1 /* 2 * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/classLoader.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/symbolTable.hpp" 33 #include "classfile/systemDictionary.hpp" 34 #include "classfile/verifier.hpp" 35 #include "classfile/vmClasses.hpp" 36 #include "classfile/vmSymbols.hpp" 37 #include "interpreter/bytecodes.hpp" 38 #include "interpreter/bytecodeStream.hpp" 39 #include "jvm.h" 40 #include "logging/log.hpp" 41 #include "logging/logStream.hpp" 42 #include "memory/oopFactory.hpp" 43 #include "memory/resourceArea.hpp" 44 #include "memory/universe.hpp" 45 #include "oops/constantPool.inline.hpp" 46 #include "oops/instanceKlass.inline.hpp" 47 #include "oops/klass.inline.hpp" 48 #include "oops/oop.inline.hpp" 49 #include "oops/typeArrayOop.hpp" 50 #include "runtime/arguments.hpp" 51 #include "runtime/fieldDescriptor.hpp" 52 #include "runtime/handles.inline.hpp" 53 #include "runtime/interfaceSupport.inline.hpp" 54 #include "runtime/javaCalls.hpp" 55 #include "runtime/javaThread.hpp" 56 #include "runtime/jniHandles.inline.hpp" 57 #include "runtime/os.hpp" 58 #include "runtime/safepointVerifiers.hpp" 59 #include "services/threadService.hpp" 60 #include "utilities/align.hpp" 61 #include "utilities/bytes.hpp" 62 63 #define NOFAILOVER_MAJOR_VERSION 51 64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 66 #define MAX_ARRAY_DIMENSIONS 255 67 68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 69 70 extern "C" { 71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 72 } 73 74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL; 75 76 static verify_byte_codes_fn_t verify_byte_codes_fn() { 77 78 if (_verify_byte_codes_fn != NULL) 79 return _verify_byte_codes_fn; 80 81 MutexLocker locker(Verify_lock); 82 83 if (_verify_byte_codes_fn != NULL) 84 return _verify_byte_codes_fn; 85 86 // Load verify dll 87 char buffer[JVM_MAXPATHLEN]; 88 char ebuf[1024]; 89 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 90 return NULL; // Caller will throw VerifyError 91 92 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 93 if (lib_handle == NULL) 94 return NULL; // Caller will throw VerifyError 95 96 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 97 if (fn == NULL) 98 return NULL; // Caller will throw VerifyError 99 100 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 101 } 102 103 104 // Methods in Verifier 105 106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 107 return (class_loader == NULL || !should_verify_class) ? 108 BytecodeVerificationLocal : BytecodeVerificationRemote; 109 } 110 111 bool Verifier::relax_access_for(oop loader) { 112 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 113 bool need_verify = 114 // verifyAll 115 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 116 // verifyRemote 117 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 118 return !need_verify; 119 } 120 121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 122 assert(verify_class != NULL, "Unexpected null verify_class"); 123 ResourceMark rm; 124 Symbol* s = verify_class->source_file_name(); 125 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 126 const char* verify = verify_class->external_name(); 127 const char* resolve = resolve_class->external_name(); 128 // print in a single call to reduce interleaving between threads 129 if (source_file != NULL) { 130 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 131 } else { 132 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 133 } 134 } 135 136 // Prints the end-verification message to the appropriate output. 137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 138 if (pending_exception != NULL) { 139 st->print("Verification for %s has", klassName); 140 oop message = java_lang_Throwable::message(pending_exception); 141 if (message != NULL) { 142 char* ex_msg = java_lang_String::as_utf8_string(message); 143 st->print_cr(" exception pending '%s %s'", 144 pending_exception->klass()->external_name(), ex_msg); 145 } else { 146 st->print_cr(" exception pending %s ", 147 pending_exception->klass()->external_name()); 148 } 149 } else if (exception_name != NULL) { 150 st->print_cr("Verification for %s failed", klassName); 151 } 152 st->print_cr("End class verification for: %s", klassName); 153 } 154 155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 156 HandleMark hm(THREAD); 157 ResourceMark rm(THREAD); 158 159 // Eagerly allocate the identity hash code for a klass. This is a fallout 160 // from 6320749 and 8059924: hash code generator is not supposed to be called 161 // during the safepoint, but it allows to sneak the hashcode in during 162 // verification. Without this eager hashcode generation, we may end up 163 // installing the hashcode during some other operation, which may be at 164 // safepoint -- blowing up the checks. It was previously done as the side 165 // effect (sic!) for external_name(), but instead of doing that, we opt to 166 // explicitly push the hashcode in here. This is signify the following block 167 // is IMPORTANT: 168 if (klass->java_mirror() != NULL) { 169 klass->java_mirror()->identity_hash(); 170 } 171 172 if (!is_eligible_for_verification(klass, should_verify_class)) { 173 return true; 174 } 175 176 // Timer includes any side effects of class verification (resolution, 177 // etc), but not recursive calls to Verifier::verify(). 178 JavaThread* jt = THREAD; 179 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 180 ClassLoader::perf_class_verify_selftime(), 181 ClassLoader::perf_classes_verified(), 182 jt->get_thread_stat()->perf_recursion_counts_addr(), 183 jt->get_thread_stat()->perf_timers_addr(), 184 PerfClassTraceTime::CLASS_VERIFY); 185 186 // If the class should be verified, first see if we can use the split 187 // verifier. If not, or if verification fails and can failover, then 188 // call the inference verifier. 189 Symbol* exception_name = NULL; 190 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 191 char* message_buffer = NULL; 192 char* exception_message = NULL; 193 194 log_info(class, init)("Start class verification for: %s", klass->external_name()); 195 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 196 ClassVerifier split_verifier(jt, klass); 197 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 198 split_verifier.verify_class(THREAD); 199 exception_name = split_verifier.result(); 200 201 // If DumpSharedSpaces is set then don't fall back to the old verifier on 202 // verification failure. If a class fails verification with the split verifier, 203 // it might fail the CDS runtime verifier constraint check. In that case, we 204 // don't want to share the class. We only archive classes that pass the split 205 // verifier. 206 bool can_failover = !DumpSharedSpaces && 207 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 208 209 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 210 (exception_name == vmSymbols::java_lang_VerifyError() || 211 exception_name == vmSymbols::java_lang_ClassFormatError())) { 212 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 213 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 214 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 215 exception_message = message_buffer; 216 exception_name = inference_verify( 217 klass, message_buffer, message_buffer_len, THREAD); 218 } 219 if (exception_name != NULL) { 220 exception_message = split_verifier.exception_message(); 221 } 222 } else { 223 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 224 exception_message = message_buffer; 225 exception_name = inference_verify( 226 klass, message_buffer, message_buffer_len, THREAD); 227 } 228 229 LogTarget(Info, class, init) lt1; 230 if (lt1.is_enabled()) { 231 LogStream ls(lt1); 232 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 233 } 234 LogTarget(Info, verification) lt2; 235 if (lt2.is_enabled()) { 236 LogStream ls(lt2); 237 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 238 } 239 240 if (HAS_PENDING_EXCEPTION) { 241 return false; // use the existing exception 242 } else if (exception_name == NULL) { 243 return true; // verification succeeded 244 } else { // VerifyError or ClassFormatError to be created and thrown 245 Klass* kls = 246 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 247 if (log_is_enabled(Debug, class, resolve)) { 248 Verifier::trace_class_resolution(kls, klass); 249 } 250 251 while (kls != NULL) { 252 if (kls == klass) { 253 // If the class being verified is the exception we're creating 254 // or one of it's superclasses, we're in trouble and are going 255 // to infinitely recurse when we try to initialize the exception. 256 // So bail out here by throwing the preallocated VM error. 257 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 258 } 259 kls = kls->super(); 260 } 261 if (message_buffer != NULL) { 262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 263 } 264 assert(exception_message != NULL, ""); 265 THROW_MSG_(exception_name, exception_message, false); 266 } 267 } 268 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 270 Symbol* name = klass->name(); 271 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass(); 272 273 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 274 275 return (should_verify_for(klass->class_loader(), should_verify_class) && 276 // return if the class is a bootstrapping class 277 // or defineClass specified not to verify by default (flags override passed arg) 278 // We need to skip the following four for bootstraping 279 name != vmSymbols::java_lang_Object() && 280 name != vmSymbols::java_lang_Class() && 281 name != vmSymbols::java_lang_String() && 282 name != vmSymbols::java_lang_Throwable() && 283 284 // Can not verify the bytecodes for shared classes because they have 285 // already been rewritten to contain constant pool cache indices, 286 // which the verifier can't understand. 287 // Shared classes shouldn't have stackmaps either. 288 // However, bytecodes for shared old classes can be verified because 289 // they have not been rewritten. 290 !(klass->is_shared() && klass->is_rewritten()) && 291 292 // As of the fix for 4486457 we disable verification for all of the 293 // dynamically-generated bytecodes associated with the 1.4 294 // reflection implementation, not just those associated with 295 // jdk/internal/reflect/SerializationConstructorAccessor. 296 // NOTE: this is called too early in the bootstrapping process to be 297 // guarded by Universe::is_gte_jdk14x_version(). 298 // Also for lambda generated code, gte jdk8 299 (!is_reflect)); 300 } 301 302 Symbol* Verifier::inference_verify( 303 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 304 JavaThread* thread = THREAD; 305 306 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 307 308 if (verify_func == NULL) { 309 jio_snprintf(message, message_len, "Could not link verifier"); 310 return vmSymbols::java_lang_VerifyError(); 311 } 312 313 ResourceMark rm(thread); 314 log_info(verification)("Verifying class %s with old format", klass->external_name()); 315 316 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 317 jint result; 318 319 { 320 HandleMark hm(thread); 321 ThreadToNativeFromVM ttn(thread); 322 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 323 // code knows that we have left the VM 324 JNIEnv *env = thread->jni_environment(); 325 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 326 } 327 328 JNIHandles::destroy_local(cls); 329 330 // These numbers are chosen so that VerifyClassCodes interface doesn't need 331 // to be changed (still return jboolean (unsigned char)), and result is 332 // 1 when verification is passed. 333 if (result == 0) { 334 return vmSymbols::java_lang_VerifyError(); 335 } else if (result == 1) { 336 return NULL; // verified. 337 } else if (result == 2) { 338 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 339 } else if (result == 3) { 340 return vmSymbols::java_lang_ClassFormatError(); 341 } else { 342 ShouldNotReachHere(); 343 return NULL; 344 } 345 } 346 347 TypeOrigin TypeOrigin::null() { 348 return TypeOrigin(); 349 } 350 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 351 assert(frame != NULL, "Must have a frame"); 352 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 353 frame->local_at(index)); 354 } 355 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 356 assert(frame != NULL, "Must have a frame"); 357 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 358 frame->stack_at(index)); 359 } 360 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 361 assert(frame != NULL, "Must have a frame"); 362 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 363 frame->local_at(index)); 364 } 365 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 366 assert(frame != NULL, "Must have a frame"); 367 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 368 frame->stack_at(index)); 369 } 370 TypeOrigin TypeOrigin::bad_index(u2 index) { 371 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 372 } 373 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 374 return TypeOrigin(CONST_POOL, index, NULL, vt); 375 } 376 TypeOrigin TypeOrigin::signature(VerificationType vt) { 377 return TypeOrigin(SIG, 0, NULL, vt); 378 } 379 TypeOrigin TypeOrigin::implicit(VerificationType t) { 380 return TypeOrigin(IMPLICIT, 0, NULL, t); 381 } 382 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 383 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 384 VerificationType::bogus_type()); 385 } 386 387 void TypeOrigin::reset_frame() { 388 if (_frame != NULL) { 389 _frame->restore(); 390 } 391 } 392 393 void TypeOrigin::details(outputStream* ss) const { 394 _type.print_on(ss); 395 switch (_origin) { 396 case CF_LOCALS: 397 ss->print(" (current frame, locals[%d])", _index); 398 break; 399 case CF_STACK: 400 ss->print(" (current frame, stack[%d])", _index); 401 break; 402 case SM_LOCALS: 403 ss->print(" (stack map, locals[%d])", _index); 404 break; 405 case SM_STACK: 406 ss->print(" (stack map, stack[%d])", _index); 407 break; 408 case CONST_POOL: 409 ss->print(" (constant pool %d)", _index); 410 break; 411 case SIG: 412 ss->print(" (from method signature)"); 413 break; 414 case IMPLICIT: 415 case FRAME_ONLY: 416 case NONE: 417 default: 418 ; 419 } 420 } 421 422 #ifdef ASSERT 423 void TypeOrigin::print_on(outputStream* str) const { 424 str->print("{%d,%d,%p:", _origin, _index, _frame); 425 if (_frame != NULL) { 426 _frame->print_on(str); 427 } else { 428 str->print("null"); 429 } 430 str->print(","); 431 _type.print_on(str); 432 str->print("}"); 433 } 434 #endif 435 436 void ErrorContext::details(outputStream* ss, const