1 /*
2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 void *lib_handle = nullptr;
90 // Load verify dll
91 if (is_vm_statically_linked()) {
92 lib_handle = os::get_default_process_handle();
93 } else {
94 char buffer[JVM_MAXPATHLEN];
95 char ebuf[1024];
96 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
97 return nullptr; // Caller will throw VerifyError
98
99 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
100 if (lib_handle == nullptr)
101 return nullptr; // Caller will throw VerifyError
102 }
103
104 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
105 if (fn == nullptr)
106 return nullptr; // Caller will throw VerifyError
107
108 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
109 }
110
111
112 // Methods in Verifier
113
114 // This method determines whether we run the verifier and class file format checking code.
115 bool Verifier::should_verify_for(oop class_loader) {
116 return class_loader == nullptr ?
117 BytecodeVerificationLocal : BytecodeVerificationRemote;
118 }
119
120 // This method determines whether we allow package access in access checks in reflection.
121 bool Verifier::relax_access_for(oop loader) {
122 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
123 bool need_verify =
124 // verifyAll
125 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
126 // verifyRemote
127 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
128 return !need_verify;
129 }
130
131 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
132 // or pass true for redefinition of any class.
133 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
134 Symbol* name = klass->name();
135
136 return (should_verify_class &&
137 // Can not verify the bytecodes for shared classes because they have
138 // already been rewritten to contain constant pool cache indices,
139 // which the verifier can't understand.
140 // Shared classes shouldn't have stackmaps either.
141 // However, bytecodes for shared old classes can be verified because
142 // they have not been rewritten.
143 !(klass->in_aot_cache() && klass->is_rewritten()));
144 }
145
146 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
147 assert(verify_class != nullptr, "Unexpected null verify_class");
148 ResourceMark rm;
149 Symbol* s = verify_class->source_file_name();
150 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
151 const char* verify = verify_class->external_name();
152 const char* resolve = resolve_class->external_name();
153 // print in a single call to reduce interleaving between threads
154 if (source_file != nullptr) {
155 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
156 } else {
157 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
158 }
159 }
160
161 // Prints the end-verification message to the appropriate output.
162 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
163 if (pending_exception != nullptr) {
164 st->print("Verification for %s has", klassName);
165 oop message = java_lang_Throwable::message(pending_exception);
166 if (message != nullptr) {
167 char* ex_msg = java_lang_String::as_utf8_string(message);
168 st->print_cr(" exception pending '%s %s'",
169 pending_exception->klass()->external_name(), ex_msg);
170 } else {
171 st->print_cr(" exception pending %s ",
172 pending_exception->klass()->external_name());
173 }
174 } else if (exception_name != nullptr) {
175 st->print_cr("Verification for %s failed", klassName);
176 }
177 st->print_cr("End class verification for: %s", klassName);
178 }
179
180 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
181 HandleMark hm(THREAD);
182 ResourceMark rm(THREAD);
183
184 // Eagerly allocate the identity hash code for a klass. This is a fallout
185 // from 6320749 and 8059924: hash code generator is not supposed to be called
186 // during the safepoint, but it allows to sneak the hashcode in during
187 // verification. Without this eager hashcode generation, we may end up
188 // installing the hashcode during some other operation, which may be at
189 // safepoint -- blowing up the checks. It was previously done as the side
190 // effect (sic!) for external_name(), but instead of doing that, we opt to
191 // explicitly push the hashcode in here. This is signify the following block
192 // is IMPORTANT:
193 assert(klass->java_mirror() != nullptr, "must be");
194 klass->java_mirror()->identity_hash();
195
196 if (!is_eligible_for_verification(klass, should_verify_class)) {
197 return true;
198 }
199
200 // Timer includes any side effects of class verification (resolution,
201 // etc), but not recursive calls to Verifier::verify().
202 JavaThread* jt = THREAD;
203 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
204 ClassLoader::perf_class_verify_selftime(),
205 ClassLoader::perf_classes_verified(),
206 jt->get_thread_stat()->perf_recursion_counts_addr(),
207 jt->get_thread_stat()->perf_timers_addr(),
208 PerfClassTraceTime::CLASS_VERIFY);
209
210 // If the class should be verified, first see if we can use the split
211 // verifier. If not, or if verification fails and can failover, then
212 // call the inference verifier.
213 Symbol* exception_name = nullptr;
214 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
215 char* message_buffer = nullptr;
216 char* exception_message = nullptr;
217
218 log_info(class, init)("Start class verification for: %s", klass->external_name());
219 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
220 ClassVerifier split_verifier(jt, klass);
221 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
222 split_verifier.verify_class(THREAD);
223 exception_name = split_verifier.result();
224
225 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
226 // the class will be excluded from the archive anyway.
227 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
228 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
229
230 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
231 (exception_name == vmSymbols::java_lang_VerifyError() ||
232 exception_name == vmSymbols::java_lang_ClassFormatError())) {
233 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
234 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
235 #if INCLUDE_CDS
236 // Exclude any classes that are verified with the old verifier, as the old verifier
237 // doesn't call SystemDictionaryShared::add_verification_constraint()
238 if (CDSConfig::is_dumping_archive()) {
239 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
240 SystemDictionaryShared::set_excluded(klass);
241 }
242 #endif
243 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
244 exception_message = message_buffer;
245 exception_name = inference_verify(
246 klass, message_buffer, message_buffer_len, THREAD);
247 }
248 if (exception_name != nullptr) {
249 exception_message = split_verifier.exception_message();
250 }
251 } else {
252 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
253 exception_message = message_buffer;
254 exception_name = inference_verify(
255 klass, message_buffer, message_buffer_len, THREAD);
256 }
257
258 LogTarget(Info, class, init) lt1;
259 if (lt1.is_enabled()) {
260 LogStream ls(lt1);
261 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
262 }
263 LogTarget(Info, verification) lt2;
264 if (lt2.is_enabled()) {
265 LogStream ls(lt2);
266 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
267 }
268
269 if (HAS_PENDING_EXCEPTION) {
270 return false; // use the existing exception
271 } else if (exception_name == nullptr) {
272 return true; // verification succeeded
273 } else { // VerifyError or ClassFormatError to be created and thrown
274 Klass* kls =
275 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
276 if (log_is_enabled(Debug, class, resolve)) {
277 Verifier::trace_class_resolution(kls, klass);
278 }
279
280 while (kls != nullptr) {
281 if (kls == klass) {
282 // If the class being verified is the exception we're creating
283 // or one of it's superclasses, we're in trouble and are going
284 // to infinitely recurse when we try to initialize the exception.
285 // So bail out here by throwing the preallocated VM error.
286 THROW_OOP_(Universe::internal_error_instance(), false);
287 }
288 kls = kls->super();
289 }
290 if (message_buffer != nullptr) {
291 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
292 }
293 assert(exception_message != nullptr, "");
294 THROW_MSG_(exception_name, exception_message, false);
295 }
296 }
297
298 Symbol* Verifier::inference_verify(
299 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
300 JavaThread* thread = THREAD;
301
302 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
303
304 if (verify_func == nullptr) {
305 jio_snprintf(message, message_len, "Could not link verifier");
306 return vmSymbols::java_lang_VerifyError();
307 }
308
309 ResourceMark rm(thread);
310 log_info(verification)("Verifying class %s with old format", klass->external_name());
311
312 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
313 jint result;
314
315 {
316 HandleMark hm(thread);
317 ThreadToNativeFromVM ttn(thread);
318 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
319 // code knows that we have left the VM
320 JNIEnv *env = thread->jni_environment();
321 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
322 }
323
324 JNIHandles::destroy_local(cls);
325
326 // These numbers are chosen so that VerifyClassCodes interface doesn't need
327 // to be changed (still return jboolean (unsigned char)), and result is
328 // 1 when verification is passed.
329 if (result == 0) {
330 return vmSymbols::java_lang_VerifyError();
331 } else if (result == 1) {
332 return nullptr; // verified.
333 } else if (result == 2) {
334 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
335 } else if (result == 3) {
336 return vmSymbols::java_lang_ClassFormatError();
337 } else {
338 ShouldNotReachHere();
339 return nullptr;
340 }
341 }
342
343 TypeOrigin TypeOrigin::null() {
344 return TypeOrigin();
345 }
346 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
347 assert(frame != nullptr, "Must have a frame");
348 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
349 frame->local_at(index));
350 }
351 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
352 assert(frame != nullptr, "Must have a frame");
353 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
354 frame->stack_at(index));
355 }
356 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
357 assert(frame != nullptr, "Must have a frame");
358 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
359 frame->local_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
362 assert(frame != nullptr, "Must have a frame");
363 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
364 frame->stack_at(index));
365 }
366 TypeOrigin TypeOrigin::bad_index(int index) {
367 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
368 }
369 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
370 return TypeOrigin(CONST_POOL, index, nullptr, vt);
371 }
372 TypeOrigin TypeOrigin::signature(VerificationType vt) {
373 return TypeOrigin(SIG, 0, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::implicit(VerificationType t) {
376 return TypeOrigin(IMPLICIT, 0, nullptr, t);
377 }
378 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
379 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
380 VerificationType::bogus_type());
381 }
382
383 void TypeOrigin::reset_frame() {
384 if (_frame != nullptr) {
385 _frame->restore();
386 }
387 }
388
389 void TypeOrigin::details(outputStream* ss) const {
390 _type.print_on(ss);
391 switch (_origin) {
392 case CF_LOCALS:
393 ss->print(" (current frame, locals[%d])", _index);
394 break;
395 case CF_STACK:
396 ss->print(" (current frame, stack[%d])", _index);
397 break;
398 case SM_LOCALS:
399 ss->print(" (stack map, locals[%d])", _index);
400 break;
401 case SM_STACK:
402 ss->print(" (stack map, stack[%d])", _index);
403 break;
404 case CONST_POOL:
405 ss->print(" (constant pool %d)", _index);
406 break;
407 case SIG:
408 ss->print(" (from method signature)");
409 break;
410 case IMPLICIT:
411 case FRAME_ONLY:
412 case NONE:
413 default:
414 ;
415 }
416 }
417
418 #ifdef ASSERT
419 void TypeOrigin::print_on(outputStream* str) const {
420 str->print("{%d,%d,%p:", _origin, _index, _frame);
421 if (_frame != nullptr) {
422 _frame->print_on(str);
423 } else {
424 str->print("null");
425 }
426 str->print(",");
427 _type.print_on(str);
428 str->print("}");
429 }
430 #endif
431
432 void ErrorContext::details(outputStream* ss, const Method* method) const {
433 if (is_valid()) {
434 ss->cr();
435 ss->print_cr("Exception Details:");
436 location_details(ss, method);
437 reason_details(ss);
438 frame_details(ss);
439 bytecode_details(ss, method);
440 handler_details(ss, method);
441 stackmap_details(ss, method);
442 }
443 }
444
445 void ErrorContext::reason_details(outputStream* ss) const {
446 StreamIndentor si(ss, 2);
447 ss->print_cr("Reason:");
448
449 StreamIndentor si2(ss, 2);
450 switch (_fault) {
451 case INVALID_BYTECODE:
452 ss->print("Error exists in the bytecode");
453 break;
454 case WRONG_TYPE:
455 if (_expected.is_valid()) {
456 ss->print("Type ");
457 _type.details(ss);
458 ss->print(" is not assignable to ");
459 _expected.details(ss);
460 } else {
461 ss->print("Invalid type: ");
462 _type.details(ss);
463 }
464 break;
465 case FLAGS_MISMATCH:
466 if (_expected.is_valid()) {
467 ss->print("Current frame's flags are not assignable "
468 "to stack map frame's.");
469 } else {
470 ss->print("Current frame's flags are invalid in this context.");
471 }
472 break;
473 case BAD_CP_INDEX:
474 ss->print("Constant pool index %d is invalid", _type.index());
475 break;
476 case BAD_LOCAL_INDEX:
477 ss->print("Local index %d is invalid", _type.index());
478 break;
479 case LOCALS_SIZE_MISMATCH:
480 ss->print("Current frame's local size doesn't match stackmap.");
481 break;
482 case STACK_SIZE_MISMATCH:
483 ss->print("Current frame's stack size doesn't match stackmap.");
484 break;
485 case STACK_OVERFLOW:
486 ss->print("Exceeded max stack size.");
487 break;
488 case STACK_UNDERFLOW:
489 ss->print("Attempt to pop empty stack.");
490 break;
491 case MISSING_STACKMAP:
492 ss->print("Expected stackmap frame at this location.");
493 break;
494 case BAD_STACKMAP:
495 ss->print("Invalid stackmap specification.");
496 break;
497 case UNKNOWN:
498 default:
499 ShouldNotReachHere();
500 ss->print_cr("Unknown");
501 }
502 ss->cr();
503 }
504
505 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
506 if (_bci != -1 && method != nullptr) {
507 const char* bytecode_name = "<invalid>";
508 if (method->validate_bci(_bci) != -1) {
509 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
510 if (Bytecodes::is_defined(code)) {
511 bytecode_name = Bytecodes::name(code);
512 } else {
513 bytecode_name = "<illegal>";
514 }
515 }
516 InstanceKlass* ik = method->method_holder();
517
518 StreamIndentor si(ss, 2);
519 ss->print_cr("Location:");
520
521 StreamIndentor si2(ss, 2);
522 ss->print_cr("%s.%s%s @%d: %s",
523 ik->name()->as_C_string(), method->name()->as_C_string(),
524 method->signature()->as_C_string(), _bci, bytecode_name);
525 }
526 }
527
528 void ErrorContext::frame_details(outputStream* ss) const {
529 StreamIndentor si(ss, 2);
530 if (_type.is_valid() && _type.frame() != nullptr) {
531 ss->print_cr("Current Frame:");
532 StreamIndentor si2(ss, 2);
533 _type.frame()->print_on(ss);
534 }
535 if (_expected.is_valid() && _expected.frame() != nullptr) {
536 ss->print_cr("Stackmap Frame:");
537 StreamIndentor si2(ss, 2);
538 _expected.frame()->print_on(ss);
539 }
540 }
541
542 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
543 if (method != nullptr) {
544 StreamIndentor si(ss, 2);
545 ss->print_cr("Bytecode:");
546 StreamIndentor si2(ss, 2);
547 ss->print_data(method->code_base(), method->code_size(), false);
548 }
549 }
550
551 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
552 if (method != nullptr) {
553 StreamIndentor si(ss, 2);
554
555 ExceptionTable table(method);
556 if (table.length() > 0) {
557 ss->print_cr("Exception Handler Table:");
558 StreamIndentor si2(ss, 2);
559 for (int i = 0; i < table.length(); ++i) {
560 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
561 table.end_pc(i), table.handler_pc(i));
562 }
563 }
564 }
565 }
566
567 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
568 if (method != nullptr && method->has_stackmap_table()) {
569 StreamIndentor si(ss, 2);
570 ss->print_cr("Stackmap Table:");
571 Array<u1>* data = method->stackmap_data();
572 stack_map_table* sm_table =
573 stack_map_table::at((address)data->adr_at(0));
574 stack_map_frame* sm_frame = sm_table->entries();
575 StreamIndentor si2(ss, 2);
576 int current_offset = -1;
577 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
578 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
579 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
580 sm_frame->print_truncated(ss, current_offset);
581 return;
582 }
583 sm_frame->print_on(ss, current_offset);
584 ss->cr();
585 current_offset += sm_frame->offset_delta();
586 sm_frame = sm_frame->next();
587 }
588 }
589 }
590
591 // Methods in ClassVerifier
592
593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
594 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
595 _message(nullptr), _klass(klass) {
596 _this_type = VerificationType::reference_type(klass->name());
597 }
598
599 ClassVerifier::~ClassVerifier() {
600 // Decrement the reference count for any symbols created.
