1 /*
2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "cds/cdsConfig.hpp"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/verifier.hpp"
36 #include "classfile/vmClasses.hpp"
37 #include "classfile/vmSymbols.hpp"
38 #include "interpreter/bytecodes.hpp"
39 #include "interpreter/bytecodeStream.hpp"
40 #include "jvm.h"
41 #include "logging/log.hpp"
42 #include "logging/logStream.hpp"
43 #include "memory/oopFactory.hpp"
44 #include "memory/resourceArea.hpp"
45 #include "memory/universe.hpp"
46 #include "oops/constantPool.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63
64 #define NOFAILOVER_MAJOR_VERSION 51
65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
67 #define INLINE_TYPE_MAJOR_VERSION 56
68 #define MAX_ARRAY_DIMENSIONS 255
69
70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
71
72 extern "C" {
73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
74 }
75
76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
77
78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
79
80 if (_verify_byte_codes_fn != nullptr)
81 return _verify_byte_codes_fn;
82
83 MutexLocker locker(Verify_lock);
84
85 if (_verify_byte_codes_fn != nullptr)
86 return _verify_byte_codes_fn;
87
88 // Load verify dll
89 char buffer[JVM_MAXPATHLEN];
90 char ebuf[1024];
91 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
92 return nullptr; // Caller will throw VerifyError
93
94 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
95 if (lib_handle == nullptr)
96 return nullptr; // Caller will throw VerifyError
97
98 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
99 if (fn == nullptr)
100 return nullptr; // Caller will throw VerifyError
101
102 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
103 }
104
105
106 // Methods in Verifier
107
108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
109 return (class_loader == nullptr || !should_verify_class) ?
110 BytecodeVerificationLocal : BytecodeVerificationRemote;
111 }
112
113 bool Verifier::relax_access_for(oop loader) {
114 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
115 bool need_verify =
116 // verifyAll
117 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
118 // verifyRemote
119 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
120 return !need_verify;
121 }
122
123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
124 assert(verify_class != nullptr, "Unexpected null verify_class");
125 ResourceMark rm;
126 Symbol* s = verify_class->source_file_name();
127 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
128 const char* verify = verify_class->external_name();
129 const char* resolve = resolve_class->external_name();
130 // print in a single call to reduce interleaving between threads
131 if (source_file != nullptr) {
132 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
133 } else {
134 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
135 }
136 }
137
138 // Prints the end-verification message to the appropriate output.
139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
140 if (pending_exception != nullptr) {
141 st->print("Verification for %s has", klassName);
142 oop message = java_lang_Throwable::message(pending_exception);
143 if (message != nullptr) {
144 char* ex_msg = java_lang_String::as_utf8_string(message);
145 st->print_cr(" exception pending '%s %s'",
146 pending_exception->klass()->external_name(), ex_msg);
147 } else {
148 st->print_cr(" exception pending %s ",
149 pending_exception->klass()->external_name());
150 }
151 } else if (exception_name != nullptr) {
152 st->print_cr("Verification for %s failed", klassName);
153 }
154 st->print_cr("End class verification for: %s", klassName);
155 }
156
157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
158 HandleMark hm(THREAD);
159 ResourceMark rm(THREAD);
160
161 // Eagerly allocate the identity hash code for a klass. This is a fallout
162 // from 6320749 and 8059924: hash code generator is not supposed to be called
163 // during the safepoint, but it allows to sneak the hashcode in during
164 // verification. Without this eager hashcode generation, we may end up
165 // installing the hashcode during some other operation, which may be at
166 // safepoint -- blowing up the checks. It was previously done as the side
167 // effect (sic!) for external_name(), but instead of doing that, we opt to
168 // explicitly push the hashcode in here. This is signify the following block
169 // is IMPORTANT:
170 if (klass->java_mirror() != nullptr) {
171 klass->java_mirror()->identity_hash();
172 }
173
174 if (!is_eligible_for_verification(klass, should_verify_class)) {
175 return true;
176 }
177
178 // Timer includes any side effects of class verification (resolution,
179 // etc), but not recursive calls to Verifier::verify().
180 JavaThread* jt = THREAD;
181 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
182 ClassLoader::perf_class_verify_selftime(),
183 ClassLoader::perf_classes_verified(),
184 jt->get_thread_stat()->perf_recursion_counts_addr(),
185 jt->get_thread_stat()->perf_timers_addr(),
186 PerfClassTraceTime::CLASS_VERIFY);
187
188 // If the class should be verified, first see if we can use the split
189 // verifier. If not, or if verification fails and can failover, then
190 // call the inference verifier.
191 Symbol* exception_name = nullptr;
192 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
193 char* message_buffer = nullptr;
194 char* exception_message = nullptr;
195
196 log_info(class, init)("Start class verification for: %s", klass->external_name());
197 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
198 ClassVerifier split_verifier(jt, klass);
199 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
200 split_verifier.verify_class(THREAD);
201 exception_name = split_verifier.result();
202
203 // If dumping static archive then don't fall back to the old verifier on
204 // verification failure. If a class fails verification with the split verifier,
205 // it might fail the CDS runtime verifier constraint check. In that case, we
206 // don't want to share the class. We only archive classes that pass the split
207 // verifier.
208 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
209 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
210
211 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
212 (exception_name == vmSymbols::java_lang_VerifyError() ||
213 exception_name == vmSymbols::java_lang_ClassFormatError())) {
214 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
215 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
216 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
217 exception_message = message_buffer;
218 exception_name = inference_verify(
219 klass, message_buffer, message_buffer_len, THREAD);
220 }
221 if (exception_name != nullptr) {
222 exception_message = split_verifier.exception_message();
223 }
224 } else {
225 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
226 exception_message = message_buffer;
227 exception_name = inference_verify(
228 klass, message_buffer, message_buffer_len, THREAD);
229 }
230
231 LogTarget(Info, class, init) lt1;
232 if (lt1.is_enabled()) {
233 LogStream ls(lt1);
234 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
235 }
236 LogTarget(Info, verification) lt2;
237 if (lt2.is_enabled()) {
238 LogStream ls(lt2);
239 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
240 }
241
242 if (HAS_PENDING_EXCEPTION) {
243 return false; // use the existing exception
244 } else if (exception_name == nullptr) {
245 return true; // verification succeeded
246 } else { // VerifyError or ClassFormatError to be created and thrown
247 Klass* kls =
248 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
249 if (log_is_enabled(Debug, class, resolve)) {
250 Verifier::trace_class_resolution(kls, klass);
251 }
252
253 while (kls != nullptr) {
254 if (kls == klass) {
255 // If the class being verified is the exception we're creating
256 // or one of it's superclasses, we're in trouble and are going
257 // to infinitely recurse when we try to initialize the exception.
258 // So bail out here by throwing the preallocated VM error.
259 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
260 }
261 kls = kls->super();
262 }
263 if (message_buffer != nullptr) {
264 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
265 }
266 assert(exception_message != nullptr, "");
267 THROW_MSG_(exception_name, exception_message, false);
268 }
269 }
270
271 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
272 Symbol* name = klass->name();
273 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
274
275 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
276 klass->is_subtype_of(refl_serialization_ctor_klass);
277
278 return (should_verify_for(klass->class_loader(), should_verify_class) &&
279 // return if the class is a bootstrapping class
280 // or defineClass specified not to verify by default (flags override passed arg)
281 // We need to skip the following four for bootstrapping
282 name != vmSymbols::java_lang_Object() &&
283 name != vmSymbols::java_lang_Class() &&
284 name != vmSymbols::java_lang_String() &&
285 name != vmSymbols::java_lang_Throwable() &&
286
287 // Can not verify the bytecodes for shared classes because they have
288 // already been rewritten to contain constant pool cache indices,
289 // which the verifier can't understand.
