify(). 178 JavaThread* jt = THREAD; 179 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 180 ClassLoader::perf_class_verify_selftime(), 181 ClassLoader::perf_classes_verified(), 182 jt->get_thread_stat()->perf_recursion_counts_addr(), 183 jt->get_thread_stat()->perf_timers_addr(), 184 PerfClassTraceTime::CLASS_VERIFY); 185 186 // If the class should be verified, first see if we can use the split 187 // verifier. If not, or if verification fails and can failover, then 188 // call the inference verifier. 189 Symbol* exception_name = nullptr; 190 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 191 char* message_buffer = nullptr; 192 char* exception_message = nullptr; 193 194 log_info(class, init)("Start class verification for: %s", klass->external_name()); 195 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 196 ClassVerifier split_verifier(jt, klass); 197 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 198 split_verifier.verify_class(THREAD); 199 exception_name = split_verifier.result(); 200 201 // If DumpSharedSpaces is set then don't fall back to the old verifier on 202 // verification failure. If a class fails verification with the split verifier, 203 // it might fail the CDS runtime verifier constraint check. In that case, we 204 // don't want to share the class. We only archive classes that pass the split 205 // verifier. 206 bool can_failover = !DumpSharedSpaces && 207 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 208 209 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 210 (exception_name == vmSymbols::java_lang_VerifyError() || 211 exception_name == vmSymbols::java_lang_ClassFormatError())) { 212 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 213 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 214 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 215 exception_message = message_buffer; 216 exception_name = inference_verify( 217 klass, message_buffer, message_buffer_len, THREAD); 218 } 219 if (exception_name != nullptr) { 220 exception_message = split_verifier.exception_message(); 221 } 222 } else { 223 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 224 exception_message = message_buffer; 225 exception_name = inference_verify( 226 klass, message_buffer, message_buffer_len, THREAD); 227 } 228 229 LogTarget(Info, class, init) lt1; 230 if (lt1.is_enabled()) { 231 LogStream ls(lt1); 232 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 233 } 234 LogTarget(Info, verification) lt2; 235 if (lt2.is_enabled()) { 236 LogStream ls(lt2); 237 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 238 } 239 240 if (HAS_PENDING_EXCEPTION) { 241 return false; // use the existing exception 242 } else if (exception_name == nullptr) { 243 return true; // verification succeeded 244 } else { // VerifyError or ClassFormatError to be created and thrown 245 Klass* kls = 246 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 247 if (log_is_enabled(Debug, class, resolve)) { 248 Verifier::trace_class_resolution(kls, klass); 249 } 250 251 while (kls != nullptr) { 252 if (kls == klass) { 253 // If the class being verified is the exception we're creating 254 // or one of it's superclasses, we're in trouble and are going 255 // to infinitely recurse when we try to initialize the exception. 256 // So bail out here by throwing the preallocated VM error. 257 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 258 } 259 kls = kls->super(); 260 } 261 if (message_buffer != nullptr) { 262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 263 } 264 assert(exception_message != nullptr, ""); 265 THROW_MSG_(exception_name, exception_message, false); 266 } 267 } 268 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 270 Symbol* name = klass->name(); 271 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass(); 272 273 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr && 274 klass->is_subtype_of(refl_serialization_ctor_klass); 275 276 return (should_verify_for(klass->class_loader(), should_verify_class) && 277 // return if the class is a bootstrapping class 278 // or defineClass specified not to verify by default (flags override passed arg) 279 // We need to skip the following four for bootstraping 280 name != vmSymbols::java_lang_Object() && 281 name != vmSymbols::java_lang_Class() && 282 name != vmSymbols::java_lang_String() && 283 name != vmSymbols::java_lang_Throwable() && 284 285 // Can not verify the bytecodes for shared classes because they have 286 // already been rewritten to contain constant pool cache indices, 287 // which the verifier can't understand. 288 // Shared classes shouldn't have stackmaps either. 289 // However, bytecodes for shared old classes can be verified because 290 // they have not been rewritten. 291 !(klass->is_shared() && klass->is_rewritten()) && 292 293 // As of the fix for 4486457 we disable verification for all of the 294 // dynamically-generated bytecodes associated with 295 // jdk/internal/reflect/SerializationConstructorAccessor. 296 (!is_reflect_accessor)); 297 } 298 299 Symbol* Verifier::inference_verify( 300 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 301 JavaThread* thread = THREAD; 302 303 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 304 305 if (verify_func == nullptr) { 306 jio_snprintf(message, message_len, "Could not link verifier"); 307 return vmSymbols::java_lang_VerifyError(); 308 } 309 310 ResourceMark rm(thread); 311 log_info(verification)("Verifying class %s with old format", klass->external_name()); 312 313 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 314 jint result; 315 316 { 317 HandleMark hm(thread); 318 ThreadToNativeFromVM ttn(thread); 319 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 320 // code knows that we have left the VM 321 JNIEnv *env = thread->jni_environment(); 322 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 323 } 324 325 JNIHandles::destroy_local(cls); 326 327 // These numbers are chosen so that VerifyClassCodes interface doesn't need 328 // to be changed (still return jboolean (unsigned char)), and result is 329 // 1 when verification is passed. 330 if (result == 0) { 331 return vmSymbols::java_lang_VerifyError(); 332 } else if (result == 1) { 333 return nullptr; // verified. 334 } else if (result == 2) { 335 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr); 336 } else if (result == 3) { 337 return vmSymbols::java_lang_ClassFormatError(); 338 } else { 339 ShouldNotReachHere(); 340 return nullptr; 341 } 342 } 343 344 TypeOrigin TypeOrigin::null() { 345 return TypeOrigin(); 346 } 347 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) { 348 assert(frame != nullptr, "Must have a frame"); 349 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 350 frame->local_at(index)); 351 } 352 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) { 353 assert(frame != nullptr, "Must have a frame"); 354 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 355 frame->stack_at(index)); 356 } 357 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) { 358 assert(frame != nullptr, "Must have a frame"); 359 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 360 frame->local_at(index)); 361 } 362 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) { 363 assert(frame != nullptr, "Must have a frame"); 364 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 365 frame->stack_at(index)); 366 } 367 TypeOrigin TypeOrigin::bad_index(int index) { 368 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type()); 369 } 370 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) { 371 return TypeOrigin(CONST_POOL, index, nullptr, vt); 372 } 373 TypeOrigin TypeOrigin::signature(VerificationType vt) { 374 return TypeOrigin(SIG, 0, nullptr, vt); 375 } 376 TypeOrigin TypeOrigin::implicit(VerificationType t) { 377 return TypeOrigin(IMPLICIT, 0, nullptr, t); 378 } 379 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 380 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 381 VerificationType::bogus_type()); 382 } 383 384 void TypeOrigin::reset_frame() { 385 if (_frame != nullptr) { 386 _frame->restore(); 387 } 388 } 389 390 void TypeOrigin::details(outputStream* ss) const { 391 _type.print_on(ss); 392 switch (_origin) { 393 case CF_LOCALS: 394 ss->print(" (current frame, locals[%d])", _index); 395 break; 396 case CF_STACK: 397 ss->print(" (current frame, stack[%d])", _index); 398 break; 399 case SM_LOCALS: 400 ss->print(" (stack map, locals[%d])", _index); 401 break; 402 case SM_STACK: 403 ss->print(" (stack map, stack[%d])", _index); 404 break; 405 case CONST_POOL: 406 ss->print(" (constant pool %d)", _index); 407 break; 408 case SIG: 409 ss->print(" (from method signature)"); 410 break; 411 case IMPLICIT: 412 case FRAME_ONLY: 413 case NONE: 414 default: 415 ; 416 } 417 } 418 419 #ifdef ASSERT 420 void TypeOrigin::print_on(outputStream* str) const { 421 str->print("{%d,%d,%p:", _origin, _index, _frame); 422 if (_frame != nullptr) { 423 _frame->print_on(str); 424 } else { 425 str->print("null"); 426 } 427 str->print(","); 428 _type.print_on(str); 429 str->print("}"); 430 } 431 #endif 432 433 void ErrorContext::details(outputStream* ss, const Method* method) const { 434 if (is_valid()) { 435 ss->cr(); 436 ss->print_cr("Exception Details:"); 437 location_details(ss, method); 438 reason_details(ss); 439 frame_details(ss); 440 bytecode_details(ss, method); 441 handler_details(ss, method); 442 stackmap_details(ss, method); 443 } 444 } 445 446 void ErrorContext::reason_details(outputStream* ss) const { 447 streamIndentor si(ss); 448 ss->indent().print_cr("Reason:"); 449 streamIndentor si2(ss); 450 ss->indent().print("%s", ""); 451 switch (_fault) { 452 case INVALID_BYTECODE: 453 ss->print("Error exists in the bytecode"); 454 break; 455 case WRONG_TYPE: 456 if (_expected.is_valid()) { 457 ss->print("Type "); 458 _type.details(ss); 459 ss->print(" is not assignable to "); 460 _expected.details(ss); 461 } else { 462 ss->print("Invalid type: "); 463 _type.details(ss); 464 } 465 break; 466 case FLAGS_MISMATCH: 467 if (_expected.is_valid()) { 468 ss->print("Current frame's flags are not assignable " 469 "to stack map frame's."); 470 } else { 471 ss->print("Current frame's flags are invalid in this context."); 472 } 473 break; 474 case BAD_CP_INDEX: 475 ss->print("Constant pool index %d is invalid", _type.index()); 476 break; 477 case BAD_LOCAL_INDEX: 478 ss->print("Local index %d is invalid", _type.index()); 479 break; 480 case LOCALS_SIZE_MISMATCH: 481 ss->print("Current frame's local size doesn't match stackmap."); 482 break; 483 case STACK_SIZE_MISMATCH: 484 ss->print("Current frame's stack size doesn't match stackmap."); 485 break; 486 case STACK_OVERFLOW: 487 ss->print("Exceeded max stack size."); 488 break; 489 case STACK_UNDERFLOW: 490 ss->print("Attempt to pop empty stack."); 491 break; 492 case MISSING_STACKMAP: 493 ss->print("Expected stackmap frame at this location."); 494 break; 495 case BAD_STACKMAP: 496 ss->print("Invalid stackmap specification."); 497 break; 498 case UNKNOWN: 499 default: 500 ShouldNotReachHere(); 501 ss->print_cr("Unknown"); 502 } 503 ss->cr(); 504 } 505 506 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 507 if (_bci != -1 && method != nullptr) { 508 streamIndentor si(ss); 509 const char* bytecode_name = "<invalid>"; 510 if (method->validate_bci(_bci) != -1) { 511 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 512 if (Bytecodes::is_defined(code)) { 513 bytecode_name = Bytecodes::name(code); 514 } else { 515 bytecode_name = "<illegal>"; 516 } 517 } 518 InstanceKlass* ik = method->method_holder(); 519 ss->indent().print_cr("Location:"); 520 streamIndentor si2(ss); 521 ss->indent().print_cr("%s.%s%s @%d: %s", 522 ik->name()->as_C_string(), method->name()->as_C_string(), 523 method->signature()->as_C_string(), _bci, bytecode_name); 524 } 525 } 526 527 void ErrorContext::frame_details(outputStream* ss) const { 528 streamIndentor si(ss); 529 if (_type.is_valid() && _type.frame() != nullptr) { 530 ss->indent().print_cr("Current Frame:"); 531 streamIndentor si2(ss); 532 _type.frame()->print_on(ss); 533 } 534 if (_expected.is_valid() && _expected.frame() != nullptr) { 535 ss->indent().print_cr("Stackmap Frame:"); 536 streamIndentor si2(ss); 537 _expected.frame()->print_on(ss); 538 } 539 } 540 541 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 542 if (method != nullptr) { 543 streamIndentor si(ss); 544 ss->indent().print_cr("Bytecode:"); 545 streamIndentor si2(ss); 546 ss->print_data(method->code_base(), method->code_size(), false); 547 } 548 } 549 550 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 551 if (method != nullptr) { 552 streamIndentor si(ss); 553 ExceptionTable table(method); 554 if (table.length() > 0) { 555 ss->indent().print_cr("Exception Handler Table:"); 556 streamIndentor si2(ss); 557 for (int i = 0; i < table.length(); ++i) { 558 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 559 table.end_pc(i), table.handler_pc(i)); 560 } 561 } 562 } 563 } 564 565 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 566 if (method != nullptr && method->has_stackmap_table()) { 567 streamIndentor si(ss); 568 ss->indent().print_cr("Stackmap Table:"); 569 Array<u1>* data = method->stackmap_data(); 570 stack_map_table* sm_table = 571 stack_map_table::at((address)data->adr_at(0)); 572 stack_map_frame* sm_frame = sm_table->entries(); 573 streamIndentor si2(ss); 574 int current_offset = -1; 575 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 576 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 577 ss->indent(); 578 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 579 sm_frame->print_truncated(ss, current_offset); 580 return; 581 } 582 sm_frame->print_on(ss, current_offset); 583 ss->cr(); 584 current_offset += sm_frame->offset_delta(); 585 sm_frame = sm_frame->next(); 586 } 587 } 588 } 589 590 // Methods in ClassVerifier 591 592 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 593 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr), 594 _message(nullptr), _klass(klass) { 595 _this_type = VerificationType::reference_type(klass->name()); 596 } 597 598 ClassVerifier::~ClassVerifier() { 599 // Decrement the reference count for any symbols created. 