1 /*
   2  * Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "jvm.h"
  27 #include "classfile/classFileStream.hpp"
  28 #include "classfile/classLoader.hpp"
  29 #include "classfile/javaClasses.hpp"
  30 #include "classfile/stackMapTable.hpp"
  31 #include "classfile/stackMapFrame.hpp"
  32 #include "classfile/stackMapTableFormat.hpp"
  33 #include "classfile/symbolTable.hpp"
  34 #include "classfile/systemDictionary.hpp"
  35 #include "classfile/verifier.hpp"
  36 #include "classfile/vmClasses.hpp"
  37 #include "classfile/vmSymbols.hpp"
  38 #include "interpreter/bytecodes.hpp"
  39 #include "interpreter/bytecodeStream.hpp"
  40 #include "logging/log.hpp"
  41 #include "logging/logStream.hpp"
  42 #include "memory/oopFactory.hpp"
  43 #include "memory/resourceArea.hpp"
  44 #include "memory/universe.hpp"
  45 #include "oops/constantPool.inline.hpp"
  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define INLINE_TYPE_MAJOR_VERSION                       56
  67 #define MAX_ARRAY_DIMENSIONS 255
  68 
  69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  70 
  71 extern "C" {
  72   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  73 }
  74 
  75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  76 
  77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  78 
  79   if (_verify_byte_codes_fn != NULL)
  80     return _verify_byte_codes_fn;
  81 
  82   MutexLocker locker(Verify_lock);
  83 
  84   if (_verify_byte_codes_fn != NULL)
  85     return _verify_byte_codes_fn;
  86 
  87   // Load verify dll
  88   char buffer[JVM_MAXPATHLEN];
  89   char ebuf[1024];
  90   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  91     return NULL; // Caller will throw VerifyError
  92 
  93   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  94   if (lib_handle == NULL)
  95     return NULL; // Caller will throw VerifyError
  96 
  97   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  98   if (fn == NULL)
  99     return NULL; // Caller will throw VerifyError
 100 
 101   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 102 }
 103 
 104 
 105 // Methods in Verifier
 106 
 107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 108   return (class_loader == NULL || !should_verify_class) ?
 109     BytecodeVerificationLocal : BytecodeVerificationRemote;
 110 }
 111 
 112 bool Verifier::relax_access_for(oop loader) {
 113   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 114   bool need_verify =
 115     // verifyAll
 116     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 117     // verifyRemote
 118     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 119   return !need_verify;
 120 }
 121 
 122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 123   assert(verify_class != NULL, "Unexpected null verify_class");
 124   ResourceMark rm;
 125   Symbol* s = verify_class->source_file_name();
 126   const char* source_file = (s != NULL ? s->as_C_string() : NULL);
 127   const char* verify = verify_class->external_name();
 128   const char* resolve = resolve_class->external_name();
 129   // print in a single call to reduce interleaving between threads
 130   if (source_file != NULL) {
 131     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 132   } else {
 133     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 134   }
 135 }
 136 
 137 // Prints the end-verification message to the appropriate output.
 138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 139   if (pending_exception != NULL) {
 140     st->print("Verification for %s has", klassName);
 141     oop message = java_lang_Throwable::message(pending_exception);
 142     if (message != NULL) {
 143       char* ex_msg = java_lang_String::as_utf8_string(message);
 144       st->print_cr(" exception pending '%s %s'",
 145                    pending_exception->klass()->external_name(), ex_msg);
 146     } else {
 147       st->print_cr(" exception pending %s ",
 148                    pending_exception->klass()->external_name());
 149     }
 150   } else if (exception_name != NULL) {
 151     st->print_cr("Verification for %s failed", klassName);
 152   }
 153   st->print_cr("End class verification for: %s", klassName);
 154 }
 155 
 156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 157   HandleMark hm(THREAD);
 158   ResourceMark rm(THREAD);
 159 
 160   // Eagerly allocate the identity hash code for a klass. This is a fallout
 161   // from 6320749 and 8059924: hash code generator is not supposed to be called
 162   // during the safepoint, but it allows to sneak the hashcode in during
 163   // verification. Without this eager hashcode generation, we may end up
 164   // installing the hashcode during some other operation, which may be at
 165   // safepoint -- blowing up the checks. It was previously done as the side
 166   // effect (sic!) for external_name(), but instead of doing that, we opt to
 167   // explicitly push the hashcode in here. This is signify the following block
 168   // is IMPORTANT:
 169   if (klass->java_mirror() != NULL) {
 170     klass->java_mirror()->identity_hash();
 171   }
 172 
 173   if (!is_eligible_for_verification(klass, should_verify_class)) {
 174     return true;
 175   }
 176 
 177   // Timer includes any side effects of class verification (resolution,
 178   // etc), but not recursive calls to Verifier::verify().
 179   JavaThread* jt = THREAD;
 180   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 181                            ClassLoader::perf_class_verify_selftime(),
 182                            ClassLoader::perf_classes_verified(),
 183                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 184                            jt->get_thread_stat()->perf_timers_addr(),
 185                            PerfClassTraceTime::CLASS_VERIFY);
 186 
 187   // If the class should be verified, first see if we can use the split
 188   // verifier.  If not, or if verification fails and can failover, then
 189   // call the inference verifier.
 190   Symbol* exception_name = NULL;
 191   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 192   char* message_buffer = NULL;
 193   char* exception_message = NULL;
 194 
 195   log_info(class, init)("Start class verification for: %s", klass->external_name());
 196   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 197     ClassVerifier split_verifier(jt, klass);
 198     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 199     split_verifier.verify_class(THREAD);
 200     exception_name = split_verifier.result();
 201 
 202     // If DumpSharedSpaces is set then don't fall back to the old verifier on
 203     // verification failure. If a class fails verification with the split verifier,
 204     // it might fail the CDS runtime verifier constraint check. In that case, we
 205     // don't want to share the class. We only archive classes that pass the split
 206     // verifier.
 207     bool can_failover = !DumpSharedSpaces &&
 208       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 209 
 210     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 211         (exception_name == vmSymbols::java_lang_VerifyError() ||
 212          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 213       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 214       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 215       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 216       exception_message = message_buffer;
 217       exception_name = inference_verify(
 218         klass, message_buffer, message_buffer_len, THREAD);
 219     }
 220     if (exception_name != NULL) {
 221       exception_message = split_verifier.exception_message();
 222     }
 223   } else {
 224     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 225     exception_message = message_buffer;
 226     exception_name = inference_verify(
 227         klass, message_buffer, message_buffer_len, THREAD);
 228   }
 229 
 230   LogTarget(Info, class, init) lt1;
 231   if (lt1.is_enabled()) {
 232     LogStream ls(lt1);
 233     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 234   }
 235   LogTarget(Info, verification) lt2;
 236   if (lt2.is_enabled()) {
 237     LogStream ls(lt2);
 238     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 239   }
 240 
 241   if (HAS_PENDING_EXCEPTION) {
 242     return false; // use the existing exception
 243   } else if (exception_name == NULL) {
 244     return true; // verification succeeded
 245   } else { // VerifyError or ClassFormatError to be created and thrown
 246     Klass* kls =
 247       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 248     if (log_is_enabled(Debug, class, resolve)) {
 249       Verifier::trace_class_resolution(kls, klass);
 250     }
 251 
 252     while (kls != NULL) {
 253       if (kls == klass) {
 254         // If the class being verified is the exception we're creating
 255         // or one of it's superclasses, we're in trouble and are going
 256         // to infinitely recurse when we try to initialize the exception.
 257         // So bail out here by throwing the preallocated VM error.
 258         THROW_OOP_(Universe::virtual_machine_error_instance(), false);
 259       }
 260       kls = kls->super();
 261     }
 262     if (message_buffer != NULL) {
 263       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 264     }
 265     assert(exception_message != NULL, "");
 266     THROW_MSG_(exception_name, exception_message, false);
 267   }
 268 }
 269 
 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 271   Symbol* name = klass->name();
 272   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 273 
 274   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 275 
 276   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 277     // return if the class is a bootstrapping class
 278     // or defineClass specified not to verify by default (flags override passed arg)
 279     // We need to skip the following four for bootstrapping
 280     name != vmSymbols::java_lang_Object() &&
 281     name != vmSymbols::java_lang_Class() &&
 282     name != vmSymbols::java_lang_String() &&
 283     name != vmSymbols::java_lang_Throwable() &&
 284 
 285     // Can not verify the bytecodes for shared classes because they have
 286     // already been rewritten to contain constant pool cache indices,
 287     // which the verifier can't understand.
 288     // Shared classes shouldn't have stackmaps either.
 289     // However, bytecodes for shared old classes can be verified because
 290     // they have not been rewritten.
 291     !(klass->is_shared() && klass->is_rewritten()) &&
 292 
 293     // As of the fix for 4486457 we disable verification for all of the
 294     // dynamically-generated bytecodes associated with the 1.4
 295     // reflection implementation, not just those associated with
 296     // jdk/internal/reflect/SerializationConstructorAccessor.
 297     // NOTE: this is called too early in the bootstrapping process to be
 298     // guarded by Universe::is_gte_jdk14x_version().
 299     // Also for lambda generated code, gte jdk8
 300     (!is_reflect));
 301 }
 302 
 303 Symbol* Verifier::inference_verify(
 304     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 305   JavaThread* thread = THREAD;
 306 
 307   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 308 
 309   if (verify_func == NULL) {
 310     jio_snprintf(message, message_len, "Could not link verifier");
 311     return vmSymbols::java_lang_VerifyError();
 312   }
 313 
 314   ResourceMark rm(thread);
 315   log_info(verification)("Verifying class %s with old format", klass->external_name());
 316 
 317   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 318   jint result;
 319 
 320   {
 321     HandleMark hm(thread);
 322     ThreadToNativeFromVM ttn(thread);
 323     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 324     // code knows that we have left the VM
 325     JNIEnv *env = thread->jni_environment();
 326     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 327   }
 328 
 329   JNIHandles::destroy_local(cls);
 330 
 331   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 332   // to be changed (still return jboolean (unsigned char)), and result is
 333   // 1 when verification is passed.
 334   if (result == 0) {
 335     return vmSymbols::java_lang_VerifyError();
 336   } else if (result == 1) {
 337     return NULL; // verified.
 338   } else if (result == 2) {
 339     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
 340   } else if (result == 3) {
 341     return vmSymbols::java_lang_ClassFormatError();
 342   } else {
 343     ShouldNotReachHere();
 344     return NULL;
 345   }
 346 }
 347 
 348 TypeOrigin TypeOrigin::null() {
 349   return TypeOrigin();
 350 }
 351 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
 352   assert(frame != NULL, "Must have a frame");
 353   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 354      frame->local_at(index));
 355 }
 356 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
 357   assert(frame != NULL, "Must have a frame");
 358   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 359       frame->stack_at(index));
 360 }
 361 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
 362   assert(frame != NULL, "Must have a frame");
 363   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 364       frame->local_at(index));
 365 }
 366 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
 367   assert(frame != NULL, "Must have a frame");
 368   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 369       frame->stack_at(index));
 370 }
 371 TypeOrigin TypeOrigin::bad_index(u2 index) {
 372   return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
 373 }
 374 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
 375   return TypeOrigin(CONST_POOL, index, NULL, vt);
 376 }
 377 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 378   return TypeOrigin(SIG, 0, NULL, vt);
 379 }
 380 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 381   return TypeOrigin(IMPLICIT, 0, NULL, t);
 382 }
 383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 384   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 385                     VerificationType::bogus_type());
 386 }
 387 
 388 void TypeOrigin::reset_frame() {
 389   if (_frame != NULL) {
 390     _frame->restore();
 391   }
 392 }
 393 
 394 void TypeOrigin::details(outputStream* ss) const {
 395   _type.print_on(ss);
 396   switch (_origin) {
 397     case CF_LOCALS:
 398       ss->print(" (current frame, locals[%d])", _index);
 399       break;
 400     case CF_STACK:
 401       ss->print(" (current frame, stack[%d])", _index);
 402       break;
 403     case SM_LOCALS:
 404       ss->print(" (stack map, locals[%d])", _index);
 405       break;
 406     case SM_STACK:
 407       ss->print(" (stack map, stack[%d])", _index);
 408       break;
 409     case CONST_POOL:
 410       ss->print(" (constant pool %d)", _index);
 411       break;
 412     case SIG:
 413       ss->print(" (from method signature)");
 414       break;
 415     case IMPLICIT:
 416     case FRAME_ONLY:
 417     case NONE:
 418     default:
 419       ;
 420   }
 421 }
 422 
 423 #ifdef ASSERT
 424 void TypeOrigin::print_on(outputStream* str) const {
 425   str->print("{%d,%d,%p:", _origin, _index, _frame);
 426   if (_frame != NULL) {
 427     _frame->print_on(str);
 428   } else {
 429     str->print("null");
 430   }
 431   str->print(",");
 432   _type.print_on(str);
 433   str->print("}");
 434 }
 435 #endif
