1 /*
2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 void *lib_handle = nullptr;
90 // Load verify dll
91 if (is_vm_statically_linked()) {
92 lib_handle = os::get_default_process_handle();
93 } else {
94 char buffer[JVM_MAXPATHLEN];
95 char ebuf[1024];
96 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
97 return nullptr; // Caller will throw VerifyError
98
99 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
100 if (lib_handle == nullptr)
101 return nullptr; // Caller will throw VerifyError
102 }
103
104 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
105 if (fn == nullptr)
106 return nullptr; // Caller will throw VerifyError
107
108 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
109 }
110
111
112 // Methods in Verifier
113
114 // This method determines whether we run the verifier and class file format checking code.
115 bool Verifier::should_verify_for(oop class_loader) {
116 return class_loader == nullptr ?
117 BytecodeVerificationLocal : BytecodeVerificationRemote;
118 }
119
120 // This method determines whether we allow package access in access checks in reflection.
121 bool Verifier::relax_access_for(oop loader) {
122 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
123 bool need_verify =
124 // verifyAll
125 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
126 // verifyRemote
127 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
128 return !need_verify;
129 }
130
131 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
132 // or pass true for redefinition of any class.
133 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
134 Symbol* name = klass->name();
135
136 return (should_verify_class &&
137 // Can not verify the bytecodes for shared classes because they have
138 // already been rewritten to contain constant pool cache indices,
139 // which the verifier can't understand.
140 // Shared classes shouldn't have stackmaps either.
141 // However, bytecodes for shared old classes can be verified because
142 // they have not been rewritten.
143 !(klass->is_shared() && klass->is_rewritten()));
144 }
145
146 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
147 assert(verify_class != nullptr, "Unexpected null verify_class");
148 ResourceMark rm;
149 Symbol* s = verify_class->source_file_name();
150 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
151 const char* verify = verify_class->external_name();
152 const char* resolve = resolve_class->external_name();
153 // print in a single call to reduce interleaving between threads
154 if (source_file != nullptr) {
155 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
156 } else {
157 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
158 }
159 }
160
161 // Prints the end-verification message to the appropriate output.
162 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
163 if (pending_exception != nullptr) {
164 st->print("Verification for %s has", klassName);
165 oop message = java_lang_Throwable::message(pending_exception);
166 if (message != nullptr) {
167 char* ex_msg = java_lang_String::as_utf8_string(message);
168 st->print_cr(" exception pending '%s %s'",
169 pending_exception->klass()->external_name(), ex_msg);
170 } else {
171 st->print_cr(" exception pending %s ",
172 pending_exception->klass()->external_name());
173 }
174 } else if (exception_name != nullptr) {
175 st->print_cr("Verification for %s failed", klassName);
176 }
177 st->print_cr("End class verification for: %s", klassName);
178 }
179
180 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
181 HandleMark hm(THREAD);
182 ResourceMark rm(THREAD);
183
184 // Eagerly allocate the identity hash code for a klass. This is a fallout
185 // from 6320749 and 8059924: hash code generator is not supposed to be called
186 // during the safepoint, but it allows to sneak the hashcode in during
187 // verification. Without this eager hashcode generation, we may end up
188 // installing the hashcode during some other operation, which may be at
189 // safepoint -- blowing up the checks. It was previously done as the side
190 // effect (sic!) for external_name(), but instead of doing that, we opt to
191 // explicitly push the hashcode in here. This is signify the following block
192 // is IMPORTANT:
193 if (klass->java_mirror() != nullptr) {
194 klass->java_mirror()->identity_hash();
195 }
196
197 if (!is_eligible_for_verification(klass, should_verify_class)) {
198 return true;
199 }
200
201 // Timer includes any side effects of class verification (resolution,
202 // etc), but not recursive calls to Verifier::verify().
203 JavaThread* jt = THREAD;
204 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
205 ClassLoader::perf_class_verify_selftime(),
206 ClassLoader::perf_classes_verified(),
207 jt->get_thread_stat()->perf_recursion_counts_addr(),
208 jt->get_thread_stat()->perf_timers_addr(),
209 PerfClassTraceTime::CLASS_VERIFY);
210
211 // If the class should be verified, first see if we can use the split
212 // verifier. If not, or if verification fails and can failover, then
213 // call the inference verifier.
214 Symbol* exception_name = nullptr;
215 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
216 char* message_buffer = nullptr;
217 char* exception_message = nullptr;
218
219 log_info(class, init)("Start class verification for: %s", klass->external_name());
220 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
221 ClassVerifier split_verifier(jt, klass);
222 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
223 split_verifier.verify_class(THREAD);
224 exception_name = split_verifier.result();
225
226 // If dumping static archive then don't fall back to the old verifier on
227 // verification failure. If a class fails verification with the split verifier,
228 // it might fail the CDS runtime verifier constraint check. In that case, we
229 // don't want to share the class. We only archive classes that pass the split
230 // verifier.
231 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
232 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
233
234 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
235 (exception_name == vmSymbols::java_lang_VerifyError() ||
236 exception_name == vmSymbols::java_lang_ClassFormatError())) {
237 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
238 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
239 #if INCLUDE_CDS
240 // Exclude any classes that fail over during dynamic dumping
241 if (CDSConfig::is_dumping_dynamic_archive()) {
242 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
243 SystemDictionaryShared::set_excluded(klass);
244 }
245 #endif
246 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
247 exception_message = message_buffer;
248 exception_name = inference_verify(
249 klass, message_buffer, message_buffer_len, THREAD);
250 }
251 if (exception_name != nullptr) {
252 exception_message = split_verifier.exception_message();
253 }
254 } else {
255 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
256 exception_message = message_buffer;
257 exception_name = inference_verify(
258 klass, message_buffer, message_buffer_len, THREAD);
259 }
260
261 LogTarget(Info, class, init) lt1;
262 if (lt1.is_enabled()) {
263 LogStream ls(lt1);
264 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
265 }
266 LogTarget(Info, verification) lt2;
267 if (lt2.is_enabled()) {
268 LogStream ls(lt2);
269 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
270 }
271
272 if (HAS_PENDING_EXCEPTION) {
273 return false; // use the existing exception
274 } else if (exception_name == nullptr) {
275 return true; // verification succeeded
276 } else { // VerifyError or ClassFormatError to be created and thrown
277 Klass* kls =
278 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
279 if (log_is_enabled(Debug, class, resolve)) {
280 Verifier::trace_class_resolution(kls, klass);
281 }
282
283 while (kls != nullptr) {
284 if (kls == klass) {
285 // If the class being verified is the exception we're creating
286 // or one of it's superclasses, we're in trouble and are going
287 // to infinitely recurse when we try to initialize the exception.
288 // So bail out here by throwing the preallocated VM error.
289 THROW_OOP_(Universe::internal_error_instance(), false);
290 }
291 kls = kls->super();
292 }
293 if (message_buffer != nullptr) {
294 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
295 }
296 assert(exception_message != nullptr, "");
297 THROW_MSG_(exception_name, exception_message, false);
298 }
299 }
300
301 Symbol* Verifier::inference_verify(
302 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
303 JavaThread* thread = THREAD;
304
305 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
306
307 if (verify_func == nullptr) {
308 jio_snprintf(message, message_len, "Could not link verifier");
309 return vmSymbols::java_lang_VerifyError();
310 }
311
312 ResourceMark rm(thread);
313 log_info(verification)("Verifying class %s with old format", klass->external_name());
314
315 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
316 jint result;
317
318 {
319 HandleMark hm(thread);
320 ThreadToNativeFromVM ttn(thread);
321 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
322 // code knows that we have left the VM
323 JNIEnv *env = thread->jni_environment();
324 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
325 }
326
327 JNIHandles::destroy_local(cls);
328
329 // These numbers are chosen so that VerifyClassCodes interface doesn't need
330 // to be changed (still return jboolean (unsigned char)), and result is
331 // 1 when verification is passed.
332 if (result == 0) {
333 return vmSymbols::java_lang_VerifyError();
334 } else if (result == 1) {
335 return nullptr; // verified.
336 } else if (result == 2) {
337 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
338 } else if (result == 3) {
339 return vmSymbols::java_lang_ClassFormatError();
340 } else {
341 ShouldNotReachHere();
342 return nullptr;
343 }
344 }
345
346 TypeOrigin TypeOrigin::null() {
347 return TypeOrigin();
348 }
349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
350 assert(frame != nullptr, "Must have a frame");
351 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
352 frame->local_at(index));
353 }
354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
355 assert(frame != nullptr, "Must have a frame");
356 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
357 frame->stack_at(index));
358 }
359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
360 assert(frame != nullptr, "Must have a frame");
361 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
362 frame->local_at(index));
363 }
364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
365 assert(frame != nullptr, "Must have a frame");
366 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
367 frame->stack_at(index));
368 }
369 TypeOrigin TypeOrigin::bad_index(int index) {
370 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
371 }
372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
373 return TypeOrigin(CONST_POOL, index, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::signature(VerificationType vt) {
376 return TypeOrigin(SIG, 0, nullptr, vt);
377 }
378 TypeOrigin TypeOrigin::implicit(VerificationType t) {
379 return TypeOrigin(IMPLICIT, 0, nullptr, t);
380 }
381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
382 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
383 VerificationType::bogus_type());
384 }
385
386 void TypeOrigin::reset_frame() {
387 if (_frame != nullptr) {
388 _frame->restore();
389 }
390 }
391
392 void TypeOrigin::details(outputStream* ss) const {
393 _type.print_on(ss);
394 switch (_origin) {
395 case CF_LOCALS:
396 ss->print(" (current frame, locals[%d])", _index);
397 break;
398 case CF_STACK:
399 ss->print(" (current frame, stack[%d])", _index);
400 break;
401 case SM_LOCALS:
402 ss->print(" (stack map, locals[%d])", _index);
403 break;
404 case SM_STACK:
405 ss->print(" (stack map, stack[%d])", _index);
406 break;
407 case CONST_POOL:
408 ss->print(" (constant pool %d)", _index);
409 break;
410 case SIG:
411 ss->print(" (from method signature)");
412 break;
413 case IMPLICIT:
414 case FRAME_ONLY:
415 case NONE:
416 default:
417 ;
418 }
419 }
420
421 #ifdef ASSERT
422 void TypeOrigin::print_on(outputStream* str) const {
423 str->print("{%d,%d,%p:", _origin, _index, _frame);
424 if (_frame != nullptr) {
425 _frame->print_on(str);
426 } else {
427 str->print("null");
428 }
429 str->print(",");
430 _type.print_on(str);
431 str->print("}");
432 }
433 #endif
434
435 void ErrorContext::details(outputStream* ss, const Method* method) const {
436 if (is_valid()) {
437 ss->cr();
438 ss->print_cr("Exception Details:");
439 location_details(ss, method);
440 reason_details(ss);
441 frame_details(ss);
442 bytecode_details(ss, method);
443 handler_details(ss, method);
444 stackmap_details(ss, method);
445 }
446 }
447
448 void ErrorContext::reason_details(outputStream* ss) const {
449 streamIndentor si(ss);
450 ss->indent().print_cr("Reason:");
451 streamIndentor si2(ss);
452 ss->indent().print("%s", "");
453 switch (_fault) {
454 case INVALID_BYTECODE:
455 ss->print("Error exists in the bytecode");
456 break;
457 case WRONG_TYPE:
458 if (_expected.is_valid()) {
459 ss->print("Type ");
460 _type.details(ss);
461 ss->print(" is not assignable to ");
462 _expected.details(ss);
463 } else {
464 ss->print("Invalid type: ");
465 _type.details(ss);
466 }
467 break;
468 case FLAGS_MISMATCH:
469 if (_expected.is_valid()) {
470 ss->print("Current frame's flags are not assignable "
471 "to stack map frame's.");
472 } else {
473 ss->print("Current frame's flags are invalid in this context.");
474 }
475 break;
476 case BAD_CP_INDEX:
477 ss->print("Constant pool index %d is invalid", _type.index());
478 break;
479 case BAD_LOCAL_INDEX:
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case LOCALS_SIZE_MISMATCH:
483 ss->print("Current frame's local size doesn't match stackmap.");
484 break;
485 case STACK_SIZE_MISMATCH:
486 ss->print("Current frame's stack size doesn't match stackmap.");
487 break;
488 case STACK_OVERFLOW:
489 ss->print("Exceeded max stack size.");
490 break;
491 case STACK_UNDERFLOW:
492 ss->print("Attempt to pop empty stack.");
493 break;
494 case MISSING_STACKMAP:
495 ss->print("Expected stackmap frame at this location.");
496 break;
497 case BAD_STACKMAP:
498 ss->print("Invalid stackmap specification.");
499 break;
500 case UNKNOWN:
501 default:
502 ShouldNotReachHere();
503 ss->print_cr("Unknown");
504 }
505 ss->cr();
506 }
507
508 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
509 if (_bci != -1 && method != nullptr) {
510 streamIndentor si(ss);
511 const char* bytecode_name = "<invalid>";
512 if (method->validate_bci(_bci) != -1) {
513 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
514 if (Bytecodes::is_defined(code)) {
515 bytecode_name = Bytecodes::name(code);
516 } else {
517 bytecode_name = "<illegal>";
518 }
519 }
520 InstanceKlass* ik = method->method_holder();
521 ss->indent().print_cr("Location:");
522 streamIndentor si2(ss);
523 ss->indent().print_cr("%s.%s%s @%d: %s",
524 ik->name()->as_C_string(), method->name()->as_C_string(),
525 method->signature()->as_C_string(), _bci, bytecode_name);
526 }
527 }
528
529 void ErrorContext::frame_details(outputStream* ss) const {
530 streamIndentor si(ss);
531 if (_type.is_valid() && _type.frame() != nullptr) {
532 ss->indent().print_cr("Current Frame:");
533 streamIndentor si2(ss);
534 _type.frame()->print_on(ss);
535 }
536 if (_expected.is_valid() && _expected.frame() != nullptr) {
537 ss->indent().print_cr("Stackmap Frame:");
538 streamIndentor si2(ss);
539 _expected.frame()->print_on(ss);
540 }
541 }
542
543 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
544 if (method != nullptr) {
545 streamIndentor si(ss);
546 ss->indent().print_cr("Bytecode:");
547 streamIndentor si2(ss);
548 ss->print_data(method->code_base(), method->code_size(), false);
549 }
550 }
551
552 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
553 if (method != nullptr) {
554 streamIndentor si(ss);
555 ExceptionTable table(method);
556 if (table.length() > 0) {
557 ss->indent().print_cr("Exception Handler Table:");
558 streamIndentor si2(ss);
559 for (int i = 0; i < table.length(); ++i) {
560 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
561 table.end_pc(i), table.handler_pc(i));
562 }
563 }
564 }
565 }
566
567 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
568 if (method != nullptr && method->has_stackmap_table()) {
569 streamIndentor si(ss);
570 ss->indent().print_cr("Stackmap Table:");
571 Array<u1>* data = method->stackmap_data();
572 stack_map_table* sm_table =
573 stack_map_table::at((address)data->adr_at(0));
574 stack_map_frame* sm_frame = sm_table->entries();
575 streamIndentor si2(ss);
576 int current_offset = -1;
577 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
578 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
579 ss->indent();
580 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
581 sm_frame->print_truncated(ss, current_offset);
582 return;
583 }
584 sm_frame->print_on(ss, current_offset);
585 ss->cr();
586 current_offset += sm_frame->offset_delta();
587 sm_frame = sm_frame->next();
588 }
589 }
590 }
591
592 // Methods in ClassVerifier
593
594 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
595 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
596 _message(nullptr), _klass(klass) {
597 _this_type = VerificationType::reference_type(klass->name());
598 }
599
600 ClassVerifier::~ClassVerifier() {
601 // Decrement the reference count for any symbols created.
