1 /*
   2  * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "jvm.h"
  27 #include "classfile/classFileStream.hpp"
  28 #include "classfile/classLoader.hpp"
  29 #include "classfile/javaClasses.hpp"
  30 #include "classfile/stackMapTable.hpp"
  31 #include "classfile/stackMapFrame.hpp"
  32 #include "classfile/stackMapTableFormat.hpp"
  33 #include "classfile/symbolTable.hpp"
  34 #include "classfile/systemDictionary.hpp"
  35 #include "classfile/verifier.hpp"
  36 #include "classfile/vmClasses.hpp"
  37 #include "classfile/vmSymbols.hpp"
  38 #include "interpreter/bytecodes.hpp"
  39 #include "interpreter/bytecodeStream.hpp"
  40 #include "logging/log.hpp"
  41 #include "logging/logStream.hpp"
  42 #include "memory/oopFactory.hpp"
  43 #include "memory/resourceArea.hpp"
  44 #include "memory/universe.hpp"
  45 #include "oops/constantPool.inline.hpp"
  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define MAX_ARRAY_DIMENSIONS 255
  67 
  68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  69 
  70 extern "C" {
  71   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  75 
  76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  77 
  78   if (_verify_byte_codes_fn != NULL)
  79     return _verify_byte_codes_fn;
  80 
  81   MutexLocker locker(Verify_lock);
  82 
  83   if (_verify_byte_codes_fn != NULL)
  84     return _verify_byte_codes_fn;
  85 
  86   // Load verify dll
  87   char buffer[JVM_MAXPATHLEN];
  88   char ebuf[1024];
  89   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  90     return NULL; // Caller will throw VerifyError
  91 
  92   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  93   if (lib_handle == NULL)
  94     return NULL; // Caller will throw VerifyError
  95 
  96   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  97   if (fn == NULL)
  98     return NULL; // Caller will throw VerifyError
  99 
 100   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 101 }
 102 
 103 
 104 // Methods in Verifier
 105 
 106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 107   return (class_loader == NULL || !should_verify_class) ?
 108     BytecodeVerificationLocal : BytecodeVerificationRemote;
 109 }
 110 
 111 bool Verifier::relax_access_for(oop loader) {
 112   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 113   bool need_verify =
 114     // verifyAll
 115     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 116     // verifyRemote
 117     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 118   return !need_verify;
 119 }
 120 
 121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 122   assert(verify_class != NULL, "Unexpected null verify_class");
 123   ResourceMark rm;
 124   Symbol* s = verify_class->source_file_name();
 125   const char* source_file = (s != NULL ? s->as_C_string() : NULL);
 126   const char* verify = verify_class->external_name();
 127   const char* resolve = resolve_class->external_name();
 128   // print in a single call to reduce interleaving between threads
 129   if (source_file != NULL) {
 130     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 131   } else {
 132     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 133   }
 134 }
 135 
 136 // Prints the end-verification message to the appropriate output.
 137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 138   if (pending_exception != NULL) {
 139     st->print("Verification for %s has", klassName);
 140     oop message = java_lang_Throwable::message(pending_exception);
 141     if (message != NULL) {
 142       char* ex_msg = java_lang_String::as_utf8_string(message);
 143       st->print_cr(" exception pending '%s %s'",
 144                    pending_exception->klass()->external_name(), ex_msg);
 145     } else {
 146       st->print_cr(" exception pending %s ",
 147                    pending_exception->klass()->external_name());
 148     }
 149   } else if (exception_name != NULL) {
 150     st->print_cr("Verification for %s failed", klassName);
 151   }
 152   st->print_cr("End class verification for: %s", klassName);
 153 }
 154 
 155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 156   HandleMark hm(THREAD);
 157   ResourceMark rm(THREAD);
 158 
 159   // Eagerly allocate the identity hash code for a klass. This is a fallout
 160   // from 6320749 and 8059924: hash code generator is not supposed to be called
 161   // during the safepoint, but it allows to sneak the hashcode in during
 162   // verification. Without this eager hashcode generation, we may end up
 163   // installing the hashcode during some other operation, which may be at
 164   // safepoint -- blowing up the checks. It was previously done as the side
 165   // effect (sic!) for external_name(), but instead of doing that, we opt to
 166   // explicitly push the hashcode in here. This is signify the following block
 167   // is IMPORTANT:
 168   if (klass->java_mirror() != NULL) {
 169     klass->java_mirror()->identity_hash();
 170   }
 171 
 172   if (!is_eligible_for_verification(klass, should_verify_class)) {
 173     return true;
 174   }
 175 
 176   // Timer includes any side effects of class verification (resolution,
 177   // etc), but not recursive calls to Verifier::verify().
 178   JavaThread* jt = THREAD;
 179   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 180                            ClassLoader::perf_class_verify_selftime(),
 181                            ClassLoader::perf_classes_verified(),
 182                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 183                            jt->get_thread_stat()->perf_timers_addr(),
 184                            PerfClassTraceTime::CLASS_VERIFY);
 185 
 186   // If the class should be verified, first see if we can use the split
 187   // verifier.  If not, or if verification fails and can failover, then
 188   // call the inference verifier.
 189   Symbol* exception_name = NULL;
 190   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 191   char* message_buffer = NULL;
 192   char* exception_message = NULL;
 193 
 194   log_info(class, init)("Start class verification for: %s", klass->external_name());
 195   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 196     ClassVerifier split_verifier(jt, klass);
 197     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 198     split_verifier.verify_class(THREAD);
 199     exception_name = split_verifier.result();
 200 
 201     // If DumpSharedSpaces is set then don't fall back to the old verifier on
 202     // verification failure. If a class fails verification with the split verifier,
 203     // it might fail the CDS runtime verifier constraint check. In that case, we
 204     // don't want to share the class. We only archive classes that pass the split
 205     // verifier.
 206     bool can_failover = !DumpSharedSpaces &&
 207       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 208 
 209     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 210         (exception_name == vmSymbols::java_lang_VerifyError() ||
 211          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 212       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 213       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 214       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 215       exception_message = message_buffer;
 216       exception_name = inference_verify(
 217         klass, message_buffer, message_buffer_len, THREAD);
 218     }
 219     if (exception_name != NULL) {
 220       exception_message = split_verifier.exception_message();
 221     }
 222   } else {
 223     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 224     exception_message = message_buffer;
 225     exception_name = inference_verify(
 226         klass, message_buffer, message_buffer_len, THREAD);
 227   }
 228 
 229   LogTarget(Info, class, init) lt1;
 230   if (lt1.is_enabled()) {
 231     LogStream ls(lt1);
 232     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 233   }
 234   LogTarget(Info, verification) lt2;
 235   if (lt2.is_enabled()) {
 236     LogStream ls(lt2);
 237     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 238   }
 239 
 240   if (HAS_PENDING_EXCEPTION) {
 241     return false; // use the existing exception
 242   } else if (exception_name == NULL) {
 243     return true; // verification succeeded
 244   } else { // VerifyError or ClassFormatError to be created and thrown
 245     Klass* kls =
 246       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 247     if (log_is_enabled(Debug, class, resolve)) {
 248       Verifier::trace_class_resolution(kls, klass);
 249     }
 250 
 251     while (kls != NULL) {
 252       if (kls == klass) {
 253         // If the class being verified is the exception we're creating
 254         // or one of it's superclasses, we're in trouble and are going
 255         // to infinitely recurse when we try to initialize the exception.
 256         // So bail out here by throwing the preallocated VM error.
 257         THROW_OOP_(Universe::virtual_machine_error_instance(), false);
 258       }
 259       kls = kls->super();
 260     }
 261     if (message_buffer != NULL) {
 262       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 263     }
 264     assert(exception_message != NULL, "");
 265     THROW_MSG_(exception_name, exception_message, false);
 266   }
 267 }
 268 
 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 270   Symbol* name = klass->name();
 271   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 272 
 273   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 274 
 275   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 276     // return if the class is a bootstrapping class
 277     // or defineClass specified not to verify by default (flags override passed arg)
 278     // We need to skip the following four for bootstraping
 279     name != vmSymbols::java_lang_Object() &&
 280     name != vmSymbols::java_lang_Class() &&
 281     name != vmSymbols::java_lang_String() &&
 282     name != vmSymbols::java_lang_Throwable() &&
 283 
 284     // Can not verify the bytecodes for shared classes because they have
 285     // already been rewritten to contain constant pool cache indices,
 286     // which the verifier can't understand.
 287     // Shared classes shouldn't have stackmaps either.
 288     // However, bytecodes for shared old classes can be verified because
 289     // they have not been rewritten.
 290     !(klass->is_shared() && klass->is_rewritten()) &&
 291 
 292     // As of the fix for 4486457 we disable verification for all of the
 293     // dynamically-generated bytecodes associated with the 1.4
 294     // reflection implementation, not just those associated with
 295     // jdk/internal/reflect/SerializationConstructorAccessor.
 296     // NOTE: this is called too early in the bootstrapping process to be
 297     // guarded by Universe::is_gte_jdk14x_version().
 298     // Also for lambda generated code, gte jdk8
 299     (!is_reflect));
 300 }
 301 
 302 Symbol* Verifier::inference_verify(
 303     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 304   JavaThread* thread = THREAD;
 305 
 306   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 307 
 308   if (verify_func == NULL) {
 309     jio_snprintf(message, message_len, "Could not link verifier");
 310     return vmSymbols::java_lang_VerifyError();
 311   }
 312 
 313   ResourceMark rm(thread);
 314   log_info(verification)("Verifying class %s with old format", klass->external_name());
 315 
 316   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 317   jint result;
 318 
 319   {
 320     HandleMark hm(thread);
 321     ThreadToNativeFromVM ttn(thread);
 322     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 323     // code knows that we have left the VM
 324     JNIEnv *env = thread->jni_environment();
 325     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 326   }
 327 
 328   JNIHandles::destroy_local(cls);
 329 
 330   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 331   // to be changed (still return jboolean (unsigned char)), and result is
 332   // 1 when verification is passed.
 333   if (result == 0) {
 334     return vmSymbols::java_lang_VerifyError();
 335   } else if (result == 1) {
 336     return NULL; // verified.
 337   } else if (result == 2) {
 338     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
 339   } else if (result == 3) {
 340     return vmSymbols::java_lang_ClassFormatError();
 341   } else {
 342     ShouldNotReachHere();
 343     return NULL;
 344   }
 345 }
 346 
 347 TypeOrigin TypeOrigin::null() {
 348   return TypeOrigin();
 349 }
 350 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
 351   assert(frame != NULL, "Must have a frame");
 352   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 353      frame->local_at(index));
 354 }
 355 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
 356   assert(frame != NULL, "Must have a frame");
 357   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 358       frame->stack_at(index));
 359 }
 360 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
 361   assert(frame != NULL, "Must have a frame");
 362   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 363       frame->local_at(index));
 364 }
 365 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
 366   assert(frame != NULL, "Must have a frame");
 367   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 368       frame->stack_at(index));
 369 }
 370 TypeOrigin TypeOrigin::bad_index(u2 index) {
 371   return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
 372 }
 373 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
 374   return TypeOrigin(CONST_POOL, index, NULL, vt);
 375 }
 376 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 377   return TypeOrigin(SIG, 0, NULL, vt);
 378 }
 379 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 380   return TypeOrigin(IMPLICIT, 0, NULL, t);
 381 }
 382 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 383   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 384                     VerificationType::bogus_type());
 385 }
 386 
 387 void TypeOrigin::reset_frame() {
 388   if (_frame != NULL) {
 389     _frame->restore();
 390   }
 391 }
 392 
 393 void TypeOrigin::details(outputStream* ss) const {
 394   _type.print_on(ss);
 395   switch (_origin) {
 396     case CF_LOCALS:
 397       ss->print(" (current frame, locals[%d])", _index);
 398       break;
 399     case CF_STACK:
 400       ss->print(" (current frame, stack[%d])", _index);
 401       break;
 402     case SM_LOCALS:
 403       ss->print(" (stack map, locals[%d])", _index);
 404       break;
 405     case SM_STACK:
 406       ss->print(" (stack map, stack[%d])", _index);
 407       break;
 408     case CONST_POOL:
 409       ss->print(" (constant pool %d)", _index);
 410       break;
 411     case SIG:
 412       ss->print(" (from method signature)");
 413       break;
 414     case IMPLICIT:
 415     case FRAME_ONLY:
 416     case NONE:
 417     default:
 418       ;
 419   }
 420 }
 421 
 422 #ifdef ASSERT
 423 void TypeOrigin::print_on(outputStream* str) const {
 424   str->print("{%d,%d,%p:", _origin, _index, _frame);
 425   if (_frame != NULL) {
 426     _frame->print_on(str);
 427   } else {
 428     str->print("null");
 429   }
 430   str->print(",");
 431   _type.print_on(str);
 432   str->print("}");
 433 }
 434 #endif
 435 
 436 void ErrorContext::details(outputStream* ss, const Method* method) const {
 437   if (is_valid()) {
 438     ss->cr();
 439     ss->print_cr("Exception Details:");
 440     location_details(ss, method);
 441     reason_details(ss);
 442     frame_details(ss);
 443     bytecode_details(ss, method);
 444     handler_details(ss, method);
 445     stackmap_details(ss, method);
 446   }
 447 }
 448 
 449 void ErrorContext::reason_details(outputStream* ss) const {
 450   streamIndentor si(ss);
 451   ss->indent().print_cr("Reason:");
 452   streamIndentor si2(ss);
 453   ss->indent().print("%s", "");
 454   switch (_fault) {
 455     case INVALID_BYTECODE:
 456       ss->print("Error exists in the bytecode");
 457       break;
 458     case WRONG_TYPE:
 459       if (_expected.is_valid()) {
 460         ss->print("Type ");
 461         _type.details(ss);
 462         ss->print(" is not assignable to ");
 463         _expected.details(ss);
 464       } else {
 465         ss->print("Invalid type: ");
 466         _type.details(ss);
 467       }
 468       break;
 469     case FLAGS_MISMATCH:
 470       if (_expected.is_valid()) {
 471         ss->print("Current frame's flags are not assignable "
 472                   "to stack map frame's.");
 473       } else {
 474         ss->print("Current frame's flags are invalid in this context.");
 475       }
 476       break;
 477     case BAD_CP_INDEX:
 478       ss->print("Constant pool index %d is invalid", _type.index());
 479       break;
 480     case BAD_LOCAL_INDEX:
 481       ss->print("Local index %d is invalid", _type.index());
 482       break;
 483     case LOCALS_SIZE_MISMATCH:
 484       ss->print("Current frame's local size doesn't match stackmap.");
 485       break;
 486     case STACK_SIZE_MISMATCH:
 487       ss->print("Current frame's stack size doesn't match stackmap.");
 488       break;
 489     case STACK_OVERFLOW:
 490       ss->print("Exceeded max stack size.");
 491       break;
 492     case STACK_UNDERFLOW:
 493       ss->print("Attempt to pop empty stack.");
 494       break;
 495     case MISSING_STACKMAP:
 496       ss->print("Expected stackmap frame at this location.");
 497       break;
 498     case BAD_STACKMAP:
 499       ss->print("Invalid stackmap specification.");
 500       break;
 501     case UNKNOWN:
 502     default:
 503       ShouldNotReachHere();
 504       ss->print_cr("Unknown");
 505   }
 506   ss->cr();
 507 }
 508 
 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 510   if (_bci != -1 && method != NULL) {
 511     streamIndentor si(ss);
 512     const char* bytecode_name = "<invalid>";
 513     if (method->validate_bci(_bci) != -1) {
 514       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 515       if (Bytecodes::is_defined(code)) {
 516           bytecode_name = Bytecodes::name(code);
 517       } else {
 518           bytecode_name = "<illegal>";
 519       }
 520     }
 521     InstanceKlass* ik = method->method_holder();
 522     ss->indent().print_cr("Location:");
 523     streamIndentor si2(ss);
 524     ss->indent().print_cr("%s.%s%s @%d: %s",
 525         ik->name()->as_C_string(), method->name()->as_C_string(),
 526         method->signature()->as_C_string(), _bci, bytecode_name);
 527   }
 528 }
 529 
 530 void ErrorContext::frame_details(outputStream* ss) const {
 531   streamIndentor si(ss);
 532   if (_type.is_valid() && _type.frame() != NULL) {
 533     ss->indent().print_cr("Current Frame:");
 534     streamIndentor si2(ss);
 535     _type.frame()->print_on(ss);
 536   }
 537   if (_expected.is_valid() && _expected.frame() != NULL) {
 538     ss->indent().print_cr("Stackmap Frame:");
 539     streamIndentor si2(ss);
 540     _expected.frame()->print_on(ss);
 541   }
 542 }
 543 
 544 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 545   if (method != NULL) {
 546     streamIndentor si(ss);
 547     ss->indent().print_cr("Bytecode:");
 548     streamIndentor si2(ss);
 549     ss->print_data(method->code_base(), method->code_size(), false);
 550   }
 551 }
 552 
 553 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 554   if (method != NULL) {
 555     streamIndentor si(ss);
 556     ExceptionTable table(method);
 557     if (table.length() > 0) {
 558       ss->indent().print_cr("Exception Handler Table:");
 559       streamIndentor si2(ss);
 560       for (int i = 0; i < table.length(); ++i) {
 561         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 562             table.end_pc(i), table.handler_pc(i));
 563       }
 564     }
 565   }
 566 }
 567 
 568 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 569   if (method != NULL && method->has_stackmap_table()) {
 570     streamIndentor si(ss);
 571     ss->indent().print_cr("Stackmap Table:");
 572     Array<u1>* data = method->stackmap_data();
 573     stack_map_table* sm_table =
 574         stack_map_table::at((address)data->adr_at(0));
 575     stack_map_frame* sm_frame = sm_table->entries();
 576     streamIndentor si2(ss);
 577     int current_offset = -1;
 578     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 579     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 580       ss->indent();
 581       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 582         sm_frame->print_truncated(ss, current_offset);
 583         return;
 584       }
 585       sm_frame->print_on(ss, current_offset);
 586       ss->cr();
 587       current_offset += sm_frame->offset_delta();
 588       sm_frame = sm_frame->next();
 589     }
 590   }
 591 }
 592 
 593 // Methods in ClassVerifier
 594 
 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 596     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 597       _message(NULL), _klass(klass) {
 598   _this_type = VerificationType::reference_type(klass->name());
 599 }
 600 
 601 ClassVerifier::~ClassVerifier() {
 602   // Decrement the reference count for any symbols created.