 436 
 437 void ErrorContext::details(outputStream* ss, const Method* method) const {
 438   if (is_valid()) {
 439     ss->cr();
 440     ss->print_cr("Exception Details:");
 441     location_details(ss, method);
 442     reason_details(ss);
 443     frame_details(ss);
 444     bytecode_details(ss, method);
 445     handler_details(ss, method);
 446     stackmap_details(ss, method);
 447   }
 448 }
 449 
 450 void ErrorContext::reason_details(outputStream* ss) const {
 451   streamIndentor si(ss);
 452   ss->indent().print_cr("Reason:");
 453   streamIndentor si2(ss);
 454   ss->indent().print("%s", "");
 455   switch (_fault) {
 456     case INVALID_BYTECODE:
 457       ss->print("Error exists in the bytecode");
 458       break;
 459     case WRONG_TYPE:
 460       if (_expected.is_valid()) {
 461         ss->print("Type ");
 462         _type.details(ss);
 463         ss->print(" is not assignable to ");
 464         _expected.details(ss);
 465       } else {
 466         ss->print("Invalid type: ");
 467         _type.details(ss);
 468       }
 469       break;
 470     case FLAGS_MISMATCH:
 471       if (_expected.is_valid()) {
 472         ss->print("Current frame's flags are not assignable "
 473                   "to stack map frame's.");
 474       } else {
 475         ss->print("Current frame's flags are invalid in this context.");
 476       }
 477       break;
 478     case BAD_CP_INDEX:
 479       ss->print("Constant pool index %d is invalid", _type.index());
 480       break;
 481     case BAD_LOCAL_INDEX:
 482       ss->print("Local index %d is invalid", _type.index());
 483       break;
 484     case LOCALS_SIZE_MISMATCH:
 485       ss->print("Current frame's local size doesn't match stackmap.");
 486       break;
 487     case STACK_SIZE_MISMATCH:
 488       ss->print("Current frame's stack size doesn't match stackmap.");
 489       break;
 490     case STACK_OVERFLOW:
 491       ss->print("Exceeded max stack size.");
 492       break;
 493     case STACK_UNDERFLOW:
 494       ss->print("Attempt to pop empty stack.");
 495       break;
 496     case MISSING_STACKMAP:
 497       ss->print("Expected stackmap frame at this location.");
 498       break;
 499     case BAD_STACKMAP:
 500       ss->print("Invalid stackmap specification.");
 501       break;
 502     case WRONG_INLINE_TYPE:
 503       ss->print("Type ");
 504       _type.details(ss);
 505       ss->print(" and type ");
 506       _expected.details(ss);
 507       ss->print(" must be identical inline types.");
 508       break;
 509     case UNKNOWN:
 510     default:
 511       ShouldNotReachHere();
 512       ss->print_cr("Unknown");
 513   }
 514   ss->cr();
 515 }
 516 
 517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 518   if (_bci != -1 && method != NULL) {
 519     streamIndentor si(ss);
 520     const char* bytecode_name = "<invalid>";
 521     if (method->validate_bci(_bci) != -1) {
 522       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 523       if (Bytecodes::is_defined(code)) {
 524           bytecode_name = Bytecodes::name(code);
 525       } else {
 526           bytecode_name = "<illegal>";
 527       }
 528     }
 529     InstanceKlass* ik = method->method_holder();
 530     ss->indent().print_cr("Location:");
 531     streamIndentor si2(ss);
 532     ss->indent().print_cr("%s.%s%s @%d: %s",
 533         ik->name()->as_C_string(), method->name()->as_C_string(),
 534         method->signature()->as_C_string(), _bci, bytecode_name);
 535   }
 536 }
 537 
 538 void ErrorContext::frame_details(outputStream* ss) const {
 539   streamIndentor si(ss);
 540   if (_type.is_valid() && _type.frame() != NULL) {
 541     ss->indent().print_cr("Current Frame:");
 542     streamIndentor si2(ss);
 543     _type.frame()->print_on(ss);
 544   }
 545   if (_expected.is_valid() && _expected.frame() != NULL) {
 546     ss->indent().print_cr("Stackmap Frame:");
 547     streamIndentor si2(ss);
 548     _expected.frame()->print_on(ss);
 549   }
 550 }
 551 
 552 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 553   if (method != NULL) {
 554     streamIndentor si(ss);
 555     ss->indent().print_cr("Bytecode:");
 556     streamIndentor si2(ss);
 557     ss->print_data(method->code_base(), method->code_size(), false);
 558   }
 559 }
 560 
 561 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 562   if (method != NULL) {
 563     streamIndentor si(ss);
 564     ExceptionTable table(method);
 565     if (table.length() > 0) {
 566       ss->indent().print_cr("Exception Handler Table:");
 567       streamIndentor si2(ss);
 568       for (int i = 0; i < table.length(); ++i) {
 569         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 570             table.end_pc(i), table.handler_pc(i));
 571       }
 572     }
 573   }
 574 }
 575 
 576 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 577   if (method != NULL && method->has_stackmap_table()) {
 578     streamIndentor si(ss);
 579     ss->indent().print_cr("Stackmap Table:");
 580     Array<u1>* data = method->stackmap_data();
 581     stack_map_table* sm_table =
 582         stack_map_table::at((address)data->adr_at(0));
 583     stack_map_frame* sm_frame = sm_table->entries();
 584     streamIndentor si2(ss);
 585     int current_offset = -1;
 586     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 587     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 588       ss->indent();
 589       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 590         sm_frame->print_truncated(ss, current_offset);
 591         return;
 592       }
 593       sm_frame->print_on(ss, current_offset);
 594       ss->cr();
 595       current_offset += sm_frame->offset_delta();
 596       sm_frame = sm_frame->next();
 597     }
 598   }
 599 }
 600 
 601 // Methods in ClassVerifier
 602 
 603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
 604   if (klass->is_inline_klass()) {
 605     return VerificationType::inline_type(klass->name());
 606   } else {
 607     return VerificationType::reference_type(klass->name());
 608   }
 609 }
 610 
 611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 612     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 613       _message(NULL), _klass(klass) {
 614   _this_type = reference_or_inline_type(klass);
 615 }
 616 
 617 ClassVerifier::~ClassVerifier() {
 618   // Decrement the reference count for any symbols created.
 619   if (_symbols != NULL) {
 620     for (int i = 0; i < _symbols->length(); i++) {
 621       Symbol* s = _symbols->at(i);
 622       s->decrement_refcount();
 623     }
 624   }
 625 }
 626 
 627 VerificationType ClassVerifier::object_type() const {
 628   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 629 }
 630 
 631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 632   VerificationType vt = VerificationType::reference_type(
 633                          create_temporary_symbol(sig, (int)strlen(sig)));
 634   return TypeOrigin::implicit(vt);
 635 }
 636 
 637 
 638 void ClassVerifier::verify_class(TRAPS) {
 639   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 640 
 641   // Either verifying both local and remote classes or just remote classes.
 642   assert(BytecodeVerificationRemote, "Should not be here");
 643 
 644   Array<Method*>* methods = _klass->methods();
 645   int num_methods = methods->length();
 646 
 647   for (int index = 0; index < num_methods; index++) {
 648     // Check for recursive re-verification before each method.
 649     if (was_recursively_verified()) return;
 650 
 651     Method* m = methods->at(index);
 652     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 653       // If m is native or abstract, skip it.  It is checked in class file
 654       // parser that methods do not override a final method.  Overpass methods
 655       // are trusted since the VM generates them.
 656       continue;
 657     }
 658     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 659   }
 660 
 661   if (was_recursively_verified()){
 662     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 663     log_info(class, init)("Recursive verification detected for: %s",
 664                         _klass->external_name());
 665   }
 666 }
 667 
 668 // Translate the signature entries into verification types and save them in
 669 // the growable array.  Also, save the count of arguments.
 670 void ClassVerifier::translate_signature(Symbol* const method_sig,
 671                                         sig_as_verification_types* sig_verif_types) {
 672   SignatureStream sig_stream(method_sig);
 673   VerificationType sig_type[2];
 674   int sig_i = 0;
 675   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 676 
 677   // Translate the signature arguments into verification types.
 678   while (!sig_stream.at_return_type()) {
 679     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 680     assert(n <= 2, "Unexpected signature type");
 681 
 682     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 683     for (int x = 0; x < n; x++) {
 684       verif_types->push(sig_type[x]);
 685     }
 686     sig_i += n;
 687     sig_stream.next();
 688   }
 689 
 690   // Set final arg count, not including the return type.  The final arg count will
 691   // be compared with sig_verify_types' length to see if there is a return type.
 692   sig_verif_types->set_num_args(sig_i);
 693 
 694   // Store verification type(s) for the return type, if there is one.
 695   if (sig_stream.type() != T_VOID) {
 696     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 697     assert(n <= 2, "Unexpected signature return type");
 698     for (int y = 0; y < n; y++) {
 699       verif_types->push(sig_type[y]);
 700     }
 701   }
 702 }
 703 
 704 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 705                                             int sig_index) {
 706   // Translate the signature into verification types.
 707   ConstantPool* cp = _klass->constants();
 708   Symbol* const method_sig = cp->symbol_at(sig_index);
 709   translate_signature(method_sig, sig_verif_types);
 710 
 711   // Add the list of this signature's verification types to the table.
 712   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 713   assert(is_unique, "Duplicate entries in method_signature_table");
 714 }
 715 
 716 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 717   HandleMark hm(THREAD);
 718   _method = m;   // initialize _method
 719   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 720 
 721 // For clang, the only good constant format string is a literal constant format string.
 722 #define bad_type_msg "Bad type on operand stack in %s"
 723 
 724   int32_t max_stack = m->verifier_max_stack();
 725   int32_t max_locals = m->max_locals();
 726   constantPoolHandle cp(THREAD, m->constants());
 727 
 728   // Method signature was checked in ClassFileParser.
 729   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 730          "Invalid method signature");
 731 
 732   // Initial stack map frame: offset is 0, stack is initially empty.
 733   StackMapFrame current_frame(max_locals, max_stack, this);
 734   // Set initial locals
 735   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 736 
 737   int32_t stackmap_index = 0; // index to the stackmap array
 738 
 739   u4 code_length = m->code_size();
 740 
 741   // Scan the bytecode and map each instruction's start offset to a number.
 742   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 743 
 744   int ex_min = code_length;
 745   int ex_max = -1;
 746   // Look through each item on the exception table. Each of the fields must refer
 747   // to a legal instruction.
 748   if (was_recursively_verified()) return;
 749   verify_exception_handler_table(
 750     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 751 
 752   // Look through each entry on the local variable table and make sure
 753   // its range of code array offsets is valid. (4169817)
 754   if (m->has_localvariable_table()) {
 755     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 756   }
 757 
 758   Array<u1>* stackmap_data = m->stackmap_data();
 759   StackMapStream stream(stackmap_data);
 760   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 761   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 762                                code_data, code_length, CHECK_VERIFY(this));
 763 
 764   LogTarget(Debug, verification) lt;
 765   if (lt.is_enabled()) {
 766     ResourceMark rm(THREAD);
 767     LogStream ls(lt);
 768     stackmap_table.print_on(&ls);
 769   }
 770 
 771   RawBytecodeStream bcs(m);
 772 
 773   // Scan the byte code linearly from the start to the end
 774   bool no_control_flow = false; // Set to true when there is no direct control
 775                                 // flow from current instruction to the next
 776                                 // instruction in sequence
 777 
 778   Bytecodes::Code opcode;
 779   while (!bcs.is_last_bytecode()) {
 780     // Check for recursive re-verification before each bytecode.
 781     if (was_recursively_verified())  return;
 782 
 783     opcode = bcs.raw_next();
 784     u2 bci = bcs.bci();
 785 
 786     // Set current frame's offset to bci
 787     current_frame.set_offset(bci);
 788     current_frame.set_mark();
 789 
 790     // Make sure every offset in stackmap table point to the beginning to
 791     // an instruction. Match current_frame to stackmap_table entry with
 792     // the same offset if exists.
 793     stackmap_index = verify_stackmap_table(
 794       stackmap_index, bci, &current_frame, &stackmap_table,
 795       no_control_flow, CHECK_VERIFY(this));
 796 
 797 
 798     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 799     bool verified_exc_handlers = false;
 800 
 801     // Merge with the next instruction
 802     {
 803       u2 index;
 804       int target;
 805       VerificationType type, type2;
 806       VerificationType atype;
 807 
 808       LogTarget(Debug, verification) lt;
 809       if (lt.is_enabled()) {
 810         ResourceMark rm(THREAD);
 811         LogStream ls(lt);
 812         current_frame.print_on(&ls);
 813         lt.print("offset = %d,  opcode = %s", bci,
 814                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 815       }
 816 
 817       // Make sure wide instruction is in correct format
 818       if (bcs.is_wide()) {
 819         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 820             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 821             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 822             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 823             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 824             opcode != Bytecodes::_dstore) {
 825           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 826            * if we encounter a wide instruction that modifies an invalid
 827            * opcode (not one of the ones listed above) */
 828           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 829           return;
 830         }
 831       }
 832 
 833       // Look for possible jump target in exception handlers and see if it
 834       // matches current_frame.  Do this check here for astore*, dstore*,
 835       // fstore*, istore*, and lstore* opcodes because they can change the type
 836       // state by adding a local.  JVM Spec says that the incoming type state
 837       // should be used for this check.  So, do the check here before a possible
 838       // local is added to the type state.