Method* method) const { 437 if (is_valid()) { 438 ss->cr(); 439 ss->print_cr("Exception Details:"); 440 location_details(ss, method); 441 reason_details(ss); 442 frame_details(ss); 443 bytecode_details(ss, method); 444 handler_details(ss, method); 445 stackmap_details(ss, method); 446 } 447 } 448 449 void ErrorContext::reason_details(outputStream* ss) const { 450 streamIndentor si(ss); 451 ss->indent().print_cr("Reason:"); 452 streamIndentor si2(ss); 453 ss->indent().print("%s", ""); 454 switch (_fault) { 455 case INVALID_BYTECODE: 456 ss->print("Error exists in the bytecode"); 457 break; 458 case WRONG_TYPE: 459 if (_expected.is_valid()) { 460 ss->print("Type "); 461 _type.details(ss); 462 ss->print(" is not assignable to "); 463 _expected.details(ss); 464 } else { 465 ss->print("Invalid type: "); 466 _type.details(ss); 467 } 468 break; 469 case FLAGS_MISMATCH: 470 if (_expected.is_valid()) { 471 ss->print("Current frame's flags are not assignable " 472 "to stack map frame's."); 473 } else { 474 ss->print("Current frame's flags are invalid in this context."); 475 } 476 break; 477 case BAD_CP_INDEX: 478 ss->print("Constant pool index %d is invalid", _type.index()); 479 break; 480 case BAD_LOCAL_INDEX: 481 ss->print("Local index %d is invalid", _type.index()); 482 break; 483 case LOCALS_SIZE_MISMATCH: 484 ss->print("Current frame's local size doesn't match stackmap."); 485 break; 486 case STACK_SIZE_MISMATCH: 487 ss->print("Current frame's stack size doesn't match stackmap."); 488 break; 489 case STACK_OVERFLOW: 490 ss->print("Exceeded max stack size."); 491 break; 492 case STACK_UNDERFLOW: 493 ss->print("Attempt to pop empty stack."); 494 break; 495 case MISSING_STACKMAP: 496 ss->print("Expected stackmap frame at this location."); 497 break; 498 case BAD_STACKMAP: 499 ss->print("Invalid stackmap specification."); 500 break; 501 case UNKNOWN: 502 default: 503 ShouldNotReachHere(); 504 ss->print_cr("Unknown"); 505 } 506 ss->cr(); 507 } 508 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 510 if (_bci != -1 && method != NULL) { 511 streamIndentor si(ss); 512 const char* bytecode_name = "<invalid>"; 513 if (method->validate_bci(_bci) != -1) { 514 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 515 if (Bytecodes::is_defined(code)) { 516 bytecode_name = Bytecodes::name(code); 517 } else { 518 bytecode_name = "<illegal>"; 519 } 520 } 521 InstanceKlass* ik = method->method_holder(); 522 ss->indent().print_cr("Location:"); 523 streamIndentor si2(ss); 524 ss->indent().print_cr("%s.%s%s @%d: %s", 525 ik->name()->as_C_string(), method->name()->as_C_string(), 526 method->signature()->as_C_string(), _bci, bytecode_name); 527 } 528 } 529 530 void ErrorContext::frame_details(outputStream* ss) const { 531 streamIndentor si(ss); 532 if (_type.is_valid() && _type.frame() != NULL) { 533 ss->indent().print_cr("Current Frame:"); 534 streamIndentor si2(ss); 535 _type.frame()->print_on(ss); 536 } 537 if (_expected.is_valid() && _expected.frame() != NULL) { 538 ss->indent().print_cr("Stackmap Frame:"); 539 streamIndentor si2(ss); 540 _expected.frame()->print_on(ss); 541 } 542 } 543 544 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 545 if (method != NULL) { 546 streamIndentor si(ss); 547 ss->indent().print_cr("Bytecode:"); 548 streamIndentor si2(ss); 549 ss->print_data(method->code_base(), method->code_size(), false); 550 } 551 } 552 553 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 554 if (method != NULL) { 555 streamIndentor si(ss); 556 ExceptionTable table(method); 557 if (table.length() > 0) { 558 ss->indent().print_cr("Exception Handler Table:"); 559 streamIndentor si2(ss); 560 for (int i = 0; i < table.length(); ++i) { 561 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 562 table.end_pc(i), table.handler_pc(i)); 563 } 564 } 565 } 566 } 567 568 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 569 if (method != NULL && method->has_stackmap_table()) { 570 streamIndentor si(ss); 571 ss->indent().print_cr("Stackmap Table:"); 572 Array<u1>* data = method->stackmap_data(); 573 stack_map_table* sm_table = 574 stack_map_table::at((address)data->adr_at(0)); 575 stack_map_frame* sm_frame = sm_table->entries(); 576 streamIndentor si2(ss); 577 int current_offset = -1; 578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 580 ss->indent(); 581 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 582 sm_frame->print_truncated(ss, current_offset); 583 return; 584 } 585 sm_frame->print_on(ss, current_offset); 586 ss->cr(); 587 current_offset += sm_frame->offset_delta(); 588 sm_frame = sm_frame->next(); 589 } 590 } 591 } 592 593 // Methods in ClassVerifier 594 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 596 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL), 597 _message(NULL), _klass(klass) { 598 _this_type = VerificationType::reference_type(klass->name()); 599 } 600 601 ClassVerifier::~ClassVerifier() { 602 // Decrement the reference count for any symbols created. 603 if (_symbols != NULL) { 604 for (int i = 0; i < _symbols->length(); i++) { 605 Symbol* s = _symbols->at(i); 606 s->decrement_refcount(); 607 } 608 } 609 } 610 611 VerificationType ClassVerifier::object_type() const { 612 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 613 } 614 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 616 VerificationType vt = VerificationType::reference_type( 617 create_temporary_symbol(sig, (int)strlen(sig))); 618 return TypeOrigin::implicit(vt); 619 } 620 621 622 void ClassVerifier::verify_class(TRAPS) { 623 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 624 625 // Either verifying both local and remote classes or just remote classes. 626 assert(BytecodeVerificationRemote, "Should not be here"); 627 628 Array<Method*>* methods = _klass->methods(); 629 int num_methods = methods->length(); 630 631 for (int index = 0; index < num_methods; index++) { 632 // Check for recursive re-verification before each method. 633 if (was_recursively_verified()) return; 634 635 Method* m = methods->at(index); 636 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 637 // If m is native or abstract, skip it. It is checked in class file 638 // parser that methods do not override a final method. Overpass methods 639 // are trusted since the VM generates them. 640 continue; 641 } 642 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 643 } 644 645 if (was_recursively_verified()){ 646 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 647 log_info(class, init)("Recursive verification detected for: %s", 648 _klass->external_name()); 649 } 650 } 651 652 // Translate the signature entries into verification types and save them in 653 // the growable array. Also, save the count of arguments. 654 void ClassVerifier::translate_signature(Symbol* const method_sig, 655 sig_as_verification_types* sig_verif_types) { 656 SignatureStream sig_stream(method_sig); 657 VerificationType sig_type[2]; 658 int sig_i = 0; 659 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 660 661 // Translate the signature arguments into verification types. 662 while (!sig_stream.at_return_type()) { 663 int n = change_sig_to_verificationType(&sig_stream, sig_type); 664 assert(n <= 2, "Unexpected signature type"); 665 666 // Store verification type(s). Longs and Doubles each have two verificationTypes. 667 for (int x = 0; x < n; x++) { 668 verif_types->push(sig_type[x]); 669 } 670 sig_i += n; 671 sig_stream.next(); 672 } 673 674 // Set final arg count, not including the return type. The final arg count will 675 // be compared with sig_verify_types' length to see if there is a return type. 676 sig_verif_types->set_num_args(sig_i); 677 678 // Store verification type(s) for the return type, if there is one. 679 if (sig_stream.type() != T_VOID) { 680 int n = change_sig_to_verificationType(&sig_stream, sig_type); 681 assert(n <= 2, "Unexpected signature return type"); 682 for (int y = 0; y < n; y++) { 683 verif_types->push(sig_type[y]); 684 } 685 } 686 } 687 688 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 689 int sig_index) { 690 // Translate the signature into verification types. 691 ConstantPool* cp = _klass->constants(); 692 Symbol* const method_sig = cp->symbol_at(sig_index); 693 translate_signature(method_sig, sig_verif_types); 694 695 // Add the list of this signature's verification types to the table. 696 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 697 assert(is_unique, "Duplicate entries in method_signature_table"); 698 } 699 700 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 701 HandleMark hm(THREAD); 702 _method = m; // initialize _method 703 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 704 705 // For clang, the only good constant format string is a literal constant format string. 706 #define bad_type_msg "Bad type on operand stack in %s" 707 708 int32_t max_stack = m->verifier_max_stack(); 709 int32_t max_locals = m->max_locals(); 710 constantPoolHandle cp(THREAD, m->constants()); 711 712 // Method signature was checked in ClassFileParser. 713 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 714 "Invalid method signature"); 715 716 // Initial stack map frame: offset is 0, stack is initially empty. 717 StackMapFrame current_frame(max_locals, max_stack, this); 718 // Set initial locals 719 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 720 721 int32_t stackmap_index = 0; // index to the stackmap array 722 723 u4 code_length = m->code_size(); 724 725 // Scan the bytecode and map each instruction's start offset to a number. 726 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 727 728 int ex_min = code_length; 729 int ex_max = -1; 730 // Look through each item on the exception table. Each of the fields must refer 731 // to a legal instruction. 732 if (was_recursively_verified()) return; 733 verify_exception_handler_table( 734 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 735 736 // Look through each entry on the local variable table and make sure 737 // its range of code array offsets is valid. (4169817) 738 if (m->has_localvariable_table()) { 739 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 740 } 741 742 Array<u1>* stackmap_data = m->stackmap_data(); 743 StackMapStream stream(stackmap_data); 744 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 745 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 746 code_data, code_length, CHECK_VERIFY(this)); 747 748 LogTarget(Debug, verification) lt; 749 if (lt.is_enabled()) { 750 ResourceMark rm(THREAD); 751 LogStream ls(lt); 752 stackmap_table.print_on(&ls); 753 } 754 755 RawBytecodeStream bcs(m); 756 757 // Scan the byte code linearly from the start to the end 758 bool no_control_flow = false; // Set to true when there is no direct control 759 // flow from current instruction to the next 760 // instruction in sequence 761 762 Bytecodes::Code opcode; 763 while (!bcs.is_last_bytecode()) { 764 // Check for recursive re-verification before each bytecode. 765 if (was_recursively_verified()) return; 766 767 opcode = bcs.raw_next(); 768 u2 bci = bcs.bci(); 769 770 // Set current frame's offset to bci 771 current_frame.set_offset(bci); 772 current_frame.set_mark(); 773 774 // Make sure every offset in stackmap table point to the beginning to 775 // an instruction. Match current_frame to stackmap_table entry with 776 // the same offset if exists. 777 stackmap_index = verify_stackmap_table( 778 stackmap_index, bci, ¤t_frame, &stackmap_table, 779 no_control_flow, CHECK_VERIFY(this)); 780 781 782 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 783 bool verified_exc_handlers = false; 784 785 // Merge with the next instruction 786 { 787 u2 index; 788 int target; 789 VerificationType type, type2; 790 VerificationType atype; 791 792 LogTarget(Debug, verification) lt; 793 if (lt.is_enabled()) { 794 ResourceMark rm(THREAD); 795 LogStream ls(lt); 796 current_frame.print_on(&ls); 797 lt.print("offset = %d, opcode = %s", bci, 798 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 799 } 800 801 // Make sure wide instruction is in correct format 802 if (bcs.is_wide()) { 803 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 804 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 805 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 806 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 807 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 808 opcode != Bytecodes::_dstore) { 809 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 810 * if we encounter a wide instruction that modifies an invalid 811 * opcode (not one of the ones listed above) */ 812 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 813 return; 814 } 815 } 816 817 // Look for possible jump target in exception handlers and see if it 818 // matches current_frame. Do this check here for astore*, dstore*, 819 // fstore*, istore*, and lstore* opcodes because they can change the type 820 // state by adding a local. JVM Spec says that the incoming type state 821 // should be used for this check. So, do the check here before a possible 822 // local is added to the type state. 