290 // Shared classes shouldn't have stackmaps either.
291 // However, bytecodes for shared old classes can be verified because
292 // they have not been rewritten.
293 !(klass->is_shared() && klass->is_rewritten()) &&
294
295 // As of the fix for 4486457 we disable verification for all of the
296 // dynamically-generated bytecodes associated with
297 // jdk/internal/reflect/SerializationConstructorAccessor.
298 (!is_reflect_accessor));
299 }
300
301 Symbol* Verifier::inference_verify(
302 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
303 JavaThread* thread = THREAD;
304
305 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
306
307 if (verify_func == nullptr) {
308 jio_snprintf(message, message_len, "Could not link verifier");
309 return vmSymbols::java_lang_VerifyError();
310 }
311
312 ResourceMark rm(thread);
313 log_info(verification)("Verifying class %s with old format", klass->external_name());
314
315 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
316 jint result;
317
318 {
319 HandleMark hm(thread);
320 ThreadToNativeFromVM ttn(thread);
321 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
322 // code knows that we have left the VM
323 JNIEnv *env = thread->jni_environment();
324 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
325 }
326
327 JNIHandles::destroy_local(cls);
328
329 // These numbers are chosen so that VerifyClassCodes interface doesn't need
330 // to be changed (still return jboolean (unsigned char)), and result is
331 // 1 when verification is passed.
332 if (result == 0) {
333 return vmSymbols::java_lang_VerifyError();
334 } else if (result == 1) {
335 return nullptr; // verified.
336 } else if (result == 2) {
337 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
338 } else if (result == 3) {
339 return vmSymbols::java_lang_ClassFormatError();
340 } else {
341 ShouldNotReachHere();
342 return nullptr;
343 }
344 }
345
346 TypeOrigin TypeOrigin::null() {
347 return TypeOrigin();
348 }
349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
350 assert(frame != nullptr, "Must have a frame");
351 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
352 frame->local_at(index));
353 }
354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
355 assert(frame != nullptr, "Must have a frame");
356 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
357 frame->stack_at(index));
358 }
359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
360 assert(frame != nullptr, "Must have a frame");
361 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
362 frame->local_at(index));
363 }
364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
365 assert(frame != nullptr, "Must have a frame");
366 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
367 frame->stack_at(index));
368 }
369 TypeOrigin TypeOrigin::bad_index(int index) {
370 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
371 }
372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
373 return TypeOrigin(CONST_POOL, index, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::signature(VerificationType vt) {
376 return TypeOrigin(SIG, 0, nullptr, vt);
377 }
378 TypeOrigin TypeOrigin::implicit(VerificationType t) {
379 return TypeOrigin(IMPLICIT, 0, nullptr, t);
380 }
381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
382 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
383 VerificationType::bogus_type());
384 }
385
386 void TypeOrigin::reset_frame() {
387 if (_frame != nullptr) {
388 _frame->restore();
389 }
390 }
391
392 void TypeOrigin::details(outputStream* ss) const {
393 _type.print_on(ss);
394 switch (_origin) {
395 case CF_LOCALS:
396 ss->print(" (current frame, locals[%d])", _index);
397 break;
398 case CF_STACK:
399 ss->print(" (current frame, stack[%d])", _index);
400 break;
401 case SM_LOCALS:
402 ss->print(" (stack map, locals[%d])", _index);
403 break;
404 case SM_STACK:
405 ss->print(" (stack map, stack[%d])", _index);
406 break;
407 case CONST_POOL:
408 ss->print(" (constant pool %d)", _index);
409 break;
410 case SIG:
411 ss->print(" (from method signature)");
412 break;
413 case IMPLICIT:
414 case FRAME_ONLY:
415 case NONE:
416 default:
417 ;
418 }
419 }
420
421 #ifdef ASSERT
422 void TypeOrigin::print_on(outputStream* str) const {
423 str->print("{%d,%d,%p:", _origin, _index, _frame);
424 if (_frame != nullptr) {
425 _frame->print_on(str);
426 } else {
427 str->print("null");
428 }
429 str->print(",");
430 _type.print_on(str);
431 str->print("}");
432 }
433 #endif
434
435 void ErrorContext::details(outputStream* ss, const Method* method) const {
436 if (is_valid()) {
437 ss->cr();
438 ss->print_cr("Exception Details:");
439 location_details(ss, method);
440 reason_details(ss);
441 frame_details(ss);
442 bytecode_details(ss, method);
443 handler_details(ss, method);
444 stackmap_details(ss, method);
445 }
446 }
447
448 void ErrorContext::reason_details(outputStream* ss) const {
449 streamIndentor si(ss);
450 ss->indent().print_cr("Reason:");
451 streamIndentor si2(ss);
452 ss->indent().print("%s", "");
453 switch (_fault) {
454 case INVALID_BYTECODE:
455 ss->print("Error exists in the bytecode");
456 break;
457 case WRONG_TYPE:
458 if (_expected.is_valid()) {
459 ss->print("Type ");
460 _type.details(ss);
461 ss->print(" is not assignable to ");
462 _expected.details(ss);
463 } else {
464 ss->print("Invalid type: ");
465 _type.details(ss);
466 }
467 break;
468 case FLAGS_MISMATCH:
469 if (_expected.is_valid()) {
470 ss->print("Current frame's flags are not assignable "
471 "to stack map frame's.");
472 } else {
473 ss->print("Current frame's flags are invalid in this context.");
474 }
475 break;
476 case BAD_CP_INDEX:
477 ss->print("Constant pool index %d is invalid", _type.index());
478 break;
479 case BAD_LOCAL_INDEX:
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case LOCALS_SIZE_MISMATCH:
483 ss->print("Current frame's local size doesn't match stackmap.");
484 break;
485 case STACK_SIZE_MISMATCH:
486 ss->print("Current frame's stack size doesn't match stackmap.");
487 break;
488 case STACK_OVERFLOW:
489 ss->print("Exceeded max stack size.");
490 break;
491 case STACK_UNDERFLOW:
492 ss->print("Attempt to pop empty stack.");
493 break;
494 case MISSING_STACKMAP:
495 ss->print("Expected stackmap frame at this location.");
496 break;
497 case BAD_STACKMAP:
498 ss->print("Invalid stackmap specification.");
499 break;
500 case WRONG_INLINE_TYPE:
501 ss->print("Type ");
502 _type.details(ss);
503 ss->print(" and type ");
504 _expected.details(ss);
505 ss->print(" must be identical inline types.");
506 break;
507 case UNKNOWN:
508 default:
509 ShouldNotReachHere();
510 ss->print_cr("Unknown");
511 }
512 ss->cr();
513 }
514
515 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
516 if (_bci != -1 && method != nullptr) {
517 streamIndentor si(ss);
518 const char* bytecode_name = "<invalid>";
519 if (method->validate_bci(_bci) != -1) {
520 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
521 if (Bytecodes::is_defined(code)) {
522 bytecode_name = Bytecodes::name(code);
523 } else {
524 bytecode_name = "<illegal>";
525 }
526 }
527 InstanceKlass* ik = method->method_holder();
528 ss->indent().print_cr("Location:");
529 streamIndentor si2(ss);
530 ss->indent().print_cr("%s.%s%s @%d: %s",
531 ik->name()->as_C_string(), method->name()->as_C_string(),
532 method->signature()->as_C_string(), _bci, bytecode_name);
533 }
534 }
535
