1 /*
2 * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "jvm.h"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/verifier.hpp"
36 #include "classfile/vmClasses.hpp"
37 #include "classfile/vmSymbols.hpp"
38 #include "interpreter/bytecodes.hpp"
39 #include "interpreter/bytecodeStream.hpp"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define MAX_ARRAY_DIMENSIONS 255
67
68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
69
70 extern "C" {
71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
72 }
73
74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
75
76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
77
78 if (_verify_byte_codes_fn != NULL)
79 return _verify_byte_codes_fn;
80
81 MutexLocker locker(Verify_lock);
82
83 if (_verify_byte_codes_fn != NULL)
84 return _verify_byte_codes_fn;
85
86 // Load verify dll
87 char buffer[JVM_MAXPATHLEN];
88 char ebuf[1024];
89 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
90 return NULL; // Caller will throw VerifyError
91
92 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
93 if (lib_handle == NULL)
94 return NULL; // Caller will throw VerifyError
95
96 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
97 if (fn == NULL)
98 return NULL; // Caller will throw VerifyError
99
100 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
101 }
102
103
104 // Methods in Verifier
105
106 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
107 return (class_loader == NULL || !should_verify_class) ?
108 BytecodeVerificationLocal : BytecodeVerificationRemote;
109 }
110
111 bool Verifier::relax_access_for(oop loader) {
112 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
113 bool need_verify =
114 // verifyAll
115 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
116 // verifyRemote
117 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
118 return !need_verify;
119 }
120
121 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
122 assert(verify_class != NULL, "Unexpected null verify_class");
123 ResourceMark rm;
124 Symbol* s = verify_class->source_file_name();
125 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
126 const char* verify = verify_class->external_name();
127 const char* resolve = resolve_class->external_name();
128 // print in a single call to reduce interleaving between threads
129 if (source_file != NULL) {
130 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
131 } else {
132 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
133 }
134 }
135
136 // Prints the end-verification message to the appropriate output.
137 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
138 if (pending_exception != NULL) {
139 st->print("Verification for %s has", klassName);
140 oop message = java_lang_Throwable::message(pending_exception);
141 if (message != NULL) {
142 char* ex_msg = java_lang_String::as_utf8_string(message);
143 st->print_cr(" exception pending '%s %s'",
144 pending_exception->klass()->external_name(), ex_msg);
145 } else {
146 st->print_cr(" exception pending %s ",
147 pending_exception->klass()->external_name());
148 }
149 } else if (exception_name != NULL) {
150 st->print_cr("Verification for %s failed", klassName);
151 }
152 st->print_cr("End class verification for: %s", klassName);
153 }
154
155 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
156 HandleMark hm(THREAD);
157 ResourceMark rm(THREAD);
158
159 // Eagerly allocate the identity hash code for a klass. This is a fallout
160 // from 6320749 and 8059924: hash code generator is not supposed to be called
161 // during the safepoint, but it allows to sneak the hashcode in during
162 // verification. Without this eager hashcode generation, we may end up
163 // installing the hashcode during some other operation, which may be at
164 // safepoint -- blowing up the checks. It was previously done as the side
165 // effect (sic!) for external_name(), but instead of doing that, we opt to
166 // explicitly push the hashcode in here. This is signify the following block
167 // is IMPORTANT:
168 if (klass->java_mirror() != NULL) {
169 klass->java_mirror()->identity_hash();
170 }
171
172 if (!is_eligible_for_verification(klass, should_verify_class)) {
173 return true;
174 }
175
176 // Timer includes any side effects of class verification (resolution,
177 // etc), but not recursive calls to Verifier::verify().
178 JavaThread* jt = THREAD;
179 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
180 ClassLoader::perf_class_verify_selftime(),
181 ClassLoader::perf_classes_verified(),
182 jt->get_thread_stat()->perf_recursion_counts_addr(),
183 jt->get_thread_stat()->perf_timers_addr(),
184 PerfClassTraceTime::CLASS_VERIFY);
185
186 // If the class should be verified, first see if we can use the split
187 // verifier. If not, or if verification fails and can failover, then
188 // call the inference verifier.
189 Symbol* exception_name = NULL;
190 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
191 char* message_buffer = NULL;
192 char* exception_message = NULL;
193
194 log_info(class, init)("Start class verification for: %s", klass->external_name());
195 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
196 ClassVerifier split_verifier(jt, klass);
197 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
198 split_verifier.verify_class(THREAD);
199 exception_name = split_verifier.result();
200
201 // If DumpSharedSpaces is set then don't fall back to the old verifier on
202 // verification failure. If a class fails verification with the split verifier,
203 // it might fail the CDS runtime verifier constraint check. In that case, we
204 // don't want to share the class. We only archive classes that pass the split
205 // verifier.
206 bool can_failover = !DumpSharedSpaces &&
207 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
208
209 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
210 (exception_name == vmSymbols::java_lang_VerifyError() ||
211 exception_name == vmSymbols::java_lang_ClassFormatError())) {
212 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
213 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
214 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
215 exception_message = message_buffer;
216 exception_name = inference_verify(
217 klass, message_buffer, message_buffer_len, THREAD);
218 }
219 if (exception_name != NULL) {
220 exception_message = split_verifier.exception_message();
221 }
222 } else {
223 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
224 exception_message = message_buffer;
225 exception_name = inference_verify(
226 klass, message_buffer, message_buffer_len, THREAD);
227 }
228
229 LogTarget(Info, class, init) lt1;
230 if (lt1.is_enabled()) {
231 LogStream ls(lt1);
232 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
233 }
234 LogTarget(Info, verification) lt2;
235 if (lt2.is_enabled()) {
236 LogStream ls(lt2);
237 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
238 }
239
240 if (HAS_PENDING_EXCEPTION) {
241 return false; // use the existing exception
242 } else if (exception_name == NULL) {
243 return true; // verification succeeded
244 } else { // VerifyError or ClassFormatError to be created and thrown
245 Klass* kls =
246 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
247 if (log_is_enabled(Debug, class, resolve)) {
248 Verifier::trace_class_resolution(kls, klass);
249 }
250
251 while (kls != NULL) {
252 if (kls == klass) {
253 // If the class being verified is the exception we're creating
254 // or one of it's superclasses, we're in trouble and are going
255 // to infinitely recurse when we try to initialize the exception.
256 // So bail out here by throwing the preallocated VM error.
257 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
258 }
259 kls = kls->super();
260 }
261 if (message_buffer != NULL) {
262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
263 }
264 assert(exception_message != NULL, "");
265 THROW_MSG_(exception_name, exception_message, false);
266 }
267 }
268
269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
270 Symbol* name = klass->name();
271 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
272
273 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
274
275 return (should_verify_for(klass->class_loader(), should_verify_class) &&
276 // return if the class is a bootstrapping class
277 // or defineClass specified not to verify by default (flags override passed arg)
278 // We need to skip the following four for bootstraping
279 name != vmSymbols::java_lang_Object() &&
280 name != vmSymbols::java_lang_Class() &&
281 name != vmSymbols::java_lang_String() &&
282 name != vmSymbols::java_lang_Throwable() &&
283
284 // Can not verify the bytecodes for shared classes because they have
285 // already been rewritten to contain constant pool cache indices,
286 // which the verifier can't understand.
287 // Shared classes shouldn't have stackmaps either.
288 // However, bytecodes for shared old classes can be verified because
289 // they have not been rewritten.
290 !(klass->is_shared() && klass->is_rewritten()) &&
291
292 // As of the fix for 4486457 we disable verification for all of the
293 // dynamically-generated bytecodes associated with the 1.4
294 // reflection implementation, not just those associated with
295 // jdk/internal/reflect/SerializationConstructorAccessor.
296 // NOTE: this is called too early in the bootstrapping process to be
297 // guarded by Universe::is_gte_jdk14x_version().
298 // Also for lambda generated code, gte jdk8
299 (!is_reflect));
300 }
301
302 Symbol* Verifier::inference_verify(
303 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
304 JavaThread* thread = THREAD;
305
306 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
307
308 if (verify_func == NULL) {
309 jio_snprintf(message, message_len, "Could not link verifier");
310 return vmSymbols::java_lang_VerifyError();
311 }
312
313 ResourceMark rm(thread);
314 log_info(verification)("Verifying class %s with old format", klass->external_name());
315
316 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
317 jint result;
318
319 {
320 HandleMark hm(thread);
321 ThreadToNativeFromVM ttn(thread);
322 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
323 // code knows that we have left the VM
324 JNIEnv *env = thread->jni_environment();
325 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
326 }
327
328 JNIHandles::destroy_local(cls);
329
330 // These numbers are chosen so that VerifyClassCodes interface doesn't need
331 // to be changed (still return jboolean (unsigned char)), and result is
332 // 1 when verification is passed.
333 if (result == 0) {
334 return vmSymbols::java_lang_VerifyError();
335 } else if (result == 1) {
336 return NULL; // verified.
337 } else if (result == 2) {
338 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
339 } else if (result == 3) {
340 return vmSymbols::java_lang_ClassFormatError();
341 } else {
342 ShouldNotReachHere();
343 return NULL;
344 }
345 }
346
347 TypeOrigin TypeOrigin::null() {
348 return TypeOrigin();
349 }
350 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
351 assert(frame != NULL, "Must have a frame");
352 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
353 frame->local_at(index));
354 }
355 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
356 assert(frame != NULL, "Must have a frame");
357 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
358 frame->stack_at(index));
359 }
360 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
361 assert(frame != NULL, "Must have a frame");
362 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
363 frame->local_at(index));
364 }
365 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
366 assert(frame != NULL, "Must have a frame");
367 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
368 frame->stack_at(index));
369 }
370 TypeOrigin TypeOrigin::bad_index(u2 index) {
371 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
372 }
373 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
374 return TypeOrigin(CONST_POOL, index, NULL, vt);
375 }
376 TypeOrigin TypeOrigin::signature(VerificationType vt) {
377 return TypeOrigin(SIG, 0, NULL, vt);
378 }
379 TypeOrigin TypeOrigin::implicit(VerificationType t) {
380 return TypeOrigin(IMPLICIT, 0, NULL, t);
381 }
382 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
383 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
384 VerificationType::bogus_type());
385 }
386
387 void TypeOrigin::reset_frame() {
388 if (_frame != NULL) {
389 _frame->restore();
390 }
391 }
392
393 void TypeOrigin::details(outputStream* ss) const {
394 _type.print_on(ss);
395 switch (_origin) {
396 case CF_LOCALS:
397 ss->print(" (current frame, locals[%d])", _index);
398 break;
399 case CF_STACK:
400 ss->print(" (current frame, stack[%d])", _index);
401 break;
402 case SM_LOCALS:
403 ss->print(" (stack map, locals[%d])", _index);
404 break;
405 case SM_STACK:
406 ss->print(" (stack map, stack[%d])", _index);
407 break;
408 case CONST_POOL:
409 ss->print(" (constant pool %d)", _index);
410 break;
411 case SIG:
412 ss->print(" (from method signature)");
413 break;
414 case IMPLICIT:
415 case FRAME_ONLY:
416 case NONE:
417 default:
418 ;
419 }
420 }
421
422 #ifdef ASSERT
423 void TypeOrigin::print_on(outputStream* str) const {
424 str->print("{%d,%d,%p:", _origin, _index, _frame);
425 if (_frame != NULL) {
426 _frame->print_on(str);
427 } else {
428 str->print("null");
429 }
430 str->print(",");
431 _type.print_on(str);
432 str->print("}");
433 }
434 #endif
435
436 void ErrorContext::details(outputStream* ss, const Method* method) const {
437 if (is_valid()) {
438 ss->cr();
439 ss->print_cr("Exception Details:");
440 location_details(ss, method);
441 reason_details(ss);
442 frame_details(ss);
443 bytecode_details(ss, method);
444 handler_details(ss, method);
445 stackmap_details(ss, method);
446 }
447 }
448
449 void ErrorContext::reason_details(outputStream* ss) const {
450 streamIndentor si(ss);
451 ss->indent().print_cr("Reason:");
452 streamIndentor si2(ss);
453 ss->indent().print("%s", "");
454 switch (_fault) {
455 case INVALID_BYTECODE:
456 ss->print("Error exists in the bytecode");
457 break;
458 case WRONG_TYPE:
459 if (_expected.is_valid()) {
460 ss->print("Type ");
461 _type.details(ss);
462 ss->print(" is not assignable to ");
463 _expected.details(ss);
464 } else {
465 ss->print("Invalid type: ");
466 _type.details(ss);
467 }
468 break;
469 case FLAGS_MISMATCH:
470 if (_expected.is_valid()) {
471 ss->print("Current frame's flags are not assignable "
472 "to stack map frame's.");
473 } else {
474 ss->print("Current frame's flags are invalid in this context.");
475 }
476 break;
477 case BAD_CP_INDEX:
478 ss->print("Constant pool index %d is invalid", _type.index());
479 break;
480 case BAD_LOCAL_INDEX:
481 ss->print("Local index %d is invalid", _type.index());
482 break;
483 case LOCALS_SIZE_MISMATCH:
484 ss->print("Current frame's local size doesn't match stackmap.");
485 break;
486 case STACK_SIZE_MISMATCH:
487 ss->print("Current frame's stack size doesn't match stackmap.");
488 break;
489 case STACK_OVERFLOW:
490 ss->print("Exceeded max stack size.");
491 break;
492 case STACK_UNDERFLOW:
493 ss->print("Attempt to pop empty stack.");
494 break;
495 case MISSING_STACKMAP:
496 ss->print("Expected stackmap frame at this location.");
497 break;
498 case BAD_STACKMAP:
499 ss->print("Invalid stackmap specification.");
500 break;
501 case UNKNOWN:
502 default:
503 ShouldNotReachHere();
504 ss->print_cr("Unknown");
505 }
506 ss->cr();
507 }
508
509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
510 if (_bci != -1 && method != NULL) {
511 streamIndentor si(ss);
512 const char* bytecode_name = "<invalid>";
513 if (method->validate_bci(_bci) != -1) {
514 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
515 if (Bytecodes::is_defined(code)) {
516 bytecode_name = Bytecodes::name(code);
517 } else {
518 bytecode_name = "<illegal>";
519 }
520 }
521 InstanceKlass* ik = method->method_holder();
522 ss->indent().print_cr("Location:");
523 streamIndentor si2(ss);
524 ss->indent().print_cr("%s.%s%s @%d: %s",
525 ik->name()->as_C_string(), method->name()->as_C_string(),
526 method->signature()->as_C_string(), _bci, bytecode_name);
527 }
528 }
529
530 void ErrorContext::frame_details(outputStream* ss) const {
531 streamIndentor si(ss);
532 if (_type.is_valid() && _type.frame() != NULL) {
533 ss->indent().print_cr("Current Frame:");
534 streamIndentor si2(ss);
535 _type.frame()->print_on(ss);
536 }
537 if (_expected.is_valid() && _expected.frame() != NULL) {
538 ss->indent().print_cr("Stackmap Frame:");
539 streamIndentor si2(ss);
540 _expected.frame()->print_on(ss);
541 }
542 }
543
544 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
545 if (method != NULL) {
546 streamIndentor si(ss);
547 ss->indent().print_cr("Bytecode:");
548 streamIndentor si2(ss);
549 ss->print_data(method->code_base(), method->code_size(), false);
550 }
551 }
552
553 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
554 if (method != NULL) {
555 streamIndentor si(ss);
556 ExceptionTable table(method);
557 if (table.length() > 0) {
558 ss->indent().print_cr("Exception Handler Table:");
559 streamIndentor si2(ss);
560 for (int i = 0; i < table.length(); ++i) {
561 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
562 table.end_pc(i), table.handler_pc(i));
563 }
564 }
565 }
566 }
567
568 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
569 if (method != NULL && method->has_stackmap_table()) {
570 streamIndentor si(ss);
571 ss->indent().print_cr("Stackmap Table:");
572 Array<u1>* data = method->stackmap_data();
573 stack_map_table* sm_table =
574 stack_map_table::at((address)data->adr_at(0));
575 stack_map_frame* sm_frame = sm_table->entries();
576 streamIndentor si2(ss);
577 int current_offset = -1;
578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
580 ss->indent();
581 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
582 sm_frame->print_truncated(ss, current_offset);
583 return;
584 }
585 sm_frame->print_on(ss, current_offset);
586 ss->cr();
587 current_offset += sm_frame->offset_delta();
588 sm_frame = sm_frame->next();
589 }
590 }
591 }
592
593 // Methods in ClassVerifier
594
595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
596 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
597 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
598 _this_type = VerificationType::reference_type(klass->name());
599 }
600
601 ClassVerifier::~ClassVerifier() {
602 // Decrement the reference count for any symbols created.
