1 /*
2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 void *lib_handle = nullptr;
90 // Load verify dll
91 if (is_vm_statically_linked()) {
92 lib_handle = os::get_default_process_handle();
93 } else {
94 char buffer[JVM_MAXPATHLEN];
95 char ebuf[1024];
96 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
97 return nullptr; // Caller will throw VerifyError
98
99 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
100 if (lib_handle == nullptr)
101 return nullptr; // Caller will throw VerifyError
102 }
103
104 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
105 if (fn == nullptr)
106 return nullptr; // Caller will throw VerifyError
107
108 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
109 }
110
111
112 // Methods in Verifier
113
114 // This method determines whether we run the verifier and class file format checking code.
115 bool Verifier::should_verify_for(oop class_loader) {
116 return class_loader == nullptr ?
117 BytecodeVerificationLocal : BytecodeVerificationRemote;
118 }
119
120 // This method determines whether we allow package access in access checks in reflection.
121 bool Verifier::relax_access_for(oop loader) {
122 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
123 bool need_verify =
124 // verifyAll
125 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
126 // verifyRemote
127 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
128 return !need_verify;
129 }
130
131 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
132 // or pass true for redefinition of any class.
133 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
134 Symbol* name = klass->name();
135
136 return (should_verify_class &&
137 // Can not verify the bytecodes for shared classes because they have
138 // already been rewritten to contain constant pool cache indices,
139 // which the verifier can't understand.
140 // Shared classes shouldn't have stackmaps either.
141 // However, bytecodes for shared old classes can be verified because
142 // they have not been rewritten.
143 !(klass->in_aot_cache() && klass->is_rewritten()));
144 }
145
146 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
147 assert(verify_class != nullptr, "Unexpected null verify_class");
148 ResourceMark rm;
149 Symbol* s = verify_class->source_file_name();
150 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
151 const char* verify = verify_class->external_name();
152 const char* resolve = resolve_class->external_name();
153 // print in a single call to reduce interleaving between threads
154 if (source_file != nullptr) {
155 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
156 } else {
157 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
158 }
159 }
160
161 // Prints the end-verification message to the appropriate output.
162 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
163 if (pending_exception != nullptr) {
164 st->print("Verification for %s has", klassName);
165 oop message = java_lang_Throwable::message(pending_exception);
166 if (message != nullptr) {
167 char* ex_msg = java_lang_String::as_utf8_string(message);
168 st->print_cr(" exception pending '%s %s'",
169 pending_exception->klass()->external_name(), ex_msg);
170 } else {
171 st->print_cr(" exception pending %s ",
172 pending_exception->klass()->external_name());
173 }
174 } else if (exception_name != nullptr) {
175 st->print_cr("Verification for %s failed", klassName);
176 }
177 st->print_cr("End class verification for: %s", klassName);
178 }
179
180 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
181 HandleMark hm(THREAD);
182 ResourceMark rm(THREAD);
183
184 // Eagerly allocate the identity hash code for a klass. This is a fallout
185 // from 6320749 and 8059924: hash code generator is not supposed to be called
186 // during the safepoint, but it allows to sneak the hashcode in during
187 // verification. Without this eager hashcode generation, we may end up
188 // installing the hashcode during some other operation, which may be at
189 // safepoint -- blowing up the checks. It was previously done as the side
190 // effect (sic!) for external_name(), but instead of doing that, we opt to
191 // explicitly push the hashcode in here. This is signify the following block
192 // is IMPORTANT:
193 if (klass->java_mirror() != nullptr) {
194 klass->java_mirror()->identity_hash();
195 }
196
197 if (!is_eligible_for_verification(klass, should_verify_class)) {
198 return true;
199 }
200
201 // Timer includes any side effects of class verification (resolution,
202 // etc), but not recursive calls to Verifier::verify().
203 JavaThread* jt = THREAD;
204 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
205 ClassLoader::perf_class_verify_selftime(),
206 ClassLoader::perf_classes_verified(),
207 jt->get_thread_stat()->perf_recursion_counts_addr(),
208 jt->get_thread_stat()->perf_timers_addr(),
209 PerfClassTraceTime::CLASS_VERIFY);
210
211 // If the class should be verified, first see if we can use the split
212 // verifier. If not, or if verification fails and can failover, then
213 // call the inference verifier.
214 Symbol* exception_name = nullptr;
215 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
216 char* message_buffer = nullptr;
217 char* exception_message = nullptr;
218
219 log_info(class, init)("Start class verification for: %s", klass->external_name());
220 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
221 ClassVerifier split_verifier(jt, klass);
222 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
223 split_verifier.verify_class(THREAD);
224 exception_name = split_verifier.result();
225
226 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
227 // the class will be excluded from the archive anyway.
228 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
229 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
230
231 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
232 (exception_name == vmSymbols::java_lang_VerifyError() ||
233 exception_name == vmSymbols::java_lang_ClassFormatError())) {
234 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
235 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
236 #if INCLUDE_CDS
237 // Exclude any classes that are verified with the old verifier, as the old verifier
238 // doesn't call SystemDictionaryShared::add_verification_constraint()
239 if (CDSConfig::is_dumping_archive()) {
240 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
241 SystemDictionaryShared::set_excluded(klass);
242 }
243 #endif
244 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
245 exception_message = message_buffer;
246 exception_name = inference_verify(
247 klass, message_buffer, message_buffer_len, THREAD);
248 }
249 if (exception_name != nullptr) {
250 exception_message = split_verifier.exception_message();
251 }
252 } else {
253 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
254 exception_message = message_buffer;
255 exception_name = inference_verify(
256 klass, message_buffer, message_buffer_len, THREAD);
257 }
258
259 LogTarget(Info, class, init) lt1;
260 if (lt1.is_enabled()) {
261 LogStream ls(lt1);
262 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
263 }
264 LogTarget(Info, verification) lt2;
265 if (lt2.is_enabled()) {
266 LogStream ls(lt2);
267 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
268 }
269
270 if (HAS_PENDING_EXCEPTION) {
271 return false; // use the existing exception
272 } else if (exception_name == nullptr) {
273 return true; // verification succeeded
274 } else { // VerifyError or ClassFormatError to be created and thrown
275 Klass* kls =
276 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
277 if (log_is_enabled(Debug, class, resolve)) {
278 Verifier::trace_class_resolution(kls, klass);
279 }
280
281 while (kls != nullptr) {
282 if (kls == klass) {
283 // If the class being verified is the exception we're creating
284 // or one of it's superclasses, we're in trouble and are going
285 // to infinitely recurse when we try to initialize the exception.
286 // So bail out here by throwing the preallocated VM error.
287 THROW_OOP_(Universe::internal_error_instance(), false);
288 }
289 kls = kls->super();
290 }
291 if (message_buffer != nullptr) {
292 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
293 }
294 assert(exception_message != nullptr, "");
295 THROW_MSG_(exception_name, exception_message, false);
296 }
297 }
298
299 Symbol* Verifier::inference_verify(
300 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
301 JavaThread* thread = THREAD;
302
303 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
304
305 if (verify_func == nullptr) {
306 jio_snprintf(message, message_len, "Could not link verifier");
307 return vmSymbols::java_lang_VerifyError();
308 }
309
310 ResourceMark rm(thread);
311 log_info(verification)("Verifying class %s with old format", klass->external_name());
312
313 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
314 jint result;
315
316 {
317 HandleMark hm(thread);
318 ThreadToNativeFromVM ttn(thread);
319 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
320 // code knows that we have left the VM
321 JNIEnv *env = thread->jni_environment();
322 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
323 }
324
325 JNIHandles::destroy_local(cls);
326
327 // These numbers are chosen so that VerifyClassCodes interface doesn't need
328 // to be changed (still return jboolean (unsigned char)), and result is
329 // 1 when verification is passed.
330 if (result == 0) {
331 return vmSymbols::java_lang_VerifyError();
332 } else if (result == 1) {
333 return nullptr; // verified.
334 } else if (result == 2) {
335 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
336 } else if (result == 3) {
337 return vmSymbols::java_lang_ClassFormatError();
338 } else {
339 ShouldNotReachHere();
340 return nullptr;
341 }
342 }
343
344 TypeOrigin TypeOrigin::null() {
345 return TypeOrigin();
346 }
347 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
348 assert(frame != nullptr, "Must have a frame");
349 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
350 frame->local_at(index));
351 }
352 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
353 assert(frame != nullptr, "Must have a frame");
354 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
355 frame->stack_at(index));
356 }
357 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
358 assert(frame != nullptr, "Must have a frame");
359 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
360 frame->local_at(index));
361 }
362 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
363 assert(frame != nullptr, "Must have a frame");
364 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
365 frame->stack_at(index));
366 }
367 TypeOrigin TypeOrigin::bad_index(int index) {
368 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
369 }
370 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
371 return TypeOrigin(CONST_POOL, index, nullptr, vt);
372 }
373 TypeOrigin TypeOrigin::signature(VerificationType vt) {
374 return TypeOrigin(SIG, 0, nullptr, vt);
375 }
376 TypeOrigin TypeOrigin::implicit(VerificationType t) {
377 return TypeOrigin(IMPLICIT, 0, nullptr, t);
378 }
379 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
380 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
381 VerificationType::bogus_type());
382 }
383
384 void TypeOrigin::reset_frame() {
385 if (_frame != nullptr) {
386 _frame->restore();
387 }
388 }
389
390 void TypeOrigin::details(outputStream* ss) const {
391 _type.print_on(ss);
392 switch (_origin) {
393 case CF_LOCALS:
394 ss->print(" (current frame, locals[%d])", _index);
395 break;
396 case CF_STACK:
397 ss->print(" (current frame, stack[%d])", _index);
398 break;
399 case SM_LOCALS:
400 ss->print(" (stack map, locals[%d])", _index);
401 break;
402 case SM_STACK:
403 ss->print(" (stack map, stack[%d])", _index);
404 break;
405 case CONST_POOL:
406 ss->print(" (constant pool %d)", _index);
407 break;
408 case SIG:
409 ss->print(" (from method signature)");
410 break;
411 case IMPLICIT:
412 case FRAME_ONLY:
413 case NONE:
414 default:
415 ;
416 }
417 }
418
419 #ifdef ASSERT
420 void TypeOrigin::print_on(outputStream* str) const {
421 str->print("{%d,%d,%p:", _origin, _index, _frame);
422 if (_frame != nullptr) {
423 _frame->print_on(str);
424 } else {
425 str->print("null");
426 }
427 str->print(",");
428 _type.print_on(str);
429 str->print("}");
430 }
431 #endif
432
433 void ErrorContext::details(outputStream* ss, const Method* method) const {
434 if (is_valid()) {
435 ss->cr();
436 ss->print_cr("Exception Details:");
437 location_details(ss, method);
438 reason_details(ss);
439 frame_details(ss);
440 bytecode_details(ss, method);
441 handler_details(ss, method);
442 stackmap_details(ss, method);
443 }
444 }
445
446 void ErrorContext::reason_details(outputStream* ss) const {
447 StreamIndentor si(ss, 2);
448 ss->print_cr("Reason:");
449
450 StreamIndentor si2(ss, 2);
451 switch (_fault) {
452 case INVALID_BYTECODE:
453 ss->print("Error exists in the bytecode");
454 break;
455 case WRONG_TYPE:
456 if (_expected.is_valid()) {
457 ss->print("Type ");
458 _type.details(ss);
459 ss->print(" is not assignable to ");
460 _expected.details(ss);
461 } else {
462 ss->print("Invalid type: ");
463 _type.details(ss);
464 }
465 break;
466 case FLAGS_MISMATCH:
467 if (_expected.is_valid()) {
468 ss->print("Current frame's flags are not assignable "
469 "to stack map frame's.");
470 } else {
471 ss->print("Current frame's flags are invalid in this context.");
472 }
473 break;
474 case BAD_CP_INDEX:
475 ss->print("Constant pool index %d is invalid", _type.index());
476 break;
477 case BAD_LOCAL_INDEX:
478 ss->print("Local index %d is invalid", _type.index());
479 break;
480 case LOCALS_SIZE_MISMATCH:
481 ss->print("Current frame's local size doesn't match stackmap.");
482 break;
483 case STACK_SIZE_MISMATCH:
484 ss->print("Current frame's stack size doesn't match stackmap.");
485 break;
486 case STACK_OVERFLOW:
487 ss->print("Exceeded max stack size.");
488 break;
489 case STACK_UNDERFLOW:
490 ss->print("Attempt to pop empty stack.");
491 break;
492 case MISSING_STACKMAP:
493 ss->print("Expected stackmap frame at this location.");
494 break;
495 case BAD_STACKMAP:
496 ss->print("Invalid stackmap specification.");
497 break;
498 case UNKNOWN:
499 default:
500 ShouldNotReachHere();
501 ss->print_cr("Unknown");
502 }
503 ss->cr();
504 }
505
506 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
507 if (_bci != -1 && method != nullptr) {
508 const char* bytecode_name = "<invalid>";
509 if (method->validate_bci(_bci) != -1) {
510 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
511 if (Bytecodes::is_defined(code)) {
512 bytecode_name = Bytecodes::name(code);
513 } else {
514 bytecode_name = "<illegal>";
515 }
516 }
517 InstanceKlass* ik = method->method_holder();
518
519 StreamIndentor si(ss, 2);
520 ss->print_cr("Location:");
521
522 StreamIndentor si2(ss, 2);
523 ss->print_cr("%s.%s%s @%d: %s",
524 ik->name()->as_C_string(), method->name()->as_C_string(),
525 method->signature()->as_C_string(), _bci, bytecode_name);
526 }
527 }
528
529 void ErrorContext::frame_details(outputStream* ss) const {
530 StreamIndentor si(ss, 2);
531 if (_type.is_valid() && _type.frame() != nullptr) {
532 ss->print_cr("Current Frame:");
533 StreamIndentor si2(ss, 2);
534 _type.frame()->print_on(ss);
535 }
536 if (_expected.is_valid() && _expected.frame() != nullptr) {
537 ss->print_cr("Stackmap Frame:");
538 StreamIndentor si2(ss, 2);
539 _expected.frame()->print_on(ss);
540 }
541 }
542
543 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
544 if (method != nullptr) {
545 StreamIndentor si(ss, 2);
546 ss->print_cr("Bytecode:");
547 StreamIndentor si2(ss, 2);
548 ss->print_data(method->code_base(), method->code_size(), false);
549 }
550 }
551
552 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
553 if (method != nullptr) {
554 StreamIndentor si(ss, 2);
555
556 ExceptionTable table(method);
557 if (table.length() > 0) {
558 ss->print_cr("Exception Handler Table:");
559 StreamIndentor si2(ss, 2);
560 for (int i = 0; i < table.length(); ++i) {
561 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
562 table.end_pc(i), table.handler_pc(i));
563 }
564 }
565 }
566 }
567
568 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
569 if (method != nullptr && method->has_stackmap_table()) {
570 StreamIndentor si(ss, 2);
571 ss->print_cr("Stackmap Table:");
572 Array<u1>* data = method->stackmap_data();
573 stack_map_table* sm_table =
574 stack_map_table::at((address)data->adr_at(0));
575 stack_map_frame* sm_frame = sm_table->entries();
576 StreamIndentor si2(ss, 2);
577 int current_offset = -1;
578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
580 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
581 sm_frame->print_truncated(ss, current_offset);
582 return;
583 }
584 sm_frame->print_on(ss, current_offset);
585 ss->cr();
586 current_offset += sm_frame->offset_delta();
587 sm_frame = sm_frame->next();
588 }
589 }
590 }
591
592 // Methods in ClassVerifier
593
594 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
595 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
596 _message(nullptr), _klass(klass) {
597 _this_type = VerificationType::reference_type(klass->name());
598 }
599
600 ClassVerifier::~ClassVerifier() {
601 // Decrement the reference count for any symbols created.
