1 /* 2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "cds/cdsConfig.hpp" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/symbolTable.hpp" 34 #include "classfile/systemDictionary.hpp" 35 #include "classfile/verifier.hpp" 36 #include "classfile/vmClasses.hpp" 37 #include "classfile/vmSymbols.hpp" 38 #include "interpreter/bytecodes.hpp" 39 #include "interpreter/bytecodeStream.hpp" 40 #include "jvm.h" 41 #include "logging/log.hpp" 42 #include "logging/logStream.hpp" 43 #include "memory/oopFactory.hpp" 44 #include "memory/resourceArea.hpp" 45 #include "memory/universe.hpp" 46 #include "oops/constantPool.inline.hpp" 47 #include "oops/instanceKlass.inline.hpp" 48 #include "oops/klass.inline.hpp" 49 #include "oops/oop.inline.hpp" 50 #include "oops/typeArrayOop.hpp" 51 #include "runtime/arguments.hpp" 52 #include "runtime/fieldDescriptor.hpp" 53 #include "runtime/handles.inline.hpp" 54 #include "runtime/interfaceSupport.inline.hpp" 55 #include "runtime/javaCalls.hpp" 56 #include "runtime/javaThread.hpp" 57 #include "runtime/jniHandles.inline.hpp" 58 #include "runtime/os.hpp" 59 #include "runtime/safepointVerifiers.hpp" 60 #include "services/threadService.hpp" 61 #include "utilities/align.hpp" 62 #include "utilities/bytes.hpp" 63 64 #define NOFAILOVER_MAJOR_VERSION 51 65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 67 #define INLINE_TYPE_MAJOR_VERSION 56 68 #define MAX_ARRAY_DIMENSIONS 255 69 70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 71 72 extern "C" { 73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 74 } 75 76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr; 77 78 static verify_byte_codes_fn_t verify_byte_codes_fn() { 79 80 if (_verify_byte_codes_fn != nullptr) 81 return _verify_byte_codes_fn; 82 83 MutexLocker locker(Verify_lock); 84 85 if (_verify_byte_codes_fn != nullptr) 86 return _verify_byte_codes_fn; 87 88 // Load verify dll 89 char buffer[JVM_MAXPATHLEN]; 90 char ebuf[1024]; 91 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 92 return nullptr; // Caller will throw VerifyError 93 94 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 95 if (lib_handle == nullptr) 96 return nullptr; // Caller will throw VerifyError 97 98 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 99 if (fn == nullptr) 100 return nullptr; // Caller will throw VerifyError 101 102 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 103 } 104 105 106 // Methods in Verifier 107 108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 109 return (class_loader == nullptr || !should_verify_class) ? 110 BytecodeVerificationLocal : BytecodeVerificationRemote; 111 } 112 113 bool Verifier::relax_access_for(oop loader) { 114 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 115 bool need_verify = 116 // verifyAll 117 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 118 // verifyRemote 119 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 120 return !need_verify; 121 } 122 123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 124 assert(verify_class != nullptr, "Unexpected null verify_class"); 125 ResourceMark rm; 126 Symbol* s = verify_class->source_file_name(); 127 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr); 128 const char* verify = verify_class->external_name(); 129 const char* resolve = resolve_class->external_name(); 130 // print in a single call to reduce interleaving between threads 131 if (source_file != nullptr) { 132 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 133 } else { 134 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 135 } 136 } 137 138 // Prints the end-verification message to the appropriate output. 139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 140 if (pending_exception != nullptr) { 141 st->print("Verification for %s has", klassName); 142 oop message = java_lang_Throwable::message(pending_exception); 143 if (message != nullptr) { 144 char* ex_msg = java_lang_String::as_utf8_string(message); 145 st->print_cr(" exception pending '%s %s'", 146 pending_exception->klass()->external_name(), ex_msg); 147 } else { 148 st->print_cr(" exception pending %s ", 149 pending_exception->klass()->external_name()); 150 } 151 } else if (exception_name != nullptr) { 152 st->print_cr("Verification for %s failed", klassName); 153 } 154 st->print_cr("End class verification for: %s", klassName); 155 } 156 157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 158 HandleMark hm(THREAD); 159 ResourceMark rm(THREAD); 160 161 // Eagerly allocate the identity hash code for a klass. This is a fallout 162 // from 6320749 and 8059924: hash code generator is not supposed to be called 163 // during the safepoint, but it allows to sneak the hashcode in during 164 // verification. Without this eager hashcode generation, we may end up 165 // installing the hashcode during some other operation, which may be at 166 // safepoint -- blowing up the checks. It was previously done as the side 167 // effect (sic!) for external_name(), but instead of doing that, we opt to 168 // explicitly push the hashcode in here. This is signify the following block 169 // is IMPORTANT: 170 if (klass->java_mirror() != nullptr) { 171 klass->java_mirror()->identity_hash(); 172 } 173 174 if (!is_eligible_for_verification(klass, should_verify_class)) { 175 return true; 176 } 177 178 // Timer includes any side effects of class verification (resolution, 179 // etc), but not recursive calls to Verifier::verify(). 180 JavaThread* jt = THREAD; 181 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 182 ClassLoader::perf_class_verify_selftime(), 183 ClassLoader::perf_classes_verified(), 184 jt->get_thread_stat()->perf_recursion_counts_addr(), 185 jt->get_thread_stat()->perf_timers_addr(), 186 PerfClassTraceTime::CLASS_VERIFY); 187 188 // If the class should be verified, first see if we can use the split 189 // verifier. If not, or if verification fails and can failover, then 190 // call the inference verifier. 191 Symbol* exception_name = nullptr; 192 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 193 char* message_buffer = nullptr; 194 char* exception_message = nullptr; 195 196 log_info(class, init)("Start class verification for: %s", klass->external_name()); 197 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 198 ClassVerifier split_verifier(jt, klass); 199 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 200 split_verifier.verify_class(THREAD); 201 exception_name = split_verifier.result(); 202 203 // If dumping static archive then don't fall back to the old verifier on 204 // verification failure. If a class fails verification with the split verifier, 205 // it might fail the CDS runtime verifier constraint check. In that case, we 206 // don't want to share the class. We only archive classes that pass the split 207 // verifier. 208 bool can_failover = !CDSConfig::is_dumping_static_archive() && 209 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 210 211 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 212 (exception_name == vmSymbols::java_lang_VerifyError() || 213 exception_name == vmSymbols::java_lang_ClassFormatError())) { 214 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 215 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 216 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 217 exception_message = message_buffer; 218 exception_name = inference_verify( 219 klass, message_buffer, message_buffer_len, THREAD); 220 } 221 if (exception_name != nullptr) { 222 exception_message = split_verifier.exception_message(); 223 } 224 } else { 225 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 226 exception_message = message_buffer; 227 exception_name = inference_verify( 228 klass, message_buffer, message_buffer_len, THREAD); 229 } 230 231 LogTarget(Info, class, init) lt1; 232 if (lt1.is_enabled()) { 233 LogStream ls(lt1); 234 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 235 } 236 LogTarget(Info, verification) lt2; 237 if (lt2.is_enabled()) { 238 LogStream ls(lt2); 239 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 240 } 241 242 if (HAS_PENDING_EXCEPTION) { 243 return false; // use the existing exception 244 } else if (exception_name == nullptr) { 245 return true; // verification succeeded 246 } else { // VerifyError or ClassFormatError to be created and thrown 247 Klass* kls = 248 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 249 if (log_is_enabled(Debug, class, resolve)) { 250 Verifier::trace_class_resolution(kls, klass); 251 } 252 253 while (kls != nullptr) { 254 if (kls == klass) { 255 // If the class being verified is the exception we're creating 256 // or one of it's superclasses, we're in trouble and are going 257 // to infinitely recurse when we try to initialize the exception. 258 // So bail out here by throwing the preallocated VM error. 259 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 260 } 261 kls = kls->super(); 262 } 263 if (message_buffer != nullptr) { 264 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 265 } 266 assert(exception_message != nullptr, ""); 267 THROW_MSG_(exception_name, exception_message, false); 268 } 269 } 270 271 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 272 Symbol* name = klass->name(); 273 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass(); 274 275 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr && 276 klass->is_subtype_of(refl_serialization_ctor_klass); 277 278 return (should_verify_for(klass->class_loader(), should_verify_class) && 279 // return if the class is a bootstrapping class 280 // or defineClass specified not to verify by default (flags override passed arg) 281 // We need to skip the following four for bootstrapping 282 name != vmSymbols::java_lang_Object() && 283 name != vmSymbols::java_lang_Class() && 284 name != vmSymbols::java_lang_String() && 285 name != vmSymbols::java_lang_Throwable() && 286 287 // Can not verify the bytecodes for shared classes because they have 288 // already been rewritten to contain constant pool cache indices, 289 // which the verifier can't understand. 290 // Shared classes shouldn't have stackmaps either. 291 // However, bytecodes for shared old classes can be verified because 292 // they have not been rewritten. 293 !(klass->is_shared() && klass->is_rewritten()) && 294 295 // As of the fix for 4486457 we disable verification for all of the 296 // dynamically-generated bytecodes associated with 297 // jdk/internal/reflect/SerializationConstructorAccessor. 298 (!is_reflect_accessor)); 299 } 300 301 Symbol* Verifier::inference_verify( 302 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 303 JavaThread* thread = THREAD; 304 305 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 306 307 if (verify_func == nullptr) { 308 jio_snprintf(message, message_len, "Could not link verifier"); 309 return vmSymbols::java_lang_VerifyError(); 310 } 311 312 ResourceMark rm(thread); 313 log_info(verification)("Verifying class %s with old format", klass->external_name()); 314 315 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 316 jint result; 317 318 { 319 HandleMark hm(thread); 320 ThreadToNativeFromVM ttn(thread); 321 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 322 // code knows that we have left the VM 323 JNIEnv *env = thread->jni_environment(); 324 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 325 } 326 327 JNIHandles::destroy_local(cls); 328 329 // These numbers are chosen so that VerifyClassCodes interface doesn't need 330 // to be changed (still return jboolean (unsigned char)), and result is 331 // 1 when verification is passed. 332 if (result == 0) { 333 return vmSymbols::java_lang_VerifyError(); 334 } else if (result == 1) { 335 return nullptr; // verified. 336 } else if (result == 2) { 337 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr); 338 } else if (result == 3) { 339 return vmSymbols::java_lang_ClassFormatError(); 340 } else { 341 ShouldNotReachHere(); 342 return nullptr; 343 } 344 } 345 346 TypeOrigin TypeOrigin::null() { 347 return TypeOrigin(); 348 } 349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) { 350 assert(frame != nullptr, "Must have a frame"); 351 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 352 frame->local_at(index)); 353 } 354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) { 355 assert(frame != nullptr, "Must have a frame"); 356 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 357 frame->stack_at(index)); 358 } 359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) { 360 assert(frame != nullptr, "Must have a frame"); 361 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 362 frame->local_at(index)); 363 } 364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) { 365 assert(frame != nullptr, "Must have a frame"); 366 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 367 frame->stack_at(index)); 368 } 369 TypeOrigin TypeOrigin::bad_index(int index) { 370 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type()); 371 } 372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) { 373 return TypeOrigin(CONST_POOL, index, nullptr, vt); 374 } 375 TypeOrigin TypeOrigin::signature(VerificationType vt) { 376 return TypeOrigin(SIG, 0, nullptr, vt); 377 } 378 TypeOrigin TypeOrigin::implicit(VerificationType t) { 379 return TypeOrigin(IMPLICIT, 0, nullptr, t); 380 } 381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 382 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 383 VerificationType::bogus_type()); 384 } 385 386 void TypeOrigin::reset_frame() { 387 if (_frame != nullptr) { 388 _frame->restore(); 389 } 390 } 391 392 void TypeOrigin::details(outputStream* ss) const { 393 _type.print_on(ss); 394 switch (_origin) { 395 case CF_LOCALS: 396 ss->print(" (current frame, locals[%d])", _index); 397 break; 398 case CF_STACK: 399 ss->print(" (current frame, stack[%d])", _index); 400 break; 401 case SM_LOCALS: 402 ss->print(" (stack map, locals[%d])", _index); 403 break; 404 case SM_STACK: 405 ss->print(" (stack map, stack[%d])", _index); 406 break; 407 case CONST_POOL: 408 ss->print(" (constant pool %d)", _index); 409 break; 410 case SIG: 411 ss->print(" (from method signature)"); 412 break; 413 case IMPLICIT: 414 case FRAME_ONLY: 415 case NONE: 416 default: 417 ; 418 } 419 } 420 421 #ifdef ASSERT 422 void TypeOrigin::print_on(outputStream* str) const { 423 str->print("{%d,%d,%p:", _origin, _index, _frame); 424 if (_frame != nullptr) { 425 _frame->print_on(str); 426 } else { 427 str->print("null"); 428 } 429 str->print(","); 430 _type.print_on(str); 431 str->print("}"); 432 } 433 #endif 434 435 void ErrorContext::details(outputStream* ss, const Method* method) const { 436 if (is_valid()) { 437 ss->cr(); 438 