602 if (_symbols != nullptr) {
603 for (int i = 0; i < _symbols->length(); i++) {
604 Symbol* s = _symbols->at(i);
605 s->decrement_refcount();
606 }
607 }
608 }
609
610 VerificationType ClassVerifier::object_type() const {
611 return VerificationType::reference_type(vmSymbols::java_lang_Object());
612 }
613
614 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
615 VerificationType vt = VerificationType::reference_type(
616 create_temporary_symbol(sig, (int)strlen(sig)));
617 return TypeOrigin::implicit(vt);
618 }
619
620
621 void ClassVerifier::verify_class(TRAPS) {
622 log_info(verification)("Verifying class %s with new format", _klass->external_name());
623
624 // Either verifying both local and remote classes or just remote classes.
625 assert(BytecodeVerificationRemote, "Should not be here");
626
627 Array<Method*>* methods = _klass->methods();
628 int num_methods = methods->length();
629
630 for (int index = 0; index < num_methods; index++) {
631 // Check for recursive re-verification before each method.
632 if (was_recursively_verified()) return;
633
634 Method* m = methods->at(index);
635 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
636 // If m is native or abstract, skip it. It is checked in class file
637 // parser that methods do not override a final method. Overpass methods
638 // are trusted since the VM generates them.
639 continue;
640 }
641 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
642 }
643
644 if (was_recursively_verified()){
645 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
646 log_info(class, init)("Recursive verification detected for: %s",
647 _klass->external_name());
648 }
649 }
650
651 // Translate the signature entries into verification types and save them in
652 // the growable array. Also, save the count of arguments.
653 void ClassVerifier::translate_signature(Symbol* const method_sig,
654 sig_as_verification_types* sig_verif_types) {
655 SignatureStream sig_stream(method_sig);
656 VerificationType sig_type[2];
657 int sig_i = 0;
658 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
659
660 // Translate the signature arguments into verification types.
661 while (!sig_stream.at_return_type()) {
662 int n = change_sig_to_verificationType(&sig_stream, sig_type);
663 assert(n <= 2, "Unexpected signature type");
664
665 // Store verification type(s). Longs and Doubles each have two verificationTypes.
666 for (int x = 0; x < n; x++) {
667 verif_types->push(sig_type[x]);
668 }
669 sig_i += n;
670 sig_stream.next();
671 }
672
673 // Set final arg count, not including the return type. The final arg count will
674 // be compared with sig_verify_types' length to see if there is a return type.
675 sig_verif_types->set_num_args(sig_i);
676
677 // Store verification type(s) for the return type, if there is one.
678 if (sig_stream.type() != T_VOID) {
679 int n = change_sig_to_verificationType(&sig_stream, sig_type);
680 assert(n <= 2, "Unexpected signature return type");
681 for (int y = 0; y < n; y++) {
682 verif_types->push(sig_type[y]);
683 }
684 }
685 }
686
687 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
688 int sig_index) {
689 // Translate the signature into verification types.
690 ConstantPool* cp = _klass->constants();
691 Symbol* const method_sig = cp->symbol_at(sig_index);
692 translate_signature(method_sig, sig_verif_types);
693
694 // Add the list of this signature's verification types to the table.
695 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
696 assert(is_unique, "Duplicate entries in method_signature_table");
697 }
698
699 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
700 HandleMark hm(THREAD);
701 _method = m; // initialize _method
702 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
703
704 // For clang, the only good constant format string is a literal constant format string.
705 #define bad_type_msg "Bad type on operand stack in %s"
706
707 u2 max_stack = m->verifier_max_stack();
708 u2 max_locals = m->max_locals();
709 constantPoolHandle cp(THREAD, m->constants());
710
711 // Method signature was checked in ClassFileParser.
712 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
713 "Invalid method signature");
714
715 // Initial stack map frame: offset is 0, stack is initially empty.
716 StackMapFrame current_frame(max_locals, max_stack, this);
717 // Set initial locals
718 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
719
720 u2 stackmap_index = 0; // index to the stackmap array
721
722 u4 code_length = m->code_size();
723
724 // Scan the bytecode and map each instruction's start offset to a number.
725 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
726
727 int ex_min = code_length;
728 int ex_max = -1;
729 // Look through each item on the exception table. Each of the fields must refer
730 // to a legal instruction.
731 if (was_recursively_verified()) return;
732 verify_exception_handler_table(
733 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
734
735 // Look through each entry on the local variable table and make sure
736 // its range of code array offsets is valid. (4169817)
737 if (m->has_localvariable_table()) {
738 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
739 }
740
741 Array<u1>* stackmap_data = m->stackmap_data();
742 StackMapStream stream(stackmap_data);
743 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
744 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
745
746 LogTarget(Debug, verification) lt;
747 if (lt.is_enabled()) {
748 LogStream ls(lt);
749 stackmap_table.print_on(&ls);
750 }
751
752 RawBytecodeStream bcs(m);
753
754 // Scan the byte code linearly from the start to the end
755 bool no_control_flow = false; // Set to true when there is no direct control
756 // flow from current instruction to the next
757 // instruction in sequence
758
759 Bytecodes::Code opcode;
760 while (!bcs.is_last_bytecode()) {
761 // Check for recursive re-verification before each bytecode.
762 if (was_recursively_verified()) return;
763
764 opcode = bcs.raw_next();
765 int bci = bcs.bci();
766
767 // Set current frame's offset to bci
768 current_frame.set_offset(bci);
769 current_frame.set_mark();
770
771 // Make sure every offset in stackmap table point to the beginning to
772 // an instruction. Match current_frame to stackmap_table entry with
773 // the same offset if exists.
774 stackmap_index = verify_stackmap_table(
775 stackmap_index, bci, ¤t_frame, &stackmap_table,
776 no_control_flow, CHECK_VERIFY(this));
777
778
779 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
780 bool verified_exc_handlers = false;
781
782 // Merge with the next instruction
783 {
784 int target;
785 VerificationType type, type2;
786 VerificationType atype;
787
788 LogTarget(Debug, verification) lt;
789 if (lt.is_enabled()) {
790 LogStream ls(lt);
791 current_frame.print_on(&ls);
792 lt.print("offset = %d, opcode = %s", bci,
793 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
794 }
795
796 // Make sure wide instruction is in correct format
797 if (bcs.is_wide()) {
798 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
799 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
800 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
801 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
802 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
803 opcode != Bytecodes::_dstore) {
804 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
805 * if we encounter a wide instruction that modifies an invalid
806 * opcode (not one of the ones listed above) */
807 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
808 return;
809 }
810 }
811
812 // Look for possible jump target in exception handlers and see if it
813 // matches current_frame. Do this check here for astore*, dstore*,
814 // fstore*, istore*, and lstore* opcodes because they can change the type
815 // state by adding a local. JVM Spec says that the incoming type state
816 // should be used for this check. So, do the check here before a possible
817 // local is added to the type state.
818 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
819 if (was_recursively_verified()) return;
820 verify_exception_handler_targets(
821 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
822 verified_exc_handlers = true;
823 }
824
825 if (was_recursively_verified()) return;
826
827 switch (opcode) {
828 case Bytecodes::_nop :
829 no_control_flow = false; break;
830 case Bytecodes::_aconst_null :
831 current_frame.push_stack(
832 VerificationType::null_type(), CHECK_VERIFY(this));
833 no_control_flow = false; break;
834 case Bytecodes::_iconst_m1 :
835 case Bytecodes::_iconst_0 :
836 case Bytecodes::_iconst_1 :
837 case Bytecodes::_iconst_2 :
838 case Bytecodes::_iconst_3 :
839 case Bytecodes::_iconst_4 :
840 case Bytecodes::_iconst_5 :
841 current_frame.push_stack(
842 VerificationType::integer_type(), CHECK_VERIFY(this));
843 no_control_flow = false; break;
844 case Bytecodes::_lconst_0 :
845 case Bytecodes::_lconst_1 :
846 current_frame.push_stack_2(
847 VerificationType::long_type(),
848 VerificationType::long2_type(), CHECK_VERIFY(this));
849 no_control_flow = false; break;
850 case Bytecodes::_fconst_0 :
851 case Bytecodes::_fconst_1 :
852 case Bytecodes::_fconst_2 :
853 current_frame.push_stack(
854 VerificationType::float_type(), CHECK_VERIFY(this));
855 no_control_flow = false; break;
856 case Bytecodes::_dconst_0 :
857 case Bytecodes::_dconst_1 :
858 current_frame.push_stack_2(
859 VerificationType::double_type(),
860 VerificationType::double2_type(), CHECK_VERIFY(this));
861 no_control_flow = false; break;
862 case Bytecodes::_sipush :
863 case Bytecodes::_bipush :
864 current_frame.push_stack(
865 VerificationType::integer_type(), CHECK_VERIFY(this));
866 no_control_flow = false; break;
867 case Bytecodes::_ldc :
868 verify_ldc(
869 opcode, bcs.get_index_u1(), ¤t_frame,
870 cp, bci, CHECK_VERIFY(this));
871 no_control_flow = false; break;
872 case Bytecodes::_ldc_w :
873 case Bytecodes::_ldc2_w :
874 verify_ldc(
875 opcode, bcs.get_index_u2(), ¤t_frame,
876 cp, bci, CHECK_VERIFY(this));
877 no_control_flow = false; break;
878 case Bytecodes::_iload :
879 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
880 no_control_flow = false; break;
881 case Bytecodes::_iload_0 :
882 case Bytecodes::_iload_1 :
883 case Bytecodes::_iload_2 :
884 case Bytecodes::_iload_3 : {
885 int index = opcode - Bytecodes::_iload_0;
886 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
887 no_control_flow = false; break;
888 }
889 case Bytecodes::_lload :
890 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
891 no_control_flow = false; break;
892 case Bytecodes::_lload_0 :
893 case Bytecodes::_lload_1 :
894 case Bytecodes::_lload_2 :
895 case Bytecodes::_lload_3 : {
896 int index = opcode - Bytecodes::_lload_0;
897 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
898 no_control_flow = false; break;
899 }
900 case Bytecodes::_fload :
901 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
902 no_control_flow = false; break;
903 case Bytecodes::_fload_0 :
904 case Bytecodes::_fload_1 :
905 case Bytecodes::_fload_2 :
906 case Bytecodes::_fload_3 : {
907 int index = opcode - Bytecodes::_fload_0;
908 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
909 no_control_flow = false; break;
910 }
911 case Bytecodes::_dload :
912 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
913 no_control_flow = false; break;
914 case Bytecodes::_dload_0 :
915 case Bytecodes::_dload_1 :
916 case Bytecodes::_dload_2 :
917 case Bytecodes::_dload_3 : {
