1 /* 2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "cds/cdsConfig.hpp" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/symbolTable.hpp" 34 #include "classfile/systemDictionary.hpp" 35 #include "classfile/verifier.hpp" 36 #include "classfile/vmClasses.hpp" 37 #include "classfile/vmSymbols.hpp" 38 #include "interpreter/bytecodes.hpp" 39 #include "interpreter/bytecodeStream.hpp" 40 #include "jvm.h" 41 #include "logging/log.hpp" 42 #include "logging/logStream.hpp" 43 #include "memory/oopFactory.hpp" 44 #include "memory/resourceArea.hpp" 45 #include "memory/universe.hpp" 46 #include "oops/constantPool.inline.hpp" 47 #include "oops/instanceKlass.inline.hpp" 48 #include "oops/klass.inline.hpp" 49 #include "oops/oop.inline.hpp" 50 #include "oops/typeArrayOop.hpp" 51 #include "runtime/arguments.hpp" 52 #include "runtime/fieldDescriptor.hpp" 53 #include "runtime/handles.inline.hpp" 54 #include "runtime/interfaceSupport.inline.hpp" 55 #include "runtime/javaCalls.hpp" 56 #include "runtime/javaThread.hpp" 57 #include "runtime/jniHandles.inline.hpp" 58 #include "runtime/os.hpp" 59 #include "runtime/safepointVerifiers.hpp" 60 #include "services/threadService.hpp" 61 #include "utilities/align.hpp" 62 #include "utilities/bytes.hpp" 63 64 #define NOFAILOVER_MAJOR_VERSION 51 65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 67 #define MAX_ARRAY_DIMENSIONS 255 68 69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 70 71 extern "C" { 72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 73 } 74 75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr; 76 77 static verify_byte_codes_fn_t verify_byte_codes_fn() { 78 79 if (_verify_byte_codes_fn != nullptr) 80 return _verify_byte_codes_fn; 81 82 MutexLocker locker(Verify_lock); 83 84 if (_verify_byte_codes_fn != nullptr) 85 return _verify_byte_codes_fn; 86 87 // Load verify dll 88 char buffer[JVM_MAXPATHLEN]; 89 char ebuf[1024]; 90 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 91 return nullptr; // Caller will throw VerifyError 92 93 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 94 if (lib_handle == nullptr) 95 return nullptr; // Caller will throw VerifyError 96 97 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 98 if (fn == nullptr) 99 return nullptr; // Caller will throw VerifyError 100 101 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 102 } 103 104 105 // Methods in Verifier 106 107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 108 return (class_loader == nullptr || !should_verify_class) ? 109 BytecodeVerificationLocal : BytecodeVerificationRemote; 110 } 111 112 bool Verifier::relax_access_for(oop loader) { 113 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 114 bool need_verify = 115 // verifyAll 116 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 117 // verifyRemote 118 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 119 return !need_verify; 120 } 121 122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 123 assert(verify_class != nullptr, "Unexpected null verify_class"); 124 ResourceMark rm; 125 Symbol* s = verify_class->source_file_name(); 126 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr); 127 const char* verify = verify_class->external_name(); 128 const char* resolve = resolve_class->external_name(); 129 // print in a single call to reduce interleaving between threads 130 if (source_file != nullptr) { 131 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 132 } else { 133 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 134 } 135 } 136 137 // Prints the end-verification message to the appropriate output. 138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 139 if (pending_exception != nullptr) { 140 st->print("Verification for %s has", klassName); 141 oop message = java_lang_Throwable::message(pending_exception); 142 if (message != nullptr) { 143 char* ex_msg = java_lang_String::as_utf8_string(message); 144 st->print_cr(" exception pending '%s %s'", 145 pending_exception->klass()->external_name(), ex_msg); 146 } else { 147 st->print_cr(" exception pending %s ", 148 pending_exception->klass()->external_name()); 149 } 150 } else if (exception_name != nullptr) { 151 st->print_cr("Verification for %s failed", klassName); 152 } 153 st->print_cr("End class verification for: %s", klassName); 154 } 155 156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 157 HandleMark hm(THREAD); 158 ResourceMark rm(THREAD); 159 160 // Eagerly allocate the identity hash code for a klass. This is a fallout 161 // from 6320749 and 8059924: hash code generator is not supposed to be called 162 // during the safepoint, but it allows to sneak the hashcode in during 163 // verification. Without this eager hashcode generation, we may end up 164 // installing the hashcode during some other operation, which may be at 165 // safepoint -- blowing up the checks. It was previously done as the side 166 // effect (sic!) for external_name(), but instead of doing that, we opt to 167 // explicitly push the hashcode in here. This is signify the following block 168 // is IMPORTANT: 169 if (klass->java_mirror() != nullptr) { 170 klass->java_mirror()->identity_hash(); 171 } 172 173 if (!is_eligible_for_verification(klass, should_verify_class)) { 174 return true; 175 } 176 177 // Timer includes any side effects of class verification (resolution, 178 // etc), but not recursive calls to Verifier::verify(). 179 JavaThread* jt = THREAD; 180 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 181 ClassLoader::perf_class_verify_selftime(), 182 ClassLoader::perf_classes_verified(), 183 jt->get_thread_stat()->perf_recursion_counts_addr(), 184 jt->get_thread_stat()->perf_timers_addr(), 185 PerfClassTraceTime::CLASS_VERIFY); 186 187 // If the class should be verified, first see if we can use the split 188 // verifier. If not, or if verification fails and can failover, then 189 // call the inference verifier. 190 Symbol* exception_name = nullptr; 191 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 192 char* message_buffer = nullptr; 193 char* exception_message = nullptr; 194 195 log_info(class, init)("Start class verification for: %s", klass->external_name()); 196 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 197 ClassVerifier split_verifier(jt, klass); 198 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 199 split_verifier.verify_class(THREAD); 200 exception_name = split_verifier.result(); 201 202 // If dumping static archive then don't fall back to the old verifier on 203 // verification failure. If a class fails verification with the split verifier, 204 // it might fail the CDS runtime verifier constraint check. In that case, we 205 // don't want to share the class. We only archive classes that pass the split 206 // verifier. 207 bool can_failover = !CDSConfig::is_dumping_static_archive() && 208 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 209 210 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 211 (exception_name == vmSymbols::java_lang_VerifyError() || 212 exception_name == vmSymbols::java_lang_ClassFormatError())) { 213 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 214 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 215 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 216 exception_message = message_buffer; 217 exception_name = inference_verify( 218 klass, message_buffer, message_buffer_len, THREAD); 219 } 220 if (exception_name != nullptr) { 221 exception_message = split_verifier.exception_message(); 222 } 223 } else { 224 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 225 exception_message = message_buffer; 226 exception_name = inference_verify( 227 klass, message_buffer, message_buffer_len, THREAD); 228 } 229 230 LogTarget(Info, class, init) lt1; 231 if (lt1.is_enabled()) { 232 LogStream ls(lt1); 233 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 234 } 235 LogTarget(Info, verification) lt2; 236 if (lt2.is_enabled()) { 237 LogStream ls(lt2); 238 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 239 } 240 241 if (HAS_PENDING_EXCEPTION) { 242 return false; // use the existing exception 243 } else if (exception_name == nullptr) { 244 return true; // verification succeeded 245 } else { // VerifyError or ClassFormatError to be created and thrown 246 Klass* kls = 247 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 248 if (log_is_enabled(Debug, class, resolve)) { 249 Verifier::trace_class_resolution(kls, klass); 250 } 251 252 while (kls != nullptr) { 253 if (kls == klass) { 254 // If the class being verified is the exception we're creating 255 // or one of it's superclasses, we're in trouble and are going 256 // to infinitely recurse when we try to initialize the exception. 257 // So bail out here by throwing the preallocated VM error. 258 THROW_OOP_(Universe::internal_error_instance(), false); 259 } 260 kls = kls->super(); 261 } 262 if (message_buffer != nullptr) { 263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 264 } 265 assert(exception_message != nullptr, ""); 266 THROW_MSG_(exception_name, exception_message, false); 267 } 268 } 269 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 271 Symbol* name = klass->name(); 272 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass(); 273 274 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr && 275 klass->is_subtype_of(refl_serialization_ctor_klass); 276 277 return (should_verify_for(klass->class_loader(), should_verify_class) && 278 // return if the class is a bootstrapping class 279 // or defineClass specified not to verify by default (flags override passed arg) 280 // We need to skip the following four for bootstraping 281 name != vmSymbols::java_lang_Object() && 282 name != vmSymbols::java_lang_Class() && 283 name != vmSymbols::java_lang_String() && 284 name != vmSymbols::java_lang_Throwable() && 285 286 // Can not verify the bytecodes for shared classes because they have 287 // already been rewritten to contain constant pool cache indices, 288 // which the verifier can't understand. 289 // Shared classes shouldn't have stackmaps either. 290 // However, bytecodes for shared old classes can be verified because 291 // they have not been rewritten. 292 !(klass->is_shared() && klass->is_rewritten()) && 293 294 // As of the fix for 4486457 we disable verification for all of the 295 // dynamically-generated bytecodes associated with 296 // jdk/internal/reflect/SerializationConstructorAccessor. 297 (!is_reflect_accessor)); 298 } 299 300 Symbol* Verifier::inference_verify( 301 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 302 JavaThread* thread = THREAD; 303 304 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 305 306 if (verify_func == nullptr) { 307 jio_snprintf(message, message_len, "Could not link verifier"); 308 return vmSymbols::java_lang_VerifyError(); 309 } 310 311 ResourceMark rm(thread); 312 log_info(verification)("Verifying class %s with old format", klass->external_name()); 313 314 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 315 jint result; 316 317 { 318 HandleMark hm(thread); 319 ThreadToNativeFromVM ttn(thread); 320 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 321 // code knows that we have left the VM 322 JNIEnv *env = thread->jni_environment(); 323 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 324 } 325 326 JNIHandles::destroy_local(cls); 327 328 // These numbers are chosen so that VerifyClassCodes interface doesn't need 329 // to be changed (still return jboolean (unsigned char)), and result is 330 // 1 when verification is passed. 331 if (result == 0) { 332 return vmSymbols::java_lang_VerifyError(); 333 } else if (result == 1) { 334 return nullptr; // verified. 335 } else if (result == 2) { 336 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr); 337 } else if (result == 3) { 338 return vmSymbols::java_lang_ClassFormatError(); 339 } else { 340 ShouldNotReachHere(); 341 return nullptr; 342 } 343 } 344 345 TypeOrigin TypeOrigin::null() { 346 return TypeOrigin(); 347 } 348 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) { 349 assert(frame != nullptr, "Must have a frame"); 350 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 351 frame->local_at(index)); 352 } 353 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) { 354 assert(frame != nullptr, "Must have a frame"); 355 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 356 frame->stack_at(index)); 357 } 358 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) { 359 assert(frame != nullptr, "Must have a frame"); 360 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 361 frame->local_at(index)); 362 } 363 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) { 364 assert(frame != nullptr, "Must have a frame"); 365 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 366 frame->stack_at(index)); 367 } 368 TypeOrigin TypeOrigin::bad_index(int index) { 369 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type()); 370 } 371 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) { 372 return TypeOrigin(CONST_POOL, index, nullptr, vt); 373 } 374 TypeOrigin TypeOrigin::signature(VerificationType vt) { 375 return TypeOrigin(SIG, 0, nullptr, vt); 376 } 377 TypeOrigin TypeOrigin::implicit(VerificationType t) { 378 return TypeOrigin(IMPLICIT, 0, nullptr, t); 379 } 380 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 381 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 382 VerificationType::bogus_type()); 383 } 384 385 void TypeOrigin::reset_frame() { 386 if (_frame != nullptr) { 387 _frame->restore(); 388 } 389 } 390 391 void TypeOrigin::details(outputStream* ss) const { 392 _type.print_on(ss); 393 switch (_origin) { 394 case CF_LOCALS: 395 ss->print(" (current frame, locals[%d])", _index); 396 break; 397 case CF_STACK: 398 ss->print(" (current frame, stack[%d])", _index); 399 break; 400 case SM_LOCALS: 401 ss->print(" (stack map, locals[%d])", _index); 402 break; 403 case SM_STACK: 404 ss->print(" (stack map, stack[%d])", _index); 405 break; 406 case CONST_POOL: 407 ss->print(" (constant pool %d)", _index); 408 break; 409 case SIG: 410 ss->print(" (from method signature)"); 411 break; 412 case IMPLICIT: 413 case FRAME_ONLY: 414 case NONE: 415 default: 416 ; 417 } 418 } 419 420 #ifdef ASSERT 421 void TypeOrigin::print_on(outputStream* str) const { 422 str->print("{%d,%d,%p:", _origin, _index, _frame); 423 if (_frame != nullptr) { 424 _frame->print_on(str); 425 } else { 426 str->print("null"); 427 } 428 str->print(","); 429 _type.print_on(str); 430 str->print("}"); 431 } 432 #endif 433 434 void ErrorContext::details(outputStream* ss, const Method* method) const { 435 if (is_valid()) { 436 ss->cr(); 437 ss->print_cr("Exception