600 if (_symbols != nullptr) { 601 for (int i = 0; i < _symbols->length(); i++) { 602 Symbol* s = _symbols->at(i); 603 s->decrement_refcount(); 604 } 605 } 606 } 607 608 VerificationType ClassVerifier::object_type() const { 609 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 610 } 611 612 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 613 VerificationType vt = VerificationType::reference_type( 614 create_temporary_symbol(sig, (int)strlen(sig))); 615 return TypeOrigin::implicit(vt); 616 } 617 618 619 void ClassVerifier::verify_class(TRAPS) { 620 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 621 622 // Either verifying both local and remote classes or just remote classes. 623 assert(BytecodeVerificationRemote, "Should not be here"); 624 625 Array<Method*>* methods = _klass->methods(); 626 int num_methods = methods->length(); 627 628 for (int index = 0; index < num_methods; index++) { 629 // Check for recursive re-verification before each method. 630 if (was_recursively_verified()) return; 631 632 Method* m = methods->at(index); 633 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 634 // If m is native or abstract, skip it. It is checked in class file 635 // parser that methods do not override a final method. Overpass methods 636 // are trusted since the VM generates them. 637 continue; 638 } 639 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 640 } 641 642 if (was_recursively_verified()){ 643 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 644 log_info(class, init)("Recursive verification detected for: %s", 645 _klass->external_name()); 646 } 647 } 648 649 // Translate the signature entries into verification types and save them in 650 // the growable array. Also, save the count of arguments. 651 void ClassVerifier::translate_signature(Symbol* const method_sig, 652 sig_as_verification_types* sig_verif_types) { 653 SignatureStream sig_stream(method_sig); 654 VerificationType sig_type[2]; 655 int sig_i = 0; 656 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 657 658 // Translate the signature arguments into verification types. 659 while (!sig_stream.at_return_type()) { 660 int n = change_sig_to_verificationType(&sig_stream, sig_type); 661 assert(n <= 2, "Unexpected signature type"); 662 663 // Store verification type(s). Longs and Doubles each have two verificationTypes. 664 for (int x = 0; x < n; x++) { 665 verif_types->push(sig_type[x]); 666 } 667 sig_i += n; 668 sig_stream.next(); 669 } 670 671 // Set final arg count, not including the return type. The final arg count will 672 // be compared with sig_verify_types' length to see if there is a return type. 673 sig_verif_types->set_num_args(sig_i); 674 675 // Store verification type(s) for the return type, if there is one. 676 if (sig_stream.type() != T_VOID) { 677 int n = change_sig_to_verificationType(&sig_stream, sig_type); 678 assert(n <= 2, "Unexpected signature return type"); 679 for (int y = 0; y < n; y++) { 680 verif_types->push(sig_type[y]); 681 } 682 } 683 } 684 685 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 686 int sig_index) { 687 // Translate the signature into verification types. 688 ConstantPool* cp = _klass->constants(); 689 Symbol* const method_sig = cp->symbol_at(sig_index); 690 translate_signature(method_sig, sig_verif_types); 691 692 // Add the list of this signature's verification types to the table. 693 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 694 assert(is_unique, "Duplicate entries in method_signature_table"); 695 } 696 697 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 698 HandleMark hm(THREAD); 699 _method = m; // initialize _method 700 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 701 702 // For clang, the only good constant format string is a literal constant format string. 703 #define bad_type_msg "Bad type on operand stack in %s" 704 705 u2 max_stack = m->verifier_max_stack(); 706 u2 max_locals = m->max_locals(); 707 constantPoolHandle cp(THREAD, m->constants()); 708 709 // Method signature was checked in ClassFileParser. 710 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 711 "Invalid method signature"); 712 713 // Initial stack map frame: offset is 0, stack is initially empty. 714 StackMapFrame current_frame(max_locals, max_stack, this); 715 // Set initial locals 716 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 717 718 u2 stackmap_index = 0; // index to the stackmap array 719 720 u4 code_length = m->code_size(); 721 722 // Scan the bytecode and map each instruction's start offset to a number. 723 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 724 725 int ex_min = code_length; 726 int ex_max = -1; 727 // Look through each item on the exception table. Each of the fields must refer 728 // to a legal instruction. 729 if (was_recursively_verified()) return; 730 verify_exception_handler_table( 731 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 732 733 // Look through each entry on the local variable table and make sure 734 // its range of code array offsets is valid. (4169817) 735 if (m->has_localvariable_table()) { 736 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 737 } 738 739 Array<u1>* stackmap_data = m->stackmap_data(); 740 StackMapStream stream(stackmap_data); 741 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 742 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 743 code_data, code_length, CHECK_VERIFY(this)); 744 745 LogTarget(Debug, verification) lt; 746 if (lt.is_enabled()) { 747 ResourceMark rm(THREAD); 748 LogStream ls(lt); 749 stackmap_table.print_on(&ls); 750 } 751 752 RawBytecodeStream bcs(m); 753 754 // Scan the byte code linearly from the start to the end 755 bool no_control_flow = false; // Set to true when there is no direct control 756 // flow from current instruction to the next 757 // instruction in sequence 758 759 Bytecodes::Code opcode; 760 while (!bcs.is_last_bytecode()) { 761 // Check for recursive re-verification before each bytecode. 762 if (was_recursively_verified()) return; 763 764 opcode = bcs.raw_next(); 765 int bci = bcs.bci(); 766 767 // Set current frame's offset to bci 768 current_frame.set_offset(bci); 769 current_frame.set_mark(); 770 771 // Make sure every offset in stackmap table point to the beginning to 772 // an instruction. Match current_frame to stackmap_table entry with 773 // the same offset if exists. 774 stackmap_index = verify_stackmap_table( 775 stackmap_index, bci, ¤t_frame, &stackmap_table, 776 no_control_flow, CHECK_VERIFY(this)); 777 778 779 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 780 bool verified_exc_handlers = false; 781 782 // Merge with the next instruction 783 { 784 int target; 785 VerificationType type, type2; 786 VerificationType atype; 787 788 LogTarget(Debug, verification) lt; 789 if (lt.is_enabled()) { 790 ResourceMark rm(THREAD); 791 LogStream ls(lt); 792 current_frame.print_on(&ls); 793 lt.print("offset = %d, opcode = %s", bci, 794 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 795 } 796 797 // Make sure wide instruction is in correct format 798 if (bcs.is_wide()) { 799 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 800 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 801 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 802 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 803 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 804 opcode != Bytecodes::_dstore) { 805 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 806 * if we encounter a wide instruction that modifies an invalid 807 * opcode (not one of the ones listed above) */ 808 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 809 return; 810 } 811 } 812 813 // Look for possible jump target in exception handlers and see if it 814 // matches current_frame. Do this check here for astore*, dstore*, 815 // fstore*, istore*, and lstore* opcodes because they can change the type 816 // state by adding a local. JVM Spec says that the incoming type state 817 // should be used for this check. So, do the check here before a possible 818 // local is added to the type state. 819 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 820 if (was_recursively_verified()) return; 821 verify_exception_handler_targets( 822 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 823 verified_exc_handlers = true; 824 } 825 826 if (was_recursively_verified()) return; 827 828 switch (opcode) { 829 case Bytecodes::_nop : 830 no_control_flow = false; break; 831 case Bytecodes::_aconst_null : 832 current_frame.push_stack( 833 VerificationType::null_type(), CHECK_VERIFY(this)); 834 no_control_flow = false; break; 835 case Bytecodes::_iconst_m1 : 836 case Bytecodes::_iconst_0 : 837 case Bytecodes::_iconst_1 : 838 case Bytecodes::_iconst_2 : 839 case Bytecodes::_iconst_3 : 840 case Bytecodes::_iconst_4 : 841 case Bytecodes::_iconst_5 : 842 current_frame.push_stack( 843 VerificationType::integer_type(), CHECK_VERIFY(this)); 844 no_control_flow = false; break; 845 case Bytecodes::_lconst_0 : 846 case Bytecodes::_lconst_1 : 847 current_frame.push_stack_2( 848 VerificationType::long_type(), 849 VerificationType::long2_type(), CHECK_VERIFY(this)); 850 no_control_flow = false; break; 851 case Bytecodes::_fconst_0 : 852 case Bytecodes::_fconst_1 : 853 case Bytecodes::_fconst_2 : 854 current_frame.push_stack( 855 VerificationType::float_type(), CHECK_VERIFY(this)); 856 no_control_flow = false; break; 857 case Bytecodes::_dconst_0 : 858 case Bytecodes::_dconst_1 : 859 current_frame.push_stack_2( 860 VerificationType::double_type(), 861 VerificationType::double2_type(), CHECK_VERIFY(this)); 862 no_control_flow = false; break; 863 case Bytecodes::_sipush : 864 case Bytecodes::_bipush : 865 current_frame.push_stack( 866 VerificationType::integer_type(), CHECK_VERIFY(this)); 867 no_control_flow = false; break; 868 case Bytecodes::_ldc : 869 verify_ldc( 870 opcode, bcs.get_index_u1(), ¤t_frame, 871 cp, bci, CHECK_VERIFY(this)); 872 no_control_flow = false; break; 873 case Bytecodes::_ldc_w : 874 case Bytecodes::_ldc2_w : 875 verify_ldc( 876 opcode, bcs.get_index_u2(), ¤t_frame, 877 cp, bci, CHECK_VERIFY(this)); 878 no_control_flow = false; break; 879 case Bytecodes::_iload : 880 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 881 no_control_flow = false; break; 882 case Bytecodes::_iload_0 : 883 case Bytecodes::_iload_1 : 884 case Bytecodes::_iload_2 : 885 case Bytecodes::_iload_3 : { 886 int index = opcode - Bytecodes::_iload_0; 887 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 888 no_control_flow = false; break; 889 } 890 case Bytecodes::_lload : 891 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 892 no_control_flow = false; break; 893 case Bytecodes::_lload_0 : 894 case Bytecodes::_lload_1 : 895 case Bytecodes::_lload_2 : 896 case Bytecodes::_lload_3 : { 897 int index = opcode - Bytecodes::_lload_0; 898 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 } 901 case Bytecodes::_fload : 902 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 903 no_control_flow = false; break; 904 case Bytecodes::_fload_0 : 905 case Bytecodes::_fload_1 : 906 case Bytecodes::_fload_2 : 907 case Bytecodes::_fload_3 : { 908 int index = opcode - Bytecodes::_fload_0; 909 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 910 no_control_flow = false; break; 911 } 912 case Bytecodes::_dload : 913 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 914 no_control_flow = false; break; 915 case Bytecodes::_dload_0 : 916 case Bytecodes::_dload_1 : 917 case Bytecodes::_dload_2 : 918 case Bytecodes::_dload_3 : { 919 int index = opcode - Bytecodes::_dload_0; 920 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 921 no_control_flow = false; break; 922 } 923 case Bytecodes::_aload : 924 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 925 no_control_flow = false; break; 926 case Bytecodes::_aload_0 : 927 case Bytecodes::_aload_1 : 928 case Bytecodes::_aload_2 : 929 case Bytecodes::_aload_3 : { 930 int index = opcode - Bytecodes::_aload_0; 931 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 932 no_control_flow = false; break; 933 } 934 case Bytecodes::_iaload : 935 type = current_frame.pop_stack( 936 VerificationType::integer_type(), CHECK_VERIFY(this)); 937 atype = current_frame.pop_stack( 938 VerificationType::reference_check(), CHECK_VERIFY(this)); 939 if (!atype.is_int_array()) { 940 verify_error(ErrorContext::bad_type(bci, 941 current_frame.stack_top_ctx(), ref_ctx("[I")), 942 bad_type_msg, "iaload"); 943 return; 944 } 945 current_frame.push_stack( 946 VerificationType::integer_type(), CHECK_VERIFY(this)); 947 no_control_flow = false; break; 948 case Bytecodes::_baload : 949 type = current_frame.pop_stack( 950 VerificationType::integer_type(), CHECK_VERIFY(this)); 951 atype = current_frame.pop_stack( 952 VerificationType::reference_check(), CHECK_VERIFY(this)); 953 if (!atype.is_bool_array() && !atype.is_byte_array()) { 954 verify_error( 955 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 956 bad_type_msg, "baload"); 957 return; 958 } 959 current_frame.push_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 no_control_flow = false; break; 962 case Bytecodes::_caload : 963 type = current_frame.pop_stack( 964 VerificationType::integer_type(), CHECK_VERIFY(this)); 965 atype = current_frame.pop_stack( 966 VerificationType::reference_check(), CHECK_VERIFY(this)); 967 if (!atype.is_char_array()) { 968 verify_error(ErrorContext::bad_type(bci, 969 current_frame.stack_top_ctx(), ref_ctx("[C")), 970 bad_type_msg, "caload"); 971 return; 972 } 973 current_frame.push_stack( 974 VerificationType::integer_type(), CHECK_VERIFY(this)); 975 no_control_flow = false; break; 976 case Bytecodes::_saload : 977 type = current_frame.pop_stack( 978 VerificationType::integer_type(), CHECK_VERIFY(this)); 979 atype = current_frame.pop_stack( 980 VerificationType::reference_check(), CHECK_VERIFY(this)); 981 if (!atype.is_short_array()) { 982 verify_error(ErrorContext::bad_type(bci, 983 current_frame.stack_top_ctx(), ref_ctx("[S")), 984 bad_type_msg, "saload"); 985 return; 986 } 987 current_frame.push_stack( 988 VerificationType::integer_type(), CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_laload : 991 type = current_frame.pop_stack( 992 VerificationType::integer_type(), CHECK_VERIFY(this)); 993 atype = current_frame.pop_stack( 994 VerificationType::reference_check(), CHECK_VERIFY(this)); 995 if (!atype.is_long_array()) { 996 verify_error(ErrorContext::bad_type(bci, 997 current_frame.stack_top_ctx(), ref_ctx("[J")), 998 bad_type_msg, "laload"); 999 return; 1000 } 1001 current_frame.push_stack_2( 1002 VerificationType::long_type(), 1003 VerificationType::long2_type(), CHECK_VERIFY(this)); 1004 no_control_flow = false; break; 1005 case Bytecodes::_faload : 1006 type = current_frame.pop_stack( 1007 VerificationType::integer_type(), CHECK_VERIFY(this)); 1008 atype = current_frame.pop_stack( 1009 VerificationType::reference_check(), CHECK_VERIFY(this)); 1010 if (!atype.is_float_array()) { 1011 verify_error(ErrorContext::bad_type(bci, 1012 current_frame.stack_top_ctx(), ref_ctx("[F")), 1013 bad_type_msg, "faload"); 1014 return; 1015 } 1016 current_frame.push_stack( 1017 VerificationType::float_type(), CHECK_VERIFY(this)); 1018 no_control_flow = false; break; 1019 case Bytecodes::_daload : 1020 type = current_frame.pop_stack( 1021 VerificationType::integer_type(), CHECK_VERIFY(this)); 1022 atype = current_frame.pop_stack( 1023 VerificationType::reference_check(), CHECK_VERIFY(this)); 1024 if (!atype.is_double_array()) { 1025 verify_error(ErrorContext::bad_type(bci, 1026 current_frame.stack_top_ctx(), ref_ctx("[D")), 1027 bad_type_msg, "daload"); 1028 return; 1029 } 1030 current_frame.push_stack_2( 1031 VerificationType::double_type(), 1032 VerificationType::double2_type(), CHECK_VERIFY(this)); 1033 no_control_flow = false; break; 1034 case Bytecodes::_aaload : { 1035 type = current_frame.pop_stack( 1036 VerificationType::integer_type(), CHECK_VERIFY(this)); 1037 atype = current_frame.pop_stack( 1038 VerificationType::reference_check(), CHECK_VERIFY(this)); 1039 if (!atype.is_reference_array()) { 1040 verify_error(ErrorContext::bad_type(bci, 1041 current_frame.stack_top_ctx(), 1042 TypeOrigin::implicit(VerificationType::reference_check())), 1043 bad_type_msg, "aaload"); 1044 return; 1045 } 1046 if (atype.is_null()) { 1047 current_frame.push_stack( 1048 VerificationType::null_type(), CHECK_VERIFY(this)); 1049 } else { 1050 VerificationType component = atype.get_component(this); 1051 current_frame.push_stack(component, CHECK_VERIFY(this)); 1052 } 1053 no_control_flow = false; break; 1054 } 1055 case Bytecodes::_istore : 1056 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1057 no_control_flow = false; break; 1058 case Bytecodes::_istore_0 : 1059 case Bytecodes::_istore_1 : 1060 case Bytecodes::_istore_2 : 1061 case Bytecodes::_istore_3 : { 1062 int index = opcode - Bytecodes::_istore_0; 1063 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1064 no_control_flow = false; break; 1065 } 1066 case Bytecodes::_lstore : 1067 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1068 no_control_flow = false; break; 1069 case Bytecodes::_lstore_0 : 1070 case Bytecodes::_lstore_1 : 1071 case Bytecodes::_lstore_2 : 1072 case Bytecodes::_lstore_3 : { 1073 int index = opcode - Bytecodes::_lstore_0; 1074 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1075 no_control_flow = false; break; 1076 } 1077 case Bytecodes::_fstore : 1078 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1079 no_control_flow = false; break; 1080 case Bytecodes::_fstore_0 : 1081 case Bytecodes::_fstore_1 : 1082 case Bytecodes::_fstore_2 : 1083 case Bytecodes::_fstore_3 : { 1084 int index = opcode - Bytecodes::_fstore_0; 1085 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 } 1088 case Bytecodes::_dstore : 1089 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1090 no_control_flow = false; break; 1091 case Bytecodes::_dstore_0 : 1092 case Bytecodes::_dstore_1 : 1093 case Bytecodes::_dstore_2 : 1094 case Bytecodes::_dstore_3 : { 1095 int index = opcode - Bytecodes::_dstore_0; 1096 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1097 no_control_flow = false; break; 1098 } 1099 case Bytecodes::_astore : 1100 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1101 no_control_flow = false; break; 1102 case Bytecodes::_astore_0 : 1103 case Bytecodes::_astore_1 : 1104 case Bytecodes::_astore_2 : 1105 case Bytecodes::_astore_3 : { 1106 int index = opcode - Bytecodes::_astore_0; 1107 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1108 no_control_flow = false; break; 1109 } 1110 case Bytecodes::_iastore : 1111 type = current_frame.pop_stack( 1112 VerificationType::integer_type(), CHECK_VERIFY(this)); 1113 type2 = current_frame.pop_stack( 1114 VerificationType::integer_type(), CHECK_VERIFY(this)); 1115 atype = current_frame.pop_stack( 1116 VerificationType::reference_check(), CHECK_VERIFY(this)); 1117 if (!atype.is_int_array()) { 1118 verify_error(ErrorContext::bad_type(bci, 1119 current_frame.stack_top_ctx(), ref_ctx("[I")), 1120 bad_type_msg, "iastore"); 1121 return; 1122 } 1123 no_control_flow = false; break; 1124 case Bytecodes::_bastore : 1125 type = current_frame.pop_stack( 1126 VerificationType::integer_type(), CHECK_VERIFY(this)); 1127 type2 = current_frame.pop_stack( 1128 VerificationType::integer_type(), CHECK_VERIFY(this)); 1129 atype = current_frame.pop_stack( 1130 VerificationType::reference_check(), CHECK_VERIFY(this)); 1131 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1132 verify_error( 1133 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1134 bad_type_msg, "bastore"); 1135 return; 1136 } 1137 no_control_flow = false; break; 1138 case Bytecodes::_castore : 1139 current_frame.pop_stack( 1140 VerificationType::integer_type(), CHECK_VERIFY(this)); 1141 current_frame.pop_stack( 1142 VerificationType::integer_type(), CHECK_VERIFY(this)); 1143 atype = current_frame.pop_stack( 1144 VerificationType::reference_check(), CHECK_VERIFY(this)); 1145 if (!atype.is_char_array()) { 1146 verify_error(ErrorContext::bad_type(bci, 1147 current_frame.stack_top_ctx(), ref_ctx("[C")), 1148 bad_type_msg, "castore"); 1149 return; 1150 } 1151 no_control_flow = false; break; 1152 case Bytecodes::_sastore : 1153 current_frame.pop_stack( 1154 VerificationType::integer_type(), CHECK_VERIFY(this)); 1155 current_frame.pop_stack( 1156 VerificationType::integer_type(), CHECK_VERIFY(this)); 1157 atype = current_frame.pop_stack( 1158 VerificationType::reference_check(), CHECK_VERIFY(this)); 1159 if (!atype.is_short_array()) { 1160 verify_error(ErrorContext::bad_type(bci, 1161 current_frame.stack_top_ctx(), ref_ctx("[S")), 1162 bad_type_msg, "sastore"); 1163 return; 1164 } 1165 no_control_flow = false; break; 1166 case Bytecodes::_lastore : 1167 current_frame.pop_stack_2( 1168 VerificationType::long2_type(), 1169 VerificationType::long_type(), CHECK_VERIFY(this)); 1170 current_frame.pop_stack( 1171 VerificationType::integer_type(), CHECK_VERIFY(this)); 1172 atype = current_frame.pop_stack( 1173 VerificationType::reference_check(), CHECK_VERIFY(this)); 1174 if (!atype.is_long_array()) { 1175 verify_error(ErrorContext::bad_type(bci, 1176 current_frame.stack_top_ctx(), ref_ctx("[J")), 1177 bad_type_msg, "lastore"); 1178 return; 1179 } 1180 no_control_flow = false; break; 1181 case Bytecodes::_fastore : 1182 current_frame.pop_stack( 1183 VerificationType::float_type(), CHECK_VERIFY(this)); 1184 current_frame.pop_stack 1185 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1186 atype = current_frame.pop_stack( 1187 VerificationType::reference_check(), CHECK_VERIFY(this)); 1188 if (!atype.is_float_array()) { 1189 verify_error(ErrorContext::bad_type(bci, 1190 current_frame.stack_top_ctx(), ref_ctx("[F")), 1191 bad_type_msg, "fastore"); 1192 return; 1193 } 1194 no_control_flow = false; break; 1195 case Bytecodes::_dastore : 1196 current_frame.pop_stack_2( 1197 VerificationType::double2_type(), 1198 VerificationType::double_type(), CHECK_VERIFY(this)); 1199 current_frame.pop_stack( 1200 VerificationType::integer_type(), CHECK_VERIFY(this)); 1201 atype = current_frame.pop_stack( 1202 VerificationType::reference_check(), CHECK_VERIFY(this)); 1203 if (!atype.is_double_array()) { 1204 verify_error(ErrorContext::bad_type(bci, 1205 current_frame.stack_top_ctx(), ref_ctx("[D")), 1206 bad_type_msg, "dastore"); 1207 return; 1208 } 1209 no_control_flow = false; break; 1210 case Bytecodes::_aastore : 1211 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1212 type2 = current_frame.pop_stack( 1213 VerificationType::integer_type(), CHECK_VERIFY(this)); 1214 atype = current_frame.pop_stack( 1215 VerificationType::reference_check(), CHECK_VERIFY(this)); 1216 // more type-checking is done at runtime 1217 if (!atype.is_reference_array()) { 1218 verify_error(ErrorContext::bad_type(bci, 1219 current_frame.stack_top_ctx(), 1220 TypeOrigin::implicit(VerificationType::reference_check())), 1221 bad_type_msg, "aastore"); 1222 return; 1223 } 1224 // 4938384: relaxed constraint in JVMS 3rd edition. 1225 no_control_flow = false; break; 1226 case Bytecodes::_pop : 1227 current_frame.pop_stack( 1228 VerificationType::category1_check(), CHECK_VERIFY(this)); 1229 no_control_flow = false; break; 1230 case Bytecodes::_pop2 : 1231 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1232 if (type.is_category1()) { 1233 current_frame.pop_stack( 1234 VerificationType::category1_check(), CHECK_VERIFY(this)); 1235 } else if (type.is_category2_2nd()) { 1236 current_frame.pop_stack( 1237 VerificationType::category2_check(), CHECK_VERIFY(this)); 1238 } else { 1239 /* Unreachable? Would need a category2_1st on TOS 1240 * which does not appear possible. */ 1241 verify_error( 1242 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1243 bad_type_msg, "pop2"); 1244 return; 1245 } 1246 no_control_flow = false; break; 1247 case Bytecodes::_dup : 1248 type = current_frame.pop_stack( 1249 VerificationType::category1_check(), CHECK_VERIFY(this)); 1250 current_frame.push_stack(type, CHECK_VERIFY(this)); 1251 current_frame.push_stack(type, CHECK_VERIFY(this)); 1252 no_control_flow = false; break; 1253 case Bytecodes::_dup_x1 : 1254 type = current_frame.pop_stack( 1255 VerificationType::category1_check(), CHECK_VERIFY(this)); 1256 type2 = current_frame.pop_stack( 1257 VerificationType::category1_check(), CHECK_VERIFY(this)); 1258 current_frame.push_stack(type, CHECK_VERIFY(this)); 1259 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1260 current_frame.push_stack(type, CHECK_VERIFY(this)); 1261 no_control_flow = false; break; 1262 case Bytecodes::_dup_x2 : 1263 { 1264 VerificationType type3; 1265 type = current_frame.pop_stack( 1266 VerificationType::category1_check(), CHECK_VERIFY(this)); 1267 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1268 if (type2.is_category1()) { 1269 type3 = current_frame.pop_stack( 1270 VerificationType::category1_check(), CHECK_VERIFY(this)); 1271 } else if (type2.is_category2_2nd()) { 1272 type3 = current_frame.pop_stack( 1273 VerificationType::category2_check(), CHECK_VERIFY(this)); 1274 } else { 1275 /* Unreachable? Would need a category2_1st at stack depth 2 with 1276 * a category1 on TOS which does not appear possible. */ 1277 verify_error(ErrorContext::bad_type( 1278 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1279 return; 1280 } 1281 current_frame.push_stack(type, CHECK_VERIFY(this)); 1282 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1283 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1284 current_frame.push_stack(type, CHECK_VERIFY(this)); 1285 no_control_flow = false; break; 1286 } 1287 case Bytecodes::_dup2 : 1288 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1289 if (type.is_category1()) { 1290 type2 = current_frame.pop_stack( 1291 VerificationType::category1_check(), CHECK_VERIFY(this)); 1292 } else if (type.is_category2_2nd()) { 1293 type2 = current_frame.pop_stack( 1294 VerificationType::category2_check(), CHECK_VERIFY(this)); 1295 } else { 1296 /* Unreachable? Would need a category2_1st on TOS which does not 1297 * appear possible. */ 1298 verify_error( 1299 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1300 bad_type_msg, "dup2"); 1301 return; 1302 } 1303 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1304 current_frame.push_stack(type, CHECK_VERIFY(this)); 1305 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1306 current_frame.push_stack(type, CHECK_VERIFY(this)); 1307 no_control_flow = false; break; 1308 case Bytecodes::_dup2_x1 : 1309 { 1310 VerificationType type3; 1311 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1312 if (type.is_category1()) { 1313 type2 = current_frame.pop_stack( 1314 VerificationType::category1_check(), CHECK_VERIFY(this)); 1315 } else if (type.is_category2_2nd()) { 1316 type2 = current_frame.pop_stack( 1317 VerificationType::category2_check(), CHECK_VERIFY(this)); 1318 } else { 1319 /* Unreachable? Would need a category2_1st on TOS which does 1320 * not appear possible. */ 1321 verify_error( 1322 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1323 bad_type_msg, "dup2_x1"); 1324 return; 1325 } 1326 type3 = current_frame.pop_stack( 1327 VerificationType::category1_check(), CHECK_VERIFY(this)); 1328 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1329 current_frame.push_stack(type, CHECK_VERIFY(this)); 1330 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1331 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1332 current_frame.push_stack(type, CHECK_VERIFY(this)); 1333 no_control_flow = false; break; 1334 } 1335 case