918 int index = opcode - Bytecodes::_dload_0;
919 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
920 no_control_flow = false; break;
921 }
922 case Bytecodes::_aload :
923 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
924 no_control_flow = false; break;
925 case Bytecodes::_aload_0 :
926 case Bytecodes::_aload_1 :
927 case Bytecodes::_aload_2 :
928 case Bytecodes::_aload_3 : {
929 int index = opcode - Bytecodes::_aload_0;
930 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
931 no_control_flow = false; break;
932 }
933 case Bytecodes::_iaload :
934 type = current_frame.pop_stack(
935 VerificationType::integer_type(), CHECK_VERIFY(this));
936 atype = current_frame.pop_stack(
937 VerificationType::reference_check(), CHECK_VERIFY(this));
938 if (!atype.is_int_array()) {
939 verify_error(ErrorContext::bad_type(bci,
940 current_frame.stack_top_ctx(), ref_ctx("[I")),
941 bad_type_msg, "iaload");
942 return;
943 }
944 current_frame.push_stack(
945 VerificationType::integer_type(), CHECK_VERIFY(this));
946 no_control_flow = false; break;
947 case Bytecodes::_baload :
948 type = current_frame.pop_stack(
949 VerificationType::integer_type(), CHECK_VERIFY(this));
950 atype = current_frame.pop_stack(
951 VerificationType::reference_check(), CHECK_VERIFY(this));
952 if (!atype.is_bool_array() && !atype.is_byte_array()) {
953 verify_error(
954 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
955 bad_type_msg, "baload");
956 return;
957 }
958 current_frame.push_stack(
959 VerificationType::integer_type(), CHECK_VERIFY(this));
960 no_control_flow = false; break;
961 case Bytecodes::_caload :
962 type = current_frame.pop_stack(
963 VerificationType::integer_type(), CHECK_VERIFY(this));
964 atype = current_frame.pop_stack(
965 VerificationType::reference_check(), CHECK_VERIFY(this));
966 if (!atype.is_char_array()) {
967 verify_error(ErrorContext::bad_type(bci,
968 current_frame.stack_top_ctx(), ref_ctx("[C")),
969 bad_type_msg, "caload");
970 return;
971 }
972 current_frame.push_stack(
973 VerificationType::integer_type(), CHECK_VERIFY(this));
974 no_control_flow = false; break;
975 case Bytecodes::_saload :
976 type = current_frame.pop_stack(
977 VerificationType::integer_type(), CHECK_VERIFY(this));
978 atype = current_frame.pop_stack(
979 VerificationType::reference_check(), CHECK_VERIFY(this));
980 if (!atype.is_short_array()) {
981 verify_error(ErrorContext::bad_type(bci,
982 current_frame.stack_top_ctx(), ref_ctx("[S")),
983 bad_type_msg, "saload");
984 return;
985 }
986 current_frame.push_stack(
987 VerificationType::integer_type(), CHECK_VERIFY(this));
988 no_control_flow = false; break;
989 case Bytecodes::_laload :
990 type = current_frame.pop_stack(
991 VerificationType::integer_type(), CHECK_VERIFY(this));
992 atype = current_frame.pop_stack(
993 VerificationType::reference_check(), CHECK_VERIFY(this));
994 if (!atype.is_long_array()) {
995 verify_error(ErrorContext::bad_type(bci,
996 current_frame.stack_top_ctx(), ref_ctx("[J")),
997 bad_type_msg, "laload");
998 return;
999 }
1000 current_frame.push_stack_2(
1001 VerificationType::long_type(),
1002 VerificationType::long2_type(), CHECK_VERIFY(this));
1003 no_control_flow = false; break;
1004 case Bytecodes::_faload :
1005 type = current_frame.pop_stack(
1006 VerificationType::integer_type(), CHECK_VERIFY(this));
1007 atype = current_frame.pop_stack(
1008 VerificationType::reference_check(), CHECK_VERIFY(this));
1009 if (!atype.is_float_array()) {
1010 verify_error(ErrorContext::bad_type(bci,
1011 current_frame.stack_top_ctx(), ref_ctx("[F")),
1012 bad_type_msg, "faload");
1013 return;
1014 }
1015 current_frame.push_stack(
1016 VerificationType::float_type(), CHECK_VERIFY(this));
1017 no_control_flow = false; break;
1018 case Bytecodes::_daload :
1019 type = current_frame.pop_stack(
1020 VerificationType::integer_type(), CHECK_VERIFY(this));
1021 atype = current_frame.pop_stack(
1022 VerificationType::reference_check(), CHECK_VERIFY(this));
1023 if (!atype.is_double_array()) {
1024 verify_error(ErrorContext::bad_type(bci,
1025 current_frame.stack_top_ctx(), ref_ctx("[D")),
1026 bad_type_msg, "daload");
1027 return;
1028 }
1029 current_frame.push_stack_2(
1030 VerificationType::double_type(),
1031 VerificationType::double2_type(), CHECK_VERIFY(this));
1032 no_control_flow = false; break;
1033 case Bytecodes::_aaload : {
1034 type = current_frame.pop_stack(
1035 VerificationType::integer_type(), CHECK_VERIFY(this));
1036 atype = current_frame.pop_stack(
1037 VerificationType::reference_check(), CHECK_VERIFY(this));
1038 if (!atype.is_reference_array()) {
1039 verify_error(ErrorContext::bad_type(bci,
1040 current_frame.stack_top_ctx(),
1041 TypeOrigin::implicit(VerificationType::reference_check())),
1042 bad_type_msg, "aaload");
1043 return;
1044 }
1045 if (atype.is_null()) {
1046 current_frame.push_stack(
1047 VerificationType::null_type(), CHECK_VERIFY(this));
1048 } else {
1049 VerificationType component = atype.get_component(this);
1050 current_frame.push_stack(component, CHECK_VERIFY(this));
1051 }
1052 no_control_flow = false; break;
1053 }
1054 case Bytecodes::_istore :
1055 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1056 no_control_flow = false; break;
1057 case Bytecodes::_istore_0 :
1058 case Bytecodes::_istore_1 :
1059 case Bytecodes::_istore_2 :
1060 case Bytecodes::_istore_3 : {
1061 int index = opcode - Bytecodes::_istore_0;
1062 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1063 no_control_flow = false; break;
1064 }
1065 case Bytecodes::_lstore :
1066 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_lstore_0 :
1069 case Bytecodes::_lstore_1 :
1070 case Bytecodes::_lstore_2 :
1071 case Bytecodes::_lstore_3 : {
1072 int index = opcode - Bytecodes::_lstore_0;
1073 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1074 no_control_flow = false; break;
1075 }
1076 case Bytecodes::_fstore :
1077 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1078 no_control_flow = false; break;
1079 case Bytecodes::_fstore_0 :
1080 case Bytecodes::_fstore_1 :
1081 case Bytecodes::_fstore_2 :
1082 case Bytecodes::_fstore_3 : {
1083 int index = opcode - Bytecodes::_fstore_0;
1084 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1085 no_control_flow = false; break;
1086 }
1087 case Bytecodes::_dstore :
1088 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_dstore_0 :
1091 case Bytecodes::_dstore_1 :
1092 case Bytecodes::_dstore_2 :
1093 case Bytecodes::_dstore_3 : {
1094 int index = opcode - Bytecodes::_dstore_0;
1095 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1096 no_control_flow = false; break;
1097 }
1098 case Bytecodes::_astore :
1099 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1100 no_control_flow = false; break;
1101 case Bytecodes::_astore_0 :
1102 case Bytecodes::_astore_1 :
1103 case Bytecodes::_astore_2 :
1104 case Bytecodes::_astore_3 : {
1105 int index = opcode - Bytecodes::_astore_0;
1106 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1107 no_control_flow = false; break;
1108 }
1109 case Bytecodes::_iastore :
1110 type = current_frame.pop_stack(
1111 VerificationType::integer_type(), CHECK_VERIFY(this));
1112 type2 = current_frame.pop_stack(
1113 VerificationType::integer_type(), CHECK_VERIFY(this));
1114 atype = current_frame.pop_stack(
1115 VerificationType::reference_check(), CHECK_VERIFY(this));
1116 if (!atype.is_int_array()) {
1117 verify_error(ErrorContext::bad_type(bci,
1118 current_frame.stack_top_ctx(), ref_ctx("[I")),
1119 bad_type_msg, "iastore");
1120 return;
1121 }
1122 no_control_flow = false; break;
1123 case Bytecodes::_bastore :
1124 type = current_frame.pop_stack(
1125 VerificationType::integer_type(), CHECK_VERIFY(this));
1126 type2 = current_frame.pop_stack(
1127 VerificationType::integer_type(), CHECK_VERIFY(this));
1128 atype = current_frame.pop_stack(
1129 VerificationType::reference_check(), CHECK_VERIFY(this));
1130 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1131 verify_error(
1132 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1133 bad_type_msg, "bastore");
1134 return;
1135 }
1136 no_control_flow = false; break;
1137 case Bytecodes::_castore :
1138 current_frame.pop_stack(
1139 VerificationType::integer_type(), CHECK_VERIFY(this));
1140 current_frame.pop_stack(
1141 VerificationType::integer_type(), CHECK_VERIFY(this));
1142 atype = current_frame.pop_stack(
1143 VerificationType::reference_check(), CHECK_VERIFY(this));
1144 if (!atype.is_char_array()) {
1145 verify_error(ErrorContext::bad_type(bci,
1146 current_frame.stack_top_ctx(), ref_ctx("[C")),
1147 bad_type_msg, "castore");
1148 return;
1149 }
1150 no_control_flow = false; break;
1151 case Bytecodes::_sastore :
1152 current_frame.pop_stack(
1153 VerificationType::integer_type(), CHECK_VERIFY(this));
1154 current_frame.pop_stack(
1155 VerificationType::integer_type(), CHECK_VERIFY(this));
1156 atype = current_frame.pop_stack(
1157 VerificationType::reference_check(), CHECK_VERIFY(this));
1158 if (!atype.is_short_array()) {
1159 verify_error(ErrorContext::bad_type(bci,
1160 current_frame.stack_top_ctx(), ref_ctx("[S")),
1161 bad_type_msg, "sastore");
1162 return;
1163 }
1164 no_control_flow = false; break;
1165 case Bytecodes::_lastore :
1166 current_frame.pop_stack_2(
1167 VerificationType::long2_type(),
1168 VerificationType::long_type(), CHECK_VERIFY(this));
1169 current_frame.pop_stack(
1170 VerificationType::integer_type(), CHECK_VERIFY(this));
1171 atype = current_frame.pop_stack(
1172 VerificationType::reference_check(), CHECK_VERIFY(this));
1173 if (!atype.is_long_array()) {
1174 verify_error(ErrorContext::bad_type(bci,
1175 current_frame.stack_top_ctx(), ref_ctx("[J")),
1176 bad_type_msg, "lastore");
1177 return;
1178 }
1179 no_control_flow = false; break;
1180 case Bytecodes::_fastore :
1181 current_frame.pop_stack(
1182 VerificationType::float_type(), CHECK_VERIFY(this));
1183 current_frame.pop_stack
1184 (VerificationType::integer_type(), CHECK_VERIFY(this));
1185 atype = current_frame.pop_stack(
1186 VerificationType::reference_check(), CHECK_VERIFY(this));
1187 if (!atype.is_float_array()) {
1188 verify_error(ErrorContext::bad_type(bci,
1189 current_frame.stack_top_ctx(), ref_ctx("[F")),
1190 bad_type_msg, "fastore");
1191 return;
1192 }
1193 no_control_flow = false; break;
1194 case Bytecodes::_dastore :
1195 current_frame.pop_stack_2(
1196 VerificationType::double2_type(),
1197 VerificationType::double_type(), CHECK_VERIFY(this));
1198 current_frame.pop_stack(
1199 VerificationType::integer_type(), CHECK_VERIFY(this));
1200 atype = current_frame.pop_stack(
1201 VerificationType::reference_check(), CHECK_VERIFY(this));
1202 if (!atype.is_double_array()) {
1203 verify_error(ErrorContext::bad_type(bci,
1204 current_frame.stack_top_ctx(), ref_ctx("[D")),
1205 bad_type_msg, "dastore");
1206 return;
1207 }
1208 no_control_flow = false; break;
1209 case Bytecodes::_aastore :
1210 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1211 type2 = current_frame.pop_stack(
1212 VerificationType::integer_type(), CHECK_VERIFY(this));
1213 atype = current_frame.pop_stack(
1214 VerificationType::reference_check(), CHECK_VERIFY(this));
1215 // more type-checking is done at runtime
1216 if (!atype.is_reference_array()) {
1217 verify_error(ErrorContext::bad_type(bci,
1218 current_frame.stack_top_ctx(),
1219 TypeOrigin::implicit(VerificationType::reference_check())),
1220 bad_type_msg, "aastore");
1221 return;
1222 }
1223 // 4938384: relaxed constraint in JVMS 3rd edition.