 603   if (_symbols != NULL) {
 604     for (int i = 0; i < _symbols->length(); i++) {
 605       Symbol* s = _symbols->at(i);
 606       s->decrement_refcount();
 607     }
 608   }
 609 }
 610 
 611 VerificationType ClassVerifier::object_type() const {
 612   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 613 }
 614 
 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 616   VerificationType vt = VerificationType::reference_type(
 617                          create_temporary_symbol(sig, (int)strlen(sig)));
 618   return TypeOrigin::implicit(vt);
 619 }
 620 
 621 
 622 void ClassVerifier::verify_class(TRAPS) {
 623   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 624 
 625   // Either verifying both local and remote classes or just remote classes.
 626   assert(BytecodeVerificationRemote, "Should not be here");
 627 
 628   Array<Method*>* methods = _klass->methods();
 629   int num_methods = methods->length();
 630 
 631   for (int index = 0; index < num_methods; index++) {
 632     // Check for recursive re-verification before each method.
 633     if (was_recursively_verified()) return;
 634 
 635     Method* m = methods->at(index);
 636     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 637       // If m is native or abstract, skip it.  It is checked in class file
 638       // parser that methods do not override a final method.  Overpass methods
 639       // are trusted since the VM generates them.
 640       continue;
 641     }
 642     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 643   }
 644 
 645   if (was_recursively_verified()){
 646     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 647     log_info(class, init)("Recursive verification detected for: %s",
 648                         _klass->external_name());
 649   }
 650 }
 651 
 652 // Translate the signature entries into verification types and save them in
 653 // the growable array.  Also, save the count of arguments.
 654 void ClassVerifier::translate_signature(Symbol* const method_sig,
 655                                         sig_as_verification_types* sig_verif_types) {
 656   SignatureStream sig_stream(method_sig);
 657   VerificationType sig_type[2];
 658   int sig_i = 0;
 659   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 660 
 661   // Translate the signature arguments into verification types.
 662   while (!sig_stream.at_return_type()) {
 663     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 664     assert(n <= 2, "Unexpected signature type");
 665 
 666     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 667     for (int x = 0; x < n; x++) {
 668       verif_types->push(sig_type[x]);
 669     }
 670     sig_i += n;
 671     sig_stream.next();
 672   }
 673 
 674   // Set final arg count, not including the return type.  The final arg count will
 675   // be compared with sig_verify_types' length to see if there is a return type.
 676   sig_verif_types->set_num_args(sig_i);
 677 
 678   // Store verification type(s) for the return type, if there is one.
 679   if (sig_stream.type() != T_VOID) {
 680     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 681     assert(n <= 2, "Unexpected signature return type");
 682     for (int y = 0; y < n; y++) {
 683       verif_types->push(sig_type[y]);
 684     }
 685   }
 686 }
 687 
 688 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 689                                             int sig_index) {
 690   // Translate the signature into verification types.
 691   ConstantPool* cp = _klass->constants();
 692   Symbol* const method_sig = cp->symbol_at(sig_index);
 693   translate_signature(method_sig, sig_verif_types);
 694 
 695   // Add the list of this signature's verification types to the table.
 696   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 697   assert(is_unique, "Duplicate entries in method_signature_table");
 698 }
 699 
 700 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 701   HandleMark hm(THREAD);
 702   _method = m;   // initialize _method
 703   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 704 
 705 // For clang, the only good constant format string is a literal constant format string.
 706 #define bad_type_msg "Bad type on operand stack in %s"
 707 
 708   int32_t max_stack = m->verifier_max_stack();
 709   int32_t max_locals = m->max_locals();
 710   constantPoolHandle cp(THREAD, m->constants());
 711 
 712   // Method signature was checked in ClassFileParser.
 713   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 714          "Invalid method signature");
 715 
 716   // Initial stack map frame: offset is 0, stack is initially empty.
 717   StackMapFrame current_frame(max_locals, max_stack, this);
 718   // Set initial locals
 719   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 720 
 721   int32_t stackmap_index = 0; // index to the stackmap array
 722 
 723   u4 code_length = m->code_size();
 724 
 725   // Scan the bytecode and map each instruction's start offset to a number.
 726   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 727 
 728   int ex_min = code_length;
 729   int ex_max = -1;
 730   // Look through each item on the exception table. Each of the fields must refer
 731   // to a legal instruction.
 732   if (was_recursively_verified()) return;
 733   verify_exception_handler_table(
 734     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 735 
 736   // Look through each entry on the local variable table and make sure
 737   // its range of code array offsets is valid. (4169817)
 738   if (m->has_localvariable_table()) {
 739     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 740   }
 741 
 742   Array<u1>* stackmap_data = m->stackmap_data();
 743   StackMapStream stream(stackmap_data);
 744   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 745   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 746                                code_data, code_length, CHECK_VERIFY(this));
 747 
 748   LogTarget(Debug, verification) lt;
 749   if (lt.is_enabled()) {
 750     ResourceMark rm(THREAD);
 751     LogStream ls(lt);
 752     stackmap_table.print_on(&ls);
 753   }
 754 
 755   RawBytecodeStream bcs(m);
 756 
 757   // Scan the byte code linearly from the start to the end
 758   bool no_control_flow = false; // Set to true when there is no direct control
 759                                 // flow from current instruction to the next
 760                                 // instruction in sequence
 761 
 762   Bytecodes::Code opcode;
 763   while (!bcs.is_last_bytecode()) {
 764     // Check for recursive re-verification before each bytecode.
 765     if (was_recursively_verified())  return;
 766 
 767     opcode = bcs.raw_next();
 768     u2 bci = bcs.bci();
 769 
 770     // Set current frame's offset to bci
 771     current_frame.set_offset(bci);
 772     current_frame.set_mark();
 773 
 774     // Make sure every offset in stackmap table point to the beginning to
 775     // an instruction. Match current_frame to stackmap_table entry with
 776     // the same offset if exists.
 777     stackmap_index = verify_stackmap_table(
 778       stackmap_index, bci, &current_frame, &stackmap_table,
 779       no_control_flow, CHECK_VERIFY(this));
 780 
 781 
 782     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 783     bool verified_exc_handlers = false;
 784 
 785     // Merge with the next instruction
 786     {
 787       u2 index;
 788       int target;
 789       VerificationType type, type2;
 790       VerificationType atype;
 791 
 792       LogTarget(Debug, verification) lt;
 793       if (lt.is_enabled()) {
 794         ResourceMark rm(THREAD);
 795         LogStream ls(lt);
 796         current_frame.print_on(&ls);
 797         lt.print("offset = %d,  opcode = %s", bci,
 798                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 799       }
 800 
 801       // Make sure wide instruction is in correct format
 802       if (bcs.is_wide()) {
 803         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 804             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 805             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 806             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 807             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 808             opcode != Bytecodes::_dstore) {
 809           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 810            * if we encounter a wide instruction that modifies an invalid
 811            * opcode (not one of the ones listed above) */
 812           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 813           return;
 814         }
 815       }
 816 
 817       // Look for possible jump target in exception handlers and see if it
 818       // matches current_frame.  Do this check here for astore*, dstore*,
 819       // fstore*, istore*, and lstore* opcodes because they can change the type
 820       // state by adding a local.  JVM Spec says that the incoming type state
 821       // should be used for this check.  So, do the check here before a possible
 822       // local is added to the type state.