ss->print_cr("Exception Details:"); 439 location_details(ss, method); 440 reason_details(ss); 441 frame_details(ss); 442 bytecode_details(ss, method); 443 handler_details(ss, method); 444 stackmap_details(ss, method); 445 } 446 } 447 448 void ErrorContext::reason_details(outputStream* ss) const { 449 streamIndentor si(ss); 450 ss->indent().print_cr("Reason:"); 451 streamIndentor si2(ss); 452 ss->indent().print("%s", ""); 453 switch (_fault) { 454 case INVALID_BYTECODE: 455 ss->print("Error exists in the bytecode"); 456 break; 457 case WRONG_TYPE: 458 if (_expected.is_valid()) { 459 ss->print("Type "); 460 _type.details(ss); 461 ss->print(" is not assignable to "); 462 _expected.details(ss); 463 } else { 464 ss->print("Invalid type: "); 465 _type.details(ss); 466 } 467 break; 468 case FLAGS_MISMATCH: 469 if (_expected.is_valid()) { 470 ss->print("Current frame's flags are not assignable " 471 "to stack map frame's."); 472 } else { 473 ss->print("Current frame's flags are invalid in this context."); 474 } 475 break; 476 case BAD_CP_INDEX: 477 ss->print("Constant pool index %d is invalid", _type.index()); 478 break; 479 case BAD_LOCAL_INDEX: 480 ss->print("Local index %d is invalid", _type.index()); 481 break; 482 case LOCALS_SIZE_MISMATCH: 483 ss->print("Current frame's local size doesn't match stackmap."); 484 break; 485 case STACK_SIZE_MISMATCH: 486 ss->print("Current frame's stack size doesn't match stackmap."); 487 break; 488 case STACK_OVERFLOW: 489 ss->print("Exceeded max stack size."); 490 break; 491 case STACK_UNDERFLOW: 492 ss->print("Attempt to pop empty stack."); 493 break; 494 case MISSING_STACKMAP: 495 ss->print("Expected stackmap frame at this location."); 496 break; 497 case BAD_STACKMAP: 498 ss->print("Invalid stackmap specification."); 499 break; 500 case WRONG_INLINE_TYPE: 501 ss->print("Type "); 502 _type.details(ss); 503 ss->print(" and type "); 504 _expected.details(ss); 505 ss->print(" must be identical inline types."); 506 break; 507 case UNKNOWN: 508 default: 509 ShouldNotReachHere(); 510 ss->print_cr("Unknown"); 511 } 512 ss->cr(); 513 } 514 515 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 516 if (_bci != -1 && method != nullptr) { 517 streamIndentor si(ss); 518 const char* bytecode_name = "<invalid>"; 519 if (method->validate_bci(_bci) != -1) { 520 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 521 if (Bytecodes::is_defined(code)) { 522 bytecode_name = Bytecodes::name(code); 523 } else { 524 bytecode_name = "<illegal>"; 525 } 526 } 527 InstanceKlass* ik = method->method_holder(); 528 ss->indent().print_cr("Location:"); 529 streamIndentor si2(ss); 530 ss->indent().print_cr("%s.%s%s @%d: %s", 531 ik->name()->as_C_string(), method->name()->as_C_string(), 532 method->signature()->as_C_string(), _bci, bytecode_name); 533 } 534 } 535 536 void ErrorContext::frame_details(outputStream* ss) const { 537 streamIndentor si(ss); 538 if (_type.is_valid() && _type.frame() != nullptr) { 539 ss->indent().print_cr("Current Frame:"); 540 streamIndentor si2(ss); 541 _type.frame()->print_on(ss); 542 } 543 if (_expected.is_valid() && _expected.frame() != nullptr) { 544 ss->indent().print_cr("Stackmap Frame:"); 545 streamIndentor si2(ss); 546 _expected.frame()->print_on(ss); 547 } 548 } 549 550 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 551 if (method != nullptr) { 552 streamIndentor si(ss); 553 ss->indent().print_cr("Bytecode:"); 554 streamIndentor si2(ss); 555 ss->print_data(method->code_base(), method->code_size(), false); 556 } 557 } 558 559 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 560 if (method != nullptr) { 561 streamIndentor si(ss); 562 ExceptionTable table(method); 563 if (table.length() > 0) { 564 ss->indent().print_cr("Exception Handler Table:"); 565 streamIndentor si2(ss); 566 for (int i = 0; i < table.length(); ++i) { 567 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 568 table.end_pc(i), table.handler_pc(i)); 569 } 570 } 571 } 572 } 573 574 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 575 if (method != nullptr && method->has_stackmap_table()) { 576 streamIndentor si(ss); 577 ss->indent().print_cr("Stackmap Table:"); 578 Array<u1>* data = method->stackmap_data(); 579 stack_map_table* sm_table = 580 stack_map_table::at((address)data->adr_at(0)); 581 stack_map_frame* sm_frame = sm_table->entries(); 582 streamIndentor si2(ss); 583 int current_offset = -1; 584 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 585 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 586 ss->indent(); 587 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 588 sm_frame->print_truncated(ss, current_offset); 589 return; 590 } 591 sm_frame->print_on(ss, current_offset); 592 ss->cr(); 593 current_offset += sm_frame->offset_delta(); 594 sm_frame = sm_frame->next(); 595 } 596 } 597 } 598 599 // Methods in ClassVerifier 600 601 VerificationType reference_or_inline_type(InstanceKlass* klass) { 602 // if (klass->is_inline_klass()) { 603 // return VerificationType::inline_type(klass->name()); 604 // } else { 605 // return VerificationType::reference_type(klass->name()); 606 // } // LW401 CR required: verifier update/cleanup 607 return VerificationType::reference_type(klass->name()); 608 } 609 610 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 611 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr), 612 _message(nullptr), _klass(klass) { 613 _this_type = reference_or_inline_type(klass); 614 } 615 616 ClassVerifier::~ClassVerifier() { 617 // Decrement the reference count for any symbols created. 618 if (_symbols != nullptr) { 619 for (int i = 0; i < _symbols->length(); i++) { 620 Symbol* s = _symbols->at(i); 621 s->decrement_refcount(); 622 } 623 } 624 } 625 626 VerificationType ClassVerifier::object_type() const { 627 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 628 } 629 630 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 631 VerificationType vt = VerificationType::reference_type( 632 create_temporary_symbol(sig, (int)strlen(sig))); 633 return TypeOrigin::implicit(vt); 634 } 635 636 637 void ClassVerifier::verify_class(TRAPS) { 638 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 639 640 // Either verifying both local and remote classes or just remote classes. 641 assert(BytecodeVerificationRemote, "Should not be here"); 642 643 Array<Method*>* methods = _klass->methods(); 644 int num_methods = methods->length(); 645 646 for (int index = 0; index < num_methods; index++) { 647 // Check for recursive re-verification before each method. 648 if (was_recursively_verified()) return; 649 650 Method* m = methods->at(index); 651 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 652 // If m is native or abstract, skip it. It is checked in class file 653 // parser that methods do not override a final method. Overpass methods 654 // are trusted since the VM generates them. 655 continue; 656 } 657 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 658 } 659 660 if (was_recursively_verified()){ 661 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 662 log_info(class, init)("Recursive verification detected for: %s", 663 _klass->external_name()); 664 } 665 } 666 667 // Translate the signature entries into verification types and save them in 668 // the growable array. Also, save the count of arguments. 669 void ClassVerifier::translate_signature(Symbol* const method_sig, 670 sig_as_verification_types* sig_verif_types) { 671 SignatureStream sig_stream(method_sig); 672 VerificationType sig_type[2]; 673 int sig_i = 0; 674 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 675 676 // Translate the signature arguments into verification types. 677 while (!sig_stream.at_return_type()) { 678 int n = change_sig_to_verificationType(&sig_stream, sig_type); 679 assert(n <= 2, "Unexpected signature type"); 680 681 // Store verification type(s). Longs and Doubles each have two verificationTypes. 682 for (int x = 0; x < n; x++) { 683 verif_types->push(sig_type[x]); 684 } 685 sig_i += n; 686 sig_stream.next(); 687 } 688 689 // Set final arg count, not including the return type. The final arg count will 690 // be compared with sig_verify_types' length to see if there is a return type. 691 sig_verif_types->set_num_args(sig_i); 692 693 // Store verification type(s) for the return type, if there is one. 694 if (sig_stream.type() != T_VOID) { 695 int n = change_sig_to_verificationType(&sig_stream, sig_type); 696 assert(n <= 2, "Unexpected signature return type"); 697 for (int y = 0; y < n; y++) { 698 verif_types->push(sig_type[y]); 699 } 700 } 701 } 702 703 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 704 int sig_index) { 705 // Translate the signature into verification types. 706 ConstantPool* cp = _klass->constants(); 707 Symbol* const method_sig = cp->symbol_at(sig_index); 708 translate_signature(method_sig, sig_verif_types); 709 710 // Add the list of this signature's verification types to the table. 711 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 712 assert(is_unique, "Duplicate entries in method_signature_table"); 713 } 714 715 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 716 HandleMark hm(THREAD); 717 _method = m; // initialize _method 718 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 719 720 // For clang, the only good constant format string is a literal constant format string. 721 #define bad_type_msg "Bad type on operand stack in %s" 722 723 u2 max_stack = m->verifier_max_stack(); 724 u2 max_locals = m->max_locals(); 725 constantPoolHandle cp(THREAD, m->constants()); 726 727 // Method signature was checked in ClassFileParser. 728 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 729 "Invalid method signature"); 730 731 // Initial stack map frame: offset is 0, stack is initially empty. 732 StackMapFrame current_frame(max_locals, max_stack, this); 733 // Set initial locals 734 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 735 736 u2 stackmap_index = 0; // index to the stackmap array 737 738 u4 code_length = m->code_size(); 739 740 // Scan the bytecode and map each instruction's start offset to a number. 741 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 742 743 int ex_min = code_length; 744 int ex_max = -1; 745 // Look through each item on the exception table. Each of the fields must refer 746 // to a legal instruction. 747 if (was_recursively_verified()) return; 748 verify_exception_handler_table( 749 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 750 751 // Look through each entry on the local variable table and make sure 752 // its range of code array offsets is valid. (4169817) 753 if (m->has_localvariable_table()) { 754 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 755 } 756 757 Array<u1>* stackmap_data = m->stackmap_data(); 758 StackMapStream stream(stackmap_data); 759 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 760 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 761 code_data, code_length, CHECK_VERIFY(this)); 762 763 LogTarget(Debug, verification) lt; 764 if (lt.is_enabled()) { 765 ResourceMark rm(THREAD); 766 LogStream ls(lt); 767 stackmap_table.print_on(&ls); 768 } 769 770 RawBytecodeStream bcs(m); 771 772 // Scan the byte code linearly from the start to the end 773 bool no_control_flow = false; // Set to true when there is no direct control 774 // flow from current instruction to the next 775 // instruction in sequence 776 777 Bytecodes::Code opcode; 778 while (!bcs.is_last_bytecode()) { 779 // Check for recursive re-verification before each bytecode. 780 if (was_recursively_verified()) return; 781 782 opcode = bcs.raw_next(); 783 int bci = bcs.bci(); 784 785 // Set current frame's offset to bci 786 current_frame.set_offset(bci); 787 current_frame.set_mark(); 788 789 // Make sure every offset in stackmap table point to the beginning to 790 // an instruction. Match current_frame to stackmap_table entry with 791 // the same offset if exists. 792 stackmap_index = verify_stackmap_table( 793 stackmap_index, bci, ¤t_frame, &stackmap_table, 794 no_control_flow, CHECK_VERIFY(this)); 795 796 797 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 798 bool verified_exc_handlers = false; 799 800 // Merge with the next instruction 801 { 802 int target; 803 VerificationType type, type2; 804 VerificationType atype; 805 806 LogTarget(Debug, verification) lt; 807 if (lt.is_enabled()) { 808 ResourceMark rm(THREAD); 809 LogStream ls(lt); 810 current_frame.print_on(&ls); 811 lt.print("offset = %d, opcode = %s", bci, 812 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 813 } 814 815 // Make sure wide instruction is in correct format 816 if (bcs.is_wide()) { 817 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 818 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 819 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 820 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 821 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 822 opcode != Bytecodes::_dstore) { 823 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 824 * if we encounter a wide instruction that modifies an invalid 825 * opcode (not one of the ones listed above) */ 826 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 827 return; 828 } 829 } 830 831 // Look for possible jump target in exception handlers and see if it 832 // matches current_frame. Do this check here for astore*, dstore*, 833 // fstore*, istore*, and lstore* opcodes because they can change the type 834 // state by adding a local. JVM Spec says that the incoming type state 835 // should be used for this check. So, do the check here before a possible 836 // local is added to the type state. 