Details:"); 438 location_details(ss, method); 439 reason_details(ss); 440 frame_details(ss); 441 bytecode_details(ss, method); 442 handler_details(ss, method); 443 stackmap_details(ss, method); 444 } 445 } 446 447 void ErrorContext::reason_details(outputStream* ss) const { 448 streamIndentor si(ss); 449 ss->indent().print_cr("Reason:"); 450 streamIndentor si2(ss); 451 ss->indent().print("%s", ""); 452 switch (_fault) { 453 case INVALID_BYTECODE: 454 ss->print("Error exists in the bytecode"); 455 break; 456 case WRONG_TYPE: 457 if (_expected.is_valid()) { 458 ss->print("Type "); 459 _type.details(ss); 460 ss->print(" is not assignable to "); 461 _expected.details(ss); 462 } else { 463 ss->print("Invalid type: "); 464 _type.details(ss); 465 } 466 break; 467 case FLAGS_MISMATCH: 468 if (_expected.is_valid()) { 469 ss->print("Current frame's flags are not assignable " 470 "to stack map frame's."); 471 } else { 472 ss->print("Current frame's flags are invalid in this context."); 473 } 474 break; 475 case BAD_CP_INDEX: 476 ss->print("Constant pool index %d is invalid", _type.index()); 477 break; 478 case BAD_LOCAL_INDEX: 479 ss->print("Local index %d is invalid", _type.index()); 480 break; 481 case LOCALS_SIZE_MISMATCH: 482 ss->print("Current frame's local size doesn't match stackmap."); 483 break; 484 case STACK_SIZE_MISMATCH: 485 ss->print("Current frame's stack size doesn't match stackmap."); 486 break; 487 case STACK_OVERFLOW: 488 ss->print("Exceeded max stack size."); 489 break; 490 case STACK_UNDERFLOW: 491 ss->print("Attempt to pop empty stack."); 492 break; 493 case MISSING_STACKMAP: 494 ss->print("Expected stackmap frame at this location."); 495 break; 496 case BAD_STACKMAP: 497 ss->print("Invalid stackmap specification."); 498 break; 499 case UNKNOWN: 500 default: 501 ShouldNotReachHere(); 502 ss->print_cr("Unknown"); 503 } 504 ss->cr(); 505 } 506 507 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 508 if (_bci != -1 && method != nullptr) { 509 streamIndentor si(ss); 510 const char* bytecode_name = "<invalid>"; 511 if (method->validate_bci(_bci) != -1) { 512 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 513 if (Bytecodes::is_defined(code)) { 514 bytecode_name = Bytecodes::name(code); 515 } else { 516 bytecode_name = "<illegal>"; 517 } 518 } 519 InstanceKlass* ik = method->method_holder(); 520 ss->indent().print_cr("Location:"); 521 streamIndentor si2(ss); 522 ss->indent().print_cr("%s.%s%s @%d: %s", 523 ik->name()->as_C_string(), method->name()->as_C_string(), 524 method->signature()->as_C_string(), _bci, bytecode_name); 525 } 526 } 527 528 void ErrorContext::frame_details(outputStream* ss) const { 529 streamIndentor si(ss); 530 if (_type.is_valid() && _type.frame() != nullptr) { 531 ss->indent().print_cr("Current Frame:"); 532 streamIndentor si2(ss); 533 _type.frame()->print_on(ss); 534 } 535 if (_expected.is_valid() && _expected.frame() != nullptr) { 536 ss->indent().print_cr("Stackmap Frame:"); 537 streamIndentor si2(ss); 538 _expected.frame()->print_on(ss); 539 } 540 } 541 542 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 543 if (method != nullptr) { 544 streamIndentor si(ss); 545 ss->indent().print_cr("Bytecode:"); 546 streamIndentor si2(ss); 547 ss->print_data(method->code_base(), method->code_size(), false); 548 } 549 } 550 551 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 552 if (method != nullptr) { 553 streamIndentor si(ss); 554 ExceptionTable table(method); 555 if (table.length() > 0) { 556 ss->indent().print_cr("Exception Handler Table:"); 557 streamIndentor si2(ss); 558 for (int i = 0; i < table.length(); ++i) { 559 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 560 table.end_pc(i), table.handler_pc(i)); 561 } 562 } 563 } 564 } 565 566 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 567 if (method != nullptr && method->has_stackmap_table()) { 568 streamIndentor si(ss); 569 ss->indent().print_cr("Stackmap Table:"); 570 Array<u1>* data = method->stackmap_data(); 571 stack_map_table* sm_table = 572 stack_map_table::at((address)data->adr_at(0)); 573 stack_map_frame* sm_frame = sm_table->entries(); 574 streamIndentor si2(ss); 575 int current_offset = -1; 576 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 577 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 578 ss->indent(); 579 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 580 sm_frame->print_truncated(ss, current_offset); 581 return; 582 } 583 sm_frame->print_on(ss, current_offset); 584 ss->cr(); 585 current_offset += sm_frame->offset_delta(); 586 sm_frame = sm_frame->next(); 587 } 588 } 589 } 590 591 // Methods in ClassVerifier 592 593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 594 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr), 595 _message(nullptr), _klass(klass) { 596 _this_type = VerificationType::reference_type(klass->name()); 597 } 598 599 ClassVerifier::~ClassVerifier() { 600 // Decrement the reference count for any symbols created. 601 if (_symbols != nullptr) { 602 for (int i = 0; i < _symbols->length(); i++) { 603 Symbol* s = _symbols->at(i); 604 s->decrement_refcount(); 605 } 606 } 607 } 608 609 VerificationType ClassVerifier::object_type() const { 610 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 611 } 612 613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 614 VerificationType vt = VerificationType::reference_type( 615 create_temporary_symbol(sig, (int)strlen(sig))); 616 return TypeOrigin::implicit(vt); 617 } 618 619 620 void ClassVerifier::verify_class(TRAPS) { 621 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 622 623 // Either verifying both local and remote classes or just remote classes. 624 assert(BytecodeVerificationRemote, "Should not be here"); 625 626 Array<Method*>* methods = _klass->methods(); 627 int num_methods = methods->length(); 628 629 for (int index = 0; index < num_methods; index++) { 630 // Check for recursive re-verification before each method. 631 if (was_recursively_verified()) return; 632 633 Method* m = methods->at(index); 634 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 635 // If m is native or abstract, skip it. It is checked in class file 636 // parser that methods do not override a final method. Overpass methods 637 // are trusted since the VM generates them. 638 continue; 639 } 640 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 641 } 642 643 if (was_recursively_verified()){ 644 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 645 log_info(class, init)("Recursive verification detected for: %s", 646 _klass->external_name()); 647 } 648 } 649 650 // Translate the signature entries into verification types and save them in 651 // the growable array. Also, save the count of arguments. 652 void ClassVerifier::translate_signature(Symbol* const method_sig, 653 sig_as_verification_types* sig_verif_types) { 654 SignatureStream sig_stream(method_sig); 655 VerificationType sig_type[2]; 656 int sig_i = 0; 657 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 658 659 // Translate the signature arguments into verification types. 660 while (!sig_stream.at_return_type()) { 661 int n = change_sig_to_verificationType(&sig_stream, sig_type); 662 assert(n <= 2, "Unexpected signature type"); 663 664 // Store verification type(s). Longs and Doubles each have two verificationTypes. 665 for (int x = 0; x < n; x++) { 666 verif_types->push(sig_type[x]); 667 } 668 sig_i += n; 669 sig_stream.next(); 670 } 671 672 // Set final arg count, not including the return type. The final arg count will 673 // be compared with sig_verify_types' length to see if there is a return type. 674 sig_verif_types->set_num_args(sig_i); 675 676 // Store verification type(s) for the return type, if there is one. 677 if (sig_stream.type() != T_VOID) { 678 int n = change_sig_to_verificationType(&sig_stream, sig_type); 679 assert(n <= 2, "Unexpected signature return type"); 680 for (int y = 0; y < n; y++) { 681 verif_types->push(sig_type[y]); 682 } 683 } 684 } 685 686 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 687 int sig_index) { 688 // Translate the signature into verification types. 689 ConstantPool* cp = _klass->constants(); 690 Symbol* const method_sig = cp->symbol_at(sig_index); 691 translate_signature(method_sig, sig_verif_types); 692 693 // Add the list of this signature's verification types to the table. 694 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 695 assert(is_unique, "Duplicate entries in method_signature_table"); 696 } 697 698 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 699 HandleMark hm(THREAD); 700 _method = m; // initialize _method 701 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 702 703 // For clang, the only good constant format string is a literal constant format string. 704 #define bad_type_msg "Bad type on operand stack in %s" 705 706 u2 max_stack = m->verifier_max_stack(); 707 u2 max_locals = m->max_locals(); 708 constantPoolHandle cp(THREAD, m->constants()); 709 710 // Method signature was checked in ClassFileParser. 711 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 712 "Invalid method signature"); 713 714 // Initial stack map frame: offset is 0, stack is initially empty. 715 StackMapFrame current_frame(max_locals, max_stack, this); 716 // Set initial locals 717 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 718 719 u2 stackmap_index = 0; // index to the stackmap array 720 721 u4 code_length = m->code_size(); 722 723 // Scan the bytecode and map each instruction's start offset to a number. 724 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 725 726 int ex_min = code_length; 727 int ex_max = -1; 728 // Look through each item on the exception table. Each of the fields must refer 729 // to a legal instruction. 730 if (was_recursively_verified()) return; 731 verify_exception_handler_table( 732 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 733 734 // Look through each entry on the local variable table and make sure 735 // its range of code array offsets is valid. (4169817) 736 if (m->has_localvariable_table()) { 737 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 738 } 739 740 Array<u1>* stackmap_data = m->stackmap_data(); 741 StackMapStream stream(stackmap_data); 742 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 743 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 744 code_data, code_length, CHECK_VERIFY(this)); 745 746 LogTarget(Debug, verification) lt; 747 if (lt.is_enabled()) { 748 ResourceMark rm(THREAD); 749 LogStream ls(lt); 750 stackmap_table.print_on(&ls); 751 } 752 753 RawBytecodeStream bcs(m); 754 755 // Scan the byte code linearly from the start to the end 756 bool no_control_flow = false; // Set to true when there is no direct control 757 // flow from current instruction to the next 758 // instruction in sequence 759 760 Bytecodes::Code opcode; 761 while (!bcs.is_last_bytecode()) { 762 // Check for recursive re-verification before each bytecode. 763 if (was_recursively_verified()) return; 764 765 opcode = bcs.raw_next(); 766 int bci = bcs.bci(); 767 768 // Set current frame's offset to bci 769 current_frame.set_offset(bci); 770 current_frame.set_mark(); 771 772 // Make sure every offset in stackmap table point to the beginning to 773 // an instruction. Match current_frame to stackmap_table entry with 774 // the same offset if exists. 775 stackmap_index = verify_stackmap_table( 776 stackmap_index, bci, ¤t_frame, &stackmap_table, 777 no_control_flow, CHECK_VERIFY(this)); 778 779 780 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 781 bool verified_exc_handlers = false; 782 783 // Merge with the next instruction 784 { 785 int target; 786 VerificationType type, type2; 787 VerificationType atype; 788 789 LogTarget(Debug, verification) lt; 790 if (lt.is_enabled()) { 791 ResourceMark rm(THREAD); 792 LogStream ls(lt); 793 current_frame.print_on(&ls); 794 lt.print("offset = %d, opcode = %s", bci, 795 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 796 } 797 798 // Make sure wide instruction is in correct format 799 if (bcs.is_wide()) { 800 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 801 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 802 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 803 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 804 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 805 opcode != Bytecodes::_dstore) { 806 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 807 * if we encounter a wide instruction that modifies an invalid 808 * opcode (not one of the ones listed above) */ 809 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 810 return; 811 } 812 } 813 814 // Look for possible jump target in exception handlers and see if it 815 // matches current_frame. Do this check here for astore*, dstore*, 816 // fstore*, istore*, and lstore* opcodes because they can change the type 817 // state by adding a local. JVM Spec says that the incoming type state 818 // should be used for this check. So, do the check here before a possible 819 // local is added to the type state. 