601 if (_symbols != nullptr) {
602 for (int i = 0; i < _symbols->length(); i++) {
603 Symbol* s = _symbols->at(i);
604 s->decrement_refcount();
605 }
606 }
607 }
608
609 VerificationType ClassVerifier::object_type() const {
610 return VerificationType::reference_type(vmSymbols::java_lang_Object());
611 }
612
613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
614 VerificationType vt = VerificationType::reference_type(
615 create_temporary_symbol(sig, (int)strlen(sig)));
616 return TypeOrigin::implicit(vt);
617 }
618
619
620 void ClassVerifier::verify_class(TRAPS) {
621 log_info(verification)("Verifying class %s with new format", _klass->external_name());
622
623 // Either verifying both local and remote classes or just remote classes.
624 assert(BytecodeVerificationRemote, "Should not be here");
625
626 Array<Method*>* methods = _klass->methods();
627 int num_methods = methods->length();
628
629 for (int index = 0; index < num_methods; index++) {
630 // Check for recursive re-verification before each method.
631 if (was_recursively_verified()) return;
632
633 Method* m = methods->at(index);
634 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
635 // If m is native or abstract, skip it. It is checked in class file
636 // parser that methods do not override a final method. Overpass methods
637 // are trusted since the VM generates them.
638 continue;
639 }
640 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
641 }
642
643 if (was_recursively_verified()){
644 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
645 log_info(class, init)("Recursive verification detected for: %s",
646 _klass->external_name());
647 }
648 }
649
650 // Translate the signature entries into verification types and save them in
651 // the growable array. Also, save the count of arguments.
652 void ClassVerifier::translate_signature(Symbol* const method_sig,
653 sig_as_verification_types* sig_verif_types) {
654 SignatureStream sig_stream(method_sig);
655 VerificationType sig_type[2];
656 int sig_i = 0;
657 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
658
659 // Translate the signature arguments into verification types.
660 while (!sig_stream.at_return_type()) {
661 int n = change_sig_to_verificationType(&sig_stream, sig_type);
662 assert(n <= 2, "Unexpected signature type");
663
664 // Store verification type(s). Longs and Doubles each have two verificationTypes.
665 for (int x = 0; x < n; x++) {
666 verif_types->push(sig_type[x]);
667 }
668 sig_i += n;
669 sig_stream.next();
670 }
671
672 // Set final arg count, not including the return type. The final arg count will
673 // be compared with sig_verify_types' length to see if there is a return type.
674 sig_verif_types->set_num_args(sig_i);
675
676 // Store verification type(s) for the return type, if there is one.
677 if (sig_stream.type() != T_VOID) {
678 int n = change_sig_to_verificationType(&sig_stream, sig_type);
679 assert(n <= 2, "Unexpected signature return type");
680 for (int y = 0; y < n; y++) {
681 verif_types->push(sig_type[y]);
682 }
683 }
684 }
685
686 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
687 int sig_index) {
688 // Translate the signature into verification types.
689 ConstantPool* cp = _klass->constants();
690 Symbol* const method_sig = cp->symbol_at(sig_index);
691 translate_signature(method_sig, sig_verif_types);
692
693 // Add the list of this signature's verification types to the table.
694 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
695 assert(is_unique, "Duplicate entries in method_signature_table");
696 }
697
698 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
699 HandleMark hm(THREAD);
700 _method = m; // initialize _method
701 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
702
703 // For clang, the only good constant format string is a literal constant format string.
704 #define bad_type_msg "Bad type on operand stack in %s"
705
706 u2 max_stack = m->verifier_max_stack();
707 u2 max_locals = m->max_locals();
708 constantPoolHandle cp(THREAD, m->constants());
709
710 // Method signature was checked in ClassFileParser.
711 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
712 "Invalid method signature");
713
714 // Initial stack map frame: offset is 0, stack is initially empty.
715 StackMapFrame current_frame(max_locals, max_stack, this);
716 // Set initial locals
717 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
718
719 u2 stackmap_index = 0; // index to the stackmap array
720
721 u4 code_length = m->code_size();
722
723 // Scan the bytecode and map each instruction's start offset to a number.
724 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
725
726 int ex_min = code_length;
727 int ex_max = -1;
728 // Look through each item on the exception table. Each of the fields must refer
729 // to a legal instruction.
730 if (was_recursively_verified()) return;
731 verify_exception_handler_table(
732 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
733
734 // Look through each entry on the local variable table and make sure
735 // its range of code array offsets is valid. (4169817)
736 if (m->has_localvariable_table()) {
737 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
738 }
739
740 Array<u1>* stackmap_data = m->stackmap_data();
741 StackMapStream stream(stackmap_data);
742 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
743 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
744
745 LogTarget(Debug, verification) lt;
746 if (lt.is_enabled()) {
747 LogStream ls(lt);
748 stackmap_table.print_on(&ls);
749 }
750
751 RawBytecodeStream bcs(m);
752
753 // Scan the byte code linearly from the start to the end
754 bool no_control_flow = false; // Set to true when there is no direct control
755 // flow from current instruction to the next
756 // instruction in sequence
757
758 Bytecodes::Code opcode;
759 while (!bcs.is_last_bytecode()) {
760 // Check for recursive re-verification before each bytecode.
761 if (was_recursively_verified()) return;
762
763 opcode = bcs.raw_next();
764 int bci = bcs.bci();
765
766 // Set current frame's offset to bci
767 current_frame.set_offset(bci);
768 current_frame.set_mark();
769
770 // Make sure every offset in stackmap table point to the beginning to
771 // an instruction. Match current_frame to stackmap_table entry with
772 // the same offset if exists.
773 stackmap_index = verify_stackmap_table(
774 stackmap_index, bci, ¤t_frame, &stackmap_table,
775 no_control_flow, CHECK_VERIFY(this));
776
777
778 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
779 bool verified_exc_handlers = false;
780
781 // Merge with the next instruction
782 {
783 VerificationType type, type2;
784 VerificationType atype;
785
786 LogTarget(Debug, verification) lt;
787 if (lt.is_enabled()) {
788 LogStream ls(lt);
789 current_frame.print_on(&ls);
790 lt.print("offset = %d, opcode = %s", bci,
791 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
792 }
793
794 // Make sure wide instruction is in correct format
795 if (bcs.is_wide()) {
796 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
797 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
798 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
799 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
800 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
801 opcode != Bytecodes::_dstore) {
802 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
803 * if we encounter a wide instruction that modifies an invalid
804 * opcode (not one of the ones listed above) */
805 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
806 return;
807 }
808 }
809
810 // Look for possible jump target in exception handlers and see if it
811 // matches current_frame. Do this check here for astore*, dstore*,
812 // fstore*, istore*, and lstore* opcodes because they can change the type
813 // state by adding a local. JVM Spec says that the incoming type state
814 // should be used for this check. So, do the check here before a possible
815 // local is added to the type state.