 823       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 824         if (was_recursively_verified()) return;
 825         verify_exception_handler_targets(
 826           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 827         verified_exc_handlers = true;
 828       }
 829 
 830       if (was_recursively_verified()) return;
 831 
 832       switch (opcode) {
 833         case Bytecodes::_nop :
 834           no_control_flow = false; break;
 835         case Bytecodes::_aconst_null :
 836           current_frame.push_stack(
 837             VerificationType::null_type(), CHECK_VERIFY(this));
 838           no_control_flow = false; break;
 839         case Bytecodes::_iconst_m1 :
 840         case Bytecodes::_iconst_0 :
 841         case Bytecodes::_iconst_1 :
 842         case Bytecodes::_iconst_2 :
 843         case Bytecodes::_iconst_3 :
 844         case Bytecodes::_iconst_4 :
 845         case Bytecodes::_iconst_5 :
 846           current_frame.push_stack(
 847             VerificationType::integer_type(), CHECK_VERIFY(this));
 848           no_control_flow = false; break;
 849         case Bytecodes::_lconst_0 :
 850         case Bytecodes::_lconst_1 :
 851           current_frame.push_stack_2(
 852             VerificationType::long_type(),
 853             VerificationType::long2_type(), CHECK_VERIFY(this));
 854           no_control_flow = false; break;
 855         case Bytecodes::_fconst_0 :
 856         case Bytecodes::_fconst_1 :
 857         case Bytecodes::_fconst_2 :
 858           current_frame.push_stack(
 859             VerificationType::float_type(), CHECK_VERIFY(this));
 860           no_control_flow = false; break;
 861         case Bytecodes::_dconst_0 :
 862         case Bytecodes::_dconst_1 :
 863           current_frame.push_stack_2(
 864             VerificationType::double_type(),
 865             VerificationType::double2_type(), CHECK_VERIFY(this));
 866           no_control_flow = false; break;
 867         case Bytecodes::_sipush :
 868         case Bytecodes::_bipush :
 869           current_frame.push_stack(
 870             VerificationType::integer_type(), CHECK_VERIFY(this));
 871           no_control_flow = false; break;
 872         case Bytecodes::_ldc :
 873           verify_ldc(
 874             opcode, bcs.get_index_u1(), &current_frame,
 875             cp, bci, CHECK_VERIFY(this));
 876           no_control_flow = false; break;
 877         case Bytecodes::_ldc_w :
 878         case Bytecodes::_ldc2_w :
 879           verify_ldc(
 880             opcode, bcs.get_index_u2(), &current_frame,
 881             cp, bci, CHECK_VERIFY(this));
 882           no_control_flow = false; break;
 883         case Bytecodes::_iload :
 884           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 885           no_control_flow = false; break;
 886         case Bytecodes::_iload_0 :
 887         case Bytecodes::_iload_1 :
 888         case Bytecodes::_iload_2 :
 889         case Bytecodes::_iload_3 :
 890           index = opcode - Bytecodes::_iload_0;
 891           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 892           no_control_flow = false; break;
 893         case Bytecodes::_lload :
 894           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 895           no_control_flow = false; break;
 896         case Bytecodes::_lload_0 :
 897         case Bytecodes::_lload_1 :
 898         case Bytecodes::_lload_2 :
 899         case Bytecodes::_lload_3 :
 900           index = opcode - Bytecodes::_lload_0;
 901           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 902           no_control_flow = false; break;
 903         case Bytecodes::_fload :
 904           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 905           no_control_flow = false; break;
 906         case Bytecodes::_fload_0 :
 907         case Bytecodes::_fload_1 :
 908         case Bytecodes::_fload_2 :
 909         case Bytecodes::_fload_3 :
 910           index = opcode - Bytecodes::_fload_0;
 911           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 912           no_control_flow = false; break;
 913         case Bytecodes::_dload :
 914           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 915           no_control_flow = false; break;
 916         case Bytecodes::_dload_0 :
 917         case Bytecodes::_dload_1 :
 918         case Bytecodes::_dload_2 :
 919         case Bytecodes::_dload_3 :
 920           index = opcode - Bytecodes::_dload_0;
 921           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 922           no_control_flow = false; break;
 923         case Bytecodes::_aload :
 924           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 925           no_control_flow = false; break;
 926         case Bytecodes::_aload_0 :
 927         case Bytecodes::_aload_1 :
 928         case Bytecodes::_aload_2 :
 929         case Bytecodes::_aload_3 :
 930           index = opcode - Bytecodes::_aload_0;
 931           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 932           no_control_flow = false; break;
 933         case Bytecodes::_iaload :
 934           type = current_frame.pop_stack(
 935             VerificationType::integer_type(), CHECK_VERIFY(this));
 936           atype = current_frame.pop_stack(
 937             VerificationType::reference_check(), CHECK_VERIFY(this));
 938           if (!atype.is_int_array()) {
 939             verify_error(ErrorContext::bad_type(bci,
 940                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 941                 bad_type_msg, "iaload");
 942             return;
 943           }
 944           current_frame.push_stack(
 945             VerificationType::integer_type(), CHECK_VERIFY(this));
 946           no_control_flow = false; break;
 947         case Bytecodes::_baload :
 948           type = current_frame.pop_stack(
 949             VerificationType::integer_type(), CHECK_VERIFY(this));
 950           atype = current_frame.pop_stack(
 951             VerificationType::reference_check(), CHECK_VERIFY(this));
 952           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 953             verify_error(
 954                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 955                 bad_type_msg, "baload");
 956             return;
 957           }
 958           current_frame.push_stack(
 959             VerificationType::integer_type(), CHECK_VERIFY(this));
 960           no_control_flow = false; break;
 961         case Bytecodes::_caload :
 962           type = current_frame.pop_stack(
 963             VerificationType::integer_type(), CHECK_VERIFY(this));
 964           atype = current_frame.pop_stack(
 965             VerificationType::reference_check(), CHECK_VERIFY(this));
 966           if (!atype.is_char_array()) {
 967             verify_error(ErrorContext::bad_type(bci,
 968                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 969                 bad_type_msg, "caload");
 970             return;
 971           }
 972           current_frame.push_stack(
 973             VerificationType::integer_type(), CHECK_VERIFY(this));
 974           no_control_flow = false; break;
 975         case Bytecodes::_saload :
 976           type = current_frame.pop_stack(
 977             VerificationType::integer_type(), CHECK_VERIFY(this));
 978           atype = current_frame.pop_stack(
 979             VerificationType::reference_check(), CHECK_VERIFY(this));
 980           if (!atype.is_short_array()) {
 981             verify_error(ErrorContext::bad_type(bci,
 982                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 983                 bad_type_msg, "saload");
 984             return;
 985           }
 986           current_frame.push_stack(
 987             VerificationType::integer_type(), CHECK_VERIFY(this));
 988           no_control_flow = false; break;
 989         case Bytecodes::_laload :
 990           type = current_frame.pop_stack(
 991             VerificationType::integer_type(), CHECK_VERIFY(this));
 992           atype = current_frame.pop_stack(
 993             VerificationType::reference_check(), CHECK_VERIFY(this));
 994           if (!atype.is_long_array()) {
 995             verify_error(ErrorContext::bad_type(bci,
 996                 current_frame.stack_top_ctx(), ref_ctx("[J")),
 997                 bad_type_msg, "laload");
 998             return;
 999           }
1000           current_frame.push_stack_2(
1001             VerificationType::long_type(),
1002             VerificationType::long2_type(), CHECK_VERIFY(this));
1003           no_control_flow = false; break;
1004         case Bytecodes::_faload :
1005           type = current_frame.pop_stack(
1006             VerificationType::integer_type(), CHECK_VERIFY(this));
1007           atype = current_frame.pop_stack(
1008             VerificationType::reference_check(), CHECK_VERIFY(this));
1009           if (!atype.is_float_array()) {
1010             verify_error(ErrorContext::bad_type(bci,
1011                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1012                 bad_type_msg, "faload");
1013             return;
1014           }
1015           current_frame.push_stack(
1016             VerificationType::float_type(), CHECK_VERIFY(this));
1017           no_control_flow = false; break;
1018         case Bytecodes::_daload :
1019           type = current_frame.pop_stack(
1020             VerificationType::integer_type(), CHECK_VERIFY(this));
1021           atype = current_frame.pop_stack(
1022             VerificationType::reference_check(), CHECK_VERIFY(this));
1023           if (!atype.is_double_array()) {
1024             verify_error(ErrorContext::bad_type(bci,
1025                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1026                 bad_type_msg, "daload");
1027             return;
1028           }
1029           current_frame.push_stack_2(
1030             VerificationType::double_type(),
1031             VerificationType::double2_type(), CHECK_VERIFY(this));
1032           no_control_flow = false; break;
1033         case Bytecodes::_aaload : {
1034           type = current_frame.pop_stack(
1035             VerificationType::integer_type(), CHECK_VERIFY(this));
1036           atype = current_frame.pop_stack(
1037             VerificationType::reference_check(), CHECK_VERIFY(this));
1038           if (!atype.is_reference_array()) {
1039             verify_error(ErrorContext::bad_type(bci,
1040                 current_frame.stack_top_ctx(),
1041                 TypeOrigin::implicit(VerificationType::reference_check())),
1042                 bad_type_msg, "aaload");
1043             return;
1044           }
1045           if (atype.is_null()) {
1046             current_frame.push_stack(
1047               VerificationType::null_type(), CHECK_VERIFY(this));
1048           } else {
1049             VerificationType component = atype.get_component(this);
1050             current_frame.push_stack(component, CHECK_VERIFY(this));
1051           }
1052           no_control_flow = false; break;
1053         }
1054         case Bytecodes::_istore :
1055           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1056           no_control_flow = false; break;
1057         case Bytecodes::_istore_0 :
1058         case Bytecodes::_istore_1 :
1059         case Bytecodes::_istore_2 :
1060         case Bytecodes::_istore_3 :
1061           index = opcode - Bytecodes::_istore_0;
1062           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1063           no_control_flow = false; break;
1064         case Bytecodes::_lstore :
1065           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1066           no_control_flow = false; break;
1067         case Bytecodes::_lstore_0 :
1068         case Bytecodes::_lstore_1 :
1069         case Bytecodes::_lstore_2 :
1070         case Bytecodes::_lstore_3 :
1071           index = opcode - Bytecodes::_lstore_0;
1072           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1073           no_control_flow = false; break;
1074         case Bytecodes::_fstore :
1075           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1076           no_control_flow = false; break;
1077         case Bytecodes::_fstore_0 :
1078         case Bytecodes::_fstore_1 :
1079         case Bytecodes::_fstore_2 :
1080         case Bytecodes::_fstore_3 :
1081           index = opcode - Bytecodes::_fstore_0;
1082           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1083           no_control_flow = false; break;
1084         case Bytecodes::_dstore :
1085           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1086           no_control_flow = false; break;
1087         case Bytecodes::_dstore_0 :
1088         case Bytecodes::_dstore_1 :
1089         case Bytecodes::_dstore_2 :
1090         case Bytecodes::_dstore_3 :
1091           index = opcode - Bytecodes::_dstore_0;
1092           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1093           no_control_flow = false; break;
1094         case Bytecodes::_astore :
1095           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1096           no_control_flow = false; break;
1097         case Bytecodes::_astore_0 :
1098         case Bytecodes::_astore_1 :
1099         case Bytecodes::_astore_2 :
1100         case Bytecodes::_astore_3 :
1101           index = opcode - Bytecodes::_astore_0;
1102           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1103           no_control_flow = false; break;
1104         case Bytecodes::_iastore :
1105           type = current_frame.pop_stack(
1106             VerificationType::integer_type(), CHECK_VERIFY(this));
1107           type2 = current_frame.pop_stack(
1108             VerificationType::integer_type(), CHECK_VERIFY(this));
1109           atype = current_frame.pop_stack(
1110             VerificationType::reference_check(), CHECK_VERIFY(this));
1111           if (!atype.is_int_array()) {
1112             verify_error(ErrorContext::bad_type(bci,
1113                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1114                 bad_type_msg, "iastore");
1115             return;
1116           }
1117           no_control_flow = false; break;
1118         case Bytecodes::_bastore :
1119           type = current_frame.pop_stack(
1120             VerificationType::integer_type(), CHECK_VERIFY(this));
1121           type2 = current_frame.pop_stack(
1122             VerificationType::integer_type(), CHECK_VERIFY(this));
1123           atype = current_frame.pop_stack(
1124             VerificationType::reference_check(), CHECK_VERIFY(this));
1125           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1126             verify_error(
1127                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1128                 bad_type_msg, "bastore");
1129             return;
1130           }
1131           no_control_flow = false; break;
1132         case Bytecodes::_castore :
1133           current_frame.pop_stack(
1134             VerificationType::integer_type(), CHECK_VERIFY(this));
1135           current_frame.pop_stack(
1136             VerificationType::integer_type(), CHECK_VERIFY(this));
1137           atype = current_frame.pop_stack(
1138             VerificationType::reference_check(), CHECK_VERIFY(this));
1139           if (!atype.is_char_array()) {
1140             verify_error(ErrorContext::bad_type(bci,
1141                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1142                 bad_type_msg, "castore");
1143             return;
1144           }
1145           no_control_flow = false; break;
1146         case Bytecodes::_sastore :
1147           current_frame.pop_stack(
1148             VerificationType::integer_type(), CHECK_VERIFY(this));
1149           current_frame.pop_stack(
1150             VerificationType::integer_type(), CHECK_VERIFY(this));
1151           atype = current_frame.pop_stack(
1152             VerificationType::reference_check(), CHECK_VERIFY(this));
1153           if (!atype.is_short_array()) {
1154             verify_error(ErrorContext::bad_type(bci,
1155                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1156                 bad_type_msg, "sastore");
1157             return;
1158           }
1159           no_control_flow = false; break;
1160         case Bytecodes::_lastore :
1161           current_frame.pop_stack_2(
1162             VerificationType::long2_type(),
1163             VerificationType::long_type(), CHECK_VERIFY(this));
1164           current_frame.pop_stack(
1165             VerificationType::integer_type(), CHECK_VERIFY(this));
1166           atype = current_frame.pop_stack(
1167             VerificationType::reference_check(), CHECK_VERIFY(this));
1168           if (!atype.is_long_array()) {
1169             verify_error(ErrorContext::bad_type(bci,
1170                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1171                 bad_type_msg, "lastore");
1172             return;
1173           }
1174           no_control_flow = false; break;
1175         case Bytecodes::_fastore :
1176           current_frame.pop_stack(
1177             VerificationType::float_type(), CHECK_VERIFY(this));
1178           current_frame.pop_stack
1179             (VerificationType::integer_type(), CHECK_VERIFY(this));
1180           atype = current_frame.pop_stack(
1181             VerificationType::reference_check(), CHECK_VERIFY(this));
1182           if (!atype.is_float_array()) {
1183             verify_error(ErrorContext::bad_type(bci,
1184                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1185                 bad_type_msg, "fastore");
1186             return;
1187           }
1188           no_control_flow = false; break;
1189         case Bytecodes::_dastore :
1190           current_frame.pop_stack_2(
1191             VerificationType::double2_type(),
1192             VerificationType::double_type(), CHECK_VERIFY(this));
1193           current_frame.pop_stack(
1194             VerificationType::integer_type(), CHECK_VERIFY(this));
1195           atype = current_frame.pop_stack(
1196             VerificationType::reference_check(), CHECK_VERIFY(this));
1197           if (!atype.is_double_array()) {
1198             verify_error(ErrorContext::bad_type(bci,
1199                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1200                 bad_type_msg, "dastore");
1201             return;
1202           }
1203           no_control_flow = false; break;
1204         case Bytecodes::_aastore :
1205           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1206           type2 = current_frame.pop_stack(
1207             VerificationType::integer_type(), CHECK_VERIFY(this));
1208           atype = current_frame.pop_stack(
1209             VerificationType::reference_check(), CHECK_VERIFY(this));
1210           // more type-checking is done at runtime
1211           if (!atype.is_reference_array()) {
1212             verify_error(ErrorContext::bad_type(bci,
1213                 current_frame.stack_top_ctx(),
1214                 TypeOrigin::implicit(VerificationType::reference_check())),
1215                 bad_type_msg, "aastore");
1216             return;
1217           }
1218           // 4938384: relaxed constraint in JVMS 3rd edition.