602 if (_symbols != nullptr) {
603 for (int i = 0; i < _symbols->length(); i++) {
604 Symbol* s = _symbols->at(i);
605 s->decrement_refcount();
606 }
607 }
608 }
609
610 VerificationType ClassVerifier::object_type() const {
611 return VerificationType::reference_type(vmSymbols::java_lang_Object());
612 }
613
614 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
615 VerificationType vt = VerificationType::reference_type(
616 create_temporary_symbol(sig, (int)strlen(sig)));
617 return TypeOrigin::implicit(vt);
618 }
619
620
621 void ClassVerifier::verify_class(TRAPS) {
622 log_info(verification)("Verifying class %s with new format", _klass->external_name());
623
624 // Either verifying both local and remote classes or just remote classes.
625 assert(BytecodeVerificationRemote, "Should not be here");
626
627 Array<Method*>* methods = _klass->methods();
628 int num_methods = methods->length();
629
630 for (int index = 0; index < num_methods; index++) {
631 // Check for recursive re-verification before each method.
632 if (was_recursively_verified()) return;
633
634 Method* m = methods->at(index);
635 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
636 // If m is native or abstract, skip it. It is checked in class file
637 // parser that methods do not override a final method. Overpass methods
638 // are trusted since the VM generates them.
639 continue;
640 }
641 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
642 }
643
644 if (was_recursively_verified()){
645 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
646 log_info(class, init)("Recursive verification detected for: %s",
647 _klass->external_name());
648 }
649 }
650
651 // Translate the signature entries into verification types and save them in
652 // the growable array. Also, save the count of arguments.
653 void ClassVerifier::translate_signature(Symbol* const method_sig,
654 sig_as_verification_types* sig_verif_types) {
655 SignatureStream sig_stream(method_sig);
656 VerificationType sig_type[2];
657 int sig_i = 0;
658 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
659
660 // Translate the signature arguments into verification types.
661 while (!sig_stream.at_return_type()) {
662 int n = change_sig_to_verificationType(&sig_stream, sig_type);
663 assert(n <= 2, "Unexpected signature type");
664
665 // Store verification type(s). Longs and Doubles each have two verificationTypes.
666 for (int x = 0; x < n; x++) {
667 verif_types->push(sig_type[x]);
668 }
669 sig_i += n;
670 sig_stream.next();
671 }
672
673 // Set final arg count, not including the return type. The final arg count will
674 // be compared with sig_verify_types' length to see if there is a return type.
675 sig_verif_types->set_num_args(sig_i);
676
677 // Store verification type(s) for the return type, if there is one.
678 if (sig_stream.type() != T_VOID) {
679 int n = change_sig_to_verificationType(&sig_stream, sig_type);
680 assert(n <= 2, "Unexpected signature return type");
681 for (int y = 0; y < n; y++) {
682 verif_types->push(sig_type[y]);
683 }
684 }
685 }
686
687 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
688 int sig_index) {
689 // Translate the signature into verification types.
690 ConstantPool* cp = _klass->constants();
691 Symbol* const method_sig = cp->symbol_at(sig_index);
692 translate_signature(method_sig, sig_verif_types);
693
694 // Add the list of this signature's verification types to the table.
695 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
696 assert(is_unique, "Duplicate entries in method_signature_table");
697 }
698
699 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
700 HandleMark hm(THREAD);
701 _method = m; // initialize _method
702 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
703
704 // For clang, the only good constant format string is a literal constant format string.
705 #define bad_type_msg "Bad type on operand stack in %s"
706
707 u2 max_stack = m->verifier_max_stack();
708 u2 max_locals = m->max_locals();
709 constantPoolHandle cp(THREAD, m->constants());
710
711 // Method signature was checked in ClassFileParser.
712 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
713 "Invalid method signature");
714
715 // Initial stack map frame: offset is 0, stack is initially empty.
716 StackMapFrame current_frame(max_locals, max_stack, this);
717 // Set initial locals
718 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
719
720 u2 stackmap_index = 0; // index to the stackmap array
721
722 u4 code_length = m->code_size();
723
724 // Scan the bytecode and map each instruction's start offset to a number.
725 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
726
727 int ex_min = code_length;
728 int ex_max = -1;
729 // Look through each item on the exception table. Each of the fields must refer
730 // to a legal instruction.
731 if (was_recursively_verified()) return;
732 verify_exception_handler_table(
733 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
734
735 // Look through each entry on the local variable table and make sure
736 // its range of code array offsets is valid. (4169817)
737 if (m->has_localvariable_table()) {
738 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
739 }
740
741 Array<u1>* stackmap_data = m->stackmap_data();
742 StackMapStream stream(stackmap_data);
743 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
744 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
745
746 LogTarget(Debug, verification) lt;
747 if (lt.is_enabled()) {
748 LogStream ls(lt);
749 stackmap_table.print_on(&ls);
750 }
751
752 RawBytecodeStream bcs(m);
753
754 // Scan the byte code linearly from the start to the end
755 bool no_control_flow = false; // Set to true when there is no direct control
756 // flow from current instruction to the next
757 // instruction in sequence
758
759 Bytecodes::Code opcode;
760 while (!bcs.is_last_bytecode()) {
761 // Check for recursive re-verification before each bytecode.
762 if (was_recursively_verified()) return;
763
764 opcode = bcs.raw_next();
765 int bci = bcs.bci();
766
767 // Set current frame's offset to bci
768 current_frame.set_offset(bci);
769 current_frame.set_mark();
770
771 // Make sure every offset in stackmap table point to the beginning to
772 // an instruction. Match current_frame to stackmap_table entry with
773 // the same offset if exists.
774 stackmap_index = verify_stackmap_table(
775 stackmap_index, bci, ¤t_frame, &stackmap_table,
776 no_control_flow, CHECK_VERIFY(this));
777
778
779 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
780 bool verified_exc_handlers = false;
781
782 // Merge with the next instruction
783 {
784 VerificationType type, type2;
785 VerificationType atype;
786
787 LogTarget(Debug, verification) lt;
788 if (lt.is_enabled()) {
789 LogStream ls(lt);
790 current_frame.print_on(&ls);
791 lt.print("offset = %d, opcode = %s", bci,
792 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
793 }
794
795 // Make sure wide instruction is in correct format
796 if (bcs.is_wide()) {
797 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
798 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
799 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
800 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
801 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
802 opcode != Bytecodes::_dstore) {
803 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
804 * if we encounter a wide instruction that modifies an invalid
805 * opcode (not one of the ones listed above) */
806 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
807 return;
808 }
809 }
810
811 // Look for possible jump target in exception handlers and see if it
812 // matches current_frame. Do this check here for astore*, dstore*,
813 // fstore*, istore*, and lstore* opcodes because they can change the type
814 // state by adding a local. JVM Spec says that the incoming type state
815 // should be used for this check. So, do the check here before a possible
816 // local is added to the type state.