Bytecodes::_dup2_x2 : 1336 { 1337 VerificationType type3, type4; 1338 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1339 if (type.is_category1()) { 1340 type2 = current_frame.pop_stack( 1341 VerificationType::category1_check(), CHECK_VERIFY(this)); 1342 } else if (type.is_category2_2nd()) { 1343 type2 = current_frame.pop_stack( 1344 VerificationType::category2_check(), CHECK_VERIFY(this)); 1345 } else { 1346 /* Unreachable? Would need a category2_1st on TOS which does 1347 * not appear possible. */ 1348 verify_error( 1349 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1350 bad_type_msg, "dup2_x2"); 1351 return; 1352 } 1353 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1354 if (type3.is_category1()) { 1355 type4 = current_frame.pop_stack( 1356 VerificationType::category1_check(), CHECK_VERIFY(this)); 1357 } else if (type3.is_category2_2nd()) { 1358 type4 = current_frame.pop_stack( 1359 VerificationType::category2_check(), CHECK_VERIFY(this)); 1360 } else { 1361 /* Unreachable? Would need a category2_1st on TOS after popping 1362 * a long/double or two category 1's, which does not 1363 * appear possible. */ 1364 verify_error( 1365 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1366 bad_type_msg, "dup2_x2"); 1367 return; 1368 } 1369 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1370 current_frame.push_stack(type, CHECK_VERIFY(this)); 1371 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1372 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1373 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1374 current_frame.push_stack(type, CHECK_VERIFY(this)); 1375 no_control_flow = false; break; 1376 } 1377 case Bytecodes::_swap : 1378 type = current_frame.pop_stack( 1379 VerificationType::category1_check(), CHECK_VERIFY(this)); 1380 type2 = current_frame.pop_stack( 1381 VerificationType::category1_check(), CHECK_VERIFY(this)); 1382 current_frame.push_stack(type, CHECK_VERIFY(this)); 1383 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1384 no_control_flow = false; break; 1385 case Bytecodes::_iadd : 1386 case Bytecodes::_isub : 1387 case Bytecodes::_imul : 1388 case Bytecodes::_idiv : 1389 case Bytecodes::_irem : 1390 case Bytecodes::_ishl : 1391 case Bytecodes::_ishr : 1392 case Bytecodes::_iushr : 1393 case Bytecodes::_ior : 1394 case Bytecodes::_ixor : 1395 case Bytecodes::_iand : 1396 current_frame.pop_stack( 1397 VerificationType::integer_type(), CHECK_VERIFY(this)); 1398 // fall through 1399 case Bytecodes::_ineg : 1400 current_frame.pop_stack( 1401 VerificationType::integer_type(), CHECK_VERIFY(this)); 1402 current_frame.push_stack( 1403 VerificationType::integer_type(), CHECK_VERIFY(this)); 1404 no_control_flow = false; break; 1405 case Bytecodes::_ladd : 1406 case Bytecodes::_lsub : 1407 case Bytecodes::_lmul : 1408 case Bytecodes::_ldiv : 1409 case Bytecodes::_lrem : 1410 case Bytecodes::_land : 1411 case Bytecodes::_lor : 1412 case Bytecodes::_lxor : 1413 current_frame.pop_stack_2( 1414 VerificationType::long2_type(), 1415 VerificationType::long_type(), CHECK_VERIFY(this)); 1416 // fall through 1417 case Bytecodes::_lneg : 1418 current_frame.pop_stack_2( 1419 VerificationType::long2_type(), 1420 VerificationType::long_type(), CHECK_VERIFY(this)); 1421 current_frame.push_stack_2( 1422 VerificationType::long_type(), 1423 VerificationType::long2_type(), CHECK_VERIFY(this)); 1424 no_control_flow = false; break; 1425 case Bytecodes::_lshl : 1426 case Bytecodes::_lshr : 1427 case Bytecodes::_lushr : 1428 current_frame.pop_stack( 1429 VerificationType::integer_type(), CHECK_VERIFY(this)); 1430 current_frame.pop_stack_2( 1431 VerificationType::long2_type(), 1432 VerificationType::long_type(), CHECK_VERIFY(this)); 1433 current_frame.push_stack_2( 1434 VerificationType::long_type(), 1435 VerificationType::long2_type(), CHECK_VERIFY(this)); 1436 no_control_flow = false; break; 1437 case Bytecodes::_fadd : 1438 case Bytecodes::_fsub : 1439 case Bytecodes::_fmul : 1440 case Bytecodes::_fdiv : 1441 case Bytecodes::_frem : 1442 current_frame.pop_stack( 1443 VerificationType::float_type(), CHECK_VERIFY(this)); 1444 // fall through 1445 case Bytecodes::_fneg : 1446 current_frame.pop_stack( 1447 VerificationType::float_type(), CHECK_VERIFY(this)); 1448 current_frame.push_stack( 1449 VerificationType::float_type(), CHECK_VERIFY(this)); 1450 no_control_flow = false; break; 1451 case Bytecodes::_dadd : 1452 case Bytecodes::_dsub : 1453 case Bytecodes::_dmul : 1454 case Bytecodes::_ddiv : 1455 case Bytecodes::_drem : 1456 current_frame.pop_stack_2( 1457 VerificationType::double2_type(), 1458 VerificationType::double_type(), CHECK_VERIFY(this)); 1459 // fall through 1460 case Bytecodes::_dneg : 1461 current_frame.pop_stack_2( 1462 VerificationType::double2_type(), 1463 VerificationType::double_type(), CHECK_VERIFY(this)); 1464 current_frame.push_stack_2( 1465 VerificationType::double_type(), 1466 VerificationType::double2_type(), CHECK_VERIFY(this)); 1467 no_control_flow = false; break; 1468 case Bytecodes::_iinc : 1469 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1470 no_control_flow = false; break; 1471 case Bytecodes::_i2l : 1472 type = current_frame.pop_stack( 1473 VerificationType::integer_type(), CHECK_VERIFY(this)); 1474 current_frame.push_stack_2( 1475 VerificationType::long_type(), 1476 VerificationType::long2_type(), CHECK_VERIFY(this)); 1477 no_control_flow = false; break; 1478 case Bytecodes::_l2i : 1479 current_frame.pop_stack_2( 1480 VerificationType::long2_type(), 1481 VerificationType::long_type(), CHECK_VERIFY(this)); 1482 current_frame.push_stack( 1483 VerificationType::integer_type(), CHECK_VERIFY(this)); 1484 no_control_flow = false; break; 1485 case Bytecodes::_i2f : 1486 current_frame.pop_stack( 1487 VerificationType::integer_type(), CHECK_VERIFY(this)); 1488 current_frame.push_stack( 1489 VerificationType::float_type(), CHECK_VERIFY(this)); 1490 no_control_flow = false; break; 1491 case Bytecodes::_i2d : 1492 current_frame.pop_stack( 1493 VerificationType::integer_type(), CHECK_VERIFY(this)); 1494 current_frame.push_stack_2( 1495 VerificationType::double_type(), 1496 VerificationType::double2_type(), CHECK_VERIFY(this)); 1497 no_control_flow = false; break; 1498 case Bytecodes::_l2f : 1499 current_frame.pop_stack_2( 1500 VerificationType::long2_type(), 1501 VerificationType::long_type(), CHECK_VERIFY(this)); 1502 current_frame.push_stack( 1503 VerificationType::float_type(), CHECK_VERIFY(this)); 1504 no_control_flow = false; break; 1505 case Bytecodes::_l2d : 1506 current_frame.pop_stack_2( 1507 VerificationType::long2_type(), 1508 VerificationType::long_type(), CHECK_VERIFY(this)); 1509 current_frame.push_stack_2( 1510 VerificationType::double_type(), 1511 VerificationType::double2_type(), CHECK_VERIFY(this)); 1512 no_control_flow = false; break; 1513 case Bytecodes::_f2i : 1514 current_frame.pop_stack( 1515 VerificationType::float_type(), CHECK_VERIFY(this)); 1516 current_frame.push_stack( 1517 VerificationType::integer_type(), CHECK_VERIFY(this)); 1518 no_control_flow = false; break; 1519 case Bytecodes::_f2l : 1520 current_frame.pop_stack( 1521 VerificationType::float_type(), CHECK_VERIFY(this)); 1522 current_frame.push_stack_2( 1523 VerificationType::long_type(), 1524 VerificationType::long2_type(), CHECK_VERIFY(this)); 1525 no_control_flow = false; break; 1526 case Bytecodes::_f2d : 1527 current_frame.pop_stack( 1528 VerificationType::float_type(), CHECK_VERIFY(this)); 1529 current_frame.push_stack_2( 1530 VerificationType::double_type(), 1531 VerificationType::double2_type(), CHECK_VERIFY(this)); 1532 no_control_flow = false; break; 1533 case Bytecodes::_d2i : 1534 current_frame.pop_stack_2( 1535 VerificationType::double2_type(), 1536 VerificationType::double_type(), CHECK_VERIFY(this)); 1537 current_frame.push_stack( 1538 VerificationType::integer_type(), CHECK_VERIFY(this)); 1539 no_control_flow = false; break; 1540 case Bytecodes::_d2l : 1541 current_frame.pop_stack_2( 1542 VerificationType::double2_type(), 1543 VerificationType::double_type(), CHECK_VERIFY(this)); 1544 current_frame.push_stack_2( 1545 VerificationType::long_type(), 1546 VerificationType::long2_type(), CHECK_VERIFY(this)); 1547 no_control_flow = false; break; 1548 case Bytecodes::_d2f : 1549 current_frame.pop_stack_2( 1550 VerificationType::double2_type(), 1551 VerificationType::double_type(), CHECK_VERIFY(this)); 1552 current_frame.push_stack( 1553 VerificationType::float_type(), CHECK_VERIFY(this)); 1554 no_control_flow = false; break; 1555 case Bytecodes::_i2b : 1556 case Bytecodes::_i2c : 1557 case Bytecodes::_i2s : 1558 current_frame.pop_stack( 1559 VerificationType::integer_type(), CHECK_VERIFY(this)); 1560 current_frame.push_stack( 1561 VerificationType::integer_type(), CHECK_VERIFY(this)); 1562 no_control_flow = false; break; 1563 case Bytecodes::_lcmp : 1564 current_frame.pop_stack_2( 1565 VerificationType::long2_type(), 1566 VerificationType::long_type(), CHECK_VERIFY(this)); 1567 current_frame.pop_stack_2( 1568 VerificationType::long2_type(), 1569 VerificationType::long_type(), CHECK_VERIFY(this)); 1570 current_frame.push_stack( 1571 VerificationType::integer_type(), CHECK_VERIFY(this)); 1572 no_control_flow = false; break; 1573 case Bytecodes::_fcmpl : 1574 case Bytecodes::_fcmpg : 1575 current_frame.pop_stack( 1576 VerificationType::float_type(), CHECK_VERIFY(this)); 1577 current_frame.pop_stack( 1578 VerificationType::float_type(), CHECK_VERIFY(this)); 1579 current_frame.push_stack( 1580 VerificationType::integer_type(), CHECK_VERIFY(this)); 1581 no_control_flow = false; break; 1582 case Bytecodes::_dcmpl : 1583 case Bytecodes::_dcmpg : 1584 current_frame.pop_stack_2( 1585 VerificationType::double2_type(), 1586 VerificationType::double_type(), CHECK_VERIFY(this)); 1587 current_frame.pop_stack_2( 1588 VerificationType::double2_type(), 1589 VerificationType::double_type(), CHECK_VERIFY(this)); 1590 current_frame.push_stack( 1591 VerificationType::integer_type(), CHECK_VERIFY(this)); 1592 no_control_flow = false; break; 1593 case Bytecodes::_if_icmpeq: 1594 case Bytecodes::_if_icmpne: 1595 case Bytecodes::_if_icmplt: 1596 case Bytecodes::_if_icmpge: 1597 case Bytecodes::_if_icmpgt: 1598 case Bytecodes::_if_icmple: 1599 current_frame.pop_stack( 1600 VerificationType::integer_type(), CHECK_VERIFY(this)); 1601 // fall through 1602 case Bytecodes::_ifeq: 1603 case Bytecodes::_ifne: 1604 case Bytecodes::_iflt: 1605 case Bytecodes::_ifge: 1606 case Bytecodes::_ifgt: 1607 case Bytecodes::_ifle: 1608 current_frame.pop_stack( 1609 VerificationType::integer_type(), CHECK_VERIFY(this)); 1610 target = bcs.dest(); 1611 stackmap_table.check_jump_target( 1612 ¤t_frame, target, CHECK_VERIFY(this)); 1613 no_control_flow = false; break; 1614 case Bytecodes::_if_acmpeq : 1615 case Bytecodes::_if_acmpne : 1616 current_frame.pop_stack( 1617 VerificationType::reference_check(), CHECK_VERIFY(this)); 1618 // fall through 1619 case Bytecodes::_ifnull : 1620 case Bytecodes::_ifnonnull : 1621 current_frame.pop_stack( 1622 VerificationType::reference_check(), CHECK_VERIFY(this)); 1623 target = bcs.dest(); 1624 stackmap_table.check_jump_target 1625 (¤t_frame, target, CHECK_VERIFY(this)); 1626 no_control_flow = false; break; 1627 case Bytecodes::_goto : 1628 target = bcs.dest(); 1629 stackmap_table.check_jump_target( 1630 ¤t_frame, target, CHECK_VERIFY(this)); 1631 no_control_flow = true; break; 1632 case Bytecodes::_goto_w : 1633 target = bcs.dest_w(); 1634 stackmap_table.check_jump_target( 1635 ¤t_frame, target, CHECK_VERIFY(this)); 1636 no_control_flow = true; break; 1637 case Bytecodes::_tableswitch : 1638 case Bytecodes::_lookupswitch : 1639 verify_switch( 1640 &bcs, code_length, code_data, ¤t_frame, 1641 &stackmap_table, CHECK_VERIFY(this)); 1642 no_control_flow = true; break; 1643 case Bytecodes::_ireturn : 1644 type = current_frame.pop_stack( 1645 VerificationType::integer_type(), CHECK_VERIFY(this)); 1646 verify_return_value(return_type, type, bci, 1647 ¤t_frame, CHECK_VERIFY(this)); 1648 no_control_flow = true; break; 1649 case Bytecodes::_lreturn : 1650 type2 = current_frame.pop_stack( 1651 VerificationType::long2_type(), CHECK_VERIFY(this)); 1652 type = current_frame.pop_stack( 1653 VerificationType::long_type(), CHECK_VERIFY(this)); 1654 verify_return_value(return_type, type, bci, 1655 ¤t_frame, CHECK_VERIFY(this)); 1656 no_control_flow = true; break; 1657 case Bytecodes::_freturn : 1658 type = current_frame.pop_stack( 1659 VerificationType::float_type(), CHECK_VERIFY(this)); 1660 verify_return_value(return_type, type, bci, 1661 ¤t_frame, CHECK_VERIFY(this)); 1662 no_control_flow = true; break; 1663 case Bytecodes::_dreturn : 1664 type2 = current_frame.pop_stack( 1665 VerificationType::double2_type(), CHECK_VERIFY(this)); 1666 type = current_frame.pop_stack( 1667 VerificationType::double_type(), CHECK_VERIFY(this)); 1668 verify_return_value(return_type, type, bci, 1669 ¤t_frame, CHECK_VERIFY(this)); 1670 no_control_flow = true; break; 1671 case Bytecodes::_areturn : 1672 type = current_frame.pop_stack( 1673 VerificationType::reference_check(), CHECK_VERIFY(this)); 1674 verify_return_value(return_type, type, bci, 1675 ¤t_frame, CHECK_VERIFY(this)); 1676 no_control_flow = true; break; 1677 case Bytecodes::_return : 1678 if (return_type != VerificationType::bogus_type()) { 1679 verify_error(ErrorContext::bad_code(bci), 1680 "Method expects a return value"); 1681 return; 1682 } 1683 // Make sure "this" has been initialized if current method is an 1684 // <init>. 1685 if (_method->name() == vmSymbols::object_initializer_name() && 1686 current_frame.flag_this_uninit()) { 1687 verify_error(ErrorContext::bad_code(bci), 1688 "Constructor must call super() or this() " 1689 "before return"); 1690 return; 1691 } 1692 no_control_flow = true; break; 1693 case Bytecodes::_getstatic : 1694 case Bytecodes::_putstatic : 1695 // pass TRUE, operand can be an array type for getstatic/putstatic. 