1219           no_control_flow = false; break;
1220         case Bytecodes::_pop :
1221           current_frame.pop_stack(
1222             VerificationType::category1_check(), CHECK_VERIFY(this));
1223           no_control_flow = false; break;
1224         case Bytecodes::_pop2 :
1225           type = current_frame.pop_stack(CHECK_VERIFY(this));
1226           if (type.is_category1()) {
1227             current_frame.pop_stack(
1228               VerificationType::category1_check(), CHECK_VERIFY(this));
1229           } else if (type.is_category2_2nd()) {
1230             current_frame.pop_stack(
1231               VerificationType::category2_check(), CHECK_VERIFY(this));
1232           } else {
1233             /* Unreachable? Would need a category2_1st on TOS
1234              * which does not appear possible. */
1235             verify_error(
1236                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1237                 bad_type_msg, "pop2");
1238             return;
1239           }
1240           no_control_flow = false; break;
1241         case Bytecodes::_dup :
1242           type = current_frame.pop_stack(
1243             VerificationType::category1_check(), CHECK_VERIFY(this));
1244           current_frame.push_stack(type, CHECK_VERIFY(this));
1245           current_frame.push_stack(type, CHECK_VERIFY(this));
1246           no_control_flow = false; break;
1247         case Bytecodes::_dup_x1 :
1248           type = current_frame.pop_stack(
1249             VerificationType::category1_check(), CHECK_VERIFY(this));
1250           type2 = current_frame.pop_stack(
1251             VerificationType::category1_check(), CHECK_VERIFY(this));
1252           current_frame.push_stack(type, CHECK_VERIFY(this));
1253           current_frame.push_stack(type2, CHECK_VERIFY(this));
1254           current_frame.push_stack(type, CHECK_VERIFY(this));
1255           no_control_flow = false; break;
1256         case Bytecodes::_dup_x2 :
1257         {
1258           VerificationType type3;
1259           type = current_frame.pop_stack(
1260             VerificationType::category1_check(), CHECK_VERIFY(this));
1261           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1262           if (type2.is_category1()) {
1263             type3 = current_frame.pop_stack(
1264               VerificationType::category1_check(), CHECK_VERIFY(this));
1265           } else if (type2.is_category2_2nd()) {
1266             type3 = current_frame.pop_stack(
1267               VerificationType::category2_check(), CHECK_VERIFY(this));
1268           } else {
1269             /* Unreachable? Would need a category2_1st at stack depth 2 with
1270              * a category1 on TOS which does not appear possible. */
1271             verify_error(ErrorContext::bad_type(
1272                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1273             return;
1274           }
1275           current_frame.push_stack(type, CHECK_VERIFY(this));
1276           current_frame.push_stack(type3, CHECK_VERIFY(this));
1277           current_frame.push_stack(type2, CHECK_VERIFY(this));
1278           current_frame.push_stack(type, CHECK_VERIFY(this));
1279           no_control_flow = false; break;
1280         }
1281         case Bytecodes::_dup2 :
1282           type = current_frame.pop_stack(CHECK_VERIFY(this));
1283           if (type.is_category1()) {
1284             type2 = current_frame.pop_stack(
1285               VerificationType::category1_check(), CHECK_VERIFY(this));
1286           } else if (type.is_category2_2nd()) {
1287             type2 = current_frame.pop_stack(
1288               VerificationType::category2_check(), CHECK_VERIFY(this));
1289           } else {
1290             /* Unreachable?  Would need a category2_1st on TOS which does not
1291              * appear possible. */
1292             verify_error(
1293                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1294                 bad_type_msg, "dup2");
1295             return;
1296           }
1297           current_frame.push_stack(type2, CHECK_VERIFY(this));
1298           current_frame.push_stack(type, CHECK_VERIFY(this));
1299           current_frame.push_stack(type2, CHECK_VERIFY(this));
1300           current_frame.push_stack(type, CHECK_VERIFY(this));
1301           no_control_flow = false; break;
1302         case Bytecodes::_dup2_x1 :
1303         {
1304           VerificationType type3;
1305           type = current_frame.pop_stack(CHECK_VERIFY(this));
1306           if (type.is_category1()) {
1307             type2 = current_frame.pop_stack(
1308               VerificationType::category1_check(), CHECK_VERIFY(this));
1309           } else if (type.is_category2_2nd()) {
1310             type2 = current_frame.pop_stack(
1311               VerificationType::category2_check(), CHECK_VERIFY(this));
1312           } else {
1313             /* Unreachable?  Would need a category2_1st on TOS which does
1314              * not appear possible. */
1315             verify_error(
1316                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1317                 bad_type_msg, "dup2_x1");
1318             return;
1319           }
1320           type3 = current_frame.pop_stack(
1321             VerificationType::category1_check(), CHECK_VERIFY(this));
1322           current_frame.push_stack(type2, CHECK_VERIFY(this));
1323           current_frame.push_stack(type, CHECK_VERIFY(this));
1324           current_frame.push_stack(type3, CHECK_VERIFY(this));
1325           current_frame.push_stack(type2, CHECK_VERIFY(this));
1326           current_frame.push_stack(type, CHECK_VERIFY(this));
1327           no_control_flow = false; break;
1328         }
1329         case Bytecodes::_dup2_x2 :
1330         {
1331           VerificationType type3, type4;
1332           type = current_frame.pop_stack(CHECK_VERIFY(this));
1333           if (type.is_category1()) {
1334             type2 = current_frame.pop_stack(
1335               VerificationType::category1_check(), CHECK_VERIFY(this));
1336           } else if (type.is_category2_2nd()) {
1337             type2 = current_frame.pop_stack(
1338               VerificationType::category2_check(), CHECK_VERIFY(this));
1339           } else {
1340             /* Unreachable?  Would need a category2_1st on TOS which does
1341              * not appear possible. */
1342             verify_error(
1343                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1344                 bad_type_msg, "dup2_x2");
1345             return;
1346           }
1347           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1348           if (type3.is_category1()) {
1349             type4 = current_frame.pop_stack(
1350               VerificationType::category1_check(), CHECK_VERIFY(this));
1351           } else if (type3.is_category2_2nd()) {
1352             type4 = current_frame.pop_stack(
1353               VerificationType::category2_check(), CHECK_VERIFY(this));
1354           } else {
1355             /* Unreachable?  Would need a category2_1st on TOS after popping
1356              * a long/double or two category 1's, which does not
1357              * appear possible. */
1358             verify_error(
1359                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1360                 bad_type_msg, "dup2_x2");
1361             return;
1362           }
1363           current_frame.push_stack(type2, CHECK_VERIFY(this));
1364           current_frame.push_stack(type, CHECK_VERIFY(this));
1365           current_frame.push_stack(type4, CHECK_VERIFY(this));
1366           current_frame.push_stack(type3, CHECK_VERIFY(this));
1367           current_frame.push_stack(type2, CHECK_VERIFY(this));
1368           current_frame.push_stack(type, CHECK_VERIFY(this));
1369           no_control_flow = false; break;
1370         }
1371         case Bytecodes::_swap :
1372           type = current_frame.pop_stack(
1373             VerificationType::category1_check(), CHECK_VERIFY(this));
1374           type2 = current_frame.pop_stack(
1375             VerificationType::category1_check(), CHECK_VERIFY(this));
1376           current_frame.push_stack(type, CHECK_VERIFY(this));
1377           current_frame.push_stack(type2, CHECK_VERIFY(this));
1378           no_control_flow = false; break;
1379         case Bytecodes::_iadd :
1380         case Bytecodes::_isub :
1381         case Bytecodes::_imul :
1382         case Bytecodes::_idiv :
1383         case Bytecodes::_irem :
1384         case Bytecodes::_ishl :
1385         case Bytecodes::_ishr :
1386         case Bytecodes::_iushr :
1387         case Bytecodes::_ior :
1388         case Bytecodes::_ixor :
1389         case Bytecodes::_iand :
1390           current_frame.pop_stack(
1391             VerificationType::integer_type(), CHECK_VERIFY(this));
1392           // fall through
1393         case Bytecodes::_ineg :
1394           current_frame.pop_stack(
1395             VerificationType::integer_type(), CHECK_VERIFY(this));
1396           current_frame.push_stack(
1397             VerificationType::integer_type(), CHECK_VERIFY(this));
1398           no_control_flow = false; break;
1399         case Bytecodes::_ladd :
1400         case Bytecodes::_lsub :
1401         case Bytecodes::_lmul :
1402         case Bytecodes::_ldiv :
1403         case Bytecodes::_lrem :
1404         case Bytecodes::_land :
1405         case Bytecodes::_lor :
1406         case Bytecodes::_lxor :
1407           current_frame.pop_stack_2(
1408             VerificationType::long2_type(),
1409             VerificationType::long_type(), CHECK_VERIFY(this));
1410           // fall through
1411         case Bytecodes::_lneg :
1412           current_frame.pop_stack_2(
1413             VerificationType::long2_type(),
1414             VerificationType::long_type(), CHECK_VERIFY(this));
1415           current_frame.push_stack_2(
1416             VerificationType::long_type(),
1417             VerificationType::long2_type(), CHECK_VERIFY(this));
1418           no_control_flow = false; break;
1419         case Bytecodes::_lshl :
1420         case Bytecodes::_lshr :
1421         case Bytecodes::_lushr :
1422           current_frame.pop_stack(
1423             VerificationType::integer_type(), CHECK_VERIFY(this));
1424           current_frame.pop_stack_2(
1425             VerificationType::long2_type(),
1426             VerificationType::long_type(), CHECK_VERIFY(this));
1427           current_frame.push_stack_2(
1428             VerificationType::long_type(),
1429             VerificationType::long2_type(), CHECK_VERIFY(this));
1430           no_control_flow = false; break;
1431         case Bytecodes::_fadd :
1432         case Bytecodes::_fsub :
1433         case Bytecodes::_fmul :
1434         case Bytecodes::_fdiv :
1435         case Bytecodes::_frem :
1436           current_frame.pop_stack(
1437             VerificationType::float_type(), CHECK_VERIFY(this));
1438           // fall through
1439         case Bytecodes::_fneg :
1440           current_frame.pop_stack(
1441             VerificationType::float_type(), CHECK_VERIFY(this));
1442           current_frame.push_stack(
1443             VerificationType::float_type(), CHECK_VERIFY(this));
1444           no_control_flow = false; break;
1445         case Bytecodes::_dadd :
1446         case Bytecodes::_dsub :
1447         case Bytecodes::_dmul :
1448         case Bytecodes::_ddiv :
1449         case Bytecodes::_drem :
1450           current_frame.pop_stack_2(
1451             VerificationType::double2_type(),
1452             VerificationType::double_type(), CHECK_VERIFY(this));
1453           // fall through
1454         case Bytecodes::_dneg :
1455           current_frame.pop_stack_2(
1456             VerificationType::double2_type(),
1457             VerificationType::double_type(), CHECK_VERIFY(this));
1458           current_frame.push_stack_2(
1459             VerificationType::double_type(),
1460             VerificationType::double2_type(), CHECK_VERIFY(this));
1461           no_control_flow = false; break;
1462         case Bytecodes::_iinc :
1463           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1464           no_control_flow = false; break;
1465         case Bytecodes::_i2l :
1466           type = current_frame.pop_stack(
1467             VerificationType::integer_type(), CHECK_VERIFY(this));
1468           current_frame.push_stack_2(
1469             VerificationType::long_type(),
1470             VerificationType::long2_type(), CHECK_VERIFY(this));
1471           no_control_flow = false; break;
1472        case Bytecodes::_l2i :
1473           current_frame.pop_stack_2(
1474             VerificationType::long2_type(),
1475             VerificationType::long_type(), CHECK_VERIFY(this));
1476           current_frame.push_stack(
1477             VerificationType::integer_type(), CHECK_VERIFY(this));
1478           no_control_flow = false; break;
1479         case Bytecodes::_i2f :
1480           current_frame.pop_stack(
1481             VerificationType::integer_type(), CHECK_VERIFY(this));
1482           current_frame.push_stack(
1483             VerificationType::float_type(), CHECK_VERIFY(this));
1484           no_control_flow = false; break;
1485         case Bytecodes::_i2d :
1486           current_frame.pop_stack(
1487             VerificationType::integer_type(), CHECK_VERIFY(this));
1488           current_frame.push_stack_2(
1489             VerificationType::double_type(),
1490             VerificationType::double2_type(), CHECK_VERIFY(this));
1491           no_control_flow = false; break;
1492         case Bytecodes::_l2f :
1493           current_frame.pop_stack_2(
1494             VerificationType::long2_type(),
1495             VerificationType::long_type(), CHECK_VERIFY(this));
1496           current_frame.push_stack(
1497             VerificationType::float_type(), CHECK_VERIFY(this));
1498           no_control_flow = false; break;
1499         case Bytecodes::_l2d :
1500           current_frame.pop_stack_2(
1501             VerificationType::long2_type(),
1502             VerificationType::long_type(), CHECK_VERIFY(this));
1503           current_frame.push_stack_2(
1504             VerificationType::double_type(),
1505             VerificationType::double2_type(), CHECK_VERIFY(this));
1506           no_control_flow = false; break;
1507         case Bytecodes::_f2i :
1508           current_frame.pop_stack(
1509             VerificationType::float_type(), CHECK_VERIFY(this));
1510           current_frame.push_stack(
1511             VerificationType::integer_type(), CHECK_VERIFY(this));
1512           no_control_flow = false; break;
1513         case Bytecodes::_f2l :
1514           current_frame.pop_stack(
1515             VerificationType::float_type(), CHECK_VERIFY(this));
1516           current_frame.push_stack_2(
1517             VerificationType::long_type(),
1518             VerificationType::long2_type(), CHECK_VERIFY(this));
1519           no_control_flow = false; break;
1520         case Bytecodes::_f2d :
1521           current_frame.pop_stack(
1522             VerificationType::float_type(), CHECK_VERIFY(this));
1523           current_frame.push_stack_2(
1524             VerificationType::double_type(),
1525             VerificationType::double2_type(), CHECK_VERIFY(this));
1526           no_control_flow = false; break;
1527         case Bytecodes::_d2i :
1528           current_frame.pop_stack_2(
1529             VerificationType::double2_type(),
1530             VerificationType::double_type(), CHECK_VERIFY(this));
1531           current_frame.push_stack(
1532             VerificationType::integer_type(), CHECK_VERIFY(this));
1533           no_control_flow = false; break;
1534         case Bytecodes::_d2l :
1535           current_frame.pop_stack_2(
1536             VerificationType::double2_type(),
1537             VerificationType::double_type(), CHECK_VERIFY(this));
1538           current_frame.push_stack_2(
1539             VerificationType::long_type(),
1540             VerificationType::long2_type(), CHECK_VERIFY(this));
1541           no_control_flow = false; break;
1542         case Bytecodes::_d2f :
1543           current_frame.pop_stack_2(
1544             VerificationType::double2_type(),
1545             VerificationType::double_type(), CHECK_VERIFY(this));
1546           current_frame.push_stack(