816 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
817 if (was_recursively_verified()) return;
818 verify_exception_handler_targets(
819 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
820 verified_exc_handlers = true;
821 }
822
823 if (was_recursively_verified()) return;
824
825 switch (opcode) {
826 case Bytecodes::_nop :
827 no_control_flow = false; break;
828 case Bytecodes::_aconst_null :
829 current_frame.push_stack(
830 VerificationType::null_type(), CHECK_VERIFY(this));
831 no_control_flow = false; break;
832 case Bytecodes::_iconst_m1 :
833 case Bytecodes::_iconst_0 :
834 case Bytecodes::_iconst_1 :
835 case Bytecodes::_iconst_2 :
836 case Bytecodes::_iconst_3 :
837 case Bytecodes::_iconst_4 :
838 case Bytecodes::_iconst_5 :
839 current_frame.push_stack(
840 VerificationType::integer_type(), CHECK_VERIFY(this));
841 no_control_flow = false; break;
842 case Bytecodes::_lconst_0 :
843 case Bytecodes::_lconst_1 :
844 current_frame.push_stack_2(
845 VerificationType::long_type(),
846 VerificationType::long2_type(), CHECK_VERIFY(this));
847 no_control_flow = false; break;
848 case Bytecodes::_fconst_0 :
849 case Bytecodes::_fconst_1 :
850 case Bytecodes::_fconst_2 :
851 current_frame.push_stack(
852 VerificationType::float_type(), CHECK_VERIFY(this));
853 no_control_flow = false; break;
854 case Bytecodes::_dconst_0 :
855 case Bytecodes::_dconst_1 :
856 current_frame.push_stack_2(
857 VerificationType::double_type(),
858 VerificationType::double2_type(), CHECK_VERIFY(this));
859 no_control_flow = false; break;
860 case Bytecodes::_sipush :
861 case Bytecodes::_bipush :
862 current_frame.push_stack(
863 VerificationType::integer_type(), CHECK_VERIFY(this));
864 no_control_flow = false; break;
865 case Bytecodes::_ldc :
866 verify_ldc(
867 opcode, bcs.get_index_u1(), ¤t_frame,
868 cp, bci, CHECK_VERIFY(this));
869 no_control_flow = false; break;
870 case Bytecodes::_ldc_w :
871 case Bytecodes::_ldc2_w :
872 verify_ldc(
873 opcode, bcs.get_index_u2(), ¤t_frame,
874 cp, bci, CHECK_VERIFY(this));
875 no_control_flow = false; break;
876 case Bytecodes::_iload :
877 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_iload_0 :
880 case Bytecodes::_iload_1 :
881 case Bytecodes::_iload_2 :
882 case Bytecodes::_iload_3 : {
883 int index = opcode - Bytecodes::_iload_0;
884 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
885 no_control_flow = false; break;
886 }
887 case Bytecodes::_lload :
888 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
889 no_control_flow = false; break;
890 case Bytecodes::_lload_0 :
891 case Bytecodes::_lload_1 :
892 case Bytecodes::_lload_2 :
893 case Bytecodes::_lload_3 : {
894 int index = opcode - Bytecodes::_lload_0;
895 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 }
898 case Bytecodes::_fload :
899 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
900 no_control_flow = false; break;
901 case Bytecodes::_fload_0 :
902 case Bytecodes::_fload_1 :
903 case Bytecodes::_fload_2 :
904 case Bytecodes::_fload_3 : {
905 int index = opcode - Bytecodes::_fload_0;
906 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
907 no_control_flow = false; break;
908 }
909 case Bytecodes::_dload :
910 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
911 no_control_flow = false; break;
912 case Bytecodes::_dload_0 :
913 case Bytecodes::_dload_1 :
914 case Bytecodes::_dload_2 :
915 case Bytecodes::_dload_3 : {
916 int index = opcode - Bytecodes::_dload_0;
917 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
918 no_control_flow = false; break;
919 }
920 case Bytecodes::_aload :
921 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
922 no_control_flow = false; break;
923 case Bytecodes::_aload_0 :
924 case Bytecodes::_aload_1 :
925 case Bytecodes::_aload_2 :
926 case Bytecodes::_aload_3 : {
927 int index = opcode - Bytecodes::_aload_0;
928 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
929 no_control_flow = false; break;
930 }
931 case Bytecodes::_iaload :
932 type = current_frame.pop_stack(
933 VerificationType::integer_type(), CHECK_VERIFY(this));
934 atype = current_frame.pop_stack(
935 VerificationType::reference_check(), CHECK_VERIFY(this));
936 if (!atype.is_int_array()) {
937 verify_error(ErrorContext::bad_type(bci,
938 current_frame.stack_top_ctx(), ref_ctx("[I")),
939 bad_type_msg, "iaload");
940 return;
941 }
942 current_frame.push_stack(
943 VerificationType::integer_type(), CHECK_VERIFY(this));
944 no_control_flow = false; break;
945 case Bytecodes::_baload :
946 type = current_frame.pop_stack(
947 VerificationType::integer_type(), CHECK_VERIFY(this));
948 atype = current_frame.pop_stack(
949 VerificationType::reference_check(), CHECK_VERIFY(this));
950 if (!atype.is_bool_array() && !atype.is_byte_array()) {
951 verify_error(
952 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
953 bad_type_msg, "baload");
954 return;
955 }
956 current_frame.push_stack(
957 VerificationType::integer_type(), CHECK_VERIFY(this));
958 no_control_flow = false; break;
959 case Bytecodes::_caload :
960 type = current_frame.pop_stack(
961 VerificationType::integer_type(), CHECK_VERIFY(this));
962 atype = current_frame.pop_stack(
963 VerificationType::reference_check(), CHECK_VERIFY(this));
964 if (!atype.is_char_array()) {
965 verify_error(ErrorContext::bad_type(bci,
966 current_frame.stack_top_ctx(), ref_ctx("[C")),
967 bad_type_msg, "caload");
968 return;
969 }
970 current_frame.push_stack(
971 VerificationType::integer_type(), CHECK_VERIFY(this));
972 no_control_flow = false; break;
973 case Bytecodes::_saload :
974 type = current_frame.pop_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 atype = current_frame.pop_stack(
977 VerificationType::reference_check(), CHECK_VERIFY(this));
978 if (!atype.is_short_array()) {
979 verify_error(ErrorContext::bad_type(bci,
980 current_frame.stack_top_ctx(), ref_ctx("[S")),
981 bad_type_msg, "saload");
982 return;
983 }
984 current_frame.push_stack(
985 VerificationType::integer_type(), CHECK_VERIFY(this));
986 no_control_flow = false; break;
987 case Bytecodes::_laload :
988 type = current_frame.pop_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 atype = current_frame.pop_stack(
991 VerificationType::reference_check(), CHECK_VERIFY(this));
992 if (!atype.is_long_array()) {
993 verify_error(ErrorContext::bad_type(bci,
994 current_frame.stack_top_ctx(), ref_ctx("[J")),
995 bad_type_msg, "laload");
996 return;
997 }
998 current_frame.push_stack_2(
999 VerificationType::long_type(),
1000 VerificationType::long2_type(), CHECK_VERIFY(this));
1001 no_control_flow = false; break;
1002 case Bytecodes::_faload :
1003 type = current_frame.pop_stack(
1004 VerificationType::integer_type(), CHECK_VERIFY(this));
1005 atype = current_frame.pop_stack(
1006 VerificationType::reference_check(), CHECK_VERIFY(this));
1007 if (!atype.is_float_array()) {
1008 verify_error(ErrorContext::bad_type(bci,
1009 current_frame.stack_top_ctx(), ref_ctx("[F")),
1010 bad_type_msg, "faload");
1011 return;
1012 }
1013 current_frame.push_stack(
1014 VerificationType::float_type(), CHECK_VERIFY(this));
1015 no_control_flow = false; break;
1016 case Bytecodes::_daload :
1017 type = current_frame.pop_stack(
1018 VerificationType::integer_type(), CHECK_VERIFY(this));
1019 atype = current_frame.pop_stack(
1020 VerificationType::reference_check(), CHECK_VERIFY(this));
1021 if (!atype.is_double_array()) {
1022 verify_error(ErrorContext::bad_type(bci,
1023 current_frame.stack_top_ctx(), ref_ctx("[D")),
1024 bad_type_msg, "daload");
1025 return;
1026 }
1027 current_frame.push_stack_2(
1028 VerificationType::double_type(),
1029 VerificationType::double2_type(), CHECK_VERIFY(this));
1030 no_control_flow = false; break;
1031 case Bytecodes::_aaload : {
1032 type = current_frame.pop_stack(
1033 VerificationType::integer_type(), CHECK_VERIFY(this));
1034 atype = current_frame.pop_stack(
1035 VerificationType::reference_check(), CHECK_VERIFY(this));
1036 if (!atype.is_reference_array()) {
1037 verify_error(ErrorContext::bad_type(bci,
1038 current_frame.stack_top_ctx(),
1039 TypeOrigin::implicit(VerificationType::reference_check())),
1040 bad_type_msg, "aaload");
1041 return;
1042 }
1043 if (atype.is_null()) {
1044 current_frame.push_stack(
1045 VerificationType::null_type(), CHECK_VERIFY(this));
1046 } else {
1047 VerificationType component = atype.get_component(this);
1048 current_frame.push_stack(component, CHECK_VERIFY(this));
1049 }
1050 no_control_flow = false; break;
1051 }
1052 case Bytecodes::_istore :
1053 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1054 no_control_flow = false; break;
1055 case Bytecodes::_istore_0 :
1056 case Bytecodes::_istore_1 :
1057 case Bytecodes::_istore_2 :
1058 case Bytecodes::_istore_3 : {
1059 int index = opcode - Bytecodes::_istore_0;
1060 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1061 no_control_flow = false; break;
1062 }
1063 case Bytecodes::_lstore :
1064 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1065 no_control_flow = false; break;
1066 case Bytecodes::_lstore_0 :
1067 case Bytecodes::_lstore_1 :
1068 case Bytecodes::_lstore_2 :
1069 case Bytecodes::_lstore_3 : {
1070 int index = opcode - Bytecodes::_lstore_0;
1071 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1072 no_control_flow = false; break;
1073 }
1074 case Bytecodes::_fstore :
1075 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_fstore_0 :
1078 case Bytecodes::_fstore_1 :
1079 case Bytecodes::_fstore_2 :
1080 case Bytecodes::_fstore_3 : {
1081 int index = opcode - Bytecodes::_fstore_0;
1082 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1083 no_control_flow = false; break;
1084 }
1085 case Bytecodes::_dstore :
1086 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1087 no_control_flow = false; break;
1088 case Bytecodes::_dstore_0 :
1089 case Bytecodes::_dstore_1 :
1090 case Bytecodes::_dstore_2 :
1091 case Bytecodes::_dstore_3 : {
1092 int index = opcode - Bytecodes::_dstore_0;
1093 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1094 no_control_flow = false; break;
1095 }
1096 case Bytecodes::_astore :
1097 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1098 no_control_flow = false; break;
1099 case Bytecodes::_astore_0 :
1100 case Bytecodes::_astore_1 :
1101 case Bytecodes::_astore_2 :
1102 case Bytecodes::_astore_3 : {
1103 int index = opcode - Bytecodes::_astore_0;
1104 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1105 no_control_flow = false; break;
1106 }
1107 case Bytecodes::_iastore :
1108 type = current_frame.pop_stack(
1109 VerificationType::integer_type(), CHECK_VERIFY(this));
1110 type2 = current_frame.pop_stack(
1111 VerificationType::integer_type(), CHECK_VERIFY(this));
1112 atype = current_frame.pop_stack(
1113 VerificationType::reference_check(), CHECK_VERIFY(this));
1114 if (!atype.is_int_array()) {
1115 verify_error(ErrorContext::bad_type(bci,
1116 current_frame.stack_top_ctx(), ref_ctx("[I")),
1117 bad_type_msg, "iastore");
1118 return;
1119 }
1120 no_control_flow = false; break;
1121 case Bytecodes::_bastore :
1122 type = current_frame.pop_stack(
1123 VerificationType::integer_type(), CHECK_VERIFY(this));
1124 type2 = current_frame.pop_stack(
1125 VerificationType::integer_type(), CHECK_VERIFY(this));
1126 atype = current_frame.pop_stack(
1127 VerificationType::reference_check(), CHECK_VERIFY(this));
1128 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1129 verify_error(
1130 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1131 bad_type_msg, "bastore");
1132 return;
1133 }
1134 no_control_flow = false; break;
1135 case Bytecodes::_castore :
1136 current_frame.pop_stack(
1137 VerificationType::integer_type(), CHECK_VERIFY(this));
1138 current_frame.pop_stack(
1139 VerificationType::integer_type(), CHECK_VERIFY(this));
1140 atype = current_frame.pop_stack(
1141 VerificationType::reference_check(), CHECK_VERIFY(this));
1142 if (!atype.is_char_array()) {
1143 verify_error(ErrorContext::bad_type(bci,
1144 current_frame.stack_top_ctx(), ref_ctx("[C")),
1145 bad_type_msg, "castore");
1146 return;
1147 }
1148 no_control_flow = false; break;
1149 case Bytecodes::_sastore :
1150 current_frame.pop_stack(
1151 VerificationType::integer_type(), CHECK_VERIFY(this));
1152 current_frame.pop_stack(
1153 VerificationType::integer_type(), CHECK_VERIFY(this));
1154 atype = current_frame.pop_stack(
1155 VerificationType::reference_check(), CHECK_VERIFY(this));
1156 if (!atype.is_short_array()) {
1157 verify_error(ErrorContext::bad_type(bci,
1158 current_frame.stack_top_ctx(), ref_ctx("[S")),
1159 bad_type_msg, "sastore");
1160 return;
1161 }
1162 no_control_flow = false; break;
1163 case Bytecodes::_lastore :
1164 current_frame.pop_stack_2(
1165 VerificationType::long2_type(),
1166 VerificationType::long_type(), CHECK_VERIFY(this));
1167 current_frame.pop_stack(
1168 VerificationType::integer_type(), CHECK_VERIFY(this));
1169 atype = current_frame.pop_stack(
1170 VerificationType::reference_check(), CHECK_VERIFY(this));
1171 if (!atype.is_long_array()) {
1172 verify_error(ErrorContext::bad_type(bci,
1173 current_frame.stack_top_ctx(), ref_ctx("[J")),
1174 bad_type_msg, "lastore");
1175 return;
1176 }
1177 no_control_flow = false; break;
1178 case Bytecodes::_fastore :
1179 current_frame.pop_stack(
1180 VerificationType::float_type(), CHECK_VERIFY(this));
1181 current_frame.pop_stack
1182 (VerificationType::integer_type(), CHECK_VERIFY(this));
1183 atype = current_frame.pop_stack(
1184 VerificationType::reference_check(), CHECK_VERIFY(this));
1185 if (!atype.is_float_array()) {
1186 verify_error(ErrorContext::bad_type(bci,
1187 current_frame.stack_top_ctx(), ref_ctx("[F")),
1188 bad_type_msg, "fastore");
1189 return;
1190 }
1191 no_control_flow = false; break;
1192 case Bytecodes::_dastore :
1193 current_frame.pop_stack_2(
1194 VerificationType::double2_type(),
1195 VerificationType::double_type(), CHECK_VERIFY(this));
1196 current_frame.pop_stack(
1197 VerificationType::integer_type(), CHECK_VERIFY(this));
1198 atype = current_frame.pop_stack(
1199 VerificationType::reference_check(), CHECK_VERIFY(this));
1200 if (!atype.is_double_array()) {
1201 verify_error(ErrorContext::bad_type(bci,
1202 current_frame.stack_top_ctx(), ref_ctx("[D")),
1203 bad_type_msg, "dastore");
1204 return;
1205 }
1206 no_control_flow = false; break;
1207 case Bytecodes::_aastore :
1208 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1209 type2 = current_frame.pop_stack(
1210 VerificationType::integer_type(), CHECK_VERIFY(this));
1211 atype = current_frame.pop_stack(
1212 VerificationType::reference_check(), CHECK_VERIFY(this));
1213 // more type-checking is done at runtime
1214 if (!atype.is_reference_array()) {
1215 verify_error(ErrorContext::bad_type(bci,
1216 current_frame.stack_top_ctx(),
1217 TypeOrigin::implicit(VerificationType::reference_check())),
1218 bad_type_msg, "aastore");
1219 return;
1220 }
1221 // 4938384: relaxed constraint in JVMS 3rd edition.