837 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 838 if (was_recursively_verified()) return; 839 verify_exception_handler_targets( 840 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 841 verified_exc_handlers = true; 842 } 843 844 if (was_recursively_verified()) return; 845 846 switch (opcode) { 847 case Bytecodes::_nop : 848 no_control_flow = false; break; 849 case Bytecodes::_aconst_null : 850 current_frame.push_stack( 851 VerificationType::null_type(), CHECK_VERIFY(this)); 852 no_control_flow = false; break; 853 case Bytecodes::_iconst_m1 : 854 case Bytecodes::_iconst_0 : 855 case Bytecodes::_iconst_1 : 856 case Bytecodes::_iconst_2 : 857 case Bytecodes::_iconst_3 : 858 case Bytecodes::_iconst_4 : 859 case Bytecodes::_iconst_5 : 860 current_frame.push_stack( 861 VerificationType::integer_type(), CHECK_VERIFY(this)); 862 no_control_flow = false; break; 863 case Bytecodes::_lconst_0 : 864 case Bytecodes::_lconst_1 : 865 current_frame.push_stack_2( 866 VerificationType::long_type(), 867 VerificationType::long2_type(), CHECK_VERIFY(this)); 868 no_control_flow = false; break; 869 case Bytecodes::_fconst_0 : 870 case Bytecodes::_fconst_1 : 871 case Bytecodes::_fconst_2 : 872 current_frame.push_stack( 873 VerificationType::float_type(), CHECK_VERIFY(this)); 874 no_control_flow = false; break; 875 case Bytecodes::_dconst_0 : 876 case Bytecodes::_dconst_1 : 877 current_frame.push_stack_2( 878 VerificationType::double_type(), 879 VerificationType::double2_type(), CHECK_VERIFY(this)); 880 no_control_flow = false; break; 881 case Bytecodes::_sipush : 882 case Bytecodes::_bipush : 883 current_frame.push_stack( 884 VerificationType::integer_type(), CHECK_VERIFY(this)); 885 no_control_flow = false; break; 886 case Bytecodes::_ldc : 887 verify_ldc( 888 opcode, bcs.get_index_u1(), ¤t_frame, 889 cp, bci, CHECK_VERIFY(this)); 890 no_control_flow = false; break; 891 case Bytecodes::_ldc_w : 892 case Bytecodes::_ldc2_w : 893 verify_ldc( 894 opcode, bcs.get_index_u2(), ¤t_frame, 895 cp, bci, CHECK_VERIFY(this)); 896 no_control_flow = false; break; 897 case Bytecodes::_iload : 898 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 899 no_control_flow = false; break; 900 case Bytecodes::_iload_0 : 901 case Bytecodes::_iload_1 : 902 case Bytecodes::_iload_2 : 903 case Bytecodes::_iload_3 : { 904 int index = opcode - Bytecodes::_iload_0; 905 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 906 no_control_flow = false; break; 907 } 908 case Bytecodes::_lload : 909 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 910 no_control_flow = false; break; 911 case Bytecodes::_lload_0 : 912 case Bytecodes::_lload_1 : 913 case Bytecodes::_lload_2 : 914 case Bytecodes::_lload_3 : { 915 int index = opcode - Bytecodes::_lload_0; 916 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 917 no_control_flow = false; break; 918 } 919 case Bytecodes::_fload : 920 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 921 no_control_flow = false; break; 922 case Bytecodes::_fload_0 : 923 case Bytecodes::_fload_1 : 924 case Bytecodes::_fload_2 : 925 case Bytecodes::_fload_3 : { 926 int index = opcode - Bytecodes::_fload_0; 927 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 928 no_control_flow = false; break; 929 } 930 case Bytecodes::_dload : 931 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 932 no_control_flow = false; break; 933 case Bytecodes::_dload_0 : 934 case Bytecodes::_dload_1 : 935 case Bytecodes::_dload_2 : 936 case Bytecodes::_dload_3 : { 937 int index = opcode - Bytecodes::_dload_0; 938 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 939 no_control_flow = false; break; 940 } 941 case Bytecodes::_aload : 942 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 943 no_control_flow = false; break; 944 case Bytecodes::_aload_0 : 945 case Bytecodes::_aload_1 : 946 case Bytecodes::_aload_2 : 947 case Bytecodes::_aload_3 : { 948 int index = opcode - Bytecodes::_aload_0; 949 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 950 no_control_flow = false; break; 951 } 952 case Bytecodes::_iaload : 953 type = current_frame.pop_stack( 954 VerificationType::integer_type(), CHECK_VERIFY(this)); 955 atype = current_frame.pop_stack( 956 VerificationType::reference_check(), CHECK_VERIFY(this)); 957 if (!atype.is_int_array()) { 958 verify_error(ErrorContext::bad_type(bci, 959 current_frame.stack_top_ctx(), ref_ctx("[I")), 960 bad_type_msg, "iaload"); 961 return; 962 } 963 current_frame.push_stack( 964 VerificationType::integer_type(), CHECK_VERIFY(this)); 965 no_control_flow = false; break; 966 case Bytecodes::_baload : 967 type = current_frame.pop_stack( 968 VerificationType::integer_type(), CHECK_VERIFY(this)); 969 atype = current_frame.pop_stack( 970 VerificationType::reference_check(), CHECK_VERIFY(this)); 971 if (!atype.is_bool_array() && !atype.is_byte_array()) { 972 verify_error( 973 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 974 bad_type_msg, "baload"); 975 return; 976 } 977 current_frame.push_stack( 978 VerificationType::integer_type(), CHECK_VERIFY(this)); 979 no_control_flow = false; break; 980 case Bytecodes::_caload : 981 type = current_frame.pop_stack( 982 VerificationType::integer_type(), CHECK_VERIFY(this)); 983 atype = current_frame.pop_stack( 984 VerificationType::reference_check(), CHECK_VERIFY(this)); 985 if (!atype.is_char_array()) { 986 verify_error(ErrorContext::bad_type(bci, 987 current_frame.stack_top_ctx(), ref_ctx("[C")), 988 bad_type_msg, "caload"); 989 return; 990 } 991 current_frame.push_stack( 992 VerificationType::integer_type(), CHECK_VERIFY(this)); 993 no_control_flow = false; break; 994 case Bytecodes::_saload : 995 type = current_frame.pop_stack( 996 VerificationType::integer_type(), CHECK_VERIFY(this)); 997 atype = current_frame.pop_stack( 998 VerificationType::reference_check(), CHECK_VERIFY(this)); 999 if (!atype.is_short_array()) { 1000 verify_error(ErrorContext::bad_type(bci, 1001 current_frame.stack_top_ctx(), ref_ctx("[S")), 1002 bad_type_msg, "saload"); 1003 return; 1004 } 1005 current_frame.push_stack( 1006 VerificationType::integer_type(), CHECK_VERIFY(this)); 1007 no_control_flow = false; break; 1008 case Bytecodes::_laload : 1009 type = current_frame.pop_stack( 1010 VerificationType::integer_type(), CHECK_VERIFY(this)); 1011 atype = current_frame.pop_stack( 1012 VerificationType::reference_check(), CHECK_VERIFY(this)); 1013 if (!atype.is_long_array()) { 1014 verify_error(ErrorContext::bad_type(bci, 1015 current_frame.stack_top_ctx(), ref_ctx("[J")), 1016 bad_type_msg, "laload"); 1017 return; 1018 } 1019 current_frame.push_stack_2( 1020 VerificationType::long_type(), 1021 VerificationType::long2_type(), CHECK_VERIFY(this)); 1022 no_control_flow = false; break; 1023 case Bytecodes::_faload : 1024 type = current_frame.pop_stack( 1025 VerificationType::integer_type(), CHECK_VERIFY(this)); 1026 atype = current_frame.pop_stack( 1027 VerificationType::reference_check(), CHECK_VERIFY(this)); 1028 if (!atype.is_float_array()) { 1029 verify_error(ErrorContext::bad_type(bci, 1030 current_frame.stack_top_ctx(), ref_ctx("[F")), 1031 bad_type_msg, "faload"); 1032 return; 1033 } 1034 current_frame.push_stack( 1035 VerificationType::float_type(), CHECK_VERIFY(this)); 1036 no_control_flow = false; break; 1037 case Bytecodes::_daload : 1038 type = current_frame.pop_stack( 1039 VerificationType::integer_type(), CHECK_VERIFY(this)); 1040 atype = current_frame.pop_stack( 1041 VerificationType::reference_check(), CHECK_VERIFY(this)); 1042 if (!atype.is_double_array()) { 1043 verify_error(ErrorContext::bad_type(bci, 1044 current_frame.stack_top_ctx(), ref_ctx("[D")), 1045 bad_type_msg, "daload"); 1046 return; 1047 } 1048 current_frame.push_stack_2( 1049 VerificationType::double_type(), 1050 VerificationType::double2_type(), CHECK_VERIFY(this)); 1051 no_control_flow = false; break; 1052 case Bytecodes::_aaload : { 1053 type = current_frame.pop_stack( 1054 VerificationType::integer_type(), CHECK_VERIFY(this)); 1055 atype = current_frame.pop_stack( 1056 VerificationType::reference_check(), CHECK_VERIFY(this)); 1057 if (!atype.is_nonscalar_array()) { 1058 verify_error(ErrorContext::bad_type(bci, 1059 current_frame.stack_top_ctx(), 1060 TypeOrigin::implicit(VerificationType::reference_check())), 1061 bad_type_msg, "aaload"); 1062 return; 1063 } 1064 if (atype.is_null()) { 1065 current_frame.push_stack( 1066 VerificationType::null_type(), CHECK_VERIFY(this)); 1067 } else { 1068 VerificationType component = atype.get_component(this); 1069 current_frame.push_stack(component, CHECK_VERIFY(this)); 1070 } 1071 no_control_flow = false; break; 1072 } 1073 case Bytecodes::_istore : 1074 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1075 no_control_flow = false; break; 1076 case Bytecodes::_istore_0 : 1077 case Bytecodes::_istore_1 : 1078 case Bytecodes::_istore_2 : 1079 case Bytecodes::_istore_3 : { 1080 int index = opcode - Bytecodes::_istore_0; 1081 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1082 no_control_flow = false; break; 1083 } 1084 case Bytecodes::_lstore : 1085 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 case Bytecodes::_lstore_0 : 1088 case Bytecodes::_lstore_1 : 1089 case Bytecodes::_lstore_2 : 1090 case Bytecodes::_lstore_3 : { 1091 int index = opcode - Bytecodes::_lstore_0; 1092 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1093 no_control_flow = false; break; 1094 } 1095 case Bytecodes::_fstore : 1096 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1097 no_control_flow = false; break; 1098 case Bytecodes::_fstore_0 : 1099 case Bytecodes::_fstore_1 : 1100 case Bytecodes::_fstore_2 : 1101 case Bytecodes::_fstore_3 : { 1102 int index = opcode - Bytecodes::_fstore_0; 1103 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1104 no_control_flow = false; break; 1105 } 1106 case Bytecodes::_dstore : 1107 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1108 no_control_flow = false; break; 1109 case Bytecodes::_dstore_0 : 1110 case Bytecodes::_dstore_1 : 1111 case Bytecodes::_dstore_2 : 1112 case Bytecodes::_dstore_3 : { 1113 int index = opcode - Bytecodes::_dstore_0; 1114 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1115 no_control_flow = false; break; 1116 } 1117 case Bytecodes::_astore : 1118 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1119 no_control_flow = false; break; 1120 case Bytecodes::_astore_0 : 1121 case Bytecodes::_astore_1 : 1122 case Bytecodes::_astore_2 : 1123 case Bytecodes::_astore_3 : { 1124 int index = opcode - Bytecodes::_astore_0; 1125 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1126 no_control_flow = false; break; 1127 } 1128 case Bytecodes::_iastore : 1129 type = current_frame.pop_stack( 1130 VerificationType::integer_type(), CHECK_VERIFY(this)); 1131 type2 = current_frame.pop_stack( 1132 VerificationType::integer_type(), CHECK_VERIFY(this)); 1133 atype = current_frame.pop_stack( 1134 VerificationType::reference_check(), CHECK_VERIFY(this)); 1135 if (!atype.is_int_array()) { 1136 verify_error(ErrorContext::bad_type(bci, 1137 current_frame.stack_top_ctx(), ref_ctx("[I")), 1138 bad_type_msg, "iastore"); 1139 return; 1140 } 1141 no_control_flow = false; break; 1142 case Bytecodes::_bastore : 1143 type = current_frame.pop_stack( 1144 VerificationType::integer_type(), CHECK_VERIFY(this)); 1145 type2 = current_frame.pop_stack( 1146 VerificationType::integer_type(), CHECK_VERIFY(this)); 1147 atype = current_frame.pop_stack( 1148 VerificationType::reference_check(), CHECK_VERIFY(this)); 1149 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1150 verify_error( 1151 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1152 bad_type_msg, "bastore"); 1153 return; 1154 } 1155 no_control_flow = false; break; 1156 case Bytecodes::_castore : 1157 current_frame.pop_stack( 1158 VerificationType::integer_type(), CHECK_VERIFY(this)); 1159 current_frame.pop_stack( 1160 VerificationType::integer_type(), CHECK_VERIFY(this)); 1161 atype = current_frame.pop_stack( 1162 VerificationType::reference_check(), CHECK_VERIFY(this)); 1163 if (!atype.is_char_array()) { 1164 verify_error(ErrorContext::bad_type(bci, 1165 current_frame.stack_top_ctx(), ref_ctx("[C")), 1166 bad_type_msg, "castore"); 1167 return; 1168 } 1169 no_control_flow = false; break; 1170 case Bytecodes::_sastore : 1171 current_frame.pop_stack( 1172 VerificationType::integer_type(), CHECK_VERIFY(this)); 1173 current_frame.pop_stack( 1174 VerificationType::integer_type(), CHECK_VERIFY(this)); 1175 atype = current_frame.pop_stack( 1176 VerificationType::reference_check(), CHECK_VERIFY(this)); 1177 if (!atype.is_short_array()) { 1178 verify_error(ErrorContext::bad_type(bci, 1179 current_frame.stack_top_ctx(), ref_ctx("[S")), 1180 bad_type_msg, "sastore"); 1181 return; 1182 } 1183 no_control_flow = false; break; 1184 case Bytecodes::_lastore : 1185 current_frame.pop_stack_2( 1186 VerificationType::long2_type(), 1187 VerificationType::long_type(), CHECK_VERIFY(this)); 1188 current_frame.pop_stack( 1189 VerificationType::integer_type(), CHECK_VERIFY(this)); 1190 atype = current_frame.pop_stack( 1191 VerificationType::reference_check(), CHECK_VERIFY(this)); 1192 if (!atype.is_long_array()) { 1193 verify_error(ErrorContext::bad_type(bci, 1194 current_frame.stack_top_ctx(), ref_ctx("[J")), 1195 bad_type_msg, "lastore"); 1196 return; 1197 } 1198 no_control_flow = false; break; 1199 case Bytecodes::_fastore : 1200 current_frame.pop_stack( 1201 VerificationType::float_type(), CHECK_VERIFY(this)); 1202 current_frame.pop_stack 1203 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1204 atype = current_frame.pop_stack( 1205 VerificationType::reference_check(), CHECK_VERIFY(this)); 1206 if (!atype.is_float_array()) { 1207 verify_error(ErrorContext::bad_type(bci, 1208 current_frame.stack_top_ctx(), ref_ctx("[F")), 1209 bad_type_msg, "fastore"); 1210 return; 1211 } 1212 no_control_flow = false; break; 1213 case Bytecodes::_dastore : 1214 current_frame.pop_stack_2( 1215 VerificationType::double2_type(), 1216 VerificationType::double_type(), CHECK_VERIFY(this)); 1217 current_frame.pop_stack( 1218 VerificationType::integer_type(), CHECK_VERIFY(this)); 1219 atype = current_frame.pop_stack( 1220 VerificationType::reference_check(), CHECK_VERIFY(this)); 1221 if (!atype.is_double_array()) { 1222 verify_error(ErrorContext::bad_type(bci, 1223 current_frame.stack_top_ctx(), ref_ctx("[D")), 1224 bad_type_msg, "dastore"); 1225 return; 1226 } 1227 no_control_flow = false; break; 1228 case Bytecodes::_aastore : 1229 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1230 type2 = current_frame.pop_stack( 1231 VerificationType::integer_type(), CHECK_VERIFY(this)); 1232 atype = current_frame.pop_stack( 1233 VerificationType::reference_check(), CHECK_VERIFY(this)); 1234 // more type-checking is done at runtime 1235 if (!atype.is_nonscalar_array()) { 1236 verify_error(ErrorContext::bad_type(bci, 1237 current_frame.stack_top_ctx(), 1238 TypeOrigin::implicit(VerificationType::reference_check())), 1239 bad_type_msg, "aastore"); 1240 return; 1241 } 1242 // 4938384: relaxed constraint in JVMS 3rd edition. 