823 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 824 if (was_recursively_verified()) return; 825 verify_exception_handler_targets( 826 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 827 verified_exc_handlers = true; 828 } 829 830 if (was_recursively_verified()) return; 831 832 switch (opcode) { 833 case Bytecodes::_nop : 834 no_control_flow = false; break; 835 case Bytecodes::_aconst_null : 836 current_frame.push_stack( 837 VerificationType::null_type(), CHECK_VERIFY(this)); 838 no_control_flow = false; break; 839 case Bytecodes::_iconst_m1 : 840 case Bytecodes::_iconst_0 : 841 case Bytecodes::_iconst_1 : 842 case Bytecodes::_iconst_2 : 843 case Bytecodes::_iconst_3 : 844 case Bytecodes::_iconst_4 : 845 case Bytecodes::_iconst_5 : 846 current_frame.push_stack( 847 VerificationType::integer_type(), CHECK_VERIFY(this)); 848 no_control_flow = false; break; 849 case Bytecodes::_lconst_0 : 850 case Bytecodes::_lconst_1 : 851 current_frame.push_stack_2( 852 VerificationType::long_type(), 853 VerificationType::long2_type(), CHECK_VERIFY(this)); 854 no_control_flow = false; break; 855 case Bytecodes::_fconst_0 : 856 case Bytecodes::_fconst_1 : 857 case Bytecodes::_fconst_2 : 858 current_frame.push_stack( 859 VerificationType::float_type(), CHECK_VERIFY(this)); 860 no_control_flow = false; break; 861 case Bytecodes::_dconst_0 : 862 case Bytecodes::_dconst_1 : 863 current_frame.push_stack_2( 864 VerificationType::double_type(), 865 VerificationType::double2_type(), CHECK_VERIFY(this)); 866 no_control_flow = false; break; 867 case Bytecodes::_sipush : 868 case Bytecodes::_bipush : 869 current_frame.push_stack( 870 VerificationType::integer_type(), CHECK_VERIFY(this)); 871 no_control_flow = false; break; 872 case Bytecodes::_ldc : 873 verify_ldc( 874 opcode, bcs.get_index_u1(), ¤t_frame, 875 cp, bci, CHECK_VERIFY(this)); 876 no_control_flow = false; break; 877 case Bytecodes::_ldc_w : 878 case Bytecodes::_ldc2_w : 879 verify_ldc( 880 opcode, bcs.get_index_u2(), ¤t_frame, 881 cp, bci, CHECK_VERIFY(this)); 882 no_control_flow = false; break; 883 case Bytecodes::_iload : 884 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_iload_0 : 887 case Bytecodes::_iload_1 : 888 case Bytecodes::_iload_2 : 889 case Bytecodes::_iload_3 : 890 index = opcode - Bytecodes::_iload_0; 891 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 892 no_control_flow = false; break; 893 case Bytecodes::_lload : 894 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 895 no_control_flow = false; break; 896 case Bytecodes::_lload_0 : 897 case Bytecodes::_lload_1 : 898 case Bytecodes::_lload_2 : 899 case Bytecodes::_lload_3 : 900 index = opcode - Bytecodes::_lload_0; 901 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 902 no_control_flow = false; break; 903 case Bytecodes::_fload : 904 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 905 no_control_flow = false; break; 906 case Bytecodes::_fload_0 : 907 case Bytecodes::_fload_1 : 908 case Bytecodes::_fload_2 : 909 case Bytecodes::_fload_3 : 910 index = opcode - Bytecodes::_fload_0; 911 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 912 no_control_flow = false; break; 913 case Bytecodes::_dload : 914 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 915 no_control_flow = false; break; 916 case Bytecodes::_dload_0 : 917 case Bytecodes::_dload_1 : 918 case Bytecodes::_dload_2 : 919 case Bytecodes::_dload_3 : 920 index = opcode - Bytecodes::_dload_0; 921 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 922 no_control_flow = false; break; 923 case Bytecodes::_aload : 924 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 925 no_control_flow = false; break; 926 case Bytecodes::_aload_0 : 927 case Bytecodes::_aload_1 : 928 case Bytecodes::_aload_2 : 929 case Bytecodes::_aload_3 : 930 index = opcode - Bytecodes::_aload_0; 931 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 932 no_control_flow = false; break; 933 case Bytecodes::_iaload : 934 type = current_frame.pop_stack( 935 VerificationType::integer_type(), CHECK_VERIFY(this)); 936 atype = current_frame.pop_stack( 937 VerificationType::reference_check(), CHECK_VERIFY(this)); 938 if (!atype.is_int_array()) { 939 verify_error(ErrorContext::bad_type(bci, 940 current_frame.stack_top_ctx(), ref_ctx("[I")), 941 bad_type_msg, "iaload"); 942 return; 943 } 944 current_frame.push_stack( 945 VerificationType::integer_type(), CHECK_VERIFY(this)); 946 no_control_flow = false; break; 947 case Bytecodes::_baload : 948 type = current_frame.pop_stack( 949 VerificationType::integer_type(), CHECK_VERIFY(this)); 950 atype = current_frame.pop_stack( 951 VerificationType::reference_check(), CHECK_VERIFY(this)); 952 if (!atype.is_bool_array() && !atype.is_byte_array()) { 953 verify_error( 954 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 955 bad_type_msg, "baload"); 956 return; 957 } 958 current_frame.push_stack( 959 VerificationType::integer_type(), CHECK_VERIFY(this)); 960 no_control_flow = false; break; 961 case Bytecodes::_caload : 962 type = current_frame.pop_stack( 963 VerificationType::integer_type(), CHECK_VERIFY(this)); 964 atype = current_frame.pop_stack( 965 VerificationType::reference_check(), CHECK_VERIFY(this)); 966 if (!atype.is_char_array()) { 967 verify_error(ErrorContext::bad_type(bci, 968 current_frame.stack_top_ctx(), ref_ctx("[C")), 969 bad_type_msg, "caload"); 970 return; 971 } 972 current_frame.push_stack( 973 VerificationType::integer_type(), CHECK_VERIFY(this)); 974 no_control_flow = false; break; 975 case Bytecodes::_saload : 976 type = current_frame.pop_stack( 977 VerificationType::integer_type(), CHECK_VERIFY(this)); 978 atype = current_frame.pop_stack( 979 VerificationType::reference_check(), CHECK_VERIFY(this)); 980 if (!atype.is_short_array()) { 981 verify_error(ErrorContext::bad_type(bci, 982 current_frame.stack_top_ctx(), ref_ctx("[S")), 983 bad_type_msg, "saload"); 984 return; 985 } 986 current_frame.push_stack( 987 VerificationType::integer_type(), CHECK_VERIFY(this)); 988 no_control_flow = false; break; 989 case Bytecodes::_laload : 990 type = current_frame.pop_stack( 991 VerificationType::integer_type(), CHECK_VERIFY(this)); 992 atype = current_frame.pop_stack( 993 VerificationType::reference_check(), CHECK_VERIFY(this)); 994 if (!atype.is_long_array()) { 995 verify_error(ErrorContext::bad_type(bci, 996 current_frame.stack_top_ctx(), ref_ctx("[J")), 997 bad_type_msg, "laload"); 998 return; 999 } 1000 current_frame.push_stack_2( 1001 VerificationType::long_type(), 1002 VerificationType::long2_type(), CHECK_VERIFY(this)); 1003 no_control_flow = false; break; 1004 case Bytecodes::_faload : 1005 type = current_frame.pop_stack( 1006 VerificationType::integer_type(), CHECK_VERIFY(this)); 1007 atype = current_frame.pop_stack( 1008 VerificationType::reference_check(), CHECK_VERIFY(this)); 1009 if (!atype.is_float_array()) { 1010 verify_error(ErrorContext::bad_type(bci, 1011 current_frame.stack_top_ctx(), ref_ctx("[F")), 1012 bad_type_msg, "faload"); 1013 return; 1014 } 1015 current_frame.push_stack( 1016 VerificationType::float_type(), CHECK_VERIFY(this)); 1017 no_control_flow = false; break; 1018 case Bytecodes::_daload : 1019 type = current_frame.pop_stack( 1020 VerificationType::integer_type(), CHECK_VERIFY(this)); 1021 atype = current_frame.pop_stack( 1022 VerificationType::reference_check(), CHECK_VERIFY(this)); 1023 if (!atype.is_double_array()) { 1024 verify_error(ErrorContext::bad_type(bci, 1025 current_frame.stack_top_ctx(), ref_ctx("[D")), 1026 bad_type_msg, "daload"); 1027 return; 1028 } 1029 current_frame.push_stack_2( 1030 VerificationType::double_type(), 1031 VerificationType::double2_type(), CHECK_VERIFY(this)); 1032 no_control_flow = false; break; 1033 case Bytecodes::_aaload : { 1034 type = current_frame.pop_stack( 1035 VerificationType::integer_type(), CHECK_VERIFY(this)); 1036 atype = current_frame.pop_stack( 1037 VerificationType::reference_check(), CHECK_VERIFY(this)); 1038 if (!atype.is_reference_array()) { 1039 verify_error(ErrorContext::bad_type(bci, 1040 current_frame.stack_top_ctx(), 1041 TypeOrigin::implicit(VerificationType::reference_check())), 1042 bad_type_msg, "aaload"); 1043 return; 1044 } 1045 if (atype.is_null()) { 1046 current_frame.push_stack( 1047 VerificationType::null_type(), CHECK_VERIFY(this)); 1048 } else { 1049 VerificationType component = atype.get_component(this); 1050 current_frame.push_stack(component, CHECK_VERIFY(this)); 1051 } 1052 no_control_flow = false; break; 1053 } 1054 case Bytecodes::_istore : 1055 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1056 no_control_flow = false; break; 1057 case Bytecodes::_istore_0 : 1058 case Bytecodes::_istore_1 : 1059 case Bytecodes::_istore_2 : 1060 case Bytecodes::_istore_3 : 1061 index = opcode - Bytecodes::_istore_0; 1062 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1063 no_control_flow = false; break; 1064 case Bytecodes::_lstore : 1065 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1066 no_control_flow = false; break; 1067 case Bytecodes::_lstore_0 : 1068 case Bytecodes::_lstore_1 : 1069 case Bytecodes::_lstore_2 : 1070 case Bytecodes::_lstore_3 : 1071 index = opcode - Bytecodes::_lstore_0; 1072 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1073 no_control_flow = false; break; 1074 case Bytecodes::_fstore : 1075 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1076 no_control_flow = false; break; 1077 case Bytecodes::_fstore_0 : 1078 case Bytecodes::_fstore_1 : 1079 case Bytecodes::_fstore_2 : 1080 case Bytecodes::_fstore_3 : 1081 index = opcode - Bytecodes::_fstore_0; 1082 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1083 no_control_flow = false; break; 1084 case Bytecodes::_dstore : 1085 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 case Bytecodes::_dstore_0 : 1088 case Bytecodes::_dstore_1 : 1089 case Bytecodes::_dstore_2 : 1090 case Bytecodes::_dstore_3 : 1091 index = opcode - Bytecodes::_dstore_0; 1092 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1093 no_control_flow = false; break; 1094 case Bytecodes::_astore : 1095 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1096 no_control_flow = false; break; 1097 case Bytecodes::_astore_0 : 1098 case Bytecodes::_astore_1 : 1099 case Bytecodes::_astore_2 : 1100 case Bytecodes::_astore_3 : 1101 index = opcode - Bytecodes::_astore_0; 1102 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1103 no_control_flow = false; break; 1104 case Bytecodes::_iastore : 1105 type = current_frame.pop_stack( 1106 VerificationType::integer_type(), CHECK_VERIFY(this)); 1107 type2 = current_frame.pop_stack( 1108 VerificationType::integer_type(), CHECK_VERIFY(this)); 1109 atype = current_frame.pop_stack( 1110 VerificationType::reference_check(), CHECK_VERIFY(this)); 1111 if (!atype.is_int_array()) { 1112 verify_error(ErrorContext::bad_type(bci, 1113 current_frame.stack_top_ctx(), ref_ctx("[I")), 1114 bad_type_msg, "iastore"); 1115 return; 1116 } 1117 no_control_flow = false; break; 1118 case Bytecodes::_bastore : 1119 type = current_frame.pop_stack( 1120 VerificationType::integer_type(), CHECK_VERIFY(this)); 1121 type2 = current_frame.pop_stack( 1122 VerificationType::integer_type(), CHECK_VERIFY(this)); 1123 atype = current_frame.pop_stack( 1124 VerificationType::reference_check(), CHECK_VERIFY(this)); 1125 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1126 verify_error( 1127 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1128 bad_type_msg, "bastore"); 1129 return; 1130 } 1131 no_control_flow = false; break; 1132 case Bytecodes::_castore : 1133 current_frame.pop_stack( 1134 VerificationType::integer_type(), CHECK_VERIFY(this)); 1135 current_frame.pop_stack( 1136 VerificationType::integer_type(), CHECK_VERIFY(this)); 1137 atype = current_frame.pop_stack( 1138 VerificationType::reference_check(), CHECK_VERIFY(this)); 1139 if (!atype.is_char_array()) { 1140 verify_error(ErrorContext::bad_type(bci, 1141 current_frame.stack_top_ctx(), ref_ctx("[C")), 1142 bad_type_msg, "castore"); 1143 return; 1144 } 1145 no_control_flow = false; break; 1146 case Bytecodes::_sastore : 1147 current_frame.pop_stack( 1148 VerificationType::integer_type(), CHECK_VERIFY(this)); 1149 current_frame.pop_stack( 1150 VerificationType::integer_type(), CHECK_VERIFY(this)); 1151 atype = current_frame.pop_stack( 1152 VerificationType::reference_check(), CHECK_VERIFY(this)); 1153 if (!atype.is_short_array()) { 1154 verify_error(ErrorContext::bad_type(bci, 1155 current_frame.stack_top_ctx(), ref_ctx("[S")), 1156 bad_type_msg, "sastore"); 1157 return; 1158 } 1159 no_control_flow = false; break; 1160 case Bytecodes::_lastore : 1161 current_frame.pop_stack_2( 1162 VerificationType::long2_type(), 1163 VerificationType::long_type(), CHECK_VERIFY(this)); 1164 current_frame.pop_stack( 1165 VerificationType::integer_type(), CHECK_VERIFY(this)); 1166 atype = current_frame.pop_stack( 1167 VerificationType::reference_check(), CHECK_VERIFY(this)); 1168 if (!atype.is_long_array()) { 1169 verify_error(ErrorContext::bad_type(bci, 1170 current_frame.stack_top_ctx(), ref_ctx("[J")), 1171 bad_type_msg, "lastore"); 1172 return; 1173 } 1174 no_control_flow = false; break; 1175 case Bytecodes::_fastore : 1176 current_frame.pop_stack( 1177 VerificationType::float_type(), CHECK_VERIFY(this)); 1178 current_frame.pop_stack 1179 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1180 atype = current_frame.pop_stack( 1181 VerificationType::reference_check(), CHECK_VERIFY(this)); 1182 if (!atype.is_float_array()) { 1183 verify_error(ErrorContext::bad_type(bci, 1184 current_frame.stack_top_ctx(), ref_ctx("[F")), 1185 bad_type_msg, "fastore"); 1186 return; 1187 } 1188 no_control_flow = false; break; 1189 case Bytecodes::_dastore : 1190 current_frame.pop_stack_2( 1191 VerificationType::double2_type(), 1192 VerificationType::double_type(), CHECK_VERIFY(this)); 1193 current_frame.pop_stack( 1194 VerificationType::integer_type(), CHECK_VERIFY(this)); 1195 atype = current_frame.pop_stack( 1196 VerificationType::reference_check(), CHECK_VERIFY(this)); 1197 if (!atype.is_double_array()) { 1198 verify_error(ErrorContext::bad_type(bci, 1199 current_frame.stack_top_ctx(), ref_ctx("[D")), 1200 bad_type_msg, "dastore"); 1201 return; 1202 } 1203 no_control_flow = false; break; 1204 case Bytecodes::_aastore : 1205 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1206 type2 = current_frame.pop_stack( 1207 VerificationType::integer_type(), CHECK_VERIFY(this)); 1208 atype = current_frame.pop_stack( 1209 VerificationType::reference_check(), CHECK_VERIFY(this)); 1210 // more type-checking is done at runtime 1211 if (!atype.is_reference_array()) { 1212 verify_error(ErrorContext::bad_type(bci, 1213 current_frame.stack_top_ctx(), 1214 TypeOrigin::implicit(VerificationType::reference_check())), 1215 bad_type_msg, "aastore"); 1216 return; 1217 } 1218 // 4938384: relaxed constraint in JVMS 3rd edition. 