1222 no_control_flow = false; break;
1223 case Bytecodes::_pop :
1224 current_frame.pop_stack(
1225 VerificationType::category1_check(), CHECK_VERIFY(this));
1226 no_control_flow = false; break;
1227 case Bytecodes::_pop2 :
1228 type = current_frame.pop_stack(CHECK_VERIFY(this));
1229 if (type.is_category1()) {
1230 current_frame.pop_stack(
1231 VerificationType::category1_check(), CHECK_VERIFY(this));
1232 } else if (type.is_category2_2nd()) {
1233 current_frame.pop_stack(
1234 VerificationType::category2_check(), CHECK_VERIFY(this));
1235 } else {
1236 /* Unreachable? Would need a category2_1st on TOS
1237 * which does not appear possible. */
1238 verify_error(
1239 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1240 bad_type_msg, "pop2");
1241 return;
1242 }
1243 no_control_flow = false; break;
1244 case Bytecodes::_dup :
1245 type = current_frame.pop_stack(
1246 VerificationType::category1_check(), CHECK_VERIFY(this));
1247 current_frame.push_stack(type, CHECK_VERIFY(this));
1248 current_frame.push_stack(type, CHECK_VERIFY(this));
1249 no_control_flow = false; break;
1250 case Bytecodes::_dup_x1 :
1251 type = current_frame.pop_stack(
1252 VerificationType::category1_check(), CHECK_VERIFY(this));
1253 type2 = current_frame.pop_stack(
1254 VerificationType::category1_check(), CHECK_VERIFY(this));
1255 current_frame.push_stack(type, CHECK_VERIFY(this));
1256 current_frame.push_stack(type2, CHECK_VERIFY(this));
1257 current_frame.push_stack(type, CHECK_VERIFY(this));
1258 no_control_flow = false; break;
1259 case Bytecodes::_dup_x2 :
1260 {
1261 VerificationType type3;
1262 type = current_frame.pop_stack(
1263 VerificationType::category1_check(), CHECK_VERIFY(this));
1264 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1265 if (type2.is_category1()) {
1266 type3 = current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 } else if (type2.is_category2_2nd()) {
1269 type3 = current_frame.pop_stack(
1270 VerificationType::category2_check(), CHECK_VERIFY(this));
1271 } else {
1272 /* Unreachable? Would need a category2_1st at stack depth 2 with
1273 * a category1 on TOS which does not appear possible. */
1274 verify_error(ErrorContext::bad_type(
1275 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1276 return;
1277 }
1278 current_frame.push_stack(type, CHECK_VERIFY(this));
1279 current_frame.push_stack(type3, CHECK_VERIFY(this));
1280 current_frame.push_stack(type2, CHECK_VERIFY(this));
1281 current_frame.push_stack(type, CHECK_VERIFY(this));
1282 no_control_flow = false; break;
1283 }
1284 case Bytecodes::_dup2 :
1285 type = current_frame.pop_stack(CHECK_VERIFY(this));
1286 if (type.is_category1()) {
1287 type2 = current_frame.pop_stack(
1288 VerificationType::category1_check(), CHECK_VERIFY(this));
1289 } else if (type.is_category2_2nd()) {
1290 type2 = current_frame.pop_stack(
1291 VerificationType::category2_check(), CHECK_VERIFY(this));
1292 } else {
1293 /* Unreachable? Would need a category2_1st on TOS which does not
1294 * appear possible. */
1295 verify_error(
1296 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1297 bad_type_msg, "dup2");
1298 return;
1299 }
1300 current_frame.push_stack(type2, CHECK_VERIFY(this));
1301 current_frame.push_stack(type, CHECK_VERIFY(this));
1302 current_frame.push_stack(type2, CHECK_VERIFY(this));
1303 current_frame.push_stack(type, CHECK_VERIFY(this));
1304 no_control_flow = false; break;
1305 case Bytecodes::_dup2_x1 :
1306 {
1307 VerificationType type3;
1308 type = current_frame.pop_stack(CHECK_VERIFY(this));
1309 if (type.is_category1()) {
1310 type2 = current_frame.pop_stack(
1311 VerificationType::category1_check(), CHECK_VERIFY(this));
1312 } else if (type.is_category2_2nd()) {
1313 type2 = current_frame.pop_stack(
1314 VerificationType::category2_check(), CHECK_VERIFY(this));
1315 } else {
1316 /* Unreachable? Would need a category2_1st on TOS which does
1317 * not appear possible. */
1318 verify_error(
1319 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1320 bad_type_msg, "dup2_x1");
1321 return;
1322 }
1323 type3 = current_frame.pop_stack(
1324 VerificationType::category1_check(), CHECK_VERIFY(this));
1325 current_frame.push_stack(type2, CHECK_VERIFY(this));
1326 current_frame.push_stack(type, CHECK_VERIFY(this));
1327 current_frame.push_stack(type3, CHECK_VERIFY(this));
1328 current_frame.push_stack(type2, CHECK_VERIFY(this));
1329 current_frame.push_stack(type, CHECK_VERIFY(this));
1330 no_control_flow = false; break;
1331 }
1332 case Bytecodes::_dup2_x2 :
1333 {
1334 VerificationType type3, type4;
1335 type = current_frame.pop_stack(CHECK_VERIFY(this));
1336 if (type.is_category1()) {
1337 type2 = current_frame.pop_stack(
1338 VerificationType::category1_check(), CHECK_VERIFY(this));
1339 } else if (type.is_category2_2nd()) {
1340 type2 = current_frame.pop_stack(
1341 VerificationType::category2_check(), CHECK_VERIFY(this));
1342 } else {
1343 /* Unreachable? Would need a category2_1st on TOS which does
1344 * not appear possible. */
1345 verify_error(
1346 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1347 bad_type_msg, "dup2_x2");
1348 return;
1349 }
1350 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1351 if (type3.is_category1()) {
1352 type4 = current_frame.pop_stack(
1353 VerificationType::category1_check(), CHECK_VERIFY(this));
1354 } else if (type3.is_category2_2nd()) {
1355 type4 = current_frame.pop_stack(
1356 VerificationType::category2_check(), CHECK_VERIFY(this));
1357 } else {
1358 /* Unreachable? Would need a category2_1st on TOS after popping
1359 * a long/double or two category 1's, which does not
1360 * appear possible. */
1361 verify_error(
1362 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1363 bad_type_msg, "dup2_x2");
1364 return;
1365 }
1366 current_frame.push_stack(type2, CHECK_VERIFY(this));
1367 current_frame.push_stack(type, CHECK_VERIFY(this));
1368 current_frame.push_stack(type4, CHECK_VERIFY(this));
1369 current_frame.push_stack(type3, CHECK_VERIFY(this));
1370 current_frame.push_stack(type2, CHECK_VERIFY(this));
1371 current_frame.push_stack(type, CHECK_VERIFY(this));
1372 no_control_flow = false; break;
1373 }
1374 case Bytecodes::_swap :
1375 type = current_frame.pop_stack(
1376 VerificationType::category1_check(), CHECK_VERIFY(this));
1377 type2 = current_frame.pop_stack(
1378 VerificationType::category1_check(), CHECK_VERIFY(this));
1379 current_frame.push_stack(type, CHECK_VERIFY(this));
1380 current_frame.push_stack(type2, CHECK_VERIFY(this));
1381 no_control_flow = false; break;
1382 case Bytecodes::_iadd :
1383 case Bytecodes::_isub :
1384 case Bytecodes::_imul :
1385 case Bytecodes::_idiv :
1386 case Bytecodes::_irem :
1387 case Bytecodes::_ishl :
1388 case Bytecodes::_ishr :
1389 case Bytecodes::_iushr :
1390 case Bytecodes::_ior :
1391 case Bytecodes::_ixor :
1392 case Bytecodes::_iand :
1393 current_frame.pop_stack(
1394 VerificationType::integer_type(), CHECK_VERIFY(this));
1395 // fall through
1396 case Bytecodes::_ineg :
1397 current_frame.pop_stack(
1398 VerificationType::integer_type(), CHECK_VERIFY(this));
1399 current_frame.push_stack(
1400 VerificationType::integer_type(), CHECK_VERIFY(this));
1401 no_control_flow = false; break;
1402 case Bytecodes::_ladd :
1403 case Bytecodes::_lsub :
1404 case Bytecodes::_lmul :
1405 case Bytecodes::_ldiv :
1406 case Bytecodes::_lrem :
1407 case Bytecodes::_land :
1408 case Bytecodes::_lor :
1409 case Bytecodes::_lxor :
1410 current_frame.pop_stack_2(
1411 VerificationType::long2_type(),
1412 VerificationType::long_type(), CHECK_VERIFY(this));
1413 // fall through
1414 case Bytecodes::_lneg :
1415 current_frame.pop_stack_2(
1416 VerificationType::long2_type(),
1417 VerificationType::long_type(), CHECK_VERIFY(this));
1418 current_frame.push_stack_2(
1419 VerificationType::long_type(),
1420 VerificationType::long2_type(), CHECK_VERIFY(this));
1421 no_control_flow = false; break;
1422 case Bytecodes::_lshl :
1423 case Bytecodes::_lshr :
1424 case Bytecodes::_lushr :
1425 current_frame.pop_stack(
1426 VerificationType::integer_type(), CHECK_VERIFY(this));
1427 current_frame.pop_stack_2(
1428 VerificationType::long2_type(),
1429 VerificationType::long_type(), CHECK_VERIFY(this));
1430 current_frame.push_stack_2(
1431 VerificationType::long_type(),
1432 VerificationType::long2_type(), CHECK_VERIFY(this));
1433 no_control_flow = false; break;
1434 case Bytecodes::_fadd :
1435 case Bytecodes::_fsub :
1436 case Bytecodes::_fmul :
1437 case Bytecodes::_fdiv :
1438 case Bytecodes::_frem :
1439 current_frame.pop_stack(
1440 VerificationType::float_type(), CHECK_VERIFY(this));
1441 // fall through
1442 case Bytecodes::_fneg :
1443 current_frame.pop_stack(
1444 VerificationType::float_type(), CHECK_VERIFY(this));
1445 current_frame.push_stack(
1446 VerificationType::float_type(), CHECK_VERIFY(this));
1447 no_control_flow = false; break;
1448 case Bytecodes::_dadd :
1449 case Bytecodes::_dsub :
1450 case Bytecodes::_dmul :
1451 case Bytecodes::_ddiv :
1452 case Bytecodes::_drem :
1453 current_frame.pop_stack_2(
1454 VerificationType::double2_type(),
1455 VerificationType::double_type(), CHECK_VERIFY(this));
1456 // fall through
1457 case Bytecodes::_dneg :
1458 current_frame.pop_stack_2(
1459 VerificationType::double2_type(),
1460 VerificationType::double_type(), CHECK_VERIFY(this));
1461 current_frame.push_stack_2(
1462 VerificationType::double_type(),
1463 VerificationType::double2_type(), CHECK_VERIFY(this));
1464 no_control_flow = false; break;
1465 case Bytecodes::_iinc :
1466 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1467 no_control_flow = false; break;
1468 case Bytecodes::_i2l :
1469 type = current_frame.pop_stack(
1470 VerificationType::integer_type(), CHECK_VERIFY(this));
1471 current_frame.push_stack_2(
1472 VerificationType::long_type(),
1473 VerificationType::long2_type(), CHECK_VERIFY(this));
1474 no_control_flow = false; break;
1475 case Bytecodes::_l2i :
1476 current_frame.pop_stack_2(
1477 VerificationType::long2_type(),
1478 VerificationType::long_type(), CHECK_VERIFY(this));
1479 current_frame.push_stack(
1480 VerificationType::integer_type(), CHECK_VERIFY(this));
1481 no_control_flow = false; break;
1482 case Bytecodes::_i2f :
1483 current_frame.pop_stack(
1484 VerificationType::integer_type(), CHECK_VERIFY(this));
1485 current_frame.push_stack(
1486 VerificationType::float_type(), CHECK_VERIFY(this));
1487 no_control_flow = false; break;
1488 case Bytecodes::_i2d :
1489 current_frame.pop_stack(
1490 VerificationType::integer_type(), CHECK_VERIFY(this));
1491 current_frame.push_stack_2(
1492 VerificationType::double_type(),
1493 VerificationType::double2_type(), CHECK_VERIFY(this));
1494 no_control_flow = false; break;
1495 case Bytecodes::_l2f :
1496 current_frame.pop_stack_2(
1497 VerificationType::long2_type(),
1498 VerificationType::long_type(), CHECK_VERIFY(this));
1499 current_frame.push_stack(
1500 VerificationType::float_type(), CHECK_VERIFY(this));
1501 no_control_flow = false; break;
1502 case Bytecodes::_l2d :
1503 current_frame.pop_stack_2(
1504 VerificationType::long2_type(),
1505 VerificationType::long_type(), CHECK_VERIFY(this));
1506 current_frame.push_stack_2(
1507 VerificationType::double_type(),
1508 VerificationType::double2_type(), CHECK_VERIFY(this));
1509 no_control_flow = false; break;
1510 case Bytecodes::_f2i :
1511 current_frame.pop_stack(
1512 VerificationType::float_type(), CHECK_VERIFY(this));