603 if (_symbols != NULL) {
604 for (int i = 0; i < _symbols->length(); i++) {
605 Symbol* s = _symbols->at(i);
606 s->decrement_refcount();
607 }
608 }
609 }
610
611 VerificationType ClassVerifier::object_type() const {
612 return VerificationType::reference_type(vmSymbols::java_lang_Object());
613 }
614
615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
616 VerificationType vt = VerificationType::reference_type(
617 create_temporary_symbol(sig, (int)strlen(sig)));
618 return TypeOrigin::implicit(vt);
619 }
620
621
622 void ClassVerifier::verify_class(TRAPS) {
623 log_info(verification)("Verifying class %s with new format", _klass->external_name());
624
625 // Either verifying both local and remote classes or just remote classes.
626 assert(BytecodeVerificationRemote, "Should not be here");
627
628 // Create hash table containing method signatures.
629 method_signatures_table_type method_signatures_table;
630 set_method_signatures_table(&method_signatures_table);
631
632 Array<Method*>* methods = _klass->methods();
633 int num_methods = methods->length();
634
635 for (int index = 0; index < num_methods; index++) {
636 // Check for recursive re-verification before each method.
637 if (was_recursively_verified()) return;
638
639 Method* m = methods->at(index);
640 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
641 // If m is native or abstract, skip it. It is checked in class file
642 // parser that methods do not override a final method. Overpass methods
643 // are trusted since the VM generates them.
644 continue;
645 }
646 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
647 }
648
649 if (was_recursively_verified()){
650 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
651 log_info(class, init)("Recursive verification detected for: %s",
652 _klass->external_name());
653 }
654 }
655
656 // Translate the signature entries into verification types and save them in
657 // the growable array. Also, save the count of arguments.
658 void ClassVerifier::translate_signature(Symbol* const method_sig,
659 sig_as_verification_types* sig_verif_types) {
660 SignatureStream sig_stream(method_sig);
661 VerificationType sig_type[2];
662 int sig_i = 0;
663 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
664
665 // Translate the signature arguments into verification types.
666 while (!sig_stream.at_return_type()) {
667 int n = change_sig_to_verificationType(&sig_stream, sig_type);
668 assert(n <= 2, "Unexpected signature type");
669
670 // Store verification type(s). Longs and Doubles each have two verificationTypes.
671 for (int x = 0; x < n; x++) {
672 verif_types->push(sig_type[x]);
673 }
674 sig_i += n;
675 sig_stream.next();
676 }
677
678 // Set final arg count, not including the return type. The final arg count will
679 // be compared with sig_verify_types' length to see if there is a return type.
680 sig_verif_types->set_num_args(sig_i);
681
682 // Store verification type(s) for the return type, if there is one.
683 if (sig_stream.type() != T_VOID) {
684 int n = change_sig_to_verificationType(&sig_stream, sig_type);
685 assert(n <= 2, "Unexpected signature return type");
686 for (int y = 0; y < n; y++) {
687 verif_types->push(sig_type[y]);
688 }
689 }
690 }
691
692 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
693 int sig_index) {
694 // Translate the signature into verification types.
695 ConstantPool* cp = _klass->constants();
696 Symbol* const method_sig = cp->symbol_at(sig_index);
697 translate_signature(method_sig, sig_verif_types);
698
699 // Add the list of this signature's verification types to the table.
700 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
701 assert(is_unique, "Duplicate entries in method_signature_table");
702 }
703
704 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
705 HandleMark hm(THREAD);
706 _method = m; // initialize _method
707 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
708
709 // For clang, the only good constant format string is a literal constant format string.
710 #define bad_type_msg "Bad type on operand stack in %s"
711
712 int32_t max_stack = m->verifier_max_stack();
713 int32_t max_locals = m->max_locals();
714 constantPoolHandle cp(THREAD, m->constants());
715
716 // Method signature was checked in ClassFileParser.
717 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
718 "Invalid method signature");
719
720 // Initial stack map frame: offset is 0, stack is initially empty.
721 StackMapFrame current_frame(max_locals, max_stack, this);
722 // Set initial locals
723 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
724
725 int32_t stackmap_index = 0; // index to the stackmap array
726
727 u4 code_length = m->code_size();
728
729 // Scan the bytecode and map each instruction's start offset to a number.
730 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
731
732 int ex_min = code_length;
733 int ex_max = -1;
734 // Look through each item on the exception table. Each of the fields must refer
735 // to a legal instruction.
736 if (was_recursively_verified()) return;
737 verify_exception_handler_table(
738 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
739
740 // Look through each entry on the local variable table and make sure
741 // its range of code array offsets is valid. (4169817)
742 if (m->has_localvariable_table()) {
743 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
744 }
745
746 Array<u1>* stackmap_data = m->stackmap_data();
747 StackMapStream stream(stackmap_data);
748 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
749 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
750 code_data, code_length, CHECK_VERIFY(this));
751
752 LogTarget(Debug, verification) lt;
753 if (lt.is_enabled()) {
754 ResourceMark rm(THREAD);
755 LogStream ls(lt);
756 stackmap_table.print_on(&ls);
757 }
758
759 RawBytecodeStream bcs(m);
760
761 // Scan the byte code linearly from the start to the end
762 bool no_control_flow = false; // Set to true when there is no direct control
763 // flow from current instruction to the next
764 // instruction in sequence
765
766 Bytecodes::Code opcode;
767 while (!bcs.is_last_bytecode()) {
768 // Check for recursive re-verification before each bytecode.
769 if (was_recursively_verified()) return;
770
771 opcode = bcs.raw_next();
772 u2 bci = bcs.bci();
773
774 // Set current frame's offset to bci
775 current_frame.set_offset(bci);
776 current_frame.set_mark();
777
778 // Make sure every offset in stackmap table point to the beginning to
779 // an instruction. Match current_frame to stackmap_table entry with
780 // the same offset if exists.
781 stackmap_index = verify_stackmap_table(
782 stackmap_index, bci, ¤t_frame, &stackmap_table,
783 no_control_flow, CHECK_VERIFY(this));
784
785
786 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
787 bool verified_exc_handlers = false;
788
789 // Merge with the next instruction
790 {
791 u2 index;
792 int target;
793 VerificationType type, type2;
794 VerificationType atype;
795
796 LogTarget(Debug, verification) lt;
797 if (lt.is_enabled()) {
798 ResourceMark rm(THREAD);
799 LogStream ls(lt);
800 current_frame.print_on(&ls);
801 lt.print("offset = %d, opcode = %s", bci,
802 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
803 }
804
805 // Make sure wide instruction is in correct format
806 if (bcs.is_wide()) {
807 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
808 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
809 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
810 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
811 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
812 opcode != Bytecodes::_dstore) {
813 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
814 * if we encounter a wide instruction that modifies an invalid
815 * opcode (not one of the ones listed above) */
816 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
817 return;
818 }
819 }
820
821 // Look for possible jump target in exception handlers and see if it
822 // matches current_frame. Do this check here for astore*, dstore*,
823 // fstore*, istore*, and lstore* opcodes because they can change the type
824 // state by adding a local. JVM Spec says that the incoming type state
825 // should be used for this check. So, do the check here before a possible
826 // local is added to the type state.