820 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 821 if (was_recursively_verified()) return; 822 verify_exception_handler_targets( 823 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 824 verified_exc_handlers = true; 825 } 826 827 if (was_recursively_verified()) return; 828 829 switch (opcode) { 830 case Bytecodes::_nop : 831 no_control_flow = false; break; 832 case Bytecodes::_aconst_null : 833 current_frame.push_stack( 834 VerificationType::null_type(), CHECK_VERIFY(this)); 835 no_control_flow = false; break; 836 case Bytecodes::_iconst_m1 : 837 case Bytecodes::_iconst_0 : 838 case Bytecodes::_iconst_1 : 839 case Bytecodes::_iconst_2 : 840 case Bytecodes::_iconst_3 : 841 case Bytecodes::_iconst_4 : 842 case Bytecodes::_iconst_5 : 843 current_frame.push_stack( 844 VerificationType::integer_type(), CHECK_VERIFY(this)); 845 no_control_flow = false; break; 846 case Bytecodes::_lconst_0 : 847 case Bytecodes::_lconst_1 : 848 current_frame.push_stack_2( 849 VerificationType::long_type(), 850 VerificationType::long2_type(), CHECK_VERIFY(this)); 851 no_control_flow = false; break; 852 case Bytecodes::_fconst_0 : 853 case Bytecodes::_fconst_1 : 854 case Bytecodes::_fconst_2 : 855 current_frame.push_stack( 856 VerificationType::float_type(), CHECK_VERIFY(this)); 857 no_control_flow = false; break; 858 case Bytecodes::_dconst_0 : 859 case Bytecodes::_dconst_1 : 860 current_frame.push_stack_2( 861 VerificationType::double_type(), 862 VerificationType::double2_type(), CHECK_VERIFY(this)); 863 no_control_flow = false; break; 864 case Bytecodes::_sipush : 865 case Bytecodes::_bipush : 866 current_frame.push_stack( 867 VerificationType::integer_type(), CHECK_VERIFY(this)); 868 no_control_flow = false; break; 869 case Bytecodes::_ldc : 870 verify_ldc( 871 opcode, bcs.get_index_u1(), ¤t_frame, 872 cp, bci, CHECK_VERIFY(this)); 873 no_control_flow = false; break; 874 case Bytecodes::_ldc_w : 875 case Bytecodes::_ldc2_w : 876 verify_ldc( 877 opcode, bcs.get_index_u2(), ¤t_frame, 878 cp, bci, CHECK_VERIFY(this)); 879 no_control_flow = false; break; 880 case Bytecodes::_iload : 881 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 882 no_control_flow = false; break; 883 case Bytecodes::_iload_0 : 884 case Bytecodes::_iload_1 : 885 case Bytecodes::_iload_2 : 886 case Bytecodes::_iload_3 : { 887 int index = opcode - Bytecodes::_iload_0; 888 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 889 no_control_flow = false; break; 890 } 891 case Bytecodes::_lload : 892 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 893 no_control_flow = false; break; 894 case Bytecodes::_lload_0 : 895 case Bytecodes::_lload_1 : 896 case Bytecodes::_lload_2 : 897 case Bytecodes::_lload_3 : { 898 int index = opcode - Bytecodes::_lload_0; 899 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 900 no_control_flow = false; break; 901 } 902 case Bytecodes::_fload : 903 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 904 no_control_flow = false; break; 905 case Bytecodes::_fload_0 : 906 case Bytecodes::_fload_1 : 907 case Bytecodes::_fload_2 : 908 case Bytecodes::_fload_3 : { 909 int index = opcode - Bytecodes::_fload_0; 910 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 911 no_control_flow = false; break; 912 } 913 case Bytecodes::_dload : 914 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 915 no_control_flow = false; break; 916 case Bytecodes::_dload_0 : 917 case Bytecodes::_dload_1 : 918 case Bytecodes::_dload_2 : 919 case Bytecodes::_dload_3 : { 920 int index = opcode - Bytecodes::_dload_0; 921 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 922 no_control_flow = false; break; 923 } 924 case Bytecodes::_aload : 925 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_aload_0 : 928 case Bytecodes::_aload_1 : 929 case Bytecodes::_aload_2 : 930 case Bytecodes::_aload_3 : { 931 int index = opcode - Bytecodes::_aload_0; 932 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 933 no_control_flow = false; break; 934 } 935 case Bytecodes::_iaload : 936 type = current_frame.pop_stack( 937 VerificationType::integer_type(), CHECK_VERIFY(this)); 938 atype = current_frame.pop_stack( 939 VerificationType::reference_check(), CHECK_VERIFY(this)); 940 if (!atype.is_int_array()) { 941 verify_error(ErrorContext::bad_type(bci, 942 current_frame.stack_top_ctx(), ref_ctx("[I")), 943 bad_type_msg, "iaload"); 944 return; 945 } 946 current_frame.push_stack( 947 VerificationType::integer_type(), CHECK_VERIFY(this)); 948 no_control_flow = false; break; 949 case Bytecodes::_baload : 950 type = current_frame.pop_stack( 951 VerificationType::integer_type(), CHECK_VERIFY(this)); 952 atype = current_frame.pop_stack( 953 VerificationType::reference_check(), CHECK_VERIFY(this)); 954 if (!atype.is_bool_array() && !atype.is_byte_array()) { 955 verify_error( 956 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 957 bad_type_msg, "baload"); 958 return; 959 } 960 current_frame.push_stack( 961 VerificationType::integer_type(), CHECK_VERIFY(this)); 962 no_control_flow = false; break; 963 case Bytecodes::_caload : 964 type = current_frame.pop_stack( 965 VerificationType::integer_type(), CHECK_VERIFY(this)); 966 atype = current_frame.pop_stack( 967 VerificationType::reference_check(), CHECK_VERIFY(this)); 968 if (!atype.is_char_array()) { 969 verify_error(ErrorContext::bad_type(bci, 970 current_frame.stack_top_ctx(), ref_ctx("[C")), 971 bad_type_msg, "caload"); 972 return; 973 } 974 current_frame.push_stack( 975 VerificationType::integer_type(), CHECK_VERIFY(this)); 976 no_control_flow = false; break; 977 case Bytecodes::_saload : 978 type = current_frame.pop_stack( 979 VerificationType::integer_type(), CHECK_VERIFY(this)); 980 atype = current_frame.pop_stack( 981 VerificationType::reference_check(), CHECK_VERIFY(this)); 982 if (!atype.is_short_array()) { 983 verify_error(ErrorContext::bad_type(bci, 984 current_frame.stack_top_ctx(), ref_ctx("[S")), 985 bad_type_msg, "saload"); 986 return; 987 } 988 current_frame.push_stack( 989 VerificationType::integer_type(), CHECK_VERIFY(this)); 990 no_control_flow = false; break; 991 case Bytecodes::_laload : 992 type = current_frame.pop_stack( 993 VerificationType::integer_type(), CHECK_VERIFY(this)); 994 atype = current_frame.pop_stack( 995 VerificationType::reference_check(), CHECK_VERIFY(this)); 996 if (!atype.is_long_array()) { 997 verify_error(ErrorContext::bad_type(bci, 998 current_frame.stack_top_ctx(), ref_ctx("[J")), 999 bad_type_msg, "laload"); 1000 return; 1001 } 1002 current_frame.push_stack_2( 1003 VerificationType::long_type(), 1004 VerificationType::long2_type(), CHECK_VERIFY(this)); 1005 no_control_flow = false; break; 1006 case Bytecodes::_faload : 1007 type = current_frame.pop_stack( 1008 VerificationType::integer_type(), CHECK_VERIFY(this)); 1009 atype = current_frame.pop_stack( 1010 VerificationType::reference_check(), CHECK_VERIFY(this)); 1011 if (!atype.is_float_array()) { 1012 verify_error(ErrorContext::bad_type(bci, 1013 current_frame.stack_top_ctx(), ref_ctx("[F")), 1014 bad_type_msg, "faload"); 1015 return; 1016 } 1017 current_frame.push_stack( 1018 VerificationType::float_type(), CHECK_VERIFY(this)); 1019 no_control_flow = false; break; 1020 case Bytecodes::_daload : 1021 type = current_frame.pop_stack( 1022 VerificationType::integer_type(), CHECK_VERIFY(this)); 1023 atype = current_frame.pop_stack( 1024 VerificationType::reference_check(), CHECK_VERIFY(this)); 1025 if (!atype.is_double_array()) { 1026 verify_error(ErrorContext::bad_type(bci, 1027 current_frame.stack_top_ctx(), ref_ctx("[D")), 1028 bad_type_msg, "daload"); 1029 return; 1030 } 1031 current_frame.push_stack_2( 1032 VerificationType::double_type(), 1033 VerificationType::double2_type(), CHECK_VERIFY(this)); 1034 no_control_flow = false; break; 1035 case Bytecodes::_aaload : { 1036 type = current_frame.pop_stack( 1037 VerificationType::integer_type(), CHECK_VERIFY(this)); 1038 atype = current_frame.pop_stack( 1039 VerificationType::reference_check(), CHECK_VERIFY(this)); 1040 if (!atype.is_reference_array()) { 1041 verify_error(ErrorContext::bad_type(bci, 1042 current_frame.stack_top_ctx(), 1043 TypeOrigin::implicit(VerificationType::reference_check())), 1044 bad_type_msg, "aaload"); 1045 return; 1046 } 1047 if (atype.is_null()) { 1048 current_frame.push_stack( 1049 VerificationType::null_type(), CHECK_VERIFY(this)); 1050 } else { 1051 VerificationType component = atype.get_component(this); 1052 current_frame.push_stack(component, CHECK_VERIFY(this)); 1053 } 1054 no_control_flow = false; break; 1055 } 1056 case Bytecodes::_istore : 1057 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1058 no_control_flow = false; break; 1059 case Bytecodes::_istore_0 : 1060 case Bytecodes::_istore_1 : 1061 case Bytecodes::_istore_2 : 1062 case Bytecodes::_istore_3 : { 1063 int index = opcode - Bytecodes::_istore_0; 1064 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1065 no_control_flow = false; break; 1066 } 1067 case Bytecodes::_lstore : 1068 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1069 no_control_flow = false; break; 1070 case Bytecodes::_lstore_0 : 1071 case Bytecodes::_lstore_1 : 1072 case Bytecodes::_lstore_2 : 1073 case Bytecodes::_lstore_3 : { 1074 int index = opcode - Bytecodes::_lstore_0; 1075 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1076 no_control_flow = false; break; 1077 } 1078 case Bytecodes::_fstore : 1079 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1080 no_control_flow = false; break; 1081 case Bytecodes::_fstore_0 : 1082 case Bytecodes::_fstore_1 : 1083 case Bytecodes::_fstore_2 : 1084 case Bytecodes::_fstore_3 : { 1085 int index = opcode - Bytecodes::_fstore_0; 1086 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1087 no_control_flow = false; break; 1088 } 1089 case Bytecodes::_dstore : 1090 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1091 no_control_flow = false; break; 1092 case Bytecodes::_dstore_0 : 1093 case Bytecodes::_dstore_1 : 1094 case Bytecodes::_dstore_2 : 1095 case Bytecodes::_dstore_3 : { 1096 int index = opcode - Bytecodes::_dstore_0; 1097 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1098 no_control_flow = false; break; 1099 } 1100 case Bytecodes::_astore : 1101 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1102 no_control_flow = false; break; 1103 case Bytecodes::_astore_0 : 1104 case Bytecodes::_astore_1 : 1105 case Bytecodes::_astore_2 : 1106 case Bytecodes::_astore_3 : { 1107 int index = opcode - Bytecodes::_astore_0; 1108 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1109 no_control_flow = false; break; 1110 } 1111 case Bytecodes::_iastore : 1112 type = current_frame.pop_stack( 1113 VerificationType::integer_type(), CHECK_VERIFY(this)); 1114 type2 = current_frame.pop_stack( 1115 VerificationType::integer_type(), CHECK_VERIFY(this)); 1116 atype = current_frame.pop_stack( 1117 VerificationType::reference_check(), CHECK_VERIFY(this)); 1118 if (!atype.is_int_array()) { 1119 verify_error(ErrorContext::bad_type(bci, 1120 current_frame.stack_top_ctx(), ref_ctx("[I")), 1121 bad_type_msg, "iastore"); 1122 return; 1123 } 1124 no_control_flow = false; break; 1125 case Bytecodes::_bastore : 1126 type = current_frame.pop_stack( 1127 VerificationType::integer_type(), CHECK_VERIFY(this)); 1128 type2 = current_frame.pop_stack( 1129 VerificationType::integer_type(), CHECK_VERIFY(this)); 1130 atype = current_frame.pop_stack( 1131 VerificationType::reference_check(), CHECK_VERIFY(this)); 1132 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1133 verify_error( 1134 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1135 bad_type_msg, "bastore"); 1136 return; 1137 } 1138 no_control_flow = false; break; 1139 case Bytecodes::_castore : 1140 current_frame.pop_stack( 1141 VerificationType::integer_type(), CHECK_VERIFY(this)); 1142 current_frame.pop_stack( 1143 VerificationType::integer_type(), CHECK_VERIFY(this)); 1144 atype = current_frame.pop_stack( 1145 VerificationType::reference_check(), CHECK_VERIFY(this)); 1146 if (!atype.is_char_array()) { 1147 verify_error(ErrorContext::bad_type(bci, 1148 current_frame.stack_top_ctx(), ref_ctx("[C")), 1149 bad_type_msg, "castore"); 1150 return; 1151 } 1152 no_control_flow = false; break; 1153 case Bytecodes::_sastore : 1154 current_frame.pop_stack( 1155 VerificationType::integer_type(), CHECK_VERIFY(this)); 1156 current_frame.pop_stack( 1157 VerificationType::integer_type(), CHECK_VERIFY(this)); 1158 atype = current_frame.pop_stack( 1159 VerificationType::reference_check(), CHECK_VERIFY(this)); 1160 if (!atype.is_short_array()) { 1161 verify_error(ErrorContext::bad_type(bci, 1162 current_frame.stack_top_ctx(), ref_ctx("[S")), 1163 bad_type_msg, "sastore"); 1164 return; 1165 } 1166 no_control_flow = false; break; 1167 case Bytecodes::_lastore : 1168 current_frame.pop_stack_2( 1169 VerificationType::long2_type(), 1170 VerificationType::long_type(), CHECK_VERIFY(this)); 1171 current_frame.pop_stack( 1172 VerificationType::integer_type(), CHECK_VERIFY(this)); 1173 atype = current_frame.pop_stack( 1174 VerificationType::reference_check(), CHECK_VERIFY(this)); 1175 if (!atype.is_long_array()) { 1176 verify_error(ErrorContext::bad_type(bci, 1177 current_frame.stack_top_ctx(), ref_ctx("[J")), 1178 bad_type_msg, "lastore"); 1179 return; 1180 } 1181 no_control_flow = false; break; 1182 case Bytecodes::_fastore : 1183 current_frame.pop_stack( 1184 VerificationType::float_type(), CHECK_VERIFY(this)); 1185 current_frame.pop_stack 1186 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1187 atype = current_frame.pop_stack( 1188 VerificationType::reference_check(), CHECK_VERIFY(this)); 1189 if (!atype.is_float_array()) { 1190 verify_error(ErrorContext::bad_type(bci, 1191 current_frame.stack_top_ctx(), ref_ctx("[F")), 1192 bad_type_msg, "fastore"); 1193 return; 1194 } 1195 no_control_flow = false; break; 1196 case Bytecodes::_dastore : 1197 current_frame.pop_stack_2( 1198 VerificationType::double2_type(), 1199 VerificationType::double_type(), CHECK_VERIFY(this)); 1200 current_frame.pop_stack( 1201 VerificationType::integer_type(), CHECK_VERIFY(this)); 1202 atype = current_frame.pop_stack( 1203 VerificationType::reference_check(), CHECK_VERIFY(this)); 1204 if (!atype.is_double_array()) { 1205 verify_error(ErrorContext::bad_type(bci, 1206 current_frame.stack_top_ctx(), ref_ctx("[D")), 1207 bad_type_msg, "dastore"); 1208 return; 1209 } 1210 no_control_flow = false; break; 1211 case Bytecodes::_aastore : 1212 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1213 type2 = current_frame.pop_stack( 1214 VerificationType::integer_type(), CHECK_VERIFY(this)); 1215 atype = current_frame.pop_stack( 1216 VerificationType::reference_check(), CHECK_VERIFY(this)); 1217 // more type-checking is done at runtime 1218 if (!atype.is_reference_array()) { 1219 verify_error(ErrorContext::bad_type(bci, 1220 current_frame.stack_top_ctx(), 1221 TypeOrigin::implicit(VerificationType::reference_check())), 1222 bad_type_msg, "aastore"); 1223 return; 1224 } 1225 // 4938384: relaxed constraint in JVMS 3rd edition. 