 839       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 840         if (was_recursively_verified()) return;
 841         verify_exception_handler_targets(
 842           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 843         verified_exc_handlers = true;
 844       }
 845 
 846       if (was_recursively_verified()) return;
 847 
 848       switch (opcode) {
 849         case Bytecodes::_nop :
 850           no_control_flow = false; break;
 851         case Bytecodes::_aconst_null :
 852           current_frame.push_stack(
 853             VerificationType::null_type(), CHECK_VERIFY(this));
 854           no_control_flow = false; break;
 855         case Bytecodes::_iconst_m1 :
 856         case Bytecodes::_iconst_0 :
 857         case Bytecodes::_iconst_1 :
 858         case Bytecodes::_iconst_2 :
 859         case Bytecodes::_iconst_3 :
 860         case Bytecodes::_iconst_4 :
 861         case Bytecodes::_iconst_5 :
 862           current_frame.push_stack(
 863             VerificationType::integer_type(), CHECK_VERIFY(this));
 864           no_control_flow = false; break;
 865         case Bytecodes::_lconst_0 :
 866         case Bytecodes::_lconst_1 :
 867           current_frame.push_stack_2(
 868             VerificationType::long_type(),
 869             VerificationType::long2_type(), CHECK_VERIFY(this));
 870           no_control_flow = false; break;
 871         case Bytecodes::_fconst_0 :
 872         case Bytecodes::_fconst_1 :
 873         case Bytecodes::_fconst_2 :
 874           current_frame.push_stack(
 875             VerificationType::float_type(), CHECK_VERIFY(this));
 876           no_control_flow = false; break;
 877         case Bytecodes::_dconst_0 :
 878         case Bytecodes::_dconst_1 :
 879           current_frame.push_stack_2(
 880             VerificationType::double_type(),
 881             VerificationType::double2_type(), CHECK_VERIFY(this));
 882           no_control_flow = false; break;
 883         case Bytecodes::_sipush :
 884         case Bytecodes::_bipush :
 885           current_frame.push_stack(
 886             VerificationType::integer_type(), CHECK_VERIFY(this));
 887           no_control_flow = false; break;
 888         case Bytecodes::_ldc :
 889           verify_ldc(
 890             opcode, bcs.get_index_u1(), &current_frame,
 891             cp, bci, CHECK_VERIFY(this));
 892           no_control_flow = false; break;
 893         case Bytecodes::_ldc_w :
 894         case Bytecodes::_ldc2_w :
 895           verify_ldc(
 896             opcode, bcs.get_index_u2(), &current_frame,
 897             cp, bci, CHECK_VERIFY(this));
 898           no_control_flow = false; break;
 899         case Bytecodes::_iload :
 900           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 901           no_control_flow = false; break;
 902         case Bytecodes::_iload_0 :
 903         case Bytecodes::_iload_1 :
 904         case Bytecodes::_iload_2 :
 905         case Bytecodes::_iload_3 :
 906           index = opcode - Bytecodes::_iload_0;
 907           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 908           no_control_flow = false; break;
 909         case Bytecodes::_lload :
 910           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 911           no_control_flow = false; break;
 912         case Bytecodes::_lload_0 :
 913         case Bytecodes::_lload_1 :
 914         case Bytecodes::_lload_2 :
 915         case Bytecodes::_lload_3 :
 916           index = opcode - Bytecodes::_lload_0;
 917           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 918           no_control_flow = false; break;
 919         case Bytecodes::_fload :
 920           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 921           no_control_flow = false; break;
 922         case Bytecodes::_fload_0 :
 923         case Bytecodes::_fload_1 :
 924         case Bytecodes::_fload_2 :
 925         case Bytecodes::_fload_3 :
 926           index = opcode - Bytecodes::_fload_0;
 927           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 928           no_control_flow = false; break;
 929         case Bytecodes::_dload :
 930           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 931           no_control_flow = false; break;
 932         case Bytecodes::_dload_0 :
 933         case Bytecodes::_dload_1 :
 934         case Bytecodes::_dload_2 :
 935         case Bytecodes::_dload_3 :
 936           index = opcode - Bytecodes::_dload_0;
 937           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 938           no_control_flow = false; break;
 939         case Bytecodes::_aload :
 940           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 941           no_control_flow = false; break;
 942         case Bytecodes::_aload_0 :
 943         case Bytecodes::_aload_1 :
 944         case Bytecodes::_aload_2 :
 945         case Bytecodes::_aload_3 :
 946           index = opcode - Bytecodes::_aload_0;
 947           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 948           no_control_flow = false; break;
 949         case Bytecodes::_iaload :
 950           type = current_frame.pop_stack(
 951             VerificationType::integer_type(), CHECK_VERIFY(this));
 952           atype = current_frame.pop_stack(
 953             VerificationType::reference_check(), CHECK_VERIFY(this));
 954           if (!atype.is_int_array()) {
 955             verify_error(ErrorContext::bad_type(bci,
 956                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 957                 bad_type_msg, "iaload");
 958             return;
 959           }
 960           current_frame.push_stack(
 961             VerificationType::integer_type(), CHECK_VERIFY(this));
 962           no_control_flow = false; break;
 963         case Bytecodes::_baload :
 964           type = current_frame.pop_stack(
 965             VerificationType::integer_type(), CHECK_VERIFY(this));
 966           atype = current_frame.pop_stack(
 967             VerificationType::reference_check(), CHECK_VERIFY(this));
 968           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 969             verify_error(
 970                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 971                 bad_type_msg, "baload");
 972             return;
 973           }
 974           current_frame.push_stack(
 975             VerificationType::integer_type(), CHECK_VERIFY(this));
 976           no_control_flow = false; break;
 977         case Bytecodes::_caload :
 978           type = current_frame.pop_stack(
 979             VerificationType::integer_type(), CHECK_VERIFY(this));
 980           atype = current_frame.pop_stack(
 981             VerificationType::reference_check(), CHECK_VERIFY(this));
 982           if (!atype.is_char_array()) {
 983             verify_error(ErrorContext::bad_type(bci,
 984                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 985                 bad_type_msg, "caload");
 986             return;
 987           }
 988           current_frame.push_stack(
 989             VerificationType::integer_type(), CHECK_VERIFY(this));
 990           no_control_flow = false; break;
 991         case Bytecodes::_saload :
 992           type = current_frame.pop_stack(
 993             VerificationType::integer_type(), CHECK_VERIFY(this));
 994           atype = current_frame.pop_stack(
 995             VerificationType::reference_check(), CHECK_VERIFY(this));
 996           if (!atype.is_short_array()) {
 997             verify_error(ErrorContext::bad_type(bci,
 998                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 999                 bad_type_msg, "saload");
1000             return;
1001           }
1002           current_frame.push_stack(
1003             VerificationType::integer_type(), CHECK_VERIFY(this));
1004           no_control_flow = false; break;
1005         case Bytecodes::_laload :
1006           type = current_frame.pop_stack(
1007             VerificationType::integer_type(), CHECK_VERIFY(this));
1008           atype = current_frame.pop_stack(
1009             VerificationType::reference_check(), CHECK_VERIFY(this));
1010           if (!atype.is_long_array()) {
1011             verify_error(ErrorContext::bad_type(bci,
1012                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1013                 bad_type_msg, "laload");
1014             return;
1015           }
1016           current_frame.push_stack_2(
1017             VerificationType::long_type(),
1018             VerificationType::long2_type(), CHECK_VERIFY(this));
1019           no_control_flow = false; break;
1020         case Bytecodes::_faload :
1021           type = current_frame.pop_stack(
1022             VerificationType::integer_type(), CHECK_VERIFY(this));
1023           atype = current_frame.pop_stack(
1024             VerificationType::reference_check(), CHECK_VERIFY(this));
1025           if (!atype.is_float_array()) {
1026             verify_error(ErrorContext::bad_type(bci,
1027                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1028                 bad_type_msg, "faload");
1029             return;
1030           }
1031           current_frame.push_stack(
1032             VerificationType::float_type(), CHECK_VERIFY(this));
1033           no_control_flow = false; break;
1034         case Bytecodes::_daload :
1035           type = current_frame.pop_stack(
1036             VerificationType::integer_type(), CHECK_VERIFY(this));
1037           atype = current_frame.pop_stack(
1038             VerificationType::reference_check(), CHECK_VERIFY(this));
1039           if (!atype.is_double_array()) {
1040             verify_error(ErrorContext::bad_type(bci,
1041                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1042                 bad_type_msg, "daload");
1043             return;
1044           }
1045           current_frame.push_stack_2(
1046             VerificationType::double_type(),
1047             VerificationType::double2_type(), CHECK_VERIFY(this));
1048           no_control_flow = false; break;
1049         case Bytecodes::_aaload : {
1050           type = current_frame.pop_stack(
1051             VerificationType::integer_type(), CHECK_VERIFY(this));
1052           atype = current_frame.pop_stack(
1053             VerificationType::reference_check(), CHECK_VERIFY(this));
1054           if (!atype.is_nonscalar_array()) {
1055             verify_error(ErrorContext::bad_type(bci,
1056                 current_frame.stack_top_ctx(),
1057                 TypeOrigin::implicit(VerificationType::reference_check())),
1058                 bad_type_msg, "aaload");
1059             return;
1060           }
1061           if (atype.is_null()) {
1062             current_frame.push_stack(
1063               VerificationType::null_type(), CHECK_VERIFY(this));
1064           } else {
1065             VerificationType component = atype.get_component(this);
1066             current_frame.push_stack(component, CHECK_VERIFY(this));
1067           }
1068           no_control_flow = false; break;
1069         }
1070         case Bytecodes::_istore :
1071           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1072           no_control_flow = false; break;
1073         case Bytecodes::_istore_0 :
1074         case Bytecodes::_istore_1 :
1075         case Bytecodes::_istore_2 :
1076         case Bytecodes::_istore_3 :
1077           index = opcode - Bytecodes::_istore_0;
1078           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1079           no_control_flow = false; break;
1080         case Bytecodes::_lstore :
1081           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1082           no_control_flow = false; break;
1083         case Bytecodes::_lstore_0 :
1084         case Bytecodes::_lstore_1 :
1085         case Bytecodes::_lstore_2 :
1086         case Bytecodes::_lstore_3 :
1087           index = opcode - Bytecodes::_lstore_0;
1088           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1089           no_control_flow = false; break;
1090         case Bytecodes::_fstore :
1091           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1092           no_control_flow = false; break;
1093         case Bytecodes::_fstore_0 :
1094         case Bytecodes::_fstore_1 :
1095         case Bytecodes::_fstore_2 :
1096         case Bytecodes::_fstore_3 :
1097           index = opcode - Bytecodes::_fstore_0;
1098           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1099           no_control_flow = false; break;
1100         case Bytecodes::_dstore :
1101           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1102           no_control_flow = false; break;
1103         case Bytecodes::_dstore_0 :
1104         case Bytecodes::_dstore_1 :
1105         case Bytecodes::_dstore_2 :
1106         case Bytecodes::_dstore_3 :
1107           index = opcode - Bytecodes::_dstore_0;
1108           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1109           no_control_flow = false; break;
1110         case Bytecodes::_astore :
1111           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1112           no_control_flow = false; break;
1113         case Bytecodes::_astore_0 :
1114         case Bytecodes::_astore_1 :
1115         case Bytecodes::_astore_2 :
1116         case Bytecodes::_astore_3 :
1117           index = opcode - Bytecodes::_astore_0;
1118           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1119           no_control_flow = false; break;
1120         case Bytecodes::_iastore :
1121           type = current_frame.pop_stack(
1122             VerificationType::integer_type(), CHECK_VERIFY(this));
1123           type2 = current_frame.pop_stack(
1124             VerificationType::integer_type(), CHECK_VERIFY(this));
1125           atype = current_frame.pop_stack(
1126             VerificationType::reference_check(), CHECK_VERIFY(this));
1127           if (!atype.is_int_array()) {
1128             verify_error(ErrorContext::bad_type(bci,
1129                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1130                 bad_type_msg, "iastore");
1131             return;
1132           }
1133           no_control_flow = false; break;
1134         case Bytecodes::_bastore :
1135           type = current_frame.pop_stack(
1136             VerificationType::integer_type(), CHECK_VERIFY(this));
1137           type2 = current_frame.pop_stack(
1138             VerificationType::integer_type(), CHECK_VERIFY(this));
1139           atype = current_frame.pop_stack(
1140             VerificationType::reference_check(), CHECK_VERIFY(this));
1141           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1142             verify_error(
1143                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1144                 bad_type_msg, "bastore");
1145             return;
1146           }
1147           no_control_flow = false; break;
1148         case Bytecodes::_castore :
1149           current_frame.pop_stack(
1150             VerificationType::integer_type(), CHECK_VERIFY(this));
1151           current_frame.pop_stack(
1152             VerificationType::integer_type(), CHECK_VERIFY(this));
1153           atype = current_frame.pop_stack(
1154             VerificationType::reference_check(), CHECK_VERIFY(this));
1155           if (!atype.is_char_array()) {
1156             verify_error(ErrorContext::bad_type(bci,
1157                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1158                 bad_type_msg, "castore");
1159             return;
1160           }
1161           no_control_flow = false; break;
1162         case Bytecodes::_sastore :
1163           current_frame.pop_stack(
1164             VerificationType::integer_type(), CHECK_VERIFY(this));
1165           current_frame.pop_stack(
1166             VerificationType::integer_type(), CHECK_VERIFY(this));
1167           atype = current_frame.pop_stack(
1168             VerificationType::reference_check(), CHECK_VERIFY(this));
1169           if (!atype.is_short_array()) {
1170             verify_error(ErrorContext::bad_type(bci,
1171                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1172                 bad_type_msg, "sastore");
1173             return;
1174           }
1175           no_control_flow = false; break;
1176         case Bytecodes::_lastore :
1177           current_frame.pop_stack_2(
1178             VerificationType::long2_type(),
1179             VerificationType::long_type(), CHECK_VERIFY(this));
1180           current_frame.pop_stack(
1181             VerificationType::integer_type(), CHECK_VERIFY(this));
1182           atype = current_frame.pop_stack(
1183             VerificationType::reference_check(), CHECK_VERIFY(this));
1184           if (!atype.is_long_array()) {
1185             verify_error(ErrorContext::bad_type(bci,
1186                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1187                 bad_type_msg, "lastore");
1188             return;
1189           }
1190           no_control_flow = false; break;
1191         case Bytecodes::_fastore :
1192           current_frame.pop_stack(
1193             VerificationType::float_type(), CHECK_VERIFY(this));
1194           current_frame.pop_stack
1195             (VerificationType::integer_type(), CHECK_VERIFY(this));
1196           atype = current_frame.pop_stack(
1197             VerificationType::reference_check(), CHECK_VERIFY(this));
1198           if (!atype.is_float_array()) {
1199             verify_error(ErrorContext::bad_type(bci,
1200                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1201                 bad_type_msg, "fastore");
1202             return;
1203           }
1204           no_control_flow = false; break;
1205         case Bytecodes::_dastore :
1206           current_frame.pop_stack_2(
1207             VerificationType::double2_type(),
1208             VerificationType::double_type(), CHECK_VERIFY(this));
1209           current_frame.pop_stack(
1210             VerificationType::integer_type(), CHECK_VERIFY(this));
1211           atype = current_frame.pop_stack(
1212             VerificationType::reference_check(), CHECK_VERIFY(this));
1213           if (!atype.is_double_array()) {
1214             verify_error(ErrorContext::bad_type(bci,
1215                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1216                 bad_type_msg, "dastore");
1217             return;
1218           }
1219           no_control_flow = false; break;
1220         case Bytecodes::_aastore :
1221           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1222           type2 = current_frame.pop_stack(
1223             VerificationType::integer_type(), CHECK_VERIFY(this));
1224           atype = current_frame.pop_stack(
1225             VerificationType::reference_check(), CHECK_VERIFY(this));
1226           // more type-checking is done at runtime
1227           if (!atype.is_nonscalar_array()) {
1228             verify_error(ErrorContext::bad_type(bci,
1229                 current_frame.stack_top_ctx(),
1230                 TypeOrigin::implicit(VerificationType::reference_check())),
1231                 bad_type_msg, "aastore");
1232             return;
1233           }
1234           // 4938384: relaxed constraint in JVMS 3rd edition.