1513 current_frame.push_stack(
1514 VerificationType::integer_type(), CHECK_VERIFY(this));
1515 no_control_flow = false; break;
1516 case Bytecodes::_f2l :
1517 current_frame.pop_stack(
1518 VerificationType::float_type(), CHECK_VERIFY(this));
1519 current_frame.push_stack_2(
1520 VerificationType::long_type(),
1521 VerificationType::long2_type(), CHECK_VERIFY(this));
1522 no_control_flow = false; break;
1523 case Bytecodes::_f2d :
1524 current_frame.pop_stack(
1525 VerificationType::float_type(), CHECK_VERIFY(this));
1526 current_frame.push_stack_2(
1527 VerificationType::double_type(),
1528 VerificationType::double2_type(), CHECK_VERIFY(this));
1529 no_control_flow = false; break;
1530 case Bytecodes::_d2i :
1531 current_frame.pop_stack_2(
1532 VerificationType::double2_type(),
1533 VerificationType::double_type(), CHECK_VERIFY(this));
1534 current_frame.push_stack(
1535 VerificationType::integer_type(), CHECK_VERIFY(this));
1536 no_control_flow = false; break;
1537 case Bytecodes::_d2l :
1538 current_frame.pop_stack_2(
1539 VerificationType::double2_type(),
1540 VerificationType::double_type(), CHECK_VERIFY(this));
1541 current_frame.push_stack_2(
1542 VerificationType::long_type(),
1543 VerificationType::long2_type(), CHECK_VERIFY(this));
1544 no_control_flow = false; break;
1545 case Bytecodes::_d2f :
1546 current_frame.pop_stack_2(
1547 VerificationType::double2_type(),
1548 VerificationType::double_type(), CHECK_VERIFY(this));
1549 current_frame.push_stack(
1550 VerificationType::float_type(), CHECK_VERIFY(this));
1551 no_control_flow = false; break;
1552 case Bytecodes::_i2b :
1553 case Bytecodes::_i2c :
1554 case Bytecodes::_i2s :
1555 current_frame.pop_stack(
1556 VerificationType::integer_type(), CHECK_VERIFY(this));
1557 current_frame.push_stack(
1558 VerificationType::integer_type(), CHECK_VERIFY(this));
1559 no_control_flow = false; break;
1560 case Bytecodes::_lcmp :
1561 current_frame.pop_stack_2(
1562 VerificationType::long2_type(),
1563 VerificationType::long_type(), CHECK_VERIFY(this));
1564 current_frame.pop_stack_2(
1565 VerificationType::long2_type(),
1566 VerificationType::long_type(), CHECK_VERIFY(this));
1567 current_frame.push_stack(
1568 VerificationType::integer_type(), CHECK_VERIFY(this));
1569 no_control_flow = false; break;
1570 case Bytecodes::_fcmpl :
1571 case Bytecodes::_fcmpg :
1572 current_frame.pop_stack(
1573 VerificationType::float_type(), CHECK_VERIFY(this));
1574 current_frame.pop_stack(
1575 VerificationType::float_type(), CHECK_VERIFY(this));
1576 current_frame.push_stack(
1577 VerificationType::integer_type(), CHECK_VERIFY(this));
1578 no_control_flow = false; break;
1579 case Bytecodes::_dcmpl :
1580 case Bytecodes::_dcmpg :
1581 current_frame.pop_stack_2(
1582 VerificationType::double2_type(),
1583 VerificationType::double_type(), CHECK_VERIFY(this));
1584 current_frame.pop_stack_2(
1585 VerificationType::double2_type(),
1586 VerificationType::double_type(), CHECK_VERIFY(this));
1587 current_frame.push_stack(
1588 VerificationType::integer_type(), CHECK_VERIFY(this));
1589 no_control_flow = false; break;
1590 case Bytecodes::_if_icmpeq:
1591 case Bytecodes::_if_icmpne:
1592 case Bytecodes::_if_icmplt:
1593 case Bytecodes::_if_icmpge:
1594 case Bytecodes::_if_icmpgt:
1595 case Bytecodes::_if_icmple:
1596 current_frame.pop_stack(
1597 VerificationType::integer_type(), CHECK_VERIFY(this));
1598 // fall through
1599 case Bytecodes::_ifeq:
1600 case Bytecodes::_ifne:
1601 case Bytecodes::_iflt:
1602 case Bytecodes::_ifge:
1603 case Bytecodes::_ifgt:
1604 case Bytecodes::_ifle:
1605 current_frame.pop_stack(
1606 VerificationType::integer_type(), CHECK_VERIFY(this));
1607 stackmap_table.check_jump_target(
1608 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1609 no_control_flow = false; break;
1610 case Bytecodes::_if_acmpeq :
1611 case Bytecodes::_if_acmpne :
1612 current_frame.pop_stack(
1613 VerificationType::reference_check(), CHECK_VERIFY(this));
1614 // fall through
1615 case Bytecodes::_ifnull :
1616 case Bytecodes::_ifnonnull :
1617 current_frame.pop_stack(
1618 VerificationType::reference_check(), CHECK_VERIFY(this));
1619 stackmap_table.check_jump_target
1620 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1621 no_control_flow = false; break;
1622 case Bytecodes::_goto :
1623 stackmap_table.check_jump_target(
1624 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1625 no_control_flow = true; break;
1626 case Bytecodes::_goto_w :
1627 stackmap_table.check_jump_target(
1628 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1629 no_control_flow = true; break;
1630 case Bytecodes::_tableswitch :
1631 case Bytecodes::_lookupswitch :
1632 verify_switch(
1633 &bcs, code_length, code_data, ¤t_frame,
1634 &stackmap_table, CHECK_VERIFY(this));
1635 no_control_flow = true; break;
1636 case Bytecodes::_ireturn :
1637 type = current_frame.pop_stack(
1638 VerificationType::integer_type(), CHECK_VERIFY(this));
1639 verify_return_value(return_type, type, bci,
1640 ¤t_frame, CHECK_VERIFY(this));
1641 no_control_flow = true; break;
1642 case Bytecodes::_lreturn :
1643 type2 = current_frame.pop_stack(
1644 VerificationType::long2_type(), CHECK_VERIFY(this));
1645 type = current_frame.pop_stack(
1646 VerificationType::long_type(), CHECK_VERIFY(this));
1647 verify_return_value(return_type, type, bci,
1648 ¤t_frame, CHECK_VERIFY(this));
1649 no_control_flow = true; break;
1650 case Bytecodes::_freturn :
1651 type = current_frame.pop_stack(
1652 VerificationType::float_type(), CHECK_VERIFY(this));
1653 verify_return_value(return_type, type, bci,
1654 ¤t_frame, CHECK_VERIFY(this));
1655 no_control_flow = true; break;
1656 case Bytecodes::_dreturn :
1657 type2 = current_frame.pop_stack(
1658 VerificationType::double2_type(), CHECK_VERIFY(this));
1659 type = current_frame.pop_stack(
1660 VerificationType::double_type(), CHECK_VERIFY(this));
1661 verify_return_value(return_type, type, bci,
1662 ¤t_frame, CHECK_VERIFY(this));
1663 no_control_flow = true; break;
1664 case Bytecodes::_areturn :
1665 type = current_frame.pop_stack(
1666 VerificationType::reference_check(), CHECK_VERIFY(this));
1667 verify_return_value(return_type, type, bci,
1668 ¤t_frame, CHECK_VERIFY(this));
1669 no_control_flow = true; break;
1670 case Bytecodes::_return :
1671 if (return_type != VerificationType::bogus_type()) {
1672 verify_error(ErrorContext::bad_code(bci),
1673 "Method expects a return value");
1674 return;
1675 }
1676 // Make sure "this" has been initialized if current method is an
1677 // <init>.
1678 if (_method->name() == vmSymbols::object_initializer_name() &&
1679 current_frame.flag_this_uninit()) {
1680 verify_error(ErrorContext::bad_code(bci),
1681 "Constructor must call super() or this() "
1682 "before return");
1683 return;
1684 }
1685 no_control_flow = true; break;
1686 case Bytecodes::_getstatic :
1687 case Bytecodes::_putstatic :
1688 // pass TRUE, operand can be an array type for getstatic/putstatic.
1689 verify_field_instructions(
1690 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1691 no_control_flow = false; break;
1692 case Bytecodes::_getfield :
1693 case Bytecodes::_putfield :
1694 // pass FALSE, operand can't be an array type for getfield/putfield.
1695 verify_field_instructions(
1696 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1697 no_control_flow = false; break;
1698 case Bytecodes::_invokevirtual :
1699 case Bytecodes::_invokespecial :
1700 case Bytecodes::_invokestatic :
1701 verify_invoke_instructions(
1702 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1703 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1704 no_control_flow = false; break;
1705 case Bytecodes::_invokeinterface :
1706 case Bytecodes::_invokedynamic :
1707 verify_invoke_instructions(
1708 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1709 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1710 no_control_flow = false; break;
1711 case Bytecodes::_new :
1712 {
1713 u2 index = bcs.get_index_u2();
1714 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1715 VerificationType new_class_type =
1716 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1717 if (!new_class_type.is_object()) {
1718 verify_error(ErrorContext::bad_type(bci,
1719 TypeOrigin::cp(index, new_class_type)),
1720 "Illegal new instruction");
1721 return;
1722 }
1723 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1724 current_frame.push_stack(type, CHECK_VERIFY(this));
1725 no_control_flow = false; break;
1726 }
1727 case Bytecodes::_newarray :
1728 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1729 current_frame.pop_stack(
1730 VerificationType::integer_type(), CHECK_VERIFY(this));
1731 current_frame.push_stack(type, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 case Bytecodes::_anewarray :
1734 verify_anewarray(
1735 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1736 no_control_flow = false; break;
1737 case Bytecodes::_arraylength :
1738 type = current_frame.pop_stack(
1739 VerificationType::reference_check(), CHECK_VERIFY(this));
1740 if (!(type.is_null() || type.is_array())) {
1741 verify_error(ErrorContext::bad_type(
1742 bci, current_frame.stack_top_ctx()),
1743 bad_type_msg, "arraylength");
1744 }
1745 current_frame.push_stack(
1746 VerificationType::integer_type(), CHECK_VERIFY(this));
1747 no_control_flow = false; break;
1748 case Bytecodes::_checkcast :
1749 {
1750 u2 index = bcs.get_index_u2();
1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1753 VerificationType klass_type = cp_index_to_type(
1754 index, cp, CHECK_VERIFY(this));
1755 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1756 no_control_flow = false; break;
1757 }
1758 case Bytecodes::_instanceof : {
1759 u2 index = bcs.get_index_u2();
1760 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1761 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1762 current_frame.push_stack(
1763 VerificationType::integer_type(), CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 }
1766 case Bytecodes::_monitorenter :
1767 case Bytecodes::_monitorexit :
1768 current_frame.pop_stack(
1769 VerificationType::reference_check(), CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 case Bytecodes::_multianewarray :
1772 {
1773 u2 index = bcs.get_index_u2();
1774 u2 dim = *(bcs.bcp()+3);
1775 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1776 VerificationType new_array_type =
1777 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1778 if (!new_array_type.is_array()) {
1779 verify_error(ErrorContext::bad_type(bci,
1780 TypeOrigin::cp(index, new_array_type)),
1781 "Illegal constant pool index in multianewarray instruction");
1782 return;
1783 }
1784 if (dim < 1 || new_array_type.dimensions() < dim) {
1785 verify_error(ErrorContext::bad_code(bci),
1786 "Illegal dimension in multianewarray instruction: %d", dim);
1787 return;
1788 }
1789 for (int i = 0; i < dim; i++) {
1790 current_frame.pop_stack(
1791 VerificationType::integer_type(), CHECK_VERIFY(this));
1792 }
1793 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1794 no_control_flow = false; break;
1795 }
1796 case Bytecodes::_athrow :
1797 type = VerificationType::reference_type(
1798 vmSymbols::java_lang_Throwable());
1799 current_frame.pop_stack(type, CHECK_VERIFY(this));
1800 no_control_flow = true; break;
1801 default:
1802 // We only need to check the valid bytecodes in class file.
1803 // And jsr and ret are not in the new class file format in JDK1.6.