1226 no_control_flow = false; break; 1227 case Bytecodes::_pop : 1228 current_frame.pop_stack( 1229 VerificationType::category1_check(), CHECK_VERIFY(this)); 1230 no_control_flow = false; break; 1231 case Bytecodes::_pop2 : 1232 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1233 if (type.is_category1()) { 1234 current_frame.pop_stack( 1235 VerificationType::category1_check(), CHECK_VERIFY(this)); 1236 } else if (type.is_category2_2nd()) { 1237 current_frame.pop_stack( 1238 VerificationType::category2_check(), CHECK_VERIFY(this)); 1239 } else { 1240 /* Unreachable? Would need a category2_1st on TOS 1241 * which does not appear possible. */ 1242 verify_error( 1243 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1244 bad_type_msg, "pop2"); 1245 return; 1246 } 1247 no_control_flow = false; break; 1248 case Bytecodes::_dup : 1249 type = current_frame.pop_stack( 1250 VerificationType::category1_check(), CHECK_VERIFY(this)); 1251 current_frame.push_stack(type, CHECK_VERIFY(this)); 1252 current_frame.push_stack(type, CHECK_VERIFY(this)); 1253 no_control_flow = false; break; 1254 case Bytecodes::_dup_x1 : 1255 type = current_frame.pop_stack( 1256 VerificationType::category1_check(), CHECK_VERIFY(this)); 1257 type2 = current_frame.pop_stack( 1258 VerificationType::category1_check(), CHECK_VERIFY(this)); 1259 current_frame.push_stack(type, CHECK_VERIFY(this)); 1260 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1261 current_frame.push_stack(type, CHECK_VERIFY(this)); 1262 no_control_flow = false; break; 1263 case Bytecodes::_dup_x2 : 1264 { 1265 VerificationType type3; 1266 type = current_frame.pop_stack( 1267 VerificationType::category1_check(), CHECK_VERIFY(this)); 1268 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1269 if (type2.is_category1()) { 1270 type3 = current_frame.pop_stack( 1271 VerificationType::category1_check(), CHECK_VERIFY(this)); 1272 } else if (type2.is_category2_2nd()) { 1273 type3 = current_frame.pop_stack( 1274 VerificationType::category2_check(), CHECK_VERIFY(this)); 1275 } else { 1276 /* Unreachable? Would need a category2_1st at stack depth 2 with 1277 * a category1 on TOS which does not appear possible. */ 1278 verify_error(ErrorContext::bad_type( 1279 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1280 return; 1281 } 1282 current_frame.push_stack(type, CHECK_VERIFY(this)); 1283 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1284 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1285 current_frame.push_stack(type, CHECK_VERIFY(this)); 1286 no_control_flow = false; break; 1287 } 1288 case Bytecodes::_dup2 : 1289 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1290 if (type.is_category1()) { 1291 type2 = current_frame.pop_stack( 1292 VerificationType::category1_check(), CHECK_VERIFY(this)); 1293 } else if (type.is_category2_2nd()) { 1294 type2 = current_frame.pop_stack( 1295 VerificationType::category2_check(), CHECK_VERIFY(this)); 1296 } else { 1297 /* Unreachable? Would need a category2_1st on TOS which does not 1298 * appear possible. */ 1299 verify_error( 1300 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1301 bad_type_msg, "dup2"); 1302 return; 1303 } 1304 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1305 current_frame.push_stack(type, CHECK_VERIFY(this)); 1306 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1307 current_frame.push_stack(type, CHECK_VERIFY(this)); 1308 no_control_flow = false; break; 1309 case Bytecodes::_dup2_x1 : 1310 { 1311 VerificationType type3; 1312 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1313 if (type.is_category1()) { 1314 type2 = current_frame.pop_stack( 1315 VerificationType::category1_check(), CHECK_VERIFY(this)); 1316 } else if (type.is_category2_2nd()) { 1317 type2 = current_frame.pop_stack( 1318 VerificationType::category2_check(), CHECK_VERIFY(this)); 1319 } else { 1320 /* Unreachable? Would need a category2_1st on TOS which does 1321 * not appear possible. */ 1322 verify_error( 1323 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1324 bad_type_msg, "dup2_x1"); 1325 return; 1326 } 1327 type3 = current_frame.pop_stack( 1328 VerificationType::category1_check(), CHECK_VERIFY(this)); 1329 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1330 current_frame.push_stack(type, CHECK_VERIFY(this)); 1331 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1332 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1333 current_frame.push_stack(type, CHECK_VERIFY(this)); 1334 no_control_flow = false; break; 1335 } 1336 case Bytecodes::_dup2_x2 : 1337 { 1338 VerificationType type3, type4; 1339 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1340 if (type.is_category1()) { 1341 type2 = current_frame.pop_stack( 1342 VerificationType::category1_check(), CHECK_VERIFY(this)); 1343 } else if (type.is_category2_2nd()) { 1344 type2 = current_frame.pop_stack( 1345 VerificationType::category2_check(), CHECK_VERIFY(this)); 1346 } else { 1347 /* Unreachable? Would need a category2_1st on TOS which does 1348 * not appear possible. */ 1349 verify_error( 1350 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1351 bad_type_msg, "dup2_x2"); 1352 return; 1353 } 1354 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1355 if (type3.is_category1()) { 1356 type4 = current_frame.pop_stack( 1357 VerificationType::category1_check(), CHECK_VERIFY(this)); 1358 } else if (type3.is_category2_2nd()) { 1359 type4 = current_frame.pop_stack( 1360 VerificationType::category2_check(), CHECK_VERIFY(this)); 1361 } else { 1362 /* Unreachable? Would need a category2_1st on TOS after popping 1363 * a long/double or two category 1's, which does not 1364 * appear possible. */ 1365 verify_error( 1366 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1367 bad_type_msg, "dup2_x2"); 1368 return; 1369 } 1370 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1371 current_frame.push_stack(type, CHECK_VERIFY(this)); 1372 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1373 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1374 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1375 current_frame.push_stack(type, CHECK_VERIFY(this)); 1376 no_control_flow = false; break; 1377 } 1378 case Bytecodes::_swap : 1379 type = current_frame.pop_stack( 1380 VerificationType::category1_check(), CHECK_VERIFY(this)); 1381 type2 = current_frame.pop_stack( 1382 VerificationType::category1_check(), CHECK_VERIFY(this)); 1383 current_frame.push_stack(type, CHECK_VERIFY(this)); 1384 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1385 no_control_flow = false; break; 1386 case Bytecodes::_iadd : 1387 case Bytecodes::_isub : 1388 case Bytecodes::_imul : 1389 case Bytecodes::_idiv : 1390 case Bytecodes::_irem : 1391 case Bytecodes::_ishl : 1392 case Bytecodes::_ishr : 1393 case Bytecodes::_iushr : 1394 case Bytecodes::_ior : 1395 case Bytecodes::_ixor : 1396 case Bytecodes::_iand : 1397 current_frame.pop_stack( 1398 VerificationType::integer_type(), CHECK_VERIFY(this)); 1399 // fall through 1400 case Bytecodes::_ineg : 1401 current_frame.pop_stack( 1402 VerificationType::integer_type(), CHECK_VERIFY(this)); 1403 current_frame.push_stack( 1404 VerificationType::integer_type(), CHECK_VERIFY(this)); 1405 no_control_flow = false; break; 1406 case Bytecodes::_ladd : 1407 case Bytecodes::_lsub : 1408 case Bytecodes::_lmul : 1409 case Bytecodes::_ldiv : 1410 case Bytecodes::_lrem : 1411 case Bytecodes::_land : 1412 case Bytecodes::_lor : 1413 case Bytecodes::_lxor : 1414 current_frame.pop_stack_2( 1415 VerificationType::long2_type(), 1416 VerificationType::long_type(), CHECK_VERIFY(this)); 1417 // fall through 1418 case Bytecodes::_lneg : 1419 current_frame.pop_stack_2( 1420 VerificationType::long2_type(), 1421 VerificationType::long_type(), CHECK_VERIFY(this)); 1422 current_frame.push_stack_2( 1423 VerificationType::long_type(), 1424 VerificationType::long2_type(), CHECK_VERIFY(this)); 1425 no_control_flow = false; break; 1426 case Bytecodes::_lshl : 1427 case Bytecodes::_lshr : 1428 case Bytecodes::_lushr : 1429 current_frame.pop_stack( 1430 VerificationType::integer_type(), CHECK_VERIFY(this)); 1431 current_frame.pop_stack_2( 1432 VerificationType::long2_type(), 1433 VerificationType::long_type(), CHECK_VERIFY(this)); 1434 current_frame.push_stack_2( 1435 VerificationType::long_type(), 1436 VerificationType::long2_type(), CHECK_VERIFY(this)); 1437 no_control_flow = false; break; 1438 case Bytecodes::_fadd : 1439 case Bytecodes::_fsub : 1440 case Bytecodes::_fmul : 1441 case Bytecodes::_fdiv : 1442 case Bytecodes::_frem : 1443 current_frame.pop_stack( 1444 VerificationType::float_type(), CHECK_VERIFY(this)); 1445 // fall through 1446 case Bytecodes::_fneg : 1447 current_frame.pop_stack( 1448 VerificationType::float_type(), CHECK_VERIFY(this)); 1449 current_frame.push_stack( 1450 VerificationType::float_type(), CHECK_VERIFY(this)); 1451 no_control_flow = false; break; 1452 case Bytecodes::_dadd : 1453 case Bytecodes::_dsub : 1454 case Bytecodes::_dmul : 1455 case Bytecodes::_ddiv : 1456 case Bytecodes::_drem : 1457 current_frame.pop_stack_2( 1458 VerificationType::double2_type(), 1459 VerificationType::double_type(), CHECK_VERIFY(this)); 1460 // fall through 1461 case Bytecodes::_dneg : 1462 current_frame.pop_stack_2( 1463 VerificationType::double2_type(), 1464 VerificationType::double_type(), CHECK_VERIFY(this)); 1465 current_frame.push_stack_2( 1466 VerificationType::double_type(), 1467 VerificationType::double2_type(), CHECK_VERIFY(this)); 1468 no_control_flow = false; break; 1469 case Bytecodes::_iinc : 1470 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1471 no_control_flow = false; break; 1472 case Bytecodes::_i2l : 1473 type = current_frame.pop_stack( 1474 VerificationType::integer_type(), CHECK_VERIFY(this)); 1475 current_frame.push_stack_2( 1476 VerificationType::long_type(), 1477 VerificationType::long2_type(), CHECK_VERIFY(this)); 1478 no_control_flow = false; break; 1479 case Bytecodes::_l2i : 1480 current_frame.pop_stack_2( 1481 VerificationType::long2_type(), 1482 VerificationType::long_type(), CHECK_VERIFY(this)); 1483 current_frame.push_stack( 1484 VerificationType::integer_type(), CHECK_VERIFY(this)); 1485 no_control_flow = false; break; 1486 case Bytecodes::_i2f : 1487 current_frame.pop_stack( 1488 VerificationType::integer_type(), CHECK_VERIFY(this)); 1489 current_frame.push_stack( 1490 VerificationType::float_type(), CHECK_VERIFY(this)); 1491 no_control_flow = false; break; 1492 case Bytecodes::_i2d : 1493 current_frame.pop_stack( 1494 VerificationType::integer_type(), CHECK_VERIFY(this)); 1495 current_frame.push_stack_2( 1496 VerificationType::double_type(), 1497 VerificationType::double2_type(), CHECK_VERIFY(this)); 1498 no_control_flow = false; break; 1499 case Bytecodes::_l2f : 1500 current_frame.pop_stack_2( 1501 VerificationType::long2_type(), 1502 VerificationType::long_type(), CHECK_VERIFY(this)); 1503 current_frame.push_stack( 1504 VerificationType::float_type(), CHECK_VERIFY(this)); 1505 no_control_flow = false; break; 1506 case Bytecodes::_l2d : 1507 current_frame.pop_stack_2( 1508 VerificationType::long2_type(), 1509 VerificationType::long_type(), CHECK_VERIFY(this)); 1510 current_frame.push_stack_2( 1511 VerificationType::double_type(), 1512 VerificationType::double2_type(), CHECK_VERIFY(this)); 1513 no_control_flow = false; break; 1514 case Bytecodes::_f2i : 1515 current_frame.pop_stack( 1516 VerificationType::float_type(), CHECK_VERIFY(this)); 1517 current_frame.push_stack( 1518 VerificationType::integer_type(), CHECK_VERIFY(this)); 1519 no_control_flow = false; break; 1520 case Bytecodes::_f2l : 1521 current_frame.pop_stack( 1522 VerificationType::float_type(), CHECK_VERIFY(this)); 1523 current_frame.push_stack_2( 1524 VerificationType::long_type(), 1525 VerificationType::long2_type(), CHECK_VERIFY(this)); 1526 no_control_flow = false; break; 1527 case Bytecodes::_f2d : 1528 current_frame.pop_stack( 1529 VerificationType::float_type(), CHECK_VERIFY(this)); 1530 current_frame.push_stack_2( 1531 VerificationType::double_type(), 1532 VerificationType::double2_type(), CHECK_VERIFY(this)); 1533 no_control_flow = false; break; 1534 case Bytecodes::_d2i : 1535 current_frame.pop_stack_2( 1536 VerificationType::double2_type(), 1537 VerificationType::double_type(), CHECK_VERIFY(this)); 1538 current_frame.push_stack( 1539 VerificationType::integer_type(), CHECK_VERIFY(this)); 1540 no_control_flow = false; break; 1541 case Bytecodes::_d2l : 1542 current_frame.pop_stack_2( 1543 VerificationType::double2_type(), 1544 VerificationType::double_type(), CHECK_VERIFY(this)); 1545 current_frame.push_stack_2( 1546 VerificationType::long_type(), 1547 VerificationType::long2_type(), CHECK_VERIFY(this)); 1548 no_control_flow = false; break; 1549 case Bytecodes::_d2f : 1550 current_frame.pop_stack_2( 1551 VerificationType::double2_type(), 1552 VerificationType::double_type(), CHECK_VERIFY(this)); 1553 current_frame.push_stack( 1554 VerificationType::float_type(), CHECK_VERIFY(this)); 1555 no_control_flow = false; break; 1556 case Bytecodes::_i2b : 1557 case Bytecodes::_i2c : 1558 case Bytecodes::_i2s : 1559 current_frame.pop_stack( 1560 VerificationType::integer_type(), CHECK_VERIFY(this)); 1561 current_frame.push_stack( 1562 VerificationType::integer_type(), CHECK_VERIFY(this)); 1563 no_control_flow = false; break; 1564 case Bytecodes::_lcmp : 1565 current_frame.pop_stack_2( 1566 VerificationType::long2_type(), 1567 VerificationType::long_type(), CHECK_VERIFY(this)); 1568 current_frame.pop_stack_2( 1569 VerificationType::long2_type(), 1570 VerificationType::long_type(), CHECK_VERIFY(this)); 1571 current_frame.push_stack( 1572 VerificationType::integer_type(), CHECK_VERIFY(this)); 1573 no_control_flow = false; break; 1574 case Bytecodes::_fcmpl : 1575 case Bytecodes::_fcmpg : 1576 current_frame.pop_stack( 1577 VerificationType::float_type(), CHECK_VERIFY(this)); 1578 current_frame.pop_stack( 1579 VerificationType::float_type(), CHECK_VERIFY(this)); 1580 current_frame.push_stack( 1581 VerificationType::integer_type(), CHECK_VERIFY(this)); 1582 no_control_flow = false; break; 1583 case Bytecodes::_dcmpl : 1584 case Bytecodes::_dcmpg : 1585 current_frame.pop_stack_2( 1586 VerificationType::double2_type(), 1587 VerificationType::double_type(), CHECK_VERIFY(this)); 1588 current_frame.pop_stack_2( 1589 VerificationType::double2_type(), 1590 VerificationType::double_type(), CHECK_VERIFY(this)); 1591 current_frame.push_stack( 1592 VerificationType::integer_type(), CHECK_VERIFY(this)); 1593 no_control_flow = false; break; 1594 case Bytecodes::_if_icmpeq: 1595 case Bytecodes::_if_icmpne: 1596 case Bytecodes::_if_icmplt: 1597 case Bytecodes::_if_icmpge: 1598 case Bytecodes::_if_icmpgt: 1599 case Bytecodes::_if_icmple: 1600 current_frame.pop_stack( 1601 VerificationType::integer_type(), CHECK_VERIFY(this)); 1602 // fall through 1603 case Bytecodes::_ifeq: 1604 case Bytecodes::_ifne: 1605 case Bytecodes::_iflt: 1606 case Bytecodes::_ifge: 1607 case Bytecodes::_ifgt: 1608 case Bytecodes::_ifle: 1609 current_frame.pop_stack( 1610 VerificationType::integer_type(), CHECK_VERIFY(this)); 1611 target = bcs.dest(); 1612 stackmap_table.check_jump_target( 1613 ¤t_frame, target, CHECK_VERIFY(this)); 1614 no_control_flow = false; break; 1615 case Bytecodes::_if_acmpeq : 1616 case Bytecodes::_if_acmpne : 1617 current_frame.pop_stack( 1618 VerificationType::reference_check(), CHECK_VERIFY(this)); 1619 // fall through 1620 case Bytecodes::_ifnull : 1621 case Bytecodes::_ifnonnull : 1622 current_frame.pop_stack( 1623 VerificationType::reference_check(), CHECK_VERIFY(this)); 1624 target = bcs.dest(); 1625 stackmap_table.check_jump_target 1626 (¤t_frame, target, CHECK_VERIFY(this)); 1627 no_control_flow = false; break; 1628 