817 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
818 if (was_recursively_verified()) return;
819 verify_exception_handler_targets(
820 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
821 verified_exc_handlers = true;
822 }
823
824 if (was_recursively_verified()) return;
825
826 switch (opcode) {
827 case Bytecodes::_nop :
828 no_control_flow = false; break;
829 case Bytecodes::_aconst_null :
830 current_frame.push_stack(
831 VerificationType::null_type(), CHECK_VERIFY(this));
832 no_control_flow = false; break;
833 case Bytecodes::_iconst_m1 :
834 case Bytecodes::_iconst_0 :
835 case Bytecodes::_iconst_1 :
836 case Bytecodes::_iconst_2 :
837 case Bytecodes::_iconst_3 :
838 case Bytecodes::_iconst_4 :
839 case Bytecodes::_iconst_5 :
840 current_frame.push_stack(
841 VerificationType::integer_type(), CHECK_VERIFY(this));
842 no_control_flow = false; break;
843 case Bytecodes::_lconst_0 :
844 case Bytecodes::_lconst_1 :
845 current_frame.push_stack_2(
846 VerificationType::long_type(),
847 VerificationType::long2_type(), CHECK_VERIFY(this));
848 no_control_flow = false; break;
849 case Bytecodes::_fconst_0 :
850 case Bytecodes::_fconst_1 :
851 case Bytecodes::_fconst_2 :
852 current_frame.push_stack(
853 VerificationType::float_type(), CHECK_VERIFY(this));
854 no_control_flow = false; break;
855 case Bytecodes::_dconst_0 :
856 case Bytecodes::_dconst_1 :
857 current_frame.push_stack_2(
858 VerificationType::double_type(),
859 VerificationType::double2_type(), CHECK_VERIFY(this));
860 no_control_flow = false; break;
861 case Bytecodes::_sipush :
862 case Bytecodes::_bipush :
863 current_frame.push_stack(
864 VerificationType::integer_type(), CHECK_VERIFY(this));
865 no_control_flow = false; break;
866 case Bytecodes::_ldc :
867 verify_ldc(
868 opcode, bcs.get_index_u1(), ¤t_frame,
869 cp, bci, CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 case Bytecodes::_ldc_w :
872 case Bytecodes::_ldc2_w :
873 verify_ldc(
874 opcode, bcs.get_index_u2(), ¤t_frame,
875 cp, bci, CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_iload :
878 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
879 no_control_flow = false; break;
880 case Bytecodes::_iload_0 :
881 case Bytecodes::_iload_1 :
882 case Bytecodes::_iload_2 :
883 case Bytecodes::_iload_3 : {
884 int index = opcode - Bytecodes::_iload_0;
885 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
886 no_control_flow = false; break;
887 }
888 case Bytecodes::_lload :
889 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
890 no_control_flow = false; break;
891 case Bytecodes::_lload_0 :
892 case Bytecodes::_lload_1 :
893 case Bytecodes::_lload_2 :
894 case Bytecodes::_lload_3 : {
895 int index = opcode - Bytecodes::_lload_0;
896 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
897 no_control_flow = false; break;
898 }
899 case Bytecodes::_fload :
900 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_fload_0 :
903 case Bytecodes::_fload_1 :
904 case Bytecodes::_fload_2 :
905 case Bytecodes::_fload_3 : {
906 int index = opcode - Bytecodes::_fload_0;
907 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
908 no_control_flow = false; break;
909 }
910 case Bytecodes::_dload :
911 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_dload_0 :
914 case Bytecodes::_dload_1 :
915 case Bytecodes::_dload_2 :
916 case Bytecodes::_dload_3 : {
917 int index = opcode - Bytecodes::_dload_0;
918 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
919 no_control_flow = false; break;
920 }
921 case Bytecodes::_aload :
922 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
923 no_control_flow = false; break;
924 case Bytecodes::_aload_0 :
925 case Bytecodes::_aload_1 :
926 case Bytecodes::_aload_2 :
927 case Bytecodes::_aload_3 : {
928 int index = opcode - Bytecodes::_aload_0;
929 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
930 no_control_flow = false; break;
931 }
932 case Bytecodes::_iaload :
933 type = current_frame.pop_stack(
934 VerificationType::integer_type(), CHECK_VERIFY(this));
935 atype = current_frame.pop_stack(
936 VerificationType::reference_check(), CHECK_VERIFY(this));
937 if (!atype.is_int_array()) {
938 verify_error(ErrorContext::bad_type(bci,
939 current_frame.stack_top_ctx(), ref_ctx("[I")),
940 bad_type_msg, "iaload");
941 return;
942 }
943 current_frame.push_stack(
944 VerificationType::integer_type(), CHECK_VERIFY(this));
945 no_control_flow = false; break;
946 case Bytecodes::_baload :
947 type = current_frame.pop_stack(
948 VerificationType::integer_type(), CHECK_VERIFY(this));
949 atype = current_frame.pop_stack(
950 VerificationType::reference_check(), CHECK_VERIFY(this));
951 if (!atype.is_bool_array() && !atype.is_byte_array()) {
952 verify_error(
953 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
954 bad_type_msg, "baload");
955 return;
956 }
957 current_frame.push_stack(
958 VerificationType::integer_type(), CHECK_VERIFY(this));
959 no_control_flow = false; break;
960 case Bytecodes::_caload :
961 type = current_frame.pop_stack(
962 VerificationType::integer_type(), CHECK_VERIFY(this));
963 atype = current_frame.pop_stack(
964 VerificationType::reference_check(), CHECK_VERIFY(this));
965 if (!atype.is_char_array()) {
966 verify_error(ErrorContext::bad_type(bci,
967 current_frame.stack_top_ctx(), ref_ctx("[C")),
968 bad_type_msg, "caload");
969 return;
970 }
971 current_frame.push_stack(
972 VerificationType::integer_type(), CHECK_VERIFY(this));
973 no_control_flow = false; break;
974 case Bytecodes::_saload :
975 type = current_frame.pop_stack(
976 VerificationType::integer_type(), CHECK_VERIFY(this));
977 atype = current_frame.pop_stack(
978 VerificationType::reference_check(), CHECK_VERIFY(this));
979 if (!atype.is_short_array()) {
980 verify_error(ErrorContext::bad_type(bci,
981 current_frame.stack_top_ctx(), ref_ctx("[S")),
982 bad_type_msg, "saload");
983 return;
984 }
985 current_frame.push_stack(
986 VerificationType::integer_type(), CHECK_VERIFY(this));
987 no_control_flow = false; break;
988 case Bytecodes::_laload :
989 type = current_frame.pop_stack(
990 VerificationType::integer_type(), CHECK_VERIFY(this));
991 atype = current_frame.pop_stack(
992 VerificationType::reference_check(), CHECK_VERIFY(this));
993 if (!atype.is_long_array()) {
994 verify_error(ErrorContext::bad_type(bci,
995 current_frame.stack_top_ctx(), ref_ctx("[J")),
996 bad_type_msg, "laload");
997 return;
998 }
999 current_frame.push_stack_2(
1000 VerificationType::long_type(),
1001 VerificationType::long2_type(), CHECK_VERIFY(this));
1002 no_control_flow = false; break;
1003 case Bytecodes::_faload :
1004 type = current_frame.pop_stack(
1005 VerificationType::integer_type(), CHECK_VERIFY(this));
1006 atype = current_frame.pop_stack(
1007 VerificationType::reference_check(), CHECK_VERIFY(this));
1008 if (!atype.is_float_array()) {
1009 verify_error(ErrorContext::bad_type(bci,
1010 current_frame.stack_top_ctx(), ref_ctx("[F")),
1011 bad_type_msg, "faload");
1012 return;
1013 }
1014 current_frame.push_stack(
1015 VerificationType::float_type(), CHECK_VERIFY(this));
1016 no_control_flow = false; break;
1017 case Bytecodes::_daload :
1018 type = current_frame.pop_stack(
1019 VerificationType::integer_type(), CHECK_VERIFY(this));
1020 atype = current_frame.pop_stack(
1021 VerificationType::reference_check(), CHECK_VERIFY(this));
1022 if (!atype.is_double_array()) {
1023 verify_error(ErrorContext::bad_type(bci,
1024 current_frame.stack_top_ctx(), ref_ctx("[D")),
1025 bad_type_msg, "daload");
1026 return;
1027 }
1028 current_frame.push_stack_2(
1029 VerificationType::double_type(),
1030 VerificationType::double2_type(), CHECK_VERIFY(this));
1031 no_control_flow = false; break;
1032 case Bytecodes::_aaload : {
1033 type = current_frame.pop_stack(
1034 VerificationType::integer_type(), CHECK_VERIFY(this));
1035 atype = current_frame.pop_stack(
1036 VerificationType::reference_check(), CHECK_VERIFY(this));
1037 if (!atype.is_reference_array()) {
1038 verify_error(ErrorContext::bad_type(bci,
1039 current_frame.stack_top_ctx(),
1040 TypeOrigin::implicit(VerificationType::reference_check())),
1041 bad_type_msg, "aaload");
1042 return;
1043 }
1044 if (atype.is_null()) {
1045 current_frame.push_stack(
1046 VerificationType::null_type(), CHECK_VERIFY(this));
1047 } else {
1048 VerificationType component = atype.get_component(this);
1049 current_frame.push_stack(component, CHECK_VERIFY(this));
1050 }
1051 no_control_flow = false; break;
1052 }
1053 case Bytecodes::_istore :
1054 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1055 no_control_flow = false; break;
1056 case Bytecodes::_istore_0 :
1057 case Bytecodes::_istore_1 :
1058 case Bytecodes::_istore_2 :
1059 case Bytecodes::_istore_3 : {
1060 int index = opcode - Bytecodes::_istore_0;
1061 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1062 no_control_flow = false; break;
1063 }
1064 case Bytecodes::_lstore :
1065 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1066 no_control_flow = false; break;
1067 case Bytecodes::_lstore_0 :
1068 case Bytecodes::_lstore_1 :
1069 case Bytecodes::_lstore_2 :
1070 case Bytecodes::_lstore_3 : {
1071 int index = opcode - Bytecodes::_lstore_0;
1072 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1073 no_control_flow = false; break;
1074 }
1075 case Bytecodes::_fstore :
1076 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1077 no_control_flow = false; break;
1078 case Bytecodes::_fstore_0 :
1079 case Bytecodes::_fstore_1 :
1080 case Bytecodes::_fstore_2 :
1081 case Bytecodes::_fstore_3 : {
1082 int index = opcode - Bytecodes::_fstore_0;
1083 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1084 no_control_flow = false; break;
1085 }
1086 case Bytecodes::_dstore :
1087 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1088 no_control_flow = false; break;
1089 case Bytecodes::_dstore_0 :
1090 case Bytecodes::_dstore_1 :
1091 case Bytecodes::_dstore_2 :
1092 case Bytecodes::_dstore_3 : {
1093 int index = opcode - Bytecodes::_dstore_0;
1094 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1095 no_control_flow = false; break;
1096 }
1097 case Bytecodes::_astore :
1098 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1099 no_control_flow = false; break;
1100 case Bytecodes::_astore_0 :
1101 case Bytecodes::_astore_1 :
1102 case Bytecodes::_astore_2 :
1103 case Bytecodes::_astore_3 : {
1104 int index = opcode - Bytecodes::_astore_0;
1105 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1106 no_control_flow = false; break;
1107 }
1108 case Bytecodes::_iastore :
1109 type = current_frame.pop_stack(
1110 VerificationType::integer_type(), CHECK_VERIFY(this));
1111 type2 = current_frame.pop_stack(
1112 VerificationType::integer_type(), CHECK_VERIFY(this));
1113 atype = current_frame.pop_stack(
1114 VerificationType::reference_check(), CHECK_VERIFY(this));
1115 if (!atype.is_int_array()) {
1116 verify_error(ErrorContext::bad_type(bci,
1117 current_frame.stack_top_ctx(), ref_ctx("[I")),
1118 bad_type_msg, "iastore");
1119 return;
1120 }
1121 no_control_flow = false; break;
1122 case Bytecodes::_bastore :
1123 type = current_frame.pop_stack(
1124 VerificationType::integer_type(), CHECK_VERIFY(this));
1125 type2 = current_frame.pop_stack(
1126 VerificationType::integer_type(), CHECK_VERIFY(this));
1127 atype = current_frame.pop_stack(
1128 VerificationType::reference_check(), CHECK_VERIFY(this));
1129 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1130 verify_error(
1131 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1132 bad_type_msg, "bastore");
1133 return;
1134 }
1135 no_control_flow = false; break;
1136 case Bytecodes::_castore :
1137 current_frame.pop_stack(
1138 VerificationType::integer_type(), CHECK_VERIFY(this));
1139 current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 atype = current_frame.pop_stack(
1142 VerificationType::reference_check(), CHECK_VERIFY(this));
1143 if (!atype.is_char_array()) {
1144 verify_error(ErrorContext::bad_type(bci,
1145 current_frame.stack_top_ctx(), ref_ctx("[C")),
1146 bad_type_msg, "castore");
1147 return;
1148 }
1149 no_control_flow = false; break;
1150 case Bytecodes::_sastore :
1151 current_frame.pop_stack(
1152 VerificationType::integer_type(), CHECK_VERIFY(this));
1153 current_frame.pop_stack(
1154 VerificationType::integer_type(), CHECK_VERIFY(this));
1155 atype = current_frame.pop_stack(
1156 VerificationType::reference_check(), CHECK_VERIFY(this));
1157 if (!atype.is_short_array()) {
1158 verify_error(ErrorContext::bad_type(bci,
1159 current_frame.stack_top_ctx(), ref_ctx("[S")),
1160 bad_type_msg, "sastore");
1161 return;
1162 }
1163 no_control_flow = false; break;
1164 case Bytecodes::_lastore :
1165 current_frame.pop_stack_2(
1166 VerificationType::long2_type(),
1167 VerificationType::long_type(), CHECK_VERIFY(this));
1168 current_frame.pop_stack(
1169 VerificationType::integer_type(), CHECK_VERIFY(this));
1170 atype = current_frame.pop_stack(
1171 VerificationType::reference_check(), CHECK_VERIFY(this));
1172 if (!atype.is_long_array()) {
1173 verify_error(ErrorContext::bad_type(bci,
1174 current_frame.stack_top_ctx(), ref_ctx("[J")),
1175 bad_type_msg, "lastore");
1176 return;
1177 }
1178 no_control_flow = false; break;
1179 case Bytecodes::_fastore :
1180 current_frame.pop_stack(
1181 VerificationType::float_type(), CHECK_VERIFY(this));
1182 current_frame.pop_stack
1183 (VerificationType::integer_type(), CHECK_VERIFY(this));
1184 atype = current_frame.pop_stack(
1185 VerificationType::reference_check(), CHECK_VERIFY(this));
1186 if (!atype.is_float_array()) {
1187 verify_error(ErrorContext::bad_type(bci,
1188 current_frame.stack_top_ctx(), ref_ctx("[F")),
1189 bad_type_msg, "fastore");
1190 return;
1191 }
1192 no_control_flow = false; break;
1193 case Bytecodes::_dastore :
1194 current_frame.pop_stack_2(
1195 VerificationType::double2_type(),
1196 VerificationType::double_type(), CHECK_VERIFY(this));
1197 current_frame.pop_stack(
1198 VerificationType::integer_type(), CHECK_VERIFY(this));
1199 atype = current_frame.pop_stack(
1200 VerificationType::reference_check(), CHECK_VERIFY(this));
1201 if (!atype.is_double_array()) {
1202 verify_error(ErrorContext::bad_type(bci,
1203 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204 bad_type_msg, "dastore");
1205 return;
1206 }
1207 no_control_flow = false; break;
1208 case Bytecodes::_aastore :
1209 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210 type2 = current_frame.pop_stack(
1211 VerificationType::integer_type(), CHECK_VERIFY(this));
1212 atype = current_frame.pop_stack(
1213 VerificationType::reference_check(), CHECK_VERIFY(this));
1214 // more type-checking is done at runtime
1215 if (!atype.is_reference_array()) {
1216 verify_error(ErrorContext::bad_type(bci,
1217 current_frame.stack_top_ctx(),
1218 TypeOrigin::implicit(VerificationType::reference_check())),
1219 bad_type_msg, "aastore");
1220 return;
1221 }
1222 // 4938384: relaxed constraint in JVMS 3rd edition.