1804 verify_error(ErrorContext::bad_code(bci),
1805 "Bad instruction: %02x", opcode);
1806 no_control_flow = false;
1807 return;
1808 } // end switch
1809 } // end Merge with the next instruction
1810
1811 // Look for possible jump target in exception handlers and see if it matches
1812 // current_frame. Don't do this check if it has already been done (for
1813 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1814 // opcodes, such as invokespecial, may set the this_uninit flag.
1815 assert(!(verified_exc_handlers && this_uninit),
1816 "Exception handler targets got verified before this_uninit got set");
1817 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1818 if (was_recursively_verified()) return;
1819 verify_exception_handler_targets(
1820 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1821 }
1822 } // end while
1823
1824 // Make sure that control flow does not fall through end of the method
1825 if (!no_control_flow) {
1826 verify_error(ErrorContext::bad_code(code_length),
1827 "Control flow falls through code end");
1828 return;
1829 }
1830 }
1831
1832 #undef bad_type_message
1833
1834 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1835 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1836 memset(code_data, 0, sizeof(char) * code_length);
1837 RawBytecodeStream bcs(m);
1838
1839 while (!bcs.is_last_bytecode()) {
1840 if (bcs.raw_next() != Bytecodes::_illegal) {
1841 int bci = bcs.bci();
1842 if (bcs.raw_code() == Bytecodes::_new) {
1843 code_data[bci] = NEW_OFFSET;
1844 } else {
1845 code_data[bci] = BYTECODE_OFFSET;
1846 }
1847 } else {
1848 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1849 return nullptr;
1850 }
1851 }
1852
1853 return code_data;
1854 }
1855
1856 // Since this method references the constant pool, call was_recursively_verified()
1857 // before calling this method to make sure a prior class load did not cause the
1858 // current class to get verified.
1859 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1860 ExceptionTable exhandlers(_method());
1861 int exlength = exhandlers.length();
1862 constantPoolHandle cp (THREAD, _method->constants());
1863
1864 for(int i = 0; i < exlength; i++) {
1865 u2 start_pc = exhandlers.start_pc(i);
1866 u2 end_pc = exhandlers.end_pc(i);
1867 u2 handler_pc = exhandlers.handler_pc(i);
1868 if (start_pc >= code_length || code_data[start_pc] == 0) {
1869 class_format_error("Illegal exception table start_pc %d", start_pc);
1870 return;
1871 }
1872 if (end_pc != code_length) { // special case: end_pc == code_length
1873 if (end_pc > code_length || code_data[end_pc] == 0) {
1874 class_format_error("Illegal exception table end_pc %d", end_pc);
1875 return;
1876 }
1877 }
1878 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1879 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1880 return;
1881 }
1882 u2 catch_type_index = exhandlers.catch_type_index(i);
1883 if (catch_type_index != 0) {
1884 VerificationType catch_type = cp_index_to_type(
1885 catch_type_index, cp, CHECK_VERIFY(this));
1886 VerificationType throwable =
1887 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1888 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1889 // do that, and we need to avoid a runtime resolution in case we are trying to
1890 // catch OutOfMemoryError.
1891 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1892 cp->klass_at(catch_type_index, CHECK);
1893 }
1894 bool is_subclass = throwable.is_assignable_from(
1895 catch_type, this, false, CHECK_VERIFY(this));
1896 if (!is_subclass) {
1897 // 4286534: should throw VerifyError according to recent spec change
1898 verify_error(ErrorContext::bad_type(handler_pc,
1899 TypeOrigin::cp(catch_type_index, catch_type),
1900 TypeOrigin::implicit(throwable)),
1901 "Catch type is not a subclass "
1902 "of Throwable in exception handler %d", handler_pc);
1903 return;
1904 }
1905 }
1906 if (start_pc < min) min = start_pc;
1907 if (end_pc > max) max = end_pc;
1908 }
1909 }
1910
1911 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1912 int localvariable_table_length = _method->localvariable_table_length();
1913 if (localvariable_table_length > 0) {
1914 LocalVariableTableElement* table = _method->localvariable_table_start();
1915 for (int i = 0; i < localvariable_table_length; i++) {
1916 u2 start_bci = table[i].start_bci;
1917 u2 length = table[i].length;
1918
1919 if (start_bci >= code_length || code_data[start_bci] == 0) {
1920 class_format_error(
1921 "Illegal local variable table start_pc %d", start_bci);
1922 return;
1923 }
1924 u4 end_bci = (u4)(start_bci + length);
1925 if (end_bci != code_length) {
1926 if (end_bci >= code_length || code_data[end_bci] == 0) {
1927 class_format_error( "Illegal local variable table length %d", length);
1928 return;
1929 }
1930 }
1931 }
1932 }
1933 }
1934
1935 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1936 StackMapFrame* current_frame,
1937 StackMapTable* stackmap_table,
1938 bool no_control_flow, TRAPS) {
1939 if (stackmap_index < stackmap_table->get_frame_count()) {
1940 int this_offset = stackmap_table->get_offset(stackmap_index);
1941 if (no_control_flow && this_offset > bci) {
1942 verify_error(ErrorContext::missing_stackmap(bci),
1943 "Expecting a stack map frame");
1944 return 0;
1945 }
1946 if (this_offset == bci) {
1947 ErrorContext ctx;
1948 // See if current stack map can be assigned to the frame in table.
1949 // current_frame is the stackmap frame got from the last instruction.
1950 // If matched, current_frame will be updated by this method.
1951 bool matches = stackmap_table->match_stackmap(
1952 current_frame, this_offset, stackmap_index,
1953 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1954 if (!matches) {
1955 // report type error
1956 verify_error(ctx, "Instruction type does not match stack map");
1957 return 0;
1958 }
1959 stackmap_index++;
1960 } else if (this_offset < bci) {
1961 // current_offset should have met this_offset.
1962 class_format_error("Bad stack map offset %d", this_offset);
1963 return 0;
1964 }
1965 } else if (no_control_flow) {
1966 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1967 return 0;
1968 }
1969 return stackmap_index;
1970 }
1971
1972 // Since this method references the constant pool, call was_recursively_verified()
1973 // before calling this method to make sure a prior class load did not cause the
1974 // current class to get verified.
1975 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1976 StackMapFrame* current_frame,
1977 StackMapTable* stackmap_table, TRAPS) {
1978 constantPoolHandle cp (THREAD, _method->constants());
1979 ExceptionTable exhandlers(_method());
1980 int exlength = exhandlers.length();
1981 for(int i = 0; i < exlength; i++) {
1982 u2 start_pc = exhandlers.start_pc(i);
1983 u2 end_pc = exhandlers.end_pc(i);
1984 u2 handler_pc = exhandlers.handler_pc(i);
1985 int catch_type_index = exhandlers.catch_type_index(i);
1986 if(bci >= start_pc && bci < end_pc) {
1987 u1 flags = current_frame->flags();
1988 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1989 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1990 if (catch_type_index != 0) {
1991 if (was_recursively_verified()) return;
1992 // We know that this index refers to a subclass of Throwable
1993 VerificationType catch_type = cp_index_to_type(
1994 catch_type_index, cp, CHECK_VERIFY(this));
1995 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
1996 } else {
1997 VerificationType throwable =
1998 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1999 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2000 }
2001 ErrorContext ctx;
2002 bool matches = stackmap_table->match_stackmap(
2003 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2004 if (!matches) {
2005 verify_error(ctx, "Stack map does not match the one at "
2006 "exception handler %d", handler_pc);
2007 return;
2008 }
2009 }
2010 }
2011 }
2012
2013 void ClassVerifier::verify_cp_index(
2014 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2015 int nconstants = cp->length();
2016 if ((index <= 0) || (index >= nconstants)) {
2017 verify_error(ErrorContext::bad_cp_index(bci, index),
2018 "Illegal constant pool index %d in class %s",
2019 index, cp->pool_holder()->external_name());
2020 return;
2021 }
2022 }
2023
2024 void ClassVerifier::verify_cp_type(
2025 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2026
2027 // In some situations, bytecode rewriting may occur while we're verifying.
2028 // In this case, a constant pool cache exists and some indices refer to that
2029 // instead. Be sure we don't pick up such indices by accident.
2030 // We must check was_recursively_verified() before we get here.
2031 guarantee(cp->cache() == nullptr, "not rewritten yet");
2032
2033 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2034 unsigned int tag = cp->tag_at(index).value();
2035 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2036 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2037 verify_error(ErrorContext::bad_cp_index(bci, index),
2038 "Illegal type at constant pool entry %d in class %s",
2039 index, cp->pool_holder()->external_name());
2040 return;
2041 }
2042 }
2043
2044 void ClassVerifier::verify_cp_class_type(
2045 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2046 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2047 constantTag tag = cp->tag_at(index);
2048 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2049 verify_error(ErrorContext::bad_cp_index(bci, index),
2050 "Illegal type at constant pool entry %d in class %s",
2051 index, cp->pool_holder()->external_name());
2052 return;
2053 }
2054 }
2055
2056 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2057 stringStream ss;
2058
2059 ctx.reset_frames();
2060 _exception_type = vmSymbols::java_lang_VerifyError();
2061 _error_context = ctx;
2062 va_list va;
2063 va_start(va, msg);
2064 ss.vprint(msg, va);
2065 va_end(va);
2066 _message = ss.as_string();
2067 #ifdef ASSERT
2068 ResourceMark rm;
2069 const char* exception_name = _exception_type->as_C_string();
2070 Exceptions::debug_check_abort(exception_name, nullptr);
2071 #endif // ndef ASSERT
2072 }
2073
2074 void ClassVerifier::class_format_error(const char* msg, ...) {
2075 stringStream ss;
2076 _exception_type = vmSymbols::java_lang_ClassFormatError();
2077 va_list va;
2078 va_start(va, msg);
2079 ss.vprint(msg, va);
2080 va_end(va);
2081 if (!_method.is_null()) {
2082 ss.print(" in method '");
2083 _method->print_external_name(&ss);
2084 ss.print("'");
2085 }
2086 _message = ss.as_string();
2087 }
2088
2089 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2090 HandleMark hm(THREAD);
2091 // Get current loader first.
2092 oop loader = current_class()->class_loader();
2093
2094 assert(name_in_supers(name, current_class()), "name should be a super class");
2095
2096 Klass* kls = SystemDictionary::resolve_or_fail(
2097 name, Handle(THREAD, loader), true, THREAD);
2098
2099 if (kls != nullptr) {
2100 if (log_is_enabled(Debug, class, resolve)) {
2101 Verifier::trace_class_resolution(kls, current_class());
2102 }
2103 }
2104 return kls;
2105 }
2106
2107 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2108 Klass* target_class,
2109 Symbol* field_name,
2110 Symbol* field_sig,
2111 bool is_method) {
2112 NoSafepointVerifier nosafepoint;
2113
2114 // If target class isn't a super class of this class, we don't worry about this case
2115 if (!this_class->is_subclass_of(target_class)) {
2116 return false;
2117 }
2118 // Check if the specified method or field is protected
2119 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2120 fieldDescriptor fd;
2121 if (is_method) {
2122 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2123 if (m != nullptr && m->is_protected()) {
2124 if (!this_class->is_same_class_package(m->method_holder())) {
2125 return true;
2126 }
2127 }
2128 } else {
2129 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2130 if (member_klass != nullptr && fd.is_protected()) {
2131 if (!this_class->is_same_class_package(member_klass)) {
2132 return true;
2133 }
2134 }
2135 }
2136 return false;
2137 }
2138
2139 void ClassVerifier::verify_ldc(
2140 int opcode, u2 index, StackMapFrame* current_frame,
2141 const constantPoolHandle& cp, int bci, TRAPS) {
2142 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2143 constantTag tag = cp->tag_at(index);
2144 unsigned int types = 0;
2145 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2146 if (!tag.is_unresolved_klass()) {
2147 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2148 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2149 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2150 | (1 << JVM_CONSTANT_Dynamic);
2151 // Note: The class file parser already verified the legality of
2152 // MethodHandle and MethodType constants.
2153 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2154 }
2155 } else {
2156 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2157 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2158 | (1 << JVM_CONSTANT_Dynamic);
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 if (tag.is_string()) {
2162 current_frame->push_stack(
2163 VerificationType::reference_type(
2164 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2165 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2166 current_frame->push_stack(
2167 VerificationType::reference_type(
2168 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2169 } else if (tag.is_int()) {
2170 current_frame->push_stack(
2171 VerificationType::integer_type(), CHECK_VERIFY(this));
2172 } else if (tag.is_float()) {
2173 current_frame->push_stack(
2174 VerificationType::float_type(), CHECK_VERIFY(this));
2175 } else if (tag.is_double()) {
2176 current_frame->push_stack_2(
2177 VerificationType::double_type(),
2178 VerificationType::double2_type(), CHECK_VERIFY(this));
2179 } else if (tag.is_long()) {
2180 current_frame->push_stack_2(
2181 VerificationType::long_type(),
2182 VerificationType::long2_type(), CHECK_VERIFY(this));
2183 } else if (tag.is_method_handle()) {
2184 current_frame->push_stack(
2185 VerificationType::reference_type(
2186 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2187 } else if (tag.is_method_type()) {
2188 current_frame->push_stack(
2189 VerificationType::reference_type(
2190 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2191 } else if (tag.is_dynamic_constant()) {
2192 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2193 // Field signature was checked in ClassFileParser.