1235           no_control_flow = false; break;
1236         case Bytecodes::_pop :
1237           current_frame.pop_stack(
1238             VerificationType::category1_check(), CHECK_VERIFY(this));
1239           no_control_flow = false; break;
1240         case Bytecodes::_pop2 :
1241           type = current_frame.pop_stack(CHECK_VERIFY(this));
1242           if (type.is_category1()) {
1243             current_frame.pop_stack(
1244               VerificationType::category1_check(), CHECK_VERIFY(this));
1245           } else if (type.is_category2_2nd()) {
1246             current_frame.pop_stack(
1247               VerificationType::category2_check(), CHECK_VERIFY(this));
1248           } else {
1249             /* Unreachable? Would need a category2_1st on TOS
1250              * which does not appear possible. */
1251             verify_error(
1252                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1253                 bad_type_msg, "pop2");
1254             return;
1255           }
1256           no_control_flow = false; break;
1257         case Bytecodes::_dup :
1258           type = current_frame.pop_stack(
1259             VerificationType::category1_check(), CHECK_VERIFY(this));
1260           current_frame.push_stack(type, CHECK_VERIFY(this));
1261           current_frame.push_stack(type, CHECK_VERIFY(this));
1262           no_control_flow = false; break;
1263         case Bytecodes::_dup_x1 :
1264           type = current_frame.pop_stack(
1265             VerificationType::category1_check(), CHECK_VERIFY(this));
1266           type2 = current_frame.pop_stack(
1267             VerificationType::category1_check(), CHECK_VERIFY(this));
1268           current_frame.push_stack(type, CHECK_VERIFY(this));
1269           current_frame.push_stack(type2, CHECK_VERIFY(this));
1270           current_frame.push_stack(type, CHECK_VERIFY(this));
1271           no_control_flow = false; break;
1272         case Bytecodes::_dup_x2 :
1273         {
1274           VerificationType type3;
1275           type = current_frame.pop_stack(
1276             VerificationType::category1_check(), CHECK_VERIFY(this));
1277           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1278           if (type2.is_category1()) {
1279             type3 = current_frame.pop_stack(
1280               VerificationType::category1_check(), CHECK_VERIFY(this));
1281           } else if (type2.is_category2_2nd()) {
1282             type3 = current_frame.pop_stack(
1283               VerificationType::category2_check(), CHECK_VERIFY(this));
1284           } else {
1285             /* Unreachable? Would need a category2_1st at stack depth 2 with
1286              * a category1 on TOS which does not appear possible. */
1287             verify_error(ErrorContext::bad_type(
1288                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1289             return;
1290           }
1291           current_frame.push_stack(type, CHECK_VERIFY(this));
1292           current_frame.push_stack(type3, CHECK_VERIFY(this));
1293           current_frame.push_stack(type2, CHECK_VERIFY(this));
1294           current_frame.push_stack(type, CHECK_VERIFY(this));
1295           no_control_flow = false; break;
1296         }
1297         case Bytecodes::_dup2 :
1298           type = current_frame.pop_stack(CHECK_VERIFY(this));
1299           if (type.is_category1()) {
1300             type2 = current_frame.pop_stack(
1301               VerificationType::category1_check(), CHECK_VERIFY(this));
1302           } else if (type.is_category2_2nd()) {
1303             type2 = current_frame.pop_stack(
1304               VerificationType::category2_check(), CHECK_VERIFY(this));
1305           } else {
1306             /* Unreachable?  Would need a category2_1st on TOS which does not
1307              * appear possible. */
1308             verify_error(
1309                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1310                 bad_type_msg, "dup2");
1311             return;
1312           }
1313           current_frame.push_stack(type2, CHECK_VERIFY(this));
1314           current_frame.push_stack(type, CHECK_VERIFY(this));
1315           current_frame.push_stack(type2, CHECK_VERIFY(this));
1316           current_frame.push_stack(type, CHECK_VERIFY(this));
1317           no_control_flow = false; break;
1318         case Bytecodes::_dup2_x1 :
1319         {
1320           VerificationType type3;
1321           type = current_frame.pop_stack(CHECK_VERIFY(this));
1322           if (type.is_category1()) {
1323             type2 = current_frame.pop_stack(
1324               VerificationType::category1_check(), CHECK_VERIFY(this));
1325           } else if (type.is_category2_2nd()) {
1326             type2 = current_frame.pop_stack(
1327               VerificationType::category2_check(), CHECK_VERIFY(this));
1328           } else {
1329             /* Unreachable?  Would need a category2_1st on TOS which does
1330              * not appear possible. */
1331             verify_error(
1332                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1333                 bad_type_msg, "dup2_x1");
1334             return;
1335           }
1336           type3 = current_frame.pop_stack(
1337             VerificationType::category1_check(), CHECK_VERIFY(this));
1338           current_frame.push_stack(type2, CHECK_VERIFY(this));
1339           current_frame.push_stack(type, CHECK_VERIFY(this));
1340           current_frame.push_stack(type3, CHECK_VERIFY(this));
1341           current_frame.push_stack(type2, CHECK_VERIFY(this));
1342           current_frame.push_stack(type, CHECK_VERIFY(this));
1343           no_control_flow = false; break;
1344         }
1345         case Bytecodes::_dup2_x2 :
1346         {
1347           VerificationType type3, type4;
1348           type = current_frame.pop_stack(CHECK_VERIFY(this));
1349           if (type.is_category1()) {
1350             type2 = current_frame.pop_stack(
1351               VerificationType::category1_check(), CHECK_VERIFY(this));
1352           } else if (type.is_category2_2nd()) {
1353             type2 = current_frame.pop_stack(
1354               VerificationType::category2_check(), CHECK_VERIFY(this));
1355           } else {
1356             /* Unreachable?  Would need a category2_1st on TOS which does
1357              * not appear possible. */
1358             verify_error(
1359                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1360                 bad_type_msg, "dup2_x2");
1361             return;
1362           }
1363           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1364           if (type3.is_category1()) {
1365             type4 = current_frame.pop_stack(
1366               VerificationType::category1_check(), CHECK_VERIFY(this));
1367           } else if (type3.is_category2_2nd()) {
1368             type4 = current_frame.pop_stack(
1369               VerificationType::category2_check(), CHECK_VERIFY(this));
1370           } else {
1371             /* Unreachable?  Would need a category2_1st on TOS after popping
1372              * a long/double or two category 1's, which does not
1373              * appear possible. */
1374             verify_error(
1375                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1376                 bad_type_msg, "dup2_x2");
1377             return;
1378           }
1379           current_frame.push_stack(type2, CHECK_VERIFY(this));
1380           current_frame.push_stack(type, CHECK_VERIFY(this));
1381           current_frame.push_stack(type4, CHECK_VERIFY(this));
1382           current_frame.push_stack(type3, CHECK_VERIFY(this));
1383           current_frame.push_stack(type2, CHECK_VERIFY(this));
1384           current_frame.push_stack(type, CHECK_VERIFY(this));
1385           no_control_flow = false; break;
1386         }
1387         case Bytecodes::_swap :
1388           type = current_frame.pop_stack(
1389             VerificationType::category1_check(), CHECK_VERIFY(this));
1390           type2 = current_frame.pop_stack(
1391             VerificationType::category1_check(), CHECK_VERIFY(this));
1392           current_frame.push_stack(type, CHECK_VERIFY(this));
1393           current_frame.push_stack(type2, CHECK_VERIFY(this));
1394           no_control_flow = false; break;
1395         case Bytecodes::_iadd :
1396         case Bytecodes::_isub :
1397         case Bytecodes::_imul :
1398         case Bytecodes::_idiv :
1399         case Bytecodes::_irem :
1400         case Bytecodes::_ishl :
1401         case Bytecodes::_ishr :
1402         case Bytecodes::_iushr :
1403         case Bytecodes::_ior :
1404         case Bytecodes::_ixor :
1405         case Bytecodes::_iand :
1406           current_frame.pop_stack(
1407             VerificationType::integer_type(), CHECK_VERIFY(this));
1408           // fall through
1409         case Bytecodes::_ineg :
1410           current_frame.pop_stack(
1411             VerificationType::integer_type(), CHECK_VERIFY(this));
1412           current_frame.push_stack(
1413             VerificationType::integer_type(), CHECK_VERIFY(this));
1414           no_control_flow = false; break;
1415         case Bytecodes::_ladd :
1416         case Bytecodes::_lsub :
1417         case Bytecodes::_lmul :
1418         case Bytecodes::_ldiv :
1419         case Bytecodes::_lrem :
1420         case Bytecodes::_land :
1421         case Bytecodes::_lor :
1422         case Bytecodes::_lxor :
1423           current_frame.pop_stack_2(
1424             VerificationType::long2_type(),
1425             VerificationType::long_type(), CHECK_VERIFY(this));
1426           // fall through
1427         case Bytecodes::_lneg :
1428           current_frame.pop_stack_2(
1429             VerificationType::long2_type(),
1430             VerificationType::long_type(), CHECK_VERIFY(this));
1431           current_frame.push_stack_2(
1432             VerificationType::long_type(),
1433             VerificationType::long2_type(), CHECK_VERIFY(this));
1434           no_control_flow = false; break;
1435         case Bytecodes::_lshl :
1436         case Bytecodes::_lshr :
1437         case Bytecodes::_lushr :
1438           current_frame.pop_stack(
1439             VerificationType::integer_type(), CHECK_VERIFY(this));
1440           current_frame.pop_stack_2(
1441             VerificationType::long2_type(),
1442             VerificationType::long_type(), CHECK_VERIFY(this));
1443           current_frame.push_stack_2(
1444             VerificationType::long_type(),
1445             VerificationType::long2_type(), CHECK_VERIFY(this));
1446           no_control_flow = false; break;
1447         case Bytecodes::_fadd :
1448         case Bytecodes::_fsub :
1449         case Bytecodes::_fmul :
1450         case Bytecodes::_fdiv :
1451         case Bytecodes::_frem :
1452           current_frame.pop_stack(
1453             VerificationType::float_type(), CHECK_VERIFY(this));
1454           // fall through
1455         case Bytecodes::_fneg :
1456           current_frame.pop_stack(
1457             VerificationType::float_type(), CHECK_VERIFY(this));
1458           current_frame.push_stack(
1459             VerificationType::float_type(), CHECK_VERIFY(this));
1460           no_control_flow = false; break;
1461         case Bytecodes::_dadd :
1462         case Bytecodes::_dsub :
1463         case Bytecodes::_dmul :
1464         case Bytecodes::_ddiv :
1465         case Bytecodes::_drem :
1466           current_frame.pop_stack_2(
1467             VerificationType::double2_type(),
1468             VerificationType::double_type(), CHECK_VERIFY(this));
1469           // fall through
1470         case Bytecodes::_dneg :
1471           current_frame.pop_stack_2(
1472             VerificationType::double2_type(),
1473             VerificationType::double_type(), CHECK_VERIFY(this));
1474           current_frame.push_stack_2(
1475             VerificationType::double_type(),
1476             VerificationType::double2_type(), CHECK_VERIFY(this));
1477           no_control_flow = false; break;
1478         case Bytecodes::_iinc :
1479           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1480           no_control_flow = false; break;
1481         case Bytecodes::_i2l :
1482           type = current_frame.pop_stack(
1483             VerificationType::integer_type(), CHECK_VERIFY(this));
1484           current_frame.push_stack_2(
1485             VerificationType::long_type(),
1486             VerificationType::long2_type(), CHECK_VERIFY(this));
1487           no_control_flow = false; break;
1488        case Bytecodes::_l2i :
1489           current_frame.pop_stack_2(
1490             VerificationType::long2_type(),
1491             VerificationType::long_type(), CHECK_VERIFY(this));
1492           current_frame.push_stack(
1493             VerificationType::integer_type(), CHECK_VERIFY(this));
1494           no_control_flow = false; break;
1495         case Bytecodes::_i2f :
1496           current_frame.pop_stack(
1497             VerificationType::integer_type(), CHECK_VERIFY(this));
1498           current_frame.push_stack(
1499             VerificationType::float_type(), CHECK_VERIFY(this));
1500           no_control_flow = false; break;
1501         case Bytecodes::_i2d :
1502           current_frame.pop_stack(
1503             VerificationType::integer_type(), CHECK_VERIFY(this));
1504           current_frame.push_stack_2(
1505             VerificationType::double_type(),
1506             VerificationType::double2_type(), CHECK_VERIFY(this));
1507           no_control_flow = false; break;
1508         case Bytecodes::_l2f :
1509           current_frame.pop_stack_2(
1510             VerificationType::long2_type(),
1511             VerificationType::long_type(), CHECK_VERIFY(this));
1512           current_frame.push_stack(
1513             VerificationType::float_type(), CHECK_VERIFY(this));
1514           no_control_flow = false; break;
1515         case Bytecodes::_l2d :
1516           current_frame.pop_stack_2(
1517             VerificationType::long2_type(),
1518             VerificationType::long_type(), CHECK_VERIFY(this));
1519           current_frame.push_stack_2(
1520             VerificationType::double_type(),
1521             VerificationType::double2_type(), CHECK_VERIFY(this));
1522           no_control_flow = false; break;
1523         case Bytecodes::_f2i :
1524           current_frame.pop_stack(
1525             VerificationType::float_type(), CHECK_VERIFY(this));
1526           current_frame.push_stack(
1527             VerificationType::integer_type(), CHECK_VERIFY(this));
1528           no_control_flow = false; break;
1529         case Bytecodes::_f2l :
1530           current_frame.pop_stack(
1531             VerificationType::float_type(), CHECK_VERIFY(this));
1532           current_frame.push_stack_2(
1533             VerificationType::long_type(),
1534             VerificationType::long2_type(), CHECK_VERIFY(this));
1535           no_control_flow = false; break;
1536         case Bytecodes::_f2d :
1537           current_frame.pop_stack(
1538             VerificationType::float_type(), CHECK_VERIFY(this));
1539           current_frame.push_stack_2(
1540             VerificationType::double_type(),
1541             VerificationType::double2_type(), CHECK_VERIFY(this));
1542           no_control_flow = false; break;
1543         case Bytecodes::_d2i :
1544           current_frame.pop_stack_2(
1545             VerificationType::double2_type(),
1546             VerificationType::double_type(), CHECK_VERIFY(this));
1547           current_frame.push_stack(
1548             VerificationType::integer_type(), CHECK_VERIFY(this));
1549           no_control_flow = false; break;
1550         case Bytecodes::_d2l :
1551           current_frame.pop_stack_2(
1552             VerificationType::double2_type(),
1553             VerificationType::double_type(), CHECK_VERIFY(this));
1554           current_frame.push_stack_2(
1555             VerificationType::long_type(),
1556             VerificationType::long2_type(), CHECK_VERIFY(this));
1557           no_control_flow = false; break;
1558         case Bytecodes::_d2f :
1559           current_frame.pop_stack_2(
1560             VerificationType::double2_type(),
1561             VerificationType::double_type(), CHECK_VERIFY(this));
1562           current_frame.push_stack(
1563             VerificationType::float_type(), CHECK_VERIFY(this));
1564           no_control_flow = false; break;
1565         case Bytecodes::_i2b :
1566         case Bytecodes::_i2c :
1567         case Bytecodes::_i2s :
1568           current_frame.pop_stack(
1569             VerificationType::integer_type(), CHECK_VERIFY(this));
1570           current_frame.push_stack(
1571             VerificationType::integer_type(), CHECK_VERIFY(this));
1572           no_control_flow = false; break;
1573         case Bytecodes::_lcmp :
1574           current_frame.pop_stack_2(
1575             VerificationType::long2_type(),
1576             VerificationType::long_type(), CHECK_VERIFY(this));
1577           current_frame.pop_stack_2(