1223 no_control_flow = false; break;
1224 case Bytecodes::_pop :
1225 current_frame.pop_stack(
1226 VerificationType::category1_check(), CHECK_VERIFY(this));
1227 no_control_flow = false; break;
1228 case Bytecodes::_pop2 :
1229 type = current_frame.pop_stack(CHECK_VERIFY(this));
1230 if (type.is_category1()) {
1231 current_frame.pop_stack(
1232 VerificationType::category1_check(), CHECK_VERIFY(this));
1233 } else if (type.is_category2_2nd()) {
1234 current_frame.pop_stack(
1235 VerificationType::category2_check(), CHECK_VERIFY(this));
1236 } else {
1237 /* Unreachable? Would need a category2_1st on TOS
1238 * which does not appear possible. */
1239 verify_error(
1240 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1241 bad_type_msg, "pop2");
1242 return;
1243 }
1244 no_control_flow = false; break;
1245 case Bytecodes::_dup :
1246 type = current_frame.pop_stack(
1247 VerificationType::category1_check(), CHECK_VERIFY(this));
1248 current_frame.push_stack(type, CHECK_VERIFY(this));
1249 current_frame.push_stack(type, CHECK_VERIFY(this));
1250 no_control_flow = false; break;
1251 case Bytecodes::_dup_x1 :
1252 type = current_frame.pop_stack(
1253 VerificationType::category1_check(), CHECK_VERIFY(this));
1254 type2 = current_frame.pop_stack(
1255 VerificationType::category1_check(), CHECK_VERIFY(this));
1256 current_frame.push_stack(type, CHECK_VERIFY(this));
1257 current_frame.push_stack(type2, CHECK_VERIFY(this));
1258 current_frame.push_stack(type, CHECK_VERIFY(this));
1259 no_control_flow = false; break;
1260 case Bytecodes::_dup_x2 :
1261 {
1262 VerificationType type3;
1263 type = current_frame.pop_stack(
1264 VerificationType::category1_check(), CHECK_VERIFY(this));
1265 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1266 if (type2.is_category1()) {
1267 type3 = current_frame.pop_stack(
1268 VerificationType::category1_check(), CHECK_VERIFY(this));
1269 } else if (type2.is_category2_2nd()) {
1270 type3 = current_frame.pop_stack(
1271 VerificationType::category2_check(), CHECK_VERIFY(this));
1272 } else {
1273 /* Unreachable? Would need a category2_1st at stack depth 2 with
1274 * a category1 on TOS which does not appear possible. */
1275 verify_error(ErrorContext::bad_type(
1276 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1277 return;
1278 }
1279 current_frame.push_stack(type, CHECK_VERIFY(this));
1280 current_frame.push_stack(type3, CHECK_VERIFY(this));
1281 current_frame.push_stack(type2, CHECK_VERIFY(this));
1282 current_frame.push_stack(type, CHECK_VERIFY(this));
1283 no_control_flow = false; break;
1284 }
1285 case Bytecodes::_dup2 :
1286 type = current_frame.pop_stack(CHECK_VERIFY(this));
1287 if (type.is_category1()) {
1288 type2 = current_frame.pop_stack(
1289 VerificationType::category1_check(), CHECK_VERIFY(this));
1290 } else if (type.is_category2_2nd()) {
1291 type2 = current_frame.pop_stack(
1292 VerificationType::category2_check(), CHECK_VERIFY(this));
1293 } else {
1294 /* Unreachable? Would need a category2_1st on TOS which does not
1295 * appear possible. */
1296 verify_error(
1297 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1298 bad_type_msg, "dup2");
1299 return;
1300 }
1301 current_frame.push_stack(type2, CHECK_VERIFY(this));
1302 current_frame.push_stack(type, CHECK_VERIFY(this));
1303 current_frame.push_stack(type2, CHECK_VERIFY(this));
1304 current_frame.push_stack(type, CHECK_VERIFY(this));
1305 no_control_flow = false; break;
1306 case Bytecodes::_dup2_x1 :
1307 {
1308 VerificationType type3;
1309 type = current_frame.pop_stack(CHECK_VERIFY(this));
1310 if (type.is_category1()) {
1311 type2 = current_frame.pop_stack(
1312 VerificationType::category1_check(), CHECK_VERIFY(this));
1313 } else if (type.is_category2_2nd()) {
1314 type2 = current_frame.pop_stack(
1315 VerificationType::category2_check(), CHECK_VERIFY(this));
1316 } else {
1317 /* Unreachable? Would need a category2_1st on TOS which does
1318 * not appear possible. */
1319 verify_error(
1320 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1321 bad_type_msg, "dup2_x1");
1322 return;
1323 }
1324 type3 = current_frame.pop_stack(
1325 VerificationType::category1_check(), CHECK_VERIFY(this));
1326 current_frame.push_stack(type2, CHECK_VERIFY(this));
1327 current_frame.push_stack(type, CHECK_VERIFY(this));
1328 current_frame.push_stack(type3, CHECK_VERIFY(this));
1329 current_frame.push_stack(type2, CHECK_VERIFY(this));
1330 current_frame.push_stack(type, CHECK_VERIFY(this));
1331 no_control_flow = false; break;
1332 }
1333 case Bytecodes::_dup2_x2 :
1334 {
1335 VerificationType type3, type4;
1336 type = current_frame.pop_stack(CHECK_VERIFY(this));
1337 if (type.is_category1()) {
1338 type2 = current_frame.pop_stack(
1339 VerificationType::category1_check(), CHECK_VERIFY(this));
1340 } else if (type.is_category2_2nd()) {
1341 type2 = current_frame.pop_stack(
1342 VerificationType::category2_check(), CHECK_VERIFY(this));
1343 } else {
1344 /* Unreachable? Would need a category2_1st on TOS which does
1345 * not appear possible. */
1346 verify_error(
1347 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1348 bad_type_msg, "dup2_x2");
1349 return;
1350 }
1351 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1352 if (type3.is_category1()) {
1353 type4 = current_frame.pop_stack(
1354 VerificationType::category1_check(), CHECK_VERIFY(this));
1355 } else if (type3.is_category2_2nd()) {
1356 type4 = current_frame.pop_stack(
1357 VerificationType::category2_check(), CHECK_VERIFY(this));
1358 } else {
1359 /* Unreachable? Would need a category2_1st on TOS after popping
1360 * a long/double or two category 1's, which does not
1361 * appear possible. */
1362 verify_error(
1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364 bad_type_msg, "dup2_x2");
1365 return;
1366 }
1367 current_frame.push_stack(type2, CHECK_VERIFY(this));
1368 current_frame.push_stack(type, CHECK_VERIFY(this));
1369 current_frame.push_stack(type4, CHECK_VERIFY(this));
1370 current_frame.push_stack(type3, CHECK_VERIFY(this));
1371 current_frame.push_stack(type2, CHECK_VERIFY(this));
1372 current_frame.push_stack(type, CHECK_VERIFY(this));
1373 no_control_flow = false; break;
1374 }
1375 case Bytecodes::_swap :
1376 type = current_frame.pop_stack(
1377 VerificationType::category1_check(), CHECK_VERIFY(this));
1378 type2 = current_frame.pop_stack(
1379 VerificationType::category1_check(), CHECK_VERIFY(this));
1380 current_frame.push_stack(type, CHECK_VERIFY(this));
1381 current_frame.push_stack(type2, CHECK_VERIFY(this));
1382 no_control_flow = false; break;
1383 case Bytecodes::_iadd :
1384 case Bytecodes::_isub :
1385 case Bytecodes::_imul :
1386 case Bytecodes::_idiv :
1387 case Bytecodes::_irem :
1388 case Bytecodes::_ishl :
1389 case Bytecodes::_ishr :
1390 case Bytecodes::_iushr :
1391 case Bytecodes::_ior :
1392 case Bytecodes::_ixor :
1393 case Bytecodes::_iand :
1394 current_frame.pop_stack(
1395 VerificationType::integer_type(), CHECK_VERIFY(this));
1396 // fall through
1397 case Bytecodes::_ineg :
1398 current_frame.pop_stack(
1399 VerificationType::integer_type(), CHECK_VERIFY(this));
1400 current_frame.push_stack(
1401 VerificationType::integer_type(), CHECK_VERIFY(this));
1402 no_control_flow = false; break;
1403 case Bytecodes::_ladd :
1404 case Bytecodes::_lsub :
1405 case Bytecodes::_lmul :
1406 case Bytecodes::_ldiv :
1407 case Bytecodes::_lrem :
1408 case Bytecodes::_land :
1409 case Bytecodes::_lor :
1410 case Bytecodes::_lxor :
1411 current_frame.pop_stack_2(
1412 VerificationType::long2_type(),
1413 VerificationType::long_type(), CHECK_VERIFY(this));
1414 // fall through
1415 case Bytecodes::_lneg :
1416 current_frame.pop_stack_2(
1417 VerificationType::long2_type(),
1418 VerificationType::long_type(), CHECK_VERIFY(this));
1419 current_frame.push_stack_2(
1420 VerificationType::long_type(),
1421 VerificationType::long2_type(), CHECK_VERIFY(this));
1422 no_control_flow = false; break;
1423 case Bytecodes::_lshl :
1424 case Bytecodes::_lshr :
1425 case Bytecodes::_lushr :
1426 current_frame.pop_stack(
1427 VerificationType::integer_type(), CHECK_VERIFY(this));
1428 current_frame.pop_stack_2(
1429 VerificationType::long2_type(),
1430 VerificationType::long_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack_2(
1432 VerificationType::long_type(),
1433 VerificationType::long2_type(), CHECK_VERIFY(this));
1434 no_control_flow = false; break;
1435 case Bytecodes::_fadd :
1436 case Bytecodes::_fsub :
1437 case Bytecodes::_fmul :
1438 case Bytecodes::_fdiv :
1439 case Bytecodes::_frem :
1440 current_frame.pop_stack(
1441 VerificationType::float_type(), CHECK_VERIFY(this));
1442 // fall through
1443 case Bytecodes::_fneg :
1444 current_frame.pop_stack(
1445 VerificationType::float_type(), CHECK_VERIFY(this));
1446 current_frame.push_stack(
1447 VerificationType::float_type(), CHECK_VERIFY(this));
1448 no_control_flow = false; break;
1449 case Bytecodes::_dadd :
1450 case Bytecodes::_dsub :
1451 case Bytecodes::_dmul :
1452 case Bytecodes::_ddiv :
1453 case Bytecodes::_drem :
1454 current_frame.pop_stack_2(
1455 VerificationType::double2_type(),
1456 VerificationType::double_type(), CHECK_VERIFY(this));
1457 // fall through
1458 case Bytecodes::_dneg :
1459 current_frame.pop_stack_2(
1460 VerificationType::double2_type(),
1461 VerificationType::double_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack_2(
1463 VerificationType::double_type(),
1464 VerificationType::double2_type(), CHECK_VERIFY(this));
1465 no_control_flow = false; break;
1466 case Bytecodes::_iinc :
1467 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1468 no_control_flow = false; break;
1469 case Bytecodes::_i2l :
1470 type = current_frame.pop_stack(
1471 VerificationType::integer_type(), CHECK_VERIFY(this));
1472 current_frame.push_stack_2(
1473 VerificationType::long_type(),
1474 VerificationType::long2_type(), CHECK_VERIFY(this));
1475 no_control_flow = false; break;
1476 case Bytecodes::_l2i :
1477 current_frame.pop_stack_2(
1478 VerificationType::long2_type(),
1479 VerificationType::long_type(), CHECK_VERIFY(this));
1480 current_frame.push_stack(
1481 VerificationType::integer_type(), CHECK_VERIFY(this));
1482 no_control_flow = false; break;
1483 case Bytecodes::_i2f :
1484 current_frame.pop_stack(
1485 VerificationType::integer_type(), CHECK_VERIFY(this));
1486 current_frame.push_stack(
1487 VerificationType::float_type(), CHECK_VERIFY(this));
1488 no_control_flow = false; break;
1489 case Bytecodes::_i2d :
1490 current_frame.pop_stack(
1491 VerificationType::integer_type(), CHECK_VERIFY(this));
1492 current_frame.push_stack_2(
1493 VerificationType::double_type(),
1494 VerificationType::double2_type(), CHECK_VERIFY(this));
1495 no_control_flow = false; break;
1496 case Bytecodes::_l2f :
1497 current_frame.pop_stack_2(
1498 VerificationType::long2_type(),
1499 VerificationType::long_type(), CHECK_VERIFY(this));
1500 current_frame.push_stack(
1501 VerificationType::float_type(), CHECK_VERIFY(this));
1502 no_control_flow = false; break;
1503 case Bytecodes::_l2d :
1504 current_frame.pop_stack_2(
1505 VerificationType::long2_type(),
1506 VerificationType::long_type(), CHECK_VERIFY(this));
1507 current_frame.push_stack_2(
1508 VerificationType::double_type(),
1509 VerificationType::double2_type(), CHECK_VERIFY(this));
1510 no_control_flow = false; break;
1511 case Bytecodes::_f2i :
1512 current_frame.pop_stack(
1513 VerificationType::float_type(), CHECK_VERIFY(this));
1514 current_frame.push_stack(
1515 VerificationType::integer_type(), CHECK_VERIFY(this));
1516 no_control_flow = false; break;