1219 no_control_flow = false; break; 1220 case Bytecodes::_pop : 1221 current_frame.pop_stack( 1222 VerificationType::category1_check(), CHECK_VERIFY(this)); 1223 no_control_flow = false; break; 1224 case Bytecodes::_pop2 : 1225 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1226 if (type.is_category1()) { 1227 current_frame.pop_stack( 1228 VerificationType::category1_check(), CHECK_VERIFY(this)); 1229 } else if (type.is_category2_2nd()) { 1230 current_frame.pop_stack( 1231 VerificationType::category2_check(), CHECK_VERIFY(this)); 1232 } else { 1233 /* Unreachable? Would need a category2_1st on TOS 1234 * which does not appear possible. */ 1235 verify_error( 1236 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1237 bad_type_msg, "pop2"); 1238 return; 1239 } 1240 no_control_flow = false; break; 1241 case Bytecodes::_dup : 1242 type = current_frame.pop_stack( 1243 VerificationType::category1_check(), CHECK_VERIFY(this)); 1244 current_frame.push_stack(type, CHECK_VERIFY(this)); 1245 current_frame.push_stack(type, CHECK_VERIFY(this)); 1246 no_control_flow = false; break; 1247 case Bytecodes::_dup_x1 : 1248 type = current_frame.pop_stack( 1249 VerificationType::category1_check(), CHECK_VERIFY(this)); 1250 type2 = current_frame.pop_stack( 1251 VerificationType::category1_check(), CHECK_VERIFY(this)); 1252 current_frame.push_stack(type, CHECK_VERIFY(this)); 1253 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1254 current_frame.push_stack(type, CHECK_VERIFY(this)); 1255 no_control_flow = false; break; 1256 case Bytecodes::_dup_x2 : 1257 { 1258 VerificationType type3; 1259 type = current_frame.pop_stack( 1260 VerificationType::category1_check(), CHECK_VERIFY(this)); 1261 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1262 if (type2.is_category1()) { 1263 type3 = current_frame.pop_stack( 1264 VerificationType::category1_check(), CHECK_VERIFY(this)); 1265 } else if (type2.is_category2_2nd()) { 1266 type3 = current_frame.pop_stack( 1267 VerificationType::category2_check(), CHECK_VERIFY(this)); 1268 } else { 1269 /* Unreachable? Would need a category2_1st at stack depth 2 with 1270 * a category1 on TOS which does not appear possible. */ 1271 verify_error(ErrorContext::bad_type( 1272 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1273 return; 1274 } 1275 current_frame.push_stack(type, CHECK_VERIFY(this)); 1276 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1277 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1278 current_frame.push_stack(type, CHECK_VERIFY(this)); 1279 no_control_flow = false; break; 1280 } 1281 case Bytecodes::_dup2 : 1282 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1283 if (type.is_category1()) { 1284 type2 = current_frame.pop_stack( 1285 VerificationType::category1_check(), CHECK_VERIFY(this)); 1286 } else if (type.is_category2_2nd()) { 1287 type2 = current_frame.pop_stack( 1288 VerificationType::category2_check(), CHECK_VERIFY(this)); 1289 } else { 1290 /* Unreachable? Would need a category2_1st on TOS which does not 1291 * appear possible. */ 1292 verify_error( 1293 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1294 bad_type_msg, "dup2"); 1295 return; 1296 } 1297 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1298 current_frame.push_stack(type, CHECK_VERIFY(this)); 1299 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1300 current_frame.push_stack(type, CHECK_VERIFY(this)); 1301 no_control_flow = false; break; 1302 case Bytecodes::_dup2_x1 : 1303 { 1304 VerificationType type3; 1305 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1306 if (type.is_category1()) { 1307 type2 = current_frame.pop_stack( 1308 VerificationType::category1_check(), CHECK_VERIFY(this)); 1309 } else if (type.is_category2_2nd()) { 1310 type2 = current_frame.pop_stack( 1311 VerificationType::category2_check(), CHECK_VERIFY(this)); 1312 } else { 1313 /* Unreachable? Would need a category2_1st on TOS which does 1314 * not appear possible. */ 1315 verify_error( 1316 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1317 bad_type_msg, "dup2_x1"); 1318 return; 1319 } 1320 type3 = current_frame.pop_stack( 1321 VerificationType::category1_check(), CHECK_VERIFY(this)); 1322 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1323 current_frame.push_stack(type, CHECK_VERIFY(this)); 1324 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1325 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1326 current_frame.push_stack(type, CHECK_VERIFY(this)); 1327 no_control_flow = false; break; 1328 } 1329 case Bytecodes::_dup2_x2 : 1330 { 1331 VerificationType type3, type4; 1332 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1333 if (type.is_category1()) { 1334 type2 = current_frame.pop_stack( 1335 VerificationType::category1_check(), CHECK_VERIFY(this)); 1336 } else if (type.is_category2_2nd()) { 1337 type2 = current_frame.pop_stack( 1338 VerificationType::category2_check(), CHECK_VERIFY(this)); 1339 } else { 1340 /* Unreachable? Would need a category2_1st on TOS which does 1341 * not appear possible. */ 1342 verify_error( 1343 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1344 bad_type_msg, "dup2_x2"); 1345 return; 1346 } 1347 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1348 if (type3.is_category1()) { 1349 type4 = current_frame.pop_stack( 1350 VerificationType::category1_check(), CHECK_VERIFY(this)); 1351 } else if (type3.is_category2_2nd()) { 1352 type4 = current_frame.pop_stack( 1353 VerificationType::category2_check(), CHECK_VERIFY(this)); 1354 } else { 1355 /* Unreachable? Would need a category2_1st on TOS after popping 1356 * a long/double or two category 1's, which does not 1357 * appear possible. */ 1358 verify_error( 1359 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1360 bad_type_msg, "dup2_x2"); 1361 return; 1362 } 1363 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1364 current_frame.push_stack(type, CHECK_VERIFY(this)); 1365 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1366 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1367 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1368 current_frame.push_stack(type, CHECK_VERIFY(this)); 1369 no_control_flow = false; break; 1370 } 1371 case Bytecodes::_swap : 1372 type = current_frame.pop_stack( 1373 VerificationType::category1_check(), CHECK_VERIFY(this)); 1374 type2 = current_frame.pop_stack( 1375 VerificationType::category1_check(), CHECK_VERIFY(this)); 1376 current_frame.push_stack(type, CHECK_VERIFY(this)); 1377 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1378 no_control_flow = false; break; 1379 case Bytecodes::_iadd : 1380 case Bytecodes::_isub : 1381 case Bytecodes::_imul : 1382 case Bytecodes::_idiv : 1383 case Bytecodes::_irem : 1384 case Bytecodes::_ishl : 1385 case Bytecodes::_ishr : 1386 case Bytecodes::_iushr : 1387 case Bytecodes::_ior : 1388 case Bytecodes::_ixor : 1389 case Bytecodes::_iand : 1390 current_frame.pop_stack( 1391 VerificationType::integer_type(), CHECK_VERIFY(this)); 1392 // fall through 1393 case Bytecodes::_ineg : 1394 current_frame.pop_stack( 1395 VerificationType::integer_type(), CHECK_VERIFY(this)); 1396 current_frame.push_stack( 1397 VerificationType::integer_type(), CHECK_VERIFY(this)); 1398 no_control_flow = false; break; 1399 case Bytecodes::_ladd : 1400 case Bytecodes::_lsub : 1401 case Bytecodes::_lmul : 1402 case Bytecodes::_ldiv : 1403 case Bytecodes::_lrem : 1404 case Bytecodes::_land : 1405 case Bytecodes::_lor : 1406 case Bytecodes::_lxor : 1407 current_frame.pop_stack_2( 1408 VerificationType::long2_type(), 1409 VerificationType::long_type(), CHECK_VERIFY(this)); 1410 // fall through 1411 case Bytecodes::_lneg : 1412 current_frame.pop_stack_2( 1413 VerificationType::long2_type(), 1414 VerificationType::long_type(), CHECK_VERIFY(this)); 1415 current_frame.push_stack_2( 1416 VerificationType::long_type(), 1417 VerificationType::long2_type(), CHECK_VERIFY(this)); 1418 no_control_flow = false; break; 1419 case Bytecodes::_lshl : 1420 case Bytecodes::_lshr : 1421 case Bytecodes::_lushr : 1422 current_frame.pop_stack( 1423 VerificationType::integer_type(), CHECK_VERIFY(this)); 1424 current_frame.pop_stack_2( 1425 VerificationType::long2_type(), 1426 VerificationType::long_type(), CHECK_VERIFY(this)); 1427 current_frame.push_stack_2( 1428 VerificationType::long_type(), 1429 VerificationType::long2_type(), CHECK_VERIFY(this)); 1430 no_control_flow = false; break; 1431 case Bytecodes::_fadd : 1432 case Bytecodes::_fsub : 1433 case Bytecodes::_fmul : 1434 case Bytecodes::_fdiv : 1435 case Bytecodes::_frem : 1436 current_frame.pop_stack( 1437 VerificationType::float_type(), CHECK_VERIFY(this)); 1438 // fall through 1439 case Bytecodes::_fneg : 1440 current_frame.pop_stack( 1441 VerificationType::float_type(), CHECK_VERIFY(this)); 1442 current_frame.push_stack( 1443 VerificationType::float_type(), CHECK_VERIFY(this)); 1444 no_control_flow = false; break; 1445 case Bytecodes::_dadd : 1446 case Bytecodes::_dsub : 1447 case Bytecodes::_dmul : 1448 case Bytecodes::_ddiv : 1449 case Bytecodes::_drem : 1450 current_frame.pop_stack_2( 1451 VerificationType::double2_type(), 1452 VerificationType::double_type(), CHECK_VERIFY(this)); 1453 // fall through 1454 case Bytecodes::_dneg : 1455 current_frame.pop_stack_2( 1456 VerificationType::double2_type(), 1457 VerificationType::double_type(), CHECK_VERIFY(this)); 1458 current_frame.push_stack_2( 1459 VerificationType::double_type(), 1460 VerificationType::double2_type(), CHECK_VERIFY(this)); 1461 no_control_flow = false; break; 1462 case Bytecodes::_iinc : 1463 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1464 no_control_flow = false; break; 1465 case Bytecodes::_i2l : 1466 type = current_frame.pop_stack( 1467 VerificationType::integer_type(), CHECK_VERIFY(this)); 1468 current_frame.push_stack_2( 1469 VerificationType::long_type(), 1470 VerificationType::long2_type(), CHECK_VERIFY(this)); 1471 no_control_flow = false; break; 1472 case Bytecodes::_l2i : 1473 current_frame.pop_stack_2( 1474 VerificationType::long2_type(), 1475 VerificationType::long_type(), CHECK_VERIFY(this)); 1476 current_frame.push_stack( 1477 VerificationType::integer_type(), CHECK_VERIFY(this)); 1478 no_control_flow = false; break; 1479 case Bytecodes::_i2f : 1480 current_frame.pop_stack( 1481 VerificationType::integer_type(), CHECK_VERIFY(this)); 1482 current_frame.push_stack( 1483 VerificationType::float_type(), CHECK_VERIFY(this)); 1484 no_control_flow = false; break; 1485 case Bytecodes::_i2d : 1486 current_frame.pop_stack( 1487 VerificationType::integer_type(), CHECK_VERIFY(this)); 1488 current_frame.push_stack_2( 1489 VerificationType::double_type(), 1490 VerificationType::double2_type(), CHECK_VERIFY(this)); 1491 no_control_flow = false; break; 1492 case Bytecodes::_l2f : 1493 current_frame.pop_stack_2( 1494 VerificationType::long2_type(), 1495 VerificationType::long_type(), CHECK_VERIFY(this)); 1496 current_frame.push_stack( 1497 VerificationType::float_type(), CHECK_VERIFY(this)); 1498 no_control_flow = false; break; 1499 case Bytecodes::_l2d : 1500 current_frame.pop_stack_2( 1501 VerificationType::long2_type(), 1502 VerificationType::long_type(), CHECK_VERIFY(this)); 1503 current_frame.push_stack_2( 1504 VerificationType::double_type(), 1505 VerificationType::double2_type(), CHECK_VERIFY(this)); 1506 no_control_flow = false; break; 1507 case Bytecodes::_f2i : 1508 current_frame.pop_stack( 1509 VerificationType::float_type(), CHECK_VERIFY(this)); 1510 current_frame.push_stack( 1511 VerificationType::integer_type(), CHECK_VERIFY(this)); 1512 no_control_flow = false; break; 1513 case Bytecodes::_f2l : 1514 current_frame.pop_stack( 1515 VerificationType::float_type(), CHECK_VERIFY(this)); 1516 current_frame.push_stack_2( 1517 VerificationType::long_type(), 1518 VerificationType::long2_type(), CHECK_VERIFY(this)); 1519 no_control_flow = false; break; 1520 case Bytecodes::_f2d : 1521 current_frame.pop_stack( 1522 VerificationType::float_type(), CHECK_VERIFY(this)); 1523 current_frame.push_stack_2( 1524 VerificationType::double_type(), 1525 VerificationType::double2_type(), CHECK_VERIFY(this)); 1526 no_control_flow = false; break; 1527 case Bytecodes::_d2i : 1528 current_frame.pop_stack_2( 1529 VerificationType::double2_type(), 1530 VerificationType::double_type(), CHECK_VERIFY(this)); 1531 current_frame.push_stack( 1532 VerificationType::integer_type(), CHECK_VERIFY(this)); 1533 no_control_flow = false; break; 1534 case Bytecodes::_d2l : 1535 current_frame.pop_stack_2( 1536 VerificationType::double2_type(), 1537 VerificationType::double_type(), CHECK_VERIFY(this)); 1538 current_frame.push_stack_2( 1539 VerificationType::long_type(), 1540 VerificationType::long2_type(), CHECK_VERIFY(this)); 1541 no_control_flow = false; break; 1542 case Bytecodes::_d2f : 1543 current_frame.pop_stack_2( 1544 VerificationType::double2_type(), 1545 VerificationType::double_type(), CHECK_VERIFY(this)); 1546 current_frame.push_stack( 1547 VerificationType::float_type(), CHECK_VERIFY(this)); 1548 no_control_flow = false; break; 1549 case Bytecodes::_i2b : 1550 case Bytecodes::_i2c : 1551 case Bytecodes::_i2s : 1552 current_frame.pop_stack( 1553 VerificationType::integer_type(), CHECK_VERIFY(this)); 1554 current_frame.push_stack( 1555 VerificationType::integer_type(), CHECK_VERIFY(this)); 1556 no_control_flow = false; break; 1557 case Bytecodes::_lcmp : 1558 current_frame.pop_stack_2( 1559 VerificationType::long2_type(), 1560 VerificationType::long_type(), CHECK_VERIFY(this)); 1561 current_frame.pop_stack_2( 1562 VerificationType::long2_type(), 1563 VerificationType::long_type(), CHECK_VERIFY(this)); 1564 current_frame.push_stack( 1565 VerificationType::integer_type(), CHECK_VERIFY(this)); 1566 no_control_flow = false; break; 1567 case Bytecodes::_fcmpl : 1568 case Bytecodes::_fcmpg : 1569 current_frame.pop_stack( 1570 VerificationType::float_type(), CHECK_VERIFY(this)); 1571 current_frame.pop_stack( 1572 VerificationType::float_type(), CHECK_VERIFY(this)); 1573 current_frame.push_stack( 1574 VerificationType::integer_type(), CHECK_VERIFY(this)); 1575 no_control_flow = false; break; 1576 case Bytecodes::_dcmpl : 1577 case Bytecodes::_dcmpg : 1578 current_frame.pop_stack_2( 1579 VerificationType::double2_type(), 1580 VerificationType::double_type(), CHECK_VERIFY(this)); 1581 current_frame.pop_stack_2( 1582 VerificationType::double2_type(), 1583 VerificationType::double_type(), CHECK_VERIFY(this)); 1584 current_frame.push_stack( 1585 VerificationType::integer_type(), CHECK_VERIFY(this)); 1586 no_control_flow = false; break; 1587 case Bytecodes::_if_icmpeq: 1588 case Bytecodes::_if_icmpne: 1589 case Bytecodes::_if_icmplt: 1590 case Bytecodes::_if_icmpge: 1591 case Bytecodes::_if_icmpgt: 1592 case Bytecodes::_if_icmple: 1593 current_frame.pop_stack( 1594 VerificationType::integer_type(), CHECK_VERIFY(this)); 1595 // fall through 1596 case Bytecodes::_ifeq: 1597 case Bytecodes::_ifne: 1598 case Bytecodes::_iflt: 1599 case Bytecodes::_ifge: 1600 case Bytecodes::_ifgt: 1601 case Bytecodes::_ifle: 1602 current_frame.pop_stack( 1603 VerificationType::integer_type(), CHECK_VERIFY(this)); 1604 target = bcs.dest(); 1605 stackmap_table.check_jump_target( 1606 ¤t_frame, target, CHECK_VERIFY(this)); 1607 no_control_flow = false; break; 1608 case Bytecodes::_if_acmpeq : 1609 case Bytecodes::_if_acmpne : 1610 current_frame.pop_stack( 1611 VerificationType::reference_check(), CHECK_VERIFY(this)); 1612 // fall through 1613 case Bytecodes::_ifnull : 1614 case Bytecodes::_ifnonnull : 1615 current_frame.pop_stack( 1616 VerificationType::reference_check(), CHECK_VERIFY(this)); 1617 target = bcs.dest(); 1618 stackmap_table.check_jump_target 1619 (¤t_frame, target, CHECK_VERIFY(this)); 1620 