1578             VerificationType::long2_type(),
1579             VerificationType::long_type(), CHECK_VERIFY(this));
1580           current_frame.push_stack(
1581             VerificationType::integer_type(), CHECK_VERIFY(this));
1582           no_control_flow = false; break;
1583         case Bytecodes::_fcmpl :
1584         case Bytecodes::_fcmpg :
1585           current_frame.pop_stack(
1586             VerificationType::float_type(), CHECK_VERIFY(this));
1587           current_frame.pop_stack(
1588             VerificationType::float_type(), CHECK_VERIFY(this));
1589           current_frame.push_stack(
1590             VerificationType::integer_type(), CHECK_VERIFY(this));
1591           no_control_flow = false; break;
1592         case Bytecodes::_dcmpl :
1593         case Bytecodes::_dcmpg :
1594           current_frame.pop_stack_2(
1595             VerificationType::double2_type(),
1596             VerificationType::double_type(), CHECK_VERIFY(this));
1597           current_frame.pop_stack_2(
1598             VerificationType::double2_type(),
1599             VerificationType::double_type(), CHECK_VERIFY(this));
1600           current_frame.push_stack(
1601             VerificationType::integer_type(), CHECK_VERIFY(this));
1602           no_control_flow = false; break;
1603         case Bytecodes::_if_icmpeq:
1604         case Bytecodes::_if_icmpne:
1605         case Bytecodes::_if_icmplt:
1606         case Bytecodes::_if_icmpge:
1607         case Bytecodes::_if_icmpgt:
1608         case Bytecodes::_if_icmple:
1609           current_frame.pop_stack(
1610             VerificationType::integer_type(), CHECK_VERIFY(this));
1611           // fall through
1612         case Bytecodes::_ifeq:
1613         case Bytecodes::_ifne:
1614         case Bytecodes::_iflt:
1615         case Bytecodes::_ifge:
1616         case Bytecodes::_ifgt:
1617         case Bytecodes::_ifle:
1618           current_frame.pop_stack(
1619             VerificationType::integer_type(), CHECK_VERIFY(this));
1620           target = bcs.dest();
1621           stackmap_table.check_jump_target(
1622             &current_frame, target, CHECK_VERIFY(this));
1623           no_control_flow = false; break;
1624         case Bytecodes::_if_acmpeq :
1625         case Bytecodes::_if_acmpne :
1626           current_frame.pop_stack(
1627             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1628           // fall through
1629         case Bytecodes::_ifnull :
1630         case Bytecodes::_ifnonnull :
1631           current_frame.pop_stack(
1632             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1633           target = bcs.dest();
1634           stackmap_table.check_jump_target
1635             (&current_frame, target, CHECK_VERIFY(this));
1636           no_control_flow = false; break;
1637         case Bytecodes::_goto :
1638           target = bcs.dest();
1639           stackmap_table.check_jump_target(
1640             &current_frame, target, CHECK_VERIFY(this));
1641           no_control_flow = true; break;
1642         case Bytecodes::_goto_w :
1643           target = bcs.dest_w();
1644           stackmap_table.check_jump_target(
1645             &current_frame, target, CHECK_VERIFY(this));
1646           no_control_flow = true; break;
1647         case Bytecodes::_tableswitch :
1648         case Bytecodes::_lookupswitch :
1649           verify_switch(
1650             &bcs, code_length, code_data, &current_frame,
1651             &stackmap_table, CHECK_VERIFY(this));
1652           no_control_flow = true; break;
1653         case Bytecodes::_ireturn :
1654           type = current_frame.pop_stack(
1655             VerificationType::integer_type(), CHECK_VERIFY(this));
1656           verify_return_value(return_type, type, bci,
1657                               &current_frame, CHECK_VERIFY(this));
1658           no_control_flow = true; break;
1659         case Bytecodes::_lreturn :
1660           type2 = current_frame.pop_stack(
1661             VerificationType::long2_type(), CHECK_VERIFY(this));
1662           type = current_frame.pop_stack(
1663             VerificationType::long_type(), CHECK_VERIFY(this));
1664           verify_return_value(return_type, type, bci,
1665                               &current_frame, CHECK_VERIFY(this));
1666           no_control_flow = true; break;
1667         case Bytecodes::_freturn :
1668           type = current_frame.pop_stack(
1669             VerificationType::float_type(), CHECK_VERIFY(this));
1670           verify_return_value(return_type, type, bci,
1671                               &current_frame, CHECK_VERIFY(this));
1672           no_control_flow = true; break;
1673         case Bytecodes::_dreturn :
1674           type2 = current_frame.pop_stack(
1675             VerificationType::double2_type(),  CHECK_VERIFY(this));
1676           type = current_frame.pop_stack(
1677             VerificationType::double_type(), CHECK_VERIFY(this));
1678           verify_return_value(return_type, type, bci,
1679                               &current_frame, CHECK_VERIFY(this));
1680           no_control_flow = true; break;
1681         case Bytecodes::_areturn :
1682           type = current_frame.pop_stack(
1683             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1684           verify_return_value(return_type, type, bci,
1685                               &current_frame, CHECK_VERIFY(this));
1686           no_control_flow = true; break;
1687         case Bytecodes::_return :
1688           if (return_type != VerificationType::bogus_type()) {
1689             verify_error(ErrorContext::bad_code(bci),
1690                          "Method expects a return value");
1691             return;
1692           }
1693           // Make sure "this" has been initialized if current method is an
1694           // <init>.
1695           if (_method->is_object_constructor() &&
1696               current_frame.flag_this_uninit()) {
1697             verify_error(ErrorContext::bad_code(bci),
1698                          "Constructor must call super() or this() "
1699                          "before return");
1700             return;
1701           }
1702           no_control_flow = true; break;
1703         case Bytecodes::_getstatic :
1704         case Bytecodes::_putstatic :
1705           // pass TRUE, operand can be an array type for getstatic/putstatic.
1706           verify_field_instructions(
1707             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1708           no_control_flow = false; break;
1709         case Bytecodes::_getfield :
1710         case Bytecodes::_putfield :
1711           // pass FALSE, operand can't be an array type for getfield/putfield.
1712           verify_field_instructions(
1713             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1714           no_control_flow = false; break;
1715         case Bytecodes::_withfield :
1716           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1717             class_format_error(
1718               "withfield not supported by this class file version (%d.%d), class %s",
1719               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1720             return;
1721           }
1722           // pass FALSE, operand can't be an array type for withfield.
1723           verify_field_instructions(
1724             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1725           no_control_flow = false; break;
1726         case Bytecodes::_invokevirtual :
1727         case Bytecodes::_invokespecial :
1728         case Bytecodes::_invokestatic :
1729         case Bytecodes::_invokeinterface :
1730         case Bytecodes::_invokedynamic :
1731           verify_invoke_instructions(
1732             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1733             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1734           no_control_flow = false; break;
1735         case Bytecodes::_new :
1736         {
1737           index = bcs.get_index_u2();
1738           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1739           VerificationType new_class_type =
1740             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1741           if (!new_class_type.is_object()) {
1742             verify_error(ErrorContext::bad_type(bci,
1743                 TypeOrigin::cp(index, new_class_type)),
1744                 "Illegal new instruction");
1745             return;
1746           }
1747           type = VerificationType::uninitialized_type(bci);
1748           current_frame.push_stack(type, CHECK_VERIFY(this));
1749           no_control_flow = false; break;
1750         }
1751         case Bytecodes::_aconst_init :
1752         {
1753           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1754             class_format_error(
1755               "aconst_init not supported by this class file version (%d.%d), class %s",
1756               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1757             return;
1758           }
1759           index = bcs.get_index_u2();
1760           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1761           VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1762           if (!ref_type.is_object()) {
1763             verify_error(ErrorContext::bad_type(bci,
1764                 TypeOrigin::cp(index, ref_type)),
1765                 "Illegal aconst_init instruction");
1766             return;
1767           }
1768           VerificationType inline_type =
1769             VerificationType::change_ref_to_inline_type(ref_type);
1770           current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1771           no_control_flow = false; break;
1772         }
1773         case Bytecodes::_newarray :
1774           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1775           current_frame.pop_stack(
1776             VerificationType::integer_type(),  CHECK_VERIFY(this));
1777           current_frame.push_stack(type, CHECK_VERIFY(this));
1778           no_control_flow = false; break;
1779         case Bytecodes::_anewarray :
1780           verify_anewarray(
1781             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1782           no_control_flow = false; break;
1783         case Bytecodes::_arraylength :
1784           type = current_frame.pop_stack(
1785             VerificationType::reference_check(), CHECK_VERIFY(this));
1786           if (!(type.is_null() || type.is_array())) {
1787             verify_error(ErrorContext::bad_type(
1788                 bci, current_frame.stack_top_ctx()),
1789                 bad_type_msg, "arraylength");
1790           }
1791           current_frame.push_stack(
1792             VerificationType::integer_type(), CHECK_VERIFY(this));
1793           no_control_flow = false; break;
1794         case Bytecodes::_checkcast :
1795         {
1796           index = bcs.get_index_u2();
1797           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799           VerificationType klass_type = cp_index_to_type(
1800             index, cp, CHECK_VERIFY(this));
1801           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1802           no_control_flow = false; break;
1803         }
1804         case Bytecodes::_instanceof : {
1805           index = bcs.get_index_u2();
1806           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1807           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1808           current_frame.push_stack(
1809             VerificationType::integer_type(), CHECK_VERIFY(this));
1810           no_control_flow = false; break;
1811         }
1812         case Bytecodes::_monitorenter :
1813         case Bytecodes::_monitorexit : {
1814           VerificationType ref = current_frame.pop_stack(
1815             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1816           no_control_flow = false; break;
1817         }
1818         case Bytecodes::_multianewarray :
1819         {
1820           index = bcs.get_index_u2();
1821           u2 dim = *(bcs.bcp()+3);
1822           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1823           VerificationType new_array_type =
1824             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1825           if (!new_array_type.is_array()) {
1826             verify_error(ErrorContext::bad_type(bci,
1827                 TypeOrigin::cp(index, new_array_type)),
1828                 "Illegal constant pool index in multianewarray instruction");
1829             return;
1830           }
1831           if (dim < 1 || new_array_type.dimensions() < dim) {
1832             verify_error(ErrorContext::bad_code(bci),
1833                 "Illegal dimension in multianewarray instruction: %d", dim);
1834             return;
1835           }
1836           for (int i = 0; i < dim; i++) {
1837             current_frame.pop_stack(
1838               VerificationType::integer_type(), CHECK_VERIFY(this));
1839           }
1840           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1841           no_control_flow = false; break;
1842         }
1843         case Bytecodes::_athrow :
1844           type = VerificationType::reference_type(
1845             vmSymbols::java_lang_Throwable());
1846           current_frame.pop_stack(type, CHECK_VERIFY(this));
1847           no_control_flow = true; break;
1848         default:
1849           // We only need to check the valid bytecodes in class file.
1850           // And jsr and ret are not in the new class file format in JDK1.6.
1851           verify_error(ErrorContext::bad_code(bci),
1852               "Bad instruction: %02x", opcode);
1853           no_control_flow = false;
1854           return;
1855       }  // end switch
1856     }  // end Merge with the next instruction
1857 
1858     // Look for possible jump target in exception handlers and see if it matches
1859     // current_frame.  Don't do this check if it has already been done (for
1860     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1861     // opcodes, such as invokespecial, may set the this_uninit flag.
1862     assert(!(verified_exc_handlers && this_uninit),
1863       "Exception handler targets got verified before this_uninit got set");
1864     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1865       if (was_recursively_verified()) return;
1866       verify_exception_handler_targets(
1867         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1868     }
1869   } // end while
1870 
1871   // Make sure that control flow does not fall through end of the method
1872   if (!no_control_flow) {
1873     verify_error(ErrorContext::bad_code(code_length),
1874         "Control flow falls through code end");
1875     return;
1876   }
1877 }
1878 
1879 #undef bad_type_message
1880 
1881 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1882   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1883   memset(code_data, 0, sizeof(char) * code_length);
1884   RawBytecodeStream bcs(m);
1885 
1886   while (!bcs.is_last_bytecode()) {
1887     if (bcs.raw_next() != Bytecodes::_illegal) {
1888       int bci = bcs.bci();
1889       if (bcs.raw_code() == Bytecodes::_new) {
1890         code_data[bci] = NEW_OFFSET;
1891       } else {
1892         code_data[bci] = BYTECODE_OFFSET;
1893       }
1894     } else {
1895       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1896       return NULL;
1897     }
1898   }
1899 
1900   return code_data;
1901 }
1902 
1903 // Since this method references the constant pool, call was_recursively_verified()
1904 // before calling this method to make sure a prior class load did not cause the
1905 // current class to get verified.
1906 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1907   ExceptionTable exhandlers(_method());
1908   int exlength = exhandlers.length();
1909   constantPoolHandle cp (THREAD, _method->constants());
1910 
1911   for(int i = 0; i < exlength; i++) {
1912     u2 start_pc = exhandlers.start_pc(i);
1913     u2 end_pc = exhandlers.end_pc(i);
1914     u2 handler_pc = exhandlers.handler_pc(i);
1915     if (start_pc >= code_length || code_data[start_pc] == 0) {
1916       class_format_error("Illegal exception table start_pc %d", start_pc);
1917       return;
1918     }
1919     if (end_pc != code_length) {   // special case: end_pc == code_length
1920       if (end_pc > code_length || code_data[end_pc] == 0) {
1921         class_format_error("Illegal exception table end_pc %d", end_pc);
1922         return;
1923       }
1924     }
1925     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1926       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1927       return;
1928     }
1929     int catch_type_index = exhandlers.catch_type_index(i);
1930     if (catch_type_index != 0) {
1931       VerificationType catch_type = cp_index_to_type(
1932         catch_type_index, cp, CHECK_VERIFY(this));
1933       VerificationType throwable =
1934         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1935       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1936       // do that, and we need to avoid a runtime resolution in case we are trying to
1937       // catch OutOfMemoryError.