case Bytecodes::_goto : 1629 target = bcs.dest(); 1630 stackmap_table.check_jump_target( 1631 ¤t_frame, target, CHECK_VERIFY(this)); 1632 no_control_flow = true; break; 1633 case Bytecodes::_goto_w : 1634 target = bcs.dest_w(); 1635 stackmap_table.check_jump_target( 1636 ¤t_frame, target, CHECK_VERIFY(this)); 1637 no_control_flow = true; break; 1638 case Bytecodes::_tableswitch : 1639 case Bytecodes::_lookupswitch : 1640 verify_switch( 1641 &bcs, code_length, code_data, ¤t_frame, 1642 &stackmap_table, CHECK_VERIFY(this)); 1643 no_control_flow = true; break; 1644 case Bytecodes::_ireturn : 1645 type = current_frame.pop_stack( 1646 VerificationType::integer_type(), CHECK_VERIFY(this)); 1647 verify_return_value(return_type, type, bci, 1648 ¤t_frame, CHECK_VERIFY(this)); 1649 no_control_flow = true; break; 1650 case Bytecodes::_lreturn : 1651 type2 = current_frame.pop_stack( 1652 VerificationType::long2_type(), CHECK_VERIFY(this)); 1653 type = current_frame.pop_stack( 1654 VerificationType::long_type(), CHECK_VERIFY(this)); 1655 verify_return_value(return_type, type, bci, 1656 ¤t_frame, CHECK_VERIFY(this)); 1657 no_control_flow = true; break; 1658 case Bytecodes::_freturn : 1659 type = current_frame.pop_stack( 1660 VerificationType::float_type(), CHECK_VERIFY(this)); 1661 verify_return_value(return_type, type, bci, 1662 ¤t_frame, CHECK_VERIFY(this)); 1663 no_control_flow = true; break; 1664 case Bytecodes::_dreturn : 1665 type2 = current_frame.pop_stack( 1666 VerificationType::double2_type(), CHECK_VERIFY(this)); 1667 type = current_frame.pop_stack( 1668 VerificationType::double_type(), CHECK_VERIFY(this)); 1669 verify_return_value(return_type, type, bci, 1670 ¤t_frame, CHECK_VERIFY(this)); 1671 no_control_flow = true; break; 1672 case Bytecodes::_areturn : 1673 type = current_frame.pop_stack( 1674 VerificationType::reference_check(), CHECK_VERIFY(this)); 1675 verify_return_value(return_type, type, bci, 1676 ¤t_frame, CHECK_VERIFY(this)); 1677 no_control_flow = true; break; 1678 case Bytecodes::_return : 1679 if (return_type != VerificationType::bogus_type()) { 1680 verify_error(ErrorContext::bad_code(bci), 1681 "Method expects a return value"); 1682 return; 1683 } 1684 // Make sure "this" has been initialized if current method is an 1685 // <init>. 1686 if (_method->name() == vmSymbols::object_initializer_name() && 1687 current_frame.flag_this_uninit()) { 1688 verify_error(ErrorContext::bad_code(bci), 1689 "Constructor must call super() or this() " 1690 "before return"); 1691 return; 1692 } 1693 no_control_flow = true; break; 1694 case Bytecodes::_getstatic : 1695 case Bytecodes::_putstatic : 1696 // pass TRUE, operand can be an array type for getstatic/putstatic. 1697 verify_field_instructions( 1698 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1699 no_control_flow = false; break; 1700 case Bytecodes::_getfield : 1701 case Bytecodes::_putfield : 1702 // pass FALSE, operand can't be an array type for getfield/putfield. 1703 verify_field_instructions( 1704 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1705 no_control_flow = false; break; 1706 case Bytecodes::_invokevirtual : 1707 case Bytecodes::_invokespecial : 1708 case Bytecodes::_invokestatic : 1709 verify_invoke_instructions( 1710 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1711 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1712 no_control_flow = false; break; 1713 case Bytecodes::_invokeinterface : 1714 case Bytecodes::_invokedynamic : 1715 verify_invoke_instructions( 1716 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1717 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1718 no_control_flow = false; break; 1719 case Bytecodes::_new : 1720 { 1721 u2 index = bcs.get_index_u2(); 1722 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1723 VerificationType new_class_type = 1724 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1725 if (!new_class_type.is_object()) { 1726 verify_error(ErrorContext::bad_type(bci, 1727 TypeOrigin::cp(index, new_class_type)), 1728 "Illegal new instruction"); 1729 return; 1730 } 1731 type = VerificationType::uninitialized_type(checked_cast<u2>(bci)); 1732 current_frame.push_stack(type, CHECK_VERIFY(this)); 1733 no_control_flow = false; break; 1734 } 1735 case Bytecodes::_newarray : 1736 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1737 current_frame.pop_stack( 1738 VerificationType::integer_type(), CHECK_VERIFY(this)); 1739 current_frame.push_stack(type, CHECK_VERIFY(this)); 1740 no_control_flow = false; break; 1741 case Bytecodes::_anewarray : 1742 verify_anewarray( 1743 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1744 no_control_flow = false; break; 1745 case Bytecodes::_arraylength : 1746 type = current_frame.pop_stack( 1747 VerificationType::reference_check(), CHECK_VERIFY(this)); 1748 if (!(type.is_null() || type.is_array())) { 1749 verify_error(ErrorContext::bad_type( 1750 bci, current_frame.stack_top_ctx()), 1751 bad_type_msg, "arraylength"); 1752 } 1753 current_frame.push_stack( 1754 VerificationType::integer_type(), CHECK_VERIFY(this)); 1755 no_control_flow = false; break; 1756 case Bytecodes::_checkcast : 1757 { 1758 u2 index = bcs.get_index_u2(); 1759 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1760 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1761 VerificationType klass_type = cp_index_to_type( 1762 index, cp, CHECK_VERIFY(this)); 1763 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1764 no_control_flow = false; break; 1765 } 1766 case Bytecodes::_instanceof : { 1767 u2 index = bcs.get_index_u2(); 1768 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1769 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1770 current_frame.push_stack( 1771 VerificationType::integer_type(), CHECK_VERIFY(this)); 1772 no_control_flow = false; break; 1773 } 1774 case Bytecodes::_monitorenter : 1775 case Bytecodes::_monitorexit : 1776 current_frame.pop_stack( 1777 VerificationType::reference_check(), CHECK_VERIFY(this)); 1778 no_control_flow = false; break; 1779 case Bytecodes::_multianewarray : 1780 { 1781 u2 index = bcs.get_index_u2(); 1782 u2 dim = *(bcs.bcp()+3); 1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1784 VerificationType new_array_type = 1785 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1786 if (!new_array_type.is_array()) { 1787 verify_error(ErrorContext::bad_type(bci, 1788 TypeOrigin::cp(index, new_array_type)), 1789 "Illegal constant pool index in multianewarray instruction"); 1790 return; 1791 } 1792 if (dim < 1 || new_array_type.dimensions() < dim) { 1793 verify_error(ErrorContext::bad_code(bci), 1794 "Illegal dimension in multianewarray instruction: %d", dim); 1795 return; 1796 } 1797 for (int i = 0; i < dim; i++) { 1798 current_frame.pop_stack( 1799 VerificationType::integer_type(), CHECK_VERIFY(this)); 1800 } 1801 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1802 no_control_flow = false; break; 1803 } 1804 case Bytecodes::_athrow : 1805 type = VerificationType::reference_type( 1806 vmSymbols::java_lang_Throwable()); 1807 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1808 no_control_flow = true; break; 1809 default: 1810 // We only need to check the valid bytecodes in class file. 1811 // And jsr and ret are not in the new class file format in JDK1.6. 1812 verify_error(ErrorContext::bad_code(bci), 1813 "Bad instruction: %02x", opcode); 1814 no_control_flow = false; 1815 return; 1816 } // end switch 1817 } // end Merge with the next instruction 1818 1819 // Look for possible jump target in exception handlers and see if it matches 1820 // current_frame. Don't do this check if it has already been done (for 1821 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1822 // opcodes, such as invokespecial, may set the this_uninit flag. 1823 assert(!(verified_exc_handlers && this_uninit), 1824 "Exception handler targets got verified before this_uninit got set"); 1825 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1826 if (was_recursively_verified()) return; 1827 verify_exception_handler_targets( 1828 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1829 } 1830 } // end while 1831 1832 // Make sure that control flow does not fall through end of the method 1833 if (!no_control_flow) { 1834 verify_error(ErrorContext::bad_code(code_length), 1835 "Control flow falls through code end"); 1836 return; 1837 } 1838 } 1839 1840 #undef bad_type_message 1841 1842 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1843 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1844 memset(code_data, 0, sizeof(char) * code_length); 1845 RawBytecodeStream bcs(m); 1846 1847 while (!bcs.is_last_bytecode()) { 1848 if (bcs.raw_next() != Bytecodes::_illegal) { 1849 int bci = bcs.bci(); 1850 if (bcs.raw_code() == Bytecodes::_new) { 1851 code_data[bci] = NEW_OFFSET; 1852 } else { 1853 code_data[bci] = BYTECODE_OFFSET; 1854 } 1855 } else { 1856 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1857 return nullptr; 1858 } 1859 } 1860 1861 return code_data; 1862 } 1863 1864 // Since this method references the constant pool, call was_recursively_verified() 1865 // before calling this method to make sure a prior class load did not cause the 1866 // current class to get verified. 1867 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1868 ExceptionTable exhandlers(_method()); 1869 int exlength = exhandlers.length(); 1870 constantPoolHandle cp (THREAD, _method->constants()); 1871 1872 for(int i = 0; i < exlength; i++) { 1873 u2 start_pc = exhandlers.start_pc(i); 1874 u2 end_pc = exhandlers.end_pc(i); 1875 u2 handler_pc = exhandlers.handler_pc(i); 1876 if (start_pc >= code_length || code_data[start_pc] == 0) { 1877 class_format_error("Illegal exception table start_pc %d", start_pc); 1878 return; 1879 } 1880 if (end_pc != code_length) { // special case: end_pc == code_length 1881 if (end_pc > code_length || code_data[end_pc] == 0) { 1882 class_format_error("Illegal exception table end_pc %d", end_pc); 1883 return; 1884 } 1885 } 1886 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1887 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1888 return; 1889 } 1890 u2 catch_type_index = exhandlers.catch_type_index(i); 1891 if (catch_type_index != 0) { 1892 VerificationType catch_type = cp_index_to_type( 1893 catch_type_index, cp, CHECK_VERIFY(this)); 1894 VerificationType throwable = 1895 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1896 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1897 // do that, and we need to avoid a runtime resolution in case we are trying to 1898 // catch OutOfMemoryError. 1899 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1900 cp->klass_at(catch_type_index, CHECK); 1901 } 1902 bool is_subclass = throwable.is_assignable_from( 1903 catch_type, this, false, CHECK_VERIFY(this)); 1904 if (!is_subclass) { 1905 // 4286534: should throw VerifyError according to recent spec change 1906 verify_error(ErrorContext::bad_type(handler_pc, 1907 TypeOrigin::cp(catch_type_index, catch_type), 1908 TypeOrigin::implicit(throwable)), 1909 "Catch type is not a subclass " 1910 "of Throwable in exception handler %d", handler_pc); 1911 return; 1912 } 1913 } 1914 if (start_pc < min) min = start_pc; 1915 if (end_pc > max) max = end_pc; 1916 } 1917 } 1918 1919 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1920 int localvariable_table_length = _method->localvariable_table_length(); 1921 if (localvariable_table_length > 0) { 1922 LocalVariableTableElement* table = _method->localvariable_table_start(); 1923 for (int i = 0; i < localvariable_table_length; i++) { 1924 u2 start_bci = table[i].start_bci; 1925 u2 length = table[i].length; 1926 1927 if (start_bci >= code_length || code_data[start_bci] == 0) { 1928 class_format_error( 1929 "Illegal local variable table start_pc %d", start_bci); 1930 return; 1931 } 1932 u4 end_bci = (u4)(start_bci + length); 1933 if (end_bci != code_length) { 1934 if (end_bci >= code_length || code_data[end_bci] == 0) { 1935 class_format_error( "Illegal local variable table length %d", length); 1936 return; 1937 } 1938 } 1939 } 1940 } 1941 } 1942 1943 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci, 1944 StackMapFrame* current_frame, 1945 StackMapTable* stackmap_table, 1946 bool no_control_flow, TRAPS) { 1947 if (stackmap_index < stackmap_table->get_frame_count()) { 1948 int this_offset = stackmap_table->get_offset(stackmap_index); 1949 if (no_control_flow && this_offset > bci) { 1950 verify_error(ErrorContext::missing_stackmap(bci), 1951 "Expecting a stack map frame"); 1952 return 0; 1953 } 1954 if (this_offset == bci) { 1955 ErrorContext ctx; 1956 // See if current stack map can be assigned to the frame in table. 1957 // current_frame is the stackmap frame got from the last instruction. 1958 // If matched, current_frame will be updated by this method. 1959 bool matches = stackmap_table->match_stackmap( 1960 current_frame, this_offset, stackmap_index, 1961 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1962 if (!matches) { 1963 // report type error 1964 verify_error(ctx, "Instruction type does not match stack map"); 1965 return 0; 1966 } 1967 stackmap_index++; 1968 } else if (this_offset < bci) { 1969 // current_offset should have met this_offset. 1970 class_format_error("Bad stack map offset %d", this_offset); 1971 return 0; 1972 } 1973 } else if (no_control_flow) { 1974 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1975 return 0; 1976 } 1977 return stackmap_index; 1978 } 1979 1980 // Since this method references the constant pool, call was_recursively_verified() 1981 // before calling this method to make sure a prior class load did not cause the 1982 // current class to get verified. 