827 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
828 if (was_recursively_verified()) return;
829 verify_exception_handler_targets(
830 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
831 verified_exc_handlers = true;
832 }
833
834 if (was_recursively_verified()) return;
835
836 switch (opcode) {
837 case Bytecodes::_nop :
838 no_control_flow = false; break;
839 case Bytecodes::_aconst_null :
840 current_frame.push_stack(
841 VerificationType::null_type(), CHECK_VERIFY(this));
842 no_control_flow = false; break;
843 case Bytecodes::_iconst_m1 :
844 case Bytecodes::_iconst_0 :
845 case Bytecodes::_iconst_1 :
846 case Bytecodes::_iconst_2 :
847 case Bytecodes::_iconst_3 :
848 case Bytecodes::_iconst_4 :
849 case Bytecodes::_iconst_5 :
850 current_frame.push_stack(
851 VerificationType::integer_type(), CHECK_VERIFY(this));
852 no_control_flow = false; break;
853 case Bytecodes::_lconst_0 :
854 case Bytecodes::_lconst_1 :
855 current_frame.push_stack_2(
856 VerificationType::long_type(),
857 VerificationType::long2_type(), CHECK_VERIFY(this));
858 no_control_flow = false; break;
859 case Bytecodes::_fconst_0 :
860 case Bytecodes::_fconst_1 :
861 case Bytecodes::_fconst_2 :
862 current_frame.push_stack(
863 VerificationType::float_type(), CHECK_VERIFY(this));
864 no_control_flow = false; break;
865 case Bytecodes::_dconst_0 :
866 case Bytecodes::_dconst_1 :
867 current_frame.push_stack_2(
868 VerificationType::double_type(),
869 VerificationType::double2_type(), CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 case Bytecodes::_sipush :
872 case Bytecodes::_bipush :
873 current_frame.push_stack(
874 VerificationType::integer_type(), CHECK_VERIFY(this));
875 no_control_flow = false; break;
876 case Bytecodes::_ldc :
877 verify_ldc(
878 opcode, bcs.get_index_u1(), ¤t_frame,
879 cp, bci, CHECK_VERIFY(this));
880 no_control_flow = false; break;
881 case Bytecodes::_ldc_w :
882 case Bytecodes::_ldc2_w :
883 verify_ldc(
884 opcode, bcs.get_index_u2(), ¤t_frame,
885 cp, bci, CHECK_VERIFY(this));
886 no_control_flow = false; break;
887 case Bytecodes::_iload :
888 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
889 no_control_flow = false; break;
890 case Bytecodes::_iload_0 :
891 case Bytecodes::_iload_1 :
892 case Bytecodes::_iload_2 :
893 case Bytecodes::_iload_3 :
894 index = opcode - Bytecodes::_iload_0;
895 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_lload :
898 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_lload_0 :
901 case Bytecodes::_lload_1 :
902 case Bytecodes::_lload_2 :
903 case Bytecodes::_lload_3 :
904 index = opcode - Bytecodes::_lload_0;
905 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
906 no_control_flow = false; break;
907 case Bytecodes::_fload :
908 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
909 no_control_flow = false; break;
910 case Bytecodes::_fload_0 :
911 case Bytecodes::_fload_1 :
912 case Bytecodes::_fload_2 :
913 case Bytecodes::_fload_3 :
914 index = opcode - Bytecodes::_fload_0;
915 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
916 no_control_flow = false; break;
917 case Bytecodes::_dload :
918 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
919 no_control_flow = false; break;
920 case Bytecodes::_dload_0 :
921 case Bytecodes::_dload_1 :
922 case Bytecodes::_dload_2 :
923 case Bytecodes::_dload_3 :
924 index = opcode - Bytecodes::_dload_0;
925 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_aload :
928 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
929 no_control_flow = false; break;
930 case Bytecodes::_aload_0 :
931 case Bytecodes::_aload_1 :
932 case Bytecodes::_aload_2 :
933 case Bytecodes::_aload_3 :
934 index = opcode - Bytecodes::_aload_0;
935 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
936 no_control_flow = false; break;
937 case Bytecodes::_iaload :
938 type = current_frame.pop_stack(
939 VerificationType::integer_type(), CHECK_VERIFY(this));
940 atype = current_frame.pop_stack(
941 VerificationType::reference_check(), CHECK_VERIFY(this));
942 if (!atype.is_int_array()) {
943 verify_error(ErrorContext::bad_type(bci,
944 current_frame.stack_top_ctx(), ref_ctx("[I")),
945 bad_type_msg, "iaload");
946 return;
947 }
948 current_frame.push_stack(
949 VerificationType::integer_type(), CHECK_VERIFY(this));
950 no_control_flow = false; break;
951 case Bytecodes::_baload :
952 type = current_frame.pop_stack(
953 VerificationType::integer_type(), CHECK_VERIFY(this));
954 atype = current_frame.pop_stack(
955 VerificationType::reference_check(), CHECK_VERIFY(this));
956 if (!atype.is_bool_array() && !atype.is_byte_array()) {
957 verify_error(
958 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
959 bad_type_msg, "baload");
960 return;
961 }
962 current_frame.push_stack(
963 VerificationType::integer_type(), CHECK_VERIFY(this));
964 no_control_flow = false; break;
965 case Bytecodes::_caload :
966 type = current_frame.pop_stack(
967 VerificationType::integer_type(), CHECK_VERIFY(this));
968 atype = current_frame.pop_stack(
969 VerificationType::reference_check(), CHECK_VERIFY(this));
970 if (!atype.is_char_array()) {
971 verify_error(ErrorContext::bad_type(bci,
972 current_frame.stack_top_ctx(), ref_ctx("[C")),
973 bad_type_msg, "caload");
974 return;
975 }
976 current_frame.push_stack(
977 VerificationType::integer_type(), CHECK_VERIFY(this));
978 no_control_flow = false; break;
979 case Bytecodes::_saload :
980 type = current_frame.pop_stack(
981 VerificationType::integer_type(), CHECK_VERIFY(this));
982 atype = current_frame.pop_stack(
983 VerificationType::reference_check(), CHECK_VERIFY(this));
984 if (!atype.is_short_array()) {
985 verify_error(ErrorContext::bad_type(bci,
986 current_frame.stack_top_ctx(), ref_ctx("[S")),
987 bad_type_msg, "saload");
988 return;
989 }
990 current_frame.push_stack(
991 VerificationType::integer_type(), CHECK_VERIFY(this));
992 no_control_flow = false; break;
993 case Bytecodes::_laload :
994 type = current_frame.pop_stack(
995 VerificationType::integer_type(), CHECK_VERIFY(this));
996 atype = current_frame.pop_stack(
997 VerificationType::reference_check(), CHECK_VERIFY(this));
998 if (!atype.is_long_array()) {
999 verify_error(ErrorContext::bad_type(bci,
1000 current_frame.stack_top_ctx(), ref_ctx("[J")),
1001 bad_type_msg, "laload");
1002 return;
1003 }
1004 current_frame.push_stack_2(
1005 VerificationType::long_type(),
1006 VerificationType::long2_type(), CHECK_VERIFY(this));
1007 no_control_flow = false; break;
1008 case Bytecodes::_faload :
1009 type = current_frame.pop_stack(
1010 VerificationType::integer_type(), CHECK_VERIFY(this));
1011 atype = current_frame.pop_stack(
1012 VerificationType::reference_check(), CHECK_VERIFY(this));
1013 if (!atype.is_float_array()) {
1014 verify_error(ErrorContext::bad_type(bci,
1015 current_frame.stack_top_ctx(), ref_ctx("[F")),
1016 bad_type_msg, "faload");
1017 return;
1018 }
1019 current_frame.push_stack(
1020 VerificationType::float_type(), CHECK_VERIFY(this));
1021 no_control_flow = false; break;
1022 case Bytecodes::_daload :
1023 type = current_frame.pop_stack(
1024 VerificationType::integer_type(), CHECK_VERIFY(this));
1025 atype = current_frame.pop_stack(
1026 VerificationType::reference_check(), CHECK_VERIFY(this));
1027 if (!atype.is_double_array()) {
1028 verify_error(ErrorContext::bad_type(bci,
1029 current_frame.stack_top_ctx(), ref_ctx("[D")),
1030 bad_type_msg, "daload");
1031 return;
1032 }
1033 current_frame.push_stack_2(
1034 VerificationType::double_type(),
1035 VerificationType::double2_type(), CHECK_VERIFY(this));
1036 no_control_flow = false; break;
1037 case Bytecodes::_aaload : {
1038 type = current_frame.pop_stack(
1039 VerificationType::integer_type(), CHECK_VERIFY(this));
1040 atype = current_frame.pop_stack(
1041 VerificationType::reference_check(), CHECK_VERIFY(this));
1042 if (!atype.is_reference_array()) {
1043 verify_error(ErrorContext::bad_type(bci,
1044 current_frame.stack_top_ctx(),
1045 TypeOrigin::implicit(VerificationType::reference_check())),
1046 bad_type_msg, "aaload");
1047 return;
1048 }
1049 if (atype.is_null()) {
1050 current_frame.push_stack(
1051 VerificationType::null_type(), CHECK_VERIFY(this));
1052 } else {
1053 VerificationType component = atype.get_component(this);
1054 current_frame.push_stack(component, CHECK_VERIFY(this));
1055 }
1056 no_control_flow = false; break;
1057 }
1058 case Bytecodes::_istore :
1059 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1060 no_control_flow = false; break;
1061 case Bytecodes::_istore_0 :
1062 case Bytecodes::_istore_1 :
1063 case Bytecodes::_istore_2 :
1064 case Bytecodes::_istore_3 :
1065 index = opcode - Bytecodes::_istore_0;
1066 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_lstore :
1069 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1070 no_control_flow = false; break;
1071 case Bytecodes::_lstore_0 :
1072 case Bytecodes::_lstore_1 :
1073 case Bytecodes::_lstore_2 :
1074 case Bytecodes::_lstore_3 :
1075 index = opcode - Bytecodes::_lstore_0;
1076 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1077 no_control_flow = false; break;
1078 case Bytecodes::_fstore :
1079 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1080 no_control_flow = false; break;
1081 case Bytecodes::_fstore_0 :
1082 case Bytecodes::_fstore_1 :
1083 case Bytecodes::_fstore_2 :
1084 case Bytecodes::_fstore_3 :
1085 index = opcode - Bytecodes::_fstore_0;
1086 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1087 no_control_flow = false; break;
1088 case Bytecodes::_dstore :
1089 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1090 no_control_flow = false; break;
1091 case Bytecodes::_dstore_0 :
1092 case Bytecodes::_dstore_1 :
1093 case Bytecodes::_dstore_2 :
1094 case Bytecodes::_dstore_3 :
1095 index = opcode - Bytecodes::_dstore_0;
1096 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 case Bytecodes::_astore :
1099 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1100 no_control_flow = false; break;
1101 case Bytecodes::_astore_0 :
1102 case Bytecodes::_astore_1 :
1103 case Bytecodes::_astore_2 :
1104 case Bytecodes::_astore_3 :
1105 index = opcode - Bytecodes::_astore_0;
1106 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1107 no_control_flow = false; break;
1108 case Bytecodes::_iastore :
1109 type = current_frame.pop_stack(
1110 VerificationType::integer_type(), CHECK_VERIFY(this));
1111 type2 = current_frame.pop_stack(
1112 VerificationType::integer_type(), CHECK_VERIFY(this));
1113 atype = current_frame.pop_stack(
1114 VerificationType::reference_check(), CHECK_VERIFY(this));
1115 if (!atype.is_int_array()) {
1116 verify_error(ErrorContext::bad_type(bci,
1117 current_frame.stack_top_ctx(), ref_ctx("[I")),
1118 bad_type_msg, "iastore");
1119 return;
1120 }
1121 no_control_flow = false; break;
1122 case Bytecodes::_bastore :
1123 type = current_frame.pop_stack(
1124 VerificationType::integer_type(), CHECK_VERIFY(this));
1125 type2 = current_frame.pop_stack(
1126 VerificationType::integer_type(), CHECK_VERIFY(this));
1127 atype = current_frame.pop_stack(
1128 VerificationType::reference_check(), CHECK_VERIFY(this));
1129 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1130 verify_error(
1131 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1132 bad_type_msg, "bastore");
1133 return;
1134 }
1135 no_control_flow = false; break;
1136 case Bytecodes::_castore :
1137 current_frame.pop_stack(
1138 VerificationType::integer_type(), CHECK_VERIFY(this));
1139 current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 atype = current_frame.pop_stack(
1142 VerificationType::reference_check(), CHECK_VERIFY(this));
1143 if (!atype.is_char_array()) {
1144 verify_error(ErrorContext::bad_type(bci,
1145 current_frame.stack_top_ctx(), ref_ctx("[C")),
1146 bad_type_msg, "castore");
1147 return;
1148 }
1149 no_control_flow = false; break;
1150 case Bytecodes::_sastore :
1151 current_frame.pop_stack(
1152 VerificationType::integer_type(), CHECK_VERIFY(this));
1153 current_frame.pop_stack(
1154 VerificationType::integer_type(), CHECK_VERIFY(this));
1155 atype = current_frame.pop_stack(
1156 VerificationType::reference_check(), CHECK_VERIFY(this));
1157 if (!atype.is_short_array()) {
1158 verify_error(ErrorContext::bad_type(bci,
1159 current_frame.stack_top_ctx(), ref_ctx("[S")),
1160 bad_type_msg, "sastore");
1161 return;
1162 }
1163 no_control_flow = false; break;
1164 case Bytecodes::_lastore :
1165 current_frame.pop_stack_2(
1166 VerificationType::long2_type(),
1167 VerificationType::long_type(), CHECK_VERIFY(this));
1168 current_frame.pop_stack(
1169 VerificationType::integer_type(), CHECK_VERIFY(this));
1170 atype = current_frame.pop_stack(
1171 VerificationType::reference_check(), CHECK_VERIFY(this));
1172 if (!atype.is_long_array()) {
1173 verify_error(ErrorContext::bad_type(bci,
1174 current_frame.stack_top_ctx(), ref_ctx("[J")),
1175 bad_type_msg, "lastore");
1176 return;
1177 }
1178 no_control_flow = false; break;
1179 case Bytecodes::_fastore :
1180 current_frame.pop_stack(
1181 VerificationType::float_type(), CHECK_VERIFY(this));
1182 current_frame.pop_stack
1183 (VerificationType::integer_type(), CHECK_VERIFY(this));
1184 atype = current_frame.pop_stack(
1185 VerificationType::reference_check(), CHECK_VERIFY(this));
1186 if (!atype.is_float_array()) {
1187 verify_error(ErrorContext::bad_type(bci,
1188 current_frame.stack_top_ctx(), ref_ctx("[F")),
1189 bad_type_msg, "fastore");
1190 return;
1191 }
1192 no_control_flow = false; break;
1193 case Bytecodes::_dastore :
1194 current_frame.pop_stack_2(
1195 VerificationType::double2_type(),
1196 VerificationType::double_type(), CHECK_VERIFY(this));
1197 current_frame.pop_stack(
1198 VerificationType::integer_type(), CHECK_VERIFY(this));
1199 atype = current_frame.pop_stack(
1200 VerificationType::reference_check(), CHECK_VERIFY(this));
1201 if (!atype.is_double_array()) {
1202 verify_error(ErrorContext::bad_type(bci,
1203 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204 bad_type_msg, "dastore");
1205 return;
1206 }
1207 no_control_flow = false; break;
1208 case Bytecodes::_aastore :
1209 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210 type2 = current_frame.pop_stack(
1211 VerificationType::integer_type(), CHECK_VERIFY(this));
1212 atype = current_frame.pop_stack(
1213 VerificationType::reference_check(), CHECK_VERIFY(this));
1214 // more type-checking is done at runtime
1215 if (!atype.is_reference_array()) {
1216 verify_error(ErrorContext::bad_type(bci,
1217 current_frame.stack_top_ctx(),
1218 TypeOrigin::implicit(VerificationType::reference_check())),
1219 bad_type_msg, "aastore");
1220 return;
1221 }
1222 // 4938384: relaxed constraint in JVMS 3nd edition.