1517 case Bytecodes::_f2l :
1518 current_frame.pop_stack(
1519 VerificationType::float_type(), CHECK_VERIFY(this));
1520 current_frame.push_stack_2(
1521 VerificationType::long_type(),
1522 VerificationType::long2_type(), CHECK_VERIFY(this));
1523 no_control_flow = false; break;
1524 case Bytecodes::_f2d :
1525 current_frame.pop_stack(
1526 VerificationType::float_type(), CHECK_VERIFY(this));
1527 current_frame.push_stack_2(
1528 VerificationType::double_type(),
1529 VerificationType::double2_type(), CHECK_VERIFY(this));
1530 no_control_flow = false; break;
1531 case Bytecodes::_d2i :
1532 current_frame.pop_stack_2(
1533 VerificationType::double2_type(),
1534 VerificationType::double_type(), CHECK_VERIFY(this));
1535 current_frame.push_stack(
1536 VerificationType::integer_type(), CHECK_VERIFY(this));
1537 no_control_flow = false; break;
1538 case Bytecodes::_d2l :
1539 current_frame.pop_stack_2(
1540 VerificationType::double2_type(),
1541 VerificationType::double_type(), CHECK_VERIFY(this));
1542 current_frame.push_stack_2(
1543 VerificationType::long_type(),
1544 VerificationType::long2_type(), CHECK_VERIFY(this));
1545 no_control_flow = false; break;
1546 case Bytecodes::_d2f :
1547 current_frame.pop_stack_2(
1548 VerificationType::double2_type(),
1549 VerificationType::double_type(), CHECK_VERIFY(this));
1550 current_frame.push_stack(
1551 VerificationType::float_type(), CHECK_VERIFY(this));
1552 no_control_flow = false; break;
1553 case Bytecodes::_i2b :
1554 case Bytecodes::_i2c :
1555 case Bytecodes::_i2s :
1556 current_frame.pop_stack(
1557 VerificationType::integer_type(), CHECK_VERIFY(this));
1558 current_frame.push_stack(
1559 VerificationType::integer_type(), CHECK_VERIFY(this));
1560 no_control_flow = false; break;
1561 case Bytecodes::_lcmp :
1562 current_frame.pop_stack_2(
1563 VerificationType::long2_type(),
1564 VerificationType::long_type(), CHECK_VERIFY(this));
1565 current_frame.pop_stack_2(
1566 VerificationType::long2_type(),
1567 VerificationType::long_type(), CHECK_VERIFY(this));
1568 current_frame.push_stack(
1569 VerificationType::integer_type(), CHECK_VERIFY(this));
1570 no_control_flow = false; break;
1571 case Bytecodes::_fcmpl :
1572 case Bytecodes::_fcmpg :
1573 current_frame.pop_stack(
1574 VerificationType::float_type(), CHECK_VERIFY(this));
1575 current_frame.pop_stack(
1576 VerificationType::float_type(), CHECK_VERIFY(this));
1577 current_frame.push_stack(
1578 VerificationType::integer_type(), CHECK_VERIFY(this));
1579 no_control_flow = false; break;
1580 case Bytecodes::_dcmpl :
1581 case Bytecodes::_dcmpg :
1582 current_frame.pop_stack_2(
1583 VerificationType::double2_type(),
1584 VerificationType::double_type(), CHECK_VERIFY(this));
1585 current_frame.pop_stack_2(
1586 VerificationType::double2_type(),
1587 VerificationType::double_type(), CHECK_VERIFY(this));
1588 current_frame.push_stack(
1589 VerificationType::integer_type(), CHECK_VERIFY(this));
1590 no_control_flow = false; break;
1591 case Bytecodes::_if_icmpeq:
1592 case Bytecodes::_if_icmpne:
1593 case Bytecodes::_if_icmplt:
1594 case Bytecodes::_if_icmpge:
1595 case Bytecodes::_if_icmpgt:
1596 case Bytecodes::_if_icmple:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 // fall through
1600 case Bytecodes::_ifeq:
1601 case Bytecodes::_ifne:
1602 case Bytecodes::_iflt:
1603 case Bytecodes::_ifge:
1604 case Bytecodes::_ifgt:
1605 case Bytecodes::_ifle:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 stackmap_table.check_jump_target(
1609 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1610 no_control_flow = false; break;
1611 case Bytecodes::_if_acmpeq :
1612 case Bytecodes::_if_acmpne :
1613 current_frame.pop_stack(
1614 VerificationType::reference_check(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifnull :
1617 case Bytecodes::_ifnonnull :
1618 current_frame.pop_stack(
1619 VerificationType::reference_check(), CHECK_VERIFY(this));
1620 stackmap_table.check_jump_target
1621 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1622 no_control_flow = false; break;
1623 case Bytecodes::_goto :
1624 stackmap_table.check_jump_target(
1625 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1626 no_control_flow = true; break;
1627 case Bytecodes::_goto_w :
1628 stackmap_table.check_jump_target(
1629 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1630 no_control_flow = true; break;
1631 case Bytecodes::_tableswitch :
1632 case Bytecodes::_lookupswitch :
1633 verify_switch(
1634 &bcs, code_length, code_data, ¤t_frame,
1635 &stackmap_table, CHECK_VERIFY(this));
1636 no_control_flow = true; break;
1637 case Bytecodes::_ireturn :
1638 type = current_frame.pop_stack(
1639 VerificationType::integer_type(), CHECK_VERIFY(this));
1640 verify_return_value(return_type, type, bci,
1641 ¤t_frame, CHECK_VERIFY(this));
1642 no_control_flow = true; break;
1643 case Bytecodes::_lreturn :
1644 type2 = current_frame.pop_stack(
1645 VerificationType::long2_type(), CHECK_VERIFY(this));
1646 type = current_frame.pop_stack(
1647 VerificationType::long_type(), CHECK_VERIFY(this));
1648 verify_return_value(return_type, type, bci,
1649 ¤t_frame, CHECK_VERIFY(this));
1650 no_control_flow = true; break;
1651 case Bytecodes::_freturn :
1652 type = current_frame.pop_stack(
1653 VerificationType::float_type(), CHECK_VERIFY(this));
1654 verify_return_value(return_type, type, bci,
1655 ¤t_frame, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1657 case Bytecodes::_dreturn :
1658 type2 = current_frame.pop_stack(
1659 VerificationType::double2_type(), CHECK_VERIFY(this));
1660 type = current_frame.pop_stack(
1661 VerificationType::double_type(), CHECK_VERIFY(this));
1662 verify_return_value(return_type, type, bci,
1663 ¤t_frame, CHECK_VERIFY(this));
1664 no_control_flow = true; break;
1665 case Bytecodes::_areturn :
1666 type = current_frame.pop_stack(
1667 VerificationType::reference_check(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_return :
1672 if (return_type != VerificationType::bogus_type()) {
1673 verify_error(ErrorContext::bad_code(bci),
1674 "Method expects a return value");
1675 return;
1676 }
1677 // Make sure "this" has been initialized if current method is an
1678 // <init>.
1679 if (_method->name() == vmSymbols::object_initializer_name() &&
1680 current_frame.flag_this_uninit()) {
1681 verify_error(ErrorContext::bad_code(bci),
1682 "Constructor must call super() or this() "
1683 "before return");
1684 return;
1685 }
1686 no_control_flow = true; break;
1687 case Bytecodes::_getstatic :
1688 case Bytecodes::_putstatic :
1689 // pass TRUE, operand can be an array type for getstatic/putstatic.
1690 verify_field_instructions(
1691 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1692 no_control_flow = false; break;
1693 case Bytecodes::_getfield :
1694 case Bytecodes::_putfield :
1695 // pass FALSE, operand can't be an array type for getfield/putfield.
1696 verify_field_instructions(
1697 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1698 no_control_flow = false; break;
1699 case Bytecodes::_invokevirtual :
1700 case Bytecodes::_invokespecial :
1701 case Bytecodes::_invokestatic :
1702 verify_invoke_instructions(
1703 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1704 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_invokeinterface :
1707 case Bytecodes::_invokedynamic :
1708 verify_invoke_instructions(
1709 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1710 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711 no_control_flow = false; break;
1712 case Bytecodes::_new :
1713 {
1714 u2 index = bcs.get_index_u2();
1715 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1716 VerificationType new_class_type =
1717 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1718 if (!new_class_type.is_object()) {
1719 verify_error(ErrorContext::bad_type(bci,
1720 TypeOrigin::cp(index, new_class_type)),
1721 "Illegal new instruction");
1722 return;
1723 }
1724 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1725 current_frame.push_stack(type, CHECK_VERIFY(this));
1726 no_control_flow = false; break;
1727 }
1728 case Bytecodes::_newarray :
1729 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1730 current_frame.pop_stack(
1731 VerificationType::integer_type(), CHECK_VERIFY(this));
1732 current_frame.push_stack(type, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_anewarray :
1735 verify_anewarray(
1736 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1737 no_control_flow = false; break;
1738 case Bytecodes::_arraylength :
1739 type = current_frame.pop_stack(
1740 VerificationType::reference_check(), CHECK_VERIFY(this));
1741 if (!(type.is_null() || type.is_array())) {
1742 verify_error(ErrorContext::bad_type(
1743 bci, current_frame.stack_top_ctx()),
1744 bad_type_msg, "arraylength");
1745 }
1746 current_frame.push_stack(
1747 VerificationType::integer_type(), CHECK_VERIFY(this));
1748 no_control_flow = false; break;
1749 case Bytecodes::_checkcast :
1750 {
1751 u2 index = bcs.get_index_u2();
1752 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1753 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1754 VerificationType klass_type = cp_index_to_type(
1755 index, cp, CHECK_VERIFY(this));
1756 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1757 no_control_flow = false; break;
1758 }
1759 case Bytecodes::_instanceof : {
1760 u2 index = bcs.get_index_u2();
1761 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1762 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1763 current_frame.push_stack(
1764 VerificationType::integer_type(), CHECK_VERIFY(this));
1765 no_control_flow = false; break;
1766 }
1767 case Bytecodes::_monitorenter :
1768 case Bytecodes::_monitorexit :
1769 current_frame.pop_stack(
1770 VerificationType::reference_check(), CHECK_VERIFY(this));
1771 no_control_flow = false; break;
1772 case Bytecodes::_multianewarray :
1773 {
1774 u2 index = bcs.get_index_u2();
1775 u2 dim = *(bcs.bcp()+3);
1776 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1777 VerificationType new_array_type =
1778 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1779 if (!new_array_type.is_array()) {
1780 verify_error(ErrorContext::bad_type(bci,
1781 TypeOrigin::cp(index, new_array_type)),
1782 "Illegal constant pool index in multianewarray instruction");
1783 return;
1784 }
1785 if (dim < 1 || new_array_type.dimensions() < dim) {
1786 verify_error(ErrorContext::bad_code(bci),
1787 "Illegal dimension in multianewarray instruction: %d", dim);
1788 return;
1789 }
1790 for (int i = 0; i < dim; i++) {
1791 current_frame.pop_stack(
1792 VerificationType::integer_type(), CHECK_VERIFY(this));
1793 }
1794 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1795 no_control_flow = false; break;
1796 }
1797 case Bytecodes::_athrow :
1798 type = VerificationType::reference_type(
1799 vmSymbols::java_lang_Throwable());
1800 current_frame.pop_stack(type, CHECK_VERIFY(this));
1801 no_control_flow = true; break;
1802 default:
1803 // We only need to check the valid bytecodes in class file.
1804 // And jsr and ret are not in the new class file format in JDK1.6.
1805 verify_error(ErrorContext::bad_code(bci),
1806 "Bad instruction: %02x", opcode);
1807 no_control_flow = false;
1808 return;
1809 } // end switch
1810 } // end Merge with the next instruction
1811
1812 // Look for possible jump target in exception handlers and see if it matches
1813 // current_frame. Don't do this check if it has already been done (for
1814 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1815 // opcodes, such as invokespecial, may set the this_uninit flag.