1983 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit, 1984 StackMapFrame* current_frame, 1985 StackMapTable* stackmap_table, TRAPS) { 1986 constantPoolHandle cp (THREAD, _method->constants()); 1987 ExceptionTable exhandlers(_method()); 1988 int exlength = exhandlers.length(); 1989 for(int i = 0; i < exlength; i++) { 1990 u2 start_pc = exhandlers.start_pc(i); 1991 u2 end_pc = exhandlers.end_pc(i); 1992 u2 handler_pc = exhandlers.handler_pc(i); 1993 int catch_type_index = exhandlers.catch_type_index(i); 1994 if(bci >= start_pc && bci < end_pc) { 1995 u1 flags = current_frame->flags(); 1996 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1997 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1998 if (catch_type_index != 0) { 1999 if (was_recursively_verified()) return; 2000 // We know that this index refers to a subclass of Throwable 2001 VerificationType catch_type = cp_index_to_type( 2002 catch_type_index, cp, CHECK_VERIFY(this)); 2003 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2004 } else { 2005 VerificationType throwable = 2006 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2007 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2008 } 2009 ErrorContext ctx; 2010 bool matches = stackmap_table->match_stackmap( 2011 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2012 if (!matches) { 2013 verify_error(ctx, "Stack map does not match the one at " 2014 "exception handler %d", handler_pc); 2015 return; 2016 } 2017 } 2018 } 2019 } 2020 2021 void ClassVerifier::verify_cp_index( 2022 int bci, const constantPoolHandle& cp, u2 index, TRAPS) { 2023 int nconstants = cp->length(); 2024 if ((index <= 0) || (index >= nconstants)) { 2025 verify_error(ErrorContext::bad_cp_index(bci, index), 2026 "Illegal constant pool index %d in class %s", 2027 index, cp->pool_holder()->external_name()); 2028 return; 2029 } 2030 } 2031 2032 void ClassVerifier::verify_cp_type( 2033 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2034 2035 // In some situations, bytecode rewriting may occur while we're verifying. 2036 // In this case, a constant pool cache exists and some indices refer to that 2037 // instead. Be sure we don't pick up such indices by accident. 2038 // We must check was_recursively_verified() before we get here. 2039 guarantee(cp->cache() == nullptr, "not rewritten yet"); 2040 2041 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2042 unsigned int tag = cp->tag_at(index).value(); 2043 if ((types & (1 << tag)) == 0) { 2044 verify_error(ErrorContext::bad_cp_index(bci, index), 2045 "Illegal type at constant pool entry %d in class %s", 2046 index, cp->pool_holder()->external_name()); 2047 return; 2048 } 2049 } 2050 2051 void ClassVerifier::verify_cp_class_type( 2052 int bci, u2 index, const constantPoolHandle& cp, TRAPS) { 2053 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2054 constantTag tag = cp->tag_at(index); 2055 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2056 verify_error(ErrorContext::bad_cp_index(bci, index), 2057 "Illegal type at constant pool entry %d in class %s", 2058 index, cp->pool_holder()->external_name()); 2059 return; 2060 } 2061 } 2062 2063 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2064 stringStream ss; 2065 2066 ctx.reset_frames(); 2067 _exception_type = vmSymbols::java_lang_VerifyError(); 2068 _error_context = ctx; 2069 va_list va; 2070 va_start(va, msg); 2071 ss.vprint(msg, va); 2072 va_end(va); 2073 _message = ss.as_string(); 2074 #ifdef ASSERT 2075 ResourceMark rm; 2076 const char* exception_name = _exception_type->as_C_string(); 2077 Exceptions::debug_check_abort(exception_name, nullptr); 2078 #endif // ndef ASSERT 2079 } 2080 2081 void ClassVerifier::class_format_error(const char* msg, ...) { 2082 stringStream ss; 2083 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2084 va_list va; 2085 va_start(va, msg); 2086 ss.vprint(msg, va); 2087 va_end(va); 2088 if (!_method.is_null()) { 2089 ss.print(" in method '"); 2090 _method->print_external_name(&ss); 2091 ss.print("'"); 2092 } 2093 _message = ss.as_string(); 2094 } 2095 2096 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2097 HandleMark hm(THREAD); 2098 // Get current loader and protection domain first. 2099 oop loader = current_class()->class_loader(); 2100 oop protection_domain = current_class()->protection_domain(); 2101 2102 assert(name_in_supers(name, current_class()), "name should be a super class"); 2103 2104 Klass* kls = SystemDictionary::resolve_or_fail( 2105 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2106 true, THREAD); 2107 2108 if (kls != nullptr) { 2109 if (log_is_enabled(Debug, class, resolve)) { 2110 Verifier::trace_class_resolution(kls, current_class()); 2111 } 2112 } 2113 return kls; 2114 } 2115 2116 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2117 Klass* target_class, 2118 Symbol* field_name, 2119 Symbol* field_sig, 2120 bool is_method) { 2121 NoSafepointVerifier nosafepoint; 2122 2123 // If target class isn't a super class of this class, we don't worry about this case 2124 if (!this_class->is_subclass_of(target_class)) { 2125 return false; 2126 } 2127 // Check if the specified method or field is protected 2128 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2129 fieldDescriptor fd; 2130 if (is_method) { 2131 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2132 if (m != nullptr && m->is_protected()) { 2133 if (!this_class->is_same_class_package(m->method_holder())) { 2134 return true; 2135 } 2136 } 2137 } else { 2138 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2139 if (member_klass != nullptr && fd.is_protected()) { 2140 if (!this_class->is_same_class_package(member_klass)) { 2141 return true; 2142 } 2143 } 2144 } 2145 return false; 2146 } 2147 2148 void ClassVerifier::verify_ldc( 2149 int opcode, u2 index, StackMapFrame* current_frame, 2150 const constantPoolHandle& cp, int bci, TRAPS) { 2151 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2152 constantTag tag = cp->tag_at(index); 2153 unsigned int types = 0; 2154 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2155 if (!tag.is_unresolved_klass()) { 2156 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2157 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2158 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2159 | (1 << JVM_CONSTANT_Dynamic); 2160 // Note: The class file parser already verified the legality of 2161 // MethodHandle and MethodType constants. 2162 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2163 } 2164 } else { 2165 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2166 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2167 | (1 << JVM_CONSTANT_Dynamic); 2168 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2169 } 2170 if (tag.is_string()) { 2171 current_frame->push_stack( 2172 VerificationType::reference_type( 2173 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2174 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2175 current_frame->push_stack( 2176 VerificationType::reference_type( 2177 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2178 } else if (tag.is_int()) { 2179 current_frame->push_stack( 2180 VerificationType::integer_type(), CHECK_VERIFY(this)); 2181 } else if (tag.is_float()) { 2182 current_frame->push_stack( 2183 VerificationType::float_type(), CHECK_VERIFY(this)); 2184 } else if (tag.is_double()) { 2185 current_frame->push_stack_2( 2186 VerificationType::double_type(), 2187 VerificationType::double2_type(), CHECK_VERIFY(this)); 2188 } else if (tag.is_long()) { 2189 current_frame->push_stack_2( 2190 VerificationType::long_type(), 2191 VerificationType::long2_type(), CHECK_VERIFY(this)); 2192 } else if (tag.is_method_handle()) { 2193 current_frame->push_stack( 2194 VerificationType::reference_type( 2195 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2196 } else if (tag.is_method_type()) { 2197 current_frame->push_stack( 2198 VerificationType::reference_type( 2199 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2200 } else if (tag.is_dynamic_constant()) { 2201 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2202 // Field signature was checked in ClassFileParser. 2203 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2204 "Invalid type for dynamic constant"); 2205 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2206 "buffer type must match VerificationType size"); 2207 uintptr_t constant_type_buffer[2]; 2208 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2209 SignatureStream sig_stream(constant_type, false); 2210 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2211 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2212 if (n != opcode_n) { 2213 // wrong kind of ldc; reverify against updated type mask 2214 types &= ~(1 << JVM_CONSTANT_Dynamic); 2215 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2216 } 2217 for (int i = 0; i < n; i++) { 2218 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2219 } 2220 } else { 2221 /* Unreachable? verify_cp_type has already validated the cp type. */ 2222 verify_error( 2223 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2224 return; 2225 } 2226 } 2227 2228 void ClassVerifier::verify_switch( 2229 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2230 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2231 int bci = bcs->bci(); 2232 address bcp = bcs->bcp(); 2233 address aligned_bcp = align_up(bcp + 1, jintSize); 2234 2235 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2236 // 4639449 & 4647081: padding bytes must be 0 2237 u2 padding_offset = 1; 2238 while ((bcp + padding_offset) < aligned_bcp) { 2239 if(*(bcp + padding_offset) != 0) { 2240 verify_error(ErrorContext::bad_code(bci), 2241 "Nonzero padding byte in lookupswitch or tableswitch"); 2242 return; 2243 } 2244 padding_offset++; 2245 } 2246 } 2247 2248 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2249 int keys, delta; 2250 current_frame->pop_stack( 2251 VerificationType::integer_type(), CHECK_VERIFY(this)); 2252 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2253 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2254 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2255 if (low > high) { 2256 verify_error(ErrorContext::bad_code(bci), 2257 "low must be less than or equal to high in tableswitch"); 2258 return; 2259 } 2260 int64_t keys64 = ((int64_t)high - low) + 1; 2261 if (keys64 > 65535) { // Max code length 2262 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2263 return; 2264 } 2265 keys = (int)keys64; 2266 delta = 1; 2267 } else { 2268 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2269 if (keys < 0) { 2270 verify_error(ErrorContext::bad_code(bci), 2271 "number of keys in lookupswitch less than 0"); 2272 return; 2273 } 2274 delta = 2; 2275 // Make sure that the lookupswitch items are sorted 2276 for (int i = 0; i < (keys - 1); i++) { 2277 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2278 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2279 if (this_key >= next_key) { 2280 verify_error(ErrorContext::bad_code(bci), 2281 "Bad lookupswitch instruction"); 2282 return; 2283 } 2284 } 2285 } 2286 int target = bci + default_offset; 2287 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2288 for (int i = 0; i < keys; i++) { 2289 // Because check_jump_target() may safepoint, the bytecode could have 2290 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2291 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2292 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2293 stackmap_table->check_jump_target( 2294 current_frame, target, CHECK_VERIFY(this)); 2295 } 2296 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point 2297 } 2298 2299 bool ClassVerifier::name_in_supers( 2300 Symbol* ref_name, InstanceKlass* current) { 2301 Klass* super = current->super(); 2302 while (super != nullptr) { 2303 if (super->name() == ref_name) { 2304 return true; 2305 } 2306 super = super->super(); 2307 } 2308 return false; 2309 } 2310 2311 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2312 StackMapFrame* current_frame, 2313 const constantPoolHandle& cp, 2314 bool allow_arrays, 2315 TRAPS) { 2316 u2 index = bcs->get_index_u2(); 2317 verify_cp_type(bcs->bci(), index, cp, 2318 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2319 2320 // Get field name and signature 2321 Symbol* field_name = cp->uncached_name_ref_at(index); 2322 Symbol* field_sig = cp->uncached_signature_ref_at(index); 2323 bool is_getfield = false; 2324 2325 // Field signature was checked in ClassFileParser. 2326 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2327 "Invalid field signature"); 2328 2329 // Get referenced class type 2330 VerificationType ref_class_type = cp_ref_index_to_type( 2331 index, cp, CHECK_VERIFY(this)); 2332 if (!ref_class_type.is_object() && 2333 (!allow_arrays || !ref_class_type.is_array())) { 2334 verify_error(ErrorContext::bad_type(bcs->bci(), 2335 TypeOrigin::cp(index, ref_class_type)), 2336 "Expecting reference to class in class %s at constant pool index %d", 2337 _klass->external_name(), index); 2338 return; 2339 } 2340 VerificationType target_class_type = ref_class_type; 2341 2342 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2343 "buffer type must match VerificationType size"); 2344 uintptr_t field_type_buffer[2]; 2345 VerificationType* field_type = (VerificationType*)field_type_buffer; 2346 // If we make a VerificationType[2] array directly, the compiler calls 2347 // to the c-runtime library to do the allocation instead of just 2348 // stack allocating it. Plus it would run constructors. This shows up 2349 // in performance profiles. 2350 2351 SignatureStream sig_stream(field_sig, false); 2352 VerificationType stack_object_type; 2353 int n = change_sig_to_verificationType(&sig_stream, field_type); 2354 int bci = bcs->bci(); 2355 bool is_assignable; 2356 switch (bcs->raw_code()) { 2357 case Bytecodes::_getstatic: { 2358 for (int i = 0; i < n; i++) { 2359 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2360 } 2361 break; 2362 } 2363 case Bytecodes::_putstatic: { 2364 for (int i = n - 1; i >= 0; i--) { 2365 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2366 } 2367 break; 2368 } 2369 case Bytecodes::_getfield: { 2370 is_getfield = true; 2371 stack_object_type = current_frame->pop_stack( 2372 target_class_type, CHECK_VERIFY(this)); 2373 goto check_protected; 2374 } 2375 case Bytecodes::_putfield: { 2376 for (int i = n - 1; i >= 0; i--) { 2377 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2378 } 2379 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2380 2381 // The JVMS 2nd edition allows field initialization before the superclass 2382 // initializer, if the field is defined within the current class. 2383 fieldDescriptor fd; 2384 if (stack_object_type == VerificationType::uninitialized_this_type() && 2385 target_class_type.equals(current_type()) && 2386 _klass->find_local_field(field_name, field_sig, &fd)) { 2387 stack_object_type = current_type(); 2388 } 2389 is_assignable = target_class_type.is_assignable_from( 2390 stack_object_type, this, false, CHECK_VERIFY(this)); 2391 if (!is_assignable) { 2392 verify_error(ErrorContext::bad_type(bci, 2393 current_frame->stack_top_ctx(), 2394 TypeOrigin::cp(index, target_class_type)), 2395 "Bad type on operand stack in putfield"); 2396 return; 2397 } 2398 } 2399 check_protected: { 2400 if (_this_type == stack_object_type) 2401 break; // stack_object_type must be assignable to _current_class_type 2402 if (was_recursively_verified()) { 2403 if (is_getfield) { 2404 // Push field type for getfield. 