no_control_flow = false; break; 1621 case Bytecodes::_goto : 1622 target = bcs.dest(); 1623 stackmap_table.check_jump_target( 1624 ¤t_frame, target, CHECK_VERIFY(this)); 1625 no_control_flow = true; break; 1626 case Bytecodes::_goto_w : 1627 target = bcs.dest_w(); 1628 stackmap_table.check_jump_target( 1629 ¤t_frame, target, CHECK_VERIFY(this)); 1630 no_control_flow = true; break; 1631 case Bytecodes::_tableswitch : 1632 case Bytecodes::_lookupswitch : 1633 verify_switch( 1634 &bcs, code_length, code_data, ¤t_frame, 1635 &stackmap_table, CHECK_VERIFY(this)); 1636 no_control_flow = true; break; 1637 case Bytecodes::_ireturn : 1638 type = current_frame.pop_stack( 1639 VerificationType::integer_type(), CHECK_VERIFY(this)); 1640 verify_return_value(return_type, type, bci, 1641 ¤t_frame, CHECK_VERIFY(this)); 1642 no_control_flow = true; break; 1643 case Bytecodes::_lreturn : 1644 type2 = current_frame.pop_stack( 1645 VerificationType::long2_type(), CHECK_VERIFY(this)); 1646 type = current_frame.pop_stack( 1647 VerificationType::long_type(), CHECK_VERIFY(this)); 1648 verify_return_value(return_type, type, bci, 1649 ¤t_frame, CHECK_VERIFY(this)); 1650 no_control_flow = true; break; 1651 case Bytecodes::_freturn : 1652 type = current_frame.pop_stack( 1653 VerificationType::float_type(), CHECK_VERIFY(this)); 1654 verify_return_value(return_type, type, bci, 1655 ¤t_frame, CHECK_VERIFY(this)); 1656 no_control_flow = true; break; 1657 case Bytecodes::_dreturn : 1658 type2 = current_frame.pop_stack( 1659 VerificationType::double2_type(), CHECK_VERIFY(this)); 1660 type = current_frame.pop_stack( 1661 VerificationType::double_type(), CHECK_VERIFY(this)); 1662 verify_return_value(return_type, type, bci, 1663 ¤t_frame, CHECK_VERIFY(this)); 1664 no_control_flow = true; break; 1665 case Bytecodes::_areturn : 1666 type = current_frame.pop_stack( 1667 VerificationType::reference_check(), CHECK_VERIFY(this)); 1668 verify_return_value(return_type, type, bci, 1669 ¤t_frame, CHECK_VERIFY(this)); 1670 no_control_flow = true; break; 1671 case Bytecodes::_return : 1672 if (return_type != VerificationType::bogus_type()) { 1673 verify_error(ErrorContext::bad_code(bci), 1674 "Method expects a return value"); 1675 return; 1676 } 1677 // Make sure "this" has been initialized if current method is an 1678 // <init>. 1679 if (_method->name() == vmSymbols::object_initializer_name() && 1680 current_frame.flag_this_uninit()) { 1681 verify_error(ErrorContext::bad_code(bci), 1682 "Constructor must call super() or this() " 1683 "before return"); 1684 return; 1685 } 1686 no_control_flow = true; break; 1687 case Bytecodes::_getstatic : 1688 case Bytecodes::_putstatic : 1689 // pass TRUE, operand can be an array type for getstatic/putstatic. 1690 verify_field_instructions( 1691 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1692 no_control_flow = false; break; 1693 case Bytecodes::_getfield : 1694 case Bytecodes::_putfield : 1695 // pass FALSE, operand can't be an array type for getfield/putfield. 1696 verify_field_instructions( 1697 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1698 no_control_flow = false; break; 1699 case Bytecodes::_invokevirtual : 1700 case Bytecodes::_invokespecial : 1701 case Bytecodes::_invokestatic : 1702 verify_invoke_instructions( 1703 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1704 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1705 no_control_flow = false; break; 1706 case Bytecodes::_invokeinterface : 1707 case Bytecodes::_invokedynamic : 1708 verify_invoke_instructions( 1709 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1710 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this)); 1711 no_control_flow = false; break; 1712 case Bytecodes::_new : 1713 { 1714 index = bcs.get_index_u2(); 1715 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1716 VerificationType new_class_type = 1717 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1718 if (!new_class_type.is_object()) { 1719 verify_error(ErrorContext::bad_type(bci, 1720 TypeOrigin::cp(index, new_class_type)), 1721 "Illegal new instruction"); 1722 return; 1723 } 1724 type = VerificationType::uninitialized_type(bci); 1725 current_frame.push_stack(type, CHECK_VERIFY(this)); 1726 no_control_flow = false; break; 1727 } 1728 case Bytecodes::_newarray : 1729 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1730 current_frame.pop_stack( 1731 VerificationType::integer_type(), CHECK_VERIFY(this)); 1732 current_frame.push_stack(type, CHECK_VERIFY(this)); 1733 no_control_flow = false; break; 1734 case Bytecodes::_anewarray : 1735 verify_anewarray( 1736 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1737 no_control_flow = false; break; 1738 case Bytecodes::_arraylength : 1739 type = current_frame.pop_stack( 1740 VerificationType::reference_check(), CHECK_VERIFY(this)); 1741 if (!(type.is_null() || type.is_array())) { 1742 verify_error(ErrorContext::bad_type( 1743 bci, current_frame.stack_top_ctx()), 1744 bad_type_msg, "arraylength"); 1745 } 1746 current_frame.push_stack( 1747 VerificationType::integer_type(), CHECK_VERIFY(this)); 1748 no_control_flow = false; break; 1749 case Bytecodes::_checkcast : 1750 { 1751 index = bcs.get_index_u2(); 1752 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1753 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1754 VerificationType klass_type = cp_index_to_type( 1755 index, cp, CHECK_VERIFY(this)); 1756 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1757 no_control_flow = false; break; 1758 } 1759 case Bytecodes::_instanceof : { 1760 index = bcs.get_index_u2(); 1761 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1762 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1763 current_frame.push_stack( 1764 VerificationType::integer_type(), CHECK_VERIFY(this)); 1765 no_control_flow = false; break; 1766 } 1767 case Bytecodes::_monitorenter : 1768 case Bytecodes::_monitorexit : 1769 current_frame.pop_stack( 1770 VerificationType::reference_check(), CHECK_VERIFY(this)); 1771 no_control_flow = false; break; 1772 case Bytecodes::_multianewarray : 1773 { 1774 index = bcs.get_index_u2(); 1775 u2 dim = *(bcs.bcp()+3); 1776 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1777 VerificationType new_array_type = 1778 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1779 if (!new_array_type.is_array()) { 1780 verify_error(ErrorContext::bad_type(bci, 1781 TypeOrigin::cp(index, new_array_type)), 1782 "Illegal constant pool index in multianewarray instruction"); 1783 return; 1784 } 1785 if (dim < 1 || new_array_type.dimensions() < dim) { 1786 verify_error(ErrorContext::bad_code(bci), 1787 "Illegal dimension in multianewarray instruction: %d", dim); 1788 return; 1789 } 1790 for (int i = 0; i < dim; i++) { 1791 current_frame.pop_stack( 1792 VerificationType::integer_type(), CHECK_VERIFY(this)); 1793 } 1794 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1795 no_control_flow = false; break; 1796 } 1797 case Bytecodes::_athrow : 1798 type = VerificationType::reference_type( 1799 vmSymbols::java_lang_Throwable()); 1800 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1801 no_control_flow = true; break; 1802 default: 1803 // We only need to check the valid bytecodes in class file. 1804 // And jsr and ret are not in the new class file format in JDK1.6. 1805 verify_error(ErrorContext::bad_code(bci), 1806 "Bad instruction: %02x", opcode); 1807 no_control_flow = false; 1808 return; 1809 } // end switch 1810 } // end Merge with the next instruction 1811 1812 // Look for possible jump target in exception handlers and see if it matches 1813 // current_frame. Don't do this check if it has already been done (for 1814 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1815 // opcodes, such as invokespecial, may set the this_uninit flag. 1816 assert(!(verified_exc_handlers && this_uninit), 1817 "Exception handler targets got verified before this_uninit got set"); 1818 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1819 if (was_recursively_verified()) return; 1820 verify_exception_handler_targets( 1821 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1822 } 1823 } // end while 1824 1825 // Make sure that control flow does not fall through end of the method 1826 if (!no_control_flow) { 1827 verify_error(ErrorContext::bad_code(code_length), 1828 "Control flow falls through code end"); 1829 return; 1830 } 1831 } 1832 1833 #undef bad_type_message 1834 1835 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1836 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1837 memset(code_data, 0, sizeof(char) * code_length); 1838 RawBytecodeStream bcs(m); 1839 1840 while (!bcs.is_last_bytecode()) { 1841 if (bcs.raw_next() != Bytecodes::_illegal) { 1842 int bci = bcs.bci(); 1843 if (bcs.raw_code() == Bytecodes::_new) { 1844 code_data[bci] = NEW_OFFSET; 1845 } else { 1846 code_data[bci] = BYTECODE_OFFSET; 1847 } 1848 } else { 1849 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1850 return NULL; 1851 } 1852 } 1853 1854 return code_data; 1855 } 1856 1857 // Since this method references the constant pool, call was_recursively_verified() 1858 // before calling this method to make sure a prior class load did not cause the 1859 // current class to get verified. 1860 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1861 ExceptionTable exhandlers(_method()); 1862 int exlength = exhandlers.length(); 1863 constantPoolHandle cp (THREAD, _method->constants()); 1864 1865 for(int i = 0; i < exlength; i++) { 1866 u2 start_pc = exhandlers.start_pc(i); 1867 u2 end_pc = exhandlers.end_pc(i); 1868 u2 handler_pc = exhandlers.handler_pc(i); 1869 if (start_pc >= code_length || code_data[start_pc] == 0) { 1870 class_format_error("Illegal exception table start_pc %d", start_pc); 1871 return; 1872 } 1873 if (end_pc != code_length) { // special case: end_pc == code_length 1874 if (end_pc > code_length || code_data[end_pc] == 0) { 1875 class_format_error("Illegal exception table end_pc %d", end_pc); 1876 return; 1877 } 1878 } 1879 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1880 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1881 return; 1882 } 1883 int catch_type_index = exhandlers.catch_type_index(i); 1884 if (catch_type_index != 0) { 1885 VerificationType catch_type = cp_index_to_type( 1886 catch_type_index, cp, CHECK_VERIFY(this)); 1887 VerificationType throwable = 1888 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1889 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1890 // do that, and we need to avoid a runtime resolution in case we are trying to 1891 // catch OutOfMemoryError. 1892 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1893 cp->klass_at(catch_type_index, CHECK); 1894 } 1895 bool is_subclass = throwable.is_assignable_from( 1896 catch_type, this, false, CHECK_VERIFY(this)); 1897 if (!is_subclass) { 1898 // 4286534: should throw VerifyError according to recent spec change 1899 verify_error(ErrorContext::bad_type(handler_pc, 1900 TypeOrigin::cp(catch_type_index, catch_type), 1901 TypeOrigin::implicit(throwable)), 1902 "Catch type is not a subclass " 1903 "of Throwable in exception handler %d", handler_pc); 1904 return; 1905 } 1906 } 1907 if (start_pc < min) min = start_pc; 1908 if (end_pc > max) max = end_pc; 1909 } 1910 } 1911 1912 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1913 int localvariable_table_length = _method->localvariable_table_length(); 1914 if (localvariable_table_length > 0) { 1915 LocalVariableTableElement* table = _method->localvariable_table_start(); 1916 for (int i = 0; i < localvariable_table_length; i++) { 1917 u2 start_bci = table[i].start_bci; 1918 u2 length = table[i].length; 1919 1920 if (start_bci >= code_length || code_data[start_bci] == 0) { 1921 class_format_error( 1922 "Illegal local variable table start_pc %d", start_bci); 1923 return; 1924 } 1925 u4 end_bci = (u4)(start_bci + length); 1926 if (end_bci != code_length) { 1927 if (end_bci >= code_length || code_data[end_bci] == 0) { 1928 class_format_error( "Illegal local variable table length %d", length); 1929 return; 1930 } 1931 } 1932 } 1933 } 1934 } 1935 1936 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1937 StackMapFrame* current_frame, 1938 StackMapTable* stackmap_table, 1939 bool no_control_flow, TRAPS) { 1940 if (stackmap_index < stackmap_table->get_frame_count()) { 1941 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1942 if (no_control_flow && this_offset > bci) { 1943 verify_error(ErrorContext::missing_stackmap(bci), 1944 "Expecting a stack map frame"); 1945 return 0; 1946 } 1947 if (this_offset == bci) { 1948 ErrorContext ctx; 1949 // See if current stack map can be assigned to the frame in table. 1950 // current_frame is the stackmap frame got from the last instruction. 1951 // If matched, current_frame will be updated by this method. 1952 bool matches = stackmap_table->match_stackmap( 1953 current_frame, this_offset, stackmap_index, 1954 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1955 if (!matches) { 1956 // report type error 1957 verify_error(ctx, "Instruction type does not match stack map"); 1958 return 0; 1959 } 1960 stackmap_index++; 1961 } else if (this_offset < bci) { 1962 // current_offset should have met this_offset. 1963 class_format_error("Bad stack map offset %d", this_offset); 1964 return 0; 1965 } 1966 } else if (no_control_flow) { 1967 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1968 return 0; 1969 } 1970 return stackmap_index; 1971 } 1972 1973 // Since this method references the constant pool, call was_recursively_verified() 1974 // before calling this method to make sure a prior class load did not cause the 1975 // current class to get verified. 