1224 no_control_flow = false; break;
1225 case Bytecodes::_pop :
1226 current_frame.pop_stack(
1227 VerificationType::category1_check(), CHECK_VERIFY(this));
1228 no_control_flow = false; break;
1229 case Bytecodes::_pop2 :
1230 type = current_frame.pop_stack(CHECK_VERIFY(this));
1231 if (type.is_category1()) {
1232 current_frame.pop_stack(
1233 VerificationType::category1_check(), CHECK_VERIFY(this));
1234 } else if (type.is_category2_2nd()) {
1235 current_frame.pop_stack(
1236 VerificationType::category2_check(), CHECK_VERIFY(this));
1237 } else {
1238 /* Unreachable? Would need a category2_1st on TOS
1239 * which does not appear possible. */
1240 verify_error(
1241 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1242 bad_type_msg, "pop2");
1243 return;
1244 }
1245 no_control_flow = false; break;
1246 case Bytecodes::_dup :
1247 type = current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 current_frame.push_stack(type, CHECK_VERIFY(this));
1250 current_frame.push_stack(type, CHECK_VERIFY(this));
1251 no_control_flow = false; break;
1252 case Bytecodes::_dup_x1 :
1253 type = current_frame.pop_stack(
1254 VerificationType::category1_check(), CHECK_VERIFY(this));
1255 type2 = current_frame.pop_stack(
1256 VerificationType::category1_check(), CHECK_VERIFY(this));
1257 current_frame.push_stack(type, CHECK_VERIFY(this));
1258 current_frame.push_stack(type2, CHECK_VERIFY(this));
1259 current_frame.push_stack(type, CHECK_VERIFY(this));
1260 no_control_flow = false; break;
1261 case Bytecodes::_dup_x2 :
1262 {
1263 VerificationType type3;
1264 type = current_frame.pop_stack(
1265 VerificationType::category1_check(), CHECK_VERIFY(this));
1266 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1267 if (type2.is_category1()) {
1268 type3 = current_frame.pop_stack(
1269 VerificationType::category1_check(), CHECK_VERIFY(this));
1270 } else if (type2.is_category2_2nd()) {
1271 type3 = current_frame.pop_stack(
1272 VerificationType::category2_check(), CHECK_VERIFY(this));
1273 } else {
1274 /* Unreachable? Would need a category2_1st at stack depth 2 with
1275 * a category1 on TOS which does not appear possible. */
1276 verify_error(ErrorContext::bad_type(
1277 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1278 return;
1279 }
1280 current_frame.push_stack(type, CHECK_VERIFY(this));
1281 current_frame.push_stack(type3, CHECK_VERIFY(this));
1282 current_frame.push_stack(type2, CHECK_VERIFY(this));
1283 current_frame.push_stack(type, CHECK_VERIFY(this));
1284 no_control_flow = false; break;
1285 }
1286 case Bytecodes::_dup2 :
1287 type = current_frame.pop_stack(CHECK_VERIFY(this));
1288 if (type.is_category1()) {
1289 type2 = current_frame.pop_stack(
1290 VerificationType::category1_check(), CHECK_VERIFY(this));
1291 } else if (type.is_category2_2nd()) {
1292 type2 = current_frame.pop_stack(
1293 VerificationType::category2_check(), CHECK_VERIFY(this));
1294 } else {
1295 /* Unreachable? Would need a category2_1st on TOS which does not
1296 * appear possible. */
1297 verify_error(
1298 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1299 bad_type_msg, "dup2");
1300 return;
1301 }
1302 current_frame.push_stack(type2, CHECK_VERIFY(this));
1303 current_frame.push_stack(type, CHECK_VERIFY(this));
1304 current_frame.push_stack(type2, CHECK_VERIFY(this));
1305 current_frame.push_stack(type, CHECK_VERIFY(this));
1306 no_control_flow = false; break;
1307 case Bytecodes::_dup2_x1 :
1308 {
1309 VerificationType type3;
1310 type = current_frame.pop_stack(CHECK_VERIFY(this));
1311 if (type.is_category1()) {
1312 type2 = current_frame.pop_stack(
1313 VerificationType::category1_check(), CHECK_VERIFY(this));
1314 } else if (type.is_category2_2nd()) {
1315 type2 = current_frame.pop_stack(
1316 VerificationType::category2_check(), CHECK_VERIFY(this));
1317 } else {
1318 /* Unreachable? Would need a category2_1st on TOS which does
1319 * not appear possible. */
1320 verify_error(
1321 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1322 bad_type_msg, "dup2_x1");
1323 return;
1324 }
1325 type3 = current_frame.pop_stack(
1326 VerificationType::category1_check(), CHECK_VERIFY(this));
1327 current_frame.push_stack(type2, CHECK_VERIFY(this));
1328 current_frame.push_stack(type, CHECK_VERIFY(this));
1329 current_frame.push_stack(type3, CHECK_VERIFY(this));
1330 current_frame.push_stack(type2, CHECK_VERIFY(this));
1331 current_frame.push_stack(type, CHECK_VERIFY(this));
1332 no_control_flow = false; break;
1333 }
1334 case Bytecodes::_dup2_x2 :
1335 {
1336 VerificationType type3, type4;
1337 type = current_frame.pop_stack(CHECK_VERIFY(this));
1338 if (type.is_category1()) {
1339 type2 = current_frame.pop_stack(
1340 VerificationType::category1_check(), CHECK_VERIFY(this));
1341 } else if (type.is_category2_2nd()) {
1342 type2 = current_frame.pop_stack(
1343 VerificationType::category2_check(), CHECK_VERIFY(this));
1344 } else {
1345 /* Unreachable? Would need a category2_1st on TOS which does
1346 * not appear possible. */
1347 verify_error(
1348 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1349 bad_type_msg, "dup2_x2");
1350 return;
1351 }
1352 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1353 if (type3.is_category1()) {
1354 type4 = current_frame.pop_stack(
1355 VerificationType::category1_check(), CHECK_VERIFY(this));
1356 } else if (type3.is_category2_2nd()) {
1357 type4 = current_frame.pop_stack(
1358 VerificationType::category2_check(), CHECK_VERIFY(this));
1359 } else {
1360 /* Unreachable? Would need a category2_1st on TOS after popping
1361 * a long/double or two category 1's, which does not
1362 * appear possible. */
1363 verify_error(
1364 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1365 bad_type_msg, "dup2_x2");
1366 return;
1367 }
1368 current_frame.push_stack(type2, CHECK_VERIFY(this));
1369 current_frame.push_stack(type, CHECK_VERIFY(this));
1370 current_frame.push_stack(type4, CHECK_VERIFY(this));
1371 current_frame.push_stack(type3, CHECK_VERIFY(this));
1372 current_frame.push_stack(type2, CHECK_VERIFY(this));
1373 current_frame.push_stack(type, CHECK_VERIFY(this));
1374 no_control_flow = false; break;
1375 }
1376 case Bytecodes::_swap :
1377 type = current_frame.pop_stack(
1378 VerificationType::category1_check(), CHECK_VERIFY(this));
1379 type2 = current_frame.pop_stack(
1380 VerificationType::category1_check(), CHECK_VERIFY(this));
1381 current_frame.push_stack(type, CHECK_VERIFY(this));
1382 current_frame.push_stack(type2, CHECK_VERIFY(this));
1383 no_control_flow = false; break;
1384 case Bytecodes::_iadd :
1385 case Bytecodes::_isub :
1386 case Bytecodes::_imul :
1387 case Bytecodes::_idiv :
1388 case Bytecodes::_irem :
1389 case Bytecodes::_ishl :
1390 case Bytecodes::_ishr :
1391 case Bytecodes::_iushr :
1392 case Bytecodes::_ior :
1393 case Bytecodes::_ixor :
1394 case Bytecodes::_iand :
1395 current_frame.pop_stack(
1396 VerificationType::integer_type(), CHECK_VERIFY(this));
1397 // fall through
1398 case Bytecodes::_ineg :
1399 current_frame.pop_stack(
1400 VerificationType::integer_type(), CHECK_VERIFY(this));
1401 current_frame.push_stack(
1402 VerificationType::integer_type(), CHECK_VERIFY(this));
1403 no_control_flow = false; break;
1404 case Bytecodes::_ladd :
1405 case Bytecodes::_lsub :
1406 case Bytecodes::_lmul :
1407 case Bytecodes::_ldiv :
1408 case Bytecodes::_lrem :
1409 case Bytecodes::_land :
1410 case Bytecodes::_lor :
1411 case Bytecodes::_lxor :
1412 current_frame.pop_stack_2(
1413 VerificationType::long2_type(),
1414 VerificationType::long_type(), CHECK_VERIFY(this));
1415 // fall through
1416 case Bytecodes::_lneg :
1417 current_frame.pop_stack_2(
1418 VerificationType::long2_type(),
1419 VerificationType::long_type(), CHECK_VERIFY(this));
1420 current_frame.push_stack_2(
1421 VerificationType::long_type(),
1422 VerificationType::long2_type(), CHECK_VERIFY(this));
1423 no_control_flow = false; break;
1424 case Bytecodes::_lshl :
1425 case Bytecodes::_lshr :
1426 case Bytecodes::_lushr :
1427 current_frame.pop_stack(
1428 VerificationType::integer_type(), CHECK_VERIFY(this));
1429 current_frame.pop_stack_2(
1430 VerificationType::long2_type(),
1431 VerificationType::long_type(), CHECK_VERIFY(this));
1432 current_frame.push_stack_2(
1433 VerificationType::long_type(),
1434 VerificationType::long2_type(), CHECK_VERIFY(this));
1435 no_control_flow = false; break;
1436 case Bytecodes::_fadd :
1437 case Bytecodes::_fsub :
1438 case Bytecodes::_fmul :
1439 case Bytecodes::_fdiv :
1440 case Bytecodes::_frem :
1441 current_frame.pop_stack(
1442 VerificationType::float_type(), CHECK_VERIFY(this));
1443 // fall through
1444 case Bytecodes::_fneg :
1445 current_frame.pop_stack(
1446 VerificationType::float_type(), CHECK_VERIFY(this));
1447 current_frame.push_stack(
1448 VerificationType::float_type(), CHECK_VERIFY(this));
1449 no_control_flow = false; break;
1450 case Bytecodes::_dadd :
1451 case Bytecodes::_dsub :
1452 case Bytecodes::_dmul :
1453 case Bytecodes::_ddiv :
1454 case Bytecodes::_drem :
1455 current_frame.pop_stack_2(
1456 VerificationType::double2_type(),
1457 VerificationType::double_type(), CHECK_VERIFY(this));
1458 // fall through
1459 case Bytecodes::_dneg :
1460 current_frame.pop_stack_2(
1461 VerificationType::double2_type(),
1462 VerificationType::double_type(), CHECK_VERIFY(this));
1463 current_frame.push_stack_2(
1464 VerificationType::double_type(),
1465 VerificationType::double2_type(), CHECK_VERIFY(this));
1466 no_control_flow = false; break;
1467 case Bytecodes::_iinc :
1468 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1469 no_control_flow = false; break;
1470 case Bytecodes::_i2l :
1471 type = current_frame.pop_stack(
1472 VerificationType::integer_type(), CHECK_VERIFY(this));
1473 current_frame.push_stack_2(
1474 VerificationType::long_type(),
1475 VerificationType::long2_type(), CHECK_VERIFY(this));
1476 no_control_flow = false; break;
1477 case Bytecodes::_l2i :
1478 current_frame.pop_stack_2(
1479 VerificationType::long2_type(),
1480 VerificationType::long_type(), CHECK_VERIFY(this));
1481 current_frame.push_stack(
1482 VerificationType::integer_type(), CHECK_VERIFY(this));
1483 no_control_flow = false; break;
1484 case Bytecodes::_i2f :
1485 current_frame.pop_stack(
1486 VerificationType::integer_type(), CHECK_VERIFY(this));
1487 current_frame.push_stack(
1488 VerificationType::float_type(), CHECK_VERIFY(this));
1489 no_control_flow = false; break;
1490 case Bytecodes::_i2d :
1491 current_frame.pop_stack(
1492 VerificationType::integer_type(), CHECK_VERIFY(this));
1493 current_frame.push_stack_2(
1494 VerificationType::double_type(),
1495 VerificationType::double2_type(), CHECK_VERIFY(this));
1496 no_control_flow = false; break;
1497 case Bytecodes::_l2f :
1498 current_frame.pop_stack_2(
1499 VerificationType::long2_type(),
1500 VerificationType::long_type(), CHECK_VERIFY(this));
1501 current_frame.push_stack(
1502 VerificationType::float_type(), CHECK_VERIFY(this));
1503 no_control_flow = false; break;
1504 case Bytecodes::_l2d :
1505 current_frame.pop_stack_2(
1506 VerificationType::long2_type(),
1507 VerificationType::long_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack_2(
1509 VerificationType::double_type(),
1510 VerificationType::double2_type(), CHECK_VERIFY(this));
1511 no_control_flow = false; break;
1512 case Bytecodes::_f2i :
1513 current_frame.pop_stack(
1514 VerificationType::float_type(), CHECK_VERIFY(this));
1515 current_frame.push_stack(
1516 VerificationType::integer_type(), CHECK_VERIFY(this));
1517 no_control_flow = false; break;
1518 case Bytecodes::_f2l :
1519 current_frame.pop_stack(
1520 VerificationType::float_type(), CHECK_VERIFY(this));
1521 current_frame.push_stack_2(
1522 VerificationType::long_type(),
1523 VerificationType::long2_type(), CHECK_VERIFY(this));
1524 no_control_flow = false; break;
1525 case Bytecodes::_f2d :
1526 current_frame.pop_stack(
1527 VerificationType::float_type(), CHECK_VERIFY(this));
1528 current_frame.push_stack_2(
1529 VerificationType::double_type(),
1530 VerificationType::double2_type(), CHECK_VERIFY(this));
1531 no_control_flow = false; break;
1532 case Bytecodes::_d2i :
1533 current_frame.pop_stack_2(
1534 VerificationType::double2_type(),
1535 VerificationType::double_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack(
1537 VerificationType::integer_type(), CHECK_VERIFY(this));
1538 no_control_flow = false; break;
1539 case Bytecodes::_d2l :
1540 current_frame.pop_stack_2(
1541 VerificationType::double2_type(),
1542 VerificationType::double_type(), CHECK_VERIFY(this));
1543 current_frame.push_stack_2(
1544 VerificationType::long_type(),
1545 VerificationType::long2_type(), CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_d2f :
1548 current_frame.pop_stack_2(
1549 VerificationType::double2_type(),
1550 VerificationType::double_type(), CHECK_VERIFY(this));
1551 current_frame.push_stack(
1552 VerificationType::float_type(), CHECK_VERIFY(this));
1553 no_control_flow = false; break;
1554 case Bytecodes::_i2b :
1555 case Bytecodes::_i2c :
1556 case Bytecodes::_i2s :
1557 current_frame.pop_stack(
1558 VerificationType::integer_type(), CHECK_VERIFY(this));
1559 current_frame.push_stack(
1560 VerificationType::integer_type(), CHECK_VERIFY(this));
1561 no_control_flow = false; break;
1562 case Bytecodes::_lcmp :
1563 current_frame.pop_stack_2(
1564 VerificationType::long2_type(),
1565 VerificationType::long_type(), CHECK_VERIFY(this));
1566 current_frame.pop_stack_2(
1567 VerificationType::long2_type(),
1568 VerificationType::long_type(), CHECK_VERIFY(this));
1569 current_frame.push_stack(
1570 VerificationType::integer_type(), CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_fcmpl :
1573 case Bytecodes::_fcmpg :
1574 current_frame.pop_stack(
1575 VerificationType::float_type(), CHECK_VERIFY(this));
1576 current_frame.pop_stack(
1577 VerificationType::float_type(), CHECK_VERIFY(this));
1578 current_frame.push_stack(
1579 VerificationType::integer_type(), CHECK_VERIFY(this));
1580 no_control_flow = false; break;
1581 case Bytecodes::_dcmpl :
1582 case Bytecodes::_dcmpg :