1547             VerificationType::float_type(), CHECK_VERIFY(this));
1548           no_control_flow = false; break;
1549         case Bytecodes::_i2b :
1550         case Bytecodes::_i2c :
1551         case Bytecodes::_i2s :
1552           current_frame.pop_stack(
1553             VerificationType::integer_type(), CHECK_VERIFY(this));
1554           current_frame.push_stack(
1555             VerificationType::integer_type(), CHECK_VERIFY(this));
1556           no_control_flow = false; break;
1557         case Bytecodes::_lcmp :
1558           current_frame.pop_stack_2(
1559             VerificationType::long2_type(),
1560             VerificationType::long_type(), CHECK_VERIFY(this));
1561           current_frame.pop_stack_2(
1562             VerificationType::long2_type(),
1563             VerificationType::long_type(), CHECK_VERIFY(this));
1564           current_frame.push_stack(
1565             VerificationType::integer_type(), CHECK_VERIFY(this));
1566           no_control_flow = false; break;
1567         case Bytecodes::_fcmpl :
1568         case Bytecodes::_fcmpg :
1569           current_frame.pop_stack(
1570             VerificationType::float_type(), CHECK_VERIFY(this));
1571           current_frame.pop_stack(
1572             VerificationType::float_type(), CHECK_VERIFY(this));
1573           current_frame.push_stack(
1574             VerificationType::integer_type(), CHECK_VERIFY(this));
1575           no_control_flow = false; break;
1576         case Bytecodes::_dcmpl :
1577         case Bytecodes::_dcmpg :
1578           current_frame.pop_stack_2(
1579             VerificationType::double2_type(),
1580             VerificationType::double_type(), CHECK_VERIFY(this));
1581           current_frame.pop_stack_2(
1582             VerificationType::double2_type(),
1583             VerificationType::double_type(), CHECK_VERIFY(this));
1584           current_frame.push_stack(
1585             VerificationType::integer_type(), CHECK_VERIFY(this));
1586           no_control_flow = false; break;
1587         case Bytecodes::_if_icmpeq:
1588         case Bytecodes::_if_icmpne:
1589         case Bytecodes::_if_icmplt:
1590         case Bytecodes::_if_icmpge:
1591         case Bytecodes::_if_icmpgt:
1592         case Bytecodes::_if_icmple:
1593           current_frame.pop_stack(
1594             VerificationType::integer_type(), CHECK_VERIFY(this));
1595           // fall through
1596         case Bytecodes::_ifeq:
1597         case Bytecodes::_ifne:
1598         case Bytecodes::_iflt:
1599         case Bytecodes::_ifge:
1600         case Bytecodes::_ifgt:
1601         case Bytecodes::_ifle:
1602           current_frame.pop_stack(
1603             VerificationType::integer_type(), CHECK_VERIFY(this));
1604           target = bcs.dest();
1605           stackmap_table.check_jump_target(
1606             &current_frame, target, CHECK_VERIFY(this));
1607           no_control_flow = false; break;
1608         case Bytecodes::_if_acmpeq :
1609         case Bytecodes::_if_acmpne :
1610           current_frame.pop_stack(
1611             VerificationType::reference_check(), CHECK_VERIFY(this));
1612           // fall through
1613         case Bytecodes::_ifnull :
1614         case Bytecodes::_ifnonnull :
1615           current_frame.pop_stack(
1616             VerificationType::reference_check(), CHECK_VERIFY(this));
1617           target = bcs.dest();
1618           stackmap_table.check_jump_target
1619             (&current_frame, target, CHECK_VERIFY(this));
1620           no_control_flow = false; break;
1621         case Bytecodes::_goto :
1622           target = bcs.dest();
1623           stackmap_table.check_jump_target(
1624             &current_frame, target, CHECK_VERIFY(this));
1625           no_control_flow = true; break;
1626         case Bytecodes::_goto_w :
1627           target = bcs.dest_w();
1628           stackmap_table.check_jump_target(
1629             &current_frame, target, CHECK_VERIFY(this));
1630           no_control_flow = true; break;
1631         case Bytecodes::_tableswitch :
1632         case Bytecodes::_lookupswitch :
1633           verify_switch(
1634             &bcs, code_length, code_data, &current_frame,
1635             &stackmap_table, CHECK_VERIFY(this));
1636           no_control_flow = true; break;
1637         case Bytecodes::_ireturn :
1638           type = current_frame.pop_stack(
1639             VerificationType::integer_type(), CHECK_VERIFY(this));
1640           verify_return_value(return_type, type, bci,
1641                               &current_frame, CHECK_VERIFY(this));
1642           no_control_flow = true; break;
1643         case Bytecodes::_lreturn :
1644           type2 = current_frame.pop_stack(
1645             VerificationType::long2_type(), CHECK_VERIFY(this));
1646           type = current_frame.pop_stack(
1647             VerificationType::long_type(), CHECK_VERIFY(this));
1648           verify_return_value(return_type, type, bci,
1649                               &current_frame, CHECK_VERIFY(this));
1650           no_control_flow = true; break;
1651         case Bytecodes::_freturn :
1652           type = current_frame.pop_stack(
1653             VerificationType::float_type(), CHECK_VERIFY(this));
1654           verify_return_value(return_type, type, bci,
1655                               &current_frame, CHECK_VERIFY(this));
1656           no_control_flow = true; break;
1657         case Bytecodes::_dreturn :
1658           type2 = current_frame.pop_stack(
1659             VerificationType::double2_type(),  CHECK_VERIFY(this));
1660           type = current_frame.pop_stack(
1661             VerificationType::double_type(), CHECK_VERIFY(this));
1662           verify_return_value(return_type, type, bci,
1663                               &current_frame, CHECK_VERIFY(this));
1664           no_control_flow = true; break;
1665         case Bytecodes::_areturn :
1666           type = current_frame.pop_stack(
1667             VerificationType::reference_check(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_return :
1672           if (return_type != VerificationType::bogus_type()) {
1673             verify_error(ErrorContext::bad_code(bci),
1674                          "Method expects a return value");
1675             return;
1676           }
1677           // Make sure "this" has been initialized if current method is an
1678           // <init>.
1679           if (_method->name() == vmSymbols::object_initializer_name() &&
1680               current_frame.flag_this_uninit()) {
1681             verify_error(ErrorContext::bad_code(bci),
1682                          "Constructor must call super() or this() "
1683                          "before return");
1684             return;
1685           }
1686           no_control_flow = true; break;
1687         case Bytecodes::_getstatic :
1688         case Bytecodes::_putstatic :
1689           // pass TRUE, operand can be an array type for getstatic/putstatic.
1690           verify_field_instructions(
1691             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1692           no_control_flow = false; break;
1693         case Bytecodes::_getfield :
1694         case Bytecodes::_putfield :
1695           // pass FALSE, operand can't be an array type for getfield/putfield.
1696           verify_field_instructions(
1697             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1698           no_control_flow = false; break;
1699         case Bytecodes::_invokevirtual :
1700         case Bytecodes::_invokespecial :
1701         case Bytecodes::_invokestatic :
1702           verify_invoke_instructions(
1703             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1704             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1705           no_control_flow = false; break;
1706         case Bytecodes::_invokeinterface :
1707         case Bytecodes::_invokedynamic :
1708           verify_invoke_instructions(
1709             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1710             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711           no_control_flow = false; break;
1712         case Bytecodes::_new :
1713         {
1714           index = bcs.get_index_u2();
1715           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1716           VerificationType new_class_type =
1717             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1718           if (!new_class_type.is_object()) {
1719             verify_error(ErrorContext::bad_type(bci,
1720                 TypeOrigin::cp(index, new_class_type)),
1721                 "Illegal new instruction");
1722             return;
1723           }
1724           type = VerificationType::uninitialized_type(bci);
1725           current_frame.push_stack(type, CHECK_VERIFY(this));
1726           no_control_flow = false; break;
1727         }
1728         case Bytecodes::_newarray :
1729           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1730           current_frame.pop_stack(
1731             VerificationType::integer_type(),  CHECK_VERIFY(this));
1732           current_frame.push_stack(type, CHECK_VERIFY(this));
1733           no_control_flow = false; break;
1734         case Bytecodes::_anewarray :
1735           verify_anewarray(
1736             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1737           no_control_flow = false; break;
1738         case Bytecodes::_arraylength :
1739           type = current_frame.pop_stack(
1740             VerificationType::reference_check(), CHECK_VERIFY(this));
1741           if (!(type.is_null() || type.is_array())) {
1742             verify_error(ErrorContext::bad_type(
1743                 bci, current_frame.stack_top_ctx()),
1744                 bad_type_msg, "arraylength");
1745           }
1746           current_frame.push_stack(
1747             VerificationType::integer_type(), CHECK_VERIFY(this));
1748           no_control_flow = false; break;
1749         case Bytecodes::_checkcast :
1750         {
1751           index = bcs.get_index_u2();
1752           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1753           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1754           VerificationType klass_type = cp_index_to_type(
1755             index, cp, CHECK_VERIFY(this));
1756           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1757           no_control_flow = false; break;
1758         }
1759         case Bytecodes::_instanceof : {
1760           index = bcs.get_index_u2();
1761           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1762           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1763           current_frame.push_stack(
1764             VerificationType::integer_type(), CHECK_VERIFY(this));
1765           no_control_flow = false; break;
1766         }
1767         case Bytecodes::_monitorenter :
1768         case Bytecodes::_monitorexit :
1769           current_frame.pop_stack(
1770             VerificationType::reference_check(), CHECK_VERIFY(this));
1771           no_control_flow = false; break;
1772         case Bytecodes::_multianewarray :
1773         {
1774           index = bcs.get_index_u2();
1775           u2 dim = *(bcs.bcp()+3);
1776           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1777           VerificationType new_array_type =
1778             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1779           if (!new_array_type.is_array()) {
1780             verify_error(ErrorContext::bad_type(bci,
1781                 TypeOrigin::cp(index, new_array_type)),
1782                 "Illegal constant pool index in multianewarray instruction");
1783             return;
1784           }
1785           if (dim < 1 || new_array_type.dimensions() < dim) {
1786             verify_error(ErrorContext::bad_code(bci),
1787                 "Illegal dimension in multianewarray instruction: %d", dim);
1788             return;
1789           }
1790           for (int i = 0; i < dim; i++) {
1791             current_frame.pop_stack(
1792               VerificationType::integer_type(), CHECK_VERIFY(this));
1793           }
1794           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1795           no_control_flow = false; break;
1796         }
1797         case Bytecodes::_athrow :
1798           type = VerificationType::reference_type(
1799             vmSymbols::java_lang_Throwable());
1800           current_frame.pop_stack(type, CHECK_VERIFY(this));
1801           no_control_flow = true; break;
1802         default:
1803           // We only need to check the valid bytecodes in class file.
1804           // And jsr and ret are not in the new class file format in JDK1.6.
1805           verify_error(ErrorContext::bad_code(bci),
1806               "Bad instruction: %02x", opcode);
1807           no_control_flow = false;
1808           return;
1809       }  // end switch
1810     }  // end Merge with the next instruction
1811 
1812     // Look for possible jump target in exception handlers and see if it matches
1813     // current_frame.  Don't do this check if it has already been done (for
1814     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1815     // opcodes, such as invokespecial, may set the this_uninit flag.
1816     assert(!(verified_exc_handlers && this_uninit),
1817       "Exception handler targets got verified before this_uninit got set");
1818     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1819       if (was_recursively_verified()) return;
1820       verify_exception_handler_targets(
1821         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1822     }
1823   } // end while
1824 
1825   // Make sure that control flow does not fall through end of the method
1826   if (!no_control_flow) {
1827     verify_error(ErrorContext::bad_code(code_length),
1828         "Control flow falls through code end");
1829     return;
1830   }
1831 }
1832 
1833 #undef bad_type_message
1834 
1835 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1836   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1837   memset(code_data, 0, sizeof(char) * code_length);
1838   RawBytecodeStream bcs(m);
1839 
1840   while (!bcs.is_last_bytecode()) {
1841     if (bcs.raw_next() != Bytecodes::_illegal) {
1842       int bci = bcs.bci();
1843       if (bcs.raw_code() == Bytecodes::_new) {
1844         code_data[bci] = NEW_OFFSET;
1845       } else {
1846         code_data[bci] = BYTECODE_OFFSET;
1847       }
1848     } else {
1849       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1850       return NULL;
1851     }
1852   }
1853 
1854   return code_data;
1855 }
1856 
1857 // Since this method references the constant pool, call was_recursively_verified()
1858 // before calling this method to make sure a prior class load did not cause the
1859 // current class to get verified.
1860 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1861   ExceptionTable exhandlers(_method());
1862   int exlength = exhandlers.length();
1863   constantPoolHandle cp (THREAD, _method->constants());
1864 
1865   for(int i = 0; i < exlength; i++) {
1866     u2 start_pc = exhandlers.start_pc(i);
1867     u2 end_pc = exhandlers.end_pc(i);
1868     u2 handler_pc = exhandlers.handler_pc(i);
1869     if (start_pc >= code_length || code_data[start_pc] == 0) {
1870       class_format_error("Illegal exception table start_pc %d", start_pc);
1871       return;
1872     }
1873     if (end_pc != code_length) {   // special case: end_pc == code_length
1874       if (end_pc > code_length || code_data[end_pc] == 0) {
1875         class_format_error("Illegal exception table end_pc %d", end_pc);
1876         return;
1877       }
1878     }
1879     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1880       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1881       return;
1882     }
1883     int catch_type_index = exhandlers.catch_type_index(i);
1884     if (catch_type_index != 0) {
1885       VerificationType catch_type = cp_index_to_type(
1886         catch_type_index, cp, CHECK_VERIFY(this));
1887       VerificationType throwable =
1888         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1889       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1890       // do that, and we need to avoid a runtime resolution in case we are trying to
1891       // catch OutOfMemoryError.