1976 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 1977 StackMapFrame* current_frame, 1978 StackMapTable* stackmap_table, TRAPS) { 1979 constantPoolHandle cp (THREAD, _method->constants()); 1980 ExceptionTable exhandlers(_method()); 1981 int exlength = exhandlers.length(); 1982 for(int i = 0; i < exlength; i++) { 1983 u2 start_pc = exhandlers.start_pc(i); 1984 u2 end_pc = exhandlers.end_pc(i); 1985 u2 handler_pc = exhandlers.handler_pc(i); 1986 int catch_type_index = exhandlers.catch_type_index(i); 1987 if(bci >= start_pc && bci < end_pc) { 1988 u1 flags = current_frame->flags(); 1989 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 1990 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 1991 if (catch_type_index != 0) { 1992 if (was_recursively_verified()) return; 1993 // We know that this index refers to a subclass of Throwable 1994 VerificationType catch_type = cp_index_to_type( 1995 catch_type_index, cp, CHECK_VERIFY(this)); 1996 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 1997 } else { 1998 VerificationType throwable = 1999 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2000 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2001 } 2002 ErrorContext ctx; 2003 bool matches = stackmap_table->match_stackmap( 2004 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2005 if (!matches) { 2006 verify_error(ctx, "Stack map does not match the one at " 2007 "exception handler %d", handler_pc); 2008 return; 2009 } 2010 } 2011 } 2012 } 2013 2014 void ClassVerifier::verify_cp_index( 2015 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2016 int nconstants = cp->length(); 2017 if ((index <= 0) || (index >= nconstants)) { 2018 verify_error(ErrorContext::bad_cp_index(bci, index), 2019 "Illegal constant pool index %d in class %s", 2020 index, cp->pool_holder()->external_name()); 2021 return; 2022 } 2023 } 2024 2025 void ClassVerifier::verify_cp_type( 2026 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2027 2028 // In some situations, bytecode rewriting may occur while we're verifying. 2029 // In this case, a constant pool cache exists and some indices refer to that 2030 // instead. Be sure we don't pick up such indices by accident. 2031 // We must check was_recursively_verified() before we get here. 2032 guarantee(cp->cache() == NULL, "not rewritten yet"); 2033 2034 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2035 unsigned int tag = cp->tag_at(index).value(); 2036 if ((types & (1 << tag)) == 0) { 2037 verify_error(ErrorContext::bad_cp_index(bci, index), 2038 "Illegal type at constant pool entry %d in class %s", 2039 index, cp->pool_holder()->external_name()); 2040 return; 2041 } 2042 } 2043 2044 void ClassVerifier::verify_cp_class_type( 2045 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2046 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2047 constantTag tag = cp->tag_at(index); 2048 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2049 verify_error(ErrorContext::bad_cp_index(bci, index), 2050 "Illegal type at constant pool entry %d in class %s", 2051 index, cp->pool_holder()->external_name()); 2052 return; 2053 } 2054 } 2055 2056 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2057 stringStream ss; 2058 2059 ctx.reset_frames(); 2060 _exception_type = vmSymbols::java_lang_VerifyError(); 2061 _error_context = ctx; 2062 va_list va; 2063 va_start(va, msg); 2064 ss.vprint(msg, va); 2065 va_end(va); 2066 _message = ss.as_string(); 2067 #ifdef ASSERT 2068 ResourceMark rm; 2069 const char* exception_name = _exception_type->as_C_string(); 2070 Exceptions::debug_check_abort(exception_name, NULL); 2071 #endif // ndef ASSERT 2072 } 2073 2074 void ClassVerifier::class_format_error(const char* msg, ...) { 2075 stringStream ss; 2076 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2077 va_list va; 2078 va_start(va, msg); 2079 ss.vprint(msg, va); 2080 va_end(va); 2081 if (!_method.is_null()) { 2082 ss.print(" in method '"); 2083 _method->print_external_name(&ss); 2084 ss.print("'"); 2085 } 2086 _message = ss.as_string(); 2087 } 2088 2089 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2090 HandleMark hm(THREAD); 2091 // Get current loader and protection domain first. 2092 oop loader = current_class()->class_loader(); 2093 oop protection_domain = current_class()->protection_domain(); 2094 2095 assert(name_in_supers(name, current_class()), "name should be a super class"); 2096 2097 Klass* kls = SystemDictionary::resolve_or_fail( 2098 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2099 true, THREAD); 2100 2101 if (kls != NULL) { 2102 if (log_is_enabled(Debug, class, resolve)) { 2103 Verifier::trace_class_resolution(kls, current_class()); 2104 } 2105 } 2106 return kls; 2107 } 2108 2109 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2110 Klass* target_class, 2111 Symbol* field_name, 2112 Symbol* field_sig, 2113 bool is_method) { 2114 NoSafepointVerifier nosafepoint; 2115 2116 // If target class isn't a super class of this class, we don't worry about this case 2117 if (!this_class->is_subclass_of(target_class)) { 2118 return false; 2119 } 2120 // Check if the specified method or field is protected 2121 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2122 fieldDescriptor fd; 2123 if (is_method) { 2124 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2125 if (m != NULL && m->is_protected()) { 2126 if (!this_class->is_same_class_package(m->method_holder())) { 2127 return true; 2128 } 2129 } 2130 } else { 2131 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2132 if (member_klass != NULL && fd.is_protected()) { 2133 if (!this_class->is_same_class_package(member_klass)) { 2134 return true; 2135 } 2136 } 2137 } 2138 return false; 2139 } 2140 2141 void ClassVerifier::verify_ldc( 2142 int opcode, u2 index, StackMapFrame* current_frame, 2143 const constantPoolHandle& cp, u2 bci, TRAPS) { 2144 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2145 constantTag tag = cp->tag_at(index); 2146 unsigned int types = 0; 2147 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2148 if (!tag.is_unresolved_klass()) { 2149 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2150 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2151 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2152 | (1 << JVM_CONSTANT_Dynamic); 2153 // Note: The class file parser already verified the legality of 2154 // MethodHandle and MethodType constants. 2155 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2156 } 2157 } else { 2158 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2159 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2160 | (1 << JVM_CONSTANT_Dynamic); 2161 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2162 } 2163 if (tag.is_string()) { 2164 current_frame->push_stack( 2165 VerificationType::reference_type( 2166 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2167 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2168 current_frame->push_stack( 2169 VerificationType::reference_type( 2170 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2171 } else if (tag.is_int()) { 2172 current_frame->push_stack( 2173 VerificationType::integer_type(), CHECK_VERIFY(this)); 2174 } else if (tag.is_float()) { 2175 current_frame->push_stack( 2176 VerificationType::float_type(), CHECK_VERIFY(this)); 2177 } else if (tag.is_double()) { 2178 current_frame->push_stack_2( 2179 VerificationType::double_type(), 2180 VerificationType::double2_type(), CHECK_VERIFY(this)); 2181 } else if (tag.is_long()) { 2182 current_frame->push_stack_2( 2183 VerificationType::long_type(), 2184 VerificationType::long2_type(), CHECK_VERIFY(this)); 2185 } else if (tag.is_method_handle()) { 2186 current_frame->push_stack( 2187 VerificationType::reference_type( 2188 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2189 } else if (tag.is_method_type()) { 2190 current_frame->push_stack( 2191 VerificationType::reference_type( 2192 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2193 } else if (tag.is_dynamic_constant()) { 2194 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2195 // Field signature was checked in ClassFileParser. 2196 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2197 "Invalid type for dynamic constant"); 2198 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2199 "buffer type must match VerificationType size"); 2200 uintptr_t constant_type_buffer[2]; 2201 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2202 SignatureStream sig_stream(constant_type, false); 2203 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2204 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2205 if (n != opcode_n) { 2206 // wrong kind of ldc; reverify against updated type mask 2207 types &= ~(1 << JVM_CONSTANT_Dynamic); 2208 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2209 } 2210 for (int i = 0; i < n; i++) { 2211 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2212 } 2213 } else { 2214 /* Unreachable? verify_cp_type has already validated the cp type. */ 2215 verify_error( 2216 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2217 return; 2218 } 2219 } 2220 2221 void ClassVerifier::verify_switch( 2222 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2223 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2224 int bci = bcs->bci(); 2225 address bcp = bcs->bcp(); 2226 address aligned_bcp = align_up(bcp + 1, jintSize); 2227 2228 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2229 // 4639449 & 4647081: padding bytes must be 0 2230 u2 padding_offset = 1; 2231 while ((bcp + padding_offset) < aligned_bcp) { 2232 if(*(bcp + padding_offset) != 0) { 2233 verify_error(ErrorContext::bad_code(bci), 2234 "Nonzero padding byte in lookupswitch or tableswitch"); 2235 return; 2236 } 2237 padding_offset++; 2238 } 2239 } 2240 2241 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2242 int keys, delta; 2243 current_frame->pop_stack( 2244 VerificationType::integer_type(), CHECK_VERIFY(this)); 2245 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2246 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2247 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2248 if (low > high) { 2249 verify_error(ErrorContext::bad_code(bci), 2250 "low must be less than or equal to high in tableswitch"); 2251 return; 2252 } 2253 keys = high - low + 1; 2254 if (keys < 0) { 2255 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2256 return; 2257 } 2258 delta = 1; 2259 } else { 2260 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2261 if (keys < 0) { 2262 verify_error(ErrorContext::bad_code(bci), 2263 "number of keys in lookupswitch less than 0"); 2264 return; 2265 } 2266 delta = 2; 2267 // Make sure that the lookupswitch items are sorted 2268 for (int i = 0; i < (keys - 1); i++) { 2269 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2270 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2271 if (this_key >= next_key) { 2272 verify_error(ErrorContext::bad_code(bci), 2273 "Bad lookupswitch instruction"); 2274 return; 2275 } 2276 } 2277 } 2278 int target = bci + default_offset; 2279 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2280 for (int i = 0; i < keys; i++) { 2281 // Because check_jump_target() may safepoint, the bytecode could have 2282 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2283 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2284 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2285 stackmap_table->check_jump_target( 2286 current_frame, target, CHECK_VERIFY(this)); 2287 } 2288 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2289 } 2290 2291 bool ClassVerifier::name_in_supers( 2292 Symbol* ref_name, InstanceKlass* current) { 2293 Klass* super = current->super(); 2294 while (super != NULL) { 2295 if (super->name() == ref_name) { 2296 return true; 2297 } 2298 super = super->super(); 2299 } 2300 return false; 2301 } 2302 2303 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2304 StackMapFrame* current_frame, 2305 const constantPoolHandle& cp, 2306 bool allow_arrays, 2307 TRAPS) { 2308 u2 index = bcs->get_index_u2(); 2309 verify_cp_type(bcs->bci(), index, cp, 2310 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2311 2312 // Get field name and signature 2313 Symbol* field_name = cp->name_ref_at(index); 2314 Symbol* field_sig = cp->signature_ref_at(index); 2315 bool is_getfield = false; 2316 2317 // Field signature was checked in ClassFileParser. 2318 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2319 "Invalid field signature"); 2320 2321 // Get referenced class type 2322 VerificationType ref_class_type = cp_ref_index_to_type( 2323 index, cp, CHECK_VERIFY(this)); 2324 if (!ref_class_type.is_object() && 2325 (!allow_arrays || !ref_class_type.is_array())) { 2326 verify_error(ErrorContext::bad_type(bcs->bci(), 2327 TypeOrigin::cp(index, ref_class_type)), 2328 "Expecting reference to class in class %s at constant pool index %d", 2329 _klass->external_name(), index); 2330 return; 2331 } 2332 VerificationType target_class_type = ref_class_type; 2333 2334 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2335 "buffer type must match VerificationType size"); 2336 uintptr_t field_type_buffer[2]; 2337 VerificationType* field_type = (VerificationType*)field_type_buffer; 2338 // If we make a VerificationType[2] array directly, the compiler calls 2339 // to the c-runtime library to do the allocation instead of just 2340 // stack allocating it. Plus it would run constructors. This shows up 2341 // in performance profiles. 2342 2343 SignatureStream sig_stream(field_sig, false); 2344 VerificationType stack_object_type; 2345 int n = change_sig_to_verificationType(&sig_stream, field_type); 2346 u2 bci = bcs->bci(); 2347 bool is_assignable; 2348 switch (bcs->raw_code()) { 2349 case Bytecodes::_getstatic: { 2350 for (int i = 0; i < n; i++) { 2351 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2352 } 2353 break; 2354 } 2355 case Bytecodes::_putstatic: { 2356 for (int i = n - 1; i >= 0; i--) { 2357 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2358 } 2359 break; 2360 } 2361 case Bytecodes::_getfield: { 2362 is_getfield = true; 2363 stack_object_type = current_frame->pop_stack( 2364 target_class_type, CHECK_VERIFY(this)); 2365 goto check_protected; 2366 } 2367 case Bytecodes::_putfield: { 2368 for (int i = n - 1; i >= 0; i--) { 2369 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2370 } 2371 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2372 2373 // The JVMS 2nd edition allows field initialization before the superclass 2374 // initializer, if the field is defined within the current class. 2375 fieldDescriptor fd; 2376 if (stack_object_type == VerificationType::uninitialized_this_type() && 2377 target_class_type.equals(current_type()) && 2378 _klass->find_local_field(field_name, field_sig, &fd)) { 2379 stack_object_type = current_type(); 2380 } 2381 is_assignable = target_class_type.is_assignable_from( 2382 stack_object_type, this, false, CHECK_VERIFY(this)); 2383 if (!is_assignable) { 2384 verify_error(ErrorContext::bad_type(bci, 2385 current_frame->stack_top_ctx(), 2386 TypeOrigin::cp(index, target_class_type)), 2387 "Bad type on operand stack in putfield"); 2388 return; 2389 } 2390 } 2391 check_protected: { 2392 if (_this_type == stack_object_type) 2393 break; // stack_object_type must be assignable to _current_class_type 2394 if (was_recursively_verified()) { 2395 if (is_getfield) { 2396 // Push field type for getfield. 