536 void ErrorContext::frame_details(outputStream* ss) const {
537 streamIndentor si(ss);
538 if (_type.is_valid() && _type.frame() != nullptr) {
539 ss->indent().print_cr("Current Frame:");
540 streamIndentor si2(ss);
541 _type.frame()->print_on(ss);
542 }
543 if (_expected.is_valid() && _expected.frame() != nullptr) {
544 ss->indent().print_cr("Stackmap Frame:");
545 streamIndentor si2(ss);
546 _expected.frame()->print_on(ss);
547 }
548 }
549
550 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
551 if (method != nullptr) {
552 streamIndentor si(ss);
553 ss->indent().print_cr("Bytecode:");
554 streamIndentor si2(ss);
555 ss->print_data(method->code_base(), method->code_size(), false);
556 }
557 }
558
559 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
560 if (method != nullptr) {
561 streamIndentor si(ss);
562 ExceptionTable table(method);
563 if (table.length() > 0) {
564 ss->indent().print_cr("Exception Handler Table:");
565 streamIndentor si2(ss);
566 for (int i = 0; i < table.length(); ++i) {
567 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
568 table.end_pc(i), table.handler_pc(i));
569 }
570 }
571 }
572 }
573
574 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
575 if (method != nullptr && method->has_stackmap_table()) {
576 streamIndentor si(ss);
577 ss->indent().print_cr("Stackmap Table:");
578 Array<u1>* data = method->stackmap_data();
579 stack_map_table* sm_table =
580 stack_map_table::at((address)data->adr_at(0));
581 stack_map_frame* sm_frame = sm_table->entries();
582 streamIndentor si2(ss);
583 int current_offset = -1;
584 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
585 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
586 ss->indent();
587 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
588 sm_frame->print_truncated(ss, current_offset);
589 return;
590 }
591 sm_frame->print_on(ss, current_offset);
592 ss->cr();
593 current_offset += sm_frame->offset_delta();
594 sm_frame = sm_frame->next();
595 }
596 }
597 }
598
599 // Methods in ClassVerifier
600
601 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
602 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
603 _message(nullptr), _klass(klass) {
604 _this_type = VerificationType::reference_type(klass->name());
605 }
606
607 ClassVerifier::~ClassVerifier() {
608 // Decrement the reference count for any symbols created.
609 if (_symbols != nullptr) {
610 for (int i = 0; i < _symbols->length(); i++) {
611 Symbol* s = _symbols->at(i);
612 s->decrement_refcount();
613 }
614 }
615 }
616
617 VerificationType ClassVerifier::object_type() const {
618 return VerificationType::reference_type(vmSymbols::java_lang_Object());
619 }
620
621 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
622 VerificationType vt = VerificationType::reference_type(
623 create_temporary_symbol(sig, (int)strlen(sig)));
624 return TypeOrigin::implicit(vt);
625 }
626
627 static bool supports_strict_fields(InstanceKlass* klass) {
628 int ver = klass->major_version();
629 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
630 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
631 }
632
633 void ClassVerifier::verify_class(TRAPS) {
634 log_info(verification)("Verifying class %s with new format", _klass->external_name());
635
636 // Either verifying both local and remote classes or just remote classes.
637 assert(BytecodeVerificationRemote, "Should not be here");
638
639 Array<Method*>* methods = _klass->methods();
640 int num_methods = methods->length();
641
642 for (int index = 0; index < num_methods; index++) {
643 // Check for recursive re-verification before each method.
644 if (was_recursively_verified()) return;
645
646 Method* m = methods->at(index);
647 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
648 // If m is native or abstract, skip it. It is checked in class file
649 // parser that methods do not override a final method. Overpass methods
650 // are trusted since the VM generates them.
651 continue;
652 }
653 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
654 }
655
656 if (was_recursively_verified()){
657 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
658 log_info(class, init)("Recursive verification detected for: %s",
659 _klass->external_name());
660 }
661 }
662
663 // Translate the signature entries into verification types and save them in
664 // the growable array. Also, save the count of arguments.
665 void ClassVerifier::translate_signature(Symbol* const method_sig,
666 sig_as_verification_types* sig_verif_types) {
667 SignatureStream sig_stream(method_sig);
668 VerificationType sig_type[2];
669 int sig_i = 0;
670 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
671
672 // Translate the signature arguments into verification types.
673 while (!sig_stream.at_return_type()) {
674 int n = change_sig_to_verificationType(&sig_stream, sig_type);
675 assert(n <= 2, "Unexpected signature type");
676
677 // Store verification type(s). Longs and Doubles each have two verificationTypes.
678 for (int x = 0; x < n; x++) {
679 verif_types->push(sig_type[x]);
680 }
681 sig_i += n;
682 sig_stream.next();
683 }
684
685 // Set final arg count, not including the return type. The final arg count will
686 // be compared with sig_verify_types' length to see if there is a return type.
687 sig_verif_types->set_num_args(sig_i);
688
689 // Store verification type(s) for the return type, if there is one.
690 if (sig_stream.type() != T_VOID) {
691 int n = change_sig_to_verificationType(&sig_stream, sig_type);
692 assert(n <= 2, "Unexpected signature return type");
693 for (int y = 0; y < n; y++) {
694 verif_types->push(sig_type[y]);
695 }
696 }
697 }
698
699 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
700 int sig_index) {
701 // Translate the signature into verification types.
702 ConstantPool* cp = _klass->constants();
703 Symbol* const method_sig = cp->symbol_at(sig_index);
704 translate_signature(method_sig, sig_verif_types);
705
706 // Add the list of this signature's verification types to the table.
707 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
708 assert(is_unique, "Duplicate entries in method_signature_table");
709 }
710
711 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
712 HandleMark hm(THREAD);
713 _method = m; // initialize _method
714 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
715
716 // For clang, the only good constant format string is a literal constant format string.
717 #define bad_type_msg "Bad type on operand stack in %s"
718
719 u2 max_stack = m->verifier_max_stack();
720 u2 max_locals = m->max_locals();
721 constantPoolHandle cp(THREAD, m->constants());
722
723 // Method signature was checked in ClassFileParser.
724 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
725 "Invalid method signature");
726
727 // Initial stack map frame: offset is 0, stack is initially empty.
728 StackMapFrame current_frame(max_locals, max_stack, this);
729 // Set initial locals
730 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
731
732 u2 stackmap_index = 0; // index to the stackmap array
733
734 u4 code_length = m->code_size();
735
736 // Scan the bytecode and map each instruction's start offset to a number.
737 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
738
739 int ex_min = code_length;
740 int ex_max = -1;
741 // Look through each item on the exception table. Each of the fields must refer
742 // to a legal instruction.