1243 no_control_flow = false; break; 1244 case Bytecodes::_pop : 1245 current_frame.pop_stack( 1246 VerificationType::category1_check(), CHECK_VERIFY(this)); 1247 no_control_flow = false; break; 1248 case Bytecodes::_pop2 : 1249 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1250 if (type.is_category1()) { 1251 current_frame.pop_stack( 1252 VerificationType::category1_check(), CHECK_VERIFY(this)); 1253 } else if (type.is_category2_2nd()) { 1254 current_frame.pop_stack( 1255 VerificationType::category2_check(), CHECK_VERIFY(this)); 1256 } else { 1257 /* Unreachable? Would need a category2_1st on TOS 1258 * which does not appear possible. */ 1259 verify_error( 1260 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1261 bad_type_msg, "pop2"); 1262 return; 1263 } 1264 no_control_flow = false; break; 1265 case Bytecodes::_dup : 1266 type = current_frame.pop_stack( 1267 VerificationType::category1_check(), CHECK_VERIFY(this)); 1268 current_frame.push_stack(type, CHECK_VERIFY(this)); 1269 current_frame.push_stack(type, CHECK_VERIFY(this)); 1270 no_control_flow = false; break; 1271 case Bytecodes::_dup_x1 : 1272 type = current_frame.pop_stack( 1273 VerificationType::category1_check(), CHECK_VERIFY(this)); 1274 type2 = current_frame.pop_stack( 1275 VerificationType::category1_check(), CHECK_VERIFY(this)); 1276 current_frame.push_stack(type, CHECK_VERIFY(this)); 1277 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1278 current_frame.push_stack(type, CHECK_VERIFY(this)); 1279 no_control_flow = false; break; 1280 case Bytecodes::_dup_x2 : 1281 { 1282 VerificationType type3; 1283 type = current_frame.pop_stack( 1284 VerificationType::category1_check(), CHECK_VERIFY(this)); 1285 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1286 if (type2.is_category1()) { 1287 type3 = current_frame.pop_stack( 1288 VerificationType::category1_check(), CHECK_VERIFY(this)); 1289 } else if (type2.is_category2_2nd()) { 1290 type3 = current_frame.pop_stack( 1291 VerificationType::category2_check(), CHECK_VERIFY(this)); 1292 } else { 1293 /* Unreachable? Would need a category2_1st at stack depth 2 with 1294 * a category1 on TOS which does not appear possible. */ 1295 verify_error(ErrorContext::bad_type( 1296 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1297 return; 1298 } 1299 current_frame.push_stack(type, CHECK_VERIFY(this)); 1300 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1301 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1302 current_frame.push_stack(type, CHECK_VERIFY(this)); 1303 no_control_flow = false; break; 1304 } 1305 case Bytecodes::_dup2 : 1306 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1307 if (type.is_category1()) { 1308 type2 = current_frame.pop_stack( 1309 VerificationType::category1_check(), CHECK_VERIFY(this)); 1310 } else if (type.is_category2_2nd()) { 1311 type2 = current_frame.pop_stack( 1312 VerificationType::category2_check(), CHECK_VERIFY(this)); 1313 } else { 1314 /* Unreachable? Would need a category2_1st on TOS which does not 1315 * appear possible. */ 1316 verify_error( 1317 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1318 bad_type_msg, "dup2"); 1319 return; 1320 } 1321 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1322 current_frame.push_stack(type, CHECK_VERIFY(this)); 1323 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1324 current_frame.push_stack(type, CHECK_VERIFY(this)); 1325 no_control_flow = false; break; 1326 case Bytecodes::_dup2_x1 : 1327 { 1328 VerificationType type3; 1329 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1330 if (type.is_category1()) { 1331 type2 = current_frame.pop_stack( 1332 VerificationType::category1_check(), CHECK_VERIFY(this)); 1333 } else if (type.is_category2_2nd()) { 1334 type2 = current_frame.pop_stack( 1335 VerificationType::category2_check(), CHECK_VERIFY(this)); 1336 } else { 1337 /* Unreachable? Would need a category2_1st on TOS which does 1338 * not appear possible. */ 1339 verify_error( 1340 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1341 bad_type_msg, "dup2_x1"); 1342 return; 1343 } 1344 type3 = current_frame.pop_stack( 1345 VerificationType::category1_check(), CHECK_VERIFY(this)); 1346 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1347 current_frame.push_stack(type, CHECK_VERIFY(this)); 1348 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1349 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1350 current_frame.push_stack(type, CHECK_VERIFY(this)); 1351 no_control_flow = false; break; 1352 } 1353 case Bytecodes::_dup2_x2 : 1354 { 1355 VerificationType type3, type4; 1356 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1357 if (type.is_category1()) { 1358 type2 = current_frame.pop_stack( 1359 VerificationType::category1_check(), CHECK_VERIFY(this)); 1360 } else if (type.is_category2_2nd()) { 1361 type2 = current_frame.pop_stack( 1362 VerificationType::category2_check(), CHECK_VERIFY(this)); 1363 } else { 1364 /* Unreachable? Would need a category2_1st on TOS which does 1365 * not appear possible. */ 1366 verify_error( 1367 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1368 bad_type_msg, "dup2_x2"); 1369 return; 1370 } 1371 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1372 if (type3.is_category1()) { 1373 type4 = current_frame.pop_stack( 1374 VerificationType::category1_check(), CHECK_VERIFY(this)); 1375 } else if (type3.is_category2_2nd()) { 1376 type4 = current_frame.pop_stack( 1377 VerificationType::category2_check(), CHECK_VERIFY(this)); 1378 } else { 1379 /* Unreachable? Would need a category2_1st on TOS after popping 1380 * a long/double or two category 1's, which does not 1381 * appear possible. */ 1382 verify_error( 1383 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1384 bad_type_msg, "dup2_x2"); 1385 return; 1386 } 1387 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1388 current_frame.push_stack(type, CHECK_VERIFY(this)); 1389 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1390 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1391 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1392 current_frame.push_stack(type, CHECK_VERIFY(this)); 1393 no_control_flow = false; break; 1394 } 1395 case Bytecodes::_swap : 1396 type = current_frame.pop_stack( 1397 VerificationType::category1_check(), CHECK_VERIFY(this)); 1398 type2 = current_frame.pop_stack( 1399 VerificationType::category1_check(), CHECK_VERIFY(this)); 1400 current_frame.push_stack(type, CHECK_VERIFY(this)); 1401 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1402 no_control_flow = false; break; 1403 case Bytecodes::_iadd : 1404 case Bytecodes::_isub : 1405 case Bytecodes::_imul : 1406 case Bytecodes::_idiv : 1407 case Bytecodes::_irem : 1408 case Bytecodes::_ishl : 1409 case Bytecodes::_ishr : 1410 case Bytecodes::_iushr : 1411 case Bytecodes::_ior : 1412 case Bytecodes::_ixor : 1413 case Bytecodes::_iand : 1414 current_frame.pop_stack( 1415 VerificationType::integer_type(), CHECK_VERIFY(this)); 1416 // fall through 1417 case Bytecodes::_ineg : 1418 current_frame.pop_stack( 1419 VerificationType::integer_type(), CHECK_VERIFY(this)); 1420 current_frame.push_stack( 1421 VerificationType::integer_type(), CHECK_VERIFY(this)); 1422 no_control_flow = false; break; 1423 case Bytecodes::_ladd : 1424 case Bytecodes::_lsub : 1425 case Bytecodes::_lmul : 1426 case Bytecodes::_ldiv : 1427 case Bytecodes::_lrem : 1428 case Bytecodes::_land : 1429 case Bytecodes::_lor : 1430 case Bytecodes::_lxor : 1431 current_frame.pop_stack_2( 1432 VerificationType::long2_type(), 1433 VerificationType::long_type(), CHECK_VERIFY(this)); 1434 // fall through 1435 case Bytecodes::_lneg : 1436 current_frame.pop_stack_2( 1437 VerificationType::long2_type(), 1438 VerificationType::long_type(), CHECK_VERIFY(this)); 1439 current_frame.push_stack_2( 1440 VerificationType::long_type(), 1441 VerificationType::long2_type(), CHECK_VERIFY(this)); 1442 no_control_flow = false; break; 1443 case Bytecodes::_lshl : 1444 case Bytecodes::_lshr : 1445 case Bytecodes::_lushr : 1446 current_frame.pop_stack( 1447 VerificationType::integer_type(), CHECK_VERIFY(this)); 1448 current_frame.pop_stack_2( 1449 VerificationType::long2_type(), 1450 VerificationType::long_type(), CHECK_VERIFY(this)); 1451 current_frame.push_stack_2( 1452 VerificationType::long_type(), 1453 VerificationType::long2_type(), CHECK_VERIFY(this)); 1454 no_control_flow = false; break; 1455 case Bytecodes::_fadd : 1456 case Bytecodes::_fsub : 1457 case Bytecodes::_fmul : 1458 case Bytecodes::_fdiv : 1459 case Bytecodes::_frem : 1460 current_frame.pop_stack( 1461 VerificationType::float_type(), CHECK_VERIFY(this)); 1462 // fall through 1463 case Bytecodes::_fneg : 1464 current_frame.pop_stack( 1465 VerificationType::float_type(), CHECK_VERIFY(this)); 1466 current_frame.push_stack( 1467 VerificationType::float_type(), CHECK_VERIFY(this)); 1468 no_control_flow = false; break; 1469 case Bytecodes::_dadd : 1470 case Bytecodes::_dsub : 1471 case Bytecodes::_dmul : 1472 case Bytecodes::_ddiv : 1473 case Bytecodes::_drem : 1474 current_frame.pop_stack_2( 1475 VerificationType::double2_type(), 1476 VerificationType::double_type(), CHECK_VERIFY(this)); 1477 // fall through 1478 case Bytecodes::_dneg : 1479 current_frame.pop_stack_2( 1480 VerificationType::double2_type(), 1481 VerificationType::double_type(), CHECK_VERIFY(this)); 1482 current_frame.push_stack_2( 1483 VerificationType::double_type(), 1484 VerificationType::double2_type(), CHECK_VERIFY(this)); 1485 no_control_flow = false; break; 1486 case Bytecodes::_iinc : 1487 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1488 no_control_flow = false; break; 1489 case Bytecodes::_i2l : 1490 type = current_frame.pop_stack( 1491 VerificationType::integer_type(), CHECK_VERIFY(this)); 1492 current_frame.push_stack_2( 1493 VerificationType::long_type(), 1494 VerificationType::long2_type(), CHECK_VERIFY(this)); 1495 no_control_flow = false; break; 1496 case Bytecodes::_l2i : 1497 current_frame.pop_stack_2( 1498 VerificationType::long2_type(), 1499 VerificationType::long_type(), CHECK_VERIFY(this)); 1500 current_frame.push_stack( 1501 VerificationType::integer_type(), CHECK_VERIFY(this)); 1502 no_control_flow = false; break; 1503 case Bytecodes::_i2f : 1504 current_frame.pop_stack( 1505 VerificationType::integer_type(), CHECK_VERIFY(this)); 1506 current_frame.push_stack( 1507 VerificationType::float_type(), CHECK_VERIFY(this)); 1508 no_control_flow = false; break; 1509 case Bytecodes::_i2d : 1510 current_frame.pop_stack( 1511 VerificationType::integer_type(), CHECK_VERIFY(this)); 1512 current_frame.push_stack_2( 1513 VerificationType::double_type(), 1514 VerificationType::double2_type(), CHECK_VERIFY(this)); 1515 no_control_flow = false; break; 1516 case Bytecodes::_l2f : 1517 current_frame.pop_stack_2( 1518 VerificationType::long2_type(), 1519 VerificationType::long_type(), CHECK_VERIFY(this)); 1520 current_frame.push_stack( 1521 VerificationType::float_type(), CHECK_VERIFY(this)); 1522 no_control_flow = false; break; 1523 case Bytecodes::_l2d : 1524 current_frame.pop_stack_2( 1525 VerificationType::long2_type(), 1526 VerificationType::long_type(), CHECK_VERIFY(this)); 1527 current_frame.push_stack_2( 1528 VerificationType::double_type(), 1529 VerificationType::double2_type(), CHECK_VERIFY(this)); 1530 no_control_flow = false; break; 1531 case Bytecodes::_f2i : 1532 current_frame.pop_stack( 1533 VerificationType::float_type(), CHECK_VERIFY(this)); 1534 current_frame.push_stack( 1535 VerificationType::integer_type(), CHECK_VERIFY(this)); 1536 no_control_flow = false; break; 1537 case Bytecodes::_f2l : 1538 current_frame.pop_stack( 1539 VerificationType::float_type(), CHECK_VERIFY(this)); 1540 current_frame.push_stack_2( 1541 VerificationType::long_type(), 1542 VerificationType::long2_type(), CHECK_VERIFY(this)); 1543 no_control_flow = false; break; 1544 case Bytecodes::_f2d : 1545 current_frame.pop_stack( 1546 VerificationType::float_type(), CHECK_VERIFY(this)); 1547 current_frame.push_stack_2( 1548 VerificationType::double_type(), 1549 VerificationType::double2_type(), CHECK_VERIFY(this)); 1550 no_control_flow = false; break; 1551 case Bytecodes::_d2i : 1552 current_frame.pop_stack_2( 1553 VerificationType::double2_type(), 1554 VerificationType::double_type(), CHECK_VERIFY(this)); 1555 current_frame.push_stack( 1556 VerificationType::integer_type(), CHECK_VERIFY(this)); 1557 no_control_flow = false; break; 1558 case Bytecodes::_d2l : 1559 current_frame.pop_stack_2( 1560 VerificationType::double2_type(), 1561 VerificationType::double_type(), CHECK_VERIFY(this)); 1562 current_frame.push_stack_2( 1563 VerificationType::long_type(), 1564 VerificationType::long2_type(), CHECK_VERIFY(this)); 1565 no_control_flow = false; break; 1566 case Bytecodes::_d2f : 1567 current_frame.pop_stack_2( 1568 VerificationType::double2_type(), 1569 VerificationType::double_type(), CHECK_VERIFY(this)); 1570 current_frame.push_stack( 1571 VerificationType::float_type(), CHECK_VERIFY(this)); 1572 no_control_flow = false; break; 1573 case Bytecodes::_i2b : 1574 case Bytecodes::_i2c : 1575 case Bytecodes::_i2s : 1576 current_frame.pop_stack( 1577 VerificationType::integer_type(), CHECK_VERIFY(this)); 1578 current_frame.push_stack( 1579 VerificationType::integer_type(), CHECK_VERIFY(this)); 1580 no_control_flow = false; break; 1581 case Bytecodes::_lcmp : 1582 current_frame.pop_stack_2( 1583 VerificationType::long2_type(), 1584 VerificationType::long_type(), CHECK_VERIFY(this)); 1585 current_frame.pop_stack_2( 1586 VerificationType::long2_type(), 1587 VerificationType::long_type(), CHECK_VERIFY(this)); 1588 current_frame.push_stack( 1589 VerificationType::integer_type(), CHECK_VERIFY(this)); 1590 no_control_flow = false; break; 1591 case Bytecodes::_fcmpl : 1592 case Bytecodes::_fcmpg : 1593 current_frame.pop_stack( 1594 VerificationType::float_type(), CHECK_VERIFY(this)); 1595 current_frame.pop_stack( 1596 VerificationType::float_type(), CHECK_VERIFY(this)); 1597 current_frame.push_stack( 1598 VerificationType::integer_type(), CHECK_VERIFY(this)); 1599 no_control_flow = false; break; 1600 case Bytecodes::_dcmpl : 1601 case Bytecodes::_dcmpg : 1602 current_frame.pop_stack_2( 1603 VerificationType::double2_type(), 1604 VerificationType::double_type(), CHECK_VERIFY(this)); 1605 current_frame.pop_stack_2( 1606 VerificationType::double2_type(), 1607 VerificationType::double_type(), CHECK_VERIFY(this)); 1608 current_frame.push_stack( 1609 VerificationType::integer_type(), CHECK_VERIFY(this)); 1610 no_control_flow = false; break; 1611 case Bytecodes::_if_icmpeq: 1612 case Bytecodes::_if_icmpne: 1613 case Bytecodes::_if_icmplt: 1614 case Bytecodes::_if_icmpge: 1615 case Bytecodes::_if_icmpgt: 1616 case Bytecodes::_if_icmple: 1617 current_frame.pop_stack( 1618 VerificationType::integer_type(), CHECK_VERIFY(this)); 1619 // fall through 1620 case Bytecodes::_ifeq: 1621 case Bytecodes::_ifne: 1622 case Bytecodes::_iflt: 1623 case Bytecodes::_ifge: 1624 case Bytecodes::_ifgt: 1625 case Bytecodes::_ifle: 1626 current_frame.pop_stack( 1627 VerificationType::integer_type(), CHECK_VERIFY(this)); 1628 target = bcs.dest(); 1629 stackmap_table.check_jump_target( 1630 ¤t_frame, target, CHECK_VERIFY(this)); 1631 no_control_flow = false; break; 1632 case