2194 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2195 "Invalid type for dynamic constant");
2196 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2197 "buffer type must match VerificationType size");
2198 uintptr_t constant_type_buffer[2];
2199 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2200 SignatureStream sig_stream(constant_type, false);
2201 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2202 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2203 if (n != opcode_n) {
2204 // wrong kind of ldc; reverify against updated type mask
2205 types &= ~(1 << JVM_CONSTANT_Dynamic);
2206 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207 }
2208 for (int i = 0; i < n; i++) {
2209 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2210 }
2211 } else {
2212 /* Unreachable? verify_cp_type has already validated the cp type. */
2213 verify_error(
2214 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2215 return;
2216 }
2217 }
2218
2219 void ClassVerifier::verify_switch(
2220 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2221 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2222 int bci = bcs->bci();
2223 address bcp = bcs->bcp();
2224 address aligned_bcp = align_up(bcp + 1, jintSize);
2225
2226 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2227 // 4639449 & 4647081: padding bytes must be 0
2228 u2 padding_offset = 1;
2229 while ((bcp + padding_offset) < aligned_bcp) {
2230 if(*(bcp + padding_offset) != 0) {
2231 verify_error(ErrorContext::bad_code(bci),
2232 "Nonzero padding byte in lookupswitch or tableswitch");
2233 return;
2234 }
2235 padding_offset++;
2236 }
2237 }
2238
2239 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2240 int keys, delta;
2241 current_frame->pop_stack(
2242 VerificationType::integer_type(), CHECK_VERIFY(this));
2243 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2244 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2245 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2246 if (low > high) {
2247 verify_error(ErrorContext::bad_code(bci),
2248 "low must be less than or equal to high in tableswitch");
2249 return;
2250 }
2251 int64_t keys64 = ((int64_t)high - low) + 1;
2252 if (keys64 > 65535) { // Max code length
2253 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2254 return;
2255 }
2256 keys = (int)keys64;
2257 delta = 1;
2258 } else {
2259 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2260 if (keys < 0) {
2261 verify_error(ErrorContext::bad_code(bci),
2262 "number of keys in lookupswitch less than 0");
2263 return;
2264 }
2265 delta = 2;
2266 // Make sure that the lookupswitch items are sorted
2267 for (int i = 0; i < (keys - 1); i++) {
2268 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2269 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2270 if (this_key >= next_key) {
2271 verify_error(ErrorContext::bad_code(bci),
2272 "Bad lookupswitch instruction");
2273 return;
2274 }
2275 }
2276 }
2277 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2278 for (int i = 0; i < keys; i++) {
2279 // Because check_jump_target() may safepoint, the bytecode could have
2280 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2281 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2282 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2283 stackmap_table->check_jump_target(
2284 current_frame, bci, offset, CHECK_VERIFY(this));
2285 }
2286 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2287 }
2288
2289 bool ClassVerifier::name_in_supers(
2290 Symbol* ref_name, InstanceKlass* current) {
2291 Klass* super = current->super();
2292 while (super != nullptr) {
2293 if (super->name() == ref_name) {
2294 return true;
2295 }
2296 super = super->super();
2297 }
2298 return false;
2299 }
2300
2301 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2302 StackMapFrame* current_frame,
2303 const constantPoolHandle& cp,
2304 bool allow_arrays,
2305 TRAPS) {
2306 u2 index = bcs->get_index_u2();
2307 verify_cp_type(bcs->bci(), index, cp,
2308 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2309
2310 // Get field name and signature
2311 Symbol* field_name = cp->uncached_name_ref_at(index);
2312 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2313 bool is_getfield = false;
2314
2315 // Field signature was checked in ClassFileParser.
2316 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2317 "Invalid field signature");
2318
2319 // Get referenced class type
2320 VerificationType ref_class_type = cp_ref_index_to_type(
2321 index, cp, CHECK_VERIFY(this));
2322 if (!ref_class_type.is_object() &&
2323 (!allow_arrays || !ref_class_type.is_array())) {
2324 verify_error(ErrorContext::bad_type(bcs->bci(),
2325 TypeOrigin::cp(index, ref_class_type)),
2326 "Expecting reference to class in class %s at constant pool index %d",
2327 _klass->external_name(), index);
2328 return;
2329 }
2330 VerificationType target_class_type = ref_class_type;
2331
2332 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2333 "buffer type must match VerificationType size");
2334 uintptr_t field_type_buffer[2];
2335 VerificationType* field_type = (VerificationType*)field_type_buffer;
2336 // If we make a VerificationType[2] array directly, the compiler calls
2337 // to the c-runtime library to do the allocation instead of just
2338 // stack allocating it. Plus it would run constructors. This shows up
2339 // in performance profiles.
2340
2341 SignatureStream sig_stream(field_sig, false);
2342 VerificationType stack_object_type;
2343 int n = change_sig_to_verificationType(&sig_stream, field_type);
2344 int bci = bcs->bci();
2345 bool is_assignable;
2346 switch (bcs->raw_code()) {
2347 case Bytecodes::_getstatic: {
2348 for (int i = 0; i < n; i++) {
2349 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2350 }
2351 break;
2352 }
2353 case Bytecodes::_putstatic: {
2354 for (int i = n - 1; i >= 0; i--) {
2355 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2356 }
2357 break;
2358 }
2359 case Bytecodes::_getfield: {
2360 is_getfield = true;
2361 stack_object_type = current_frame->pop_stack(
2362 target_class_type, CHECK_VERIFY(this));
2363 goto check_protected;
2364 }
2365 case Bytecodes::_putfield: {
2366 for (int i = n - 1; i >= 0; i--) {
2367 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2368 }
2369 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2370
2371 // The JVMS 2nd edition allows field initialization before the superclass
2372 // initializer, if the field is defined within the current class.
2373 fieldDescriptor fd;
2374 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2375 target_class_type.equals(current_type()) &&
2376 _klass->find_local_field(field_name, field_sig, &fd)) {
2377 stack_object_type = current_type();
2378 }
2379 is_assignable = target_class_type.is_assignable_from(
2380 stack_object_type, this, false, CHECK_VERIFY(this));
2381 if (!is_assignable) {
2382 verify_error(ErrorContext::bad_type(bci,
2383 current_frame->stack_top_ctx(),
2384 TypeOrigin::cp(index, target_class_type)),
2385 "Bad type on operand stack in putfield");
2386 return;
2387 }
2388 }
2389 check_protected: {
2390 if (_this_type == stack_object_type)
2391 break; // stack_object_type must be assignable to _current_class_type
2392 if (was_recursively_verified()) {
2393 if (is_getfield) {
2394 // Push field type for getfield.
2395 for (int i = 0; i < n; i++) {
2396 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2397 }
2398 }
2399 return;
2400 }
2401 Symbol* ref_class_name =
2402 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2403 if (!name_in_supers(ref_class_name, current_class()))
2404 // stack_object_type must be assignable to _current_class_type since:
2405 // 1. stack_object_type must be assignable to ref_class.
2406 // 2. ref_class must be _current_class or a subclass of it. It can't
2407 // be a superclass of it. See revised JVMS 5.4.4.
2408 break;
2409
2410 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2411 if (is_protected_access(current_class(), ref_class_oop, field_name,
2412 field_sig, false)) {
2413 // It's protected access, check if stack object is assignable to
2414 // current class.
2415 is_assignable = current_type().is_assignable_from(
2416 stack_object_type, this, true, CHECK_VERIFY(this));
2417 if (!is_assignable) {
2418 verify_error(ErrorContext::bad_type(bci,
2419 current_frame->stack_top_ctx(),
2420 TypeOrigin::implicit(current_type())),
2421 "Bad access to protected data in %s",
2422 is_getfield ? "getfield" : "putfield");
2423 return;
2424 }
2425 }
2426 break;
2427 }
2428 default: ShouldNotReachHere();
2429 }
2430 if (is_getfield) {
2431 // Push field type for getfield after doing protection check.
2432 for (int i = 0; i < n; i++) {
2433 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2434 }
2435 }
2436 }
2437
2438 void ClassVerifier::verify_invoke_init(
2439 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2440 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2441 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2442 TRAPS) {
2443 int bci = bcs->bci();
2444 VerificationType type = current_frame->pop_stack(
2445 VerificationType::reference_check(), CHECK_VERIFY(this));
2446 if (type == VerificationType::uninitialized_this_type()) {
2447 // The method must be an <init> method of this class or its superclass
2448 Klass* superk = current_class()->super();
2449 if (ref_class_type.name() != current_class()->name() &&
2450 ref_class_type.name() != superk->name()) {
2451 verify_error(ErrorContext::bad_type(bci,
2452 TypeOrigin::implicit(ref_class_type),
2453 TypeOrigin::implicit(current_type())),
2454 "Bad <init> method call");
2455 return;
2456 }
2457
2458 // If this invokespecial call is done from inside of a TRY block then make
2459 // sure that all catch clause paths end in a throw. Otherwise, this can
2460 // result in returning an incomplete object.
2461 if (in_try_block) {
2462 // Check the exception handler target stackmaps with the locals from the
2463 // incoming stackmap (before initialize_object() changes them to outgoing
2464 // state).
2465 if (was_recursively_verified()) return;
2466 verify_exception_handler_targets(bci, true, current_frame,
2467 stackmap_table, CHECK_VERIFY(this));
2468 } // in_try_block
2469
2470 current_frame->initialize_object(type, current_type());
2471 *this_uninit = true;
2472 } else if (type.is_uninitialized()) {
2473 u2 new_offset = type.bci();
2474 address new_bcp = bcs->bcp() - bci + new_offset;
2475 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2476 /* Unreachable? Stack map parsing ensures valid type and new
2477 * instructions have a valid BCI. */
2478 verify_error(ErrorContext::bad_code(new_offset),
2479 "Expecting new instruction");
2480 return;
2481 }
2482 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2483 if (was_recursively_verified()) return;
2484 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2485
2486 // The method must be an <init> method of the indicated class
2487 VerificationType new_class_type = cp_index_to_type(
2488 new_class_index, cp, CHECK_VERIFY(this));
2489 if (!new_class_type.equals(ref_class_type)) {
2490 verify_error(ErrorContext::bad_type(bci,
2491 TypeOrigin::cp(new_class_index, new_class_type),
2492 TypeOrigin::cp(ref_class_index, ref_class_type)),
2493 "Call to wrong <init> method");
2494 return;
2495 }
2496 // According to the VM spec, if the referent class is a superclass of the
2497 // current class, and is in a different runtime package, and the method is
2498 // protected, then the objectref must be the current class or a subclass
2499 // of the current class.
2500 VerificationType objectref_type = new_class_type;
2501 if (name_in_supers(ref_class_type.name(), current_class())) {
2502 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2503 if (was_recursively_verified()) return;
2504 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2505 vmSymbols::object_initializer_name(),
2506 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2507 Klass::OverpassLookupMode::find);
2508 // Do nothing if method is not found. Let resolution detect the error.
2509 if (m != nullptr) {
2510 InstanceKlass* mh = m->method_holder();
2511 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2512 bool assignable = current_type().is_assignable_from(
2513 objectref_type, this, true, CHECK_VERIFY(this));
2514 if (!assignable) {
2515 verify_error(ErrorContext::bad_type(bci,
2516 TypeOrigin::cp(new_class_index, objectref_type),
2517 TypeOrigin::implicit(current_type())),
2518 "Bad access to protected <init> method");
2519 return;
2520 }
2521 }
2522 }
2523 }
2524 // Check the exception handler target stackmaps with the locals from the
2525 // incoming stackmap (before initialize_object() changes them to outgoing
2526 // state).
2527 if (in_try_block) {
2528 if (was_recursively_verified()) return;
2529 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2530 stackmap_table, CHECK_VERIFY(this));
2531 }
2532 current_frame->initialize_object(type, new_class_type);
2533 } else {
2534 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2535 "Bad operand type when invoking <init>");
2536 return;
2537 }
2538 }
2539
2540 bool ClassVerifier::is_same_or_direct_interface(
2541 InstanceKlass* klass,
2542 VerificationType klass_type,
2543 VerificationType ref_class_type) {
2544 if (ref_class_type.equals(klass_type)) return true;
2545 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2546 if (local_interfaces != nullptr) {
2547 for (int x = 0; x < local_interfaces->length(); x++) {
2548 InstanceKlass* k = local_interfaces->at(x);
2549 assert (k != nullptr && k->is_interface(), "invalid interface");
2550 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2551 return true;
2552 }
2553 }
2554 }
2555 return false;
2556 }
2557
2558 void ClassVerifier::verify_invoke_instructions(
2559 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2560 bool in_try_block, bool *this_uninit, VerificationType return_type,
2561 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2562 // Make sure the constant pool item is the right type
2563 u2 index = bcs->get_index_u2();
2564 Bytecodes::Code opcode = bcs->raw_code();
2565 unsigned int types = 0;
2566 switch (opcode) {
2567 case Bytecodes::_invokeinterface:
2568 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2569 break;
2570 case Bytecodes::_invokedynamic:
2571 types = 1 << JVM_CONSTANT_InvokeDynamic;
2572 break;
2573 case Bytecodes::_invokespecial:
2574 case Bytecodes::_invokestatic:
2575 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2576 (1 << JVM_CONSTANT_Methodref) :
2577 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2578 break;
2579 default:
2580 types = 1 << JVM_CONSTANT_Methodref;
2581 }
2582 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2583
2584 // Get method name and signature
2585 Symbol* method_name = cp->uncached_name_ref_at(index);
2586 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2587
2588 // Method signature was checked in ClassFileParser.