1223 no_control_flow = false; break;
1224 case Bytecodes::_pop :
1225 current_frame.pop_stack(
1226 VerificationType::category1_check(), CHECK_VERIFY(this));
1227 no_control_flow = false; break;
1228 case Bytecodes::_pop2 :
1229 type = current_frame.pop_stack(CHECK_VERIFY(this));
1230 if (type.is_category1()) {
1231 current_frame.pop_stack(
1232 VerificationType::category1_check(), CHECK_VERIFY(this));
1233 } else if (type.is_category2_2nd()) {
1234 current_frame.pop_stack(
1235 VerificationType::category2_check(), CHECK_VERIFY(this));
1236 } else {
1237 /* Unreachable? Would need a category2_1st on TOS
1238 * which does not appear possible. */
1239 verify_error(
1240 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1241 bad_type_msg, "pop2");
1242 return;
1243 }
1244 no_control_flow = false; break;
1245 case Bytecodes::_dup :
1246 type = current_frame.pop_stack(
1247 VerificationType::category1_check(), CHECK_VERIFY(this));
1248 current_frame.push_stack(type, CHECK_VERIFY(this));
1249 current_frame.push_stack(type, CHECK_VERIFY(this));
1250 no_control_flow = false; break;
1251 case Bytecodes::_dup_x1 :
1252 type = current_frame.pop_stack(
1253 VerificationType::category1_check(), CHECK_VERIFY(this));
1254 type2 = current_frame.pop_stack(
1255 VerificationType::category1_check(), CHECK_VERIFY(this));
1256 current_frame.push_stack(type, CHECK_VERIFY(this));
1257 current_frame.push_stack(type2, CHECK_VERIFY(this));
1258 current_frame.push_stack(type, CHECK_VERIFY(this));
1259 no_control_flow = false; break;
1260 case Bytecodes::_dup_x2 :
1261 {
1262 VerificationType type3;
1263 type = current_frame.pop_stack(
1264 VerificationType::category1_check(), CHECK_VERIFY(this));
1265 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1266 if (type2.is_category1()) {
1267 type3 = current_frame.pop_stack(
1268 VerificationType::category1_check(), CHECK_VERIFY(this));
1269 } else if (type2.is_category2_2nd()) {
1270 type3 = current_frame.pop_stack(
1271 VerificationType::category2_check(), CHECK_VERIFY(this));
1272 } else {
1273 /* Unreachable? Would need a category2_1st at stack depth 2 with
1274 * a category1 on TOS which does not appear possible. */
1275 verify_error(ErrorContext::bad_type(
1276 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1277 return;
1278 }
1279 current_frame.push_stack(type, CHECK_VERIFY(this));
1280 current_frame.push_stack(type3, CHECK_VERIFY(this));
1281 current_frame.push_stack(type2, CHECK_VERIFY(this));
1282 current_frame.push_stack(type, CHECK_VERIFY(this));
1283 no_control_flow = false; break;
1284 }
1285 case Bytecodes::_dup2 :
1286 type = current_frame.pop_stack(CHECK_VERIFY(this));
1287 if (type.is_category1()) {
1288 type2 = current_frame.pop_stack(
1289 VerificationType::category1_check(), CHECK_VERIFY(this));
1290 } else if (type.is_category2_2nd()) {
1291 type2 = current_frame.pop_stack(
1292 VerificationType::category2_check(), CHECK_VERIFY(this));
1293 } else {
1294 /* Unreachable? Would need a category2_1st on TOS which does not
1295 * appear possible. */
1296 verify_error(
1297 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1298 bad_type_msg, "dup2");
1299 return;
1300 }
1301 current_frame.push_stack(type2, CHECK_VERIFY(this));
1302 current_frame.push_stack(type, CHECK_VERIFY(this));
1303 current_frame.push_stack(type2, CHECK_VERIFY(this));
1304 current_frame.push_stack(type, CHECK_VERIFY(this));
1305 no_control_flow = false; break;
1306 case Bytecodes::_dup2_x1 :
1307 {
1308 VerificationType type3;
1309 type = current_frame.pop_stack(CHECK_VERIFY(this));
1310 if (type.is_category1()) {
1311 type2 = current_frame.pop_stack(
1312 VerificationType::category1_check(), CHECK_VERIFY(this));
1313 } else if (type.is_category2_2nd()) {
1314 type2 = current_frame.pop_stack(
1315 VerificationType::category2_check(), CHECK_VERIFY(this));
1316 } else {
1317 /* Unreachable? Would need a category2_1st on TOS which does
1318 * not appear possible. */
1319 verify_error(
1320 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1321 bad_type_msg, "dup2_x1");
1322 return;
1323 }
1324 type3 = current_frame.pop_stack(
1325 VerificationType::category1_check(), CHECK_VERIFY(this));
1326 current_frame.push_stack(type2, CHECK_VERIFY(this));
1327 current_frame.push_stack(type, CHECK_VERIFY(this));
1328 current_frame.push_stack(type3, CHECK_VERIFY(this));
1329 current_frame.push_stack(type2, CHECK_VERIFY(this));
1330 current_frame.push_stack(type, CHECK_VERIFY(this));
1331 no_control_flow = false; break;
1332 }
1333 case Bytecodes::_dup2_x2 :
1334 {
1335 VerificationType type3, type4;
1336 type = current_frame.pop_stack(CHECK_VERIFY(this));
1337 if (type.is_category1()) {
1338 type2 = current_frame.pop_stack(
1339 VerificationType::category1_check(), CHECK_VERIFY(this));
1340 } else if (type.is_category2_2nd()) {
1341 type2 = current_frame.pop_stack(
1342 VerificationType::category2_check(), CHECK_VERIFY(this));
1343 } else {
1344 /* Unreachable? Would need a category2_1st on TOS which does
1345 * not appear possible. */
1346 verify_error(
1347 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1348 bad_type_msg, "dup2_x2");
1349 return;
1350 }
1351 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1352 if (type3.is_category1()) {
1353 type4 = current_frame.pop_stack(
1354 VerificationType::category1_check(), CHECK_VERIFY(this));
1355 } else if (type3.is_category2_2nd()) {
1356 type4 = current_frame.pop_stack(
1357 VerificationType::category2_check(), CHECK_VERIFY(this));
1358 } else {
1359 /* Unreachable? Would need a category2_1st on TOS after popping
1360 * a long/double or two category 1's, which does not
1361 * appear possible. */
1362 verify_error(
1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364 bad_type_msg, "dup2_x2");
1365 return;
1366 }
1367 current_frame.push_stack(type2, CHECK_VERIFY(this));
1368 current_frame.push_stack(type, CHECK_VERIFY(this));
1369 current_frame.push_stack(type4, CHECK_VERIFY(this));
1370 current_frame.push_stack(type3, CHECK_VERIFY(this));
1371 current_frame.push_stack(type2, CHECK_VERIFY(this));
1372 current_frame.push_stack(type, CHECK_VERIFY(this));
1373 no_control_flow = false; break;
1374 }
1375 case Bytecodes::_swap :
1376 type = current_frame.pop_stack(
1377 VerificationType::category1_check(), CHECK_VERIFY(this));
1378 type2 = current_frame.pop_stack(
1379 VerificationType::category1_check(), CHECK_VERIFY(this));
1380 current_frame.push_stack(type, CHECK_VERIFY(this));
1381 current_frame.push_stack(type2, CHECK_VERIFY(this));
1382 no_control_flow = false; break;
1383 case Bytecodes::_iadd :
1384 case Bytecodes::_isub :
1385 case Bytecodes::_imul :
1386 case Bytecodes::_idiv :
1387 case Bytecodes::_irem :
1388 case Bytecodes::_ishl :
1389 case Bytecodes::_ishr :
1390 case Bytecodes::_iushr :
1391 case Bytecodes::_ior :
1392 case Bytecodes::_ixor :
1393 case Bytecodes::_iand :
1394 current_frame.pop_stack(
1395 VerificationType::integer_type(), CHECK_VERIFY(this));
1396 // fall through
1397 case Bytecodes::_ineg :
1398 current_frame.pop_stack(
1399 VerificationType::integer_type(), CHECK_VERIFY(this));
1400 current_frame.push_stack(
1401 VerificationType::integer_type(), CHECK_VERIFY(this));
1402 no_control_flow = false; break;
1403 case Bytecodes::_ladd :
1404 case Bytecodes::_lsub :
1405 case Bytecodes::_lmul :
1406 case Bytecodes::_ldiv :
1407 case Bytecodes::_lrem :
1408 case Bytecodes::_land :
1409 case Bytecodes::_lor :
1410 case Bytecodes::_lxor :
1411 current_frame.pop_stack_2(
1412 VerificationType::long2_type(),
1413 VerificationType::long_type(), CHECK_VERIFY(this));
1414 // fall through
1415 case Bytecodes::_lneg :
1416 current_frame.pop_stack_2(
1417 VerificationType::long2_type(),
1418 VerificationType::long_type(), CHECK_VERIFY(this));
1419 current_frame.push_stack_2(
1420 VerificationType::long_type(),
1421 VerificationType::long2_type(), CHECK_VERIFY(this));
1422 no_control_flow = false; break;
1423 case Bytecodes::_lshl :
1424 case Bytecodes::_lshr :
1425 case Bytecodes::_lushr :
1426 current_frame.pop_stack(
1427 VerificationType::integer_type(), CHECK_VERIFY(this));
1428 current_frame.pop_stack_2(
1429 VerificationType::long2_type(),
1430 VerificationType::long_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack_2(
1432 VerificationType::long_type(),
1433 VerificationType::long2_type(), CHECK_VERIFY(this));
1434 no_control_flow = false; break;
1435 case Bytecodes::_fadd :
1436 case Bytecodes::_fsub :
1437 case Bytecodes::_fmul :
1438 case Bytecodes::_fdiv :
1439 case Bytecodes::_frem :
1440 current_frame.pop_stack(
1441 VerificationType::float_type(), CHECK_VERIFY(this));
1442 // fall through
1443 case Bytecodes::_fneg :
1444 current_frame.pop_stack(
1445 VerificationType::float_type(), CHECK_VERIFY(this));
1446 current_frame.push_stack(
1447 VerificationType::float_type(), CHECK_VERIFY(this));
1448 no_control_flow = false; break;
1449 case Bytecodes::_dadd :
1450 case Bytecodes::_dsub :
1451 case Bytecodes::_dmul :
1452 case Bytecodes::_ddiv :
1453 case Bytecodes::_drem :
1454 current_frame.pop_stack_2(
1455 VerificationType::double2_type(),
1456 VerificationType::double_type(), CHECK_VERIFY(this));
1457 // fall through
1458 case Bytecodes::_dneg :
1459 current_frame.pop_stack_2(
1460 VerificationType::double2_type(),
1461 VerificationType::double_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack_2(
1463 VerificationType::double_type(),
1464 VerificationType::double2_type(), CHECK_VERIFY(this));
1465 no_control_flow = false; break;
1466 case Bytecodes::_iinc :
1467 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1468 no_control_flow = false; break;
1469 case Bytecodes::_i2l :
1470 type = current_frame.pop_stack(
1471 VerificationType::integer_type(), CHECK_VERIFY(this));
1472 current_frame.push_stack_2(
1473 VerificationType::long_type(),
1474 VerificationType::long2_type(), CHECK_VERIFY(this));
1475 no_control_flow = false; break;
1476 case Bytecodes::_l2i :
1477 current_frame.pop_stack_2(
1478 VerificationType::long2_type(),
1479 VerificationType::long_type(), CHECK_VERIFY(this));
1480 current_frame.push_stack(
1481 VerificationType::integer_type(), CHECK_VERIFY(this));
1482 no_control_flow = false; break;
1483 case Bytecodes::_i2f :
1484 current_frame.pop_stack(
1485 VerificationType::integer_type(), CHECK_VERIFY(this));
1486 current_frame.push_stack(
1487 VerificationType::float_type(), CHECK_VERIFY(this));
1488 no_control_flow = false; break;
1489 case Bytecodes::_i2d :
1490 current_frame.pop_stack(
1491 VerificationType::integer_type(), CHECK_VERIFY(this));
1492 current_frame.push_stack_2(
1493 VerificationType::double_type(),
1494 VerificationType::double2_type(), CHECK_VERIFY(this));
1495 no_control_flow = false; break;
1496 case Bytecodes::_l2f :
1497 current_frame.pop_stack_2(
1498 VerificationType::long2_type(),
1499 VerificationType::long_type(), CHECK_VERIFY(this));
1500 current_frame.push_stack(
1501 VerificationType::float_type(), CHECK_VERIFY(this));
1502 no_control_flow = false; break;
1503 case Bytecodes::_l2d :
1504 current_frame.pop_stack_2(
1505 VerificationType::long2_type(),
1506 VerificationType::long_type(), CHECK_VERIFY(this));
1507 current_frame.push_stack_2(
1508 VerificationType::double_type(),
1509 VerificationType::double2_type(), CHECK_VERIFY(this));
1510 no_control_flow = false; break;
1511 case Bytecodes::_f2i :
1512 current_frame.pop_stack(
1513 VerificationType::float_type(), CHECK_VERIFY(this));
1514 current_frame.push_stack(
1515 VerificationType::integer_type(), CHECK_VERIFY(this));
1516 no_control_flow = false; break;
1517 case Bytecodes::_f2l :
1518 current_frame.pop_stack(
1519 VerificationType::float_type(), CHECK_VERIFY(this));
1520 current_frame.push_stack_2(
1521 VerificationType::long_type(),
1522 VerificationType::long2_type(), CHECK_VERIFY(this));
1523 no_control_flow = false; break;
1524 case Bytecodes::_f2d :
1525 current_frame.pop_stack(
1526 VerificationType::float_type(), CHECK_VERIFY(this));
1527 current_frame.push_stack_2(
1528 VerificationType::double_type(),
1529 VerificationType::double2_type(), CHECK_VERIFY(this));
1530 no_control_flow = false; break;
1531 case Bytecodes::_d2i :
1532 current_frame.pop_stack_2(
1533 VerificationType::double2_type(),
1534 VerificationType::double_type(), CHECK_VERIFY(this));
1535 current_frame.push_stack(
1536 VerificationType::integer_type(), CHECK_VERIFY(this));
1537 no_control_flow = false; break;
1538 case Bytecodes::_d2l :
1539 current_frame.pop_stack_2(
1540 VerificationType::double2_type(),
1541 VerificationType::double_type(), CHECK_VERIFY(this));
1542 current_frame.push_stack_2(
1543 VerificationType::long_type(),
1544 VerificationType::long2_type(), CHECK_VERIFY(this));
1545 no_control_flow = false; break;
1546 case Bytecodes::_d2f :
1547 current_frame.pop_stack_2(
1548 VerificationType::double2_type(),
1549 VerificationType::double_type(), CHECK_VERIFY(this));
1550 current_frame.push_stack(
1551 VerificationType::float_type(), CHECK_VERIFY(this));
1552 no_control_flow = false; break;
1553 case Bytecodes::_i2b :
1554 case Bytecodes::_i2c :
1555 case Bytecodes::_i2s :
1556 current_frame.pop_stack(
1557 VerificationType::integer_type(), CHECK_VERIFY(this));
1558 current_frame.push_stack(
1559 VerificationType::integer_type(), CHECK_VERIFY(this));
1560 no_control_flow = false; break;
1561 case Bytecodes::_lcmp :
1562 current_frame.pop_stack_2(
1563 VerificationType::long2_type(),
1564 VerificationType::long_type(), CHECK_VERIFY(this));
1565 current_frame.pop_stack_2(
1566 VerificationType::long2_type(),
1567 VerificationType::long_type(), CHECK_VERIFY(this));
1568 current_frame.push_stack(
1569 VerificationType::integer_type(), CHECK_VERIFY(this));
1570 no_control_flow = false; break;
1571 case Bytecodes::_fcmpl :
1572 case Bytecodes::_fcmpg :
1573 current_frame.pop_stack(
1574 VerificationType::float_type(), CHECK_VERIFY(this));
1575 current_frame.pop_stack(
1576 VerificationType::float_type(), CHECK_VERIFY(this));
1577 current_frame.push_stack(