Bytecodes::_if_acmpeq : 1633 case Bytecodes::_if_acmpne : 1634 current_frame.pop_stack( 1635 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1636 // fall through 1637 case Bytecodes::_ifnull : 1638 case Bytecodes::_ifnonnull : 1639 current_frame.pop_stack( 1640 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1641 target = bcs.dest(); 1642 stackmap_table.check_jump_target 1643 (¤t_frame, target, CHECK_VERIFY(this)); 1644 no_control_flow = false; break; 1645 case Bytecodes::_goto : 1646 target = bcs.dest(); 1647 stackmap_table.check_jump_target( 1648 ¤t_frame, target, CHECK_VERIFY(this)); 1649 no_control_flow = true; break; 1650 case Bytecodes::_goto_w : 1651 target = bcs.dest_w(); 1652 stackmap_table.check_jump_target( 1653 ¤t_frame, target, CHECK_VERIFY(this)); 1654 no_control_flow = true; break; 1655 case Bytecodes::_tableswitch : 1656 case Bytecodes::_lookupswitch : 1657 verify_switch( 1658 &bcs, code_length, code_data, ¤t_frame, 1659 &stackmap_table, CHECK_VERIFY(this)); 1660 no_control_flow = true; break; 1661 case Bytecodes::_ireturn : 1662 type = current_frame.pop_stack( 1663 VerificationType::integer_type(), CHECK_VERIFY(this)); 1664 verify_return_value(return_type, type, bci, 1665 ¤t_frame, CHECK_VERIFY(this)); 1666 no_control_flow = true; break; 1667 case Bytecodes::_lreturn : 1668 type2 = current_frame.pop_stack( 1669 VerificationType::long2_type(), CHECK_VERIFY(this)); 1670 type = current_frame.pop_stack( 1671 VerificationType::long_type(), CHECK_VERIFY(this)); 1672 verify_return_value(return_type, type, bci, 1673 ¤t_frame, CHECK_VERIFY(this)); 1674 no_control_flow = true; break; 1675 case Bytecodes::_freturn : 1676 type = current_frame.pop_stack( 1677 VerificationType::float_type(), CHECK_VERIFY(this)); 1678 verify_return_value(return_type, type, bci, 1679 ¤t_frame, CHECK_VERIFY(this)); 1680 no_control_flow = true; break; 1681 case Bytecodes::_dreturn : 1682 type2 = current_frame.pop_stack( 1683 VerificationType::double2_type(), CHECK_VERIFY(this)); 1684 type = current_frame.pop_stack( 1685 VerificationType::double_type(), CHECK_VERIFY(this)); 1686 verify_return_value(return_type, type, bci, 1687 ¤t_frame, CHECK_VERIFY(this)); 1688 no_control_flow = true; break; 1689 case Bytecodes::_areturn : 1690 type = current_frame.pop_stack( 1691 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1692 verify_return_value(return_type, type, bci, 1693 ¤t_frame, CHECK_VERIFY(this)); 1694 no_control_flow = true; break; 1695 case Bytecodes::_return : 1696 if (return_type != VerificationType::bogus_type()) { 1697 verify_error(ErrorContext::bad_code(bci), 1698 "Method expects a return value"); 1699 return; 1700 } 1701 // Make sure "this" has been initialized if current method is an 1702 // <init>. 1703 if (_method->is_object_constructor() && 1704 current_frame.flag_this_uninit()) { 1705 verify_error(ErrorContext::bad_code(bci), 1706 "Constructor must call super() or this() " 1707 "before return"); 1708 return; 1709 } 1710 no_control_flow = true; break; 1711 case Bytecodes::_getstatic : 1712 case Bytecodes::_putstatic : 1713 // pass TRUE, operand can be an array type for getstatic/putstatic. 1714 verify_field_instructions( 1715 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1716 no_control_flow = false; break; 1717 case Bytecodes::_getfield : 1718 case Bytecodes::_putfield : 1719 // pass FALSE, operand can't be an array type for getfield/putfield. 1720 verify_field_instructions( 1721 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1722 no_control_flow = false; break; 1723 case Bytecodes::_invokevirtual : 1724 case Bytecodes::_invokespecial : 1725 case Bytecodes::_invokestatic : 1726 case Bytecodes::_invokeinterface : 1727 case Bytecodes::_invokedynamic : 1728 verify_invoke_instructions( 1729 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1730 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this)); 1731 no_control_flow = false; break; 1732 case Bytecodes::_new : 1733 { 1734 u2 index = bcs.get_index_u2(); 1735 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1736 VerificationType new_class_type = 1737 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1738 if (!new_class_type.is_object()) { 1739 verify_error(ErrorContext::bad_type(bci, 1740 TypeOrigin::cp(index, new_class_type)), 1741 "Illegal new instruction"); 1742 return; 1743 } 1744 type = VerificationType::uninitialized_type(checked_cast<u2>(bci)); 1745 current_frame.push_stack(type, CHECK_VERIFY(this)); 1746 no_control_flow = false; break; 1747 } 1748 case Bytecodes::_newarray : 1749 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1750 current_frame.pop_stack( 1751 VerificationType::integer_type(), CHECK_VERIFY(this)); 1752 current_frame.push_stack(type, CHECK_VERIFY(this)); 1753 no_control_flow = false; break; 1754 case Bytecodes::_anewarray : 1755 verify_anewarray( 1756 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1757 no_control_flow = false; break; 1758 case Bytecodes::_arraylength : 1759 type = current_frame.pop_stack( 1760 VerificationType::reference_check(), CHECK_VERIFY(this)); 1761 if (!(type.is_null() || type.is_array())) { 1762 verify_error(ErrorContext::bad_type( 1763 bci, current_frame.stack_top_ctx()), 1764 bad_type_msg, "arraylength"); 1765 } 1766 current_frame.push_stack( 1767 VerificationType::integer_type(), CHECK_VERIFY(this)); 1768 no_control_flow = false; break; 1769 case Bytecodes::_checkcast : 1770 { 1771 u2 index = bcs.get_index_u2(); 1772 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1773 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1774 VerificationType klass_type = cp_index_to_type( 1775 index, cp, CHECK_VERIFY(this)); 1776 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1777 no_control_flow = false; break; 1778 } 1779 case Bytecodes::_instanceof : { 1780 u2 index = bcs.get_index_u2(); 1781 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1782 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1783 current_frame.push_stack( 1784 VerificationType::integer_type(), CHECK_VERIFY(this)); 1785 no_control_flow = false; break; 1786 } 1787 case Bytecodes::_monitorenter : 1788 case Bytecodes::_monitorexit : { 1789 VerificationType ref = current_frame.pop_stack( 1790 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1791 no_control_flow = false; break; 1792 } 1793 case Bytecodes::_multianewarray : 1794 { 1795 u2 index = bcs.get_index_u2(); 1796 u2 dim = *(bcs.bcp()+3); 1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1798 VerificationType new_array_type = 1799 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1800 if (!new_array_type.is_array()) { 1801 verify_error(ErrorContext::bad_type(bci, 1802 TypeOrigin::cp(index, new_array_type)), 1803 "Illegal constant pool index in multianewarray instruction"); 1804 return; 1805 } 1806 if (dim < 1 || new_array_type.dimensions() < dim) { 1807 verify_error(ErrorContext::bad_code(bci), 1808 "Illegal dimension in multianewarray instruction: %d", dim); 1809 return; 1810 } 1811 for (int i = 0; i < dim; i++) { 1812 current_frame.pop_stack( 1813 VerificationType::integer_type(), CHECK_VERIFY(this)); 1814 } 1815 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1816 no_control_flow = false; break; 1817 } 1818 case Bytecodes::_athrow : 1819 type = VerificationType::reference_type( 1820 vmSymbols::java_lang_Throwable()); 1821 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1822 no_control_flow = true; break; 1823 default: 1824 // We only need to check the valid bytecodes in class file. 1825 // And jsr and ret are not in the new class file format in JDK1.6. 1826 verify_error(ErrorContext::bad_code(bci), 1827 "Bad instruction: %02x", opcode); 1828 no_control_flow = false; 1829 return; 1830 } // end switch 1831 } // end Merge with the next instruction 1832 1833 // Look for possible jump target in exception handlers and see if it matches 1834 // current_frame. Don't do this check if it has already been done (for 1835 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1836 // opcodes, such as invokespecial, may set the this_uninit flag. 1837 assert(!(verified_exc_handlers && this_uninit), 1838 "Exception handler targets got verified before this_uninit got set"); 1839 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1840 if (was_recursively_verified()) return; 1841 verify_exception_handler_targets( 1842 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1843 } 1844 } // end while 1845 1846 // Make sure that control flow does not fall through end of the method 1847 if (!no_control_flow) { 1848 verify_error(ErrorContext::bad_code(code_length), 1849 "Control flow falls through code end"); 1850 return; 1851 } 1852 } 1853 1854 #undef bad_type_message 1855 1856 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1857 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1858 memset(code_data, 0, sizeof(char) * code_length); 1859 RawBytecodeStream bcs(m); 1860 1861 while (!bcs.is_last_bytecode()) { 1862 if (bcs.raw_next() != Bytecodes::_illegal) { 1863 int bci = bcs.bci(); 1864 if (bcs.raw_code() == Bytecodes::_new) { 1865 code_data[bci] = NEW_OFFSET; 1866 } else { 1867 code_data[bci] = BYTECODE_OFFSET; 1868 } 1869 } else { 1870 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1871 return nullptr; 1872 } 1873 } 1874 1875 return code_data; 1876 } 1877 1878 // Since this method references the constant pool, call was_recursively_verified() 1879 // before calling this method to make sure a prior class load did not cause the 1880 // current class to get verified. 1881 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1882 ExceptionTable exhandlers(_method()); 1883 int exlength = exhandlers.length(); 1884 constantPoolHandle cp (THREAD, _method->constants()); 1885 1886 for(int i = 0; i < exlength; i++) { 1887 u2 start_pc = exhandlers.start_pc(i); 1888 u2 end_pc = exhandlers.end_pc(i); 1889 u2 handler_pc = exhandlers.handler_pc(i); 1890 if (start_pc >= code_length || code_data[start_pc] == 0) { 1891 class_format_error("Illegal exception table start_pc %d", start_pc); 1892 return; 1893 } 1894 if (end_pc != code_length) { // special case: end_pc == code_length 1895 if (end_pc > code_length || code_data[end_pc] == 0) { 1896 class_format_error("Illegal exception table end_pc %d", end_pc); 1897 return; 1898 } 1899 } 1900 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1901 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1902 return; 1903 } 1904 u2 catch_type_index = exhandlers.catch_type_index(i); 1905 if (catch_type_index != 0) { 1906 VerificationType catch_type = cp_index_to_type( 1907 catch_type_index, cp, CHECK_VERIFY(this)); 1908 VerificationType throwable = 1909 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1910 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1911 // do that, and we need to avoid a runtime resolution in case we are trying to 1912 // catch OutOfMemoryError. 1913 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1914 cp->klass_at(catch_type_index, CHECK); 1915 } 1916 bool is_subclass = throwable.is_assignable_from( 1917 catch_type, this, false, CHECK_VERIFY(this)); 1918 if (!is_subclass) { 1919 // 4286534: should throw VerifyError according to recent spec change 1920 verify_error(ErrorContext::bad_type(handler_pc, 1921 TypeOrigin::cp(catch_type_index, catch_type), 1922 TypeOrigin::implicit(throwable)), 1923 "Catch type is not a subclass " 1924 "of Throwable in exception handler %d", handler_pc); 1925 return; 1926 } 1927 } 1928 if (start_pc < min) min = start_pc; 1929 if (end_pc > max) max = end_pc; 1930 } 1931 } 1932 1933 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1934 int localvariable_table_length = _method->localvariable_table_length(); 1935 if (localvariable_table_length > 0) { 1936 LocalVariableTableElement* table = _method->localvariable_table_start(); 1937 for (int i = 0; i < localvariable_table_length; i++) { 1938 u2 start_bci = table[i].start_bci; 1939 u2 length = table[i].length; 1940 1941 if (start_bci >= code_length || code_data[start_bci] == 0) { 1942 class_format_error( 1943 "Illegal local variable table start_pc %d", start_bci); 1944 return; 1945 } 1946 u4 end_bci = (u4)(start_bci + length); 1947 if (end_bci != code_length) { 1948 if (end_bci >= code_length || code_data[end_bci] == 0) { 1949 class_format_error( "Illegal local variable table length %d", length); 1950 return; 1951 } 1952 } 1953 } 1954 } 1955 } 1956 1957 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci, 1958 StackMapFrame* current_frame, 1959 StackMapTable* stackmap_table, 1960 bool no_control_flow, TRAPS) { 1961 if (stackmap_index < stackmap_table->get_frame_count()) { 1962 int this_offset = stackmap_table->get_offset(stackmap_index); 1963 if (no_control_flow && this_offset > bci) { 1964 verify_error(ErrorContext::missing_stackmap(bci), 1965 "Expecting a stack map frame"); 1966 return 0; 1967 } 1968 if (this_offset == bci) { 1969 ErrorContext ctx; 1970 // See if current stack map can be assigned to the frame in table. 1971 // current_frame is the stackmap frame got from the last instruction. 1972 // If matched, current_frame will be updated by this method. 1973 bool matches = stackmap_table->match_stackmap( 1974 current_frame, this_offset, stackmap_index, 1975 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1976 if (!matches) { 1977 // report type error 1978 verify_error(ctx, "Instruction type does not match stack map"); 1979 return 0; 1980 } 1981 stackmap_index++; 1982 } else if (this_offset < bci) { 1983 // current_offset should have met this_offset. 1984 class_format_error("Bad stack map offset %d", this_offset); 1985 return 0; 1986 } 1987 } else if (no_control_flow) { 1988 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1989 return 0; 1990 } 1991 return stackmap_index; 1992 } 1993 1994 // Since this method references the constant pool, call was_recursively_verified() 1995 // before calling this method to make sure a prior class load did not cause the 1996 // current class to get verified. 