1816 assert(!(verified_exc_handlers && this_uninit),
1817 "Exception handler targets got verified before this_uninit got set");
1818 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1819 if (was_recursively_verified()) return;
1820 verify_exception_handler_targets(
1821 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1822 }
1823 } // end while
1824
1825 // Make sure that control flow does not fall through end of the method
1826 if (!no_control_flow) {
1827 verify_error(ErrorContext::bad_code(code_length),
1828 "Control flow falls through code end");
1829 return;
1830 }
1831 }
1832
1833 #undef bad_type_message
1834
1835 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1836 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1837 memset(code_data, 0, sizeof(char) * code_length);
1838 RawBytecodeStream bcs(m);
1839
1840 while (!bcs.is_last_bytecode()) {
1841 if (bcs.raw_next() != Bytecodes::_illegal) {
1842 int bci = bcs.bci();
1843 if (bcs.raw_code() == Bytecodes::_new) {
1844 code_data[bci] = NEW_OFFSET;
1845 } else {
1846 code_data[bci] = BYTECODE_OFFSET;
1847 }
1848 } else {
1849 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1850 return nullptr;
1851 }
1852 }
1853
1854 return code_data;
1855 }
1856
1857 // Since this method references the constant pool, call was_recursively_verified()
1858 // before calling this method to make sure a prior class load did not cause the
1859 // current class to get verified.
1860 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1861 ExceptionTable exhandlers(_method());
1862 int exlength = exhandlers.length();
1863 constantPoolHandle cp (THREAD, _method->constants());
1864
1865 for(int i = 0; i < exlength; i++) {
1866 u2 start_pc = exhandlers.start_pc(i);
1867 u2 end_pc = exhandlers.end_pc(i);
1868 u2 handler_pc = exhandlers.handler_pc(i);
1869 if (start_pc >= code_length || code_data[start_pc] == 0) {
1870 class_format_error("Illegal exception table start_pc %d", start_pc);
1871 return;
1872 }
1873 if (end_pc != code_length) { // special case: end_pc == code_length
1874 if (end_pc > code_length || code_data[end_pc] == 0) {
1875 class_format_error("Illegal exception table end_pc %d", end_pc);
1876 return;
1877 }
1878 }
1879 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1880 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1881 return;
1882 }
1883 u2 catch_type_index = exhandlers.catch_type_index(i);
1884 if (catch_type_index != 0) {
1885 VerificationType catch_type = cp_index_to_type(
1886 catch_type_index, cp, CHECK_VERIFY(this));
1887 VerificationType throwable =
1888 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1889 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1890 // do that, and we need to avoid a runtime resolution in case we are trying to
1891 // catch OutOfMemoryError.
1892 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1893 cp->klass_at(catch_type_index, CHECK);
1894 }
1895 bool is_subclass = throwable.is_assignable_from(
1896 catch_type, this, false, CHECK_VERIFY(this));
1897 if (!is_subclass) {
1898 // 4286534: should throw VerifyError according to recent spec change
1899 verify_error(ErrorContext::bad_type(handler_pc,
1900 TypeOrigin::cp(catch_type_index, catch_type),
1901 TypeOrigin::implicit(throwable)),
1902 "Catch type is not a subclass "
1903 "of Throwable in exception handler %d", handler_pc);
1904 return;
1905 }
1906 }
1907 if (start_pc < min) min = start_pc;
1908 if (end_pc > max) max = end_pc;
1909 }
1910 }
1911
1912 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1913 int localvariable_table_length = _method->localvariable_table_length();
1914 if (localvariable_table_length > 0) {
1915 LocalVariableTableElement* table = _method->localvariable_table_start();
1916 for (int i = 0; i < localvariable_table_length; i++) {
1917 u2 start_bci = table[i].start_bci;
1918 u2 length = table[i].length;
1919
1920 if (start_bci >= code_length || code_data[start_bci] == 0) {
1921 class_format_error(
1922 "Illegal local variable table start_pc %d", start_bci);
1923 return;
1924 }
1925 u4 end_bci = (u4)(start_bci + length);
1926 if (end_bci != code_length) {
1927 if (end_bci >= code_length || code_data[end_bci] == 0) {
1928 class_format_error( "Illegal local variable table length %d", length);
1929 return;
1930 }
1931 }
1932 }
1933 }
1934 }
1935
1936 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1937 StackMapFrame* current_frame,
1938 StackMapTable* stackmap_table,
1939 bool no_control_flow, TRAPS) {
1940 if (stackmap_index < stackmap_table->get_frame_count()) {
1941 int this_offset = stackmap_table->get_offset(stackmap_index);
1942 if (no_control_flow && this_offset > bci) {
1943 verify_error(ErrorContext::missing_stackmap(bci),
1944 "Expecting a stack map frame");
1945 return 0;
1946 }
1947 if (this_offset == bci) {
1948 ErrorContext ctx;
1949 // See if current stack map can be assigned to the frame in table.
1950 // current_frame is the stackmap frame got from the last instruction.
1951 // If matched, current_frame will be updated by this method.
1952 bool matches = stackmap_table->match_stackmap(
1953 current_frame, this_offset, stackmap_index,
1954 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1955 if (!matches) {
1956 // report type error
1957 verify_error(ctx, "Instruction type does not match stack map");
1958 return 0;
1959 }
1960 stackmap_index++;
1961 } else if (this_offset < bci) {
1962 // current_offset should have met this_offset.
1963 class_format_error("Bad stack map offset %d", this_offset);
1964 return 0;
1965 }
1966 } else if (no_control_flow) {
1967 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1968 return 0;
1969 }
1970 return stackmap_index;
1971 }
1972
1973 // Since this method references the constant pool, call was_recursively_verified()
1974 // before calling this method to make sure a prior class load did not cause the
1975 // current class to get verified.
1976 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1977 StackMapFrame* current_frame,
1978 StackMapTable* stackmap_table, TRAPS) {
1979 constantPoolHandle cp (THREAD, _method->constants());
1980 ExceptionTable exhandlers(_method());
1981 int exlength = exhandlers.length();
1982 for(int i = 0; i < exlength; i++) {
1983 u2 start_pc = exhandlers.start_pc(i);
1984 u2 end_pc = exhandlers.end_pc(i);
1985 u2 handler_pc = exhandlers.handler_pc(i);
1986 int catch_type_index = exhandlers.catch_type_index(i);
1987 if(bci >= start_pc && bci < end_pc) {
1988 u1 flags = current_frame->flags();
1989 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1990 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1991 if (catch_type_index != 0) {
1992 if (was_recursively_verified()) return;
1993 // We know that this index refers to a subclass of Throwable
1994 VerificationType catch_type = cp_index_to_type(
1995 catch_type_index, cp, CHECK_VERIFY(this));
1996 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1997 } else {
1998 VerificationType throwable =
1999 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2000 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2001 }
2002 ErrorContext ctx;
2003 bool matches = stackmap_table->match_stackmap(
2004 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2005 if (!matches) {
2006 verify_error(ctx, "Stack map does not match the one at "
2007 "exception handler %d", handler_pc);
2008 return;
2009 }
2010 }
2011 }
2012 }
2013
2014 void ClassVerifier::verify_cp_index(
2015 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2016 int nconstants = cp->length();
2017 if ((index <= 0) || (index >= nconstants)) {
2018 verify_error(ErrorContext::bad_cp_index(bci, index),
2019 "Illegal constant pool index %d in class %s",
2020 index, cp->pool_holder()->external_name());
2021 return;
2022 }
2023 }
2024
2025 void ClassVerifier::verify_cp_type(
2026 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2027
2028 // In some situations, bytecode rewriting may occur while we're verifying.
2029 // In this case, a constant pool cache exists and some indices refer to that
2030 // instead. Be sure we don't pick up such indices by accident.
2031 // We must check was_recursively_verified() before we get here.
2032 guarantee(cp->cache() == nullptr, "not rewritten yet");
2033
2034 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2035 unsigned int tag = cp->tag_at(index).value();
2036 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2037 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2038 verify_error(ErrorContext::bad_cp_index(bci, index),
2039 "Illegal type at constant pool entry %d in class %s",
2040 index, cp->pool_holder()->external_name());
2041 return;
2042 }
2043 }
2044
2045 void ClassVerifier::verify_cp_class_type(
2046 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2047 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2048 constantTag tag = cp->tag_at(index);
2049 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2050 verify_error(ErrorContext::bad_cp_index(bci, index),
2051 "Illegal type at constant pool entry %d in class %s",
2052 index, cp->pool_holder()->external_name());
2053 return;
2054 }
2055 }
2056
2057 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2058 stringStream ss;
2059
2060 ctx.reset_frames();
2061 _exception_type = vmSymbols::java_lang_VerifyError();
2062 _error_context = ctx;
2063 va_list va;
2064 va_start(va, msg);
2065 ss.vprint(msg, va);
2066 va_end(va);
2067 _message = ss.as_string();
2068 #ifdef ASSERT
2069 ResourceMark rm;
2070 const char* exception_name = _exception_type->as_C_string();
2071 Exceptions::debug_check_abort(exception_name, nullptr);
2072 #endif // ndef ASSERT
2073 }
2074
2075 void ClassVerifier::class_format_error(const char* msg, ...) {
2076 stringStream ss;
2077 _exception_type = vmSymbols::java_lang_ClassFormatError();
2078 va_list va;
2079 va_start(va, msg);
2080 ss.vprint(msg, va);
2081 va_end(va);
2082 if (!_method.is_null()) {
2083 ss.print(" in method '");
2084 _method->print_external_name(&ss);
2085 ss.print("'");
2086 }
2087 _message = ss.as_string();
2088 }
2089
2090 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2091 HandleMark hm(THREAD);
2092 // Get current loader first.
2093 oop loader = current_class()->class_loader();
2094
2095 assert(name_in_supers(name, current_class()), "name should be a super class");
2096
2097 Klass* kls = SystemDictionary::resolve_or_fail(
2098 name, Handle(THREAD, loader), true, THREAD);
2099
2100 if (kls != nullptr) {
2101 if (log_is_enabled(Debug, class, resolve)) {
2102 Verifier::trace_class_resolution(kls, current_class());
2103 }
2104 }
2105 return kls;
2106 }
2107
2108 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2109 Klass* target_class,
2110 Symbol* field_name,
2111 Symbol* field_sig,
2112 bool is_method) {
2113 NoSafepointVerifier nosafepoint;
2114
2115 // If target class isn't a super class of this class, we don't worry about this case
2116 if (!this_class->is_subclass_of(target_class)) {
2117 return false;
2118 }
2119 // Check if the specified method or field is protected
2120 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2121 fieldDescriptor fd;
2122 if (is_method) {
2123 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2124 if (m != nullptr && m->is_protected()) {
2125 if (!this_class->is_same_class_package(m->method_holder())) {
2126 return true;
2127 }
2128 }
2129 } else {
2130 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2131 if (member_klass != nullptr && fd.is_protected()) {
2132 if (!this_class->is_same_class_package(member_klass)) {
2133 return true;
2134 }
2135 }
2136 }
2137 return false;
2138 }
2139
2140 void ClassVerifier::verify_ldc(
2141 int opcode, u2 index, StackMapFrame* current_frame,
2142 const constantPoolHandle& cp, int bci, TRAPS) {
2143 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2144 constantTag tag = cp->tag_at(index);
2145 unsigned int types = 0;
2146 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2147 if (!tag.is_unresolved_klass()) {
2148 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2149 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2150 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2151 | (1 << JVM_CONSTANT_Dynamic);
2152 // Note: The class file parser already verified the legality of
2153 // MethodHandle and MethodType constants.
2154 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2155 }
2156 } else {
2157 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2158 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2159 | (1 << JVM_CONSTANT_Dynamic);
2160 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2161 }
2162 if (tag.is_string()) {
2163 current_frame->push_stack(
2164 VerificationType::reference_type(
2165 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2166 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2167 current_frame->push_stack(
2168 VerificationType::reference_type(
2169 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2170 } else if (tag.is_int()) {
2171 current_frame->push_stack(
2172 VerificationType::integer_type(), CHECK_VERIFY(this));
2173 } else if (tag.is_float()) {
2174 current_frame->push_stack(
2175 VerificationType::float_type(), CHECK_VERIFY(this));
2176 } else if (tag.is_double()) {
2177 current_frame->push_stack_2(
2178 VerificationType::double_type(),
2179 VerificationType::double2_type(), CHECK_VERIFY(this));
2180 } else if (tag.is_long()) {
2181 current_frame->push_stack_2(
2182 VerificationType::long_type(),
2183 VerificationType::long2_type(), CHECK_VERIFY(this));
2184 } else if (tag.is_method_handle()) {
2185 current_frame->push_stack(
2186 VerificationType::reference_type(
2187 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2188 } else if (tag.is_method_type()) {
2189 current_frame->push_stack(
2190 VerificationType::reference_type(
2191 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2192 } else if (tag.is_dynamic_constant()) {
2193 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2194 // Field signature was checked in ClassFileParser.