2397 for (int i = 0; i < n; i++) { 2398 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2399 } 2400 } 2401 return; 2402 } 2403 Symbol* ref_class_name = 2404 cp->klass_name_at(cp->klass_ref_index_at(index)); 2405 if (!name_in_supers(ref_class_name, current_class())) 2406 // stack_object_type must be assignable to _current_class_type since: 2407 // 1. stack_object_type must be assignable to ref_class. 2408 // 2. ref_class must be _current_class or a subclass of it. It can't 2409 // be a superclass of it. See revised JVMS 5.4.4. 2410 break; 2411 2412 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2413 if (is_protected_access(current_class(), ref_class_oop, field_name, 2414 field_sig, false)) { 2415 // It's protected access, check if stack object is assignable to 2416 // current class. 2417 is_assignable = current_type().is_assignable_from( 2418 stack_object_type, this, true, CHECK_VERIFY(this)); 2419 if (!is_assignable) { 2420 verify_error(ErrorContext::bad_type(bci, 2421 current_frame->stack_top_ctx(), 2422 TypeOrigin::implicit(current_type())), 2423 "Bad access to protected data in %s", 2424 is_getfield ? "getfield" : "putfield"); 2425 return; 2426 } 2427 } 2428 break; 2429 } 2430 default: ShouldNotReachHere(); 2431 } 2432 if (is_getfield) { 2433 // Push field type for getfield after doing protection check. 2434 for (int i = 0; i < n; i++) { 2435 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2436 } 2437 } 2438 } 2439 2440 // Look at the method's handlers. If the bci is in the handler's try block 2441 // then check if the handler_pc is already on the stack. If not, push it 2442 // unless the handler has already been scanned. 2443 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2444 GrowableArray<u4>* handler_list, 2445 GrowableArray<u4>* handler_stack, 2446 u4 bci) { 2447 int exlength = exhandlers->length(); 2448 for(int x = 0; x < exlength; x++) { 2449 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2450 u4 exhandler_pc = exhandlers->handler_pc(x); 2451 if (!handler_list->contains(exhandler_pc)) { 2452 handler_stack->append_if_missing(exhandler_pc); 2453 handler_list->append(exhandler_pc); 2454 } 2455 } 2456 } 2457 } 2458 2459 // Return TRUE if all code paths starting with start_bc_offset end in 2460 // bytecode athrow or loop. 2461 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2462 ResourceMark rm; 2463 // Create bytecode stream. 2464 RawBytecodeStream bcs(method()); 2465 u4 code_length = method()->code_size(); 2466 bcs.set_start(start_bc_offset); 2467 u4 target; 2468 // Create stack for storing bytecode start offsets for if* and *switch. 2469 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2470 // Create stack for handlers for try blocks containing this handler. 2471 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2472 // Create list of handlers that have been pushed onto the handler_stack 2473 // so that handlers embedded inside of their own TRY blocks only get 2474 // scanned once. 2475 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2476 // Create list of visited branch opcodes (goto* and if*). 2477 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2478 ExceptionTable exhandlers(_method()); 2479 2480 while (true) { 2481 if (bcs.is_last_bytecode()) { 2482 // if no more starting offsets to parse or if at the end of the 2483 // method then return false. 2484 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2485 return false; 2486 // Pop a bytecode starting offset and scan from there. 2487 bcs.set_start(bci_stack->pop()); 2488 } 2489 Bytecodes::Code opcode = bcs.raw_next(); 2490 u4 bci = bcs.bci(); 2491 2492 // If the bytecode is in a TRY block, push its handlers so they 2493 // will get parsed. 2494 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2495 2496 switch (opcode) { 2497 case Bytecodes::_if_icmpeq: 2498 case Bytecodes::_if_icmpne: 2499 case Bytecodes::_if_icmplt: 2500 case Bytecodes::_if_icmpge: 2501 case Bytecodes::_if_icmpgt: 2502 case Bytecodes::_if_icmple: 2503 case Bytecodes::_ifeq: 2504 case Bytecodes::_ifne: 2505 case Bytecodes::_iflt: 2506 case Bytecodes::_ifge: 2507 case Bytecodes::_ifgt: 2508 case Bytecodes::_ifle: 2509 case Bytecodes::_if_acmpeq: 2510 case Bytecodes::_if_acmpne: 2511 case Bytecodes::_ifnull: 2512 case Bytecodes::_ifnonnull: 2513 target = bcs.dest(); 2514 if (visited_branches->contains(bci)) { 2515 if (bci_stack->is_empty()) { 2516 if (handler_stack->is_empty()) { 2517 return true; 2518 } else { 2519 // Parse the catch handlers for try blocks containing athrow. 2520 bcs.set_start(handler_stack->pop()); 2521 } 2522 } else { 2523 // Pop a bytecode starting offset and scan from there. 2524 bcs.set_start(bci_stack->pop()); 2525 } 2526 } else { 2527 if (target > bci) { // forward branch 2528 if (target >= code_length) return false; 2529 // Push the branch target onto the stack. 2530 bci_stack->push(target); 2531 // then, scan bytecodes starting with next. 2532 bcs.set_start(bcs.next_bci()); 2533 } else { // backward branch 2534 // Push bytecode offset following backward branch onto the stack. 2535 bci_stack->push(bcs.next_bci()); 2536 // Check bytecodes starting with branch target. 2537 bcs.set_start(target); 2538 } 2539 // Record target so we don't branch here again. 2540 visited_branches->append(bci); 2541 } 2542 break; 2543 2544 case Bytecodes::_goto: 2545 case Bytecodes::_goto_w: 2546 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2547 if (visited_branches->contains(bci)) { 2548 if (bci_stack->is_empty()) { 2549 if (handler_stack->is_empty()) { 2550 return true; 2551 } else { 2552 // Parse the catch handlers for try blocks containing athrow. 2553 bcs.set_start(handler_stack->pop()); 2554 } 2555 } else { 2556 // Been here before, pop new starting offset from stack. 2557 bcs.set_start(bci_stack->pop()); 2558 } 2559 } else { 2560 if (target >= code_length) return false; 2561 // Continue scanning from the target onward. 2562 bcs.set_start(target); 2563 // Record target so we don't branch here again. 2564 visited_branches->append(bci); 2565 } 2566 break; 2567 2568 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2569 // is difficult to determine where each switch alternative ends, parse 2570 // each switch alternative until either hit a 'return', 'athrow', or reach 2571 // the end of the method's bytecodes. This is gross but should be okay 2572 // because: 2573 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2574 // constructor invocations should be rare. 2575 // 2. if each switch alternative ends in an athrow then the parsing should be 2576 // short. If there is no athrow then it is bogus code, anyway. 2577 case Bytecodes::_lookupswitch: 2578 case Bytecodes::_tableswitch: 2579 { 2580 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2581 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2582 int keys, delta; 2583 if (opcode == Bytecodes::_tableswitch) { 2584 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2585 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2586 // This is invalid, but let the regular bytecode verifier 2587 // report this because the user will get a better error message. 2588 if (low > high) return true; 2589 keys = high - low + 1; 2590 delta = 1; 2591 } else { 2592 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2593 delta = 2; 2594 } 2595 // Invalid, let the regular bytecode verifier deal with it. 2596 if (keys < 0) return true; 2597 2598 // Push the offset of the next bytecode onto the stack. 2599 bci_stack->push(bcs.next_bci()); 2600 2601 // Push the switch alternatives onto the stack. 2602 for (int i = 0; i < keys; i++) { 2603 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2604 if (target > code_length) return false; 2605 bci_stack->push(target); 2606 } 2607 2608 // Start bytecode parsing for the switch at the default alternative. 2609 if (default_offset > code_length) return false; 2610 bcs.set_start(default_offset); 2611 break; 2612 } 2613 2614 case Bytecodes::_return: 2615 return false; 2616 2617 case Bytecodes::_athrow: 2618 { 2619 if (bci_stack->is_empty()) { 2620 if (handler_stack->is_empty()) { 2621 return true; 2622 } else { 2623 // Parse the catch handlers for try blocks containing athrow. 2624 bcs.set_start(handler_stack->pop()); 2625 } 2626 } else { 2627 // Pop a bytecode offset and starting scanning from there. 2628 bcs.set_start(bci_stack->pop()); 2629 } 2630 } 2631 break; 2632 2633 default: 2634 ; 2635 } // end switch 2636 } // end while loop 2637 2638 return false; 2639 } 2640 2641 void ClassVerifier::verify_invoke_init( 2642 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2643 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2644 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2645 TRAPS) { 2646 u2 bci = bcs->bci(); 2647 VerificationType type = current_frame->pop_stack( 2648 VerificationType::reference_check(), CHECK_VERIFY(this)); 2649 if (type == VerificationType::uninitialized_this_type()) { 2650 // The method must be an <init> method of this class or its superclass 2651 Klass* superk = current_class()->super(); 2652 if (ref_class_type.name() != current_class()->name() && 2653 ref_class_type.name() != superk->name()) { 2654 verify_error(ErrorContext::bad_type(bci, 2655 TypeOrigin::implicit(ref_class_type), 2656 TypeOrigin::implicit(current_type())), 2657 "Bad <init> method call"); 2658 return; 2659 } 2660 2661 // If this invokespecial call is done from inside of a TRY block then make 2662 // sure that all catch clause paths end in a throw. Otherwise, this can 2663 // result in returning an incomplete object. 2664 if (in_try_block) { 2665 ExceptionTable exhandlers(_method()); 2666 int exlength = exhandlers.length(); 2667 for(int i = 0; i < exlength; i++) { 2668 u2 start_pc = exhandlers.start_pc(i); 2669 u2 end_pc = exhandlers.end_pc(i); 2670 2671 if (bci >= start_pc && bci < end_pc) { 2672 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2673 verify_error(ErrorContext::bad_code(bci), 2674 "Bad <init> method call from after the start of a try block"); 2675 return; 2676 } else if (log_is_enabled(Debug, verification)) { 2677 ResourceMark rm(THREAD); 2678 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2679 current_class()->name()->as_C_string()); 2680 } 2681 } 2682 } 2683 2684 // Check the exception handler target stackmaps with the locals from the 2685 // incoming stackmap (before initialize_object() changes them to outgoing 2686 // state). 2687 if (was_recursively_verified()) return; 2688 verify_exception_handler_targets(bci, true, current_frame, 2689 stackmap_table, CHECK_VERIFY(this)); 2690 } // in_try_block 2691 2692 current_frame->initialize_object(type, current_type()); 2693 *this_uninit = true; 2694 } else if (type.is_uninitialized()) { 2695 u2 new_offset = type.bci(); 2696 address new_bcp = bcs->bcp() - bci + new_offset; 2697 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2698 /* Unreachable? Stack map parsing ensures valid type and new 2699 * instructions have a valid BCI. */ 2700 verify_error(ErrorContext::bad_code(new_offset), 2701 "Expecting new instruction"); 2702 return; 2703 } 2704 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2705 if (was_recursively_verified()) return; 2706 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2707 2708 // The method must be an <init> method of the indicated class 2709 VerificationType new_class_type = cp_index_to_type( 2710 new_class_index, cp, CHECK_VERIFY(this)); 2711 if (!new_class_type.equals(ref_class_type)) { 2712 verify_error(ErrorContext::bad_type(bci, 2713 TypeOrigin::cp(new_class_index, new_class_type), 2714 TypeOrigin::cp(ref_class_index, ref_class_type)), 2715 "Call to wrong <init> method"); 2716 return; 2717 } 2718 // According to the VM spec, if the referent class is a superclass of the 2719 // current class, and is in a different runtime package, and the method is 2720 // protected, then the objectref must be the current class or a subclass 2721 // of the current class. 2722 VerificationType objectref_type = new_class_type; 2723 if (name_in_supers(ref_class_type.name(), current_class())) { 2724 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2725 if (was_recursively_verified()) return; 2726 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2727 vmSymbols::object_initializer_name(), 2728 cp->signature_ref_at(bcs->get_index_u2()), 2729 Klass::OverpassLookupMode::find); 2730 // Do nothing if method is not found. Let resolution detect the error. 2731 if (m != NULL) { 2732 InstanceKlass* mh = m->method_holder(); 2733 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2734 bool assignable = current_type().is_assignable_from( 2735 objectref_type, this, true, CHECK_VERIFY(this)); 2736 if (!assignable) { 2737 verify_error(ErrorContext::bad_type(bci, 2738 TypeOrigin::cp(new_class_index, objectref_type), 2739 TypeOrigin::implicit(current_type())), 2740 "Bad access to protected <init> method"); 2741 return; 2742 } 2743 } 2744 } 2745 } 2746 // Check the exception handler target stackmaps with the locals from the 2747 // incoming stackmap (before initialize_object() changes them to outgoing 2748 // state). 2749 if (in_try_block) { 2750 if (was_recursively_verified()) return; 2751 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2752 stackmap_table, CHECK_VERIFY(this)); 2753 } 2754 current_frame->initialize_object(type, new_class_type); 2755 } else { 2756 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2757 "Bad operand type when invoking <init>"); 2758 return; 2759 } 2760 } 2761 2762 bool ClassVerifier::is_same_or_direct_interface( 2763 InstanceKlass* klass, 2764 VerificationType klass_type, 2765 VerificationType ref_class_type) { 2766 if (ref_class_type.equals(klass_type)) return true; 2767 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2768 if (local_interfaces != NULL) { 2769 for (int x = 0; x < local_interfaces->length(); x++) { 2770 InstanceKlass* k = local_interfaces->at(x); 2771 assert (k != NULL && k->is_interface(), "invalid interface"); 2772 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2773 return true; 2774 } 2775 } 2776 } 2777 return false; 2778 } 2779 2780 void ClassVerifier::verify_invoke_instructions( 2781 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2782 bool in_try_block, bool *this_uninit, VerificationType return_type, 2783 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2784 // Make sure the constant pool item is the right type 2785 u2 index = bcs->get_index_u2(); 2786 Bytecodes::Code opcode = bcs->raw_code(); 2787 unsigned int types = 0; 2788 switch (opcode) { 2789 case Bytecodes::_invokeinterface: 2790 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2791 break; 2792 case Bytecodes::_invokedynamic: 2793 types = 1 << JVM_CONSTANT_InvokeDynamic; 2794 break; 2795 case Bytecodes::_invokespecial: 2796 case Bytecodes::_invokestatic: 2797 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2798 (1 << JVM_CONSTANT_Methodref) : 2799 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2800 break; 2801 default: 2802 types = 1 << JVM_CONSTANT_Methodref; 2803 } 2804 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2805 2806 // Get method name and signature 2807 Symbol* method_name = cp->name_ref_at(index); 2808 Symbol* method_sig = cp->signature_ref_at(index); 2809 2810 // Method signature was checked in ClassFileParser. 