1583 current_frame.pop_stack_2(
1584 VerificationType::double2_type(),
1585 VerificationType::double_type(), CHECK_VERIFY(this));
1586 current_frame.pop_stack_2(
1587 VerificationType::double2_type(),
1588 VerificationType::double_type(), CHECK_VERIFY(this));
1589 current_frame.push_stack(
1590 VerificationType::integer_type(), CHECK_VERIFY(this));
1591 no_control_flow = false; break;
1592 case Bytecodes::_if_icmpeq:
1593 case Bytecodes::_if_icmpne:
1594 case Bytecodes::_if_icmplt:
1595 case Bytecodes::_if_icmpge:
1596 case Bytecodes::_if_icmpgt:
1597 case Bytecodes::_if_icmple:
1598 current_frame.pop_stack(
1599 VerificationType::integer_type(), CHECK_VERIFY(this));
1600 // fall through
1601 case Bytecodes::_ifeq:
1602 case Bytecodes::_ifne:
1603 case Bytecodes::_iflt:
1604 case Bytecodes::_ifge:
1605 case Bytecodes::_ifgt:
1606 case Bytecodes::_ifle:
1607 current_frame.pop_stack(
1608 VerificationType::integer_type(), CHECK_VERIFY(this));
1609 target = bcs.dest();
1610 stackmap_table.check_jump_target(
1611 ¤t_frame, target, CHECK_VERIFY(this));
1612 no_control_flow = false; break;
1613 case Bytecodes::_if_acmpeq :
1614 case Bytecodes::_if_acmpne :
1615 current_frame.pop_stack(
1616 VerificationType::reference_check(), CHECK_VERIFY(this));
1617 // fall through
1618 case Bytecodes::_ifnull :
1619 case Bytecodes::_ifnonnull :
1620 current_frame.pop_stack(
1621 VerificationType::reference_check(), CHECK_VERIFY(this));
1622 target = bcs.dest();
1623 stackmap_table.check_jump_target
1624 (¤t_frame, target, CHECK_VERIFY(this));
1625 no_control_flow = false; break;
1626 case Bytecodes::_goto :
1627 target = bcs.dest();
1628 stackmap_table.check_jump_target(
1629 ¤t_frame, target, CHECK_VERIFY(this));
1630 no_control_flow = true; break;
1631 case Bytecodes::_goto_w :
1632 target = bcs.dest_w();
1633 stackmap_table.check_jump_target(
1634 ¤t_frame, target, CHECK_VERIFY(this));
1635 no_control_flow = true; break;
1636 case Bytecodes::_tableswitch :
1637 case Bytecodes::_lookupswitch :
1638 verify_switch(
1639 &bcs, code_length, code_data, ¤t_frame,
1640 &stackmap_table, CHECK_VERIFY(this));
1641 no_control_flow = true; break;
1642 case Bytecodes::_ireturn :
1643 type = current_frame.pop_stack(
1644 VerificationType::integer_type(), CHECK_VERIFY(this));
1645 verify_return_value(return_type, type, bci,
1646 ¤t_frame, CHECK_VERIFY(this));
1647 no_control_flow = true; break;
1648 case Bytecodes::_lreturn :
1649 type2 = current_frame.pop_stack(
1650 VerificationType::long2_type(), CHECK_VERIFY(this));
1651 type = current_frame.pop_stack(
1652 VerificationType::long_type(), CHECK_VERIFY(this));
1653 verify_return_value(return_type, type, bci,
1654 ¤t_frame, CHECK_VERIFY(this));
1655 no_control_flow = true; break;
1656 case Bytecodes::_freturn :
1657 type = current_frame.pop_stack(
1658 VerificationType::float_type(), CHECK_VERIFY(this));
1659 verify_return_value(return_type, type, bci,
1660 ¤t_frame, CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_dreturn :
1663 type2 = current_frame.pop_stack(
1664 VerificationType::double2_type(), CHECK_VERIFY(this));
1665 type = current_frame.pop_stack(
1666 VerificationType::double_type(), CHECK_VERIFY(this));
1667 verify_return_value(return_type, type, bci,
1668 ¤t_frame, CHECK_VERIFY(this));
1669 no_control_flow = true; break;
1670 case Bytecodes::_areturn :
1671 type = current_frame.pop_stack(
1672 VerificationType::reference_check(), CHECK_VERIFY(this));
1673 verify_return_value(return_type, type, bci,
1674 ¤t_frame, CHECK_VERIFY(this));
1675 no_control_flow = true; break;
1676 case Bytecodes::_return :
1677 if (return_type != VerificationType::bogus_type()) {
1678 verify_error(ErrorContext::bad_code(bci),
1679 "Method expects a return value");
1680 return;
1681 }
1682 // Make sure "this" has been initialized if current method is an
1683 // <init>.
1684 if (_method->name() == vmSymbols::object_initializer_name() &&
1685 current_frame.flag_this_uninit()) {
1686 verify_error(ErrorContext::bad_code(bci),
1687 "Constructor must call super() or this() "
1688 "before return");
1689 return;
1690 }
1691 no_control_flow = true; break;
1692 case Bytecodes::_getstatic :
1693 case Bytecodes::_putstatic :
1694 // pass TRUE, operand can be an array type for getstatic/putstatic.
1695 verify_field_instructions(
1696 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1697 no_control_flow = false; break;
1698 case Bytecodes::_getfield :
1699 case Bytecodes::_putfield :
1700 // pass FALSE, operand can't be an array type for getfield/putfield.
1701 verify_field_instructions(
1702 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1703 no_control_flow = false; break;
1704 case Bytecodes::_invokevirtual :
1705 case Bytecodes::_invokespecial :
1706 case Bytecodes::_invokestatic :
1707 verify_invoke_instructions(
1708 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1709 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1710 no_control_flow = false; break;
1711 case Bytecodes::_invokeinterface :
1712 case Bytecodes::_invokedynamic :
1713 verify_invoke_instructions(
1714 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1715 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1716 no_control_flow = false; break;
1717 case Bytecodes::_new :
1718 {
1719 u2 index = bcs.get_index_u2();
1720 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1721 VerificationType new_class_type =
1722 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1723 if (!new_class_type.is_object()) {
1724 verify_error(ErrorContext::bad_type(bci,
1725 TypeOrigin::cp(index, new_class_type)),
1726 "Illegal new instruction");
1727 return;
1728 }
1729 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1730 current_frame.push_stack(type, CHECK_VERIFY(this));
1731 no_control_flow = false; break;
1732 }
1733 case Bytecodes::_newarray :
1734 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1735 current_frame.pop_stack(
1736 VerificationType::integer_type(), CHECK_VERIFY(this));
1737 current_frame.push_stack(type, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_anewarray :
1740 verify_anewarray(
1741 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1742 no_control_flow = false; break;
1743 case Bytecodes::_arraylength :
1744 type = current_frame.pop_stack(
1745 VerificationType::reference_check(), CHECK_VERIFY(this));
1746 if (!(type.is_null() || type.is_array())) {
1747 verify_error(ErrorContext::bad_type(
1748 bci, current_frame.stack_top_ctx()),
1749 bad_type_msg, "arraylength");
1750 }
1751 current_frame.push_stack(
1752 VerificationType::integer_type(), CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 case Bytecodes::_checkcast :
1755 {
1756 u2 index = bcs.get_index_u2();
1757 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1758 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1759 VerificationType klass_type = cp_index_to_type(
1760 index, cp, CHECK_VERIFY(this));
1761 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_instanceof : {
1765 u2 index = bcs.get_index_u2();
1766 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1767 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1768 current_frame.push_stack(
1769 VerificationType::integer_type(), CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 }
1772 case Bytecodes::_monitorenter :
1773 case Bytecodes::_monitorexit :
1774 current_frame.pop_stack(
1775 VerificationType::reference_check(), CHECK_VERIFY(this));
1776 no_control_flow = false; break;
1777 case Bytecodes::_multianewarray :
1778 {
1779 u2 index = bcs.get_index_u2();
1780 u2 dim = *(bcs.bcp()+3);
1781 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1782 VerificationType new_array_type =
1783 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1784 if (!new_array_type.is_array()) {
1785 verify_error(ErrorContext::bad_type(bci,
1786 TypeOrigin::cp(index, new_array_type)),
1787 "Illegal constant pool index in multianewarray instruction");
1788 return;
1789 }
1790 if (dim < 1 || new_array_type.dimensions() < dim) {
1791 verify_error(ErrorContext::bad_code(bci),
1792 "Illegal dimension in multianewarray instruction: %d", dim);
1793 return;
1794 }
1795 for (int i = 0; i < dim; i++) {
1796 current_frame.pop_stack(
1797 VerificationType::integer_type(), CHECK_VERIFY(this));
1798 }
1799 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1800 no_control_flow = false; break;
1801 }
1802 case Bytecodes::_athrow :
1803 type = VerificationType::reference_type(
1804 vmSymbols::java_lang_Throwable());
1805 current_frame.pop_stack(type, CHECK_VERIFY(this));
1806 no_control_flow = true; break;
1807 default:
1808 // We only need to check the valid bytecodes in class file.
1809 // And jsr and ret are not in the new class file format in JDK1.6.
1810 verify_error(ErrorContext::bad_code(bci),
1811 "Bad instruction: %02x", opcode);
1812 no_control_flow = false;
1813 return;
1814 } // end switch
1815 } // end Merge with the next instruction
1816
1817 // Look for possible jump target in exception handlers and see if it matches
1818 // current_frame. Don't do this check if it has already been done (for
1819 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1820 // opcodes, such as invokespecial, may set the this_uninit flag.
1821 assert(!(verified_exc_handlers && this_uninit),
1822 "Exception handler targets got verified before this_uninit got set");
1823 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1824 if (was_recursively_verified()) return;
1825 verify_exception_handler_targets(
1826 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1827 }
1828 } // end while
1829
1830 // Make sure that control flow does not fall through end of the method
1831 if (!no_control_flow) {
1832 verify_error(ErrorContext::bad_code(code_length),
1833 "Control flow falls through code end");
1834 return;
1835 }
1836 }
1837
1838 #undef bad_type_message
1839
1840 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1841 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1842 memset(code_data, 0, sizeof(char) * code_length);
1843 RawBytecodeStream bcs(m);
1844
1845 while (!bcs.is_last_bytecode()) {
1846 if (bcs.raw_next() != Bytecodes::_illegal) {
1847 int bci = bcs.bci();
1848 if (bcs.raw_code() == Bytecodes::_new) {
1849 code_data[bci] = NEW_OFFSET;
1850 } else {
1851 code_data[bci] = BYTECODE_OFFSET;
1852 }
1853 } else {
1854 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1855 return nullptr;
1856 }
1857 }
1858
1859 return code_data;
1860 }
1861
1862 // Since this method references the constant pool, call was_recursively_verified()
1863 // before calling this method to make sure a prior class load did not cause the
1864 // current class to get verified.
1865 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1866 ExceptionTable exhandlers(_method());
1867 int exlength = exhandlers.length();
1868 constantPoolHandle cp (THREAD, _method->constants());
1869
1870 for(int i = 0; i < exlength; i++) {
1871 u2 start_pc = exhandlers.start_pc(i);
1872 u2 end_pc = exhandlers.end_pc(i);
1873 u2 handler_pc = exhandlers.handler_pc(i);
1874 if (start_pc >= code_length || code_data[start_pc] == 0) {
1875 class_format_error("Illegal exception table start_pc %d", start_pc);
1876 return;
1877 }
1878 if (end_pc != code_length) { // special case: end_pc == code_length
1879 if (end_pc > code_length || code_data[end_pc] == 0) {
1880 class_format_error("Illegal exception table end_pc %d", end_pc);
1881 return;
1882 }
1883 }
1884 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1885 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1886 return;
1887 }
1888 u2 catch_type_index = exhandlers.catch_type_index(i);
1889 if (catch_type_index != 0) {
1890 VerificationType catch_type = cp_index_to_type(
1891 catch_type_index, cp, CHECK_VERIFY(this));
1892 VerificationType throwable =
1893 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1894 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1895 // do that, and we need to avoid a runtime resolution in case we are trying to
1896 // catch OutOfMemoryError.
1897 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1898 cp->klass_at(catch_type_index, CHECK);
1899 }
1900 bool is_subclass = throwable.is_assignable_from(
1901 catch_type, this, false, CHECK_VERIFY(this));
1902 if (!is_subclass) {
1903 // 4286534: should throw VerifyError according to recent spec change
1904 verify_error(ErrorContext::bad_type(handler_pc,
1905 TypeOrigin::cp(catch_type_index, catch_type),
1906 TypeOrigin::implicit(throwable)),
1907 "Catch type is not a subclass "
1908 "of Throwable in exception handler %d", handler_pc);
1909 return;
1910 }
1911 }
1912 if (start_pc < min) min = start_pc;
1913 if (end_pc > max) max = end_pc;
1914 }
1915 }
1916
1917 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1918 int localvariable_table_length = _method->localvariable_table_length();
1919 if (localvariable_table_length > 0) {
1920 LocalVariableTableElement* table = _method->localvariable_table_start();
1921 for (int i = 0; i < localvariable_table_length; i++) {
1922 u2 start_bci = table[i].start_bci;
1923 u2 length = table[i].length;
1924
1925 if (start_bci >= code_length || code_data[start_bci] == 0) {
1926 class_format_error(
1927 "Illegal local variable table start_pc %d", start_bci);
1928 return;
1929 }
1930 u4 end_bci = (u4)(start_bci + length);
1931 if (end_bci != code_length) {
1932 if (end_bci >= code_length || code_data[end_bci] == 0) {
1933 class_format_error( "Illegal local variable table length %d", length);
1934 return;
1935 }
1936 }
1937 }
1938 }
1939 }
1940
1941 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1942 StackMapFrame* current_frame,
1943 StackMapTable* stackmap_table,
1944 bool no_control_flow, TRAPS) {
1945 if (stackmap_index < stackmap_table->get_frame_count()) {
1946 int this_offset = stackmap_table->get_offset(stackmap_index);
1947 if (no_control_flow && this_offset > bci) {
1948 verify_error(ErrorContext::missing_stackmap(bci),
1949 "Expecting a stack map frame");
1950 return 0;
1951 }
1952 if (this_offset == bci) {
1953 ErrorContext ctx;
1954 // See if current stack map can be assigned to the frame in table.