1892       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1893         cp->klass_at(catch_type_index, CHECK);
1894       }
1895       bool is_subclass = throwable.is_assignable_from(
1896         catch_type, this, false, CHECK_VERIFY(this));
1897       if (!is_subclass) {
1898         // 4286534: should throw VerifyError according to recent spec change
1899         verify_error(ErrorContext::bad_type(handler_pc,
1900             TypeOrigin::cp(catch_type_index, catch_type),
1901             TypeOrigin::implicit(throwable)),
1902             "Catch type is not a subclass "
1903             "of Throwable in exception handler %d", handler_pc);
1904         return;
1905       }
1906     }
1907     if (start_pc < min) min = start_pc;
1908     if (end_pc > max) max = end_pc;
1909   }
1910 }
1911 
1912 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1913   int localvariable_table_length = _method->localvariable_table_length();
1914   if (localvariable_table_length > 0) {
1915     LocalVariableTableElement* table = _method->localvariable_table_start();
1916     for (int i = 0; i < localvariable_table_length; i++) {
1917       u2 start_bci = table[i].start_bci;
1918       u2 length = table[i].length;
1919 
1920       if (start_bci >= code_length || code_data[start_bci] == 0) {
1921         class_format_error(
1922           "Illegal local variable table start_pc %d", start_bci);
1923         return;
1924       }
1925       u4 end_bci = (u4)(start_bci + length);
1926       if (end_bci != code_length) {
1927         if (end_bci >= code_length || code_data[end_bci] == 0) {
1928           class_format_error( "Illegal local variable table length %d", length);
1929           return;
1930         }
1931       }
1932     }
1933   }
1934 }
1935 
1936 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1937                                         StackMapFrame* current_frame,
1938                                         StackMapTable* stackmap_table,
1939                                         bool no_control_flow, TRAPS) {
1940   if (stackmap_index < stackmap_table->get_frame_count()) {
1941     u2 this_offset = stackmap_table->get_offset(stackmap_index);
1942     if (no_control_flow && this_offset > bci) {
1943       verify_error(ErrorContext::missing_stackmap(bci),
1944                    "Expecting a stack map frame");
1945       return 0;
1946     }
1947     if (this_offset == bci) {
1948       ErrorContext ctx;
1949       // See if current stack map can be assigned to the frame in table.
1950       // current_frame is the stackmap frame got from the last instruction.
1951       // If matched, current_frame will be updated by this method.
1952       bool matches = stackmap_table->match_stackmap(
1953         current_frame, this_offset, stackmap_index,
1954         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1955       if (!matches) {
1956         // report type error
1957         verify_error(ctx, "Instruction type does not match stack map");
1958         return 0;
1959       }
1960       stackmap_index++;
1961     } else if (this_offset < bci) {
1962       // current_offset should have met this_offset.
1963       class_format_error("Bad stack map offset %d", this_offset);
1964       return 0;
1965     }
1966   } else if (no_control_flow) {
1967     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1968     return 0;
1969   }
1970   return stackmap_index;
1971 }
1972 
1973 // Since this method references the constant pool, call was_recursively_verified()
1974 // before calling this method to make sure a prior class load did not cause the
1975 // current class to get verified.
1976 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
1977                                                      StackMapFrame* current_frame,
1978                                                      StackMapTable* stackmap_table, TRAPS) {
1979   constantPoolHandle cp (THREAD, _method->constants());
1980   ExceptionTable exhandlers(_method());
1981   int exlength = exhandlers.length();
1982   for(int i = 0; i < exlength; i++) {
1983     u2 start_pc = exhandlers.start_pc(i);
1984     u2 end_pc = exhandlers.end_pc(i);
1985     u2 handler_pc = exhandlers.handler_pc(i);
1986     int catch_type_index = exhandlers.catch_type_index(i);
1987     if(bci >= start_pc && bci < end_pc) {
1988       u1 flags = current_frame->flags();
1989       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
1990       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1991       if (catch_type_index != 0) {
1992         if (was_recursively_verified()) return;
1993         // We know that this index refers to a subclass of Throwable
1994         VerificationType catch_type = cp_index_to_type(
1995           catch_type_index, cp, CHECK_VERIFY(this));
1996         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1997       } else {
1998         VerificationType throwable =
1999           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2000         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2001       }
2002       ErrorContext ctx;
2003       bool matches = stackmap_table->match_stackmap(
2004         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2005       if (!matches) {
2006         verify_error(ctx, "Stack map does not match the one at "
2007             "exception handler %d", handler_pc);
2008         return;
2009       }
2010     }
2011   }
2012 }
2013 
2014 void ClassVerifier::verify_cp_index(
2015     u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2016   int nconstants = cp->length();
2017   if ((index <= 0) || (index >= nconstants)) {
2018     verify_error(ErrorContext::bad_cp_index(bci, index),
2019         "Illegal constant pool index %d in class %s",
2020         index, cp->pool_holder()->external_name());
2021     return;
2022   }
2023 }
2024 
2025 void ClassVerifier::verify_cp_type(
2026     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2027 
2028   // In some situations, bytecode rewriting may occur while we're verifying.
2029   // In this case, a constant pool cache exists and some indices refer to that
2030   // instead.  Be sure we don't pick up such indices by accident.
2031   // We must check was_recursively_verified() before we get here.
2032   guarantee(cp->cache() == NULL, "not rewritten yet");
2033 
2034   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2035   unsigned int tag = cp->tag_at(index).value();
2036   if ((types & (1 << tag)) == 0) {
2037     verify_error(ErrorContext::bad_cp_index(bci, index),
2038       "Illegal type at constant pool entry %d in class %s",
2039       index, cp->pool_holder()->external_name());
2040     return;
2041   }
2042 }
2043 
2044 void ClassVerifier::verify_cp_class_type(
2045     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2046   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2047   constantTag tag = cp->tag_at(index);
2048   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2049     verify_error(ErrorContext::bad_cp_index(bci, index),
2050         "Illegal type at constant pool entry %d in class %s",
2051         index, cp->pool_holder()->external_name());
2052     return;
2053   }
2054 }
2055 
2056 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2057   stringStream ss;
2058 
2059   ctx.reset_frames();
2060   _exception_type = vmSymbols::java_lang_VerifyError();
2061   _error_context = ctx;
2062   va_list va;
2063   va_start(va, msg);
2064   ss.vprint(msg, va);
2065   va_end(va);
2066   _message = ss.as_string();
2067 #ifdef ASSERT
2068   ResourceMark rm;
2069   const char* exception_name = _exception_type->as_C_string();
2070   Exceptions::debug_check_abort(exception_name, NULL);
2071 #endif // ndef ASSERT
2072 }
2073 
2074 void ClassVerifier::class_format_error(const char* msg, ...) {
2075   stringStream ss;
2076   _exception_type = vmSymbols::java_lang_ClassFormatError();
2077   va_list va;
2078   va_start(va, msg);
2079   ss.vprint(msg, va);
2080   va_end(va);
2081   if (!_method.is_null()) {
2082     ss.print(" in method '");
2083     _method->print_external_name(&ss);
2084     ss.print("'");
2085   }
2086   _message = ss.as_string();
2087 }
2088 
2089 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2090   HandleMark hm(THREAD);
2091   // Get current loader and protection domain first.
2092   oop loader = current_class()->class_loader();
2093   oop protection_domain = current_class()->protection_domain();
2094 
2095   assert(name_in_supers(name, current_class()), "name should be a super class");
2096 
2097   Klass* kls = SystemDictionary::resolve_or_fail(
2098     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2099     true, THREAD);
2100 
2101   if (kls != NULL) {
2102     if (log_is_enabled(Debug, class, resolve)) {
2103       Verifier::trace_class_resolution(kls, current_class());
2104     }
2105   }
2106   return kls;
2107 }
2108 
2109 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2110                                         Klass* target_class,
2111                                         Symbol* field_name,
2112                                         Symbol* field_sig,
2113                                         bool is_method) {
2114   NoSafepointVerifier nosafepoint;
2115 
2116   // If target class isn't a super class of this class, we don't worry about this case
2117   if (!this_class->is_subclass_of(target_class)) {
2118     return false;
2119   }
2120   // Check if the specified method or field is protected
2121   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2122   fieldDescriptor fd;
2123   if (is_method) {
2124     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2125     if (m != NULL && m->is_protected()) {
2126       if (!this_class->is_same_class_package(m->method_holder())) {
2127         return true;
2128       }
2129     }
2130   } else {
2131     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2132     if (member_klass != NULL && fd.is_protected()) {
2133       if (!this_class->is_same_class_package(member_klass)) {
2134         return true;
2135       }
2136     }
2137   }
2138   return false;
2139 }
2140 
2141 void ClassVerifier::verify_ldc(
2142     int opcode, u2 index, StackMapFrame* current_frame,
2143     const constantPoolHandle& cp, u2 bci, TRAPS) {
2144   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2145   constantTag tag = cp->tag_at(index);
2146   unsigned int types = 0;
2147   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2148     if (!tag.is_unresolved_klass()) {
2149       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2150             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2151             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2152             | (1 << JVM_CONSTANT_Dynamic);
2153       // Note:  The class file parser already verified the legality of
2154       // MethodHandle and MethodType constants.
2155       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2156     }
2157   } else {
2158     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2159     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2160           | (1 << JVM_CONSTANT_Dynamic);
2161     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2162   }
2163   if (tag.is_string()) {
2164     current_frame->push_stack(
2165       VerificationType::reference_type(
2166         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2167   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2171   } else if (tag.is_int()) {
2172     current_frame->push_stack(
2173       VerificationType::integer_type(), CHECK_VERIFY(this));
2174   } else if (tag.is_float()) {
2175     current_frame->push_stack(
2176       VerificationType::float_type(), CHECK_VERIFY(this));
2177   } else if (tag.is_double()) {
2178     current_frame->push_stack_2(
2179       VerificationType::double_type(),
2180       VerificationType::double2_type(), CHECK_VERIFY(this));
2181   } else if (tag.is_long()) {
2182     current_frame->push_stack_2(
2183       VerificationType::long_type(),
2184       VerificationType::long2_type(), CHECK_VERIFY(this));
2185   } else if (tag.is_method_handle()) {
2186     current_frame->push_stack(
2187       VerificationType::reference_type(
2188         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2189   } else if (tag.is_method_type()) {
2190     current_frame->push_stack(
2191       VerificationType::reference_type(
2192         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2193   } else if (tag.is_dynamic_constant()) {
2194     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2195     // Field signature was checked in ClassFileParser.
2196     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2197            "Invalid type for dynamic constant");
2198     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2199           "buffer type must match VerificationType size");
2200     uintptr_t constant_type_buffer[2];
2201     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2202     SignatureStream sig_stream(constant_type, false);
2203     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2204     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2205     if (n != opcode_n) {
2206       // wrong kind of ldc; reverify against updated type mask
2207       types &= ~(1 << JVM_CONSTANT_Dynamic);
2208       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2209     }
2210     for (int i = 0; i < n; i++) {
2211       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2212     }
2213   } else {
2214     /* Unreachable? verify_cp_type has already validated the cp type. */
2215     verify_error(
2216         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2217     return;
2218   }
2219 }
2220 
2221 void ClassVerifier::verify_switch(
2222     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2223     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2224   int bci = bcs->bci();
2225   address bcp = bcs->bcp();
2226   address aligned_bcp = align_up(bcp + 1, jintSize);
2227 
2228   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2229     // 4639449 & 4647081: padding bytes must be 0
2230     u2 padding_offset = 1;
2231     while ((bcp + padding_offset) < aligned_bcp) {
2232       if(*(bcp + padding_offset) != 0) {
2233         verify_error(ErrorContext::bad_code(bci),
2234                      "Nonzero padding byte in lookupswitch or tableswitch");
2235         return;
2236       }
2237       padding_offset++;
2238     }
2239   }
2240 
2241   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2242   int keys, delta;
2243   current_frame->pop_stack(
2244     VerificationType::integer_type(), CHECK_VERIFY(this));
2245   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2246     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2247     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2248     if (low > high) {
2249       verify_error(ErrorContext::bad_code(bci),
2250           "low must be less than or equal to high in tableswitch");
2251       return;
2252     }
2253     keys = high - low + 1;
2254     if (keys < 0) {
2255       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2256       return;
2257     }
2258     delta = 1;
2259   } else {
2260     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2261     if (keys < 0) {
2262       verify_error(ErrorContext::bad_code(bci),
2263                    "number of keys in lookupswitch less than 0");
2264       return;
2265     }
2266     delta = 2;
2267     // Make sure that the lookupswitch items are sorted
2268     for (int i = 0; i < (keys - 1); i++) {
2269       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2270       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2271       if (this_key >= next_key) {
2272         verify_error(ErrorContext::bad_code(bci),
2273                      "Bad lookupswitch instruction");
2274         return;
2275       }
2276     }
2277   }
2278   int target = bci + default_offset;
2279   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2280   for (int i = 0; i < keys; i++) {
2281     // Because check_jump_target() may safepoint, the bytecode could have
2282     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2283     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2284     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2285     stackmap_table->check_jump_target(
2286       current_frame, target, CHECK_VERIFY(this));
2287   }
2288   NOT_PRODUCT(aligned_bcp = NULL);  // no longer valid at this point
2289 }
2290 
2291 bool ClassVerifier::name_in_supers(
2292     Symbol* ref_name, InstanceKlass* current) {
2293   Klass* super = current->super();
2294   while (super != NULL) {
2295     if (super->name() == ref_name) {
2296       return true;
2297     }
2298     super = super->super();
2299   }
2300   return false;
2301 }
2302 
2303 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2304                                               StackMapFrame* current_frame,
2305                                               const constantPoolHandle& cp,
2306                                               bool allow_arrays,
2307                                               TRAPS) {
2308   u2 index = bcs->get_index_u2();
2309   verify_cp_type(bcs->bci(), index, cp,
2310       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2311 
2312   // Get field name and signature
2313   Symbol* field_name = cp->name_ref_at(index);
2314   Symbol* field_sig = cp->signature_ref_at(index);
2315   bool is_getfield = false;
2316 
2317   // Field signature was checked in ClassFileParser.
2318   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2319          "Invalid field signature");
2320 
2321   // Get referenced class type
2322   VerificationType ref_class_type = cp_ref_index_to_type(
2323     index, cp, CHECK_VERIFY(this));
2324   if (!ref_class_type.is_object() &&
2325     (!allow_arrays || !ref_class_type.is_array())) {
2326     verify_error(ErrorContext::bad_type(bcs->bci(),
2327         TypeOrigin::cp(index, ref_class_type)),
2328         "Expecting reference to class in class %s at constant pool index %d",
2329         _klass->external_name(), index);
2330     return;
2331   }
2332   VerificationType target_class_type = ref_class_type;
2333 
2334   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2335         "buffer type must match VerificationType size");
2336   uintptr_t field_type_buffer[2];
2337   VerificationType* field_type = (VerificationType*)field_type_buffer;
2338   // If we make a VerificationType[2] array directly, the compiler calls
2339   // to the c-runtime library to do the allocation instead of just
2340   // stack allocating it.  Plus it would run constructors.  This shows up
2341   // in performance profiles.