1938       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1939         cp->klass_at(catch_type_index, CHECK);
1940       }
1941       bool is_subclass = throwable.is_assignable_from(
1942         catch_type, this, false, CHECK_VERIFY(this));
1943       if (!is_subclass) {
1944         // 4286534: should throw VerifyError according to recent spec change
1945         verify_error(ErrorContext::bad_type(handler_pc,
1946             TypeOrigin::cp(catch_type_index, catch_type),
1947             TypeOrigin::implicit(throwable)),
1948             "Catch type is not a subclass "
1949             "of Throwable in exception handler %d", handler_pc);
1950         return;
1951       }
1952     }
1953     if (start_pc < min) min = start_pc;
1954     if (end_pc > max) max = end_pc;
1955   }
1956 }
1957 
1958 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1959   int localvariable_table_length = _method->localvariable_table_length();
1960   if (localvariable_table_length > 0) {
1961     LocalVariableTableElement* table = _method->localvariable_table_start();
1962     for (int i = 0; i < localvariable_table_length; i++) {
1963       u2 start_bci = table[i].start_bci;
1964       u2 length = table[i].length;
1965 
1966       if (start_bci >= code_length || code_data[start_bci] == 0) {
1967         class_format_error(
1968           "Illegal local variable table start_pc %d", start_bci);
1969         return;
1970       }
1971       u4 end_bci = (u4)(start_bci + length);
1972       if (end_bci != code_length) {
1973         if (end_bci >= code_length || code_data[end_bci] == 0) {
1974           class_format_error( "Illegal local variable table length %d", length);
1975           return;
1976         }
1977       }
1978     }
1979   }
1980 }
1981 
1982 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1983                                         StackMapFrame* current_frame,
1984                                         StackMapTable* stackmap_table,
1985                                         bool no_control_flow, TRAPS) {
1986   if (stackmap_index < stackmap_table->get_frame_count()) {
1987     u2 this_offset = stackmap_table->get_offset(stackmap_index);
1988     if (no_control_flow && this_offset > bci) {
1989       verify_error(ErrorContext::missing_stackmap(bci),
1990                    "Expecting a stack map frame");
1991       return 0;
1992     }
1993     if (this_offset == bci) {
1994       ErrorContext ctx;
1995       // See if current stack map can be assigned to the frame in table.
1996       // current_frame is the stackmap frame got from the last instruction.
1997       // If matched, current_frame will be updated by this method.
1998       bool matches = stackmap_table->match_stackmap(
1999         current_frame, this_offset, stackmap_index,
2000         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
2001       if (!matches) {
2002         // report type error
2003         verify_error(ctx, "Instruction type does not match stack map");
2004         return 0;
2005       }
2006       stackmap_index++;
2007     } else if (this_offset < bci) {
2008       // current_offset should have met this_offset.
2009       class_format_error("Bad stack map offset %d", this_offset);
2010       return 0;
2011     }
2012   } else if (no_control_flow) {
2013     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2014     return 0;
2015   }
2016   return stackmap_index;
2017 }
2018 
2019 // Since this method references the constant pool, call was_recursively_verified()
2020 // before calling this method to make sure a prior class load did not cause the
2021 // current class to get verified.
2022 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2023                                                      StackMapFrame* current_frame,
2024                                                      StackMapTable* stackmap_table, TRAPS) {
2025   constantPoolHandle cp (THREAD, _method->constants());
2026   ExceptionTable exhandlers(_method());
2027   int exlength = exhandlers.length();
2028   for(int i = 0; i < exlength; i++) {
2029     u2 start_pc = exhandlers.start_pc(i);
2030     u2 end_pc = exhandlers.end_pc(i);
2031     u2 handler_pc = exhandlers.handler_pc(i);
2032     int catch_type_index = exhandlers.catch_type_index(i);
2033     if(bci >= start_pc && bci < end_pc) {
2034       u1 flags = current_frame->flags();
2035       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
2036       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2037       if (catch_type_index != 0) {
2038         if (was_recursively_verified()) return;
2039         // We know that this index refers to a subclass of Throwable
2040         VerificationType catch_type = cp_index_to_type(
2041           catch_type_index, cp, CHECK_VERIFY(this));
2042         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2043       } else {
2044         VerificationType throwable =
2045           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2046         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2047       }
2048       ErrorContext ctx;
2049       bool matches = stackmap_table->match_stackmap(
2050         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2051       if (!matches) {
2052         verify_error(ctx, "Stack map does not match the one at "
2053             "exception handler %d", handler_pc);
2054         return;
2055       }
2056     }
2057   }
2058 }
2059 
2060 void ClassVerifier::verify_cp_index(
2061     u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2062   int nconstants = cp->length();
2063   if ((index <= 0) || (index >= nconstants)) {
2064     verify_error(ErrorContext::bad_cp_index(bci, index),
2065         "Illegal constant pool index %d in class %s",
2066         index, cp->pool_holder()->external_name());
2067     return;
2068   }
2069 }
2070 
2071 void ClassVerifier::verify_cp_type(
2072     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2073 
2074   // In some situations, bytecode rewriting may occur while we're verifying.
2075   // In this case, a constant pool cache exists and some indices refer to that
2076   // instead.  Be sure we don't pick up such indices by accident.
2077   // We must check was_recursively_verified() before we get here.
2078   guarantee(cp->cache() == NULL, "not rewritten yet");
2079 
2080   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2081   unsigned int tag = cp->tag_at(index).value();
2082 
2083   if ((types & (1 << tag)) == 0) {
2084     verify_error(ErrorContext::bad_cp_index(bci, index),
2085       "Illegal type at constant pool entry %d in class %s",
2086       index, cp->pool_holder()->external_name());
2087     return;
2088   }
2089 }
2090 
2091 void ClassVerifier::verify_cp_class_type(
2092     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2093   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2094   constantTag tag = cp->tag_at(index);
2095   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2096     verify_error(ErrorContext::bad_cp_index(bci, index),
2097         "Illegal type at constant pool entry %d in class %s",
2098         index, cp->pool_holder()->external_name());
2099     return;
2100   }
2101 }
2102 
2103 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2104   stringStream ss;
2105 
2106   ctx.reset_frames();
2107   _exception_type = vmSymbols::java_lang_VerifyError();
2108   _error_context = ctx;
2109   va_list va;
2110   va_start(va, msg);
2111   ss.vprint(msg, va);
2112   va_end(va);
2113   _message = ss.as_string();
2114 #ifdef ASSERT
2115   ResourceMark rm;
2116   const char* exception_name = _exception_type->as_C_string();
2117   Exceptions::debug_check_abort(exception_name, NULL);
2118 #endif // ndef ASSERT
2119 }
2120 
2121 void ClassVerifier::class_format_error(const char* msg, ...) {
2122   stringStream ss;
2123   _exception_type = vmSymbols::java_lang_ClassFormatError();
2124   va_list va;
2125   va_start(va, msg);
2126   ss.vprint(msg, va);
2127   va_end(va);
2128   if (!_method.is_null()) {
2129     ss.print(" in method '");
2130     _method->print_external_name(&ss);
2131     ss.print("'");
2132   }
2133   _message = ss.as_string();
2134 }
2135 
2136 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2137   HandleMark hm(THREAD);
2138   // Get current loader and protection domain first.
2139   oop loader = current_class()->class_loader();
2140   oop protection_domain = current_class()->protection_domain();
2141 
2142   assert(name_in_supers(name, current_class()), "name should be a super class");
2143 
2144   Klass* kls = SystemDictionary::resolve_or_fail(
2145     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2146     true, THREAD);
2147 
2148   if (kls != NULL) {
2149     if (log_is_enabled(Debug, class, resolve)) {
2150       Verifier::trace_class_resolution(kls, current_class());
2151     }
2152   }
2153   return kls;
2154 }
2155 
2156 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2157                                         Klass* target_class,
2158                                         Symbol* field_name,
2159                                         Symbol* field_sig,
2160                                         bool is_method) {
2161   NoSafepointVerifier nosafepoint;
2162 
2163   // If target class isn't a super class of this class, we don't worry about this case
2164   if (!this_class->is_subclass_of(target_class)) {
2165     return false;
2166   }
2167   // Check if the specified method or field is protected
2168   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2169   fieldDescriptor fd;
2170   if (is_method) {
2171     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2172     if (m != NULL && m->is_protected()) {
2173       if (!this_class->is_same_class_package(m->method_holder())) {
2174         return true;
2175       }
2176     }
2177   } else {
2178     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2179     if (member_klass != NULL && fd.is_protected()) {
2180       if (!this_class->is_same_class_package(member_klass)) {
2181         return true;
2182       }
2183     }
2184   }
2185   return false;
2186 }
2187 
2188 void ClassVerifier::verify_ldc(
2189     int opcode, u2 index, StackMapFrame* current_frame,
2190     const constantPoolHandle& cp, u2 bci, TRAPS) {
2191   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2192   constantTag tag = cp->tag_at(index);
2193   unsigned int types = 0;
2194   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2195     if (!tag.is_unresolved_klass()) {
2196       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2197             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2198             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2199             | (1 << JVM_CONSTANT_Dynamic);
2200       // Note:  The class file parser already verified the legality of
2201       // MethodHandle and MethodType constants.
2202       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2203     }
2204   } else {
2205     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2206     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2207           | (1 << JVM_CONSTANT_Dynamic);
2208     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2209   }
2210   if (tag.is_string()) {
2211     current_frame->push_stack(
2212       VerificationType::reference_type(
2213         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2214   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2215     current_frame->push_stack(
2216       VerificationType::reference_type(
2217         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2218   } else if (tag.is_int()) {
2219     current_frame->push_stack(
2220       VerificationType::integer_type(), CHECK_VERIFY(this));
2221   } else if (tag.is_float()) {
2222     current_frame->push_stack(
2223       VerificationType::float_type(), CHECK_VERIFY(this));
2224   } else if (tag.is_double()) {
2225     current_frame->push_stack_2(
2226       VerificationType::double_type(),
2227       VerificationType::double2_type(), CHECK_VERIFY(this));
2228   } else if (tag.is_long()) {
2229     current_frame->push_stack_2(
2230       VerificationType::long_type(),
2231       VerificationType::long2_type(), CHECK_VERIFY(this));
2232   } else if (tag.is_method_handle()) {
2233     current_frame->push_stack(
2234       VerificationType::reference_type(
2235         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2236   } else if (tag.is_method_type()) {
2237     current_frame->push_stack(
2238       VerificationType::reference_type(
2239         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2240   } else if (tag.is_dynamic_constant()) {
2241     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2242     // Field signature was checked in ClassFileParser.
2243     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2244            "Invalid type for dynamic constant");
2245     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2246           "buffer type must match VerificationType size");
2247     uintptr_t constant_type_buffer[2];
2248     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2249     SignatureStream sig_stream(constant_type, false);
2250     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2251     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2252     if (n != opcode_n) {
2253       // wrong kind of ldc; reverify against updated type mask
2254       types &= ~(1 << JVM_CONSTANT_Dynamic);
2255       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2256     }
2257     for (int i = 0; i < n; i++) {
2258       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2259     }
2260   } else {
2261     /* Unreachable? verify_cp_type has already validated the cp type. */
2262     verify_error(
2263         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2264     return;
2265   }
2266 }
2267 
2268 void ClassVerifier::verify_switch(
2269     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2270     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2271   int bci = bcs->bci();
2272   address bcp = bcs->bcp();
2273   address aligned_bcp = align_up(bcp + 1, jintSize);
2274 
2275   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2276     // 4639449 & 4647081: padding bytes must be 0
2277     u2 padding_offset = 1;
2278     while ((bcp + padding_offset) < aligned_bcp) {
2279       if(*(bcp + padding_offset) != 0) {
2280         verify_error(ErrorContext::bad_code(bci),
2281                      "Nonzero padding byte in lookupswitch or tableswitch");
2282         return;
2283       }
2284       padding_offset++;
2285     }
2286   }
2287 
2288   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2289   int keys, delta;
2290   current_frame->pop_stack(
2291     VerificationType::integer_type(), CHECK_VERIFY(this));
2292   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2293     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2294     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2295     if (low > high) {
2296       verify_error(ErrorContext::bad_code(bci),
2297           "low must be less than or equal to high in tableswitch");
2298       return;
2299     }
2300     keys = high - low + 1;
2301     if (keys < 0) {
2302       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2303       return;
2304     }
2305     delta = 1;
2306   } else {
2307     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2308     if (keys < 0) {
2309       verify_error(ErrorContext::bad_code(bci),
2310                    "number of keys in lookupswitch less than 0");
2311       return;
2312     }
2313     delta = 2;
2314     // Make sure that the lookupswitch items are sorted
2315     for (int i = 0; i < (keys - 1); i++) {
2316       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2317       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2318       if (this_key >= next_key) {
2319         verify_error(ErrorContext::bad_code(bci),
2320                      "Bad lookupswitch instruction");
2321         return;
2322       }
2323     }
2324   }
2325   int target = bci + default_offset;
2326   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2327   for (int i = 0; i < keys; i++) {
2328     // Because check_jump_target() may safepoint, the bytecode could have
2329     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2330     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2331     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2332     stackmap_table->check_jump_target(
2333       current_frame, target, CHECK_VERIFY(this));
2334   }
2335   NOT_PRODUCT(aligned_bcp = NULL);  // no longer valid at this point
2336 }
2337 
2338 bool ClassVerifier::name_in_supers(
2339     Symbol* ref_name, InstanceKlass* current) {
2340   Klass* super = current->super();
2341   while (super != NULL) {
2342     if (super->name() == ref_name) {
2343       return true;
2344     }
2345     super = super->super();
2346   }
2347   return false;
2348 }
2349 
2350 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2351                                               StackMapFrame* current_frame,
2352                                               const constantPoolHandle& cp,
2353                                               bool allow_arrays,
2354                                               TRAPS) {
2355   u2 index = bcs->get_index_u2();
2356   verify_cp_type(bcs->bci(), index, cp,
2357       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2358 
2359   // Get field name and signature
2360   Symbol* field_name = cp->name_ref_at(index);
2361   Symbol* field_sig = cp->signature_ref_at(index);
2362   bool is_getfield = false;
2363 
2364   // Field signature was checked in ClassFileParser.
2365   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2366          "Invalid field signature");
2367 
2368   // Get referenced class type
2369   VerificationType ref_class_type = cp_ref_index_to_type(
2370     index, cp, CHECK_VERIFY(this));
2371   if (!ref_class_type.is_object() &&
2372       (!allow_arrays || !ref_class_type.is_array())) {
2373     verify_error(ErrorContext::bad_type(bcs->bci(),
2374         TypeOrigin::cp(index, ref_class_type)),
2375         "Expecting reference to class in class %s at constant pool index %d",
2376         _klass->external_name(), index);
2377     return;
2378   }
2379 
2380   VerificationType target_class_type = ref_class_type;
2381 
2382   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2383         "buffer type must match VerificationType size");
2384   uintptr_t field_type_buffer[2];
2385   VerificationType* field_type = (VerificationType*)field_type_buffer;
2386   // If we make a VerificationType[2] array directly, the compiler calls
2387   // to the c-runtime library to do the allocation instead of just
2388   // stack allocating it.  Plus it would run constructors.  This shows up
2389   // in performance profiles.