1578 VerificationType::integer_type(), CHECK_VERIFY(this));
1579 no_control_flow = false; break;
1580 case Bytecodes::_dcmpl :
1581 case Bytecodes::_dcmpg :
1582 current_frame.pop_stack_2(
1583 VerificationType::double2_type(),
1584 VerificationType::double_type(), CHECK_VERIFY(this));
1585 current_frame.pop_stack_2(
1586 VerificationType::double2_type(),
1587 VerificationType::double_type(), CHECK_VERIFY(this));
1588 current_frame.push_stack(
1589 VerificationType::integer_type(), CHECK_VERIFY(this));
1590 no_control_flow = false; break;
1591 case Bytecodes::_if_icmpeq:
1592 case Bytecodes::_if_icmpne:
1593 case Bytecodes::_if_icmplt:
1594 case Bytecodes::_if_icmpge:
1595 case Bytecodes::_if_icmpgt:
1596 case Bytecodes::_if_icmple:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 // fall through
1600 case Bytecodes::_ifeq:
1601 case Bytecodes::_ifne:
1602 case Bytecodes::_iflt:
1603 case Bytecodes::_ifge:
1604 case Bytecodes::_ifgt:
1605 case Bytecodes::_ifle:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 target = bcs.dest();
1609 stackmap_table.check_jump_target(
1610 ¤t_frame, target, CHECK_VERIFY(this));
1611 no_control_flow = false; break;
1612 case Bytecodes::_if_acmpeq :
1613 case Bytecodes::_if_acmpne :
1614 current_frame.pop_stack(
1615 VerificationType::reference_check(), CHECK_VERIFY(this));
1616 // fall through
1617 case Bytecodes::_ifnull :
1618 case Bytecodes::_ifnonnull :
1619 current_frame.pop_stack(
1620 VerificationType::reference_check(), CHECK_VERIFY(this));
1621 target = bcs.dest();
1622 stackmap_table.check_jump_target
1623 (¤t_frame, target, CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_goto :
1626 target = bcs.dest();
1627 stackmap_table.check_jump_target(
1628 ¤t_frame, target, CHECK_VERIFY(this));
1629 no_control_flow = true; break;
1630 case Bytecodes::_goto_w :
1631 target = bcs.dest_w();
1632 stackmap_table.check_jump_target(
1633 ¤t_frame, target, CHECK_VERIFY(this));
1634 no_control_flow = true; break;
1635 case Bytecodes::_tableswitch :
1636 case Bytecodes::_lookupswitch :
1637 verify_switch(
1638 &bcs, code_length, code_data, ¤t_frame,
1639 &stackmap_table, CHECK_VERIFY(this));
1640 no_control_flow = true; break;
1641 case Bytecodes::_ireturn :
1642 type = current_frame.pop_stack(
1643 VerificationType::integer_type(), CHECK_VERIFY(this));
1644 verify_return_value(return_type, type, bci,
1645 ¤t_frame, CHECK_VERIFY(this));
1646 no_control_flow = true; break;
1647 case Bytecodes::_lreturn :
1648 type2 = current_frame.pop_stack(
1649 VerificationType::long2_type(), CHECK_VERIFY(this));
1650 type = current_frame.pop_stack(
1651 VerificationType::long_type(), CHECK_VERIFY(this));
1652 verify_return_value(return_type, type, bci,
1653 ¤t_frame, CHECK_VERIFY(this));
1654 no_control_flow = true; break;
1655 case Bytecodes::_freturn :
1656 type = current_frame.pop_stack(
1657 VerificationType::float_type(), CHECK_VERIFY(this));
1658 verify_return_value(return_type, type, bci,
1659 ¤t_frame, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_dreturn :
1662 type2 = current_frame.pop_stack(
1663 VerificationType::double2_type(), CHECK_VERIFY(this));
1664 type = current_frame.pop_stack(
1665 VerificationType::double_type(), CHECK_VERIFY(this));
1666 verify_return_value(return_type, type, bci,
1667 ¤t_frame, CHECK_VERIFY(this));
1668 no_control_flow = true; break;
1669 case Bytecodes::_areturn :
1670 type = current_frame.pop_stack(
1671 VerificationType::reference_check(), CHECK_VERIFY(this));
1672 verify_return_value(return_type, type, bci,
1673 ¤t_frame, CHECK_VERIFY(this));
1674 no_control_flow = true; break;
1675 case Bytecodes::_return :
1676 if (return_type != VerificationType::bogus_type()) {
1677 verify_error(ErrorContext::bad_code(bci),
1678 "Method expects a return value");
1679 return;
1680 }
1681 // Make sure "this" has been initialized if current method is an
1682 // <init>.
1683 if (_method->name() == vmSymbols::object_initializer_name() &&
1684 current_frame.flag_this_uninit()) {
1685 verify_error(ErrorContext::bad_code(bci),
1686 "Constructor must call super() or this() "
1687 "before return");
1688 return;
1689 }
1690 no_control_flow = true; break;
1691 case Bytecodes::_getstatic :
1692 case Bytecodes::_putstatic :
1693 // pass TRUE, operand can be an array type for getstatic/putstatic.
1694 verify_field_instructions(
1695 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1696 no_control_flow = false; break;
1697 case Bytecodes::_getfield :
1698 case Bytecodes::_putfield :
1699 // pass FALSE, operand can't be an array type for getfield/putfield.
1700 verify_field_instructions(
1701 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1702 no_control_flow = false; break;
1703 case Bytecodes::_invokevirtual :
1704 case Bytecodes::_invokespecial :
1705 case Bytecodes::_invokestatic :
1706 verify_invoke_instructions(
1707 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1708 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709 no_control_flow = false; break;
1710 case Bytecodes::_invokeinterface :
1711 case Bytecodes::_invokedynamic :
1712 verify_invoke_instructions(
1713 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1714 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715 no_control_flow = false; break;
1716 case Bytecodes::_new :
1717 {
1718 index = bcs.get_index_u2();
1719 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720 VerificationType new_class_type =
1721 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722 if (!new_class_type.is_object()) {
1723 verify_error(ErrorContext::bad_type(bci,
1724 TypeOrigin::cp(index, new_class_type)),
1725 "Illegal new instruction");
1726 return;
1727 }
1728 type = VerificationType::uninitialized_type(bci);
1729 current_frame.push_stack(type, CHECK_VERIFY(this));
1730 no_control_flow = false; break;
1731 }
1732 case Bytecodes::_newarray :
1733 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734 current_frame.pop_stack(
1735 VerificationType::integer_type(), CHECK_VERIFY(this));
1736 current_frame.push_stack(type, CHECK_VERIFY(this));
1737 no_control_flow = false; break;
1738 case Bytecodes::_anewarray :
1739 verify_anewarray(
1740 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1741 no_control_flow = false; break;
1742 case Bytecodes::_arraylength :
1743 type = current_frame.pop_stack(
1744 VerificationType::reference_check(), CHECK_VERIFY(this));
1745 if (!(type.is_null() || type.is_array())) {
1746 verify_error(ErrorContext::bad_type(
1747 bci, current_frame.stack_top_ctx()),
1748 bad_type_msg, "arraylength");
1749 }
1750 current_frame.push_stack(
1751 VerificationType::integer_type(), CHECK_VERIFY(this));
1752 no_control_flow = false; break;
1753 case Bytecodes::_checkcast :
1754 {
1755 index = bcs.get_index_u2();
1756 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758 VerificationType klass_type = cp_index_to_type(
1759 index, cp, CHECK_VERIFY(this));
1760 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 }
1763 case Bytecodes::_instanceof : {
1764 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 current_frame.push_stack(
1768 VerificationType::integer_type(), CHECK_VERIFY(this));
1769 no_control_flow = false; break;
1770 }
1771 case Bytecodes::_monitorenter :
1772 case Bytecodes::_monitorexit :
1773 current_frame.pop_stack(
1774 VerificationType::reference_check(), CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 case Bytecodes::_multianewarray :
1777 {
1778 index = bcs.get_index_u2();
1779 u2 dim = *(bcs.bcp()+3);
1780 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781 VerificationType new_array_type =
1782 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783 if (!new_array_type.is_array()) {
1784 verify_error(ErrorContext::bad_type(bci,
1785 TypeOrigin::cp(index, new_array_type)),
1786 "Illegal constant pool index in multianewarray instruction");
1787 return;
1788 }
1789 if (dim < 1 || new_array_type.dimensions() < dim) {
1790 verify_error(ErrorContext::bad_code(bci),
1791 "Illegal dimension in multianewarray instruction: %d", dim);
1792 return;
1793 }
1794 for (int i = 0; i < dim; i++) {
1795 current_frame.pop_stack(
1796 VerificationType::integer_type(), CHECK_VERIFY(this));
1797 }
1798 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1799 no_control_flow = false; break;
1800 }
1801 case Bytecodes::_athrow :
1802 type = VerificationType::reference_type(
1803 vmSymbols::java_lang_Throwable());
1804 current_frame.pop_stack(type, CHECK_VERIFY(this));
1805 no_control_flow = true; break;
1806 default:
1807 // We only need to check the valid bytecodes in class file.
1808 // And jsr and ret are not in the new class file format in JDK1.6.
1809 verify_error(ErrorContext::bad_code(bci),
1810 "Bad instruction: %02x", opcode);
1811 no_control_flow = false;
1812 return;
1813 } // end switch
1814 } // end Merge with the next instruction
1815
1816 // Look for possible jump target in exception handlers and see if it matches
1817 // current_frame. Don't do this check if it has already been done (for
1818 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1819 // opcodes, such as invokespecial, may set the this_uninit flag.
1820 assert(!(verified_exc_handlers && this_uninit),
1821 "Exception handler targets got verified before this_uninit got set");
1822 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1823 if (was_recursively_verified()) return;
1824 verify_exception_handler_targets(
1825 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1826 }
1827 } // end while
1828
1829 // Make sure that control flow does not fall through end of the method
1830 if (!no_control_flow) {
1831 verify_error(ErrorContext::bad_code(code_length),
1832 "Control flow falls through code end");
1833 return;
1834 }
1835 }
1836
1837 #undef bad_type_message
1838
1839 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1840 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1841 memset(code_data, 0, sizeof(char) * code_length);
1842 RawBytecodeStream bcs(m);
1843
1844 while (!bcs.is_last_bytecode()) {
1845 if (bcs.raw_next() != Bytecodes::_illegal) {
1846 int bci = bcs.bci();
1847 if (bcs.raw_code() == Bytecodes::_new) {
1848 code_data[bci] = NEW_OFFSET;
1849 } else {
1850 code_data[bci] = BYTECODE_OFFSET;
1851 }
1852 } else {
1853 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1854 return NULL;
1855 }
1856 }
1857
1858 return code_data;
1859 }
1860
1861 // Since this method references the constant pool, call was_recursively_verified()
1862 // before calling this method to make sure a prior class load did not cause the
1863 // current class to get verified.
1864 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1865 ExceptionTable exhandlers(_method());
1866 int exlength = exhandlers.length();
1867 constantPoolHandle cp (THREAD, _method->constants());
1868
1869 for(int i = 0; i < exlength; i++) {
1870 u2 start_pc = exhandlers.start_pc(i);
1871 u2 end_pc = exhandlers.end_pc(i);
1872 u2 handler_pc = exhandlers.handler_pc(i);
1873 if (start_pc >= code_length || code_data[start_pc] == 0) {
1874 class_format_error("Illegal exception table start_pc %d", start_pc);
1875 return;
1876 }
1877 if (end_pc != code_length) { // special case: end_pc == code_length
1878 if (end_pc > code_length || code_data[end_pc] == 0) {
1879 class_format_error("Illegal exception table end_pc %d", end_pc);
1880 return;
1881 }
1882 }
1883 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1884 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1885 return;
1886 }
1887 int catch_type_index = exhandlers.catch_type_index(i);
1888 if (catch_type_index != 0) {
1889 VerificationType catch_type = cp_index_to_type(
1890 catch_type_index, cp, CHECK_VERIFY(this));
1891 VerificationType throwable =
1892 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1893 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1894 // do that, and we need to avoid a runtime resolution in case we are trying to
1895 // catch OutOfMemoryError.
1896 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1897 cp->klass_at(catch_type_index, CHECK);
1898 }
1899 bool is_subclass = throwable.is_assignable_from(
1900 catch_type, this, false, CHECK_VERIFY(this));
1901 if (!is_subclass) {
1902 // 4286534: should throw VerifyError according to recent spec change
1903 verify_error(ErrorContext::bad_type(handler_pc,
1904 TypeOrigin::cp(catch_type_index, catch_type),
1905 TypeOrigin::implicit(throwable)),
1906 "Catch type is not a subclass "
1907 "of Throwable in exception handler %d", handler_pc);
1908 return;
1909 }
1910 }
1911 if (start_pc < min) min = start_pc;
1912 if (end_pc > max) max = end_pc;
1913 }
1914 }
1915
1916 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1917 int localvariable_table_length = _method->localvariable_table_length();
1918 if (localvariable_table_length > 0) {
1919 LocalVariableTableElement* table = _method->localvariable_table_start();
1920 for (int i = 0; i < localvariable_table_length; i++) {
1921 u2 start_bci = table[i].start_bci;
1922 u2 length = table[i].length;
1923
1924 if (start_bci >= code_length || code_data[start_bci] == 0) {
1925 class_format_error(
1926 "Illegal local variable table start_pc %d", start_bci);
1927 return;
1928 }
1929 u4 end_bci = (u4)(start_bci + length);
1930 if (end_bci != code_length) {
1931 if (end_bci >= code_length || code_data[end_bci] == 0) {
1932 class_format_error( "Illegal local variable table length %d", length);
1933 return;
1934 }
1935 }
1936 }
1937 }
1938 }
1939
1940 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1941 StackMapFrame* current_frame,
1942 StackMapTable* stackmap_table,
1943 bool no_control_flow, TRAPS) {
1944 if (stackmap_index < stackmap_table->get_frame_count()) {
1945 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1946 if (no_control_flow && this_offset > bci) {
1947 verify_error(ErrorContext::missing_stackmap(bci),
1948 "Expecting a stack map frame");
1949 return 0;
1950 }
1951 if (this_offset == bci) {
1952 ErrorContext ctx;
1953 // See if current stack map can be assigned to the frame in table.