1696 verify_field_instructions( 1697 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1698 no_control_flow = false; break; 1699 case Bytecodes::_getfield : 1700 case Bytecodes::_putfield : 1701 // pass FALSE, operand can't be an array type for getfield/putfield. 1702 verify_field_instructions( 1703 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1704 no_control_flow = false; break; 1705 case Bytecodes::_invokevirtual : 1706 case Bytecodes::_invokespecial : 1707 case Bytecodes::_invokestatic : 1708 verify_invoke_instructions( 1709 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1710 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1711 no_control_flow = false; break; 1712 case Bytecodes::_invokeinterface : 1713 case Bytecodes::_invokedynamic : 1714 verify_invoke_instructions( 1715 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1716 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1717 no_control_flow = false; break; 1718 case Bytecodes::_new : 1719 { 1720 u2 index = bcs.get_index_u2(); 1721 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1722 VerificationType new_class_type = 1723 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1724 if (!new_class_type.is_object()) { 1725 verify_error(ErrorContext::bad_type(bci, 1726 TypeOrigin::cp(index, new_class_type)), 1727 "Illegal new instruction"); 1728 return; 1729 } 1730 type = VerificationType::uninitialized_type(checked_cast<u2>(bci)); 1731 current_frame.push_stack(type, CHECK_VERIFY(this)); 1732 no_control_flow = false; break; 1733 } 1734 case Bytecodes::_newarray : 1735 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1736 current_frame.pop_stack( 1737 VerificationType::integer_type(), CHECK_VERIFY(this)); 1738 current_frame.push_stack(type, CHECK_VERIFY(this)); 1739 no_control_flow = false; break; 1740 case Bytecodes::_anewarray : 1741 verify_anewarray( 1742 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1743 no_control_flow = false; break; 1744 case Bytecodes::_arraylength : 1745 type = current_frame.pop_stack( 1746 VerificationType::reference_check(), CHECK_VERIFY(this)); 1747 if (!(type.is_null() || type.is_array())) { 1748 verify_error(ErrorContext::bad_type( 1749 bci, current_frame.stack_top_ctx()), 1750 bad_type_msg, "arraylength"); 1751 } 1752 current_frame.push_stack( 1753 VerificationType::integer_type(), CHECK_VERIFY(this)); 1754 no_control_flow = false; break; 1755 case Bytecodes::_checkcast : 1756 { 1757 u2 index = bcs.get_index_u2(); 1758 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1759 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1760 VerificationType klass_type = cp_index_to_type( 1761 index, cp, CHECK_VERIFY(this)); 1762 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1763 no_control_flow = false; break; 1764 } 1765 case Bytecodes::_instanceof : { 1766 u2 index = bcs.get_index_u2(); 1767 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1768 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1769 current_frame.push_stack( 1770 VerificationType::integer_type(), CHECK_VERIFY(this)); 1771 no_control_flow = false; break; 1772 } 1773 case Bytecodes::_monitorenter : 1774 case Bytecodes::_monitorexit : 1775 current_frame.pop_stack( 1776 VerificationType::reference_check(), CHECK_VERIFY(this)); 1777 no_control_flow = false; break; 1778 case Bytecodes::_multianewarray : 1779 { 1780 u2 index = bcs.get_index_u2(); 1781 u2 dim = *(bcs.bcp()+3); 1782 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1783 VerificationType new_array_type = 1784 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1785 if (!new_array_type.is_array()) { 1786 verify_error(ErrorContext::bad_type(bci, 1787 TypeOrigin::cp(index, new_array_type)), 1788 "Illegal constant pool index in multianewarray instruction"); 1789 return; 1790 } 1791 if (dim < 1 || new_array_type.dimensions() < dim) { 1792 verify_error(ErrorContext::bad_code(bci), 1793 "Illegal dimension in multianewarray instruction: %d", dim); 1794 return; 1795 } 1796 for (int i = 0; i < dim; i++) { 1797 current_frame.pop_stack( 1798 VerificationType::integer_type(), CHECK_VERIFY(this)); 1799 } 1800 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1801 no_control_flow = false; break; 1802 } 1803 case Bytecodes::_athrow : 1804 type = VerificationType::reference_type( 1805 vmSymbols::java_lang_Throwable()); 1806 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1807 no_control_flow = true; break; 1808 default: 1809 // We only need to check the valid bytecodes in class file. 1810 // And jsr and ret are not in the new class file format in JDK1.6. 1811 verify_error(ErrorContext::bad_code(bci), 1812 "Bad instruction: %02x", opcode); 1813 no_control_flow = false; 1814 return; 1815 } // end switch 1816 } // end Merge with the next instruction 1817 1818 // Look for possible jump target in exception handlers and see if it matches 1819 // current_frame. Don't do this check if it has already been done (for 1820 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1821 // opcodes, such as invokespecial, may set the this_uninit flag. 1822 assert(!(verified_exc_handlers && this_uninit), 1823 "Exception handler targets got verified before this_uninit got set"); 1824 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1825 if (was_recursively_verified()) return; 1826 verify_exception_handler_targets( 1827 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1828 } 1829 } // end while 1830 1831 // Make sure that control flow does not fall through end of the method 1832 if (!no_control_flow) { 1833 verify_error(ErrorContext::bad_code(code_length), 1834 "Control flow falls through code end"); 1835 return; 1836 } 1837 } 1838 1839 #undef bad_type_message 1840 1841 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1842 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1843 memset(code_data, 0, sizeof(char) * code_length); 1844 RawBytecodeStream bcs(m); 1845 1846 while (!bcs.is_last_bytecode()) { 1847 if (bcs.raw_next() != Bytecodes::_illegal) { 1848 int bci = bcs.bci(); 1849 if (bcs.raw_code() == Bytecodes::_new) { 1850 code_data[bci] = NEW_OFFSET; 1851 } else { 1852 code_data[bci] = BYTECODE_OFFSET; 1853 } 1854 } else { 1855 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1856 return nullptr; 1857 } 1858 } 1859 1860 return code_data; 1861 } 1862 1863 // Since this method references the constant pool, call was_recursively_verified() 1864 // before calling this method to make sure a prior class load did not cause the 1865 // current class to get verified. 1866 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1867 ExceptionTable exhandlers(_method()); 1868 int exlength = exhandlers.length(); 1869 constantPoolHandle cp (THREAD, _method->constants()); 1870 1871 for(int i = 0; i < exlength; i++) { 1872 u2 start_pc = exhandlers.start_pc(i); 1873 u2 end_pc = exhandlers.end_pc(i); 1874 u2 handler_pc = exhandlers.handler_pc(i); 1875 if (start_pc >= code_length || code_data[start_pc] == 0) { 1876 class_format_error("Illegal exception table start_pc %d", start_pc); 1877 return; 1878 } 1879 if (end_pc != code_length) { // special case: end_pc == code_length 1880 if (end_pc > code_length || code_data[end_pc] == 0) { 1881 class_format_error("Illegal exception table end_pc %d", end_pc); 1882 return; 1883 } 1884 } 1885 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1886 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1887 return; 1888 } 1889 u2 catch_type_index = exhandlers.catch_type_index(i); 1890 if (catch_type_index != 0) { 1891 VerificationType catch_type = cp_index_to_type( 1892 catch_type_index, cp, CHECK_VERIFY(this)); 1893 VerificationType throwable = 1894 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1895 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1896 // do that, and we need to avoid a runtime resolution in case we are trying to 1897 // catch OutOfMemoryError. 1898 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1899 cp->klass_at(catch_type_index, CHECK); 1900 } 1901 bool is_subclass = throwable.is_assignable_from( 1902 catch_type, this, false, CHECK_VERIFY(this)); 1903 if (!is_subclass) { 1904 // 4286534: should throw VerifyError according to recent spec change 1905 verify_error(ErrorContext::bad_type(handler_pc, 1906 TypeOrigin::cp(catch_type_index, catch_type), 1907 TypeOrigin::implicit(throwable)), 1908 "Catch type is not a subclass " 1909 "of Throwable in exception handler %d", handler_pc); 1910 return; 1911 } 1912 } 1913 if (start_pc < min) min = start_pc; 1914 if (end_pc > max) max = end_pc; 1915 } 1916 } 1917 1918 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1919 int localvariable_table_length = _method->localvariable_table_length(); 1920 if (localvariable_table_length > 0) { 1921 LocalVariableTableElement* table = _method->localvariable_table_start(); 1922 for (int i = 0; i < localvariable_table_length; i++) { 1923 u2 start_bci = table[i].start_bci; 1924 u2 length = table[i].length; 1925 1926 if (start_bci >= code_length || code_data[start_bci] == 0) { 1927 class_format_error( 1928 "Illegal local variable table start_pc %d", start_bci); 1929 return; 1930 } 1931 u4 end_bci = (u4)(start_bci + length); 1932 if (end_bci != code_length) { 1933 if (end_bci >= code_length || code_data[end_bci] == 0) { 1934 class_format_error( "Illegal local variable table length %d", length); 1935 return; 1936 } 1937 } 1938 } 1939 } 1940 } 1941 1942 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci, 1943 StackMapFrame* current_frame, 1944 StackMapTable* stackmap_table, 1945 bool no_control_flow, TRAPS) { 1946 if (stackmap_index < stackmap_table->get_frame_count()) { 1947 int this_offset = stackmap_table->get_offset(stackmap_index); 1948 if (no_control_flow && this_offset > bci) { 1949 verify_error(ErrorContext::missing_stackmap(bci), 1950 "Expecting a stack map frame"); 1951 return 0; 1952 } 1953 if (this_offset == bci) { 1954 ErrorContext ctx; 1955 // See if current stack map can be assigned to the frame in table. 1956 // current_frame is the stackmap frame got from the last instruction. 1957 // If matched, current_frame will be updated by this method. 1958 bool matches = stackmap_table->match_stackmap( 1959 current_frame, this_offset, stackmap_index, 1960 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1961 if (!matches) { 1962 // report type error 1963 verify_error(ctx, "Instruction type does not match stack map"); 1964 return 0; 1965 } 1966 stackmap_index++; 1967 } else if (this_offset < bci) { 1968 // current_offset should have met this_offset. 1969 class_format_error("Bad stack map offset %d", this_offset); 1970 return 0; 1971 } 1972 } else if (no_control_flow) { 1973 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1974 return 0; 1975 } 1976 return stackmap_index; 1977 } 1978 1979 // Since this method references the constant pool, call was_recursively_verified() 1980 // before calling this method to make sure a prior class load did not cause the 1981 // current class to get verified. 1982 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit, 1983 StackMapFrame* current_frame, 1984 StackMapTable* stackmap_table, TRAPS) { 1985 constantPoolHandle cp (THREAD, _method->constants()); 1986 ExceptionTable exhandlers(_method()); 1987 int exlength = exhandlers.length(); 1988 for(int i = 0; i < exlength; i++) { 1989 u2 start_pc = exhandlers.start_pc(i); 1990 u2 end_pc = exhandlers.end_pc(i); 1991 u2 handler_pc = exhandlers.handler_pc(i); 1992 int catch_type_index = exhandlers.catch_type_index(i); 1993 if(bci >= start_pc && bci < end_pc) { 1994 u1 flags = current_frame->flags(); 1995 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1996 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1997 if (catch_type_index != 0) { 1998 if (was_recursively_verified()) return; 1999 // We know that this index refers to a subclass of Throwable 2000 VerificationType catch_type = cp_index_to_type( 2001 catch_type_index, cp, CHECK_VERIFY(this)); 2002 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2003 } else { 2004 VerificationType throwable = 2005 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2006 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2007 } 2008 ErrorContext ctx; 2009 bool matches = stackmap_table->match_stackmap( 2010 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2011 if (!matches) { 2012 verify_error(ctx, "Stack map does not match the one at " 2013 "exception handler %d", handler_pc); 2014 return; 2015 } 2016 } 2017 } 2018 } 2019 2020 void ClassVerifier::verify_cp_index( 2021 int bci, const constantPoolHandle& cp, u2 index, TRAPS) { 2022 int nconstants = cp->length(); 2023 if ((index <= 0) || (index >= nconstants)) { 2024 verify_error(ErrorContext::bad_cp_index(bci, index), 2025 "Illegal constant pool index %d in class %s", 2026 index, cp->pool_holder()->external_name()); 2027 return; 2028 } 2029 } 2030 2031 void ClassVerifier::verify_cp_type( 2032 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2033 2034 // In some situations, bytecode rewriting may occur while we're verifying. 2035 // In this case, a constant pool cache exists and some indices refer to that 2036 // instead. Be sure we don't pick up such indices by accident. 