2390 
2391   SignatureStream sig_stream(field_sig, false);
2392   VerificationType stack_object_type;
2393   int n = change_sig_to_verificationType(&sig_stream, field_type);
2394   u2 bci = bcs->bci();
2395   bool is_assignable;
2396   switch (bcs->raw_code()) {
2397     case Bytecodes::_getstatic: {
2398       for (int i = 0; i < n; i++) {
2399         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2400       }
2401       break;
2402     }
2403     case Bytecodes::_putstatic: {
2404       for (int i = n - 1; i >= 0; i--) {
2405         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2406       }
2407       break;
2408     }
2409     case Bytecodes::_withfield: {
2410       for (int i = n - 1; i >= 0; i--) {
2411         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2412       }
2413       // Check that the receiver is a subtype of the referenced class.
2414       current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2415       VerificationType target_inline_type =
2416         VerificationType::change_ref_to_inline_type(target_class_type);
2417       current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2418       break;
2419     }
2420     case Bytecodes::_getfield: {
2421       is_getfield = true;
2422       stack_object_type = current_frame->pop_stack(
2423         target_class_type, CHECK_VERIFY(this));
2424       goto check_protected;
2425     }
2426     case Bytecodes::_putfield: {
2427       for (int i = n - 1; i >= 0; i--) {
2428         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2429       }
2430       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2431 
2432       // The JVMS 2nd edition allows field initialization before the superclass
2433       // initializer, if the field is defined within the current class.
2434       fieldDescriptor fd;
2435       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2436           target_class_type.equals(current_type()) &&
2437           _klass->find_local_field(field_name, field_sig, &fd)) {
2438         stack_object_type = current_type();
2439       }
2440       is_assignable = target_class_type.is_assignable_from(
2441         stack_object_type, this, false, CHECK_VERIFY(this));
2442       if (!is_assignable) {
2443         verify_error(ErrorContext::bad_type(bci,
2444             current_frame->stack_top_ctx(),
2445             TypeOrigin::cp(index, target_class_type)),
2446             "Bad type on operand stack in putfield");
2447         return;
2448       }
2449     }
2450     check_protected: {
2451       if (_this_type == stack_object_type)
2452         break; // stack_object_type must be assignable to _current_class_type
2453       if (was_recursively_verified()) {
2454         if (is_getfield) {
2455           // Push field type for getfield.
2456           for (int i = 0; i < n; i++) {
2457             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2458           }
2459         }
2460         return;
2461       }
2462       Symbol* ref_class_name =
2463         cp->klass_name_at(cp->klass_ref_index_at(index));
2464       if (!name_in_supers(ref_class_name, current_class()))
2465         // stack_object_type must be assignable to _current_class_type since:
2466         // 1. stack_object_type must be assignable to ref_class.
2467         // 2. ref_class must be _current_class or a subclass of it. It can't
2468         //    be a superclass of it. See revised JVMS 5.4.4.
2469         break;
2470 
2471       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2472       if (is_protected_access(current_class(), ref_class_oop, field_name,
2473                               field_sig, false)) {
2474         // It's protected access, check if stack object is assignable to
2475         // current class.
2476         is_assignable = current_type().is_assignable_from(
2477           stack_object_type, this, true, CHECK_VERIFY(this));
2478         if (!is_assignable) {
2479           verify_error(ErrorContext::bad_type(bci,
2480               current_frame->stack_top_ctx(),
2481               TypeOrigin::implicit(current_type())),
2482               "Bad access to protected data in %s",
2483               is_getfield ? "getfield" : "putfield");
2484           return;
2485         }
2486       }
2487       break;
2488     }
2489     default: ShouldNotReachHere();
2490   }
2491   if (is_getfield) {
2492     // Push field type for getfield after doing protection check.
2493     for (int i = 0; i < n; i++) {
2494       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2495     }
2496   }
2497 }
2498 
2499 // Look at the method's handlers.  If the bci is in the handler's try block
2500 // then check if the handler_pc is already on the stack.  If not, push it
2501 // unless the handler has already been scanned.
2502 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2503                                   GrowableArray<u4>* handler_list,
2504                                   GrowableArray<u4>* handler_stack,
2505                                   u4 bci) {
2506   int exlength = exhandlers->length();
2507   for(int x = 0; x < exlength; x++) {
2508     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2509       u4 exhandler_pc = exhandlers->handler_pc(x);
2510       if (!handler_list->contains(exhandler_pc)) {
2511         handler_stack->append_if_missing(exhandler_pc);
2512         handler_list->append(exhandler_pc);
2513       }
2514     }
2515   }
2516 }
2517 
2518 // Return TRUE if all code paths starting with start_bc_offset end in
2519 // bytecode athrow or loop.
2520 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2521   ResourceMark rm;
2522   // Create bytecode stream.
2523   RawBytecodeStream bcs(method());
2524   u4 code_length = method()->code_size();
2525   bcs.set_start(start_bc_offset);
2526   u4 target;
2527   // Create stack for storing bytecode start offsets for if* and *switch.
2528   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2529   // Create stack for handlers for try blocks containing this handler.
2530   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2531   // Create list of handlers that have been pushed onto the handler_stack
2532   // so that handlers embedded inside of their own TRY blocks only get
2533   // scanned once.
2534   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2535   // Create list of visited branch opcodes (goto* and if*).
2536   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2537   ExceptionTable exhandlers(_method());
2538 
2539   while (true) {
2540     if (bcs.is_last_bytecode()) {
2541       // if no more starting offsets to parse or if at the end of the
2542       // method then return false.
2543       if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2544         return false;
2545       // Pop a bytecode starting offset and scan from there.
2546       bcs.set_start(bci_stack->pop());
2547     }
2548     Bytecodes::Code opcode = bcs.raw_next();
2549     u4 bci = bcs.bci();
2550 
2551     // If the bytecode is in a TRY block, push its handlers so they
2552     // will get parsed.
2553     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2554 
2555     switch (opcode) {
2556       case Bytecodes::_if_icmpeq:
2557       case Bytecodes::_if_icmpne:
2558       case Bytecodes::_if_icmplt:
2559       case Bytecodes::_if_icmpge:
2560       case Bytecodes::_if_icmpgt:
2561       case Bytecodes::_if_icmple:
2562       case Bytecodes::_ifeq:
2563       case Bytecodes::_ifne:
2564       case Bytecodes::_iflt:
2565       case Bytecodes::_ifge:
2566       case Bytecodes::_ifgt:
2567       case Bytecodes::_ifle:
2568       case Bytecodes::_if_acmpeq:
2569       case Bytecodes::_if_acmpne:
2570       case Bytecodes::_ifnull:
2571       case Bytecodes::_ifnonnull:
2572         target = bcs.dest();
2573         if (visited_branches->contains(bci)) {
2574           if (bci_stack->is_empty()) {
2575             if (handler_stack->is_empty()) {
2576               return true;
2577             } else {
2578               // Parse the catch handlers for try blocks containing athrow.
2579               bcs.set_start(handler_stack->pop());
2580             }
2581           } else {
2582             // Pop a bytecode starting offset and scan from there.
2583             bcs.set_start(bci_stack->pop());
2584           }
2585         } else {
2586           if (target > bci) { // forward branch
2587             if (target >= code_length) return false;
2588             // Push the branch target onto the stack.
2589             bci_stack->push(target);
2590             // then, scan bytecodes starting with next.
2591             bcs.set_start(bcs.next_bci());
2592           } else { // backward branch
2593             // Push bytecode offset following backward branch onto the stack.
2594             bci_stack->push(bcs.next_bci());
2595             // Check bytecodes starting with branch target.
2596             bcs.set_start(target);
2597           }
2598           // Record target so we don't branch here again.
2599           visited_branches->append(bci);
2600         }
2601         break;
2602 
2603       case Bytecodes::_goto:
2604       case Bytecodes::_goto_w:
2605         target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2606         if (visited_branches->contains(bci)) {
2607           if (bci_stack->is_empty()) {
2608             if (handler_stack->is_empty()) {
2609               return true;
2610             } else {
2611               // Parse the catch handlers for try blocks containing athrow.
2612               bcs.set_start(handler_stack->pop());
2613             }
2614           } else {
2615             // Been here before, pop new starting offset from stack.
2616             bcs.set_start(bci_stack->pop());
2617           }
2618         } else {
2619           if (target >= code_length) return false;
2620           // Continue scanning from the target onward.
2621           bcs.set_start(target);
2622           // Record target so we don't branch here again.
2623           visited_branches->append(bci);
2624         }
2625         break;
2626 
2627       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2628       // is  difficult to determine where each switch alternative ends, parse
2629       // each switch alternative until either hit a 'return', 'athrow', or reach
2630       // the end of the method's bytecodes.  This is gross but should be okay
2631       // because:
2632       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2633       //    constructor invocations should be rare.
2634       // 2. if each switch alternative ends in an athrow then the parsing should be
2635       //    short.  If there is no athrow then it is bogus code, anyway.
2636       case Bytecodes::_lookupswitch:
2637       case Bytecodes::_tableswitch:
2638         {
2639           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2640           u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2641           int keys, delta;
2642           if (opcode == Bytecodes::_tableswitch) {
2643             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2644             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2645             // This is invalid, but let the regular bytecode verifier
2646             // report this because the user will get a better error message.
2647             if (low > high) return true;
2648             keys = high - low + 1;
2649             delta = 1;
2650           } else {
2651             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2652             delta = 2;
2653           }
2654           // Invalid, let the regular bytecode verifier deal with it.
2655           if (keys < 0) return true;
2656 
2657           // Push the offset of the next bytecode onto the stack.
2658           bci_stack->push(bcs.next_bci());
2659 
2660           // Push the switch alternatives onto the stack.
2661           for (int i = 0; i < keys; i++) {
2662             u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2663             if (target > code_length) return false;
2664             bci_stack->push(target);
2665           }
2666 
2667           // Start bytecode parsing for the switch at the default alternative.
2668           if (default_offset > code_length) return false;
2669           bcs.set_start(default_offset);
2670           break;
2671         }
2672 
2673       case Bytecodes::_return:
2674         return false;
2675 
2676       case Bytecodes::_athrow:
2677         {
2678           if (bci_stack->is_empty()) {
2679             if (handler_stack->is_empty()) {
2680               return true;
2681             } else {
2682               // Parse the catch handlers for try blocks containing athrow.
2683               bcs.set_start(handler_stack->pop());
2684             }
2685           } else {
2686             // Pop a bytecode offset and starting scanning from there.
2687             bcs.set_start(bci_stack->pop());
2688           }
2689         }
2690         break;
2691 
2692       default:
2693         ;
2694     } // end switch
2695   } // end while loop
2696 
2697   return false;
2698 }
2699 
2700 void ClassVerifier::verify_invoke_init(
2701     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2702     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2703     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2704     TRAPS) {
2705   u2 bci = bcs->bci();
2706   VerificationType type = current_frame->pop_stack(
2707     VerificationType::reference_check(), CHECK_VERIFY(this));
2708   if (type == VerificationType::uninitialized_this_type()) {
2709     // The method must be an <init> method of this class or its superclass
2710     Klass* superk = current_class()->super();
2711     if (ref_class_type.name() != current_class()->name() &&
2712         ref_class_type.name() != superk->name()) {
2713       verify_error(ErrorContext::bad_type(bci,
2714           TypeOrigin::implicit(ref_class_type),
2715           TypeOrigin::implicit(current_type())),
2716           "Bad <init> method call");
2717       return;
2718     }
2719 
2720     // If this invokespecial call is done from inside of a TRY block then make
2721     // sure that all catch clause paths end in a throw.  Otherwise, this can
2722     // result in returning an incomplete object.
2723     if (in_try_block) {
2724       ExceptionTable exhandlers(_method());
2725       int exlength = exhandlers.length();
2726       for(int i = 0; i < exlength; i++) {
2727         u2 start_pc = exhandlers.start_pc(i);
2728         u2 end_pc = exhandlers.end_pc(i);
2729 
2730         if (bci >= start_pc && bci < end_pc) {
2731           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2732             verify_error(ErrorContext::bad_code(bci),
2733               "Bad <init> method call from after the start of a try block");
2734             return;
2735           } else if (log_is_enabled(Debug, verification)) {
2736             ResourceMark rm(THREAD);
2737             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2738                                           current_class()->name()->as_C_string());
2739           }
2740         }
2741       }
2742 
2743       // Check the exception handler target stackmaps with the locals from the
2744       // incoming stackmap (before initialize_object() changes them to outgoing
2745       // state).
2746       if (was_recursively_verified()) return;
2747       verify_exception_handler_targets(bci, true, current_frame,
2748                                        stackmap_table, CHECK_VERIFY(this));
2749     } // in_try_block
2750 
2751     current_frame->initialize_object(type, current_type());
2752     *this_uninit = true;
2753   } else if (type.is_uninitialized()) {
2754     u2 new_offset = type.bci();
2755     address new_bcp = bcs->bcp() - bci + new_offset;
2756     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2757       /* Unreachable?  Stack map parsing ensures valid type and new
2758        * instructions have a valid BCI. */
2759       verify_error(ErrorContext::bad_code(new_offset),
2760                    "Expecting new instruction");
2761       return;
2762     }
2763     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2764     if (was_recursively_verified()) return;
2765     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2766 
2767     // The method must be an <init> method of the indicated class
2768     VerificationType new_class_type = cp_index_to_type(
2769       new_class_index, cp, CHECK_VERIFY(this));
2770     if (!new_class_type.equals(ref_class_type)) {
2771       verify_error(ErrorContext::bad_type(bci,
2772           TypeOrigin::cp(new_class_index, new_class_type),
2773           TypeOrigin::cp(ref_class_index, ref_class_type)),
2774           "Call to wrong <init> method");
2775       return;
2776     }
2777     // According to the VM spec, if the referent class is a superclass of the
2778     // current class, and is in a different runtime package, and the method is
2779     // protected, then the objectref must be the current class or a subclass
2780     // of the current class.
2781     VerificationType objectref_type = new_class_type;
2782     if (name_in_supers(ref_class_type.name(), current_class())) {
2783       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2784       if (was_recursively_verified()) return;
2785       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2786         vmSymbols::object_initializer_name(),
2787         cp->signature_ref_at(bcs->get_index_u2()),
2788         Klass::OverpassLookupMode::find);
2789       // Do nothing if method is not found.  Let resolution detect the error.
2790       if (m != NULL) {
2791         InstanceKlass* mh = m->method_holder();
2792         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2793           bool assignable = current_type().is_assignable_from(
2794             objectref_type, this, true, CHECK_VERIFY(this));
2795           if (!assignable) {
2796             verify_error(ErrorContext::bad_type(bci,
2797                 TypeOrigin::cp(new_class_index, objectref_type),
2798                 TypeOrigin::implicit(current_type())),
2799                 "Bad access to protected <init> method");
2800             return;
2801           }
2802         }
2803       }
2804     }
2805     // Check the exception handler target stackmaps with the locals from the
2806     // incoming stackmap (before initialize_object() changes them to outgoing
2807     // state).