2195 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2196 "Invalid type for dynamic constant");
2197 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2198 "buffer type must match VerificationType size");
2199 uintptr_t constant_type_buffer[2];
2200 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2201 SignatureStream sig_stream(constant_type, false);
2202 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2203 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2204 if (n != opcode_n) {
2205 // wrong kind of ldc; reverify against updated type mask
2206 types &= ~(1 << JVM_CONSTANT_Dynamic);
2207 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2208 }
2209 for (int i = 0; i < n; i++) {
2210 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2211 }
2212 } else {
2213 /* Unreachable? verify_cp_type has already validated the cp type. */
2214 verify_error(
2215 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2216 return;
2217 }
2218 }
2219
2220 void ClassVerifier::verify_switch(
2221 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2222 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2223 int bci = bcs->bci();
2224 address bcp = bcs->bcp();
2225 address aligned_bcp = align_up(bcp + 1, jintSize);
2226
2227 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2228 // 4639449 & 4647081: padding bytes must be 0
2229 u2 padding_offset = 1;
2230 while ((bcp + padding_offset) < aligned_bcp) {
2231 if(*(bcp + padding_offset) != 0) {
2232 verify_error(ErrorContext::bad_code(bci),
2233 "Nonzero padding byte in lookupswitch or tableswitch");
2234 return;
2235 }
2236 padding_offset++;
2237 }
2238 }
2239
2240 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2241 int keys, delta;
2242 current_frame->pop_stack(
2243 VerificationType::integer_type(), CHECK_VERIFY(this));
2244 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2245 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2246 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2247 if (low > high) {
2248 verify_error(ErrorContext::bad_code(bci),
2249 "low must be less than or equal to high in tableswitch");
2250 return;
2251 }
2252 int64_t keys64 = ((int64_t)high - low) + 1;
2253 if (keys64 > 65535) { // Max code length
2254 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2255 return;
2256 }
2257 keys = (int)keys64;
2258 delta = 1;
2259 } else {
2260 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2261 if (keys < 0) {
2262 verify_error(ErrorContext::bad_code(bci),
2263 "number of keys in lookupswitch less than 0");
2264 return;
2265 }
2266 delta = 2;
2267 // Make sure that the lookupswitch items are sorted
2268 for (int i = 0; i < (keys - 1); i++) {
2269 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2270 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2271 if (this_key >= next_key) {
2272 verify_error(ErrorContext::bad_code(bci),
2273 "Bad lookupswitch instruction");
2274 return;
2275 }
2276 }
2277 }
2278 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2279 for (int i = 0; i < keys; i++) {
2280 // Because check_jump_target() may safepoint, the bytecode could have
2281 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2282 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2283 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2284 stackmap_table->check_jump_target(
2285 current_frame, bci, offset, CHECK_VERIFY(this));
2286 }
2287 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2288 }
2289
2290 bool ClassVerifier::name_in_supers(
2291 Symbol* ref_name, InstanceKlass* current) {
2292 Klass* super = current->super();
2293 while (super != nullptr) {
2294 if (super->name() == ref_name) {
2295 return true;
2296 }
2297 super = super->super();
2298 }
2299 return false;
2300 }
2301
2302 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2303 StackMapFrame* current_frame,
2304 const constantPoolHandle& cp,
2305 bool allow_arrays,
2306 TRAPS) {
2307 u2 index = bcs->get_index_u2();
2308 verify_cp_type(bcs->bci(), index, cp,
2309 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2310
2311 // Get field name and signature
2312 Symbol* field_name = cp->uncached_name_ref_at(index);
2313 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2314 bool is_getfield = false;
2315
2316 // Field signature was checked in ClassFileParser.
2317 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2318 "Invalid field signature");
2319
2320 // Get referenced class type
2321 VerificationType ref_class_type = cp_ref_index_to_type(
2322 index, cp, CHECK_VERIFY(this));
2323 if (!ref_class_type.is_object() &&
2324 (!allow_arrays || !ref_class_type.is_array())) {
2325 verify_error(ErrorContext::bad_type(bcs->bci(),
2326 TypeOrigin::cp(index, ref_class_type)),
2327 "Expecting reference to class in class %s at constant pool index %d",
2328 _klass->external_name(), index);
2329 return;
2330 }
2331 VerificationType target_class_type = ref_class_type;
2332
2333 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2334 "buffer type must match VerificationType size");
2335 uintptr_t field_type_buffer[2];
2336 VerificationType* field_type = (VerificationType*)field_type_buffer;
2337 // If we make a VerificationType[2] array directly, the compiler calls
2338 // to the c-runtime library to do the allocation instead of just
2339 // stack allocating it. Plus it would run constructors. This shows up
2340 // in performance profiles.
2341
2342 SignatureStream sig_stream(field_sig, false);
2343 VerificationType stack_object_type;
2344 int n = change_sig_to_verificationType(&sig_stream, field_type);
2345 int bci = bcs->bci();
2346 bool is_assignable;
2347 switch (bcs->raw_code()) {
2348 case Bytecodes::_getstatic: {
2349 for (int i = 0; i < n; i++) {
2350 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2351 }
2352 break;
2353 }
2354 case Bytecodes::_putstatic: {
2355 for (int i = n - 1; i >= 0; i--) {
2356 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2357 }
2358 break;
2359 }
2360 case Bytecodes::_getfield: {
2361 is_getfield = true;
2362 stack_object_type = current_frame->pop_stack(
2363 target_class_type, CHECK_VERIFY(this));
2364 goto check_protected;
2365 }
2366 case Bytecodes::_putfield: {
2367 for (int i = n - 1; i >= 0; i--) {
2368 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2369 }
2370 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2371
2372 // The JVMS 2nd edition allows field initialization before the superclass
2373 // initializer, if the field is defined within the current class.
2374 fieldDescriptor fd;
2375 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2376 target_class_type.equals(current_type()) &&
2377 _klass->find_local_field(field_name, field_sig, &fd)) {
2378 stack_object_type = current_type();
2379 }
2380 is_assignable = target_class_type.is_assignable_from(
2381 stack_object_type, this, false, CHECK_VERIFY(this));
2382 if (!is_assignable) {
2383 verify_error(ErrorContext::bad_type(bci,
2384 current_frame->stack_top_ctx(),
2385 TypeOrigin::cp(index, target_class_type)),
2386 "Bad type on operand stack in putfield");
2387 return;
2388 }
2389 }
2390 check_protected: {
2391 if (_this_type == stack_object_type)
2392 break; // stack_object_type must be assignable to _current_class_type
2393 if (was_recursively_verified()) {
2394 if (is_getfield) {
2395 // Push field type for getfield.
2396 for (int i = 0; i < n; i++) {
2397 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2398 }
2399 }
2400 return;
2401 }
2402 Symbol* ref_class_name =
2403 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2404 if (!name_in_supers(ref_class_name, current_class()))
2405 // stack_object_type must be assignable to _current_class_type since:
2406 // 1. stack_object_type must be assignable to ref_class.
2407 // 2. ref_class must be _current_class or a subclass of it. It can't
2408 // be a superclass of it. See revised JVMS 5.4.4.
2409 break;
2410
2411 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2412 if (is_protected_access(current_class(), ref_class_oop, field_name,
2413 field_sig, false)) {
2414 // It's protected access, check if stack object is assignable to
2415 // current class.
2416 is_assignable = current_type().is_assignable_from(
2417 stack_object_type, this, true, CHECK_VERIFY(this));
2418 if (!is_assignable) {
2419 verify_error(ErrorContext::bad_type(bci,
2420 current_frame->stack_top_ctx(),
2421 TypeOrigin::implicit(current_type())),
2422 "Bad access to protected data in %s",
2423 is_getfield ? "getfield" : "putfield");
2424 return;
2425 }
2426 }
2427 break;
2428 }
2429 default: ShouldNotReachHere();
2430 }
2431 if (is_getfield) {
2432 // Push field type for getfield after doing protection check.
2433 for (int i = 0; i < n; i++) {
2434 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2435 }
2436 }
2437 }
2438
2439 void ClassVerifier::verify_invoke_init(
2440 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2441 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2442 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2443 TRAPS) {
2444 int bci = bcs->bci();
2445 VerificationType type = current_frame->pop_stack(
2446 VerificationType::reference_check(), CHECK_VERIFY(this));
2447 if (type == VerificationType::uninitialized_this_type()) {
2448 // The method must be an <init> method of this class or its superclass
2449 Klass* superk = current_class()->super();
2450 if (ref_class_type.name() != current_class()->name() &&
2451 ref_class_type.name() != superk->name()) {
2452 verify_error(ErrorContext::bad_type(bci,
2453 TypeOrigin::implicit(ref_class_type),
2454 TypeOrigin::implicit(current_type())),
2455 "Bad <init> method call");
2456 return;
2457 }
2458
2459 // If this invokespecial call is done from inside of a TRY block then make
2460 // sure that all catch clause paths end in a throw. Otherwise, this can
2461 // result in returning an incomplete object.
2462 if (in_try_block) {
2463 // Check the exception handler target stackmaps with the locals from the
2464 // incoming stackmap (before initialize_object() changes them to outgoing
2465 // state).
2466 if (was_recursively_verified()) return;
2467 verify_exception_handler_targets(bci, true, current_frame,
2468 stackmap_table, CHECK_VERIFY(this));
2469 } // in_try_block
2470
2471 current_frame->initialize_object(type, current_type());
2472 *this_uninit = true;
2473 } else if (type.is_uninitialized()) {
2474 u2 new_offset = type.bci();
2475 address new_bcp = bcs->bcp() - bci + new_offset;
2476 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2477 /* Unreachable? Stack map parsing ensures valid type and new
2478 * instructions have a valid BCI. */
2479 verify_error(ErrorContext::bad_code(new_offset),
2480 "Expecting new instruction");
2481 return;
2482 }
2483 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2484 if (was_recursively_verified()) return;
2485 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2486
2487 // The method must be an <init> method of the indicated class
2488 VerificationType new_class_type = cp_index_to_type(
2489 new_class_index, cp, CHECK_VERIFY(this));
2490 if (!new_class_type.equals(ref_class_type)) {
2491 verify_error(ErrorContext::bad_type(bci,
2492 TypeOrigin::cp(new_class_index, new_class_type),
2493 TypeOrigin::cp(ref_class_index, ref_class_type)),
2494 "Call to wrong <init> method");
2495 return;
2496 }
2497 // According to the VM spec, if the referent class is a superclass of the
2498 // current class, and is in a different runtime package, and the method is
2499 // protected, then the objectref must be the current class or a subclass
2500 // of the current class.
2501 VerificationType objectref_type = new_class_type;
2502 if (name_in_supers(ref_class_type.name(), current_class())) {
2503 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2504 if (was_recursively_verified()) return;
2505 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2506 vmSymbols::object_initializer_name(),
2507 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2508 Klass::OverpassLookupMode::find);
2509 // Do nothing if method is not found. Let resolution detect the error.
2510 if (m != nullptr) {
2511 InstanceKlass* mh = m->method_holder();
2512 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2513 bool assignable = current_type().is_assignable_from(
2514 objectref_type, this, true, CHECK_VERIFY(this));
2515 if (!assignable) {
2516 verify_error(ErrorContext::bad_type(bci,
2517 TypeOrigin::cp(new_class_index, objectref_type),
2518 TypeOrigin::implicit(current_type())),
2519 "Bad access to protected <init> method");
2520 return;
2521 }
2522 }
2523 }
2524 }
2525 // Check the exception handler target stackmaps with the locals from the
2526 // incoming stackmap (before initialize_object() changes them to outgoing
2527 // state).
2528 if (in_try_block) {
2529 if (was_recursively_verified()) return;
2530 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2531 stackmap_table, CHECK_VERIFY(this));
2532 }
2533 current_frame->initialize_object(type, new_class_type);
2534 } else {
2535 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2536 "Bad operand type when invoking <init>");
2537 return;
2538 }
2539 }
2540
2541 bool ClassVerifier::is_same_or_direct_interface(
2542 InstanceKlass* klass,
2543 VerificationType klass_type,
2544 VerificationType ref_class_type) {
2545 if (ref_class_type.equals(klass_type)) return true;
2546 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2547 if (local_interfaces != nullptr) {
2548 for (int x = 0; x < local_interfaces->length(); x++) {
2549 InstanceKlass* k = local_interfaces->at(x);
2550 assert (k != nullptr && k->is_interface(), "invalid interface");
2551 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2552 return true;
2553 }
2554 }
2555 }
2556 return false;
2557 }
2558
2559 void ClassVerifier::verify_invoke_instructions(
2560 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2561 bool in_try_block, bool *this_uninit, VerificationType return_type,
2562 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2563 // Make sure the constant pool item is the right type
2564 u2 index = bcs->get_index_u2();
2565 Bytecodes::Code opcode = bcs->raw_code();
2566 unsigned int types = 0;
2567 switch (opcode) {
2568 case Bytecodes::_invokeinterface:
2569 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2570 break;
2571 case Bytecodes::_invokedynamic:
2572 types = 1 << JVM_CONSTANT_InvokeDynamic;
2573 break;
2574 case Bytecodes::_invokespecial:
2575 case Bytecodes::_invokestatic:
2576 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2577 (1 << JVM_CONSTANT_Methodref) :
2578 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2579 break;
2580 default:
2581 types = 1 << JVM_CONSTANT_Methodref;
2582 }
2583 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2584
2585 // Get method name and signature
2586 Symbol* method_name = cp->uncached_name_ref_at(index);
2587 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2588
2589 // Method signature was checked in ClassFileParser.