743 if (was_recursively_verified()) return;
744 verify_exception_handler_table(
745 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
746
747 // Look through each entry on the local variable table and make sure
748 // its range of code array offsets is valid. (4169817)
749 if (m->has_localvariable_table()) {
750 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
751 }
752
753 Array<u1>* stackmap_data = m->stackmap_data();
754 StackMapStream stream(stackmap_data);
755 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
756 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
757 code_data, code_length, CHECK_VERIFY(this));
758
759 LogTarget(Debug, verification) lt;
760 if (lt.is_enabled()) {
761 ResourceMark rm(THREAD);
762 LogStream ls(lt);
763 stackmap_table.print_on(&ls);
764 }
765
766 RawBytecodeStream bcs(m);
767
768 // Scan the byte code linearly from the start to the end
769 bool no_control_flow = false; // Set to true when there is no direct control
770 // flow from current instruction to the next
771 // instruction in sequence
772
773 Bytecodes::Code opcode;
774 while (!bcs.is_last_bytecode()) {
775 // Check for recursive re-verification before each bytecode.
776 if (was_recursively_verified()) return;
777
778 opcode = bcs.raw_next();
779 int bci = bcs.bci();
780
781 // Set current frame's offset to bci
782 current_frame.set_offset(bci);
783 current_frame.set_mark();
784
785 // Make sure every offset in stackmap table point to the beginning to
786 // an instruction. Match current_frame to stackmap_table entry with
787 // the same offset if exists.
788 stackmap_index = verify_stackmap_table(
789 stackmap_index, bci, ¤t_frame, &stackmap_table,
790 no_control_flow, CHECK_VERIFY(this));
791
792
793 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
794 bool verified_exc_handlers = false;
795
796 // Merge with the next instruction
797 {
798 int target;
799 VerificationType type, type2;
800 VerificationType atype;
801
802 LogTarget(Debug, verification) lt;
803 if (lt.is_enabled()) {
804 ResourceMark rm(THREAD);
805 LogStream ls(lt);
806 current_frame.print_on(&ls);
807 lt.print("offset = %d, opcode = %s", bci,
808 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
809 }
810
811 // Make sure wide instruction is in correct format
812 if (bcs.is_wide()) {
813 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
814 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
815 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
816 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
817 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
818 opcode != Bytecodes::_dstore) {
819 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
820 * if we encounter a wide instruction that modifies an invalid
821 * opcode (not one of the ones listed above) */
822 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
823 return;
824 }
825 }
826
827 // Look for possible jump target in exception handlers and see if it
828 // matches current_frame. Do this check here for astore*, dstore*,
829 // fstore*, istore*, and lstore* opcodes because they can change the type
830 // state by adding a local. JVM Spec says that the incoming type state
831 // should be used for this check. So, do the check here before a possible
832 // local is added to the type state.
833 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
834 if (was_recursively_verified()) return;
835 verify_exception_handler_targets(
836 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
837 verified_exc_handlers = true;
838 }
839
840 if (was_recursively_verified()) return;
841
842 switch (opcode) {
843 case Bytecodes::_nop :
844 no_control_flow = false; break;
845 case Bytecodes::_aconst_null :
846 current_frame.push_stack(
847 VerificationType::null_type(), CHECK_VERIFY(this));
848 no_control_flow = false; break;
849 case Bytecodes::_iconst_m1 :
850 case Bytecodes::_iconst_0 :
851 case Bytecodes::_iconst_1 :
852 case Bytecodes::_iconst_2 :
853 case Bytecodes::_iconst_3 :
854 case Bytecodes::_iconst_4 :
855 case Bytecodes::_iconst_5 :
856 current_frame.push_stack(
857 VerificationType::integer_type(), CHECK_VERIFY(this));
858 no_control_flow = false; break;
859 case Bytecodes::_lconst_0 :
860 case Bytecodes::_lconst_1 :
861 current_frame.push_stack_2(
862 VerificationType::long_type(),
863 VerificationType::long2_type(), CHECK_VERIFY(this));
864 no_control_flow = false; break;
865 case Bytecodes::_fconst_0 :
866 case Bytecodes::_fconst_1 :
867 case Bytecodes::_fconst_2 :
868 current_frame.push_stack(
869 VerificationType::float_type(), CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 case Bytecodes::_dconst_0 :
872 case Bytecodes::_dconst_1 :
873 current_frame.push_stack_2(
874 VerificationType::double_type(),
875 VerificationType::double2_type(), CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_sipush :
878 case Bytecodes::_bipush :
879 current_frame.push_stack(
880 VerificationType::integer_type(), CHECK_VERIFY(this));
881 no_control_flow = false; break;
882 case Bytecodes::_ldc :
883 verify_ldc(
884 opcode, bcs.get_index_u1(), ¤t_frame,
885 cp, bci, CHECK_VERIFY(this));
886 no_control_flow = false; break;
887 case Bytecodes::_ldc_w :
888 case Bytecodes::_ldc2_w :
889 verify_ldc(
890 opcode, bcs.get_index_u2(), ¤t_frame,
891 cp, bci, CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_iload :
894 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
895 no_control_flow = false; break;
896 case Bytecodes::_iload_0 :
897 case Bytecodes::_iload_1 :
898 case Bytecodes::_iload_2 :
899 case Bytecodes::_iload_3 : {
900 int index = opcode - Bytecodes::_iload_0;
901 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
902 no_control_flow = false; break;
903 }
904 case Bytecodes::_lload :
905 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
906 no_control_flow = false; break;
907 case Bytecodes::_lload_0 :
908 case Bytecodes::_lload_1 :
909 case Bytecodes::_lload_2 :
910 case Bytecodes::_lload_3 : {
911 int index = opcode - Bytecodes::_lload_0;
912 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
913 no_control_flow = false; break;
914 }
915 case Bytecodes::_fload :
916 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
917 no_control_flow = false; break;
918 case Bytecodes::_fload_0 :
919 case Bytecodes::_fload_1 :
920 case Bytecodes::_fload_2 :
921 case Bytecodes::_fload_3 : {
922 int index = opcode - Bytecodes::_fload_0;
923 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
924 no_control_flow = false; break;
925 }
926 case Bytecodes::_dload :
927 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 case Bytecodes::_dload_0 :
930 case Bytecodes::_dload_1 :