2808     if (in_try_block) {
2809       if (was_recursively_verified()) return;
2810       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2811                                        stackmap_table, CHECK_VERIFY(this));
2812     }
2813     current_frame->initialize_object(type, new_class_type);
2814   } else {
2815     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2816         "Bad operand type when invoking <init>");
2817     return;
2818   }
2819 }
2820 
2821 bool ClassVerifier::is_same_or_direct_interface(
2822     InstanceKlass* klass,
2823     VerificationType klass_type,
2824     VerificationType ref_class_type) {
2825   if (ref_class_type.equals(klass_type)) return true;
2826   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2827   if (local_interfaces != NULL) {
2828     for (int x = 0; x < local_interfaces->length(); x++) {
2829       InstanceKlass* k = local_interfaces->at(x);
2830       assert (k != NULL && k->is_interface(), "invalid interface");
2831       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2832         return true;
2833       }
2834     }
2835   }
2836   return false;
2837 }
2838 
2839 void ClassVerifier::verify_invoke_instructions(
2840     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2841     bool in_try_block, bool *this_uninit,
2842     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2843   // Make sure the constant pool item is the right type
2844   u2 index = bcs->get_index_u2();
2845   Bytecodes::Code opcode = bcs->raw_code();
2846   unsigned int types = 0;
2847   switch (opcode) {
2848     case Bytecodes::_invokeinterface:
2849       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2850       break;
2851     case Bytecodes::_invokedynamic:
2852       types = 1 << JVM_CONSTANT_InvokeDynamic;
2853       break;
2854     case Bytecodes::_invokespecial:
2855     case Bytecodes::_invokestatic:
2856       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2857         (1 << JVM_CONSTANT_Methodref) :
2858         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2859       break;
2860     default:
2861       types = 1 << JVM_CONSTANT_Methodref;
2862   }
2863   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2864 
2865   // Get method name and signature
2866   Symbol* method_name = cp->name_ref_at(index);
2867   Symbol* method_sig = cp->signature_ref_at(index);
2868 
2869   // Method signature was checked in ClassFileParser.
2870   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2871          "Invalid method signature");
2872 
2873   // Get referenced class
2874   VerificationType ref_class_type;
2875   if (opcode == Bytecodes::_invokedynamic) {
2876     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2877       class_format_error(
2878         "invokedynamic instructions not supported by this class file version (%d), class %s",
2879         _klass->major_version(), _klass->external_name());
2880       return;
2881     }
2882   } else {
2883     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2884   }
2885 
2886   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2887         "buffer type must match VerificationType size");
2888 
2889   // Get the UTF8 index for this signature.
2890   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2891 
2892   // Get the signature's verification types.
2893   sig_as_verification_types* mth_sig_verif_types;
2894   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2895   if (mth_sig_verif_types_ptr != NULL) {
2896     // Found the entry for the signature's verification types in the hash table.
2897     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2898     assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value");
2899   } else {
2900     // Not found, add the entry to the table.
2901     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2902     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2903     create_method_sig_entry(mth_sig_verif_types, sig_index);
2904   }
2905 
2906   // Get the number of arguments for this signature.
2907   int nargs = mth_sig_verif_types->num_args();
2908 
2909   // Check instruction operands
2910   u2 bci = bcs->bci();
2911   if (opcode == Bytecodes::_invokeinterface) {
2912     address bcp = bcs->bcp();
2913     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2914     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2915     // the difference between the size of the operand stack before and after the instruction
2916     // executes.
2917     if (*(bcp+3) != (nargs+1)) {
2918       verify_error(ErrorContext::bad_code(bci),
2919           "Inconsistent args count operand in invokeinterface");
2920       return;
2921     }
2922     if (*(bcp+4) != 0) {
2923       verify_error(ErrorContext::bad_code(bci),
2924           "Fourth operand byte of invokeinterface must be zero");
2925       return;
2926     }
2927   }
2928 
2929   if (opcode == Bytecodes::_invokedynamic) {
2930     address bcp = bcs->bcp();
2931     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2932       verify_error(ErrorContext::bad_code(bci),
2933           "Third and fourth operand bytes of invokedynamic must be zero");
2934       return;
2935     }
2936   }
2937 
2938   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2939     // Make sure <init> can only be invoked by invokespecial or invokestatic.
2940     // The allowed invocation mode of <init> depends on its signature.
2941     if ((opcode != Bytecodes::_invokespecial &&
2942          opcode != Bytecodes::_invokestatic) ||
2943         method_name != vmSymbols::object_initializer_name()) {
2944       verify_error(ErrorContext::bad_code(bci),
2945           "Illegal call to internal method");
2946       return;
2947     }
2948   } else if (opcode == Bytecodes::_invokespecial
2949              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2950              && !ref_class_type.equals(VerificationType::reference_type(
2951                   current_class()->super()->name()))) { // super() can never be an inline_type.
2952     bool subtype = false;
2953     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2954     subtype = ref_class_type.is_assignable_from(
2955                current_type(), this, false, CHECK_VERIFY(this));
2956     if (!subtype) {
2957       verify_error(ErrorContext::bad_code(bci),
2958           "Bad invokespecial instruction: "
2959           "current class isn't assignable to reference class.");
2960        return;
2961     } else if (have_imr_indirect) {
2962       verify_error(ErrorContext::bad_code(bci),
2963           "Bad invokespecial instruction: "
2964           "interface method reference is in an indirect superinterface.");
2965       return;
2966     }
2967 
2968   }
2969 
2970   // Get the verification types for the method's arguments.
2971   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2972   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2973   // Match method descriptor with operand stack
2974   // The arguments are on the stack in descending order.
2975   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2976     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2977   }
2978 
2979   // Check objectref on operand stack
2980   if (opcode != Bytecodes::_invokestatic &&
2981       opcode != Bytecodes::_invokedynamic) {
2982     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2983       // (use of <init> as a static factory is handled under invokestatic)
2984       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2985         code_length, in_try_block, this_uninit, cp, stackmap_table,
2986         CHECK_VERIFY(this));
2987       if (was_recursively_verified()) return;
2988     } else {   // other methods
2989       // Ensures that target class is assignable to method class.
2990       if (opcode == Bytecodes::_invokespecial) {
2991         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2992       } else if (opcode == Bytecodes::_invokevirtual) {
2993         VerificationType stack_object_type =
2994           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2995         if (current_type() != stack_object_type) {
2996           if (was_recursively_verified()) return;
2997           assert(cp->cache() == NULL, "not rewritten yet");
2998           Symbol* ref_class_name =
2999             cp->klass_name_at(cp->klass_ref_index_at(index));
3000           // See the comments in verify_field_instructions() for
3001           // the rationale behind this.
3002           if (name_in_supers(ref_class_name, current_class())) {
3003             Klass* ref_class = load_class(ref_class_name, CHECK);
3004             if (is_protected_access(
3005                   _klass, ref_class, method_name, method_sig, true)) {
3006               // It's protected access, check if stack object is
3007               // assignable to current class.
3008               if (ref_class_type.name() == vmSymbols::java_lang_Object()
3009                   && stack_object_type.is_array()
3010                   && method_name == vmSymbols::clone_name()) {
3011                 // Special case: arrays pretend to implement public Object
3012                 // clone().
3013               } else {
3014                 bool is_assignable = current_type().is_assignable_from(
3015                   stack_object_type, this, true, CHECK_VERIFY(this));
3016                 if (!is_assignable) {
3017                   verify_error(ErrorContext::bad_type(bci,
3018                       current_frame->stack_top_ctx(),
3019                       TypeOrigin::implicit(current_type())),
3020                       "Bad access to protected data in invokevirtual");
3021                   return;
3022                 }
3023               }
3024             }
3025           }
3026         }
3027       } else {
3028         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3029         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3030       }
3031     }
3032   }
3033   // Push the result type.
3034   int sig_verif_types_len = sig_verif_types->length();
3035   if (sig_verif_types_len > nargs) {  // There's a return type
3036     if (method_name == vmSymbols::object_initializer_name() &&
3037         opcode != Bytecodes::_invokestatic) {
3038       // an <init> method must have a void return type, unless it's a static factory
3039       verify_error(ErrorContext::bad_code(bci),
3040           "Return type must be void in <init> method");
3041       return;
3042     }
3043 
3044     assert(sig_verif_types_len <= nargs + 2,
3045            "Signature verification types array return type is bogus");
3046     for (int i = nargs; i < sig_verif_types_len; i++) {
3047       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3048              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3049       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3050     }
3051   } else {
3052     // an <init> method may not have a void return type, if it's a static factory
3053     if (method_name == vmSymbols::object_initializer_name() &&
3054         opcode != Bytecodes::_invokespecial) {
3055       verify_error(ErrorContext::bad_code(bci),
3056           "Return type must be non-void in <init> static factory method");
3057       return;
3058     }
3059   }
3060 }
3061 
3062 VerificationType ClassVerifier::get_newarray_type(
3063     u2 index, u2 bci, TRAPS) {
3064   const char* from_bt[] = {
3065     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3066   };
3067   if (index < T_BOOLEAN || index > T_LONG) {
3068     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3069     return VerificationType::bogus_type();
3070   }
3071 
3072   // from_bt[index] contains the array signature which has a length of 2
3073   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3074   return VerificationType::reference_type(sig);
3075 }
3076 
3077 void ClassVerifier::verify_anewarray(
3078     u2 bci, u2 index, const constantPoolHandle& cp,
3079     StackMapFrame* current_frame, TRAPS) {
3080   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3081   current_frame->pop_stack(
3082     VerificationType::integer_type(), CHECK_VERIFY(this));
3083 
3084   if (was_recursively_verified()) return;
3085   VerificationType component_type =
3086     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3087   int length;
3088   char* arr_sig_str;
3089   if (component_type.is_array()) {     // it's an array
3090     const char* component_name = component_type.name()->as_utf8();
3091     // Check for more than MAX_ARRAY_DIMENSIONS
3092     length = (int)strlen(component_name);
3093     if (length > MAX_ARRAY_DIMENSIONS &&
3094         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3095       verify_error(ErrorContext::bad_code(bci),
3096         "Illegal anewarray instruction, array has more than 255 dimensions");
3097     }
3098     // add one dimension to component
3099     length++;
3100     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3101     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3102                          JVM_SIGNATURE_ARRAY, component_name);
3103     assert(n == length, "Unexpected number of characters in string");
3104   } else {         // it's an object or interface
3105     const char* component_name = component_type.name()->as_utf8();
3106     char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3107     // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3108     length = (int)strlen(component_name) + 3;
3109     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3110     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3111                          JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3112     assert(n == length, "Unexpected number of characters in string");
3113   }
3114   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3115   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3116   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3117 }
3118 
3119 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3120   current_frame->get_local(
3121     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3122   current_frame->push_stack(
3123     VerificationType::integer_type(), CHECK_VERIFY(this));
3124 }
3125 
3126 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3127   current_frame->get_local_2(
3128     index, VerificationType::long_type(),
3129     VerificationType::long2_type(), CHECK_VERIFY(this));
3130   current_frame->push_stack_2(
3131     VerificationType::long_type(),
3132     VerificationType::long2_type(), CHECK_VERIFY(this));
3133 }
3134 
3135 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3136   current_frame->get_local(
3137     index, VerificationType::float_type(), CHECK_VERIFY(this));
3138   current_frame->push_stack(
3139     VerificationType::float_type(), CHECK_VERIFY(this));
3140 }
3141 
3142 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3143   current_frame->get_local_2(
3144     index, VerificationType::double_type(),
3145     VerificationType::double2_type(), CHECK_VERIFY(this));
3146   current_frame->push_stack_2(
3147     VerificationType::double_type(),
3148     VerificationType::double2_type(), CHECK_VERIFY(this));
3149 }
3150 
3151 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3152   VerificationType type = current_frame->get_local(
3153     index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3154   current_frame->push_stack(type, CHECK_VERIFY(this));
3155 }
3156 
3157 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3158   current_frame->pop_stack(
3159     VerificationType::integer_type(), CHECK_VERIFY(this));
3160   current_frame->set_local(
3161     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3162 }
3163 
3164 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3165   current_frame->pop_stack_2(
3166     VerificationType::long2_type(),
3167     VerificationType::long_type(), CHECK_VERIFY(this));
3168   current_frame->set_local_2(
3169     index, VerificationType::long_type(),
3170     VerificationType::long2_type(), CHECK_VERIFY(this));
3171 }
3172 
3173 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3174   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3175   current_frame->set_local(
3176     index, VerificationType::float_type(), CHECK_VERIFY(this));
3177 }
3178 
3179 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3180   current_frame->pop_stack_2(
3181     VerificationType::double2_type(),
3182     VerificationType::double_type(), CHECK_VERIFY(this));
3183   current_frame->set_local_2(
3184     index, VerificationType::double_type(),
3185     VerificationType::double2_type(), CHECK_VERIFY(this));
3186 }
3187 
3188 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3189   VerificationType type = current_frame->pop_stack(
3190     VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3191   current_frame->set_local(index, type, CHECK_VERIFY(this));
3192 }
3193 
3194 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3195   VerificationType type = current_frame->get_local(
3196     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3197   current_frame->set_local(index, type, CHECK_VERIFY(this));
3198 }
3199 
3200 void ClassVerifier::verify_return_value(
3201     VerificationType return_type, VerificationType type, u2 bci,
3202     StackMapFrame* current_frame, TRAPS) {
3203   if (return_type == VerificationType::bogus_type()) {
3204     verify_error(ErrorContext::bad_type(bci,
3205         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3206         "Method does not expect a return value");
3207     return;
3208   }
3209   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3210   if (!match) {
3211     verify_error(ErrorContext::bad_type(bci,
3212         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3213         "Bad return type");
3214     return;
3215   }
3216 }
3217 
3218 // The verifier creates symbols which are substrings of Symbols.
3219 // These are stored in the verifier until the end of verification so that
3220 // they can be reference counted.
3221 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3222   // Quick deduplication check
3223   if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) {
3224     return _previous_symbol;
3225   }
3226   Symbol* sym = SymbolTable::new_symbol(name, length);
3227   if (!sym->is_permanent()) {
3228     if (_symbols == NULL) {
3229       _symbols = new GrowableArray<Symbol*>(50, 0, NULL);
3230     }
3231     _symbols->push(sym);
3232   }
3233   _previous_symbol = sym;
3234   return sym;
3235 }