1955 // current_frame is the stackmap frame got from the last instruction.
1956 // If matched, current_frame will be updated by this method.
1957 bool matches = stackmap_table->match_stackmap(
1958 current_frame, this_offset, stackmap_index,
1959 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1960 if (!matches) {
1961 // report type error
1962 verify_error(ctx, "Instruction type does not match stack map");
1963 return 0;
1964 }
1965 stackmap_index++;
1966 } else if (this_offset < bci) {
1967 // current_offset should have met this_offset.
1968 class_format_error("Bad stack map offset %d", this_offset);
1969 return 0;
1970 }
1971 } else if (no_control_flow) {
1972 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1973 return 0;
1974 }
1975 return stackmap_index;
1976 }
1977
1978 // Since this method references the constant pool, call was_recursively_verified()
1979 // before calling this method to make sure a prior class load did not cause the
1980 // current class to get verified.
1981 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1982 StackMapFrame* current_frame,
1983 StackMapTable* stackmap_table, TRAPS) {
1984 constantPoolHandle cp (THREAD, _method->constants());
1985 ExceptionTable exhandlers(_method());
1986 int exlength = exhandlers.length();
1987 for(int i = 0; i < exlength; i++) {
1988 u2 start_pc = exhandlers.start_pc(i);
1989 u2 end_pc = exhandlers.end_pc(i);
1990 u2 handler_pc = exhandlers.handler_pc(i);
1991 int catch_type_index = exhandlers.catch_type_index(i);
1992 if(bci >= start_pc && bci < end_pc) {
1993 u1 flags = current_frame->flags();
1994 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1995 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1996 if (catch_type_index != 0) {
1997 if (was_recursively_verified()) return;
1998 // We know that this index refers to a subclass of Throwable
1999 VerificationType catch_type = cp_index_to_type(
2000 catch_type_index, cp, CHECK_VERIFY(this));
2001 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2002 } else {
2003 VerificationType throwable =
2004 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2005 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2006 }
2007 ErrorContext ctx;
2008 bool matches = stackmap_table->match_stackmap(
2009 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2010 if (!matches) {
2011 verify_error(ctx, "Stack map does not match the one at "
2012 "exception handler %d", handler_pc);
2013 return;
2014 }
2015 }
2016 }
2017 }
2018
2019 void ClassVerifier::verify_cp_index(
2020 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2021 int nconstants = cp->length();
2022 if ((index <= 0) || (index >= nconstants)) {
2023 verify_error(ErrorContext::bad_cp_index(bci, index),
2024 "Illegal constant pool index %d in class %s",
2025 index, cp->pool_holder()->external_name());
2026 return;
2027 }
2028 }
2029
2030 void ClassVerifier::verify_cp_type(
2031 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2032
2033 // In some situations, bytecode rewriting may occur while we're verifying.
2034 // In this case, a constant pool cache exists and some indices refer to that
2035 // instead. Be sure we don't pick up such indices by accident.
2036 // We must check was_recursively_verified() before we get here.
2037 guarantee(cp->cache() == nullptr, "not rewritten yet");
2038
2039 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2040 unsigned int tag = cp->tag_at(index).value();
2041 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2042 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2043 verify_error(ErrorContext::bad_cp_index(bci, index),
2044 "Illegal type at constant pool entry %d in class %s",
2045 index, cp->pool_holder()->external_name());
2046 return;
2047 }
2048 }
2049
2050 void ClassVerifier::verify_cp_class_type(
2051 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2052 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2053 constantTag tag = cp->tag_at(index);
2054 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2055 verify_error(ErrorContext::bad_cp_index(bci, index),
2056 "Illegal type at constant pool entry %d in class %s",
2057 index, cp->pool_holder()->external_name());
2058 return;
2059 }
2060 }
2061
2062 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2063 stringStream ss;
2064
2065 ctx.reset_frames();
2066 _exception_type = vmSymbols::java_lang_VerifyError();
2067 _error_context = ctx;
2068 va_list va;
2069 va_start(va, msg);
2070 ss.vprint(msg, va);
2071 va_end(va);
2072 _message = ss.as_string();
2073 #ifdef ASSERT
2074 ResourceMark rm;
2075 const char* exception_name = _exception_type->as_C_string();
2076 Exceptions::debug_check_abort(exception_name, nullptr);
2077 #endif // ndef ASSERT
2078 }
2079
2080 void ClassVerifier::class_format_error(const char* msg, ...) {
2081 stringStream ss;
2082 _exception_type = vmSymbols::java_lang_ClassFormatError();
2083 va_list va;
2084 va_start(va, msg);
2085 ss.vprint(msg, va);
2086 va_end(va);
2087 if (!_method.is_null()) {
2088 ss.print(" in method '");
2089 _method->print_external_name(&ss);
2090 ss.print("'");
2091 }
2092 _message = ss.as_string();
2093 }
2094
2095 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2096 HandleMark hm(THREAD);
2097 // Get current loader first.
2098 oop loader = current_class()->class_loader();
2099
2100 assert(name_in_supers(name, current_class()), "name should be a super class");
2101
2102 Klass* kls = SystemDictionary::resolve_or_fail(
2103 name, Handle(THREAD, loader), true, THREAD);
2104
2105 if (kls != nullptr) {
2106 if (log_is_enabled(Debug, class, resolve)) {
2107 Verifier::trace_class_resolution(kls, current_class());
2108 }
2109 }
2110 return kls;
2111 }
2112
2113 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2114 Klass* target_class,
2115 Symbol* field_name,
2116 Symbol* field_sig,
2117 bool is_method) {
2118 NoSafepointVerifier nosafepoint;
2119
2120 // If target class isn't a super class of this class, we don't worry about this case
2121 if (!this_class->is_subclass_of(target_class)) {
2122 return false;
2123 }
2124 // Check if the specified method or field is protected
2125 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2126 fieldDescriptor fd;
2127 if (is_method) {
2128 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2129 if (m != nullptr && m->is_protected()) {
2130 if (!this_class->is_same_class_package(m->method_holder())) {
2131 return true;
2132 }
2133 }
2134 } else {
2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136 if (member_klass != nullptr && fd.is_protected()) {
2137 if (!this_class->is_same_class_package(member_klass)) {
2138 return true;
2139 }
2140 }
2141 }
2142 return false;
2143 }
2144
2145 void ClassVerifier::verify_ldc(
2146 int opcode, u2 index, StackMapFrame* current_frame,
2147 const constantPoolHandle& cp, int bci, TRAPS) {
2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149 constantTag tag = cp->tag_at(index);
2150 unsigned int types = 0;
2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152 if (!tag.is_unresolved_klass()) {
2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156 | (1 << JVM_CONSTANT_Dynamic);
2157 // Note: The class file parser already verified the legality of
2158 // MethodHandle and MethodType constants.
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 } else {
2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164 | (1 << JVM_CONSTANT_Dynamic);
2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166 }
2167 if (tag.is_string()) {
2168 current_frame->push_stack(
2169 VerificationType::reference_type(
2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172 current_frame->push_stack(
2173 VerificationType::reference_type(
2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2175 } else if (tag.is_int()) {
2176 current_frame->push_stack(
2177 VerificationType::integer_type(), CHECK_VERIFY(this));
2178 } else if (tag.is_float()) {
2179 current_frame->push_stack(
2180 VerificationType::float_type(), CHECK_VERIFY(this));
2181 } else if (tag.is_double()) {
2182 current_frame->push_stack_2(
2183 VerificationType::double_type(),
2184 VerificationType::double2_type(), CHECK_VERIFY(this));
2185 } else if (tag.is_long()) {
2186 current_frame->push_stack_2(
2187 VerificationType::long_type(),
2188 VerificationType::long2_type(), CHECK_VERIFY(this));
2189 } else if (tag.is_method_handle()) {
2190 current_frame->push_stack(
2191 VerificationType::reference_type(
2192 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2193 } else if (tag.is_method_type()) {
2194 current_frame->push_stack(
2195 VerificationType::reference_type(
2196 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2197 } else if (tag.is_dynamic_constant()) {
2198 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2199 // Field signature was checked in ClassFileParser.
2200 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2201 "Invalid type for dynamic constant");
2202 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2203 "buffer type must match VerificationType size");
2204 uintptr_t constant_type_buffer[2];
2205 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2206 SignatureStream sig_stream(constant_type, false);
2207 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2208 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2209 if (n != opcode_n) {
2210 // wrong kind of ldc; reverify against updated type mask
2211 types &= ~(1 << JVM_CONSTANT_Dynamic);
2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213 }
2214 for (int i = 0; i < n; i++) {
2215 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2216 }
2217 } else {
2218 /* Unreachable? verify_cp_type has already validated the cp type. */
2219 verify_error(
2220 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2221 return;
2222 }
2223 }
2224
2225 void ClassVerifier::verify_switch(
2226 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2227 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2228 int bci = bcs->bci();
2229 address bcp = bcs->bcp();
2230 address aligned_bcp = align_up(bcp + 1, jintSize);
2231
2232 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2233 // 4639449 & 4647081: padding bytes must be 0
2234 u2 padding_offset = 1;
2235 while ((bcp + padding_offset) < aligned_bcp) {
2236 if(*(bcp + padding_offset) != 0) {
2237 verify_error(ErrorContext::bad_code(bci),
2238 "Nonzero padding byte in lookupswitch or tableswitch");
2239 return;
2240 }
2241 padding_offset++;
2242 }
2243 }
2244
2245 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2246 int keys, delta;
2247 current_frame->pop_stack(
2248 VerificationType::integer_type(), CHECK_VERIFY(this));
2249 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2250 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2251 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2252 if (low > high) {
2253 verify_error(ErrorContext::bad_code(bci),
2254 "low must be less than or equal to high in tableswitch");
2255 return;
2256 }
2257 int64_t keys64 = ((int64_t)high - low) + 1;
2258 if (keys64 > 65535) { // Max code length
2259 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2260 return;
2261 }
2262 keys = (int)keys64;
2263 delta = 1;
2264 } else {
2265 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2266 if (keys < 0) {
2267 verify_error(ErrorContext::bad_code(bci),
2268 "number of keys in lookupswitch less than 0");
2269 return;
2270 }
2271 delta = 2;
2272 // Make sure that the lookupswitch items are sorted
2273 for (int i = 0; i < (keys - 1); i++) {
2274 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2275 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2276 if (this_key >= next_key) {
2277 verify_error(ErrorContext::bad_code(bci),
2278 "Bad lookupswitch instruction");
2279 return;
2280 }
2281 }
2282 }
2283 int target = bci + default_offset;
2284 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2285 for (int i = 0; i < keys; i++) {
2286 // Because check_jump_target() may safepoint, the bytecode could have
2287 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2288 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2289 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2290 stackmap_table->check_jump_target(
2291 current_frame, target, CHECK_VERIFY(this));
2292 }
2293 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2294 }
2295
2296 bool ClassVerifier::name_in_supers(
2297 Symbol* ref_name, InstanceKlass* current) {
2298 Klass* super = current->super();
2299 while (super != nullptr) {
2300 if (super->name() == ref_name) {
2301 return true;
2302 }
2303 super = super->super();
2304 }
2305 return false;
2306 }
2307
2308 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2309 StackMapFrame* current_frame,
2310 const constantPoolHandle& cp,
2311 bool allow_arrays,
2312 TRAPS) {
2313 u2 index = bcs->get_index_u2();
2314 verify_cp_type(bcs->bci(), index, cp,
2315 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2316
2317 // Get field name and signature
2318 Symbol* field_name = cp->uncached_name_ref_at(index);
2319 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2320 bool is_getfield = false;
2321
2322 // Field signature was checked in ClassFileParser.
2323 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2324 "Invalid field signature");
2325
2326 // Get referenced class type
2327 VerificationType ref_class_type = cp_ref_index_to_type(
2328 index, cp, CHECK_VERIFY(this));
2329 if (!ref_class_type.is_object() &&
2330 (!allow_arrays || !ref_class_type.is_array())) {
2331 verify_error(ErrorContext::bad_type(bcs->bci(),
2332 TypeOrigin::cp(index, ref_class_type)),
2333 "Expecting reference to class in class %s at constant pool index %d",
2334 _klass->external_name(), index);
2335 return;
2336 }
2337 VerificationType target_class_type = ref_class_type;
2338
2339 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2340 "buffer type must match VerificationType size");
2341 uintptr_t field_type_buffer[2];
2342 VerificationType* field_type = (VerificationType*)field_type_buffer;
2343 // If we make a VerificationType[2] array directly, the compiler calls
2344 // to the c-runtime library to do the allocation instead of just
2345 // stack allocating it. Plus it would run constructors. This shows up
2346 // in performance profiles.