1954 // current_frame is the stackmap frame got from the last instruction.
1955 // If matched, current_frame will be updated by this method.
1956 bool matches = stackmap_table->match_stackmap(
1957 current_frame, this_offset, stackmap_index,
1958 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1959 if (!matches) {
1960 // report type error
1961 verify_error(ctx, "Instruction type does not match stack map");
1962 return 0;
1963 }
1964 stackmap_index++;
1965 } else if (this_offset < bci) {
1966 // current_offset should have met this_offset.
1967 class_format_error("Bad stack map offset %d", this_offset);
1968 return 0;
1969 }
1970 } else if (no_control_flow) {
1971 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1972 return 0;
1973 }
1974 return stackmap_index;
1975 }
1976
1977 // Since this method references the constant pool, call was_recursively_verified()
1978 // before calling this method to make sure a prior class load did not cause the
1979 // current class to get verified.
1980 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
1981 StackMapFrame* current_frame,
1982 StackMapTable* stackmap_table, TRAPS) {
1983 constantPoolHandle cp (THREAD, _method->constants());
1984 ExceptionTable exhandlers(_method());
1985 int exlength = exhandlers.length();
1986 for(int i = 0; i < exlength; i++) {
1987 u2 start_pc = exhandlers.start_pc(i);
1988 u2 end_pc = exhandlers.end_pc(i);
1989 u2 handler_pc = exhandlers.handler_pc(i);
1990 int catch_type_index = exhandlers.catch_type_index(i);
1991 if(bci >= start_pc && bci < end_pc) {
1992 u1 flags = current_frame->flags();
1993 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
1994 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
1995 if (catch_type_index != 0) {
1996 if (was_recursively_verified()) return;
1997 // We know that this index refers to a subclass of Throwable
1998 VerificationType catch_type = cp_index_to_type(
1999 catch_type_index, cp, CHECK_VERIFY(this));
2000 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2001 } else {
2002 VerificationType throwable =
2003 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2004 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2005 }
2006 ErrorContext ctx;
2007 bool matches = stackmap_table->match_stackmap(
2008 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2009 if (!matches) {
2010 verify_error(ctx, "Stack map does not match the one at "
2011 "exception handler %d", handler_pc);
2012 return;
2013 }
2014 }
2015 }
2016 }
2017
2018 void ClassVerifier::verify_cp_index(
2019 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2020 int nconstants = cp->length();
2021 if ((index <= 0) || (index >= nconstants)) {
2022 verify_error(ErrorContext::bad_cp_index(bci, index),
2023 "Illegal constant pool index %d in class %s",
2024 index, cp->pool_holder()->external_name());
2025 return;
2026 }
2027 }
2028
2029 void ClassVerifier::verify_cp_type(
2030 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031
2032 // In some situations, bytecode rewriting may occur while we're verifying.
2033 // In this case, a constant pool cache exists and some indices refer to that
2034 // instead. Be sure we don't pick up such indices by accident.
2035 // We must check was_recursively_verified() before we get here.
2036 guarantee(cp->cache() == NULL, "not rewritten yet");
2037
2038 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039 unsigned int tag = cp->tag_at(index).value();
2040 if ((types & (1 << tag)) == 0) {
2041 verify_error(ErrorContext::bad_cp_index(bci, index),
2042 "Illegal type at constant pool entry %d in class %s",
2043 index, cp->pool_holder()->external_name());
2044 return;
2045 }
2046 }
2047
2048 void ClassVerifier::verify_cp_class_type(
2049 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2050 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051 constantTag tag = cp->tag_at(index);
2052 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053 verify_error(ErrorContext::bad_cp_index(bci, index),
2054 "Illegal type at constant pool entry %d in class %s",
2055 index, cp->pool_holder()->external_name());
2056 return;
2057 }
2058 }
2059
2060 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2061 stringStream ss;
2062
2063 ctx.reset_frames();
2064 _exception_type = vmSymbols::java_lang_VerifyError();
2065 _error_context = ctx;
2066 va_list va;
2067 va_start(va, msg);
2068 ss.vprint(msg, va);
2069 va_end(va);
2070 _message = ss.as_string();
2071 #ifdef ASSERT
2072 ResourceMark rm;
2073 const char* exception_name = _exception_type->as_C_string();
2074 Exceptions::debug_check_abort(exception_name, NULL);
2075 #endif // ndef ASSERT
2076 }
2077
2078 void ClassVerifier::class_format_error(const char* msg, ...) {
2079 stringStream ss;
2080 _exception_type = vmSymbols::java_lang_ClassFormatError();
2081 va_list va;
2082 va_start(va, msg);
2083 ss.vprint(msg, va);
2084 va_end(va);
2085 if (!_method.is_null()) {
2086 ss.print(" in method '");
2087 _method->print_external_name(&ss);
2088 ss.print("'");
2089 }
2090 _message = ss.as_string();
2091 }
2092
2093 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2094 HandleMark hm(THREAD);
2095 // Get current loader and protection domain first.
2096 oop loader = current_class()->class_loader();
2097 oop protection_domain = current_class()->protection_domain();
2098
2099 assert(name_in_supers(name, current_class()), "name should be a super class");
2100
2101 Klass* kls = SystemDictionary::resolve_or_fail(
2102 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2103 true, THREAD);
2104
2105 if (kls != NULL) {
2106 if (log_is_enabled(Debug, class, resolve)) {
2107 Verifier::trace_class_resolution(kls, current_class());
2108 }
2109 }
2110 return kls;
2111 }
2112
2113 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2114 Klass* target_class,
2115 Symbol* field_name,
2116 Symbol* field_sig,
2117 bool is_method) {
2118 NoSafepointVerifier nosafepoint;
2119
2120 // If target class isn't a super class of this class, we don't worry about this case
2121 if (!this_class->is_subclass_of(target_class)) {
2122 return false;
2123 }
2124 // Check if the specified method or field is protected
2125 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2126 fieldDescriptor fd;
2127 if (is_method) {
2128 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2129 if (m != NULL && m->is_protected()) {
2130 if (!this_class->is_same_class_package(m->method_holder())) {
2131 return true;
2132 }
2133 }
2134 } else {
2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136 if (member_klass != NULL && fd.is_protected()) {
2137 if (!this_class->is_same_class_package(member_klass)) {
2138 return true;
2139 }
2140 }
2141 }
2142 return false;
2143 }
2144
2145 void ClassVerifier::verify_ldc(
2146 int opcode, u2 index, StackMapFrame* current_frame,
2147 const constantPoolHandle& cp, u2 bci, TRAPS) {
2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149 constantTag tag = cp->tag_at(index);
2150 unsigned int types = 0;
2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152 if (!tag.is_unresolved_klass()) {
2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156 | (1 << JVM_CONSTANT_Dynamic);
2157 // Note: The class file parser already verified the legality of
2158 // MethodHandle and MethodType constants.
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 } else {
2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164 | (1 << JVM_CONSTANT_Dynamic);
2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166 }
2167 if (tag.is_string()) {
2168 current_frame->push_stack(
2169 VerificationType::reference_type(
2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172 current_frame->push_stack(
2173 VerificationType::reference_type(
2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2175 } else if (tag.is_int()) {
2176 current_frame->push_stack(
2177 VerificationType::integer_type(), CHECK_VERIFY(this));
2178 } else if (tag.is_float()) {
2179 current_frame->push_stack(
2180 VerificationType::float_type(), CHECK_VERIFY(this));
2181 } else if (tag.is_double()) {
2182 current_frame->push_stack_2(
2183 VerificationType::double_type(),
2184 VerificationType::double2_type(), CHECK_VERIFY(this));
2185 } else if (tag.is_long()) {
2186 current_frame->push_stack_2(
2187 VerificationType::long_type(),
2188 VerificationType::long2_type(), CHECK_VERIFY(this));
2189 } else if (tag.is_method_handle()) {
2190 current_frame->push_stack(
2191 VerificationType::reference_type(
2192 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2193 } else if (tag.is_method_type()) {
2194 current_frame->push_stack(
2195 VerificationType::reference_type(
2196 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2197 } else if (tag.is_dynamic_constant()) {
2198 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2199 // Field signature was checked in ClassFileParser.
2200 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2201 "Invalid type for dynamic constant");
2202 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2203 "buffer type must match VerificationType size");
2204 uintptr_t constant_type_buffer[2];
2205 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2206 SignatureStream sig_stream(constant_type, false);
2207 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2208 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2209 if (n != opcode_n) {
2210 // wrong kind of ldc; reverify against updated type mask
2211 types &= ~(1 << JVM_CONSTANT_Dynamic);
2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213 }
2214 for (int i = 0; i < n; i++) {
2215 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2216 }
2217 } else {
2218 /* Unreachable? verify_cp_type has already validated the cp type. */
2219 verify_error(
2220 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2221 return;
2222 }
2223 }
2224
2225 void ClassVerifier::verify_switch(
2226 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2227 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2228 int bci = bcs->bci();
2229 address bcp = bcs->bcp();
2230 address aligned_bcp = align_up(bcp + 1, jintSize);
2231
2232 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2233 // 4639449 & 4647081: padding bytes must be 0
2234 u2 padding_offset = 1;
2235 while ((bcp + padding_offset) < aligned_bcp) {
2236 if(*(bcp + padding_offset) != 0) {
2237 verify_error(ErrorContext::bad_code(bci),
2238 "Nonzero padding byte in lookupswitch or tableswitch");
2239 return;
2240 }
2241 padding_offset++;
2242 }
2243 }
2244
2245 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2246 int keys, delta;
2247 current_frame->pop_stack(
2248 VerificationType::integer_type(), CHECK_VERIFY(this));
2249 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2250 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2251 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2252 if (low > high) {
2253 verify_error(ErrorContext::bad_code(bci),
2254 "low must be less than or equal to high in tableswitch");
2255 return;
2256 }
2257 keys = high - low + 1;
2258 if (keys < 0) {
2259 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2260 return;
2261 }
2262 delta = 1;
2263 } else {
2264 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2265 if (keys < 0) {
2266 verify_error(ErrorContext::bad_code(bci),
2267 "number of keys in lookupswitch less than 0");
2268 return;
2269 }
2270 delta = 2;
2271 // Make sure that the lookupswitch items are sorted
2272 for (int i = 0; i < (keys - 1); i++) {
2273 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2274 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2275 if (this_key >= next_key) {
2276 verify_error(ErrorContext::bad_code(bci),
2277 "Bad lookupswitch instruction");
2278 return;
2279 }
2280 }
2281 }
2282 int target = bci + default_offset;
2283 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2284 for (int i = 0; i < keys; i++) {
2285 // Because check_jump_target() may safepoint, the bytecode could have
2286 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2287 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2288 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2289 stackmap_table->check_jump_target(
2290 current_frame, target, CHECK_VERIFY(this));
2291 }
2292 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2293 }
2294
2295 bool ClassVerifier::name_in_supers(
2296 Symbol* ref_name, InstanceKlass* current) {
2297 Klass* super = current->super();
2298 while (super != NULL) {
2299 if (super->name() == ref_name) {
2300 return true;
2301 }
2302 super = super->super();
2303 }
2304 return false;
2305 }
2306
2307 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2308 StackMapFrame* current_frame,
2309 const constantPoolHandle& cp,
2310 bool allow_arrays,
2311 TRAPS) {
2312 u2 index = bcs->get_index_u2();
2313 verify_cp_type(bcs->bci(), index, cp,
2314 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2315
2316 // Get field name and signature
2317 Symbol* field_name = cp->name_ref_at(index);
2318 Symbol* field_sig = cp->signature_ref_at(index);
2319 bool is_getfield = false;
2320
2321 // Field signature was checked in ClassFileParser.
2322 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2323 "Invalid field signature");
2324
2325 // Get referenced class type
2326 VerificationType ref_class_type = cp_ref_index_to_type(
2327 index, cp, CHECK_VERIFY(this));
2328 if (!ref_class_type.is_object() &&
2329 (!allow_arrays || !ref_class_type.is_array())) {
2330 verify_error(ErrorContext::bad_type(bcs->bci(),
2331 TypeOrigin::cp(index, ref_class_type)),
2332 "Expecting reference to class in class %s at constant pool index %d",
2333 _klass->external_name(), index);
2334 return;
2335 }
2336 VerificationType target_class_type = ref_class_type;
2337
2338 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2339 "buffer type must match VerificationType size");
2340 uintptr_t field_type_buffer[2];
2341 VerificationType* field_type = (VerificationType*)field_type_buffer;
2342 // If we make a VerificationType[2] array directly, the compiler calls
2343 // to the c-runtime library to do the allocation instead of just
2344 // stack allocating it. Plus it would run constructors. This shows up
2345 // in performance profiles.