2590 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2591 "Invalid method signature");
2592
2593 // Get referenced class type
2594 VerificationType ref_class_type;
2595 if (opcode == Bytecodes::_invokedynamic) {
2596 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2597 class_format_error(
2598 "invokedynamic instructions not supported by this class file version (%d), class %s",
2599 _klass->major_version(), _klass->external_name());
2600 return;
2601 }
2602 } else {
2603 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2604 }
2605
2606 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2607 "buffer type must match VerificationType size");
2608
2609 // Get the UTF8 index for this signature.
2610 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2611
2612 // Get the signature's verification types.
2613 sig_as_verification_types* mth_sig_verif_types;
2614 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2615 if (mth_sig_verif_types_ptr != nullptr) {
2616 // Found the entry for the signature's verification types in the hash table.
2617 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2618 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2619 } else {
2620 // Not found, add the entry to the table.
2621 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2622 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2623 create_method_sig_entry(mth_sig_verif_types, sig_index);
2624 }
2625
2626 // Get the number of arguments for this signature.
2627 int nargs = mth_sig_verif_types->num_args();
2628
2629 // Check instruction operands
2630 int bci = bcs->bci();
2631 if (opcode == Bytecodes::_invokeinterface) {
2632 address bcp = bcs->bcp();
2633 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2634 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2635 // the difference between the size of the operand stack before and after the instruction
2636 // executes.
2637 if (*(bcp+3) != (nargs+1)) {
2638 verify_error(ErrorContext::bad_code(bci),
2639 "Inconsistent args count operand in invokeinterface");
2640 return;
2641 }
2642 if (*(bcp+4) != 0) {
2643 verify_error(ErrorContext::bad_code(bci),
2644 "Fourth operand byte of invokeinterface must be zero");
2645 return;
2646 }
2647 }
2648
2649 if (opcode == Bytecodes::_invokedynamic) {
2650 address bcp = bcs->bcp();
2651 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2652 verify_error(ErrorContext::bad_code(bci),
2653 "Third and fourth operand bytes of invokedynamic must be zero");
2654 return;
2655 }
2656 }
2657
2658 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2659 // Make sure <init> can only be invoked by invokespecial
2660 if (opcode != Bytecodes::_invokespecial ||
2661 method_name != vmSymbols::object_initializer_name()) {
2662 verify_error(ErrorContext::bad_code(bci),
2663 "Illegal call to internal method");
2664 return;
2665 }
2666 }
2667 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2668 // or any superclass (including Object).
2669 else if (opcode == Bytecodes::_invokespecial
2670 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2671 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) {
2672
2673 // We know it is not current class, direct superinterface or immediate superclass. That means it
2674 // could be:
2675 // - a totally unrelated class or interface
2676 // - an indirect superinterface
2677 // - an indirect superclass (including Object)
2678 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2679 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2680 // implemented as assignability treats all interfaces as Object.
2681
2682 bool is_interface = false; // This can only be set true if the assignability check will return true
2683 // and we loaded the class. For any other "true" returns (e.g. same class
2684 // or Object) we either can't get here (same class already excluded above)
2685 // or we know it is not an interface (i.e. Object).
2686 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2687 &is_interface, CHECK_VERIFY(this));
2688 if (!subtype) { // Totally unrelated class
2689 verify_error(ErrorContext::bad_code(bci),
2690 "Bad invokespecial instruction: "
2691 "current class isn't assignable to reference class.");
2692 return;
2693 } else {
2694 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2695 // Any interface use is an error.
2696 if (is_interface) {
2697 verify_error(ErrorContext::bad_code(bci),
2698 "Bad invokespecial instruction: "
2699 "interface method to invoke is not in a direct superinterface.");
2700 return;
2701 }
2702 }
2703 }
2704
2705 // Get the verification types for the method's arguments.
2706 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2707 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2708 // Match method descriptor with operand stack
2709 // The arguments are on the stack in descending order.
2710 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2711 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2712 }
2713
2714 // Check objectref on operand stack
2715 if (opcode != Bytecodes::_invokestatic &&
2716 opcode != Bytecodes::_invokedynamic) {
2717 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2718 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2719 code_length, in_try_block, this_uninit, cp, stackmap_table,
2720 CHECK_VERIFY(this));
2721 if (was_recursively_verified()) return;
2722 } else { // other methods
2723 // Ensures that target class is assignable to method class.
2724 if (opcode == Bytecodes::_invokespecial) {
2725 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2726 } else if (opcode == Bytecodes::_invokevirtual) {
2727 VerificationType stack_object_type =
2728 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2729 if (current_type() != stack_object_type) {
2730 if (was_recursively_verified()) return;
2731 assert(cp->cache() == nullptr, "not rewritten yet");
2732 Symbol* ref_class_name =
2733 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2734 // See the comments in verify_field_instructions() for
2735 // the rationale behind this.
2736 if (name_in_supers(ref_class_name, current_class())) {
2737 Klass* ref_class = load_class(ref_class_name, CHECK);
2738 if (is_protected_access(
2739 _klass, ref_class, method_name, method_sig, true)) {
2740 // It's protected access, check if stack object is
2741 // assignable to current class.
2742 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2743 && stack_object_type.is_array()
2744 && method_name == vmSymbols::clone_name()) {
2745 // Special case: arrays pretend to implement public Object
2746 // clone().
2747 } else {
2748 bool is_assignable = current_type().is_assignable_from(
2749 stack_object_type, this, true, CHECK_VERIFY(this));
2750 if (!is_assignable) {
2751 verify_error(ErrorContext::bad_type(bci,
2752 current_frame->stack_top_ctx(),
2753 TypeOrigin::implicit(current_type())),
2754 "Bad access to protected data in invokevirtual");
2755 return;
2756 }
2757 }
2758 }
2759 }
2760 }
2761 } else {
2762 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2763 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2764 }
2765 }
2766 }
2767 // Push the result type.
2768 int sig_verif_types_len = sig_verif_types->length();
2769 if (sig_verif_types_len > nargs) { // There's a return type
2770 if (method_name == vmSymbols::object_initializer_name()) {
2771 // <init> method must have a void return type
2772 /* Unreachable? Class file parser verifies that methods with '<' have
2773 * void return */
2774 verify_error(ErrorContext::bad_code(bci),
2775 "Return type must be void in <init> method");
2776 return;
2777 }
2778
2779 assert(sig_verif_types_len <= nargs + 2,
2780 "Signature verification types array return type is bogus");
2781 for (int i = nargs; i < sig_verif_types_len; i++) {
2782 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2783 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2784 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2785 }
2786 }
2787 }
2788
2789 VerificationType ClassVerifier::get_newarray_type(
2790 u2 index, int bci, TRAPS) {
2791 const char* from_bt[] = {
2792 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2793 };
2794 if (index < T_BOOLEAN || index > T_LONG) {
2795 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2796 return VerificationType::bogus_type();
2797 }
2798
2799 // from_bt[index] contains the array signature which has a length of 2
2800 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2801 return VerificationType::reference_type(sig);
2802 }
2803
2804 void ClassVerifier::verify_anewarray(
2805 int bci, u2 index, const constantPoolHandle& cp,
2806 StackMapFrame* current_frame, TRAPS) {
2807 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2808 current_frame->pop_stack(
2809 VerificationType::integer_type(), CHECK_VERIFY(this));
2810
2811 if (was_recursively_verified()) return;
2812 VerificationType component_type =
2813 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2814 int length;
2815 char* arr_sig_str;
2816 if (component_type.is_array()) { // it's an array
2817 const char* component_name = component_type.name()->as_utf8();
2818 // Check for more than MAX_ARRAY_DIMENSIONS
2819 length = (int)strlen(component_name);
2820 if (length > MAX_ARRAY_DIMENSIONS &&
2821 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2822 verify_error(ErrorContext::bad_code(bci),
2823 "Illegal anewarray instruction, array has more than 255 dimensions");
2824 }
2825 // add one dimension to component
2826 length++;
2827 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2828 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2829 JVM_SIGNATURE_ARRAY, component_name);
2830 assert(n == length, "Unexpected number of characters in string");
2831 } else { // it's an object or interface
2832 const char* component_name = component_type.name()->as_utf8();
2833 // add one dimension to component with 'L' prepended and ';' postpended.
2834 length = (int)strlen(component_name) + 3;
2835 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2836 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2837 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2838 assert(n == length, "Unexpected number of characters in string");
2839 }
2840 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2841 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2842 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2843 }
2844
2845 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2846 current_frame->get_local(
2847 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2848 current_frame->push_stack(
2849 VerificationType::integer_type(), CHECK_VERIFY(this));
2850 }
2851
2852 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2853 current_frame->get_local_2(
2854 index, VerificationType::long_type(),
2855 VerificationType::long2_type(), CHECK_VERIFY(this));
2856 current_frame->push_stack_2(
2857 VerificationType::long_type(),
2858 VerificationType::long2_type(), CHECK_VERIFY(this));
2859 }
2860
2861 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2862 current_frame->get_local(
2863 index, VerificationType::float_type(), CHECK_VERIFY(this));
2864 current_frame->push_stack(
2865 VerificationType::float_type(), CHECK_VERIFY(this));
2866 }
2867
2868 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2869 current_frame->get_local_2(
2870 index, VerificationType::double_type(),
2871 VerificationType::double2_type(), CHECK_VERIFY(this));
2872 current_frame->push_stack_2(
2873 VerificationType::double_type(),
2874 VerificationType::double2_type(), CHECK_VERIFY(this));
2875 }
2876
2877 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2878 VerificationType type = current_frame->get_local(
2879 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2880 current_frame->push_stack(type, CHECK_VERIFY(this));
2881 }
2882
2883 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2884 current_frame->pop_stack(
2885 VerificationType::integer_type(), CHECK_VERIFY(this));
2886 current_frame->set_local(
2887 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2888 }
2889
2890 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2891 current_frame->pop_stack_2(
2892 VerificationType::long2_type(),
2893 VerificationType::long_type(), CHECK_VERIFY(this));
2894 current_frame->set_local_2(
2895 index, VerificationType::long_type(),
2896 VerificationType::long2_type(), CHECK_VERIFY(this));
2897 }
2898
2899 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2900 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2901 current_frame->set_local(
2902 index, VerificationType::float_type(), CHECK_VERIFY(this));
2903 }
2904
2905 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2906 current_frame->pop_stack_2(
2907 VerificationType::double2_type(),
2908 VerificationType::double_type(), CHECK_VERIFY(this));
2909 current_frame->set_local_2(
2910 index, VerificationType::double_type(),
2911 VerificationType::double2_type(), CHECK_VERIFY(this));
2912 }
2913
2914 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2915 VerificationType type = current_frame->pop_stack(
2916 VerificationType::reference_check(), CHECK_VERIFY(this));
2917 current_frame->set_local(index, type, CHECK_VERIFY(this));
2918 }
2919
2920 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2921 VerificationType type = current_frame->get_local(
2922 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2923 current_frame->set_local(index, type, CHECK_VERIFY(this));
2924 }
2925
2926 void ClassVerifier::verify_return_value(
2927 VerificationType return_type, VerificationType type, int bci,
2928 StackMapFrame* current_frame, TRAPS) {
2929 if (return_type == VerificationType::bogus_type()) {
2930 verify_error(ErrorContext::bad_type(bci,
2931 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2932 "Method does not expect a return value");
2933 return;
2934 }
2935 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2936 if (!match) {
2937 verify_error(ErrorContext::bad_type(bci,
2938 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2939 "Bad return type");
2940 return;
2941 }
2942 }
2943
2944 // The verifier creates symbols which are substrings of Symbols.
2945 // These are stored in the verifier until the end of verification so that
2946 // they can be reference counted.
2947 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
2948 // Quick deduplication check
2949 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
2950 return _previous_symbol;
2951 }
2952 Symbol* sym = SymbolTable::new_symbol(name, length);
2953 if (!sym->is_permanent()) {
2954 if (_symbols == nullptr) {
2955 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
2956 }
2957 _symbols->push(sym);
2958 }
2959 _previous_symbol = sym;
2960 return sym;
2961 }