2347
2348 SignatureStream sig_stream(field_sig, false);
2349 VerificationType stack_object_type;
2350 int n = change_sig_to_verificationType(&sig_stream, field_type);
2351 int bci = bcs->bci();
2352 bool is_assignable;
2353 switch (bcs->raw_code()) {
2354 case Bytecodes::_getstatic: {
2355 for (int i = 0; i < n; i++) {
2356 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2357 }
2358 break;
2359 }
2360 case Bytecodes::_putstatic: {
2361 for (int i = n - 1; i >= 0; i--) {
2362 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2363 }
2364 break;
2365 }
2366 case Bytecodes::_getfield: {
2367 is_getfield = true;
2368 stack_object_type = current_frame->pop_stack(
2369 target_class_type, CHECK_VERIFY(this));
2370 goto check_protected;
2371 }
2372 case Bytecodes::_putfield: {
2373 for (int i = n - 1; i >= 0; i--) {
2374 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375 }
2376 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377
2378 // The JVMS 2nd edition allows field initialization before the superclass
2379 // initializer, if the field is defined within the current class.
2380 fieldDescriptor fd;
2381 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382 target_class_type.equals(current_type()) &&
2383 _klass->find_local_field(field_name, field_sig, &fd)) {
2384 stack_object_type = current_type();
2385 }
2386 is_assignable = target_class_type.is_assignable_from(
2387 stack_object_type, this, false, CHECK_VERIFY(this));
2388 if (!is_assignable) {
2389 verify_error(ErrorContext::bad_type(bci,
2390 current_frame->stack_top_ctx(),
2391 TypeOrigin::cp(index, target_class_type)),
2392 "Bad type on operand stack in putfield");
2393 return;
2394 }
2395 }
2396 check_protected: {
2397 if (_this_type == stack_object_type)
2398 break; // stack_object_type must be assignable to _current_class_type
2399 if (was_recursively_verified()) {
2400 if (is_getfield) {
2401 // Push field type for getfield.
2402 for (int i = 0; i < n; i++) {
2403 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404 }
2405 }
2406 return;
2407 }
2408 Symbol* ref_class_name =
2409 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2410 if (!name_in_supers(ref_class_name, current_class()))
2411 // stack_object_type must be assignable to _current_class_type since:
2412 // 1. stack_object_type must be assignable to ref_class.
2413 // 2. ref_class must be _current_class or a subclass of it. It can't
2414 // be a superclass of it. See revised JVMS 5.4.4.
2415 break;
2416
2417 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2418 if (is_protected_access(current_class(), ref_class_oop, field_name,
2419 field_sig, false)) {
2420 // It's protected access, check if stack object is assignable to
2421 // current class.
2422 is_assignable = current_type().is_assignable_from(
2423 stack_object_type, this, true, CHECK_VERIFY(this));
2424 if (!is_assignable) {
2425 verify_error(ErrorContext::bad_type(bci,
2426 current_frame->stack_top_ctx(),
2427 TypeOrigin::implicit(current_type())),
2428 "Bad access to protected data in %s",
2429 is_getfield ? "getfield" : "putfield");
2430 return;
2431 }
2432 }
2433 break;
2434 }
2435 default: ShouldNotReachHere();
2436 }
2437 if (is_getfield) {
2438 // Push field type for getfield after doing protection check.
2439 for (int i = 0; i < n; i++) {
2440 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2441 }
2442 }
2443 }
2444
2445 // Look at the method's handlers. If the bci is in the handler's try block
2446 // then check if the handler_pc is already on the stack. If not, push it
2447 // unless the handler has already been scanned.
2448 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2449 GrowableArray<u4>* handler_list,
2450 GrowableArray<u4>* handler_stack,
2451 u4 bci) {
2452 int exlength = exhandlers->length();
2453 for(int x = 0; x < exlength; x++) {
2454 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2455 u4 exhandler_pc = exhandlers->handler_pc(x);
2456 if (!handler_list->contains(exhandler_pc)) {
2457 handler_stack->append_if_missing(exhandler_pc);
2458 handler_list->append(exhandler_pc);
2459 }
2460 }
2461 }
2462 }
2463
2464 // Return TRUE if all code paths starting with start_bc_offset end in
2465 // bytecode athrow or loop.
2466 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2467 ResourceMark rm;
2468 // Create bytecode stream.
2469 RawBytecodeStream bcs(method());
2470 int code_length = method()->code_size();
2471 bcs.set_start(start_bc_offset);
2472
2473 // Create stack for storing bytecode start offsets for if* and *switch.
2474 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2475 // Create stack for handlers for try blocks containing this handler.
2476 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2477 // Create list of handlers that have been pushed onto the handler_stack
2478 // so that handlers embedded inside of their own TRY blocks only get
2479 // scanned once.
2480 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2481 // Create list of visited branch opcodes (goto* and if*).
2482 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2483 ExceptionTable exhandlers(_method());
2484
2485 while (true) {
2486 if (bcs.is_last_bytecode()) {
2487 // if no more starting offsets to parse or if at the end of the
2488 // method then return false.
2489 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2490 return false;
2491 // Pop a bytecode starting offset and scan from there.
2492 bcs.set_start(bci_stack->pop());
2493 }
2494 Bytecodes::Code opcode = bcs.raw_next();
2495 int bci = bcs.bci();
2496
2497 // If the bytecode is in a TRY block, push its handlers so they
2498 // will get parsed.
2499 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2500
2501 switch (opcode) {
2502 case Bytecodes::_if_icmpeq:
2503 case Bytecodes::_if_icmpne:
2504 case Bytecodes::_if_icmplt:
2505 case Bytecodes::_if_icmpge:
2506 case Bytecodes::_if_icmpgt:
2507 case Bytecodes::_if_icmple:
2508 case Bytecodes::_ifeq:
2509 case Bytecodes::_ifne:
2510 case Bytecodes::_iflt:
2511 case Bytecodes::_ifge:
2512 case Bytecodes::_ifgt:
2513 case Bytecodes::_ifle:
2514 case Bytecodes::_if_acmpeq:
2515 case Bytecodes::_if_acmpne:
2516 case Bytecodes::_ifnull:
2517 case Bytecodes::_ifnonnull: {
2518 int target = bcs.dest();
2519 if (visited_branches->contains(bci)) {
2520 if (bci_stack->is_empty()) {
2521 if (handler_stack->is_empty()) {
2522 return true;
2523 } else {
2524 // Parse the catch handlers for try blocks containing athrow.
2525 bcs.set_start(handler_stack->pop());
2526 }
2527 } else {
2528 // Pop a bytecode starting offset and scan from there.
2529 bcs.set_start(bci_stack->pop());
2530 }
2531 } else {
2532 if (target > bci) { // forward branch
2533 if (target >= code_length) return false;
2534 // Push the branch target onto the stack.
2535 bci_stack->push(target);
2536 // then, scan bytecodes starting with next.
2537 bcs.set_start(bcs.next_bci());
2538 } else { // backward branch
2539 // Push bytecode offset following backward branch onto the stack.
2540 bci_stack->push(bcs.next_bci());
2541 // Check bytecodes starting with branch target.
2542 bcs.set_start(target);
2543 }
2544 // Record target so we don't branch here again.
2545 visited_branches->append(bci);
2546 }
2547 break;
2548 }
2549
2550 case Bytecodes::_goto:
2551 case Bytecodes::_goto_w: {
2552 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2553 if (visited_branches->contains(bci)) {
2554 if (bci_stack->is_empty()) {
2555 if (handler_stack->is_empty()) {
2556 return true;
2557 } else {
2558 // Parse the catch handlers for try blocks containing athrow.
2559 bcs.set_start(handler_stack->pop());
2560 }
2561 } else {
2562 // Been here before, pop new starting offset from stack.
2563 bcs.set_start(bci_stack->pop());
2564 }
2565 } else {
2566 if (target >= code_length) return false;
2567 // Continue scanning from the target onward.
2568 bcs.set_start(target);
2569 // Record target so we don't branch here again.
2570 visited_branches->append(bci);
2571 }
2572 break;
2573 }
2574
2575 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2576 // is difficult to determine where each switch alternative ends, parse
2577 // each switch alternative until either hit a 'return', 'athrow', or reach
2578 // the end of the method's bytecodes. This is gross but should be okay
2579 // because:
2580 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2581 // constructor invocations should be rare.
2582 // 2. if each switch alternative ends in an athrow then the parsing should be
2583 // short. If there is no athrow then it is bogus code, anyway.
2584 case Bytecodes::_lookupswitch:
2585 case Bytecodes::_tableswitch:
2586 {
2587 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2588 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2589 int keys, delta;
2590 if (opcode == Bytecodes::_tableswitch) {
2591 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2592 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2593 // This is invalid, but let the regular bytecode verifier
2594 // report this because the user will get a better error message.
2595 if (low > high) return true;
2596 keys = high - low + 1;
2597 delta = 1;
2598 } else {
2599 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2600 delta = 2;
2601 }
2602 // Invalid, let the regular bytecode verifier deal with it.
2603 if (keys < 0) return true;
2604
2605 // Push the offset of the next bytecode onto the stack.
2606 bci_stack->push(bcs.next_bci());
2607
2608 // Push the switch alternatives onto the stack.
2609 for (int i = 0; i < keys; i++) {
2610 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2611 if (target > code_length) return false;
2612 bci_stack->push(target);
2613 }
2614
2615 // Start bytecode parsing for the switch at the default alternative.
2616 if (default_offset > code_length) return false;
2617 bcs.set_start(default_offset);
2618 break;
2619 }
2620
2621 case Bytecodes::_return:
2622 return false;
2623
2624 case Bytecodes::_athrow:
2625 {
2626 if (bci_stack->is_empty()) {
2627 if (handler_stack->is_empty()) {
2628 return true;
2629 } else {
2630 // Parse the catch handlers for try blocks containing athrow.
2631 bcs.set_start(handler_stack->pop());
2632 }
2633 } else {
2634 // Pop a bytecode offset and starting scanning from there.
2635 bcs.set_start(bci_stack->pop());
2636 }
2637 }
2638 break;
2639
2640 default:
2641 ;
2642 } // end switch
2643 } // end while loop
2644
2645 return false;
2646 }
2647
2648 void ClassVerifier::verify_invoke_init(
2649 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2650 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2651 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2652 TRAPS) {
2653 int bci = bcs->bci();
2654 VerificationType type = current_frame->pop_stack(
2655 VerificationType::reference_check(), CHECK_VERIFY(this));
2656 if (type == VerificationType::uninitialized_this_type()) {
2657 // The method must be an <init> method of this class or its superclass
2658 Klass* superk = current_class()->super();
2659 if (ref_class_type.name() != current_class()->name() &&
2660 ref_class_type.name() != superk->name()) {
2661 verify_error(ErrorContext::bad_type(bci,
2662 TypeOrigin::implicit(ref_class_type),
2663 TypeOrigin::implicit(current_type())),
2664 "Bad <init> method call");
2665 return;
2666 }
2667
2668 // If this invokespecial call is done from inside of a TRY block then make
2669 // sure that all catch clause paths end in a throw. Otherwise, this can
2670 // result in returning an incomplete object.
2671 if (in_try_block) {
2672 ExceptionTable exhandlers(_method());
2673 int exlength = exhandlers.length();
2674 for(int i = 0; i < exlength; i++) {
2675 u2 start_pc = exhandlers.start_pc(i);
2676 u2 end_pc = exhandlers.end_pc(i);
2677
2678 if (bci >= start_pc && bci < end_pc) {
2679 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2680 verify_error(ErrorContext::bad_code(bci),
2681 "Bad <init> method call from after the start of a try block");
2682 return;
2683 } else if (log_is_enabled(Debug, verification)) {
2684 ResourceMark rm(THREAD);
2685 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2686 current_class()->name()->as_C_string());
2687 }
2688 }
2689 }
2690
2691 // Check the exception handler target stackmaps with the locals from the
2692 // incoming stackmap (before initialize_object() changes them to outgoing
2693 // state).
2694 if (was_recursively_verified()) return;
2695 verify_exception_handler_targets(bci, true, current_frame,
2696 stackmap_table, CHECK_VERIFY(this));
2697 } // in_try_block
2698
2699 current_frame->initialize_object(type, current_type());
2700 *this_uninit = true;
2701 } else if (type.is_uninitialized()) {
2702 u2 new_offset = type.bci();
2703 address new_bcp = bcs->bcp() - bci + new_offset;
2704 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2705 /* Unreachable? Stack map parsing ensures valid type and new
2706 * instructions have a valid BCI. */
2707 verify_error(ErrorContext::bad_code(new_offset),
2708 "Expecting new instruction");
2709 return;
2710 }
2711 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2712 if (was_recursively_verified()) return;
2713 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2714
2715 // The method must be an <init> method of the indicated class
2716 VerificationType new_class_type = cp_index_to_type(
2717 new_class_index, cp, CHECK_VERIFY(this));
2718 if (!new_class_type.equals(ref_class_type)) {
2719 verify_error(ErrorContext::bad_type(bci,
2720 TypeOrigin::cp(new_class_index, new_class_type),
2721 TypeOrigin::cp(ref_class_index, ref_class_type)),
2722 "Call to wrong <init> method");
2723 return;
2724 }
2725 // According to the VM spec, if the referent class is a superclass of the
2726 // current class, and is in a different runtime package, and the method is
2727 // protected, then the objectref must be the current class or a subclass
2728 // of the current class.
2729 VerificationType objectref_type = new_class_type;
2730 if (name_in_supers(ref_class_type.name(), current_class())) {
2731 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2732 if (was_recursively_verified()) return;
2733 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2734 vmSymbols::object_initializer_name(),
2735 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2736 Klass::OverpassLookupMode::find);
2737 // Do nothing if method is not found. Let resolution detect the error.
2738 if (m != nullptr) {
2739 InstanceKlass* mh = m->method_holder();
2740 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2741 bool assignable = current_type().is_assignable_from(
2742 objectref_type, this, true, CHECK_VERIFY(this));
2743 if (!assignable) {
2744 verify_error(ErrorContext::bad_type(bci,
2745 TypeOrigin::cp(new_class_index, objectref_type),
2746 TypeOrigin::implicit(current_type())),
2747 "Bad access to protected <init> method");
2748 return;
2749 }
2750 }
2751 }
2752 }
2753 // Check the exception handler target stackmaps with the locals from the
2754 // incoming stackmap (before initialize_object() changes them to outgoing
2755 // state).