2346
2347 SignatureStream sig_stream(field_sig, false);
2348 VerificationType stack_object_type;
2349 int n = change_sig_to_verificationType(&sig_stream, field_type);
2350 u2 bci = bcs->bci();
2351 bool is_assignable;
2352 switch (bcs->raw_code()) {
2353 case Bytecodes::_getstatic: {
2354 for (int i = 0; i < n; i++) {
2355 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2356 }
2357 break;
2358 }
2359 case Bytecodes::_putstatic: {
2360 for (int i = n - 1; i >= 0; i--) {
2361 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2362 }
2363 break;
2364 }
2365 case Bytecodes::_getfield: {
2366 is_getfield = true;
2367 stack_object_type = current_frame->pop_stack(
2368 target_class_type, CHECK_VERIFY(this));
2369 goto check_protected;
2370 }
2371 case Bytecodes::_putfield: {
2372 for (int i = n - 1; i >= 0; i--) {
2373 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2374 }
2375 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2376
2377 // The JVMS 2nd edition allows field initialization before the superclass
2378 // initializer, if the field is defined within the current class.
2379 fieldDescriptor fd;
2380 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2381 target_class_type.equals(current_type()) &&
2382 _klass->find_local_field(field_name, field_sig, &fd)) {
2383 stack_object_type = current_type();
2384 }
2385 is_assignable = target_class_type.is_assignable_from(
2386 stack_object_type, this, false, CHECK_VERIFY(this));
2387 if (!is_assignable) {
2388 verify_error(ErrorContext::bad_type(bci,
2389 current_frame->stack_top_ctx(),
2390 TypeOrigin::cp(index, target_class_type)),
2391 "Bad type on operand stack in putfield");
2392 return;
2393 }
2394 }
2395 check_protected: {
2396 if (_this_type == stack_object_type)
2397 break; // stack_object_type must be assignable to _current_class_type
2398 if (was_recursively_verified()) {
2399 if (is_getfield) {
2400 // Push field type for getfield.
2401 for (int i = 0; i < n; i++) {
2402 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2403 }
2404 }
2405 return;
2406 }
2407 Symbol* ref_class_name =
2408 cp->klass_name_at(cp->klass_ref_index_at(index));
2409 if (!name_in_supers(ref_class_name, current_class()))
2410 // stack_object_type must be assignable to _current_class_type since:
2411 // 1. stack_object_type must be assignable to ref_class.
2412 // 2. ref_class must be _current_class or a subclass of it. It can't
2413 // be a superclass of it. See revised JVMS 5.4.4.
2414 break;
2415
2416 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2417 if (is_protected_access(current_class(), ref_class_oop, field_name,
2418 field_sig, false)) {
2419 // It's protected access, check if stack object is assignable to
2420 // current class.
2421 is_assignable = current_type().is_assignable_from(
2422 stack_object_type, this, true, CHECK_VERIFY(this));
2423 if (!is_assignable) {
2424 verify_error(ErrorContext::bad_type(bci,
2425 current_frame->stack_top_ctx(),
2426 TypeOrigin::implicit(current_type())),
2427 "Bad access to protected data in %s",
2428 is_getfield ? "getfield" : "putfield");
2429 return;
2430 }
2431 }
2432 break;
2433 }
2434 default: ShouldNotReachHere();
2435 }
2436 if (is_getfield) {
2437 // Push field type for getfield after doing protection check.
2438 for (int i = 0; i < n; i++) {
2439 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2440 }
2441 }
2442 }
2443
2444 // Look at the method's handlers. If the bci is in the handler's try block
2445 // then check if the handler_pc is already on the stack. If not, push it
2446 // unless the handler has already been scanned.
2447 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2448 GrowableArray<u4>* handler_list,
2449 GrowableArray<u4>* handler_stack,
2450 u4 bci) {
2451 int exlength = exhandlers->length();
2452 for(int x = 0; x < exlength; x++) {
2453 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2454 u4 exhandler_pc = exhandlers->handler_pc(x);
2455 if (!handler_list->contains(exhandler_pc)) {
2456 handler_stack->append_if_missing(exhandler_pc);
2457 handler_list->append(exhandler_pc);
2458 }
2459 }
2460 }
2461 }
2462
2463 // Return TRUE if all code paths starting with start_bc_offset end in
2464 // bytecode athrow or loop.
2465 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2466 ResourceMark rm;
2467 // Create bytecode stream.
2468 RawBytecodeStream bcs(method());
2469 u4 code_length = method()->code_size();
2470 bcs.set_start(start_bc_offset);
2471 u4 target;
2472 // Create stack for storing bytecode start offsets for if* and *switch.
2473 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2474 // Create stack for handlers for try blocks containing this handler.
2475 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2476 // Create list of handlers that have been pushed onto the handler_stack
2477 // so that handlers embedded inside of their own TRY blocks only get
2478 // scanned once.
2479 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2480 // Create list of visited branch opcodes (goto* and if*).
2481 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2482 ExceptionTable exhandlers(_method());
2483
2484 while (true) {
2485 if (bcs.is_last_bytecode()) {
2486 // if no more starting offsets to parse or if at the end of the
2487 // method then return false.
2488 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2489 return false;
2490 // Pop a bytecode starting offset and scan from there.
2491 bcs.set_start(bci_stack->pop());
2492 }
2493 Bytecodes::Code opcode = bcs.raw_next();
2494 u4 bci = bcs.bci();
2495
2496 // If the bytecode is in a TRY block, push its handlers so they
2497 // will get parsed.
2498 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2499
2500 switch (opcode) {
2501 case Bytecodes::_if_icmpeq:
2502 case Bytecodes::_if_icmpne:
2503 case Bytecodes::_if_icmplt:
2504 case Bytecodes::_if_icmpge:
2505 case Bytecodes::_if_icmpgt:
2506 case Bytecodes::_if_icmple:
2507 case Bytecodes::_ifeq:
2508 case Bytecodes::_ifne:
2509 case Bytecodes::_iflt:
2510 case Bytecodes::_ifge:
2511 case Bytecodes::_ifgt:
2512 case Bytecodes::_ifle:
2513 case Bytecodes::_if_acmpeq:
2514 case Bytecodes::_if_acmpne:
2515 case Bytecodes::_ifnull:
2516 case Bytecodes::_ifnonnull:
2517 target = bcs.dest();
2518 if (visited_branches->contains(bci)) {
2519 if (bci_stack->is_empty()) {
2520 if (handler_stack->is_empty()) {
2521 return true;
2522 } else {
2523 // Parse the catch handlers for try blocks containing athrow.
2524 bcs.set_start(handler_stack->pop());
2525 }
2526 } else {
2527 // Pop a bytecode starting offset and scan from there.
2528 bcs.set_start(bci_stack->pop());
2529 }
2530 } else {
2531 if (target > bci) { // forward branch
2532 if (target >= code_length) return false;
2533 // Push the branch target onto the stack.
2534 bci_stack->push(target);
2535 // then, scan bytecodes starting with next.
2536 bcs.set_start(bcs.next_bci());
2537 } else { // backward branch
2538 // Push bytecode offset following backward branch onto the stack.
2539 bci_stack->push(bcs.next_bci());
2540 // Check bytecodes starting with branch target.
2541 bcs.set_start(target);
2542 }
2543 // Record target so we don't branch here again.
2544 visited_branches->append(bci);
2545 }
2546 break;
2547
2548 case Bytecodes::_goto:
2549 case Bytecodes::_goto_w:
2550 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2551 if (visited_branches->contains(bci)) {
2552 if (bci_stack->is_empty()) {
2553 if (handler_stack->is_empty()) {
2554 return true;
2555 } else {
2556 // Parse the catch handlers for try blocks containing athrow.
2557 bcs.set_start(handler_stack->pop());
2558 }
2559 } else {
2560 // Been here before, pop new starting offset from stack.
2561 bcs.set_start(bci_stack->pop());
2562 }
2563 } else {
2564 if (target >= code_length) return false;
2565 // Continue scanning from the target onward.
2566 bcs.set_start(target);
2567 // Record target so we don't branch here again.
2568 visited_branches->append(bci);
2569 }
2570 break;
2571
2572 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2573 // is difficult to determine where each switch alternative ends, parse
2574 // each switch alternative until either hit a 'return', 'athrow', or reach
2575 // the end of the method's bytecodes. This is gross but should be okay
2576 // because:
2577 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2578 // constructor invocations should be rare.
2579 // 2. if each switch alternative ends in an athrow then the parsing should be
2580 // short. If there is no athrow then it is bogus code, anyway.
2581 case Bytecodes::_lookupswitch:
2582 case Bytecodes::_tableswitch:
2583 {
2584 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2585 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2586 int keys, delta;
2587 if (opcode == Bytecodes::_tableswitch) {
2588 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2589 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2590 // This is invalid, but let the regular bytecode verifier
2591 // report this because the user will get a better error message.
2592 if (low > high) return true;
2593 keys = high - low + 1;
2594 delta = 1;
2595 } else {
2596 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2597 delta = 2;
2598 }
2599 // Invalid, let the regular bytecode verifier deal with it.
2600 if (keys < 0) return true;
2601
2602 // Push the offset of the next bytecode onto the stack.
2603 bci_stack->push(bcs.next_bci());
2604
2605 // Push the switch alternatives onto the stack.
2606 for (int i = 0; i < keys; i++) {
2607 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2608 if (target > code_length) return false;
2609 bci_stack->push(target);
2610 }
2611
2612 // Start bytecode parsing for the switch at the default alternative.
2613 if (default_offset > code_length) return false;
2614 bcs.set_start(default_offset);
2615 break;
2616 }
2617
2618 case Bytecodes::_return:
2619 return false;
2620
2621 case Bytecodes::_athrow:
2622 {
2623 if (bci_stack->is_empty()) {
2624 if (handler_stack->is_empty()) {
2625 return true;
2626 } else {
2627 // Parse the catch handlers for try blocks containing athrow.
2628 bcs.set_start(handler_stack->pop());
2629 }
2630 } else {
2631 // Pop a bytecode offset and starting scanning from there.
2632 bcs.set_start(bci_stack->pop());
2633 }
2634 }
2635 break;
2636
2637 default:
2638 ;
2639 } // end switch
2640 } // end while loop
2641
2642 return false;
2643 }
2644
2645 void ClassVerifier::verify_invoke_init(
2646 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2647 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2648 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2649 TRAPS) {
2650 u2 bci = bcs->bci();
2651 VerificationType type = current_frame->pop_stack(
2652 VerificationType::reference_check(), CHECK_VERIFY(this));
2653 if (type == VerificationType::uninitialized_this_type()) {
2654 // The method must be an <init> method of this class or its superclass
2655 Klass* superk = current_class()->super();
2656 if (ref_class_type.name() != current_class()->name() &&
2657 ref_class_type.name() != superk->name()) {
2658 verify_error(ErrorContext::bad_type(bci,
2659 TypeOrigin::implicit(ref_class_type),
2660 TypeOrigin::implicit(current_type())),
2661 "Bad <init> method call");
2662 return;
2663 }
2664
2665 // If this invokespecial call is done from inside of a TRY block then make
2666 // sure that all catch clause paths end in a throw. Otherwise, this can
2667 // result in returning an incomplete object.
2668 if (in_try_block) {
2669 ExceptionTable exhandlers(_method());
2670 int exlength = exhandlers.length();
2671 for(int i = 0; i < exlength; i++) {
2672 u2 start_pc = exhandlers.start_pc(i);
2673 u2 end_pc = exhandlers.end_pc(i);
2674
2675 if (bci >= start_pc && bci < end_pc) {
2676 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2677 verify_error(ErrorContext::bad_code(bci),
2678 "Bad <init> method call from after the start of a try block");
2679 return;
2680 } else if (log_is_enabled(Debug, verification)) {
2681 ResourceMark rm(THREAD);
2682 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2683 current_class()->name()->as_C_string());
2684 }
2685 }
2686 }
2687
2688 // Check the exception handler target stackmaps with the locals from the
2689 // incoming stackmap (before initialize_object() changes them to outgoing
2690 // state).
2691 if (was_recursively_verified()) return;
2692 verify_exception_handler_targets(bci, true, current_frame,
2693 stackmap_table, CHECK_VERIFY(this));
2694 } // in_try_block
2695
2696 current_frame->initialize_object(type, current_type());
2697 *this_uninit = true;
2698 } else if (type.is_uninitialized()) {
2699 u2 new_offset = type.bci();
2700 address new_bcp = bcs->bcp() - bci + new_offset;
2701 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2702 /* Unreachable? Stack map parsing ensures valid type and new
2703 * instructions have a valid BCI. */
2704 verify_error(ErrorContext::bad_code(new_offset),
2705 "Expecting new instruction");
2706 return;
2707 }
2708 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2709 if (was_recursively_verified()) return;
2710 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2711
2712 // The method must be an <init> method of the indicated class
2713 VerificationType new_class_type = cp_index_to_type(
2714 new_class_index, cp, CHECK_VERIFY(this));
2715 if (!new_class_type.equals(ref_class_type)) {
2716 verify_error(ErrorContext::bad_type(bci,
2717 TypeOrigin::cp(new_class_index, new_class_type),
2718 TypeOrigin::cp(ref_class_index, ref_class_type)),
2719 "Call to wrong <init> method");
2720 return;
2721 }
2722 // According to the VM spec, if the referent class is a superclass of the
2723 // current class, and is in a different runtime package, and the method is
2724 // protected, then the objectref must be the current class or a subclass
2725 // of the current class.
2726 VerificationType objectref_type = new_class_type;
2727 if (name_in_supers(ref_class_type.name(), current_class())) {
2728 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2729 if (was_recursively_verified()) return;
2730 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2731 vmSymbols::object_initializer_name(),
2732 cp->signature_ref_at(bcs->get_index_u2()),
2733 Klass::OverpassLookupMode::find);
2734 // Do nothing if method is not found. Let resolution detect the error.
2735 if (m != NULL) {
2736 InstanceKlass* mh = m->method_holder();
2737 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2738 bool assignable = current_type().is_assignable_from(
2739 objectref_type, this, true, CHECK_VERIFY(this));
2740 if (!assignable) {
2741 verify_error(ErrorContext::bad_type(bci,
2742 TypeOrigin::cp(new_class_index, objectref_type),
2743 TypeOrigin::implicit(current_type())),
2744 "Bad access to protected <init> method");
2745 return;
2746 }
2747 }
2748 }
2749 }
2750 // Check the exception handler target stackmaps with the locals from the
2751 // incoming stackmap (before initialize_object() changes them to outgoing
2752 // state).