1997 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit, 1998 StackMapFrame* current_frame, 1999 StackMapTable* stackmap_table, TRAPS) { 2000 constantPoolHandle cp (THREAD, _method->constants()); 2001 ExceptionTable exhandlers(_method()); 2002 int exlength = exhandlers.length(); 2003 for(int i = 0; i < exlength; i++) { 2004 u2 start_pc = exhandlers.start_pc(i); 2005 u2 end_pc = exhandlers.end_pc(i); 2006 u2 handler_pc = exhandlers.handler_pc(i); 2007 int catch_type_index = exhandlers.catch_type_index(i); 2008 if(bci >= start_pc && bci < end_pc) { 2009 u1 flags = current_frame->flags(); 2010 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2011 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2012 if (catch_type_index != 0) { 2013 if (was_recursively_verified()) return; 2014 // We know that this index refers to a subclass of Throwable 2015 VerificationType catch_type = cp_index_to_type( 2016 catch_type_index, cp, CHECK_VERIFY(this)); 2017 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2018 } else { 2019 VerificationType throwable = 2020 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2021 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2022 } 2023 ErrorContext ctx; 2024 bool matches = stackmap_table->match_stackmap( 2025 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2026 if (!matches) { 2027 verify_error(ctx, "Stack map does not match the one at " 2028 "exception handler %d", handler_pc); 2029 return; 2030 } 2031 } 2032 } 2033 } 2034 2035 void ClassVerifier::verify_cp_index( 2036 int bci, const constantPoolHandle& cp, u2 index, TRAPS) { 2037 int nconstants = cp->length(); 2038 if ((index <= 0) || (index >= nconstants)) { 2039 verify_error(ErrorContext::bad_cp_index(bci, index), 2040 "Illegal constant pool index %d in class %s", 2041 index, cp->pool_holder()->external_name()); 2042 return; 2043 } 2044 } 2045 2046 void ClassVerifier::verify_cp_type( 2047 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2048 2049 // In some situations, bytecode rewriting may occur while we're verifying. 2050 // In this case, a constant pool cache exists and some indices refer to that 2051 // instead. Be sure we don't pick up such indices by accident. 2052 // We must check was_recursively_verified() before we get here. 2053 guarantee(cp->cache() == nullptr, "not rewritten yet"); 2054 2055 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2056 unsigned int tag = cp->tag_at(index).value(); 2057 2058 if ((types & (1 << tag)) == 0) { 2059 verify_error(ErrorContext::bad_cp_index(bci, index), 2060 "Illegal type at constant pool entry %d in class %s", 2061 index, cp->pool_holder()->external_name()); 2062 return; 2063 } 2064 } 2065 2066 void ClassVerifier::verify_cp_class_type( 2067 int bci, u2 index, const constantPoolHandle& cp, TRAPS) { 2068 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2069 constantTag tag = cp->tag_at(index); 2070 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2071 verify_error(ErrorContext::bad_cp_index(bci, index), 2072 "Illegal type at constant pool entry %d in class %s", 2073 index, cp->pool_holder()->external_name()); 2074 return; 2075 } 2076 } 2077 2078 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2079 stringStream ss; 2080 2081 ctx.reset_frames(); 2082 _exception_type = vmSymbols::java_lang_VerifyError(); 2083 _error_context = ctx; 2084 va_list va; 2085 va_start(va, msg); 2086 ss.vprint(msg, va); 2087 va_end(va); 2088 _message = ss.as_string(); 2089 #ifdef ASSERT 2090 ResourceMark rm; 2091 const char* exception_name = _exception_type->as_C_string(); 2092 Exceptions::debug_check_abort(exception_name, nullptr); 2093 #endif // ndef ASSERT 2094 } 2095 2096 void ClassVerifier::class_format_error(const char* msg, ...) { 2097 stringStream ss; 2098 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2099 va_list va; 2100 va_start(va, msg); 2101 ss.vprint(msg, va); 2102 va_end(va); 2103 if (!_method.is_null()) { 2104 ss.print(" in method '"); 2105 _method->print_external_name(&ss); 2106 ss.print("'"); 2107 } 2108 _message = ss.as_string(); 2109 } 2110 2111 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2112 HandleMark hm(THREAD); 2113 // Get current loader and protection domain first. 2114 oop loader = current_class()->class_loader(); 2115 oop protection_domain = current_class()->protection_domain(); 2116 2117 assert(name_in_supers(name, current_class()), "name should be a super class"); 2118 2119 Klass* kls = SystemDictionary::resolve_or_fail( 2120 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2121 true, THREAD); 2122 2123 if (kls != nullptr) { 2124 if (log_is_enabled(Debug, class, resolve)) { 2125 Verifier::trace_class_resolution(kls, current_class()); 2126 } 2127 } 2128 return kls; 2129 } 2130 2131 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2132 Klass* target_class, 2133 Symbol* field_name, 2134 Symbol* field_sig, 2135 bool is_method) { 2136 NoSafepointVerifier nosafepoint; 2137 2138 // If target class isn't a super class of this class, we don't worry about this case 2139 if (!this_class->is_subclass_of(target_class)) { 2140 return false; 2141 } 2142 // Check if the specified method or field is protected 2143 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2144 fieldDescriptor fd; 2145 if (is_method) { 2146 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2147 if (m != nullptr && m->is_protected()) { 2148 if (!this_class->is_same_class_package(m->method_holder())) { 2149 return true; 2150 } 2151 } 2152 } else { 2153 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2154 if (member_klass != nullptr && fd.is_protected()) { 2155 if (!this_class->is_same_class_package(member_klass)) { 2156 return true; 2157 } 2158 } 2159 } 2160 return false; 2161 } 2162 2163 void ClassVerifier::verify_ldc( 2164 int opcode, u2 index, StackMapFrame* current_frame, 2165 const constantPoolHandle& cp, int bci, TRAPS) { 2166 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2167 constantTag tag = cp->tag_at(index); 2168 unsigned int types = 0; 2169 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2170 if (!tag.is_unresolved_klass()) { 2171 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2172 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2173 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2174 | (1 << JVM_CONSTANT_Dynamic); 2175 // Note: The class file parser already verified the legality of 2176 // MethodHandle and MethodType constants. 2177 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2178 } 2179 } else { 2180 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2181 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2182 | (1 << JVM_CONSTANT_Dynamic); 2183 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2184 } 2185 if (tag.is_string()) { 2186 current_frame->push_stack( 2187 VerificationType::reference_type( 2188 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2189 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2190 current_frame->push_stack( 2191 VerificationType::reference_type( 2192 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2193 } else if (tag.is_int()) { 2194 current_frame->push_stack( 2195 VerificationType::integer_type(), CHECK_VERIFY(this)); 2196 } else if (tag.is_float()) { 2197 current_frame->push_stack( 2198 VerificationType::float_type(), CHECK_VERIFY(this)); 2199 } else if (tag.is_double()) { 2200 current_frame->push_stack_2( 2201 VerificationType::double_type(), 2202 VerificationType::double2_type(), CHECK_VERIFY(this)); 2203 } else if (tag.is_long()) { 2204 current_frame->push_stack_2( 2205 VerificationType::long_type(), 2206 VerificationType::long2_type(), CHECK_VERIFY(this)); 2207 } else if (tag.is_method_handle()) { 2208 current_frame->push_stack( 2209 VerificationType::reference_type( 2210 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2211 } else if (tag.is_method_type()) { 2212 current_frame->push_stack( 2213 VerificationType::reference_type( 2214 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2215 } else if (tag.is_dynamic_constant()) { 2216 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2217 // Field signature was checked in ClassFileParser. 2218 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2219 "Invalid type for dynamic constant"); 2220 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2221 "buffer type must match VerificationType size"); 2222 uintptr_t constant_type_buffer[2]; 2223 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2224 SignatureStream sig_stream(constant_type, false); 2225 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2226 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2227 if (n != opcode_n) { 2228 // wrong kind of ldc; reverify against updated type mask 2229 types &= ~(1 << JVM_CONSTANT_Dynamic); 2230 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2231 } 2232 for (int i = 0; i < n; i++) { 2233 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2234 } 2235 } else { 2236 /* Unreachable? verify_cp_type has already validated the cp type. */ 2237 verify_error( 2238 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2239 return; 2240 } 2241 } 2242 2243 void ClassVerifier::verify_switch( 2244 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2245 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2246 int bci = bcs->bci(); 2247 address bcp = bcs->bcp(); 2248 address aligned_bcp = align_up(bcp + 1, jintSize); 2249 2250 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2251 // 4639449 & 4647081: padding bytes must be 0 2252 u2 padding_offset = 1; 2253 while ((bcp + padding_offset) < aligned_bcp) { 2254 if(*(bcp + padding_offset) != 0) { 2255 verify_error(ErrorContext::bad_code(bci), 2256 "Nonzero padding byte in lookupswitch or tableswitch"); 2257 return; 2258 } 2259 padding_offset++; 2260 } 2261 } 2262 2263 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2264 int keys, delta; 2265 current_frame->pop_stack( 2266 VerificationType::integer_type(), CHECK_VERIFY(this)); 2267 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2268 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2269 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2270 if (low > high) { 2271 verify_error(ErrorContext::bad_code(bci), 2272 "low must be less than or equal to high in tableswitch"); 2273 return; 2274 } 2275 keys = high - low + 1; 2276 if (keys < 0) { 2277 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2278 return; 2279 } 2280 delta = 1; 2281 } else { 2282 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2283 if (keys < 0) { 2284 verify_error(ErrorContext::bad_code(bci), 2285 "number of keys in lookupswitch less than 0"); 2286 return; 2287 } 2288 delta = 2; 2289 // Make sure that the lookupswitch items are sorted 2290 for (int i = 0; i < (keys - 1); i++) { 2291 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2292 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2293 if (this_key >= next_key) { 2294 verify_error(ErrorContext::bad_code(bci), 2295 "Bad lookupswitch instruction"); 2296 return; 2297 } 2298 } 2299 } 2300 int target = bci + default_offset; 2301 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2302 for (int i = 0; i < keys; i++) { 2303 // Because check_jump_target() may safepoint, the bytecode could have 2304 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2305 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2306 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2307 stackmap_table->check_jump_target( 2308 current_frame, target, CHECK_VERIFY(this)); 2309 } 2310 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point 2311 } 2312 2313 bool ClassVerifier::name_in_supers( 2314 Symbol* ref_name, InstanceKlass* current) { 2315 Klass* super = current->super(); 2316 while (super != nullptr) { 2317 if (super->name() == ref_name) { 2318 return true; 2319 } 2320 super = super->super(); 2321 } 2322 return false; 2323 } 2324 2325 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2326 StackMapFrame* current_frame, 2327 const constantPoolHandle& cp, 2328 bool allow_arrays, 2329 TRAPS) { 2330 u2 index = bcs->get_index_u2(); 2331 verify_cp_type(bcs->bci(), index, cp, 2332 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2333 2334 // Get field name and signature 2335 Symbol* field_name = cp->uncached_name_ref_at(index); 2336 Symbol* field_sig = cp->uncached_signature_ref_at(index); 2337 bool is_getfield = false; 2338 2339 // Field signature was checked in ClassFileParser. 2340 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2341 "Invalid field signature"); 2342 2343 // Get referenced class type 2344 VerificationType ref_class_type = cp_ref_index_to_type( 2345 index, cp, CHECK_VERIFY(this)); 2346 if (!ref_class_type.is_object() && 2347 (!allow_arrays || !ref_class_type.is_array())) { 2348 verify_error(ErrorContext::bad_type(bcs->bci(), 2349 TypeOrigin::cp(index, ref_class_type)), 2350 "Expecting reference to class in class %s at constant pool index %d", 2351 _klass->external_name(), index); 2352 return; 2353 } 2354 2355 VerificationType target_class_type = ref_class_type; 2356 2357 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2358 "buffer type must match VerificationType size"); 2359 uintptr_t field_type_buffer[2]; 2360 VerificationType* field_type = (VerificationType*)field_type_buffer; 2361 // If we make a VerificationType[2] array directly, the compiler calls 2362 // to the c-runtime library to do the allocation instead of just 2363 // stack allocating it. Plus it would run constructors. This shows up 2364 // in performance profiles. 2365 2366 SignatureStream sig_stream(field_sig, false); 2367 VerificationType stack_object_type; 2368 int n = change_sig_to_verificationType(&sig_stream, field_type); 2369 int bci = bcs->bci(); 2370 bool is_assignable; 2371 switch (bcs->raw_code()) { 2372 case Bytecodes::_getstatic: { 2373 for (int i = 0; i < n; i++) { 2374 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2375 } 2376 break; 2377 } 2378 case Bytecodes::_putstatic: { 2379 for (int i = n - 1; i >= 0; i--) { 2380 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2381 } 2382 break; 2383 } 2384 case Bytecodes::_getfield: { 2385 is_getfield = true; 2386 stack_object_type = current_frame->pop_stack( 2387 target_class_type, CHECK_VERIFY(this)); 2388 goto check_protected; 2389 } 2390 case Bytecodes::_putfield: { 2391 for (int i = n - 1; i >= 0; i--) { 2392 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2393 } 2394 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2395 2396 // The JVMS 2nd edition allows field initialization before the superclass 2397 // initializer, if the field is defined within the current class. 2398 fieldDescriptor fd; 2399 if (stack_object_type == VerificationType::uninitialized_this_type() && 2400 target_class_type.equals(current_type()) && 2401 _klass->find_local_field(field_name, field_sig, &fd)) { 2402 stack_object_type = current_type(); 2403 } 2404 is_assignable = target_class_type.is_assignable_from( 2405 stack_object_type, this, false, CHECK_VERIFY(this)); 2406 if (!is_assignable) { 2407 verify_error(ErrorContext::bad_type(bci, 2408 current_frame->stack_top_ctx(), 2409 TypeOrigin::cp(index, target_class_type)), 2410 "Bad type on operand stack in putfield"); 2411 return; 2412 } 2413 } 2414 check_protected: { 2415 if (_this_type == stack_object_type) 2416 break; // stack_object_type must be assignable to _current_class_type 2417 if (was_recursively_verified()) { 2418 if (is_getfield) { 2419 // Push field type for getfield. 