931 case Bytecodes::_dload_2 :
932 case Bytecodes::_dload_3 : {
933 int index = opcode - Bytecodes::_dload_0;
934 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
935 no_control_flow = false; break;
936 }
937 case Bytecodes::_aload :
938 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
939 no_control_flow = false; break;
940 case Bytecodes::_aload_0 :
941 case Bytecodes::_aload_1 :
942 case Bytecodes::_aload_2 :
943 case Bytecodes::_aload_3 : {
944 int index = opcode - Bytecodes::_aload_0;
945 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
946 no_control_flow = false; break;
947 }
948 case Bytecodes::_iaload :
949 type = current_frame.pop_stack(
950 VerificationType::integer_type(), CHECK_VERIFY(this));
951 atype = current_frame.pop_stack(
952 VerificationType::reference_check(), CHECK_VERIFY(this));
953 if (!atype.is_int_array()) {
954 verify_error(ErrorContext::bad_type(bci,
955 current_frame.stack_top_ctx(), ref_ctx("[I")),
956 bad_type_msg, "iaload");
957 return;
958 }
959 current_frame.push_stack(
960 VerificationType::integer_type(), CHECK_VERIFY(this));
961 no_control_flow = false; break;
962 case Bytecodes::_baload :
963 type = current_frame.pop_stack(
964 VerificationType::integer_type(), CHECK_VERIFY(this));
965 atype = current_frame.pop_stack(
966 VerificationType::reference_check(), CHECK_VERIFY(this));
967 if (!atype.is_bool_array() && !atype.is_byte_array()) {
968 verify_error(
969 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
970 bad_type_msg, "baload");
971 return;
972 }
973 current_frame.push_stack(
974 VerificationType::integer_type(), CHECK_VERIFY(this));
975 no_control_flow = false; break;
976 case Bytecodes::_caload :
977 type = current_frame.pop_stack(
978 VerificationType::integer_type(), CHECK_VERIFY(this));
979 atype = current_frame.pop_stack(
980 VerificationType::reference_check(), CHECK_VERIFY(this));
981 if (!atype.is_char_array()) {
982 verify_error(ErrorContext::bad_type(bci,
983 current_frame.stack_top_ctx(), ref_ctx("[C")),
984 bad_type_msg, "caload");
985 return;
986 }
987 current_frame.push_stack(
988 VerificationType::integer_type(), CHECK_VERIFY(this));
989 no_control_flow = false; break;
990 case Bytecodes::_saload :
991 type = current_frame.pop_stack(
992 VerificationType::integer_type(), CHECK_VERIFY(this));
993 atype = current_frame.pop_stack(
994 VerificationType::reference_check(), CHECK_VERIFY(this));
995 if (!atype.is_short_array()) {
996 verify_error(ErrorContext::bad_type(bci,
997 current_frame.stack_top_ctx(), ref_ctx("[S")),
998 bad_type_msg, "saload");
999 return;
1000 }
1001 current_frame.push_stack(
1002 VerificationType::integer_type(), CHECK_VERIFY(this));
1003 no_control_flow = false; break;
1004 case Bytecodes::_laload :
1005 type = current_frame.pop_stack(
1006 VerificationType::integer_type(), CHECK_VERIFY(this));
1007 atype = current_frame.pop_stack(
1008 VerificationType::reference_check(), CHECK_VERIFY(this));
1009 if (!atype.is_long_array()) {
1010 verify_error(ErrorContext::bad_type(bci,
1011 current_frame.stack_top_ctx(), ref_ctx("[J")),
1012 bad_type_msg, "laload");
1013 return;
1014 }
1015 current_frame.push_stack_2(
1016 VerificationType::long_type(),
1017 VerificationType::long2_type(), CHECK_VERIFY(this));
1018 no_control_flow = false; break;
1019 case Bytecodes::_faload :
1020 type = current_frame.pop_stack(
1021 VerificationType::integer_type(), CHECK_VERIFY(this));
1022 atype = current_frame.pop_stack(
1023 VerificationType::reference_check(), CHECK_VERIFY(this));
1024 if (!atype.is_float_array()) {
1025 verify_error(ErrorContext::bad_type(bci,
1026 current_frame.stack_top_ctx(), ref_ctx("[F")),
1027 bad_type_msg, "faload");
1028 return;
1029 }
1030 current_frame.push_stack(
1031 VerificationType::float_type(), CHECK_VERIFY(this));
1032 no_control_flow = false; break;
1033 case Bytecodes::_daload :
1034 type = current_frame.pop_stack(
1035 VerificationType::integer_type(), CHECK_VERIFY(this));
1036 atype = current_frame.pop_stack(
1037 VerificationType::reference_check(), CHECK_VERIFY(this));
1038 if (!atype.is_double_array()) {
1039 verify_error(ErrorContext::bad_type(bci,
1040 current_frame.stack_top_ctx(), ref_ctx("[D")),
1041 bad_type_msg, "daload");
1042 return;
1043 }
1044 current_frame.push_stack_2(
1045 VerificationType::double_type(),
1046 VerificationType::double2_type(), CHECK_VERIFY(this));
1047 no_control_flow = false; break;
1048 case Bytecodes::_aaload : {
1049 type = current_frame.pop_stack(
1050 VerificationType::integer_type(), CHECK_VERIFY(this));
1051 atype = current_frame.pop_stack(
1052 VerificationType::reference_check(), CHECK_VERIFY(this));
1053 if (!atype.is_reference_array()) {
1054 verify_error(ErrorContext::bad_type(bci,
1055 current_frame.stack_top_ctx(),
1056 TypeOrigin::implicit(VerificationType::reference_check())),
1057 bad_type_msg, "aaload");
1058 return;
1059 }
1060 if (atype.is_null()) {
1061 current_frame.push_stack(
1062 VerificationType::null_type(), CHECK_VERIFY(this));
1063 } else {
1064 VerificationType component = atype.get_component(this);
1065 current_frame.push_stack(component, CHECK_VERIFY(this));
1066 }
1067 no_control_flow = false; break;
1068 }
1069 case Bytecodes::_istore :
1070 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1071 no_control_flow = false; break;
1072 case Bytecodes::_istore_0 :
1073 case Bytecodes::_istore_1 :
1074 case Bytecodes::_istore_2 :
1075 case Bytecodes::_istore_3 : {
1076 int index = opcode - Bytecodes::_istore_0;
1077 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1078 no_control_flow = false; break;
1079 }
1080 case Bytecodes::_lstore :
1081 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1082 no_control_flow = false; break;
1083 case Bytecodes::_lstore_0 :
1084 case Bytecodes::_lstore_1 :
1085 case Bytecodes::_lstore_2 :
1086 case Bytecodes::_lstore_3 : {
1087 int index = opcode - Bytecodes::_lstore_0;
1088 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 }
1091 case Bytecodes::_fstore :
1092 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1093 no_control_flow = false; break;
1094 case Bytecodes::_fstore_0 :
1095 case Bytecodes::_fstore_1 :
1096 case Bytecodes::_fstore_2 :
1097 case Bytecodes::_fstore_3 : {
1098 int index = opcode - Bytecodes::_fstore_0;
1099 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1100 no_control_flow = false; break;
1101 }
1102 case Bytecodes::_dstore :
1103 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1104 no_control_flow = false; break;
1105 case Bytecodes::_dstore_0 :
1106 case Bytecodes::_dstore_1 :
1107 case Bytecodes::_dstore_2 :
1108 case Bytecodes::_dstore_3 : {
1109 int index = opcode - Bytecodes::_dstore_0;