2405 for (int i = 0; i < n; i++) { 2406 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2407 } 2408 } 2409 return; 2410 } 2411 Symbol* ref_class_name = 2412 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2413 if (!name_in_supers(ref_class_name, current_class())) 2414 // stack_object_type must be assignable to _current_class_type since: 2415 // 1. stack_object_type must be assignable to ref_class. 2416 // 2. ref_class must be _current_class or a subclass of it. It can't 2417 // be a superclass of it. See revised JVMS 5.4.4. 2418 break; 2419 2420 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2421 if (is_protected_access(current_class(), ref_class_oop, field_name, 2422 field_sig, false)) { 2423 // It's protected access, check if stack object is assignable to 2424 // current class. 2425 is_assignable = current_type().is_assignable_from( 2426 stack_object_type, this, true, CHECK_VERIFY(this)); 2427 if (!is_assignable) { 2428 verify_error(ErrorContext::bad_type(bci, 2429 current_frame->stack_top_ctx(), 2430 TypeOrigin::implicit(current_type())), 2431 "Bad access to protected data in %s", 2432 is_getfield ? "getfield" : "putfield"); 2433 return; 2434 } 2435 } 2436 break; 2437 } 2438 default: ShouldNotReachHere(); 2439 } 2440 if (is_getfield) { 2441 // Push field type for getfield after doing protection check. 2442 for (int i = 0; i < n; i++) { 2443 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2444 } 2445 } 2446 } 2447 2448 // Look at the method's handlers. If the bci is in the handler's try block 2449 // then check if the handler_pc is already on the stack. If not, push it 2450 // unless the handler has already been scanned. 2451 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2452 GrowableArray<u4>* handler_list, 2453 GrowableArray<u4>* handler_stack, 2454 u4 bci) { 2455 int exlength = exhandlers->length(); 2456 for(int x = 0; x < exlength; x++) { 2457 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2458 u4 exhandler_pc = exhandlers->handler_pc(x); 2459 if (!handler_list->contains(exhandler_pc)) { 2460 handler_stack->append_if_missing(exhandler_pc); 2461 handler_list->append(exhandler_pc); 2462 } 2463 } 2464 } 2465 } 2466 2467 // Return TRUE if all code paths starting with start_bc_offset end in 2468 // bytecode athrow or loop. 2469 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2470 ResourceMark rm; 2471 // Create bytecode stream. 2472 RawBytecodeStream bcs(method()); 2473 int code_length = method()->code_size(); 2474 bcs.set_start(start_bc_offset); 2475 2476 // Create stack for storing bytecode start offsets for if* and *switch. 2477 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2478 // Create stack for handlers for try blocks containing this handler. 2479 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2480 // Create list of handlers that have been pushed onto the handler_stack 2481 // so that handlers embedded inside of their own TRY blocks only get 2482 // scanned once. 2483 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2484 // Create list of visited branch opcodes (goto* and if*). 2485 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2486 ExceptionTable exhandlers(_method()); 2487 2488 while (true) { 2489 if (bcs.is_last_bytecode()) { 2490 // if no more starting offsets to parse or if at the end of the 2491 // method then return false. 2492 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length)) 2493 return false; 2494 // Pop a bytecode starting offset and scan from there. 2495 bcs.set_start(bci_stack->pop()); 2496 } 2497 Bytecodes::Code opcode = bcs.raw_next(); 2498 int bci = bcs.bci(); 2499 2500 // If the bytecode is in a TRY block, push its handlers so they 2501 // will get parsed. 2502 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2503 2504 switch (opcode) { 2505 case Bytecodes::_if_icmpeq: 2506 case Bytecodes::_if_icmpne: 2507 case Bytecodes::_if_icmplt: 2508 case Bytecodes::_if_icmpge: 2509 case Bytecodes::_if_icmpgt: 2510 case Bytecodes::_if_icmple: 2511 case Bytecodes::_ifeq: 2512 case Bytecodes::_ifne: 2513 case Bytecodes::_iflt: 2514 case Bytecodes::_ifge: 2515 case Bytecodes::_ifgt: 2516 case Bytecodes::_ifle: 2517 case Bytecodes::_if_acmpeq: 2518 case Bytecodes::_if_acmpne: 2519 case Bytecodes::_ifnull: 2520 case Bytecodes::_ifnonnull: { 2521 int target = bcs.dest(); 2522 if (visited_branches->contains(bci)) { 2523 if (bci_stack->is_empty()) { 2524 if (handler_stack->is_empty()) { 2525 return true; 2526 } else { 2527 // Parse the catch handlers for try blocks containing athrow. 2528 bcs.set_start(handler_stack->pop()); 2529 } 2530 } else { 2531 // Pop a bytecode starting offset and scan from there. 2532 bcs.set_start(bci_stack->pop()); 2533 } 2534 } else { 2535 if (target > bci) { // forward branch 2536 if (target >= code_length) return false; 2537 // Push the branch target onto the stack. 2538 bci_stack->push(target); 2539 // then, scan bytecodes starting with next. 2540 bcs.set_start(bcs.next_bci()); 2541 } else { // backward branch 2542 // Push bytecode offset following backward branch onto the stack. 2543 bci_stack->push(bcs.next_bci()); 2544 // Check bytecodes starting with branch target. 2545 bcs.set_start(target); 2546 } 2547 // Record target so we don't branch here again. 2548 visited_branches->append(bci); 2549 } 2550 break; 2551 } 2552 2553 case Bytecodes::_goto: 2554 case Bytecodes::_goto_w: { 2555 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2556 if (visited_branches->contains(bci)) { 2557 if (bci_stack->is_empty()) { 2558 if (handler_stack->is_empty()) { 2559 return true; 2560 } else { 2561 // Parse the catch handlers for try blocks containing athrow. 2562 bcs.set_start(handler_stack->pop()); 2563 } 2564 } else { 2565 // Been here before, pop new starting offset from stack. 2566 bcs.set_start(bci_stack->pop()); 2567 } 2568 } else { 2569 if (target >= code_length) return false; 2570 // Continue scanning from the target onward. 2571 bcs.set_start(target); 2572 // Record target so we don't branch here again. 2573 visited_branches->append(bci); 2574 } 2575 break; 2576 } 2577 2578 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2579 // is difficult to determine where each switch alternative ends, parse 2580 // each switch alternative until either hit a 'return', 'athrow', or reach 2581 // the end of the method's bytecodes. This is gross but should be okay 2582 // because: 2583 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2584 // constructor invocations should be rare. 2585 // 2. if each switch alternative ends in an athrow then the parsing should be 2586 // short. If there is no athrow then it is bogus code, anyway. 2587 case Bytecodes::_lookupswitch: 2588 case Bytecodes::_tableswitch: 2589 { 2590 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2591 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2592 int keys, delta; 2593 if (opcode == Bytecodes::_tableswitch) { 2594 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2595 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2596 // This is invalid, but let the regular bytecode verifier 2597 // report this because the user will get a better error message. 2598 if (low > high) return true; 2599 keys = high - low + 1; 2600 delta = 1; 2601 } else { 2602 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2603 delta = 2; 2604 } 2605 // Invalid, let the regular bytecode verifier deal with it. 2606 if (keys < 0) return true; 2607 2608 // Push the offset of the next bytecode onto the stack. 2609 bci_stack->push(bcs.next_bci()); 2610 2611 // Push the switch alternatives onto the stack. 2612 for (int i = 0; i < keys; i++) { 2613 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2614 if (target > code_length) return false; 2615 bci_stack->push(target); 2616 } 2617 2618 // Start bytecode parsing for the switch at the default alternative. 2619 if (default_offset > code_length) return false; 2620 bcs.set_start(default_offset); 2621 break; 2622 } 2623 2624 case Bytecodes::_return: 2625 return false; 2626 2627 case Bytecodes::_athrow: 2628 { 2629 if (bci_stack->is_empty()) { 2630 if (handler_stack->is_empty()) { 2631 return true; 2632 } else { 2633 // Parse the catch handlers for try blocks containing athrow. 2634 bcs.set_start(handler_stack->pop()); 2635 } 2636 } else { 2637 // Pop a bytecode offset and starting scanning from there. 2638 bcs.set_start(bci_stack->pop()); 2639 } 2640 } 2641 break; 2642 2643 default: 2644 ; 2645 } // end switch 2646 } // end while loop 2647 2648 return false; 2649 } 2650 2651 void ClassVerifier::verify_invoke_init( 2652 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2653 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2654 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2655 TRAPS) { 2656 int bci = bcs->bci(); 2657 VerificationType type = current_frame->pop_stack( 2658 VerificationType::reference_check(), CHECK_VERIFY(this)); 2659 if (type == VerificationType::uninitialized_this_type()) { 2660 // The method must be an <init> method of this class or its superclass 2661 Klass* superk = current_class()->super(); 2662 if (ref_class_type.name() != current_class()->name() && 2663 ref_class_type.name() != superk->name()) { 2664 verify_error(ErrorContext::bad_type(bci, 2665 TypeOrigin::implicit(ref_class_type), 2666 TypeOrigin::implicit(current_type())), 2667 "Bad <init> method call"); 2668 return; 2669 } 2670 2671 // If this invokespecial call is done from inside of a TRY block then make 2672 // sure that all catch clause paths end in a throw. Otherwise, this can 2673 // result in returning an incomplete object. 2674 if (in_try_block) { 2675 ExceptionTable exhandlers(_method()); 2676 int exlength = exhandlers.length(); 2677 for(int i = 0; i < exlength; i++) { 2678 u2 start_pc = exhandlers.start_pc(i); 2679 u2 end_pc = exhandlers.end_pc(i); 2680 2681 if (bci >= start_pc && bci < end_pc) { 2682 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2683 verify_error(ErrorContext::bad_code(bci), 2684 "Bad <init> method call from after the start of a try block"); 2685 return; 2686 } else if (log_is_enabled(Debug, verification)) { 2687 ResourceMark rm(THREAD); 2688 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2689 current_class()->name()->as_C_string()); 2690 } 2691 } 2692 } 2693 2694 // Check the exception handler target stackmaps with the locals from the 2695 // incoming stackmap (before initialize_object() changes them to outgoing 2696 // state). 2697 if (was_recursively_verified()) return; 2698 verify_exception_handler_targets(bci, true, current_frame, 2699 stackmap_table, CHECK_VERIFY(this)); 2700 } // in_try_block 2701 2702 current_frame->initialize_object(type, current_type()); 2703 *this_uninit = true; 2704 } else if (type.is_uninitialized()) { 2705 u2 new_offset = type.bci(); 2706 address new_bcp = bcs->bcp() - bci + new_offset; 2707 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2708 /* Unreachable? Stack map parsing ensures valid type and new 2709 * instructions have a valid BCI. */ 2710 verify_error(ErrorContext::bad_code(new_offset), 2711 "Expecting new instruction"); 2712 return; 2713 } 2714 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2715 if (was_recursively_verified()) return; 2716 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2717 2718 // The method must be an <init> method of the indicated class 2719 VerificationType new_class_type = cp_index_to_type( 2720 new_class_index, cp, CHECK_VERIFY(this)); 2721 if (!new_class_type.equals(ref_class_type)) { 2722 verify_error(ErrorContext::bad_type(bci, 2723 TypeOrigin::cp(new_class_index, new_class_type), 2724 TypeOrigin::cp(ref_class_index, ref_class_type)), 2725 "Call to wrong <init> method"); 2726 return; 2727 } 2728 // According to the VM spec, if the referent class is a superclass of the 2729 // current class, and is in a different runtime package, and the method is 2730 // protected, then the objectref must be the current class or a subclass 2731 // of the current class. 2732 VerificationType objectref_type = new_class_type; 2733 if (name_in_supers(ref_class_type.name(), current_class())) { 2734 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2735 if (was_recursively_verified()) return; 2736 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2737 vmSymbols::object_initializer_name(), 2738 cp->uncached_signature_ref_at(bcs->get_index_u2()), 2739 Klass::OverpassLookupMode::find); 2740 // Do nothing if method is not found. Let resolution detect the error. 2741 if (m != nullptr) { 2742 InstanceKlass* mh = m->method_holder(); 2743 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2744 bool assignable = current_type().is_assignable_from( 2745 objectref_type, this, true, CHECK_VERIFY(this)); 2746 if (!assignable) { 2747 verify_error(ErrorContext::bad_type(bci, 2748 TypeOrigin::cp(new_class_index, objectref_type), 2749 TypeOrigin::implicit(current_type())), 2750 "Bad access to protected <init> method"); 2751 return; 2752 } 2753 } 2754 } 2755 } 2756 // Check the exception handler target stackmaps with the locals from the 2757 // incoming stackmap (before initialize_object() changes them to outgoing 2758 // state). 2759 if (in_try_block) { 2760 if (was_recursively_verified()) return; 2761 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2762 stackmap_table, CHECK_VERIFY(this)); 2763 } 2764 current_frame->initialize_object(type, new_class_type); 2765 } else { 2766 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2767 "Bad operand type when invoking <init>"); 2768 return; 2769 } 2770 } 2771 2772 bool ClassVerifier::is_same_or_direct_interface( 2773 InstanceKlass* klass, 2774 VerificationType klass_type, 2775 VerificationType ref_class_type) { 2776 if (ref_class_type.equals(klass_type)) return true; 2777 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2778 if (local_interfaces != nullptr) { 2779 for (int x = 0; x < local_interfaces->length(); x++) { 2780 InstanceKlass* k = local_interfaces->at(x); 2781 assert (k != nullptr && k->is_interface(), "invalid interface"); 2782 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2783 return true; 2784 } 2785 } 2786 } 2787 return false; 2788 } 2789 2790 void ClassVerifier::verify_invoke_instructions( 2791 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2792 bool in_try_block, bool *this_uninit, VerificationType return_type, 2793 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2794 // Make sure the constant pool item is the right type 2795 u2 index = bcs->get_index_u2(); 2796 Bytecodes::Code opcode = bcs->raw_code(); 2797 unsigned int types = 0; 2798 switch (opcode) { 2799 case Bytecodes::_invokeinterface: 2800 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2801 break; 2802 case Bytecodes::_invokedynamic: 2803 types = 1 << JVM_CONSTANT_InvokeDynamic; 2804 break; 2805 case Bytecodes::_invokespecial: 2806 case Bytecodes::_invokestatic: 2807 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2808 (1 << JVM_CONSTANT_Methodref) : 2809 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2810 break; 2811 default: 2812 types = 1 << JVM_CONSTANT_Methodref; 2813 } 2814 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2815 2816 // Get method name and signature 2817 Symbol* method_name = cp->uncached_name_ref_at(index); 2818 Symbol* method_sig = cp->uncached_signature_ref_at(index); 2819 2820 // Method signature was checked in ClassFileParser. 