2420 for (int i = 0; i < n; i++) { 2421 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2422 } 2423 } 2424 return; 2425 } 2426 Symbol* ref_class_name = 2427 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2428 if (!name_in_supers(ref_class_name, current_class())) 2429 // stack_object_type must be assignable to _current_class_type since: 2430 // 1. stack_object_type must be assignable to ref_class. 2431 // 2. ref_class must be _current_class or a subclass of it. It can't 2432 // be a superclass of it. See revised JVMS 5.4.4. 2433 break; 2434 2435 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2436 if (is_protected_access(current_class(), ref_class_oop, field_name, 2437 field_sig, false)) { 2438 // It's protected access, check if stack object is assignable to 2439 // current class. 2440 is_assignable = current_type().is_assignable_from( 2441 stack_object_type, this, true, CHECK_VERIFY(this)); 2442 if (!is_assignable) { 2443 verify_error(ErrorContext::bad_type(bci, 2444 current_frame->stack_top_ctx(), 2445 TypeOrigin::implicit(current_type())), 2446 "Bad access to protected data in %s", 2447 is_getfield ? "getfield" : "putfield"); 2448 return; 2449 } 2450 } 2451 break; 2452 } 2453 default: ShouldNotReachHere(); 2454 } 2455 if (is_getfield) { 2456 // Push field type for getfield after doing protection check. 2457 for (int i = 0; i < n; i++) { 2458 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2459 } 2460 } 2461 } 2462 2463 // Look at the method's handlers. If the bci is in the handler's try block 2464 // then check if the handler_pc is already on the stack. If not, push it 2465 // unless the handler has already been scanned. 2466 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2467 GrowableArray<u4>* handler_list, 2468 GrowableArray<u4>* handler_stack, 2469 u4 bci) { 2470 int exlength = exhandlers->length(); 2471 for(int x = 0; x < exlength; x++) { 2472 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2473 u4 exhandler_pc = exhandlers->handler_pc(x); 2474 if (!handler_list->contains(exhandler_pc)) { 2475 handler_stack->append_if_missing(exhandler_pc); 2476 handler_list->append(exhandler_pc); 2477 } 2478 } 2479 } 2480 } 2481 2482 // Return TRUE if all code paths starting with start_bc_offset end in 2483 // bytecode athrow or loop. 2484 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2485 ResourceMark rm; 2486 // Create bytecode stream. 2487 RawBytecodeStream bcs(method()); 2488 int code_length = method()->code_size(); 2489 bcs.set_start(start_bc_offset); 2490 2491 // Create stack for storing bytecode start offsets for if* and *switch. 2492 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2493 // Create stack for handlers for try blocks containing this handler. 2494 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2495 // Create list of handlers that have been pushed onto the handler_stack 2496 // so that handlers embedded inside of their own TRY blocks only get 2497 // scanned once. 2498 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2499 // Create list of visited branch opcodes (goto* and if*). 2500 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2501 ExceptionTable exhandlers(_method()); 2502 2503 while (true) { 2504 if (bcs.is_last_bytecode()) { 2505 // if no more starting offsets to parse or if at the end of the 2506 // method then return false. 2507 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length)) 2508 return false; 2509 // Pop a bytecode starting offset and scan from there. 2510 bcs.set_start(bci_stack->pop()); 2511 } 2512 Bytecodes::Code opcode = bcs.raw_next(); 2513 int bci = bcs.bci(); 2514 2515 // If the bytecode is in a TRY block, push its handlers so they 2516 // will get parsed. 2517 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2518 2519 switch (opcode) { 2520 case Bytecodes::_if_icmpeq: 2521 case Bytecodes::_if_icmpne: 2522 case Bytecodes::_if_icmplt: 2523 case Bytecodes::_if_icmpge: 2524 case Bytecodes::_if_icmpgt: 2525 case Bytecodes::_if_icmple: 2526 case Bytecodes::_ifeq: 2527 case Bytecodes::_ifne: 2528 case Bytecodes::_iflt: 2529 case Bytecodes::_ifge: 2530 case Bytecodes::_ifgt: 2531 case Bytecodes::_ifle: 2532 case Bytecodes::_if_acmpeq: 2533 case Bytecodes::_if_acmpne: 2534 case Bytecodes::_ifnull: 2535 case Bytecodes::_ifnonnull: { 2536 int target = bcs.dest(); 2537 if (visited_branches->contains(bci)) { 2538 if (bci_stack->is_empty()) { 2539 if (handler_stack->is_empty()) { 2540 return true; 2541 } else { 2542 // Parse the catch handlers for try blocks containing athrow. 2543 bcs.set_start(handler_stack->pop()); 2544 } 2545 } else { 2546 // Pop a bytecode starting offset and scan from there. 2547 bcs.set_start(bci_stack->pop()); 2548 } 2549 } else { 2550 if (target > bci) { // forward branch 2551 if (target >= code_length) return false; 2552 // Push the branch target onto the stack. 2553 bci_stack->push(target); 2554 // then, scan bytecodes starting with next. 2555 bcs.set_start(bcs.next_bci()); 2556 } else { // backward branch 2557 // Push bytecode offset following backward branch onto the stack. 2558 bci_stack->push(bcs.next_bci()); 2559 // Check bytecodes starting with branch target. 2560 bcs.set_start(target); 2561 } 2562 // Record target so we don't branch here again. 2563 visited_branches->append(bci); 2564 } 2565 break; 2566 } 2567 2568 case Bytecodes::_goto: 2569 case Bytecodes::_goto_w: { 2570 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2571 if (visited_branches->contains(bci)) { 2572 if (bci_stack->is_empty()) { 2573 if (handler_stack->is_empty()) { 2574 return true; 2575 } else { 2576 // Parse the catch handlers for try blocks containing athrow. 2577 bcs.set_start(handler_stack->pop()); 2578 } 2579 } else { 2580 // Been here before, pop new starting offset from stack. 2581 bcs.set_start(bci_stack->pop()); 2582 } 2583 } else { 2584 if (target >= code_length) return false; 2585 // Continue scanning from the target onward. 2586 bcs.set_start(target); 2587 // Record target so we don't branch here again. 2588 visited_branches->append(bci); 2589 } 2590 break; 2591 } 2592 2593 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2594 // is difficult to determine where each switch alternative ends, parse 2595 // each switch alternative until either hit a 'return', 'athrow', or reach 2596 // the end of the method's bytecodes. This is gross but should be okay 2597 // because: 2598 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2599 // constructor invocations should be rare. 2600 // 2. if each switch alternative ends in an athrow then the parsing should be 2601 // short. If there is no athrow then it is bogus code, anyway. 2602 case Bytecodes::_lookupswitch: 2603 case Bytecodes::_tableswitch: 2604 { 2605 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2606 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2607 int keys, delta; 2608 if (opcode == Bytecodes::_tableswitch) { 2609 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2610 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2611 // This is invalid, but let the regular bytecode verifier 2612 // report this because the user will get a better error message. 2613 if (low > high) return true; 2614 keys = high - low + 1; 2615 delta = 1; 2616 } else { 2617 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2618 delta = 2; 2619 } 2620 // Invalid, let the regular bytecode verifier deal with it. 2621 if (keys < 0) return true; 2622 2623 // Push the offset of the next bytecode onto the stack. 2624 bci_stack->push(bcs.next_bci()); 2625 2626 // Push the switch alternatives onto the stack. 2627 for (int i = 0; i < keys; i++) { 2628 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2629 if (target > code_length) return false; 2630 bci_stack->push(target); 2631 } 2632 2633 // Start bytecode parsing for the switch at the default alternative. 2634 if (default_offset > code_length) return false; 2635 bcs.set_start(default_offset); 2636 break; 2637 } 2638 2639 case Bytecodes::_return: 2640 return false; 2641 2642 case Bytecodes::_athrow: 2643 { 2644 if (bci_stack->is_empty()) { 2645 if (handler_stack->is_empty()) { 2646 return true; 2647 } else { 2648 // Parse the catch handlers for try blocks containing athrow. 2649 bcs.set_start(handler_stack->pop()); 2650 } 2651 } else { 2652 // Pop a bytecode offset and starting scanning from there. 2653 bcs.set_start(bci_stack->pop()); 2654 } 2655 } 2656 break; 2657 2658 default: 2659 ; 2660 } // end switch 2661 } // end while loop 2662 2663 return false; 2664 } 2665 2666 void ClassVerifier::verify_invoke_init( 2667 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2668 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2669 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2670 TRAPS) { 2671 int bci = bcs->bci(); 2672 VerificationType type = current_frame->pop_stack( 2673 VerificationType::reference_check(), CHECK_VERIFY(this)); 2674 if (type == VerificationType::uninitialized_this_type()) { 2675 // The method must be an <init> method of this class or its superclass 2676 Klass* superk = current_class()->super(); 2677 if (ref_class_type.name() != current_class()->name() && 2678 ref_class_type.name() != superk->name()) { 2679 verify_error(ErrorContext::bad_type(bci, 2680 TypeOrigin::implicit(ref_class_type), 2681 TypeOrigin::implicit(current_type())), 2682 "Bad <init> method call"); 2683 return; 2684 } 2685 2686 // If this invokespecial call is done from inside of a TRY block then make 2687 // sure that all catch clause paths end in a throw. Otherwise, this can 2688 // result in returning an incomplete object. 2689 if (in_try_block) { 2690 ExceptionTable exhandlers(_method()); 2691 int exlength = exhandlers.length(); 2692 for(int i = 0; i < exlength; i++) { 2693 u2 start_pc = exhandlers.start_pc(i); 2694 u2 end_pc = exhandlers.end_pc(i); 2695 2696 if (bci >= start_pc && bci < end_pc) { 2697 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2698 verify_error(ErrorContext::bad_code(bci), 2699 "Bad <init> method call from after the start of a try block"); 2700 return; 2701 } else if (log_is_enabled(Debug, verification)) { 2702 ResourceMark rm(THREAD); 2703 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2704 current_class()->name()->as_C_string()); 2705 } 2706 } 2707 } 2708 2709 // Check the exception handler target stackmaps with the locals from the 2710 // incoming stackmap (before initialize_object() changes them to outgoing 2711 // state). 2712 if (was_recursively_verified()) return; 2713 verify_exception_handler_targets(bci, true, current_frame, 2714 stackmap_table, CHECK_VERIFY(this)); 2715 } // in_try_block 2716 2717 current_frame->initialize_object(type, current_type()); 2718 *this_uninit = true; 2719 } else if (type.is_uninitialized()) { 2720 u2 new_offset = type.bci(); 2721 address new_bcp = bcs->bcp() - bci + new_offset; 2722 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2723 /* Unreachable? Stack map parsing ensures valid type and new 2724 * instructions have a valid BCI. */ 2725 verify_error(ErrorContext::bad_code(new_offset), 2726 "Expecting new instruction"); 2727 return; 2728 } 2729 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2730 if (was_recursively_verified()) return; 2731 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2732 2733 // The method must be an <init> method of the indicated class 2734 VerificationType new_class_type = cp_index_to_type( 2735 new_class_index, cp, CHECK_VERIFY(this)); 2736 if (!new_class_type.equals(ref_class_type)) { 2737 verify_error(ErrorContext::bad_type(bci, 2738 TypeOrigin::cp(new_class_index, new_class_type), 2739 TypeOrigin::cp(ref_class_index, ref_class_type)), 2740 "Call to wrong <init> method"); 2741 return; 2742 } 2743 // According to the VM spec, if the referent class is a superclass of the 2744 // current class, and is in a different runtime package, and the method is 2745 // protected, then the objectref must be the current class or a subclass 2746 // of the current class. 2747 VerificationType objectref_type = new_class_type; 2748 if (name_in_supers(ref_class_type.name(), current_class())) { 2749 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2750 if (was_recursively_verified()) return; 2751 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2752 vmSymbols::object_initializer_name(), 2753 cp->uncached_signature_ref_at(bcs->get_index_u2()), 2754 Klass::OverpassLookupMode::find); 2755 // Do nothing if method is not found. Let resolution detect the error. 2756 if (m != nullptr) { 2757 InstanceKlass* mh = m->method_holder(); 2758 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2759 bool assignable = current_type().is_assignable_from( 2760 objectref_type, this, true, CHECK_VERIFY(this)); 2761 if (!assignable) { 2762 verify_error(ErrorContext::bad_type(bci, 2763 TypeOrigin::cp(new_class_index, objectref_type), 2764 TypeOrigin::implicit(current_type())), 2765 "Bad access to protected <init> method"); 2766 return; 2767 } 2768 } 2769 } 2770 } 2771 // Check the exception handler target stackmaps with the locals from the 2772 // incoming stackmap (before initialize_object() changes them to outgoing 2773 // state). 2774 if (in_try_block) { 2775 if (was_recursively_verified()) return; 2776 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2777 stackmap_table, CHECK_VERIFY(this)); 2778 } 2779 current_frame->initialize_object(type, new_class_type); 2780 } else { 2781 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2782 "Bad operand type when invoking <init>"); 2783 return; 2784 } 2785 } 2786 2787 bool ClassVerifier::is_same_or_direct_interface( 2788 InstanceKlass* klass, 2789 VerificationType klass_type, 2790 VerificationType ref_class_type) { 2791 if (ref_class_type.equals(klass_type)) return true; 2792 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2793 if (local_interfaces != nullptr) { 2794 for (int x = 0; x < local_interfaces->length(); x++) { 2795 InstanceKlass* k = local_interfaces->at(x); 2796 assert (k != nullptr && k->is_interface(), "invalid interface"); 2797 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2798 return true; 2799 } 2800 } 2801 } 2802 return false; 2803 } 2804 2805 void ClassVerifier::verify_invoke_instructions( 2806 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2807 bool in_try_block, bool *this_uninit, 2808 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2809 // Make sure the constant pool item is the right type 2810 u2 index = bcs->get_index_u2(); 2811 Bytecodes::Code opcode = bcs->raw_code(); 2812 unsigned int types = 0; 2813 switch (opcode) { 2814 case Bytecodes::_invokeinterface: 2815 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2816 break; 2817 case Bytecodes::_invokedynamic: 2818 types = 1 << JVM_CONSTANT_InvokeDynamic; 2819 break; 2820 case Bytecodes::_invokespecial: 2821 case Bytecodes::_invokestatic: 2822 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2823 (1 << JVM_CONSTANT_Methodref) : 2824 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2825 break; 2826 default: 2827 types = 1 << JVM_CONSTANT_Methodref; 2828 } 2829 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2830 2831 // Get method name and signature 2832 Symbol* method_name = cp->uncached_name_ref_at(index); 2833 Symbol* method_sig = cp->uncached_signature_ref_at(index); 2834 2835 // Method signature was checked in ClassFileParser. 