1110 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1111 no_control_flow = false; break;
1112 }
1113 case Bytecodes::_astore :
1114 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1115 no_control_flow = false; break;
1116 case Bytecodes::_astore_0 :
1117 case Bytecodes::_astore_1 :
1118 case Bytecodes::_astore_2 :
1119 case Bytecodes::_astore_3 : {
1120 int index = opcode - Bytecodes::_astore_0;
1121 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1122 no_control_flow = false; break;
1123 }
1124 case Bytecodes::_iastore :
1125 type = current_frame.pop_stack(
1126 VerificationType::integer_type(), CHECK_VERIFY(this));
1127 type2 = current_frame.pop_stack(
1128 VerificationType::integer_type(), CHECK_VERIFY(this));
1129 atype = current_frame.pop_stack(
1130 VerificationType::reference_check(), CHECK_VERIFY(this));
1131 if (!atype.is_int_array()) {
1132 verify_error(ErrorContext::bad_type(bci,
1133 current_frame.stack_top_ctx(), ref_ctx("[I")),
1134 bad_type_msg, "iastore");
1135 return;
1136 }
1137 no_control_flow = false; break;
1138 case Bytecodes::_bastore :
1139 type = current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 type2 = current_frame.pop_stack(
1142 VerificationType::integer_type(), CHECK_VERIFY(this));
1143 atype = current_frame.pop_stack(
1144 VerificationType::reference_check(), CHECK_VERIFY(this));
1145 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1146 verify_error(
1147 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1148 bad_type_msg, "bastore");
1149 return;
1150 }
1151 no_control_flow = false; break;
1152 case Bytecodes::_castore :
1153 current_frame.pop_stack(
1154 VerificationType::integer_type(), CHECK_VERIFY(this));
1155 current_frame.pop_stack(
1156 VerificationType::integer_type(), CHECK_VERIFY(this));
1157 atype = current_frame.pop_stack(
1158 VerificationType::reference_check(), CHECK_VERIFY(this));
1159 if (!atype.is_char_array()) {
1160 verify_error(ErrorContext::bad_type(bci,
1161 current_frame.stack_top_ctx(), ref_ctx("[C")),
1162 bad_type_msg, "castore");
1163 return;
1164 }
1165 no_control_flow = false; break;
1166 case Bytecodes::_sastore :
1167 current_frame.pop_stack(
1168 VerificationType::integer_type(), CHECK_VERIFY(this));
1169 current_frame.pop_stack(
1170 VerificationType::integer_type(), CHECK_VERIFY(this));
1171 atype = current_frame.pop_stack(
1172 VerificationType::reference_check(), CHECK_VERIFY(this));
1173 if (!atype.is_short_array()) {
1174 verify_error(ErrorContext::bad_type(bci,
1175 current_frame.stack_top_ctx(), ref_ctx("[S")),
1176 bad_type_msg, "sastore");
1177 return;
1178 }
1179 no_control_flow = false; break;
1180 case Bytecodes::_lastore :
1181 current_frame.pop_stack_2(
1182 VerificationType::long2_type(),
1183 VerificationType::long_type(), CHECK_VERIFY(this));
1184 current_frame.pop_stack(
1185 VerificationType::integer_type(), CHECK_VERIFY(this));
1186 atype = current_frame.pop_stack(
1187 VerificationType::reference_check(), CHECK_VERIFY(this));
1188 if (!atype.is_long_array()) {
1189 verify_error(ErrorContext::bad_type(bci,
1190 current_frame.stack_top_ctx(), ref_ctx("[J")),
1191 bad_type_msg, "lastore");
1192 return;
1193 }
1194 no_control_flow = false; break;
1195 case Bytecodes::_fastore :
1196 current_frame.pop_stack(
1197 VerificationType::float_type(), CHECK_VERIFY(this));
1198 current_frame.pop_stack
1199 (VerificationType::integer_type(), CHECK_VERIFY(this));
1200 atype = current_frame.pop_stack(
1201 VerificationType::reference_check(), CHECK_VERIFY(this));
1202 if (!atype.is_float_array()) {
1203 verify_error(ErrorContext::bad_type(bci,
1204 current_frame.stack_top_ctx(), ref_ctx("[F")),
1205 bad_type_msg, "fastore");
1206 return;
1207 }
1208 no_control_flow = false; break;
1209 case Bytecodes::_dastore :
1210 current_frame.pop_stack_2(
1211 VerificationType::double2_type(),
1212 VerificationType::double_type(), CHECK_VERIFY(this));
1213 current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 if (!atype.is_double_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220 bad_type_msg, "dastore");
1221 return;
1222 }
1223 no_control_flow = false; break;
1224 case Bytecodes::_aastore :
1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226 type2 = current_frame.pop_stack(
1227 VerificationType::integer_type(), CHECK_VERIFY(this));
1228 atype = current_frame.pop_stack(
1229 VerificationType::reference_check(), CHECK_VERIFY(this));
1230 // more type-checking is done at runtime
1231 if (!atype.is_reference_array()) {
1232 verify_error(ErrorContext::bad_type(bci,
1233 current_frame.stack_top_ctx(),
1234 TypeOrigin::implicit(VerificationType::reference_check())),
1235 bad_type_msg, "aastore");
1236 return;
1237 }
1238 // 4938384: relaxed constraint in JVMS 3rd edition.
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop :
1241 current_frame.pop_stack(
1242 VerificationType::category1_check(), CHECK_VERIFY(this));
1243 no_control_flow = false; break;
1244 case Bytecodes::_pop2 :
1245 type = current_frame.pop_stack(CHECK_VERIFY(this));
1246 if (type.is_category1()) {
1247 current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 } else if (type.is_category2_2nd()) {
1250 current_frame.pop_stack(
1251 VerificationType::category2_check(), CHECK_VERIFY(this));
1252 } else {
1253 /* Unreachable? Would need a category2_1st on TOS
1254 * which does not appear possible. */
1255 verify_error(
1256 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1257 bad_type_msg, "pop2");
1258 return;
1259 }
1260 no_control_flow = false; break;
1261 case Bytecodes::_dup :
1262 type = current_frame.pop_stack(
1263 VerificationType::category1_check(), CHECK_VERIFY(this));
1264 current_frame.push_stack(type, CHECK_VERIFY(this));
1265 current_frame.push_stack(type, CHECK_VERIFY(this));
1266 no_control_flow = false; break;
1267 case Bytecodes::_dup_x1 :
1268 type = current_frame.pop_stack(
1269 VerificationType::category1_check(), CHECK_VERIFY(this));
1270 type2 = current_frame.pop_stack(
1271 VerificationType::category1_check(), CHECK_VERIFY(this));
1272 current_frame.push_stack(type, CHECK_VERIFY(this));
1273 current_frame.push_stack(type2, CHECK_VERIFY(this));
1274 current_frame.push_stack(type, CHECK_VERIFY(this));
1275 no_control_flow = false; break;
1276 case Bytecodes::_dup_x2 :
1277 {
1278 VerificationType type3;
1279 type = current_frame.pop_stack(
1280 VerificationType::category1_check(), CHECK_VERIFY(this));
1281 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1282 if (type2.is_category1()) {
1283 type3 = current_frame.pop_stack(
1284 VerificationType::category1_check(), CHECK_VERIFY(this));