2037 // We must check was_recursively_verified() before we get here. 2038 guarantee(cp->cache() == nullptr, "not rewritten yet"); 2039 2040 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2041 unsigned int tag = cp->tag_at(index).value(); 2042 if ((types & (1 << tag)) == 0) { 2043 verify_error(ErrorContext::bad_cp_index(bci, index), 2044 "Illegal type at constant pool entry %d in class %s", 2045 index, cp->pool_holder()->external_name()); 2046 return; 2047 } 2048 } 2049 2050 void ClassVerifier::verify_cp_class_type( 2051 int bci, u2 index, const constantPoolHandle& cp, TRAPS) { 2052 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2053 constantTag tag = cp->tag_at(index); 2054 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2055 verify_error(ErrorContext::bad_cp_index(bci, index), 2056 "Illegal type at constant pool entry %d in class %s", 2057 index, cp->pool_holder()->external_name()); 2058 return; 2059 } 2060 } 2061 2062 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2063 stringStream ss; 2064 2065 ctx.reset_frames(); 2066 _exception_type = vmSymbols::java_lang_VerifyError(); 2067 _error_context = ctx; 2068 va_list va; 2069 va_start(va, msg); 2070 ss.vprint(msg, va); 2071 va_end(va); 2072 _message = ss.as_string(); 2073 #ifdef ASSERT 2074 ResourceMark rm; 2075 const char* exception_name = _exception_type->as_C_string(); 2076 Exceptions::debug_check_abort(exception_name, nullptr); 2077 #endif // ndef ASSERT 2078 } 2079 2080 void ClassVerifier::class_format_error(const char* msg, ...) { 2081 stringStream ss; 2082 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2083 va_list va; 2084 va_start(va, msg); 2085 ss.vprint(msg, va); 2086 va_end(va); 2087 if (!_method.is_null()) { 2088 ss.print(" in method '"); 2089 _method->print_external_name(&ss); 2090 ss.print("'"); 2091 } 2092 _message = ss.as_string(); 2093 } 2094 2095 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2096 HandleMark hm(THREAD); 2097 // Get current loader and protection domain first. 2098 oop loader = current_class()->class_loader(); 2099 oop protection_domain = current_class()->protection_domain(); 2100 2101 assert(name_in_supers(name, current_class()), "name should be a super class"); 2102 2103 Klass* kls = SystemDictionary::resolve_or_fail( 2104 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2105 true, THREAD); 2106 2107 if (kls != nullptr) { 2108 if (log_is_enabled(Debug, class, resolve)) { 2109 Verifier::trace_class_resolution(kls, current_class()); 2110 } 2111 } 2112 return kls; 2113 } 2114 2115 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2116 Klass* target_class, 2117 Symbol* field_name, 2118 Symbol* field_sig, 2119 bool is_method) { 2120 NoSafepointVerifier nosafepoint; 2121 2122 // If target class isn't a super class of this class, we don't worry about this case 2123 if (!this_class->is_subclass_of(target_class)) { 2124 return false; 2125 } 2126 // Check if the specified method or field is protected 2127 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2128 fieldDescriptor fd; 2129 if (is_method) { 2130 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2131 if (m != nullptr && m->is_protected()) { 2132 if (!this_class->is_same_class_package(m->method_holder())) { 2133 return true; 2134 } 2135 } 2136 } else { 2137 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2138 if (member_klass != nullptr && fd.is_protected()) { 2139 if (!this_class->is_same_class_package(member_klass)) { 2140 return true; 2141 } 2142 } 2143 } 2144 return false; 2145 } 2146 2147 void ClassVerifier::verify_ldc( 2148 int opcode, u2 index, StackMapFrame* current_frame, 2149 const constantPoolHandle& cp, int bci, TRAPS) { 2150 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2151 constantTag tag = cp->tag_at(index); 2152 unsigned int types = 0; 2153 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2154 if (!tag.is_unresolved_klass()) { 2155 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2156 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2157 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2158 | (1 << JVM_CONSTANT_Dynamic); 2159 // Note: The class file parser already verified the legality of 2160 // MethodHandle and MethodType constants. 2161 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2162 } 2163 } else { 2164 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2165 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2166 | (1 << JVM_CONSTANT_Dynamic); 2167 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2168 } 2169 if (tag.is_string()) { 2170 current_frame->push_stack( 2171 VerificationType::reference_type( 2172 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2173 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2174 current_frame->push_stack( 2175 VerificationType::reference_type( 2176 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2177 } else if (tag.is_int()) { 2178 current_frame->push_stack( 2179 VerificationType::integer_type(), CHECK_VERIFY(this)); 2180 } else if (tag.is_float()) { 2181 current_frame->push_stack( 2182 VerificationType::float_type(), CHECK_VERIFY(this)); 2183 } else if (tag.is_double()) { 2184 current_frame->push_stack_2( 2185 VerificationType::double_type(), 2186 VerificationType::double2_type(), CHECK_VERIFY(this)); 2187 } else if (tag.is_long()) { 2188 current_frame->push_stack_2( 2189 VerificationType::long_type(), 2190 VerificationType::long2_type(), CHECK_VERIFY(this)); 2191 } else if (tag.is_method_handle()) { 2192 current_frame->push_stack( 2193 VerificationType::reference_type( 2194 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2195 } else if (tag.is_method_type()) { 2196 current_frame->push_stack( 2197 VerificationType::reference_type( 2198 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2199 } else if (tag.is_dynamic_constant()) { 2200 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2201 // Field signature was checked in ClassFileParser. 2202 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2203 "Invalid type for dynamic constant"); 2204 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2205 "buffer type must match VerificationType size"); 2206 uintptr_t constant_type_buffer[2]; 2207 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2208 SignatureStream sig_stream(constant_type, false); 2209 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2210 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2211 if (n != opcode_n) { 2212 // wrong kind of ldc; reverify against updated type mask 2213 types &= ~(1 << JVM_CONSTANT_Dynamic); 2214 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2215 } 2216 for (int i = 0; i < n; i++) { 2217 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2218 } 2219 } else { 2220 /* Unreachable? verify_cp_type has already validated the cp type. */ 2221 verify_error( 2222 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2223 return; 2224 } 2225 } 2226 2227 void ClassVerifier::verify_switch( 2228 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2229 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2230 int bci = bcs->bci(); 2231 address bcp = bcs->bcp(); 2232 address aligned_bcp = align_up(bcp + 1, jintSize); 2233 2234 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2235 // 4639449 & 4647081: padding bytes must be 0 2236 u2 padding_offset = 1; 2237 while ((bcp + padding_offset) < aligned_bcp) { 2238 if(*(bcp + padding_offset) != 0) { 2239 verify_error(ErrorContext::bad_code(bci), 2240 "Nonzero padding byte in lookupswitch or tableswitch"); 2241 return; 2242 } 2243 padding_offset++; 2244 } 2245 } 2246 2247 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2248 int keys, delta; 2249 current_frame->pop_stack( 2250 VerificationType::integer_type(), CHECK_VERIFY(this)); 2251 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2252 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2253 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2254 if (low > high) { 2255 verify_error(ErrorContext::bad_code(bci), 2256 "low must be less than or equal to high in tableswitch"); 2257 return; 2258 } 2259 keys = high - low + 1; 2260 if (keys < 0) { 2261 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2262 return; 2263 } 2264 delta = 1; 2265 } else { 2266 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2267 if (keys < 0) { 2268 verify_error(ErrorContext::bad_code(bci), 2269 "number of keys in lookupswitch less than 0"); 2270 return; 2271 } 2272 delta = 2; 2273 // Make sure that the lookupswitch items are sorted 2274 for (int i = 0; i < (keys - 1); i++) { 2275 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2276 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2277 if (this_key >= next_key) { 2278 verify_error(ErrorContext::bad_code(bci), 2279 "Bad lookupswitch instruction"); 2280 return; 2281 } 2282 } 2283 } 2284 int target = bci + default_offset; 2285 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2286 for (int i = 0; i < keys; i++) { 2287 // Because check_jump_target() may safepoint, the bytecode could have 2288 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2289 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2290 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2291 stackmap_table->check_jump_target( 2292 current_frame, target, CHECK_VERIFY(this)); 2293 } 2294 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point 2295 } 2296 2297 bool ClassVerifier::name_in_supers( 2298 Symbol* ref_name, InstanceKlass* current) { 2299 Klass* super = current->super(); 2300 while (super != nullptr) { 2301 if (super->name() == ref_name) { 2302 return true; 2303 } 2304 super = super->super(); 2305 } 2306 return false; 2307 } 2308 2309 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2310 StackMapFrame* current_frame, 2311 const constantPoolHandle& cp, 2312 bool allow_arrays, 2313 TRAPS) { 2314 u2 index = bcs->get_index_u2(); 2315 verify_cp_type(bcs->bci(), index, cp, 2316 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2317 2318 // Get field name and signature 2319 Symbol* field_name = cp->uncached_name_ref_at(index); 2320 Symbol* field_sig = cp->uncached_signature_ref_at(index); 2321 bool is_getfield = false; 2322 2323 // Field signature was checked in ClassFileParser. 2324 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2325 "Invalid field signature"); 2326 2327 // Get referenced class type 2328 VerificationType ref_class_type = cp_ref_index_to_type( 2329 index, cp, CHECK_VERIFY(this)); 2330 if (!ref_class_type.is_object() && 2331 (!allow_arrays || !ref_class_type.is_array())) { 2332 verify_error(ErrorContext::bad_type(bcs->bci(), 2333 TypeOrigin::cp(index, ref_class_type)), 2334 "Expecting reference to class in class %s at constant pool index %d", 2335 _klass->external_name(), index); 2336 return; 2337 } 2338 VerificationType target_class_type = ref_class_type; 2339 2340 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2341 "buffer type must match VerificationType size"); 2342 uintptr_t field_type_buffer[2]; 2343 VerificationType* field_type = (VerificationType*)field_type_buffer; 2344 // If we make a VerificationType[2] array directly, the compiler calls 2345 // to the c-runtime library to do the allocation instead of just 2346 // stack allocating it. Plus it would run constructors. This shows up 2347 // in performance profiles. 2348 2349 SignatureStream sig_stream(field_sig, false); 2350 VerificationType stack_object_type; 2351 int n = change_sig_to_verificationType(&sig_stream, field_type); 2352 int bci = bcs->bci(); 2353 bool is_assignable; 2354 switch (bcs->raw_code()) { 2355 case Bytecodes::_getstatic: { 2356 for (int i = 0; i < n; i++) { 2357 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2358 } 2359 break; 2360 } 2361 case Bytecodes::_putstatic: { 2362 for (int i = n - 1; i >= 0; i--) { 2363 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2364 } 2365 break; 2366 } 2367 case Bytecodes::_getfield: { 2368 is_getfield = true; 2369 stack_object_type = current_frame->pop_stack( 2370 target_class_type, CHECK_VERIFY(this)); 2371 goto check_protected; 2372 } 2373 case Bytecodes::_putfield: { 2374 for (int i = n - 1; i >= 0; i--) { 2375 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2376 } 2377 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2378 2379 // The JVMS 2nd edition allows field initialization before the superclass 2380 // initializer, if the field is defined within the current class. 2381 fieldDescriptor fd; 2382 if (stack_object_type == VerificationType::uninitialized_this_type() && 2383 target_class_type.equals(current_type()) && 2384 _klass->find_local_field(field_name, field_sig, &fd)) { 2385 stack_object_type = current_type(); 2386 } 2387 is_assignable = target_class_type.is_assignable_from( 2388 stack_object_type, this, false, CHECK_VERIFY(this)); 2389 if (!is_assignable) { 2390 verify_error(ErrorContext::bad_type(bci, 2391 current_frame->stack_top_ctx(), 2392 TypeOrigin::cp(index, target_class_type)), 2393 "Bad type on operand stack in putfield"); 2394 return; 2395 } 2396 } 2397 check_protected: { 2398 if (_this_type == stack_object_type) 2399 break; // stack_object_type must be assignable to _current_class_type 2400 if (was_recursively_verified()) { 2401 if (is_getfield) { 2402 // Push field type for getfield. 2403 for (int i = 0; i < n; i++) { 2404 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2405 } 2406 } 2407 return; 2408 } 2409 Symbol* ref_class_name = 2410 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2411 if (!name_in_supers(ref_class_name, current_class())) 2412 // stack_object_type must be assignable to _current_class_type since: 2413 // 1. stack_object_type must be assignable to ref_class. 2414 // 2. ref_class must be _current_class or a subclass of it. It can't 2415 // be a superclass of it. See revised JVMS 5.4.4. 2416 break; 2417 2418 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2419 if (is_protected_access(current_class(), ref_class_oop, field_name, 2420 field_sig, false)) { 2421 // It's protected access, check if stack object is assignable to 2422 // current class. 2423 is_assignable = current_type().is_assignable_from( 2424 stack_object_type, this, true, CHECK_VERIFY(this)); 2425 if (!is_assignable) { 2426 verify_error(ErrorContext::bad_type(bci, 2427 current_frame->stack_top_ctx(), 2428 TypeOrigin::implicit(current_type())), 2429 "Bad access to protected data in %s", 2430 is_getfield ? "getfield" : "putfield"); 2431 return; 2432 } 2433 } 2434 break; 2435 } 2436 default: ShouldNotReachHere(); 2437 } 2438 if (is_getfield) { 2439 // Push field type for getfield after doing protection check. 