2836 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2837 "Invalid method signature"); 2838 2839 // Get referenced class 2840 VerificationType ref_class_type; 2841 if (opcode == Bytecodes::_invokedynamic) { 2842 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2843 class_format_error( 2844 "invokedynamic instructions not supported by this class file version (%d), class %s", 2845 _klass->major_version(), _klass->external_name()); 2846 return; 2847 } 2848 } else { 2849 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2850 } 2851 2852 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2853 "buffer type must match VerificationType size"); 2854 2855 // Get the UTF8 index for this signature. 2856 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index)); 2857 2858 // Get the signature's verification types. 2859 sig_as_verification_types* mth_sig_verif_types; 2860 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2861 if (mth_sig_verif_types_ptr != nullptr) { 2862 // Found the entry for the signature's verification types in the hash table. 2863 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2864 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value"); 2865 } else { 2866 // Not found, add the entry to the table. 2867 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2868 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2869 create_method_sig_entry(mth_sig_verif_types, sig_index); 2870 } 2871 2872 // Get the number of arguments for this signature. 2873 int nargs = mth_sig_verif_types->num_args(); 2874 2875 // Check instruction operands 2876 int bci = bcs->bci(); 2877 if (opcode == Bytecodes::_invokeinterface) { 2878 address bcp = bcs->bcp(); 2879 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2880 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2881 // the difference between the size of the operand stack before and after the instruction 2882 // executes. 2883 if (*(bcp+3) != (nargs+1)) { 2884 verify_error(ErrorContext::bad_code(bci), 2885 "Inconsistent args count operand in invokeinterface"); 2886 return; 2887 } 2888 if (*(bcp+4) != 0) { 2889 verify_error(ErrorContext::bad_code(bci), 2890 "Fourth operand byte of invokeinterface must be zero"); 2891 return; 2892 } 2893 } 2894 2895 if (opcode == Bytecodes::_invokedynamic) { 2896 address bcp = bcs->bcp(); 2897 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2898 verify_error(ErrorContext::bad_code(bci), 2899 "Third and fourth operand bytes of invokedynamic must be zero"); 2900 return; 2901 } 2902 } 2903 2904 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2905 // Make sure: 2906 // <init> can only be invoked by invokespecial. 2907 if (opcode != Bytecodes::_invokespecial || 2908 method_name != vmSymbols::object_initializer_name()) { 2909 verify_error(ErrorContext::bad_code(bci), 2910 "Illegal call to internal method"); 2911 return; 2912 } 2913 } else if (opcode == Bytecodes::_invokespecial 2914 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2915 && !ref_class_type.equals(VerificationType::reference_type( 2916 current_class()->super()->name()))) { // super() can never be an inline_type. 2917 bool subtype = false; 2918 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2919 subtype = ref_class_type.is_assignable_from( 2920 current_type(), this, false, CHECK_VERIFY(this)); 2921 if (!subtype) { 2922 verify_error(ErrorContext::bad_code(bci), 2923 "Bad invokespecial instruction: " 2924 "current class isn't assignable to reference class."); 2925 return; 2926 } else if (have_imr_indirect) { 2927 verify_error(ErrorContext::bad_code(bci), 2928 "Bad invokespecial instruction: " 2929 "interface method reference is in an indirect superinterface."); 2930 return; 2931 } 2932 2933 } 2934 2935 // Get the verification types for the method's arguments. 2936 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2937 assert(sig_verif_types != nullptr, "Missing signature's array of verification types"); 2938 // Match method descriptor with operand stack 2939 // The arguments are on the stack in descending order. 2940 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2941 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2942 } 2943 2944 // Check objectref on operand stack 2945 if (opcode != Bytecodes::_invokestatic && 2946 opcode != Bytecodes::_invokedynamic) { 2947 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2948 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2949 code_length, in_try_block, this_uninit, cp, stackmap_table, 2950 CHECK_VERIFY(this)); 2951 if (was_recursively_verified()) return; 2952 } else { // other methods 2953 // Ensures that target class is assignable to method class. 2954 if (opcode == Bytecodes::_invokespecial) { 2955 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2956 } else if (opcode == Bytecodes::_invokevirtual) { 2957 VerificationType stack_object_type = 2958 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2959 if (current_type() != stack_object_type) { 2960 if (was_recursively_verified()) return; 2961 assert(cp->cache() == nullptr, "not rewritten yet"); 2962 Symbol* ref_class_name = 2963 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2964 // See the comments in verify_field_instructions() for 2965 // the rationale behind this. 2966 if (name_in_supers(ref_class_name, current_class())) { 2967 Klass* ref_class = load_class(ref_class_name, CHECK); 2968 if (is_protected_access( 2969 _klass, ref_class, method_name, method_sig, true)) { 2970 // It's protected access, check if stack object is 2971 // assignable to current class. 2972 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2973 && stack_object_type.is_array() 2974 && method_name == vmSymbols::clone_name()) { 2975 // Special case: arrays pretend to implement public Object 2976 // clone(). 2977 } else { 2978 bool is_assignable = current_type().is_assignable_from( 2979 stack_object_type, this, true, CHECK_VERIFY(this)); 2980 if (!is_assignable) { 2981 verify_error(ErrorContext::bad_type(bci, 2982 current_frame->stack_top_ctx(), 2983 TypeOrigin::implicit(current_type())), 2984 "Bad access to protected data in invokevirtual"); 2985 return; 2986 } 2987 } 2988 } 2989 } 2990 } 2991 } else { 2992 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 2993 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2994 } 2995 } 2996 } 2997 // Push the result type. 2998 int sig_verif_types_len = sig_verif_types->length(); 2999 if (sig_verif_types_len > nargs) { // There's a return type 3000 if (method_name == vmSymbols::object_initializer_name()) { 3001 // an <init> method must have a void return type 3002 verify_error(ErrorContext::bad_code(bci), 3003 "Return type must be void in <init> method"); 3004 return; 3005 } 3006 3007 assert(sig_verif_types_len <= nargs + 2, 3008 "Signature verification types array return type is bogus"); 3009 for (int i = nargs; i < sig_verif_types_len; i++) { 3010 assert(i == nargs || sig_verif_types->at(i).is_long2() || 3011 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 3012 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 3013 } 3014 } 3015 } 3016 3017 VerificationType ClassVerifier::get_newarray_type( 3018 u2 index, int bci, TRAPS) { 3019 const char* from_bt[] = { 3020 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3021 }; 3022 if (index < T_BOOLEAN || index > T_LONG) { 3023 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3024 return VerificationType::bogus_type(); 3025 } 3026 3027 // from_bt[index] contains the array signature which has a length of 2 3028 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3029 return VerificationType::reference_type(sig); 3030 } 3031 3032 void ClassVerifier::verify_anewarray( 3033 int bci, u2 index, const constantPoolHandle& cp, 3034 StackMapFrame* current_frame, TRAPS) { 3035 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3036 current_frame->pop_stack( 3037 VerificationType::integer_type(), CHECK_VERIFY(this)); 3038 3039 if (was_recursively_verified()) return; 3040 VerificationType component_type = 3041 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3042 int length; 3043 char* arr_sig_str; 3044 if (component_type.is_array()) { // it's an array 3045 const char* component_name = component_type.name()->as_utf8(); 3046 // Check for more than MAX_ARRAY_DIMENSIONS 3047 length = (int)strlen(component_name); 3048 if (length > MAX_ARRAY_DIMENSIONS && 3049 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3050 verify_error(ErrorContext::bad_code(bci), 3051 "Illegal anewarray instruction, array has more than 255 dimensions"); 3052 } 3053 // add one dimension to component 3054 length++; 3055 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3056 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3057 JVM_SIGNATURE_ARRAY, component_name); 3058 assert(n == length, "Unexpected number of characters in string"); 3059 } else { // it's an object or interface 3060 const char* component_name = component_type.name()->as_utf8(); 3061 // add one dimension to component with 'L' prepended and ';' postpended. 3062 length = (int)strlen(component_name) + 3; 3063 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3064 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3065 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3066 assert(n == length, "Unexpected number of characters in string"); 3067 } 3068 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3069 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3070 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3071 } 3072 3073 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) { 3074 current_frame->get_local( 3075 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3076 current_frame->push_stack( 3077 VerificationType::integer_type(), CHECK_VERIFY(this)); 3078 } 3079 3080 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) { 3081 current_frame->get_local_2( 3082 index, VerificationType::long_type(), 3083 VerificationType::long2_type(), CHECK_VERIFY(this)); 3084 current_frame->push_stack_2( 3085 VerificationType::long_type(), 3086 VerificationType::long2_type(), CHECK_VERIFY(this)); 3087 } 3088 3089 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) { 3090 current_frame->get_local( 3091 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3092 current_frame->push_stack( 3093 VerificationType::float_type(), CHECK_VERIFY(this)); 3094 } 3095 3096 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) { 3097 current_frame->get_local_2( 3098 index, VerificationType::double_type(), 3099 VerificationType::double2_type(), CHECK_VERIFY(this)); 3100 current_frame->push_stack_2( 3101 VerificationType::double_type(), 3102 VerificationType::double2_type(), CHECK_VERIFY(this)); 3103 } 3104 3105 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) { 3106 VerificationType type = current_frame->get_local( 3107 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3108 current_frame->push_stack(type, CHECK_VERIFY(this)); 3109 } 3110 3111 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) { 3112 current_frame->pop_stack( 3113 VerificationType::integer_type(), CHECK_VERIFY(this)); 3114 current_frame->set_local( 3115 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3116 } 3117 3118 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) { 3119 current_frame->pop_stack_2( 3120 VerificationType::long2_type(), 3121 VerificationType::long_type(), CHECK_VERIFY(this)); 3122 current_frame->set_local_2( 3123 index, VerificationType::long_type(), 3124 VerificationType::long2_type(), CHECK_VERIFY(this)); 3125 } 3126 3127 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) { 3128 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3129 current_frame->set_local( 3130 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3131 } 3132 3133 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) { 3134 current_frame->pop_stack_2( 3135 VerificationType::double2_type(), 3136 VerificationType::double_type(), CHECK_VERIFY(this)); 3137 current_frame->set_local_2( 3138 index, VerificationType::double_type(), 3139 VerificationType::double2_type(), CHECK_VERIFY(this)); 3140 } 3141 3142 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) { 3143 VerificationType type = current_frame->pop_stack( 3144 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3145 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3146 } 3147 3148 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) { 3149 VerificationType type = current_frame->get_local( 3150 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3151 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3152 } 3153 3154 void ClassVerifier::verify_return_value( 3155 VerificationType return_type, VerificationType type, int bci, 3156 StackMapFrame* current_frame, TRAPS) { 3157 if (return_type == VerificationType::bogus_type()) { 3158 verify_error(ErrorContext::bad_type(bci, 3159 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3160 "Method does not expect a return value"); 3161 return; 3162 } 3163 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3164 if (!match) { 3165 verify_error(ErrorContext::bad_type(bci, 3166 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3167 "Bad return type"); 3168 return; 3169 } 3170 } 3171 3172 // The verifier creates symbols which are substrings of Symbols. 3173 // These are stored in the verifier until the end of verification so that 3174 // they can be reference counted. 3175 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3176 // Quick deduplication check 3177 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) { 3178 return _previous_symbol; 3179 } 3180 Symbol* sym = SymbolTable::new_symbol(name, length); 3181 if (!sym->is_permanent()) { 3182 if (_symbols == nullptr) { 3183 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr); 3184 } 3185 _symbols->push(sym); 3186 } 3187 _previous_symbol = sym; 3188 return sym; 3189 }