1285 } else if (type2.is_category2_2nd()) {
1286 type3 = current_frame.pop_stack(
1287 VerificationType::category2_check(), CHECK_VERIFY(this));
1288 } else {
1289 /* Unreachable? Would need a category2_1st at stack depth 2 with
1290 * a category1 on TOS which does not appear possible. */
1291 verify_error(ErrorContext::bad_type(
1292 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1293 return;
1294 }
1295 current_frame.push_stack(type, CHECK_VERIFY(this));
1296 current_frame.push_stack(type3, CHECK_VERIFY(this));
1297 current_frame.push_stack(type2, CHECK_VERIFY(this));
1298 current_frame.push_stack(type, CHECK_VERIFY(this));
1299 no_control_flow = false; break;
1300 }
1301 case Bytecodes::_dup2 :
1302 type = current_frame.pop_stack(CHECK_VERIFY(this));
1303 if (type.is_category1()) {
1304 type2 = current_frame.pop_stack(
1305 VerificationType::category1_check(), CHECK_VERIFY(this));
1306 } else if (type.is_category2_2nd()) {
1307 type2 = current_frame.pop_stack(
1308 VerificationType::category2_check(), CHECK_VERIFY(this));
1309 } else {
1310 /* Unreachable? Would need a category2_1st on TOS which does not
1311 * appear possible. */
1312 verify_error(
1313 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1314 bad_type_msg, "dup2");
1315 return;
1316 }
1317 current_frame.push_stack(type2, CHECK_VERIFY(this));
1318 current_frame.push_stack(type, CHECK_VERIFY(this));
1319 current_frame.push_stack(type2, CHECK_VERIFY(this));
1320 current_frame.push_stack(type, CHECK_VERIFY(this));
1321 no_control_flow = false; break;
1322 case Bytecodes::_dup2_x1 :
1323 {
1324 VerificationType type3;
1325 type = current_frame.pop_stack(CHECK_VERIFY(this));
1326 if (type.is_category1()) {
1327 type2 = current_frame.pop_stack(
1328 VerificationType::category1_check(), CHECK_VERIFY(this));
1329 } else if (type.is_category2_2nd()) {
1330 type2 = current_frame.pop_stack(
1331 VerificationType::category2_check(), CHECK_VERIFY(this));
1332 } else {
1333 /* Unreachable? Would need a category2_1st on TOS which does
1334 * not appear possible. */
1335 verify_error(
1336 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1337 bad_type_msg, "dup2_x1");
1338 return;
1339 }
1340 type3 = current_frame.pop_stack(
1341 VerificationType::category1_check(), CHECK_VERIFY(this));
1342 current_frame.push_stack(type2, CHECK_VERIFY(this));
1343 current_frame.push_stack(type, CHECK_VERIFY(this));
1344 current_frame.push_stack(type3, CHECK_VERIFY(this));
1345 current_frame.push_stack(type2, CHECK_VERIFY(this));
1346 current_frame.push_stack(type, CHECK_VERIFY(this));
1347 no_control_flow = false; break;
1348 }
1349 case Bytecodes::_dup2_x2 :
1350 {
1351 VerificationType type3, type4;
1352 type = current_frame.pop_stack(CHECK_VERIFY(this));
1353 if (type.is_category1()) {
1354 type2 = current_frame.pop_stack(
1355 VerificationType::category1_check(), CHECK_VERIFY(this));
1356 } else if (type.is_category2_2nd()) {
1357 type2 = current_frame.pop_stack(
1358 VerificationType::category2_check(), CHECK_VERIFY(this));
1359 } else {
1360 /* Unreachable? Would need a category2_1st on TOS which does
1361 * not appear possible. */
1362 verify_error(
1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364 bad_type_msg, "dup2_x2");
1365 return;
1366 }
1367 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1368 if (type3.is_category1()) {
1369 type4 = current_frame.pop_stack(
1370 VerificationType::category1_check(), CHECK_VERIFY(this));
1371 } else if (type3.is_category2_2nd()) {
1372 type4 = current_frame.pop_stack(
1373 VerificationType::category2_check(), CHECK_VERIFY(this));
1374 } else {
1375 /* Unreachable? Would need a category2_1st on TOS after popping
1376 * a long/double or two category 1's, which does not
1377 * appear possible. */
1378 verify_error(
1379 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1380 bad_type_msg, "dup2_x2");
1381 return;
1382 }
1383 current_frame.push_stack(type2, CHECK_VERIFY(this));
1384 current_frame.push_stack(type, CHECK_VERIFY(this));
1385 current_frame.push_stack(type4, CHECK_VERIFY(this));
1386 current_frame.push_stack(type3, CHECK_VERIFY(this));
1387 current_frame.push_stack(type2, CHECK_VERIFY(this));
1388 current_frame.push_stack(type, CHECK_VERIFY(this));
1389 no_control_flow = false; break;
1390 }
1391 case Bytecodes::_swap :
1392 type = current_frame.pop_stack(
1393 VerificationType::category1_check(), CHECK_VERIFY(this));
1394 type2 = current_frame.pop_stack(
1395 VerificationType::category1_check(), CHECK_VERIFY(this));
1396 current_frame.push_stack(type, CHECK_VERIFY(this));
1397 current_frame.push_stack(type2, CHECK_VERIFY(this));
1398 no_control_flow = false; break;
1399 case Bytecodes::_iadd :
1400 case Bytecodes::_isub :
1401 case Bytecodes::_imul :
1402 case Bytecodes::_idiv :
1403 case Bytecodes::_irem :
1404 case Bytecodes::_ishl :
1405 case Bytecodes::_ishr :
1406 case Bytecodes::_iushr :
1407 case Bytecodes::_ior :
1408 case Bytecodes::_ixor :
1409 case Bytecodes::_iand :
1410 current_frame.pop_stack(
1411 VerificationType::integer_type(), CHECK_VERIFY(this));
1412 // fall through
1413 case Bytecodes::_ineg :
1414 current_frame.pop_stack(
1415 VerificationType::integer_type(), CHECK_VERIFY(this));
1416 current_frame.push_stack(
1417 VerificationType::integer_type(), CHECK_VERIFY(this));
1418 no_control_flow = false; break;
1419 case Bytecodes::_ladd :
1420 case Bytecodes::_lsub :
1421 case Bytecodes::_lmul :
1422 case Bytecodes::_ldiv :
1423 case Bytecodes::_lrem :
1424 case Bytecodes::_land :
1425 case Bytecodes::_lor :
1426 case Bytecodes::_lxor :
1427 current_frame.pop_stack_2(
1428 VerificationType::long2_type(),
1429 VerificationType::long_type(), CHECK_VERIFY(this));
1430 // fall through
1431 case Bytecodes::_lneg :
1432 current_frame.pop_stack_2(
1433 VerificationType::long2_type(),
1434 VerificationType::long_type(), CHECK_VERIFY(this));
1435 current_frame.push_stack_2(
1436 VerificationType::long_type(),
1437 VerificationType::long2_type(), CHECK_VERIFY(this));
1438 no_control_flow = false; break;
1439 case Bytecodes::_lshl :
1440 case Bytecodes::_lshr :
1441 case Bytecodes::_lushr :
1442 current_frame.pop_stack(
1443 VerificationType::integer_type(), CHECK_VERIFY(this));
1444 current_frame.pop_stack_2(
1445 VerificationType::long2_type(),
1446 VerificationType::long_type(), CHECK_VERIFY(this));
1447 current_frame.push_stack_2(
1448 VerificationType::long_type(),
1449 VerificationType::long2_type(), CHECK_VERIFY(this));
1450 no_control_flow = false; break;
1451 case Bytecodes::_fadd :
1452 case Bytecodes::_fsub :
1453 case Bytecodes::_fmul :
1454 case Bytecodes::_fdiv :
1455 case Bytecodes::_frem :
1456 current_frame.pop_stack(