2589 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2590 "Invalid method signature");
2591
2592 // Get referenced class type
2593 VerificationType ref_class_type;
2594 if (opcode == Bytecodes::_invokedynamic) {
2595 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2596 class_format_error(
2597 "invokedynamic instructions not supported by this class file version (%d), class %s",
2598 _klass->major_version(), _klass->external_name());
2599 return;
2600 }
2601 } else {
2602 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2603 }
2604
2605 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2606 "buffer type must match VerificationType size");
2607
2608 // Get the UTF8 index for this signature.
2609 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2610
2611 // Get the signature's verification types.
2612 sig_as_verification_types* mth_sig_verif_types;
2613 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2614 if (mth_sig_verif_types_ptr != nullptr) {
2615 // Found the entry for the signature's verification types in the hash table.
2616 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2617 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2618 } else {
2619 // Not found, add the entry to the table.
2620 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2621 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2622 create_method_sig_entry(mth_sig_verif_types, sig_index);
2623 }
2624
2625 // Get the number of arguments for this signature.
2626 int nargs = mth_sig_verif_types->num_args();
2627
2628 // Check instruction operands
2629 int bci = bcs->bci();
2630 if (opcode == Bytecodes::_invokeinterface) {
2631 address bcp = bcs->bcp();
2632 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2633 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2634 // the difference between the size of the operand stack before and after the instruction
2635 // executes.
2636 if (*(bcp+3) != (nargs+1)) {
2637 verify_error(ErrorContext::bad_code(bci),
2638 "Inconsistent args count operand in invokeinterface");
2639 return;
2640 }
2641 if (*(bcp+4) != 0) {
2642 verify_error(ErrorContext::bad_code(bci),
2643 "Fourth operand byte of invokeinterface must be zero");
2644 return;
2645 }
2646 }
2647
2648 if (opcode == Bytecodes::_invokedynamic) {
2649 address bcp = bcs->bcp();
2650 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2651 verify_error(ErrorContext::bad_code(bci),
2652 "Third and fourth operand bytes of invokedynamic must be zero");
2653 return;
2654 }
2655 }
2656
2657 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2658 // Make sure <init> can only be invoked by invokespecial
2659 if (opcode != Bytecodes::_invokespecial ||
2660 method_name != vmSymbols::object_initializer_name()) {
2661 verify_error(ErrorContext::bad_code(bci),
2662 "Illegal call to internal method");
2663 return;
2664 }
2665 }
2666 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2667 // or any superclass (including Object).
2668 else if (opcode == Bytecodes::_invokespecial
2669 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2670 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) {
2671
2672 // We know it is not current class, direct superinterface or immediate superclass. That means it
2673 // could be:
2674 // - a totally unrelated class or interface
2675 // - an indirect superinterface
2676 // - an indirect superclass (including Object)
2677 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2678 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2679 // implemented as assignability treats all interfaces as Object.
2680
2681 bool is_interface = false; // This can only be set true if the assignability check will return true
2682 // and we loaded the class. For any other "true" returns (e.g. same class
2683 // or Object) we either can't get here (same class already excluded above)
2684 // or we know it is not an interface (i.e. Object).
2685 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2686 &is_interface, CHECK_VERIFY(this));
2687 if (!subtype) { // Totally unrelated class
2688 verify_error(ErrorContext::bad_code(bci),
2689 "Bad invokespecial instruction: "
2690 "current class isn't assignable to reference class.");
2691 return;
2692 } else {
2693 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2694 // Any interface use is an error.
2695 if (is_interface) {
2696 verify_error(ErrorContext::bad_code(bci),
2697 "Bad invokespecial instruction: "
2698 "interface method to invoke is not in a direct superinterface.");
2699 return;
2700 }
2701 }
2702 }
2703
2704 // Get the verification types for the method's arguments.
2705 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2706 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2707 // Match method descriptor with operand stack
2708 // The arguments are on the stack in descending order.
2709 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2710 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2711 }
2712
2713 // Check objectref on operand stack
2714 if (opcode != Bytecodes::_invokestatic &&
2715 opcode != Bytecodes::_invokedynamic) {
2716 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2717 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2718 code_length, in_try_block, this_uninit, cp, stackmap_table,
2719 CHECK_VERIFY(this));
2720 if (was_recursively_verified()) return;
2721 } else { // other methods
2722 // Ensures that target class is assignable to method class.
2723 if (opcode == Bytecodes::_invokespecial) {
2724 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2725 } else if (opcode == Bytecodes::_invokevirtual) {
2726 VerificationType stack_object_type =
2727 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2728 if (current_type() != stack_object_type) {
2729 if (was_recursively_verified()) return;
2730 assert(cp->cache() == nullptr, "not rewritten yet");
2731 Symbol* ref_class_name =
2732 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2733 // See the comments in verify_field_instructions() for
2734 // the rationale behind this.
2735 if (name_in_supers(ref_class_name, current_class())) {
2736 Klass* ref_class = load_class(ref_class_name, CHECK);
2737 if (is_protected_access(
2738 _klass, ref_class, method_name, method_sig, true)) {
2739 // It's protected access, check if stack object is
2740 // assignable to current class.
2741 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2742 && stack_object_type.is_array()
2743 && method_name == vmSymbols::clone_name()) {
2744 // Special case: arrays pretend to implement public Object
2745 // clone().
2746 } else {
2747 bool is_assignable = current_type().is_assignable_from(
2748 stack_object_type, this, true, CHECK_VERIFY(this));
2749 if (!is_assignable) {
2750 verify_error(ErrorContext::bad_type(bci,
2751 current_frame->stack_top_ctx(),
2752 TypeOrigin::implicit(current_type())),
2753 "Bad access to protected data in invokevirtual");
2754 return;
2755 }
2756 }
2757 }
2758 }
2759 }
2760 } else {
2761 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2762 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2763 }
2764 }
2765 }
2766 // Push the result type.
2767 int sig_verif_types_len = sig_verif_types->length();
2768 if (sig_verif_types_len > nargs) { // There's a return type
2769 if (method_name == vmSymbols::object_initializer_name()) {
2770 // <init> method must have a void return type
2771 /* Unreachable? Class file parser verifies that methods with '<' have
2772 * void return */
2773 verify_error(ErrorContext::bad_code(bci),
2774 "Return type must be void in <init> method");
2775 return;
2776 }
2777
2778 assert(sig_verif_types_len <= nargs + 2,
2779 "Signature verification types array return type is bogus");
2780 for (int i = nargs; i < sig_verif_types_len; i++) {
2781 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2782 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2783 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2784 }
2785 }
2786 }
2787
2788 VerificationType ClassVerifier::get_newarray_type(
2789 u2 index, int bci, TRAPS) {
2790 const char* from_bt[] = {
2791 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2792 };
2793 if (index < T_BOOLEAN || index > T_LONG) {
2794 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2795 return VerificationType::bogus_type();
2796 }
2797
2798 // from_bt[index] contains the array signature which has a length of 2
2799 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2800 return VerificationType::reference_type(sig);
2801 }
2802
2803 void ClassVerifier::verify_anewarray(
2804 int bci, u2 index, const constantPoolHandle& cp,
2805 StackMapFrame* current_frame, TRAPS) {
2806 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2807 current_frame->pop_stack(
2808 VerificationType::integer_type(), CHECK_VERIFY(this));
2809
2810 if (was_recursively_verified()) return;
2811 VerificationType component_type =
2812 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2813 int length;
2814 char* arr_sig_str;
2815 if (component_type.is_array()) { // it's an array
2816 const char* component_name = component_type.name()->as_utf8();
2817 // Check for more than MAX_ARRAY_DIMENSIONS
2818 length = (int)strlen(component_name);
2819 if (length > MAX_ARRAY_DIMENSIONS &&
2820 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2821 verify_error(ErrorContext::bad_code(bci),
2822 "Illegal anewarray instruction, array has more than 255 dimensions");
2823 }
2824 // add one dimension to component
2825 length++;
2826 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2827 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2828 JVM_SIGNATURE_ARRAY, component_name);
2829 assert(n == length, "Unexpected number of characters in string");
2830 } else { // it's an object or interface
2831 const char* component_name = component_type.name()->as_utf8();
2832 // add one dimension to component with 'L' prepended and ';' postpended.
2833 length = (int)strlen(component_name) + 3;
2834 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2835 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2836 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2837 assert(n == length, "Unexpected number of characters in string");
2838 }
2839 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2840 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2841 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2842 }
2843
2844 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2845 current_frame->get_local(
2846 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2847 current_frame->push_stack(
2848 VerificationType::integer_type(), CHECK_VERIFY(this));
2849 }
2850
2851 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2852 current_frame->get_local_2(
2853 index, VerificationType::long_type(),
2854 VerificationType::long2_type(), CHECK_VERIFY(this));
2855 current_frame->push_stack_2(
2856 VerificationType::long_type(),
2857 VerificationType::long2_type(), CHECK_VERIFY(this));
2858 }
2859
2860 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2861 current_frame->get_local(
2862 index, VerificationType::float_type(), CHECK_VERIFY(this));
2863 current_frame->push_stack(
2864 VerificationType::float_type(), CHECK_VERIFY(this));
2865 }
2866
2867 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2868 current_frame->get_local_2(
2869 index, VerificationType::double_type(),
2870 VerificationType::double2_type(), CHECK_VERIFY(this));
2871 current_frame->push_stack_2(
2872 VerificationType::double_type(),
2873 VerificationType::double2_type(), CHECK_VERIFY(this));
2874 }
2875
2876 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2877 VerificationType type = current_frame->get_local(
2878 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2879 current_frame->push_stack(type, CHECK_VERIFY(this));
2880 }
2881
2882 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2883 current_frame->pop_stack(
2884 VerificationType::integer_type(), CHECK_VERIFY(this));
2885 current_frame->set_local(
2886 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2887 }
2888
2889 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2890 current_frame->pop_stack_2(
2891 VerificationType::long2_type(),
2892 VerificationType::long_type(), CHECK_VERIFY(this));
2893 current_frame->set_local_2(
2894 index, VerificationType::long_type(),
2895 VerificationType::long2_type(), CHECK_VERIFY(this));
2896 }
2897
2898 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2899 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2900 current_frame->set_local(
2901 index, VerificationType::float_type(), CHECK_VERIFY(this));
2902 }
2903
2904 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2905 current_frame->pop_stack_2(
2906 VerificationType::double2_type(),
2907 VerificationType::double_type(), CHECK_VERIFY(this));
2908 current_frame->set_local_2(
2909 index, VerificationType::double_type(),
2910 VerificationType::double2_type(), CHECK_VERIFY(this));
2911 }
2912
2913 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2914 VerificationType type = current_frame->pop_stack(
2915 VerificationType::reference_check(), CHECK_VERIFY(this));
2916 current_frame->set_local(index, type, CHECK_VERIFY(this));
2917 }
2918
2919 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2920 VerificationType type = current_frame->get_local(
2921 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2922 current_frame->set_local(index, type, CHECK_VERIFY(this));
2923 }
2924
2925 void ClassVerifier::verify_return_value(
2926 VerificationType return_type, VerificationType type, int bci,
2927 StackMapFrame* current_frame, TRAPS) {
2928 if (return_type == VerificationType::bogus_type()) {
2929 verify_error(ErrorContext::bad_type(bci,
2930 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2931 "Method does not expect a return value");
2932 return;
2933 }
2934 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2935 if (!match) {
2936 verify_error(ErrorContext::bad_type(bci,
2937 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2938 "Bad return type");
2939 return;
2940 }
2941 }
2942
2943 // The verifier creates symbols which are substrings of Symbols.
2944 // These are stored in the verifier until the end of verification so that
2945 // they can be reference counted.
2946 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
2947 // Quick deduplication check
2948 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
2949 return _previous_symbol;
2950 }
2951 Symbol* sym = SymbolTable::new_symbol(name, length);
2952 if (!sym->is_permanent()) {
2953 if (_symbols == nullptr) {
2954 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
2955 }
2956 _symbols->push(sym);
2957 }
2958 _previous_symbol = sym;
2959 return sym;
2960 }