2821 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2822 "Invalid method signature"); 2823 2824 // Get referenced class type 2825 VerificationType ref_class_type; 2826 if (opcode == Bytecodes::_invokedynamic) { 2827 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2828 class_format_error( 2829 "invokedynamic instructions not supported by this class file version (%d), class %s", 2830 _klass->major_version(), _klass->external_name()); 2831 return; 2832 } 2833 } else { 2834 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2835 } 2836 2837 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2838 "buffer type must match VerificationType size"); 2839 2840 // Get the UTF8 index for this signature. 2841 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index)); 2842 2843 // Get the signature's verification types. 2844 sig_as_verification_types* mth_sig_verif_types; 2845 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2846 if (mth_sig_verif_types_ptr != nullptr) { 2847 // Found the entry for the signature's verification types in the hash table. 2848 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2849 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value"); 2850 } else { 2851 // Not found, add the entry to the table. 2852 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2853 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2854 create_method_sig_entry(mth_sig_verif_types, sig_index); 2855 } 2856 2857 // Get the number of arguments for this signature. 2858 int nargs = mth_sig_verif_types->num_args(); 2859 2860 // Check instruction operands 2861 int bci = bcs->bci(); 2862 if (opcode == Bytecodes::_invokeinterface) { 2863 address bcp = bcs->bcp(); 2864 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2865 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2866 // the difference between the size of the operand stack before and after the instruction 2867 // executes. 2868 if (*(bcp+3) != (nargs+1)) { 2869 verify_error(ErrorContext::bad_code(bci), 2870 "Inconsistent args count operand in invokeinterface"); 2871 return; 2872 } 2873 if (*(bcp+4) != 0) { 2874 verify_error(ErrorContext::bad_code(bci), 2875 "Fourth operand byte of invokeinterface must be zero"); 2876 return; 2877 } 2878 } 2879 2880 if (opcode == Bytecodes::_invokedynamic) { 2881 address bcp = bcs->bcp(); 2882 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2883 verify_error(ErrorContext::bad_code(bci), 2884 "Third and fourth operand bytes of invokedynamic must be zero"); 2885 return; 2886 } 2887 } 2888 2889 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2890 // Make sure <init> can only be invoked by invokespecial 2891 if (opcode != Bytecodes::_invokespecial || 2892 method_name != vmSymbols::object_initializer_name()) { 2893 verify_error(ErrorContext::bad_code(bci), 2894 "Illegal call to internal method"); 2895 return; 2896 } 2897 } else if (opcode == Bytecodes::_invokespecial 2898 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2899 && !ref_class_type.equals(VerificationType::reference_type( 2900 current_class()->super()->name()))) { 2901 bool subtype = false; 2902 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2903 subtype = ref_class_type.is_assignable_from( 2904 current_type(), this, false, CHECK_VERIFY(this)); 2905 if (!subtype) { 2906 verify_error(ErrorContext::bad_code(bci), 2907 "Bad invokespecial instruction: " 2908 "current class isn't assignable to reference class."); 2909 return; 2910 } else if (have_imr_indirect) { 2911 verify_error(ErrorContext::bad_code(bci), 2912 "Bad invokespecial instruction: " 2913 "interface method reference is in an indirect superinterface."); 2914 return; 2915 } 2916 2917 } 2918 2919 // Get the verification types for the method's arguments. 2920 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2921 assert(sig_verif_types != nullptr, "Missing signature's array of verification types"); 2922 // Match method descriptor with operand stack 2923 // The arguments are on the stack in descending order. 2924 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2925 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2926 } 2927 2928 // Check objectref on operand stack 2929 if (opcode != Bytecodes::_invokestatic && 2930 opcode != Bytecodes::_invokedynamic) { 2931 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2932 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2933 code_length, in_try_block, this_uninit, cp, stackmap_table, 2934 CHECK_VERIFY(this)); 2935 if (was_recursively_verified()) return; 2936 } else { // other methods 2937 // Ensures that target class is assignable to method class. 2938 if (opcode == Bytecodes::_invokespecial) { 2939 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2940 } else if (opcode == Bytecodes::_invokevirtual) { 2941 VerificationType stack_object_type = 2942 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2943 if (current_type() != stack_object_type) { 2944 if (was_recursively_verified()) return; 2945 assert(cp->cache() == nullptr, "not rewritten yet"); 2946 Symbol* ref_class_name = 2947 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2948 // See the comments in verify_field_instructions() for 2949 // the rationale behind this. 2950 if (name_in_supers(ref_class_name, current_class())) { 2951 Klass* ref_class = load_class(ref_class_name, CHECK); 2952 if (is_protected_access( 2953 _klass, ref_class, method_name, method_sig, true)) { 2954 // It's protected access, check if stack object is 2955 // assignable to current class. 2956 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2957 && stack_object_type.is_array() 2958 && method_name == vmSymbols::clone_name()) { 2959 // Special case: arrays pretend to implement public Object 2960 // clone(). 2961 } else { 2962 bool is_assignable = current_type().is_assignable_from( 2963 stack_object_type, this, true, CHECK_VERIFY(this)); 2964 if (!is_assignable) { 2965 verify_error(ErrorContext::bad_type(bci, 2966 current_frame->stack_top_ctx(), 2967 TypeOrigin::implicit(current_type())), 2968 "Bad access to protected data in invokevirtual"); 2969 return; 2970 } 2971 } 2972 } 2973 } 2974 } 2975 } else { 2976 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2977 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2978 } 2979 } 2980 } 2981 // Push the result type. 2982 int sig_verif_types_len = sig_verif_types->length(); 2983 if (sig_verif_types_len > nargs) { // There's a return type 2984 if (method_name == vmSymbols::object_initializer_name()) { 2985 // <init> method must have a void return type 2986 /* Unreachable? Class file parser verifies that methods with '<' have 2987 * void return */ 2988 verify_error(ErrorContext::bad_code(bci), 2989 "Return type must be void in <init> method"); 2990 return; 2991 } 2992 2993 assert(sig_verif_types_len <= nargs + 2, 2994 "Signature verification types array return type is bogus"); 2995 for (int i = nargs; i < sig_verif_types_len; i++) { 2996 assert(i == nargs || sig_verif_types->at(i).is_long2() || 2997 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 2998 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2999 } 3000 } 3001 } 3002 3003 VerificationType ClassVerifier::get_newarray_type( 3004 u2 index, int bci, TRAPS) { 3005 const char* from_bt[] = { 3006 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3007 }; 3008 if (index < T_BOOLEAN || index > T_LONG) { 3009 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3010 return VerificationType::bogus_type(); 3011 } 3012 3013 // from_bt[index] contains the array signature which has a length of 2 3014 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3015 return VerificationType::reference_type(sig); 3016 } 3017 3018 void ClassVerifier::verify_anewarray( 3019 int bci, u2 index, const constantPoolHandle& cp, 3020 StackMapFrame* current_frame, TRAPS) { 3021 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3022 current_frame->pop_stack( 3023 VerificationType::integer_type(), CHECK_VERIFY(this)); 3024 3025 if (was_recursively_verified()) return; 3026 VerificationType component_type = 3027 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3028 int length; 3029 char* arr_sig_str; 3030 if (component_type.is_array()) { // it's an array 3031 const char* component_name = component_type.name()->as_utf8(); 3032 // Check for more than MAX_ARRAY_DIMENSIONS 3033 length = (int)strlen(component_name); 3034 if (length > MAX_ARRAY_DIMENSIONS && 3035 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3036 verify_error(ErrorContext::bad_code(bci), 3037 "Illegal anewarray instruction, array has more than 255 dimensions"); 3038 } 3039 // add one dimension to component 3040 length++; 3041 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3042 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3043 JVM_SIGNATURE_ARRAY, component_name); 3044 assert(n == length, "Unexpected number of characters in string"); 3045 } else { // it's an object or interface 3046 const char* component_name = component_type.name()->as_utf8(); 3047 // add one dimension to component with 'L' prepended and ';' postpended. 3048 length = (int)strlen(component_name) + 3; 3049 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3050 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3051 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3052 assert(n == length, "Unexpected number of characters in string"); 3053 } 3054 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3055 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3056 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3057 } 3058 3059 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) { 3060 current_frame->get_local( 3061 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3062 current_frame->push_stack( 3063 VerificationType::integer_type(), CHECK_VERIFY(this)); 3064 } 3065 3066 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) { 3067 current_frame->get_local_2( 3068 index, VerificationType::long_type(), 3069 VerificationType::long2_type(), CHECK_VERIFY(this)); 3070 current_frame->push_stack_2( 3071 VerificationType::long_type(), 3072 VerificationType::long2_type(), CHECK_VERIFY(this)); 3073 } 3074 3075 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) { 3076 current_frame->get_local( 3077 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3078 current_frame->push_stack( 3079 VerificationType::float_type(), CHECK_VERIFY(this)); 3080 } 3081 3082 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) { 3083 current_frame->get_local_2( 3084 index, VerificationType::double_type(), 3085 VerificationType::double2_type(), CHECK_VERIFY(this)); 3086 current_frame->push_stack_2( 3087 VerificationType::double_type(), 3088 VerificationType::double2_type(), CHECK_VERIFY(this)); 3089 } 3090 3091 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) { 3092 VerificationType type = current_frame->get_local( 3093 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3094 current_frame->push_stack(type, CHECK_VERIFY(this)); 3095 } 3096 3097 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) { 3098 current_frame->pop_stack( 3099 VerificationType::integer_type(), CHECK_VERIFY(this)); 3100 current_frame->set_local( 3101 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3102 } 3103 3104 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) { 3105 current_frame->pop_stack_2( 3106 VerificationType::long2_type(), 3107 VerificationType::long_type(), CHECK_VERIFY(this)); 3108 current_frame->set_local_2( 3109 index, VerificationType::long_type(), 3110 VerificationType::long2_type(), CHECK_VERIFY(this)); 3111 } 3112 3113 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) { 3114 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3115 current_frame->set_local( 3116 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3117 } 3118 3119 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) { 3120 current_frame->pop_stack_2( 3121 VerificationType::double2_type(), 3122 VerificationType::double_type(), CHECK_VERIFY(this)); 3123 current_frame->set_local_2( 3124 index, VerificationType::double_type(), 3125 VerificationType::double2_type(), CHECK_VERIFY(this)); 3126 } 3127 3128 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) { 3129 VerificationType type = current_frame->pop_stack( 3130 VerificationType::reference_check(), CHECK_VERIFY(this)); 3131 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3132 } 3133 3134 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) { 3135 VerificationType type = current_frame->get_local( 3136 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3137 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3138 } 3139 3140 void ClassVerifier::verify_return_value( 3141 VerificationType return_type, VerificationType type, int bci, 3142 StackMapFrame* current_frame, TRAPS) { 3143 if (return_type == VerificationType::bogus_type()) { 3144 verify_error(ErrorContext::bad_type(bci, 3145 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3146 "Method does not expect a return value"); 3147 return; 3148 } 3149 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3150 if (!match) { 3151 verify_error(ErrorContext::bad_type(bci, 3152 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3153 "Bad return type"); 3154 return; 3155 } 3156 } 3157 3158 // The verifier creates symbols which are substrings of Symbols. 3159 // These are stored in the verifier until the end of verification so that 3160 // they can be reference counted. 3161 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3162 // Quick deduplication check 3163 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) { 3164 return _previous_symbol; 3165 } 3166 Symbol* sym = SymbolTable::new_symbol(name, length); 3167 if (!sym->is_permanent()) { 3168 if (_symbols == nullptr) { 3169 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr); 3170 } 3171 _symbols->push(sym); 3172 } 3173 _previous_symbol = sym; 3174 return sym; 3175 }