2342 
2343   SignatureStream sig_stream(field_sig, false);
2344   VerificationType stack_object_type;
2345   int n = change_sig_to_verificationType(&sig_stream, field_type);
2346   u2 bci = bcs->bci();
2347   bool is_assignable;
2348   switch (bcs->raw_code()) {
2349     case Bytecodes::_getstatic: {
2350       for (int i = 0; i < n; i++) {
2351         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2352       }
2353       break;
2354     }
2355     case Bytecodes::_putstatic: {
2356       for (int i = n - 1; i >= 0; i--) {
2357         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2358       }
2359       break;
2360     }
2361     case Bytecodes::_getfield: {
2362       is_getfield = true;
2363       stack_object_type = current_frame->pop_stack(
2364         target_class_type, CHECK_VERIFY(this));
2365       goto check_protected;
2366     }
2367     case Bytecodes::_putfield: {
2368       for (int i = n - 1; i >= 0; i--) {
2369         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2370       }
2371       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2372 
2373       // The JVMS 2nd edition allows field initialization before the superclass
2374       // initializer, if the field is defined within the current class.
2375       fieldDescriptor fd;
2376       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2377           target_class_type.equals(current_type()) &&
2378           _klass->find_local_field(field_name, field_sig, &fd)) {
2379         stack_object_type = current_type();
2380       }
2381       is_assignable = target_class_type.is_assignable_from(
2382         stack_object_type, this, false, CHECK_VERIFY(this));
2383       if (!is_assignable) {
2384         verify_error(ErrorContext::bad_type(bci,
2385             current_frame->stack_top_ctx(),
2386             TypeOrigin::cp(index, target_class_type)),
2387             "Bad type on operand stack in putfield");
2388         return;
2389       }
2390     }
2391     check_protected: {
2392       if (_this_type == stack_object_type)
2393         break; // stack_object_type must be assignable to _current_class_type
2394       if (was_recursively_verified()) {
2395         if (is_getfield) {
2396           // Push field type for getfield.
2397           for (int i = 0; i < n; i++) {
2398             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2399           }
2400         }
2401         return;
2402       }
2403       Symbol* ref_class_name =
2404         cp->klass_name_at(cp->klass_ref_index_at(index));
2405       if (!name_in_supers(ref_class_name, current_class()))
2406         // stack_object_type must be assignable to _current_class_type since:
2407         // 1. stack_object_type must be assignable to ref_class.
2408         // 2. ref_class must be _current_class or a subclass of it. It can't
2409         //    be a superclass of it. See revised JVMS 5.4.4.
2410         break;
2411 
2412       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2413       if (is_protected_access(current_class(), ref_class_oop, field_name,
2414                               field_sig, false)) {
2415         // It's protected access, check if stack object is assignable to
2416         // current class.
2417         is_assignable = current_type().is_assignable_from(
2418           stack_object_type, this, true, CHECK_VERIFY(this));
2419         if (!is_assignable) {
2420           verify_error(ErrorContext::bad_type(bci,
2421               current_frame->stack_top_ctx(),
2422               TypeOrigin::implicit(current_type())),
2423               "Bad access to protected data in %s",
2424               is_getfield ? "getfield" : "putfield");
2425           return;
2426         }
2427       }
2428       break;
2429     }
2430     default: ShouldNotReachHere();
2431   }
2432   if (is_getfield) {
2433     // Push field type for getfield after doing protection check.
2434     for (int i = 0; i < n; i++) {
2435       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2436     }
2437   }
2438 }
2439 
2440 // Look at the method's handlers.  If the bci is in the handler's try block
2441 // then check if the handler_pc is already on the stack.  If not, push it
2442 // unless the handler has already been scanned.
2443 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2444                                   GrowableArray<u4>* handler_list,
2445                                   GrowableArray<u4>* handler_stack,
2446                                   u4 bci) {
2447   int exlength = exhandlers->length();
2448   for(int x = 0; x < exlength; x++) {
2449     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2450       u4 exhandler_pc = exhandlers->handler_pc(x);
2451       if (!handler_list->contains(exhandler_pc)) {
2452         handler_stack->append_if_missing(exhandler_pc);
2453         handler_list->append(exhandler_pc);
2454       }
2455     }
2456   }
2457 }
2458 
2459 // Return TRUE if all code paths starting with start_bc_offset end in
2460 // bytecode athrow or loop.
2461 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2462   ResourceMark rm;
2463   // Create bytecode stream.
2464   RawBytecodeStream bcs(method());
2465   u4 code_length = method()->code_size();
2466   bcs.set_start(start_bc_offset);
2467   u4 target;
2468   // Create stack for storing bytecode start offsets for if* and *switch.
2469   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2470   // Create stack for handlers for try blocks containing this handler.
2471   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2472   // Create list of handlers that have been pushed onto the handler_stack
2473   // so that handlers embedded inside of their own TRY blocks only get
2474   // scanned once.
2475   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2476   // Create list of visited branch opcodes (goto* and if*).
2477   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2478   ExceptionTable exhandlers(_method());
2479 
2480   while (true) {
2481     if (bcs.is_last_bytecode()) {
2482       // if no more starting offsets to parse or if at the end of the
2483       // method then return false.
2484       if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2485         return false;
2486       // Pop a bytecode starting offset and scan from there.
2487       bcs.set_start(bci_stack->pop());
2488     }
2489     Bytecodes::Code opcode = bcs.raw_next();
2490     u4 bci = bcs.bci();
2491 
2492     // If the bytecode is in a TRY block, push its handlers so they
2493     // will get parsed.
2494     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2495 
2496     switch (opcode) {
2497       case Bytecodes::_if_icmpeq:
2498       case Bytecodes::_if_icmpne:
2499       case Bytecodes::_if_icmplt:
2500       case Bytecodes::_if_icmpge:
2501       case Bytecodes::_if_icmpgt:
2502       case Bytecodes::_if_icmple:
2503       case Bytecodes::_ifeq:
2504       case Bytecodes::_ifne:
2505       case Bytecodes::_iflt:
2506       case Bytecodes::_ifge:
2507       case Bytecodes::_ifgt:
2508       case Bytecodes::_ifle:
2509       case Bytecodes::_if_acmpeq:
2510       case Bytecodes::_if_acmpne:
2511       case Bytecodes::_ifnull:
2512       case Bytecodes::_ifnonnull:
2513         target = bcs.dest();
2514         if (visited_branches->contains(bci)) {
2515           if (bci_stack->is_empty()) {
2516             if (handler_stack->is_empty()) {
2517               return true;
2518             } else {
2519               // Parse the catch handlers for try blocks containing athrow.
2520               bcs.set_start(handler_stack->pop());
2521             }
2522           } else {
2523             // Pop a bytecode starting offset and scan from there.
2524             bcs.set_start(bci_stack->pop());
2525           }
2526         } else {
2527           if (target > bci) { // forward branch
2528             if (target >= code_length) return false;
2529             // Push the branch target onto the stack.
2530             bci_stack->push(target);
2531             // then, scan bytecodes starting with next.
2532             bcs.set_start(bcs.next_bci());
2533           } else { // backward branch
2534             // Push bytecode offset following backward branch onto the stack.
2535             bci_stack->push(bcs.next_bci());
2536             // Check bytecodes starting with branch target.
2537             bcs.set_start(target);
2538           }
2539           // Record target so we don't branch here again.
2540           visited_branches->append(bci);
2541         }
2542         break;
2543 
2544       case Bytecodes::_goto:
2545       case Bytecodes::_goto_w:
2546         target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2547         if (visited_branches->contains(bci)) {
2548           if (bci_stack->is_empty()) {
2549             if (handler_stack->is_empty()) {
2550               return true;
2551             } else {
2552               // Parse the catch handlers for try blocks containing athrow.
2553               bcs.set_start(handler_stack->pop());
2554             }
2555           } else {
2556             // Been here before, pop new starting offset from stack.
2557             bcs.set_start(bci_stack->pop());
2558           }
2559         } else {
2560           if (target >= code_length) return false;
2561           // Continue scanning from the target onward.
2562           bcs.set_start(target);
2563           // Record target so we don't branch here again.
2564           visited_branches->append(bci);
2565         }
2566         break;
2567 
2568       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2569       // is  difficult to determine where each switch alternative ends, parse
2570       // each switch alternative until either hit a 'return', 'athrow', or reach
2571       // the end of the method's bytecodes.  This is gross but should be okay
2572       // because:
2573       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2574       //    constructor invocations should be rare.
2575       // 2. if each switch alternative ends in an athrow then the parsing should be
2576       //    short.  If there is no athrow then it is bogus code, anyway.
2577       case Bytecodes::_lookupswitch:
2578       case Bytecodes::_tableswitch:
2579         {
2580           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2581           u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2582           int keys, delta;
2583           if (opcode == Bytecodes::_tableswitch) {
2584             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2585             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2586             // This is invalid, but let the regular bytecode verifier
2587             // report this because the user will get a better error message.
2588             if (low > high) return true;
2589             keys = high - low + 1;
2590             delta = 1;
2591           } else {
2592             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2593             delta = 2;
2594           }
2595           // Invalid, let the regular bytecode verifier deal with it.
2596           if (keys < 0) return true;
2597 
2598           // Push the offset of the next bytecode onto the stack.
2599           bci_stack->push(bcs.next_bci());
2600 
2601           // Push the switch alternatives onto the stack.
2602           for (int i = 0; i < keys; i++) {
2603             u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2604             if (target > code_length) return false;
2605             bci_stack->push(target);
2606           }
2607 
2608           // Start bytecode parsing for the switch at the default alternative.
2609           if (default_offset > code_length) return false;
2610           bcs.set_start(default_offset);
2611           break;
2612         }
2613 
2614       case Bytecodes::_return:
2615         return false;
2616 
2617       case Bytecodes::_athrow:
2618         {
2619           if (bci_stack->is_empty()) {
2620             if (handler_stack->is_empty()) {
2621               return true;
2622             } else {
2623               // Parse the catch handlers for try blocks containing athrow.
2624               bcs.set_start(handler_stack->pop());
2625             }
2626           } else {
2627             // Pop a bytecode offset and starting scanning from there.
2628             bcs.set_start(bci_stack->pop());
2629           }
2630         }
2631         break;
2632 
2633       default:
2634         ;
2635     } // end switch
2636   } // end while loop
2637 
2638   return false;
2639 }
2640 
2641 void ClassVerifier::verify_invoke_init(
2642     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2643     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2644     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2645     TRAPS) {
2646   u2 bci = bcs->bci();
2647   VerificationType type = current_frame->pop_stack(
2648     VerificationType::reference_check(), CHECK_VERIFY(this));
2649   if (type == VerificationType::uninitialized_this_type()) {
2650     // The method must be an <init> method of this class or its superclass
2651     Klass* superk = current_class()->super();
2652     if (ref_class_type.name() != current_class()->name() &&
2653         ref_class_type.name() != superk->name()) {
2654       verify_error(ErrorContext::bad_type(bci,
2655           TypeOrigin::implicit(ref_class_type),
2656           TypeOrigin::implicit(current_type())),
2657           "Bad <init> method call");
2658       return;
2659     }
2660 
2661     // If this invokespecial call is done from inside of a TRY block then make
2662     // sure that all catch clause paths end in a throw.  Otherwise, this can
2663     // result in returning an incomplete object.
2664     if (in_try_block) {
2665       ExceptionTable exhandlers(_method());
2666       int exlength = exhandlers.length();
2667       for(int i = 0; i < exlength; i++) {
2668         u2 start_pc = exhandlers.start_pc(i);
2669         u2 end_pc = exhandlers.end_pc(i);
2670 
2671         if (bci >= start_pc && bci < end_pc) {
2672           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2673             verify_error(ErrorContext::bad_code(bci),
2674               "Bad <init> method call from after the start of a try block");
2675             return;
2676           } else if (log_is_enabled(Debug, verification)) {
2677             ResourceMark rm(THREAD);
2678             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2679                                           current_class()->name()->as_C_string());
2680           }
2681         }
2682       }
2683 
2684       // Check the exception handler target stackmaps with the locals from the
2685       // incoming stackmap (before initialize_object() changes them to outgoing
2686       // state).
2687       if (was_recursively_verified()) return;
2688       verify_exception_handler_targets(bci, true, current_frame,
2689                                        stackmap_table, CHECK_VERIFY(this));
2690     } // in_try_block
2691 
2692     current_frame->initialize_object(type, current_type());
2693     *this_uninit = true;
2694   } else if (type.is_uninitialized()) {
2695     u2 new_offset = type.bci();
2696     address new_bcp = bcs->bcp() - bci + new_offset;
2697     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2698       /* Unreachable?  Stack map parsing ensures valid type and new
2699        * instructions have a valid BCI. */
2700       verify_error(ErrorContext::bad_code(new_offset),
2701                    "Expecting new instruction");
2702       return;
2703     }
2704     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2705     if (was_recursively_verified()) return;
2706     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2707 
2708     // The method must be an <init> method of the indicated class
2709     VerificationType new_class_type = cp_index_to_type(
2710       new_class_index, cp, CHECK_VERIFY(this));
2711     if (!new_class_type.equals(ref_class_type)) {
2712       verify_error(ErrorContext::bad_type(bci,
2713           TypeOrigin::cp(new_class_index, new_class_type),
2714           TypeOrigin::cp(ref_class_index, ref_class_type)),
2715           "Call to wrong <init> method");
2716       return;
2717     }
2718     // According to the VM spec, if the referent class is a superclass of the
2719     // current class, and is in a different runtime package, and the method is
2720     // protected, then the objectref must be the current class or a subclass
2721     // of the current class.
2722     VerificationType objectref_type = new_class_type;
2723     if (name_in_supers(ref_class_type.name(), current_class())) {
2724       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2725       if (was_recursively_verified()) return;
2726       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2727         vmSymbols::object_initializer_name(),
2728         cp->signature_ref_at(bcs->get_index_u2()),
2729         Klass::OverpassLookupMode::find);
2730       // Do nothing if method is not found.  Let resolution detect the error.