2753 if (in_try_block) {
2754 if (was_recursively_verified()) return;
2755 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2756 stackmap_table, CHECK_VERIFY(this));
2757 }
2758 current_frame->initialize_object(type, new_class_type);
2759 } else {
2760 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2761 "Bad operand type when invoking <init>");
2762 return;
2763 }
2764 }
2765
2766 bool ClassVerifier::is_same_or_direct_interface(
2767 InstanceKlass* klass,
2768 VerificationType klass_type,
2769 VerificationType ref_class_type) {
2770 if (ref_class_type.equals(klass_type)) return true;
2771 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2772 if (local_interfaces != NULL) {
2773 for (int x = 0; x < local_interfaces->length(); x++) {
2774 InstanceKlass* k = local_interfaces->at(x);
2775 assert (k != NULL && k->is_interface(), "invalid interface");
2776 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2777 return true;
2778 }
2779 }
2780 }
2781 return false;
2782 }
2783
2784 void ClassVerifier::verify_invoke_instructions(
2785 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2786 bool in_try_block, bool *this_uninit, VerificationType return_type,
2787 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2788 // Make sure the constant pool item is the right type
2789 u2 index = bcs->get_index_u2();
2790 Bytecodes::Code opcode = bcs->raw_code();
2791 unsigned int types = 0;
2792 switch (opcode) {
2793 case Bytecodes::_invokeinterface:
2794 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2795 break;
2796 case Bytecodes::_invokedynamic:
2797 types = 1 << JVM_CONSTANT_InvokeDynamic;
2798 break;
2799 case Bytecodes::_invokespecial:
2800 case Bytecodes::_invokestatic:
2801 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2802 (1 << JVM_CONSTANT_Methodref) :
2803 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2804 break;
2805 default:
2806 types = 1 << JVM_CONSTANT_Methodref;
2807 }
2808 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2809
2810 // Get method name and signature
2811 Symbol* method_name = cp->name_ref_at(index);
2812 Symbol* method_sig = cp->signature_ref_at(index);
2813
2814 // Method signature was checked in ClassFileParser.
2815 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2816 "Invalid method signature");
2817
2818 // Get referenced class type
2819 VerificationType ref_class_type;
2820 if (opcode == Bytecodes::_invokedynamic) {
2821 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2822 class_format_error(
2823 "invokedynamic instructions not supported by this class file version (%d), class %s",
2824 _klass->major_version(), _klass->external_name());
2825 return;
2826 }
2827 } else {
2828 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2829 }
2830
2831 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2832 "buffer type must match VerificationType size");
2833
2834 // Get the UTF8 index for this signature.
2835 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2836
2837 // Get the signature's verification types.
2838 sig_as_verification_types* mth_sig_verif_types;
2839 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2840 if (mth_sig_verif_types_ptr != NULL) {
2841 // Found the entry for the signature's verification types in the hash table.
2842 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2843 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value");
2844 } else {
2845 // Not found, add the entry to the table.
2846 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2847 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2848 create_method_sig_entry(mth_sig_verif_types, sig_index);
2849 }
2850
2851 // Get the number of arguments for this signature.
2852 int nargs = mth_sig_verif_types->num_args();
2853
2854 // Check instruction operands
2855 u2 bci = bcs->bci();
2856 if (opcode == Bytecodes::_invokeinterface) {
2857 address bcp = bcs->bcp();
2858 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2859 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2860 // the difference between the size of the operand stack before and after the instruction
2861 // executes.
2862 if (*(bcp+3) != (nargs+1)) {
2863 verify_error(ErrorContext::bad_code(bci),
2864 "Inconsistent args count operand in invokeinterface");
2865 return;
2866 }
2867 if (*(bcp+4) != 0) {
2868 verify_error(ErrorContext::bad_code(bci),
2869 "Fourth operand byte of invokeinterface must be zero");
2870 return;
2871 }
2872 }
2873
2874 if (opcode == Bytecodes::_invokedynamic) {
2875 address bcp = bcs->bcp();
2876 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2877 verify_error(ErrorContext::bad_code(bci),
2878 "Third and fourth operand bytes of invokedynamic must be zero");
2879 return;
2880 }
2881 }
2882
2883 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2884 // Make sure <init> can only be invoked by invokespecial
2885 if (opcode != Bytecodes::_invokespecial ||
2886 method_name != vmSymbols::object_initializer_name()) {
2887 verify_error(ErrorContext::bad_code(bci),
2888 "Illegal call to internal method");
2889 return;
2890 }
2891 } else if (opcode == Bytecodes::_invokespecial
2892 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2893 && !ref_class_type.equals(VerificationType::reference_type(
2894 current_class()->super()->name()))) {
2895 bool subtype = false;
2896 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2897 subtype = ref_class_type.is_assignable_from(
2898 current_type(), this, false, CHECK_VERIFY(this));
2899 if (!subtype) {
2900 verify_error(ErrorContext::bad_code(bci),
2901 "Bad invokespecial instruction: "
2902 "current class isn't assignable to reference class.");
2903 return;
2904 } else if (have_imr_indirect) {
2905 verify_error(ErrorContext::bad_code(bci),
2906 "Bad invokespecial instruction: "
2907 "interface method reference is in an indirect superinterface.");
2908 return;
2909 }
2910
2911 }
2912
2913 // Get the verification types for the method's arguments.
2914 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2915 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2916 // Match method descriptor with operand stack
2917 // The arguments are on the stack in descending order.
2918 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2919 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2920 }
2921
2922 // Check objectref on operand stack
2923 if (opcode != Bytecodes::_invokestatic &&
2924 opcode != Bytecodes::_invokedynamic) {
2925 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2926 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2927 code_length, in_try_block, this_uninit, cp, stackmap_table,
2928 CHECK_VERIFY(this));
2929 if (was_recursively_verified()) return;
2930 } else { // other methods
2931 // Ensures that target class is assignable to method class.
2932 if (opcode == Bytecodes::_invokespecial) {
2933 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2934 } else if (opcode == Bytecodes::_invokevirtual) {
2935 VerificationType stack_object_type =
2936 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2937 if (current_type() != stack_object_type) {
2938 if (was_recursively_verified()) return;
2939 assert(cp->cache() == NULL, "not rewritten yet");
2940 Symbol* ref_class_name =
2941 cp->klass_name_at(cp->klass_ref_index_at(index));
2942 // See the comments in verify_field_instructions() for
2943 // the rationale behind this.
2944 if (name_in_supers(ref_class_name, current_class())) {
2945 Klass* ref_class = load_class(ref_class_name, CHECK);
2946 if (is_protected_access(
2947 _klass, ref_class, method_name, method_sig, true)) {
2948 // It's protected access, check if stack object is
2949 // assignable to current class.
2950 bool is_assignable = current_type().is_assignable_from(
2951 stack_object_type, this, true, CHECK_VERIFY(this));
2952 if (!is_assignable) {
2953 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2954 && stack_object_type.is_array()
2955 && method_name == vmSymbols::clone_name()) {
2956 // Special case: arrays pretend to implement public Object
2957 // clone().
2958 } else {
2959 verify_error(ErrorContext::bad_type(bci,
2960 current_frame->stack_top_ctx(),
2961 TypeOrigin::implicit(current_type())),
2962 "Bad access to protected data in invokevirtual");
2963 return;
2964 }
2965 }
2966 }
2967 }
2968 }
2969 } else {
2970 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2971 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2972 }
2973 }
2974 }
2975 // Push the result type.
2976 int sig_verif_types_len = sig_verif_types->length();
2977 if (sig_verif_types_len > nargs) { // There's a return type
2978 if (method_name == vmSymbols::object_initializer_name()) {
2979 // <init> method must have a void return type
2980 /* Unreachable? Class file parser verifies that methods with '<' have
2981 * void return */
2982 verify_error(ErrorContext::bad_code(bci),
2983 "Return type must be void in <init> method");
2984 return;
2985 }
2986
2987 assert(sig_verif_types_len <= nargs + 2,
2988 "Signature verification types array return type is bogus");
2989 for (int i = nargs; i < sig_verif_types_len; i++) {
2990 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2991 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2992 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2993 }
2994 }
2995 }
2996
2997 VerificationType ClassVerifier::get_newarray_type(
2998 u2 index, u2 bci, TRAPS) {
2999 const char* from_bt[] = {
3000 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3001 };
3002 if (index < T_BOOLEAN || index > T_LONG) {
3003 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3004 return VerificationType::bogus_type();
3005 }
3006
3007 // from_bt[index] contains the array signature which has a length of 2
3008 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3009 return VerificationType::reference_type(sig);
3010 }
3011
3012 void ClassVerifier::verify_anewarray(
3013 u2 bci, u2 index, const constantPoolHandle& cp,
3014 StackMapFrame* current_frame, TRAPS) {
3015 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3016 current_frame->pop_stack(
3017 VerificationType::integer_type(), CHECK_VERIFY(this));
3018
3019 if (was_recursively_verified()) return;
3020 VerificationType component_type =
3021 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3022 int length;
3023 char* arr_sig_str;
3024 if (component_type.is_array()) { // it's an array
3025 const char* component_name = component_type.name()->as_utf8();
3026 // Check for more than MAX_ARRAY_DIMENSIONS
3027 length = (int)strlen(component_name);
3028 if (length > MAX_ARRAY_DIMENSIONS &&
3029 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3030 verify_error(ErrorContext::bad_code(bci),
3031 "Illegal anewarray instruction, array has more than 255 dimensions");
3032 }
3033 // add one dimension to component
3034 length++;
3035 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3036 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3037 JVM_SIGNATURE_ARRAY, component_name);
3038 assert(n == length, "Unexpected number of characters in string");
3039 } else { // it's an object or interface
3040 const char* component_name = component_type.name()->as_utf8();
3041 // add one dimension to component with 'L' prepended and ';' postpended.
3042 length = (int)strlen(component_name) + 3;
3043 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3044 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3045 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3046 assert(n == length, "Unexpected number of characters in string");
3047 }
3048 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3049 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3050 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3051 }
3052
3053 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3054 current_frame->get_local(
3055 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3056 current_frame->push_stack(
3057 VerificationType::integer_type(), CHECK_VERIFY(this));
3058 }
3059
3060 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3061 current_frame->get_local_2(
3062 index, VerificationType::long_type(),
3063 VerificationType::long2_type(), CHECK_VERIFY(this));
3064 current_frame->push_stack_2(
3065 VerificationType::long_type(),
3066 VerificationType::long2_type(), CHECK_VERIFY(this));
3067 }
3068
3069 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3070 current_frame->get_local(
3071 index, VerificationType::float_type(), CHECK_VERIFY(this));
3072 current_frame->push_stack(
3073 VerificationType::float_type(), CHECK_VERIFY(this));
3074 }
3075
3076 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3077 current_frame->get_local_2(
3078 index, VerificationType::double_type(),
3079 VerificationType::double2_type(), CHECK_VERIFY(this));
3080 current_frame->push_stack_2(
3081 VerificationType::double_type(),
3082 VerificationType::double2_type(), CHECK_VERIFY(this));
3083 }
3084
3085 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3086 VerificationType type = current_frame->get_local(
3087 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3088 current_frame->push_stack(type, CHECK_VERIFY(this));
3089 }
3090
3091 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3092 current_frame->pop_stack(
3093 VerificationType::integer_type(), CHECK_VERIFY(this));
3094 current_frame->set_local(
3095 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3096 }
3097
3098 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3099 current_frame->pop_stack_2(
3100 VerificationType::long2_type(),
3101 VerificationType::long_type(), CHECK_VERIFY(this));
3102 current_frame->set_local_2(
3103 index, VerificationType::long_type(),
3104 VerificationType::long2_type(), CHECK_VERIFY(this));
3105 }
3106
3107 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3108 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3109 current_frame->set_local(
3110 index, VerificationType::float_type(), CHECK_VERIFY(this));
3111 }
3112
3113 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3114 current_frame->pop_stack_2(
3115 VerificationType::double2_type(),
3116 VerificationType::double_type(), CHECK_VERIFY(this));
3117 current_frame->set_local_2(
3118 index, VerificationType::double_type(),
3119 VerificationType::double2_type(), CHECK_VERIFY(this));
3120 }
3121
3122 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3123 VerificationType type = current_frame->pop_stack(
3124 VerificationType::reference_check(), CHECK_VERIFY(this));
3125 current_frame->set_local(index, type, CHECK_VERIFY(this));
3126 }
3127
3128 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3129 VerificationType type = current_frame->get_local(
3130 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3131 current_frame->set_local(index, type, CHECK_VERIFY(this));
3132 }
3133
3134 void ClassVerifier::verify_return_value(
3135 VerificationType return_type, VerificationType type, u2 bci,
3136 StackMapFrame* current_frame, TRAPS) {
3137 if (return_type == VerificationType::bogus_type()) {
3138 verify_error(ErrorContext::bad_type(bci,
3139 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3140 "Method does not expect a return value");
3141 return;
3142 }
3143 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3144 if (!match) {
3145 verify_error(ErrorContext::bad_type(bci,
3146 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3147 "Bad return type");
3148 return;
3149 }
3150 }
3151
3152 // The verifier creates symbols which are substrings of Symbols.
3153 // These are stored in the verifier until the end of verification so that
3154 // they can be reference counted.
3155 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3156 // Quick deduplication check
3157 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) {
3158 return _previous_symbol;
3159 }
3160 Symbol* sym = SymbolTable::new_symbol(name, length);
3161 if (!sym->is_permanent()) {
3162 if (_symbols == NULL) {
3163 _symbols = new GrowableArray<Symbol*>(50, 0, NULL);
3164 }
3165 _symbols->push(sym);
3166 }
3167 _previous_symbol = sym;
3168 return sym;
3169 }