2756 if (in_try_block) {
2757 if (was_recursively_verified()) return;
2758 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2759 stackmap_table, CHECK_VERIFY(this));
2760 }
2761 current_frame->initialize_object(type, new_class_type);
2762 } else {
2763 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2764 "Bad operand type when invoking <init>");
2765 return;
2766 }
2767 }
2768
2769 bool ClassVerifier::is_same_or_direct_interface(
2770 InstanceKlass* klass,
2771 VerificationType klass_type,
2772 VerificationType ref_class_type) {
2773 if (ref_class_type.equals(klass_type)) return true;
2774 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2775 if (local_interfaces != nullptr) {
2776 for (int x = 0; x < local_interfaces->length(); x++) {
2777 InstanceKlass* k = local_interfaces->at(x);
2778 assert (k != nullptr && k->is_interface(), "invalid interface");
2779 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2780 return true;
2781 }
2782 }
2783 }
2784 return false;
2785 }
2786
2787 void ClassVerifier::verify_invoke_instructions(
2788 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2789 bool in_try_block, bool *this_uninit, VerificationType return_type,
2790 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2791 // Make sure the constant pool item is the right type
2792 u2 index = bcs->get_index_u2();
2793 Bytecodes::Code opcode = bcs->raw_code();
2794 unsigned int types = 0;
2795 switch (opcode) {
2796 case Bytecodes::_invokeinterface:
2797 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2798 break;
2799 case Bytecodes::_invokedynamic:
2800 types = 1 << JVM_CONSTANT_InvokeDynamic;
2801 break;
2802 case Bytecodes::_invokespecial:
2803 case Bytecodes::_invokestatic:
2804 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2805 (1 << JVM_CONSTANT_Methodref) :
2806 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2807 break;
2808 default:
2809 types = 1 << JVM_CONSTANT_Methodref;
2810 }
2811 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2812
2813 // Get method name and signature
2814 Symbol* method_name = cp->uncached_name_ref_at(index);
2815 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2816
2817 // Method signature was checked in ClassFileParser.
2818 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2819 "Invalid method signature");
2820
2821 // Get referenced class type
2822 VerificationType ref_class_type;
2823 if (opcode == Bytecodes::_invokedynamic) {
2824 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2825 class_format_error(
2826 "invokedynamic instructions not supported by this class file version (%d), class %s",
2827 _klass->major_version(), _klass->external_name());
2828 return;
2829 }
2830 } else {
2831 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2832 }
2833
2834 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2835 "buffer type must match VerificationType size");
2836
2837 // Get the UTF8 index for this signature.
2838 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2839
2840 // Get the signature's verification types.
2841 sig_as_verification_types* mth_sig_verif_types;
2842 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2843 if (mth_sig_verif_types_ptr != nullptr) {
2844 // Found the entry for the signature's verification types in the hash table.
2845 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2846 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2847 } else {
2848 // Not found, add the entry to the table.
2849 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2850 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2851 create_method_sig_entry(mth_sig_verif_types, sig_index);
2852 }
2853
2854 // Get the number of arguments for this signature.
2855 int nargs = mth_sig_verif_types->num_args();
2856
2857 // Check instruction operands
2858 int bci = bcs->bci();
2859 if (opcode == Bytecodes::_invokeinterface) {
2860 address bcp = bcs->bcp();
2861 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2862 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2863 // the difference between the size of the operand stack before and after the instruction
2864 // executes.
2865 if (*(bcp+3) != (nargs+1)) {
2866 verify_error(ErrorContext::bad_code(bci),
2867 "Inconsistent args count operand in invokeinterface");
2868 return;
2869 }
2870 if (*(bcp+4) != 0) {
2871 verify_error(ErrorContext::bad_code(bci),
2872 "Fourth operand byte of invokeinterface must be zero");
2873 return;
2874 }
2875 }
2876
2877 if (opcode == Bytecodes::_invokedynamic) {
2878 address bcp = bcs->bcp();
2879 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2880 verify_error(ErrorContext::bad_code(bci),
2881 "Third and fourth operand bytes of invokedynamic must be zero");
2882 return;
2883 }
2884 }
2885
2886 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2887 // Make sure <init> can only be invoked by invokespecial
2888 if (opcode != Bytecodes::_invokespecial ||
2889 method_name != vmSymbols::object_initializer_name()) {
2890 verify_error(ErrorContext::bad_code(bci),
2891 "Illegal call to internal method");
2892 return;
2893 }
2894 } else if (opcode == Bytecodes::_invokespecial
2895 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2896 && !ref_class_type.equals(VerificationType::reference_type(
2897 current_class()->super()->name()))) {
2898 bool subtype = false;
2899 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2900 subtype = ref_class_type.is_assignable_from(
2901 current_type(), this, false, CHECK_VERIFY(this));
2902 if (!subtype) {
2903 verify_error(ErrorContext::bad_code(bci),
2904 "Bad invokespecial instruction: "
2905 "current class isn't assignable to reference class.");
2906 return;
2907 } else if (have_imr_indirect) {
2908 verify_error(ErrorContext::bad_code(bci),
2909 "Bad invokespecial instruction: "
2910 "interface method reference is in an indirect superinterface.");
2911 return;
2912 }
2913
2914 }
2915
2916 // Get the verification types for the method's arguments.
2917 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2918 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2919 // Match method descriptor with operand stack
2920 // The arguments are on the stack in descending order.
2921 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2922 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2923 }
2924
2925 // Check objectref on operand stack
2926 if (opcode != Bytecodes::_invokestatic &&
2927 opcode != Bytecodes::_invokedynamic) {
2928 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2929 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2930 code_length, in_try_block, this_uninit, cp, stackmap_table,
2931 CHECK_VERIFY(this));
2932 if (was_recursively_verified()) return;
2933 } else { // other methods
2934 // Ensures that target class is assignable to method class.
2935 if (opcode == Bytecodes::_invokespecial) {
2936 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2937 } else if (opcode == Bytecodes::_invokevirtual) {
2938 VerificationType stack_object_type =
2939 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2940 if (current_type() != stack_object_type) {
2941 if (was_recursively_verified()) return;
2942 assert(cp->cache() == nullptr, "not rewritten yet");
2943 Symbol* ref_class_name =
2944 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2945 // See the comments in verify_field_instructions() for
2946 // the rationale behind this.
2947 if (name_in_supers(ref_class_name, current_class())) {
2948 Klass* ref_class = load_class(ref_class_name, CHECK);
2949 if (is_protected_access(
2950 _klass, ref_class, method_name, method_sig, true)) {
2951 // It's protected access, check if stack object is
2952 // assignable to current class.
2953 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2954 && stack_object_type.is_array()
2955 && method_name == vmSymbols::clone_name()) {
2956 // Special case: arrays pretend to implement public Object
2957 // clone().
2958 } else {
2959 bool is_assignable = current_type().is_assignable_from(
2960 stack_object_type, this, true, CHECK_VERIFY(this));
2961 if (!is_assignable) {
2962 verify_error(ErrorContext::bad_type(bci,
2963 current_frame->stack_top_ctx(),
2964 TypeOrigin::implicit(current_type())),
2965 "Bad access to protected data in invokevirtual");
2966 return;
2967 }
2968 }
2969 }
2970 }
2971 }
2972 } else {
2973 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2974 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2975 }
2976 }
2977 }
2978 // Push the result type.
2979 int sig_verif_types_len = sig_verif_types->length();
2980 if (sig_verif_types_len > nargs) { // There's a return type
2981 if (method_name == vmSymbols::object_initializer_name()) {
2982 // <init> method must have a void return type
2983 /* Unreachable? Class file parser verifies that methods with '<' have
2984 * void return */
2985 verify_error(ErrorContext::bad_code(bci),
2986 "Return type must be void in <init> method");
2987 return;
2988 }
2989
2990 assert(sig_verif_types_len <= nargs + 2,
2991 "Signature verification types array return type is bogus");
2992 for (int i = nargs; i < sig_verif_types_len; i++) {
2993 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2994 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2995 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2996 }
2997 }
2998 }
2999
3000 VerificationType ClassVerifier::get_newarray_type(
3001 u2 index, int bci, TRAPS) {
3002 const char* from_bt[] = {
3003 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3004 };
3005 if (index < T_BOOLEAN || index > T_LONG) {
3006 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3007 return VerificationType::bogus_type();
3008 }
3009
3010 // from_bt[index] contains the array signature which has a length of 2
3011 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3012 return VerificationType::reference_type(sig);
3013 }
3014
3015 void ClassVerifier::verify_anewarray(
3016 int bci, u2 index, const constantPoolHandle& cp,
3017 StackMapFrame* current_frame, TRAPS) {
3018 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3019 current_frame->pop_stack(
3020 VerificationType::integer_type(), CHECK_VERIFY(this));
3021
3022 if (was_recursively_verified()) return;
3023 VerificationType component_type =
3024 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3025 int length;
3026 char* arr_sig_str;
3027 if (component_type.is_array()) { // it's an array
3028 const char* component_name = component_type.name()->as_utf8();
3029 // Check for more than MAX_ARRAY_DIMENSIONS
3030 length = (int)strlen(component_name);
3031 if (length > MAX_ARRAY_DIMENSIONS &&
3032 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3033 verify_error(ErrorContext::bad_code(bci),
3034 "Illegal anewarray instruction, array has more than 255 dimensions");
3035 }
3036 // add one dimension to component
3037 length++;
3038 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3039 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3040 JVM_SIGNATURE_ARRAY, component_name);
3041 assert(n == length, "Unexpected number of characters in string");
3042 } else { // it's an object or interface
3043 const char* component_name = component_type.name()->as_utf8();
3044 // add one dimension to component with 'L' prepended and ';' postpended.
3045 length = (int)strlen(component_name) + 3;
3046 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3047 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3048 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3049 assert(n == length, "Unexpected number of characters in string");
3050 }
3051 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3052 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3053 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3054 }
3055
3056 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3057 current_frame->get_local(
3058 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3059 current_frame->push_stack(
3060 VerificationType::integer_type(), CHECK_VERIFY(this));
3061 }
3062
3063 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3064 current_frame->get_local_2(
3065 index, VerificationType::long_type(),
3066 VerificationType::long2_type(), CHECK_VERIFY(this));
3067 current_frame->push_stack_2(
3068 VerificationType::long_type(),
3069 VerificationType::long2_type(), CHECK_VERIFY(this));
3070 }
3071
3072 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3073 current_frame->get_local(
3074 index, VerificationType::float_type(), CHECK_VERIFY(this));
3075 current_frame->push_stack(
3076 VerificationType::float_type(), CHECK_VERIFY(this));
3077 }
3078
3079 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3080 current_frame->get_local_2(
3081 index, VerificationType::double_type(),
3082 VerificationType::double2_type(), CHECK_VERIFY(this));
3083 current_frame->push_stack_2(
3084 VerificationType::double_type(),
3085 VerificationType::double2_type(), CHECK_VERIFY(this));
3086 }
3087
3088 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3089 VerificationType type = current_frame->get_local(
3090 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3091 current_frame->push_stack(type, CHECK_VERIFY(this));
3092 }
3093
3094 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3095 current_frame->pop_stack(
3096 VerificationType::integer_type(), CHECK_VERIFY(this));
3097 current_frame->set_local(
3098 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3099 }
3100
3101 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3102 current_frame->pop_stack_2(
3103 VerificationType::long2_type(),
3104 VerificationType::long_type(), CHECK_VERIFY(this));
3105 current_frame->set_local_2(
3106 index, VerificationType::long_type(),
3107 VerificationType::long2_type(), CHECK_VERIFY(this));
3108 }
3109
3110 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3111 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3112 current_frame->set_local(
3113 index, VerificationType::float_type(), CHECK_VERIFY(this));
3114 }
3115
3116 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3117 current_frame->pop_stack_2(
3118 VerificationType::double2_type(),
3119 VerificationType::double_type(), CHECK_VERIFY(this));
3120 current_frame->set_local_2(
3121 index, VerificationType::double_type(),
3122 VerificationType::double2_type(), CHECK_VERIFY(this));
3123 }
3124
3125 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3126 VerificationType type = current_frame->pop_stack(
3127 VerificationType::reference_check(), CHECK_VERIFY(this));
3128 current_frame->set_local(index, type, CHECK_VERIFY(this));
3129 }
3130
3131 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3132 VerificationType type = current_frame->get_local(
3133 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3134 current_frame->set_local(index, type, CHECK_VERIFY(this));
3135 }
3136
3137 void ClassVerifier::verify_return_value(
3138 VerificationType return_type, VerificationType type, int bci,
3139 StackMapFrame* current_frame, TRAPS) {
3140 if (return_type == VerificationType::bogus_type()) {
3141 verify_error(ErrorContext::bad_type(bci,
3142 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3143 "Method does not expect a return value");
3144 return;
3145 }
3146 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3147 if (!match) {
3148 verify_error(ErrorContext::bad_type(bci,
3149 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3150 "Bad return type");
3151 return;
3152 }
3153 }
3154
3155 // The verifier creates symbols which are substrings of Symbols.
3156 // These are stored in the verifier until the end of verification so that
3157 // they can be reference counted.
3158 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3159 // Quick deduplication check
3160 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3161 return _previous_symbol;
3162 }
3163 Symbol* sym = SymbolTable::new_symbol(name, length);
3164 if (!sym->is_permanent()) {
3165 if (_symbols == nullptr) {
3166 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3167 }
3168 _symbols->push(sym);
3169 }
3170 _previous_symbol = sym;
3171 return sym;
3172 }