2440 for (int i = 0; i < n; i++) { 2441 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2442 } 2443 } 2444 } 2445 2446 // Look at the method's handlers. If the bci is in the handler's try block 2447 // then check if the handler_pc is already on the stack. If not, push it 2448 // unless the handler has already been scanned. 2449 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2450 GrowableArray<u4>* handler_list, 2451 GrowableArray<u4>* handler_stack, 2452 u4 bci) { 2453 int exlength = exhandlers->length(); 2454 for(int x = 0; x < exlength; x++) { 2455 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2456 u4 exhandler_pc = exhandlers->handler_pc(x); 2457 if (!handler_list->contains(exhandler_pc)) { 2458 handler_stack->append_if_missing(exhandler_pc); 2459 handler_list->append(exhandler_pc); 2460 } 2461 } 2462 } 2463 } 2464 2465 // Return TRUE if all code paths starting with start_bc_offset end in 2466 // bytecode athrow or loop. 2467 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2468 ResourceMark rm; 2469 // Create bytecode stream. 2470 RawBytecodeStream bcs(method()); 2471 int code_length = method()->code_size(); 2472 bcs.set_start(start_bc_offset); 2473 2474 // Create stack for storing bytecode start offsets for if* and *switch. 2475 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2476 // Create stack for handlers for try blocks containing this handler. 2477 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2478 // Create list of handlers that have been pushed onto the handler_stack 2479 // so that handlers embedded inside of their own TRY blocks only get 2480 // scanned once. 2481 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2482 // Create list of visited branch opcodes (goto* and if*). 2483 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2484 ExceptionTable exhandlers(_method()); 2485 2486 while (true) { 2487 if (bcs.is_last_bytecode()) { 2488 // if no more starting offsets to parse or if at the end of the 2489 // method then return false. 2490 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length)) 2491 return false; 2492 // Pop a bytecode starting offset and scan from there. 2493 bcs.set_start(bci_stack->pop()); 2494 } 2495 Bytecodes::Code opcode = bcs.raw_next(); 2496 int bci = bcs.bci(); 2497 2498 // If the bytecode is in a TRY block, push its handlers so they 2499 // will get parsed. 2500 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2501 2502 switch (opcode) { 2503 case Bytecodes::_if_icmpeq: 2504 case Bytecodes::_if_icmpne: 2505 case Bytecodes::_if_icmplt: 2506 case Bytecodes::_if_icmpge: 2507 case Bytecodes::_if_icmpgt: 2508 case Bytecodes::_if_icmple: 2509 case Bytecodes::_ifeq: 2510 case Bytecodes::_ifne: 2511 case Bytecodes::_iflt: 2512 case Bytecodes::_ifge: 2513 case Bytecodes::_ifgt: 2514 case Bytecodes::_ifle: 2515 case Bytecodes::_if_acmpeq: 2516 case Bytecodes::_if_acmpne: 2517 case Bytecodes::_ifnull: 2518 case Bytecodes::_ifnonnull: { 2519 int target = bcs.dest(); 2520 if (visited_branches->contains(bci)) { 2521 if (bci_stack->is_empty()) { 2522 if (handler_stack->is_empty()) { 2523 return true; 2524 } else { 2525 // Parse the catch handlers for try blocks containing athrow. 2526 bcs.set_start(handler_stack->pop()); 2527 } 2528 } else { 2529 // Pop a bytecode starting offset and scan from there. 2530 bcs.set_start(bci_stack->pop()); 2531 } 2532 } else { 2533 if (target > bci) { // forward branch 2534 if (target >= code_length) return false; 2535 // Push the branch target onto the stack. 2536 bci_stack->push(target); 2537 // then, scan bytecodes starting with next. 2538 bcs.set_start(bcs.next_bci()); 2539 } else { // backward branch 2540 // Push bytecode offset following backward branch onto the stack. 2541 bci_stack->push(bcs.next_bci()); 2542 // Check bytecodes starting with branch target. 2543 bcs.set_start(target); 2544 } 2545 // Record target so we don't branch here again. 2546 visited_branches->append(bci); 2547 } 2548 break; 2549 } 2550 2551 case Bytecodes::_goto: 2552 case Bytecodes::_goto_w: { 2553 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2554 if (visited_branches->contains(bci)) { 2555 if (bci_stack->is_empty()) { 2556 if (handler_stack->is_empty()) { 2557 return true; 2558 } else { 2559 // Parse the catch handlers for try blocks containing athrow. 2560 bcs.set_start(handler_stack->pop()); 2561 } 2562 } else { 2563 // Been here before, pop new starting offset from stack. 2564 bcs.set_start(bci_stack->pop()); 2565 } 2566 } else { 2567 if (target >= code_length) return false; 2568 // Continue scanning from the target onward. 2569 bcs.set_start(target); 2570 // Record target so we don't branch here again. 2571 visited_branches->append(bci); 2572 } 2573 break; 2574 } 2575 2576 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2577 // is difficult to determine where each switch alternative ends, parse 2578 // each switch alternative until either hit a 'return', 'athrow', or reach 2579 // the end of the method's bytecodes. This is gross but should be okay 2580 // because: 2581 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2582 // constructor invocations should be rare. 2583 // 2. if each switch alternative ends in an athrow then the parsing should be 2584 // short. If there is no athrow then it is bogus code, anyway. 2585 case Bytecodes::_lookupswitch: 2586 case Bytecodes::_tableswitch: 2587 { 2588 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2589 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2590 int keys, delta; 2591 if (opcode == Bytecodes::_tableswitch) { 2592 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2593 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2594 // This is invalid, but let the regular bytecode verifier 2595 // report this because the user will get a better error message. 2596 if (low > high) return true; 2597 keys = high - low + 1; 2598 delta = 1; 2599 } else { 2600 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2601 delta = 2; 2602 } 2603 // Invalid, let the regular bytecode verifier deal with it. 2604 if (keys < 0) return true; 2605 2606 // Push the offset of the next bytecode onto the stack. 2607 bci_stack->push(bcs.next_bci()); 2608 2609 // Push the switch alternatives onto the stack. 2610 for (int i = 0; i < keys; i++) { 2611 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2612 if (target > code_length) return false; 2613 bci_stack->push(target); 2614 } 2615 2616 // Start bytecode parsing for the switch at the default alternative. 2617 if (default_offset > code_length) return false; 2618 bcs.set_start(default_offset); 2619 break; 2620 } 2621 2622 case Bytecodes::_return: 2623 return false; 2624 2625 case Bytecodes::_athrow: 2626 { 2627 if (bci_stack->is_empty()) { 2628 if (handler_stack->is_empty()) { 2629 return true; 2630 } else { 2631 // Parse the catch handlers for try blocks containing athrow. 2632 bcs.set_start(handler_stack->pop()); 2633 } 2634 } else { 2635 // Pop a bytecode offset and starting scanning from there. 2636 bcs.set_start(bci_stack->pop()); 2637 } 2638 } 2639 break; 2640 2641 default: 2642 ; 2643 } // end switch 2644 } // end while loop 2645 2646 return false; 2647 } 2648 2649 void ClassVerifier::verify_invoke_init( 2650 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2651 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2652 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2653 TRAPS) { 2654 int bci = bcs->bci(); 2655 VerificationType type = current_frame->pop_stack( 2656 VerificationType::reference_check(), CHECK_VERIFY(this)); 2657 if (type == VerificationType::uninitialized_this_type()) { 2658 // The method must be an <init> method of this class or its superclass 2659 Klass* superk = current_class()->super(); 2660 if (ref_class_type.name() != current_class()->name() && 2661 ref_class_type.name() != superk->name()) { 2662 verify_error(ErrorContext::bad_type(bci, 2663 TypeOrigin::implicit(ref_class_type), 2664 TypeOrigin::implicit(current_type())), 2665 "Bad <init> method call"); 2666 return; 2667 } 2668 2669 // If this invokespecial call is done from inside of a TRY block then make 2670 // sure that all catch clause paths end in a throw. Otherwise, this can 2671 // result in returning an incomplete object. 2672 if (in_try_block) { 2673 ExceptionTable exhandlers(_method()); 2674 int exlength = exhandlers.length(); 2675 for(int i = 0; i < exlength; i++) { 2676 u2 start_pc = exhandlers.start_pc(i); 2677 u2 end_pc = exhandlers.end_pc(i); 2678 2679 if (bci >= start_pc && bci < end_pc) { 2680 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2681 verify_error(ErrorContext::bad_code(bci), 2682 "Bad <init> method call from after the start of a try block"); 2683 return; 2684 } else if (log_is_enabled(Debug, verification)) { 2685 ResourceMark rm(THREAD); 2686 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2687 current_class()->name()->as_C_string()); 2688 } 2689 } 2690 } 2691 2692 // Check the exception handler target stackmaps with the locals from the 2693 // incoming stackmap (before initialize_object() changes them to outgoing 2694 // state). 2695 if (was_recursively_verified()) return; 2696 verify_exception_handler_targets(bci, true, current_frame, 2697 stackmap_table, CHECK_VERIFY(this)); 2698 } // in_try_block 2699 2700 current_frame->initialize_object(type, current_type()); 2701 *this_uninit = true; 2702 } else if (type.is_uninitialized()) { 2703 u2 new_offset = type.bci(); 2704 address new_bcp = bcs->bcp() - bci + new_offset; 2705 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2706 /* Unreachable? Stack map parsing ensures valid type and new 2707 * instructions have a valid BCI. */ 2708 verify_error(ErrorContext::bad_code(new_offset), 2709 "Expecting new instruction"); 2710 return; 2711 } 2712 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2713 if (was_recursively_verified()) return; 2714 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2715 2716 // The method must be an <init> method of the indicated class 2717 VerificationType new_class_type = cp_index_to_type( 2718 new_class_index, cp, CHECK_VERIFY(this)); 2719 if (!new_class_type.equals(ref_class_type)) { 2720 verify_error(ErrorContext::bad_type(bci, 2721 TypeOrigin::cp(new_class_index, new_class_type), 2722 TypeOrigin::cp(ref_class_index, ref_class_type)), 2723 "Call to wrong <init> method"); 2724 return; 2725 } 2726 // According to the VM spec, if the referent class is a superclass of the 2727 // current class, and is in a different runtime package, and the method is 2728 // protected, then the objectref must be the current class or a subclass 2729 // of the current class. 2730 VerificationType objectref_type = new_class_type; 2731 if (name_in_supers(ref_class_type.name(), current_class())) { 2732 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2733 if (was_recursively_verified()) return; 2734 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2735 vmSymbols::object_initializer_name(), 2736 cp->uncached_signature_ref_at(bcs->get_index_u2()), 2737 Klass::OverpassLookupMode::find); 2738 // Do nothing if method is not found. Let resolution detect the error. 2739 if (m != nullptr) { 2740 InstanceKlass* mh = m->method_holder(); 2741 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2742 bool assignable = current_type().is_assignable_from( 2743 objectref_type, this, true, CHECK_VERIFY(this)); 2744 if (!assignable) { 2745 verify_error(ErrorContext::bad_type(bci, 2746 TypeOrigin::cp(new_class_index, objectref_type), 2747 TypeOrigin::implicit(current_type())), 2748 "Bad access to protected <init> method"); 2749 return; 2750 } 2751 } 2752 } 2753 } 2754 // Check the exception handler target stackmaps with the locals from the 2755 // incoming stackmap (before initialize_object() changes them to outgoing 2756 // state). 2757 if (in_try_block) { 2758 if (was_recursively_verified()) return; 2759 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2760 stackmap_table, CHECK_VERIFY(this)); 2761 } 2762 current_frame->initialize_object(type, new_class_type); 2763 } else { 2764 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2765 "Bad operand type when invoking <init>"); 2766 return; 2767 } 2768 } 2769 2770 bool ClassVerifier::is_same_or_direct_interface( 2771 InstanceKlass* klass, 2772 VerificationType klass_type, 2773 VerificationType ref_class_type) { 2774 if (ref_class_type.equals(klass_type)) return true; 2775 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2776 if (local_interfaces != nullptr) { 2777 for (int x = 0; x < local_interfaces->length(); x++) { 2778 InstanceKlass* k = local_interfaces->at(x); 2779 assert (k != nullptr && k->is_interface(), "invalid interface"); 2780 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2781 return true; 2782 } 2783 } 2784 } 2785 return false; 2786 } 2787 2788 void ClassVerifier::verify_invoke_instructions( 2789 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2790 bool in_try_block, bool *this_uninit, VerificationType return_type, 2791 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2792 // Make sure the constant pool item is the right type 2793 u2 index = bcs->get_index_u2(); 2794 Bytecodes::Code opcode = bcs->raw_code(); 2795 unsigned int types = 0; 2796 switch (opcode) { 2797 case Bytecodes::_invokeinterface: 2798 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2799 break; 2800 case Bytecodes::_invokedynamic: 2801 types = 1 << JVM_CONSTANT_InvokeDynamic; 2802 break; 2803 case Bytecodes::_invokespecial: 2804 case Bytecodes::_invokestatic: 2805 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2806 (1 << JVM_CONSTANT_Methodref) : 2807 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2808 break; 2809 default: 2810 types = 1 << JVM_CONSTANT_Methodref; 2811 } 2812 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2813 2814 // Get method name and signature 2815 Symbol* method_name = cp->uncached_name_ref_at(index); 2816 Symbol* method_sig = cp->uncached_signature_ref_at(index); 2817 2818 // Method signature was checked in ClassFileParser. 