2731       if (m != NULL) {
2732         InstanceKlass* mh = m->method_holder();
2733         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2734           bool assignable = current_type().is_assignable_from(
2735             objectref_type, this, true, CHECK_VERIFY(this));
2736           if (!assignable) {
2737             verify_error(ErrorContext::bad_type(bci,
2738                 TypeOrigin::cp(new_class_index, objectref_type),
2739                 TypeOrigin::implicit(current_type())),
2740                 "Bad access to protected <init> method");
2741             return;
2742           }
2743         }
2744       }
2745     }
2746     // Check the exception handler target stackmaps with the locals from the
2747     // incoming stackmap (before initialize_object() changes them to outgoing
2748     // state).
2749     if (in_try_block) {
2750       if (was_recursively_verified()) return;
2751       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2752                                        stackmap_table, CHECK_VERIFY(this));
2753     }
2754     current_frame->initialize_object(type, new_class_type);
2755   } else {
2756     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2757         "Bad operand type when invoking <init>");
2758     return;
2759   }
2760 }
2761 
2762 bool ClassVerifier::is_same_or_direct_interface(
2763     InstanceKlass* klass,
2764     VerificationType klass_type,
2765     VerificationType ref_class_type) {
2766   if (ref_class_type.equals(klass_type)) return true;
2767   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2768   if (local_interfaces != NULL) {
2769     for (int x = 0; x < local_interfaces->length(); x++) {
2770       InstanceKlass* k = local_interfaces->at(x);
2771       assert (k != NULL && k->is_interface(), "invalid interface");
2772       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2773         return true;
2774       }
2775     }
2776   }
2777   return false;
2778 }
2779 
2780 void ClassVerifier::verify_invoke_instructions(
2781     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2782     bool in_try_block, bool *this_uninit, VerificationType return_type,
2783     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2784   // Make sure the constant pool item is the right type
2785   u2 index = bcs->get_index_u2();
2786   Bytecodes::Code opcode = bcs->raw_code();
2787   unsigned int types = 0;
2788   switch (opcode) {
2789     case Bytecodes::_invokeinterface:
2790       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2791       break;
2792     case Bytecodes::_invokedynamic:
2793       types = 1 << JVM_CONSTANT_InvokeDynamic;
2794       break;
2795     case Bytecodes::_invokespecial:
2796     case Bytecodes::_invokestatic:
2797       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2798         (1 << JVM_CONSTANT_Methodref) :
2799         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2800       break;
2801     default:
2802       types = 1 << JVM_CONSTANT_Methodref;
2803   }
2804   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2805 
2806   // Get method name and signature
2807   Symbol* method_name = cp->name_ref_at(index);
2808   Symbol* method_sig = cp->signature_ref_at(index);
2809 
2810   // Method signature was checked in ClassFileParser.
2811   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2812          "Invalid method signature");
2813 
2814   // Get referenced class type
2815   VerificationType ref_class_type;
2816   if (opcode == Bytecodes::_invokedynamic) {
2817     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2818       class_format_error(
2819         "invokedynamic instructions not supported by this class file version (%d), class %s",
2820         _klass->major_version(), _klass->external_name());
2821       return;
2822     }
2823   } else {
2824     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2825   }
2826 
2827   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2828         "buffer type must match VerificationType size");
2829 
2830   // Get the UTF8 index for this signature.
2831   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2832 
2833   // Get the signature's verification types.
2834   sig_as_verification_types* mth_sig_verif_types;
2835   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2836   if (mth_sig_verif_types_ptr != NULL) {
2837     // Found the entry for the signature's verification types in the hash table.
2838     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2839     assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value");
2840   } else {
2841     // Not found, add the entry to the table.
2842     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2843     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2844     create_method_sig_entry(mth_sig_verif_types, sig_index);
2845   }
2846 
2847   // Get the number of arguments for this signature.
2848   int nargs = mth_sig_verif_types->num_args();
2849 
2850   // Check instruction operands
2851   u2 bci = bcs->bci();
2852   if (opcode == Bytecodes::_invokeinterface) {
2853     address bcp = bcs->bcp();
2854     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2855     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2856     // the difference between the size of the operand stack before and after the instruction
2857     // executes.
2858     if (*(bcp+3) != (nargs+1)) {
2859       verify_error(ErrorContext::bad_code(bci),
2860           "Inconsistent args count operand in invokeinterface");
2861       return;
2862     }
2863     if (*(bcp+4) != 0) {
2864       verify_error(ErrorContext::bad_code(bci),
2865           "Fourth operand byte of invokeinterface must be zero");
2866       return;
2867     }
2868   }
2869 
2870   if (opcode == Bytecodes::_invokedynamic) {
2871     address bcp = bcs->bcp();
2872     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2873       verify_error(ErrorContext::bad_code(bci),
2874           "Third and fourth operand bytes of invokedynamic must be zero");
2875       return;
2876     }
2877   }
2878 
2879   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2880     // Make sure <init> can only be invoked by invokespecial
2881     if (opcode != Bytecodes::_invokespecial ||
2882         method_name != vmSymbols::object_initializer_name()) {
2883       verify_error(ErrorContext::bad_code(bci),
2884           "Illegal call to internal method");
2885       return;
2886     }
2887   } else if (opcode == Bytecodes::_invokespecial
2888              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2889              && !ref_class_type.equals(VerificationType::reference_type(
2890                   current_class()->super()->name()))) {
2891     bool subtype = false;
2892     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2893     subtype = ref_class_type.is_assignable_from(
2894                current_type(), this, false, CHECK_VERIFY(this));
2895     if (!subtype) {
2896       verify_error(ErrorContext::bad_code(bci),
2897           "Bad invokespecial instruction: "
2898           "current class isn't assignable to reference class.");
2899        return;
2900     } else if (have_imr_indirect) {
2901       verify_error(ErrorContext::bad_code(bci),
2902           "Bad invokespecial instruction: "
2903           "interface method reference is in an indirect superinterface.");
2904       return;
2905     }
2906 
2907   }
2908 
2909   // Get the verification types for the method's arguments.
2910   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2911   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2912   // Match method descriptor with operand stack
2913   // The arguments are on the stack in descending order.
2914   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2915     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2916   }
2917 
2918   // Check objectref on operand stack
2919   if (opcode != Bytecodes::_invokestatic &&
2920       opcode != Bytecodes::_invokedynamic) {
2921     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2922       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2923         code_length, in_try_block, this_uninit, cp, stackmap_table,
2924         CHECK_VERIFY(this));
2925       if (was_recursively_verified()) return;
2926     } else {   // other methods
2927       // Ensures that target class is assignable to method class.
2928       if (opcode == Bytecodes::_invokespecial) {
2929         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2930       } else if (opcode == Bytecodes::_invokevirtual) {
2931         VerificationType stack_object_type =
2932           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2933         if (current_type() != stack_object_type) {
2934           if (was_recursively_verified()) return;
2935           assert(cp->cache() == NULL, "not rewritten yet");
2936           Symbol* ref_class_name =
2937             cp->klass_name_at(cp->klass_ref_index_at(index));
2938           // See the comments in verify_field_instructions() for
2939           // the rationale behind this.
2940           if (name_in_supers(ref_class_name, current_class())) {
2941             Klass* ref_class = load_class(ref_class_name, CHECK);
2942             if (is_protected_access(
2943                   _klass, ref_class, method_name, method_sig, true)) {
2944               // It's protected access, check if stack object is
2945               // assignable to current class.
2946               if (ref_class_type.name() == vmSymbols::java_lang_Object()
2947                   && stack_object_type.is_array()
2948                   && method_name == vmSymbols::clone_name()) {
2949                 // Special case: arrays pretend to implement public Object
2950                 // clone().
2951               } else {
2952                 bool is_assignable = current_type().is_assignable_from(
2953                   stack_object_type, this, true, CHECK_VERIFY(this));
2954                 if (!is_assignable) {
2955                   verify_error(ErrorContext::bad_type(bci,
2956                       current_frame->stack_top_ctx(),
2957                       TypeOrigin::implicit(current_type())),
2958                       "Bad access to protected data in invokevirtual");
2959                   return;
2960                 }
2961               }
2962             }
2963           }
2964         }
2965       } else {
2966         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2967         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2968       }
2969     }
2970   }
2971   // Push the result type.
2972   int sig_verif_types_len = sig_verif_types->length();
2973   if (sig_verif_types_len > nargs) {  // There's a return type
2974     if (method_name == vmSymbols::object_initializer_name()) {
2975       // <init> method must have a void return type
2976       /* Unreachable?  Class file parser verifies that methods with '<' have
2977        * void return */
2978       verify_error(ErrorContext::bad_code(bci),
2979           "Return type must be void in <init> method");
2980       return;
2981     }
2982 
2983     assert(sig_verif_types_len <= nargs + 2,
2984            "Signature verification types array return type is bogus");
2985     for (int i = nargs; i < sig_verif_types_len; i++) {
2986       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2987              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2988       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2989     }
2990   }
2991 }
2992 
2993 VerificationType ClassVerifier::get_newarray_type(
2994     u2 index, u2 bci, TRAPS) {
2995   const char* from_bt[] = {
2996     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2997   };
2998   if (index < T_BOOLEAN || index > T_LONG) {
2999     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3000     return VerificationType::bogus_type();
3001   }
3002 
3003   // from_bt[index] contains the array signature which has a length of 2
3004   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3005   return VerificationType::reference_type(sig);
3006 }
3007 
3008 void ClassVerifier::verify_anewarray(
3009     u2 bci, u2 index, const constantPoolHandle& cp,
3010     StackMapFrame* current_frame, TRAPS) {
3011   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3012   current_frame->pop_stack(
3013     VerificationType::integer_type(), CHECK_VERIFY(this));
3014 
3015   if (was_recursively_verified()) return;
3016   VerificationType component_type =
3017     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3018   int length;
3019   char* arr_sig_str;
3020   if (component_type.is_array()) {     // it's an array
3021     const char* component_name = component_type.name()->as_utf8();
3022     // Check for more than MAX_ARRAY_DIMENSIONS
3023     length = (int)strlen(component_name);
3024     if (length > MAX_ARRAY_DIMENSIONS &&
3025         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3026       verify_error(ErrorContext::bad_code(bci),
3027         "Illegal anewarray instruction, array has more than 255 dimensions");
3028     }
3029     // add one dimension to component
3030     length++;
3031     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3032     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3033                          JVM_SIGNATURE_ARRAY, component_name);
3034     assert(n == length, "Unexpected number of characters in string");
3035   } else {         // it's an object or interface
3036     const char* component_name = component_type.name()->as_utf8();
3037     // add one dimension to component with 'L' prepended and ';' postpended.
3038     length = (int)strlen(component_name) + 3;
3039     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3040     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3041                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3042     assert(n == length, "Unexpected number of characters in string");
3043   }
3044   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3045   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3046   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3047 }
3048 
3049 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3050   current_frame->get_local(
3051     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3052   current_frame->push_stack(
3053     VerificationType::integer_type(), CHECK_VERIFY(this));
3054 }
3055 
3056 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3057   current_frame->get_local_2(
3058     index, VerificationType::long_type(),
3059     VerificationType::long2_type(), CHECK_VERIFY(this));
3060   current_frame->push_stack_2(
3061     VerificationType::long_type(),
3062     VerificationType::long2_type(), CHECK_VERIFY(this));
3063 }
3064 
3065 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3066   current_frame->get_local(
3067     index, VerificationType::float_type(), CHECK_VERIFY(this));
3068   current_frame->push_stack(
3069     VerificationType::float_type(), CHECK_VERIFY(this));
3070 }
3071 
3072 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3073   current_frame->get_local_2(
3074     index, VerificationType::double_type(),
3075     VerificationType::double2_type(), CHECK_VERIFY(this));
3076   current_frame->push_stack_2(
3077     VerificationType::double_type(),
3078     VerificationType::double2_type(), CHECK_VERIFY(this));
3079 }
3080 
3081 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3082   VerificationType type = current_frame->get_local(
3083     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3084   current_frame->push_stack(type, CHECK_VERIFY(this));
3085 }
3086 
3087 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3088   current_frame->pop_stack(
3089     VerificationType::integer_type(), CHECK_VERIFY(this));
3090   current_frame->set_local(
3091     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3092 }
3093 
3094 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3095   current_frame->pop_stack_2(
3096     VerificationType::long2_type(),
3097     VerificationType::long_type(), CHECK_VERIFY(this));
3098   current_frame->set_local_2(
3099     index, VerificationType::long_type(),
3100     VerificationType::long2_type(), CHECK_VERIFY(this));
3101 }
3102 
3103 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3104   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3105   current_frame->set_local(
3106     index, VerificationType::float_type(), CHECK_VERIFY(this));
3107 }
3108 
3109 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3110   current_frame->pop_stack_2(
3111     VerificationType::double2_type(),
3112     VerificationType::double_type(), CHECK_VERIFY(this));
3113   current_frame->set_local_2(
3114     index, VerificationType::double_type(),
3115     VerificationType::double2_type(), CHECK_VERIFY(this));
3116 }
3117 
3118 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3119   VerificationType type = current_frame->pop_stack(
3120     VerificationType::reference_check(), CHECK_VERIFY(this));
3121   current_frame->set_local(index, type, CHECK_VERIFY(this));
3122 }
3123 
3124 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3125   VerificationType type = current_frame->get_local(
3126     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3127   current_frame->set_local(index, type, CHECK_VERIFY(this));
3128 }
3129 
3130 void ClassVerifier::verify_return_value(
3131     VerificationType return_type, VerificationType type, u2 bci,
3132     StackMapFrame* current_frame, TRAPS) {
3133   if (return_type == VerificationType::bogus_type()) {
3134     verify_error(ErrorContext::bad_type(bci,
3135         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3136         "Method does not expect a return value");
3137     return;
3138   }
3139   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3140   if (!match) {
3141     verify_error(ErrorContext::bad_type(bci,
3142         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3143         "Bad return type");
3144     return;
3145   }
3146 }
3147 
3148 // The verifier creates symbols which are substrings of Symbols.
3149 // These are stored in the verifier until the end of verification so that
3150 // they can be reference counted.
3151 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3152   // Quick deduplication check
3153   if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) {
3154     return _previous_symbol;
3155   }
3156   Symbol* sym = SymbolTable::new_symbol(name, length);
3157   if (!sym->is_permanent()) {
3158     if (_symbols == NULL) {
3159       _symbols = new GrowableArray<Symbol*>(50, 0, NULL);
3160     }
3161     _symbols->push(sym);
3162   }
3163   _previous_symbol = sym;
3164   return sym;
3165 }