2811 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2812 "Invalid method signature"); 2813 2814 // Get referenced class type 2815 VerificationType ref_class_type; 2816 if (opcode == Bytecodes::_invokedynamic) { 2817 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2818 class_format_error( 2819 "invokedynamic instructions not supported by this class file version (%d), class %s", 2820 _klass->major_version(), _klass->external_name()); 2821 return; 2822 } 2823 } else { 2824 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2825 } 2826 2827 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2828 "buffer type must match VerificationType size"); 2829 2830 // Get the UTF8 index for this signature. 2831 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index)); 2832 2833 // Get the signature's verification types. 2834 sig_as_verification_types* mth_sig_verif_types; 2835 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2836 if (mth_sig_verif_types_ptr != NULL) { 2837 // Found the entry for the signature's verification types in the hash table. 2838 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2839 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value"); 2840 } else { 2841 // Not found, add the entry to the table. 2842 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2843 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2844 create_method_sig_entry(mth_sig_verif_types, sig_index); 2845 } 2846 2847 // Get the number of arguments for this signature. 2848 int nargs = mth_sig_verif_types->num_args(); 2849 2850 // Check instruction operands 2851 u2 bci = bcs->bci(); 2852 if (opcode == Bytecodes::_invokeinterface) { 2853 address bcp = bcs->bcp(); 2854 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2855 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2856 // the difference between the size of the operand stack before and after the instruction 2857 // executes. 2858 if (*(bcp+3) != (nargs+1)) { 2859 verify_error(ErrorContext::bad_code(bci), 2860 "Inconsistent args count operand in invokeinterface"); 2861 return; 2862 } 2863 if (*(bcp+4) != 0) { 2864 verify_error(ErrorContext::bad_code(bci), 2865 "Fourth operand byte of invokeinterface must be zero"); 2866 return; 2867 } 2868 } 2869 2870 if (opcode == Bytecodes::_invokedynamic) { 2871 address bcp = bcs->bcp(); 2872 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2873 verify_error(ErrorContext::bad_code(bci), 2874 "Third and fourth operand bytes of invokedynamic must be zero"); 2875 return; 2876 } 2877 } 2878 2879 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2880 // Make sure <init> can only be invoked by invokespecial 2881 if (opcode != Bytecodes::_invokespecial || 2882 method_name != vmSymbols::object_initializer_name()) { 2883 verify_error(ErrorContext::bad_code(bci), 2884 "Illegal call to internal method"); 2885 return; 2886 } 2887 } else if (opcode == Bytecodes::_invokespecial 2888 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2889 && !ref_class_type.equals(VerificationType::reference_type( 2890 current_class()->super()->name()))) { 2891 bool subtype = false; 2892 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2893 subtype = ref_class_type.is_assignable_from( 2894 current_type(), this, false, CHECK_VERIFY(this)); 2895 if (!subtype) { 2896 verify_error(ErrorContext::bad_code(bci), 2897 "Bad invokespecial instruction: " 2898 "current class isn't assignable to reference class."); 2899 return; 2900 } else if (have_imr_indirect) { 2901 verify_error(ErrorContext::bad_code(bci), 2902 "Bad invokespecial instruction: " 2903 "interface method reference is in an indirect superinterface."); 2904 return; 2905 } 2906 2907 } 2908 2909 // Get the verification types for the method's arguments. 2910 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2911 assert(sig_verif_types != NULL, "Missing signature's array of verification types"); 2912 // Match method descriptor with operand stack 2913 // The arguments are on the stack in descending order. 2914 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2915 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2916 } 2917 2918 // Check objectref on operand stack 2919 if (opcode != Bytecodes::_invokestatic && 2920 opcode != Bytecodes::_invokedynamic) { 2921 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2922 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2923 code_length, in_try_block, this_uninit, cp, stackmap_table, 2924 CHECK_VERIFY(this)); 2925 if (was_recursively_verified()) return; 2926 } else { // other methods 2927 // Ensures that target class is assignable to method class. 2928 if (opcode == Bytecodes::_invokespecial) { 2929 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2930 } else if (opcode == Bytecodes::_invokevirtual) { 2931 VerificationType stack_object_type = 2932 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2933 if (current_type() != stack_object_type) { 2934 if (was_recursively_verified()) return; 2935 assert(cp->cache() == NULL, "not rewritten yet"); 2936 Symbol* ref_class_name = 2937 cp->klass_name_at(cp->klass_ref_index_at(index)); 2938 // See the comments in verify_field_instructions() for 2939 // the rationale behind this. 2940 if (name_in_supers(ref_class_name, current_class())) { 2941 Klass* ref_class = load_class(ref_class_name, CHECK); 2942 if (is_protected_access( 2943 _klass, ref_class, method_name, method_sig, true)) { 2944 // It's protected access, check if stack object is 2945 // assignable to current class. 2946 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2947 && stack_object_type.is_array() 2948 && method_name == vmSymbols::clone_name()) { 2949 // Special case: arrays pretend to implement public Object 2950 // clone(). 2951 } else { 2952 bool is_assignable = current_type().is_assignable_from( 2953 stack_object_type, this, true, CHECK_VERIFY(this)); 2954 if (!is_assignable) { 2955 verify_error(ErrorContext::bad_type(bci, 2956 current_frame->stack_top_ctx(), 2957 TypeOrigin::implicit(current_type())), 2958 "Bad access to protected data in invokevirtual"); 2959 return; 2960 } 2961 } 2962 } 2963 } 2964 } 2965 } else { 2966 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2967 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2968 } 2969 } 2970 } 2971 // Push the result type. 2972 int sig_verif_types_len = sig_verif_types->length(); 2973 if (sig_verif_types_len > nargs) { // There's a return type 2974 if (method_name == vmSymbols::object_initializer_name()) { 2975 // <init> method must have a void return type 2976 /* Unreachable? Class file parser verifies that methods with '<' have 2977 * void return */ 2978 verify_error(ErrorContext::bad_code(bci), 2979 "Return type must be void in <init> method"); 2980 return; 2981 } 2982 2983 assert(sig_verif_types_len <= nargs + 2, 2984 "Signature verification types array return type is bogus"); 2985 for (int i = nargs; i < sig_verif_types_len; i++) { 2986 assert(i == nargs || sig_verif_types->at(i).is_long2() || 2987 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 2988 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2989 } 2990 } 2991 } 2992 2993 VerificationType ClassVerifier::get_newarray_type( 2994 u2 index, u2 bci, TRAPS) { 2995 const char* from_bt[] = { 2996 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 2997 }; 2998 if (index < T_BOOLEAN || index > T_LONG) { 2999 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3000 return VerificationType::bogus_type(); 3001 } 3002 3003 // from_bt[index] contains the array signature which has a length of 2 3004 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3005 return VerificationType::reference_type(sig); 3006 } 3007 3008 void ClassVerifier::verify_anewarray( 3009 u2 bci, u2 index, const constantPoolHandle& cp, 3010 StackMapFrame* current_frame, TRAPS) { 3011 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3012 current_frame->pop_stack( 3013 VerificationType::integer_type(), CHECK_VERIFY(this)); 3014 3015 if (was_recursively_verified()) return; 3016 VerificationType component_type = 3017 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3018 int length; 3019 char* arr_sig_str; 3020 if (component_type.is_array()) { // it's an array 3021 const char* component_name = component_type.name()->as_utf8(); 3022 // Check for more than MAX_ARRAY_DIMENSIONS 3023 length = (int)strlen(component_name); 3024 if (length > MAX_ARRAY_DIMENSIONS && 3025 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3026 verify_error(ErrorContext::bad_code(bci), 3027 "Illegal anewarray instruction, array has more than 255 dimensions"); 3028 } 3029 // add one dimension to component 3030 length++; 3031 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3032 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3033 JVM_SIGNATURE_ARRAY, component_name); 3034 assert(n == length, "Unexpected number of characters in string"); 3035 } else { // it's an object or interface 3036 const char* component_name = component_type.name()->as_utf8(); 3037 // add one dimension to component with 'L' prepended and ';' postpended. 3038 length = (int)strlen(component_name) + 3; 3039 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3040 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3041 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3042 assert(n == length, "Unexpected number of characters in string"); 3043 } 3044 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3045 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3046 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3047 } 3048 3049 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3050 current_frame->get_local( 3051 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3052 current_frame->push_stack( 3053 VerificationType::integer_type(), CHECK_VERIFY(this)); 3054 } 3055 3056 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3057 current_frame->get_local_2( 3058 index, VerificationType::long_type(), 3059 VerificationType::long2_type(), CHECK_VERIFY(this)); 3060 current_frame->push_stack_2( 3061 VerificationType::long_type(), 3062 VerificationType::long2_type(), CHECK_VERIFY(this)); 3063 } 3064 3065 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3066 current_frame->get_local( 3067 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3068 current_frame->push_stack( 3069 VerificationType::float_type(), CHECK_VERIFY(this)); 3070 } 3071 3072 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3073 current_frame->get_local_2( 3074 index, VerificationType::double_type(), 3075 VerificationType::double2_type(), CHECK_VERIFY(this)); 3076 current_frame->push_stack_2( 3077 VerificationType::double_type(), 3078 VerificationType::double2_type(), CHECK_VERIFY(this)); 3079 } 3080 3081 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3082 VerificationType type = current_frame->get_local( 3083 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3084 current_frame->push_stack(type, CHECK_VERIFY(this)); 3085 } 3086 3087 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3088 current_frame->pop_stack( 3089 VerificationType::integer_type(), CHECK_VERIFY(this)); 3090 current_frame->set_local( 3091 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3092 } 3093 3094 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3095 current_frame->pop_stack_2( 3096 VerificationType::long2_type(), 3097 VerificationType::long_type(), CHECK_VERIFY(this)); 3098 current_frame->set_local_2( 3099 index, VerificationType::long_type(), 3100 VerificationType::long2_type(), CHECK_VERIFY(this)); 3101 } 3102 3103 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3104 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3105 current_frame->set_local( 3106 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3107 } 3108 3109 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3110 current_frame->pop_stack_2( 3111 VerificationType::double2_type(), 3112 VerificationType::double_type(), CHECK_VERIFY(this)); 3113 current_frame->set_local_2( 3114 index, VerificationType::double_type(), 3115 VerificationType::double2_type(), CHECK_VERIFY(this)); 3116 } 3117 3118 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3119 VerificationType type = current_frame->pop_stack( 3120 VerificationType::reference_check(), CHECK_VERIFY(this)); 3121 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3122 } 3123 3124 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3125 VerificationType type = current_frame->get_local( 3126 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3127 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3128 } 3129 3130 void ClassVerifier::verify_return_value( 3131 VerificationType return_type, VerificationType type, u2 bci, 3132 StackMapFrame* current_frame, TRAPS) { 3133 if (return_type == VerificationType::bogus_type()) { 3134 verify_error(ErrorContext::bad_type(bci, 3135 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3136 "Method does not expect a return value"); 3137 return; 3138 } 3139 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3140 if (!match) { 3141 verify_error(ErrorContext::bad_type(bci, 3142 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3143 "Bad return type"); 3144 return; 3145 } 3146 } 3147 3148 // The verifier creates symbols which are substrings of Symbols. 3149 // These are stored in the verifier until the end of verification so that 3150 // they can be reference counted. 3151 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3152 // Quick deduplication check 3153 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) { 3154 return _previous_symbol; 3155 } 3156 Symbol* sym = SymbolTable::new_symbol(name, length); 3157 if (!sym->is_permanent()) { 3158 if (_symbols == NULL) { 3159 _symbols = new GrowableArray<Symbol*>(50, 0, NULL); 3160 } 3161 _symbols->push(sym); 3162 } 3163 _previous_symbol = sym; 3164 return sym; 3165 }