2819 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2820 "Invalid method signature"); 2821 2822 // Get referenced class type 2823 VerificationType ref_class_type; 2824 if (opcode == Bytecodes::_invokedynamic) { 2825 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2826 class_format_error( 2827 "invokedynamic instructions not supported by this class file version (%d), class %s", 2828 _klass->major_version(), _klass->external_name()); 2829 return; 2830 } 2831 } else { 2832 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2833 } 2834 2835 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2836 "buffer type must match VerificationType size"); 2837 2838 // Get the UTF8 index for this signature. 2839 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index)); 2840 2841 // Get the signature's verification types. 2842 sig_as_verification_types* mth_sig_verif_types; 2843 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2844 if (mth_sig_verif_types_ptr != nullptr) { 2845 // Found the entry for the signature's verification types in the hash table. 2846 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2847 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value"); 2848 } else { 2849 // Not found, add the entry to the table. 2850 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2851 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2852 create_method_sig_entry(mth_sig_verif_types, sig_index); 2853 } 2854 2855 // Get the number of arguments for this signature. 2856 int nargs = mth_sig_verif_types->num_args(); 2857 2858 // Check instruction operands 2859 int bci = bcs->bci(); 2860 if (opcode == Bytecodes::_invokeinterface) { 2861 address bcp = bcs->bcp(); 2862 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2863 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2864 // the difference between the size of the operand stack before and after the instruction 2865 // executes. 2866 if (*(bcp+3) != (nargs+1)) { 2867 verify_error(ErrorContext::bad_code(bci), 2868 "Inconsistent args count operand in invokeinterface"); 2869 return; 2870 } 2871 if (*(bcp+4) != 0) { 2872 verify_error(ErrorContext::bad_code(bci), 2873 "Fourth operand byte of invokeinterface must be zero"); 2874 return; 2875 } 2876 } 2877 2878 if (opcode == Bytecodes::_invokedynamic) { 2879 address bcp = bcs->bcp(); 2880 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2881 verify_error(ErrorContext::bad_code(bci), 2882 "Third and fourth operand bytes of invokedynamic must be zero"); 2883 return; 2884 } 2885 } 2886 2887 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2888 // Make sure <init> can only be invoked by invokespecial 2889 if (opcode != Bytecodes::_invokespecial || 2890 method_name != vmSymbols::object_initializer_name()) { 2891 verify_error(ErrorContext::bad_code(bci), 2892 "Illegal call to internal method"); 2893 return; 2894 } 2895 } else if (opcode == Bytecodes::_invokespecial 2896 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2897 && !ref_class_type.equals(VerificationType::reference_type( 2898 current_class()->super()->name()))) { 2899 bool subtype = false; 2900 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2901 subtype = ref_class_type.is_assignable_from( 2902 current_type(), this, false, CHECK_VERIFY(this)); 2903 if (!subtype) { 2904 verify_error(ErrorContext::bad_code(bci), 2905 "Bad invokespecial instruction: " 2906 "current class isn't assignable to reference class."); 2907 return; 2908 } else if (have_imr_indirect) { 2909 verify_error(ErrorContext::bad_code(bci), 2910 "Bad invokespecial instruction: " 2911 "interface method reference is in an indirect superinterface."); 2912 return; 2913 } 2914 2915 } 2916 2917 // Get the verification types for the method's arguments. 2918 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2919 assert(sig_verif_types != nullptr, "Missing signature's array of verification types"); 2920 // Match method descriptor with operand stack 2921 // The arguments are on the stack in descending order. 2922 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2923 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2924 } 2925 2926 // Check objectref on operand stack 2927 if (opcode != Bytecodes::_invokestatic && 2928 opcode != Bytecodes::_invokedynamic) { 2929 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2930 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2931 code_length, in_try_block, this_uninit, cp, stackmap_table, 2932 CHECK_VERIFY(this)); 2933 if (was_recursively_verified()) return; 2934 } else { // other methods 2935 // Ensures that target class is assignable to method class. 2936 if (opcode == Bytecodes::_invokespecial) { 2937 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2938 } else if (opcode == Bytecodes::_invokevirtual) { 2939 VerificationType stack_object_type = 2940 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2941 if (current_type() != stack_object_type) { 2942 if (was_recursively_verified()) return; 2943 assert(cp->cache() == nullptr, "not rewritten yet"); 2944 Symbol* ref_class_name = 2945 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2946 // See the comments in verify_field_instructions() for 2947 // the rationale behind this. 2948 if (name_in_supers(ref_class_name, current_class())) { 2949 Klass* ref_class = load_class(ref_class_name, CHECK); 2950 if (is_protected_access( 2951 _klass, ref_class, method_name, method_sig, true)) { 2952 // It's protected access, check if stack object is 2953 // assignable to current class. 2954 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2955 && stack_object_type.is_array() 2956 && method_name == vmSymbols::clone_name()) { 2957 // Special case: arrays pretend to implement public Object 2958 // clone(). 2959 } else { 2960 bool is_assignable = current_type().is_assignable_from( 2961 stack_object_type, this, true, CHECK_VERIFY(this)); 2962 if (!is_assignable) { 2963 verify_error(ErrorContext::bad_type(bci, 2964 current_frame->stack_top_ctx(), 2965 TypeOrigin::implicit(current_type())), 2966 "Bad access to protected data in invokevirtual"); 2967 return; 2968 } 2969 } 2970 } 2971 } 2972 } 2973 } else { 2974 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2975 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2976 } 2977 } 2978 } 2979 // Push the result type. 2980 int sig_verif_types_len = sig_verif_types->length(); 2981 if (sig_verif_types_len > nargs) { // There's a return type 2982 if (method_name == vmSymbols::object_initializer_name()) { 2983 // <init> method must have a void return type 2984 /* Unreachable? Class file parser verifies that methods with '<' have 2985 * void return */ 2986 verify_error(ErrorContext::bad_code(bci), 2987 "Return type must be void in <init> method"); 2988 return; 2989 } 2990 2991 assert(sig_verif_types_len <= nargs + 2, 2992 "Signature verification types array return type is bogus"); 2993 for (int i = nargs; i < sig_verif_types_len; i++) { 2994 assert(i == nargs || sig_verif_types->at(i).is_long2() || 2995 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 2996 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2997 } 2998 } 2999 } 3000 3001 VerificationType ClassVerifier::get_newarray_type( 3002 u2 index, int bci, TRAPS) { 3003 const char* from_bt[] = { 3004 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3005 }; 3006 if (index < T_BOOLEAN || index > T_LONG) { 3007 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3008 return VerificationType::bogus_type(); 3009 } 3010 3011 // from_bt[index] contains the array signature which has a length of 2 3012 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3013 return VerificationType::reference_type(sig); 3014 } 3015 3016 void ClassVerifier::verify_anewarray( 3017 int bci, u2 index, const constantPoolHandle& cp, 3018 StackMapFrame* current_frame, TRAPS) { 3019 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3020 current_frame->pop_stack( 3021 VerificationType::integer_type(), CHECK_VERIFY(this)); 3022 3023 if (was_recursively_verified()) return; 3024 VerificationType component_type = 3025 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3026 int length; 3027 char* arr_sig_str; 3028 if (component_type.is_array()) { // it's an array 3029 const char* component_name = component_type.name()->as_utf8(); 3030 // Check for more than MAX_ARRAY_DIMENSIONS 3031 length = (int)strlen(component_name); 3032 if (length > MAX_ARRAY_DIMENSIONS && 3033 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3034 verify_error(ErrorContext::bad_code(bci), 3035 "Illegal anewarray instruction, array has more than 255 dimensions"); 3036 } 3037 // add one dimension to component 3038 length++; 3039 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3040 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3041 JVM_SIGNATURE_ARRAY, component_name); 3042 assert(n == length, "Unexpected number of characters in string"); 3043 } else { // it's an object or interface 3044 const char* component_name = component_type.name()->as_utf8(); 3045 // add one dimension to component with 'L' prepended and ';' postpended. 3046 length = (int)strlen(component_name) + 3; 3047 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3048 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3049 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3050 assert(n == length, "Unexpected number of characters in string"); 3051 } 3052 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3053 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3054 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3055 } 3056 3057 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) { 3058 current_frame->get_local( 3059 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3060 current_frame->push_stack( 3061 VerificationType::integer_type(), CHECK_VERIFY(this)); 3062 } 3063 3064 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) { 3065 current_frame->get_local_2( 3066 index, VerificationType::long_type(), 3067 VerificationType::long2_type(), CHECK_VERIFY(this)); 3068 current_frame->push_stack_2( 3069 VerificationType::long_type(), 3070 VerificationType::long2_type(), CHECK_VERIFY(this)); 3071 } 3072 3073 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) { 3074 current_frame->get_local( 3075 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3076 current_frame->push_stack( 3077 VerificationType::float_type(), CHECK_VERIFY(this)); 3078 } 3079 3080 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) { 3081 current_frame->get_local_2( 3082 index, VerificationType::double_type(), 3083 VerificationType::double2_type(), CHECK_VERIFY(this)); 3084 current_frame->push_stack_2( 3085 VerificationType::double_type(), 3086 VerificationType::double2_type(), CHECK_VERIFY(this)); 3087 } 3088 3089 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) { 3090 VerificationType type = current_frame->get_local( 3091 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3092 current_frame->push_stack(type, CHECK_VERIFY(this)); 3093 } 3094 3095 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) { 3096 current_frame->pop_stack( 3097 VerificationType::integer_type(), CHECK_VERIFY(this)); 3098 current_frame->set_local( 3099 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3100 } 3101 3102 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) { 3103 current_frame->pop_stack_2( 3104 VerificationType::long2_type(), 3105 VerificationType::long_type(), CHECK_VERIFY(this)); 3106 current_frame->set_local_2( 3107 index, VerificationType::long_type(), 3108 VerificationType::long2_type(), CHECK_VERIFY(this)); 3109 } 3110 3111 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) { 3112 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3113 current_frame->set_local( 3114 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3115 } 3116 3117 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) { 3118 current_frame->pop_stack_2( 3119 VerificationType::double2_type(), 3120 VerificationType::double_type(), CHECK_VERIFY(this)); 3121 current_frame->set_local_2( 3122 index, VerificationType::double_type(), 3123 VerificationType::double2_type(), CHECK_VERIFY(this)); 3124 } 3125 3126 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) { 3127 VerificationType type = current_frame->pop_stack( 3128 VerificationType::reference_check(), CHECK_VERIFY(this)); 3129 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3130 } 3131 3132 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) { 3133 VerificationType type = current_frame->get_local( 3134 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3135 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3136 } 3137 3138 void ClassVerifier::verify_return_value( 3139 VerificationType return_type, VerificationType type, int bci, 3140 StackMapFrame* current_frame, TRAPS) { 3141 if (return_type == VerificationType::bogus_type()) { 3142 verify_error(ErrorContext::bad_type(bci, 3143 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3144 "Method does not expect a return value"); 3145 return; 3146 } 3147 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3148 if (!match) { 3149 verify_error(ErrorContext::bad_type(bci, 3150 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3151 "Bad return type"); 3152 return; 3153 } 3154 } 3155 3156 // The verifier creates symbols which are substrings of Symbols. 3157 // These are stored in the verifier until the end of verification so that 3158 // they can be reference counted. 3159 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3160 // Quick deduplication check 3161 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) { 3162 return _previous_symbol; 3163 } 3164 Symbol* sym = SymbolTable::new_symbol(name, length); 3165 if (!sym->is_permanent()) { 3166 if (_symbols == nullptr) { 3167 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr); 3168 } 3169 _symbols->push(sym); 3170 } 3171 _previous_symbol = sym; 3172 return sym; 3173 }