1457 VerificationType::float_type(), CHECK_VERIFY(this));
1458 // fall through
1459 case Bytecodes::_fneg :
1460 current_frame.pop_stack(
1461 VerificationType::float_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack(
1463 VerificationType::float_type(), CHECK_VERIFY(this));
1464 no_control_flow = false; break;
1465 case Bytecodes::_dadd :
1466 case Bytecodes::_dsub :
1467 case Bytecodes::_dmul :
1468 case Bytecodes::_ddiv :
1469 case Bytecodes::_drem :
1470 current_frame.pop_stack_2(
1471 VerificationType::double2_type(),
1472 VerificationType::double_type(), CHECK_VERIFY(this));
1473 // fall through
1474 case Bytecodes::_dneg :
1475 current_frame.pop_stack_2(
1476 VerificationType::double2_type(),
1477 VerificationType::double_type(), CHECK_VERIFY(this));
1478 current_frame.push_stack_2(
1479 VerificationType::double_type(),
1480 VerificationType::double2_type(), CHECK_VERIFY(this));
1481 no_control_flow = false; break;
1482 case Bytecodes::_iinc :
1483 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_i2l :
1486 type = current_frame.pop_stack(
1487 VerificationType::integer_type(), CHECK_VERIFY(this));
1488 current_frame.push_stack_2(
1489 VerificationType::long_type(),
1490 VerificationType::long2_type(), CHECK_VERIFY(this));
1491 no_control_flow = false; break;
1492 case Bytecodes::_l2i :
1493 current_frame.pop_stack_2(
1494 VerificationType::long2_type(),
1495 VerificationType::long_type(), CHECK_VERIFY(this));
1496 current_frame.push_stack(
1497 VerificationType::integer_type(), CHECK_VERIFY(this));
1498 no_control_flow = false; break;
1499 case Bytecodes::_i2f :
1500 current_frame.pop_stack(
1501 VerificationType::integer_type(), CHECK_VERIFY(this));
1502 current_frame.push_stack(
1503 VerificationType::float_type(), CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_i2d :
1506 current_frame.pop_stack(
1507 VerificationType::integer_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack_2(
1509 VerificationType::double_type(),
1510 VerificationType::double2_type(), CHECK_VERIFY(this));
1511 no_control_flow = false; break;
1512 case Bytecodes::_l2f :
1513 current_frame.pop_stack_2(
1514 VerificationType::long2_type(),
1515 VerificationType::long_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack(
1517 VerificationType::float_type(), CHECK_VERIFY(this));
1518 no_control_flow = false; break;
1519 case Bytecodes::_l2d :
1520 current_frame.pop_stack_2(
1521 VerificationType::long2_type(),
1522 VerificationType::long_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack_2(
1524 VerificationType::double_type(),
1525 VerificationType::double2_type(), CHECK_VERIFY(this));
1526 no_control_flow = false; break;
1527 case Bytecodes::_f2i :
1528 current_frame.pop_stack(
1529 VerificationType::float_type(), CHECK_VERIFY(this));
1530 current_frame.push_stack(
1531 VerificationType::integer_type(), CHECK_VERIFY(this));
1532 no_control_flow = false; break;
1533 case Bytecodes::_f2l :
1534 current_frame.pop_stack(
1535 VerificationType::float_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack_2(
1537 VerificationType::long_type(),
1538 VerificationType::long2_type(), CHECK_VERIFY(this));
1539 no_control_flow = false; break;
1540 case Bytecodes::_f2d :
1541 current_frame.pop_stack(
1542 VerificationType::float_type(), CHECK_VERIFY(this));
1543 current_frame.push_stack_2(
1544 VerificationType::double_type(),
1545 VerificationType::double2_type(), CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_d2i :
1548 current_frame.pop_stack_2(
1549 VerificationType::double2_type(),
1550 VerificationType::double_type(), CHECK_VERIFY(this));
1551 current_frame.push_stack(
1552 VerificationType::integer_type(), CHECK_VERIFY(this));
1553 no_control_flow = false; break;
1554 case Bytecodes::_d2l :
1555 current_frame.pop_stack_2(
1556 VerificationType::double2_type(),
1557 VerificationType::double_type(), CHECK_VERIFY(this));
1558 current_frame.push_stack_2(
1559 VerificationType::long_type(),
1560 VerificationType::long2_type(), CHECK_VERIFY(this));
1561 no_control_flow = false; break;
1562 case Bytecodes::_d2f :
1563 current_frame.pop_stack_2(
1564 VerificationType::double2_type(),
1565 VerificationType::double_type(), CHECK_VERIFY(this));
1566 current_frame.push_stack(
1567 VerificationType::float_type(), CHECK_VERIFY(this));
1568 no_control_flow = false; break;
1569 case Bytecodes::_i2b :
1570 case Bytecodes::_i2c :
1571 case Bytecodes::_i2s :
1572 current_frame.pop_stack(
1573 VerificationType::integer_type(), CHECK_VERIFY(this));
1574 current_frame.push_stack(
1575 VerificationType::integer_type(), CHECK_VERIFY(this));
1576 no_control_flow = false; break;
1577 case Bytecodes::_lcmp :
1578 current_frame.pop_stack_2(
1579 VerificationType::long2_type(),
1580 VerificationType::long_type(), CHECK_VERIFY(this));
1581 current_frame.pop_stack_2(
1582 VerificationType::long2_type(),
1583 VerificationType::long_type(), CHECK_VERIFY(this));
1584 current_frame.push_stack(
1585 VerificationType::integer_type(), CHECK_VERIFY(this));
1586 no_control_flow = false; break;
1587 case Bytecodes::_fcmpl :
1588 case Bytecodes::_fcmpg :
1589 current_frame.pop_stack(
1590 VerificationType::float_type(), CHECK_VERIFY(this));
1591 current_frame.pop_stack(
1592 VerificationType::float_type(), CHECK_VERIFY(this));
1593 current_frame.push_stack(
1594 VerificationType::integer_type(), CHECK_VERIFY(this));
1595 no_control_flow = false; break;
1596 case Bytecodes::_dcmpl :
1597 case Bytecodes::_dcmpg :
1598 current_frame.pop_stack_2(
1599 VerificationType::double2_type(),
1600 VerificationType::double_type(), CHECK_VERIFY(this));
1601 current_frame.pop_stack_2(
1602 VerificationType::double2_type(),
1603 VerificationType::double_type(), CHECK_VERIFY(this));
1604 current_frame.push_stack(
1605 VerificationType::integer_type(), CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 case Bytecodes::_if_icmpeq:
1608 case Bytecodes::_if_icmpne:
1609 case Bytecodes::_if_icmplt:
1610 case Bytecodes::_if_icmpge:
1611 case Bytecodes::_if_icmpgt:
1612 case Bytecodes::_if_icmple:
1613 current_frame.pop_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifeq:
1617 case Bytecodes::_ifne:
1618 case Bytecodes::_iflt:
1619 case Bytecodes::_ifge:
1620 case Bytecodes::_ifgt:
1621 case Bytecodes::_ifle:
1622 current_frame.pop_stack(
1623 VerificationType::integer_type(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target(
1626 ¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_if_acmpeq :
1629 case Bytecodes::_if_acmpne :
1630 current_frame.pop_stack(
1631 VerificationType::reference_check(), CHECK_VERIFY(this));
1632 // fall through
1633 case Bytecodes::_ifnull :
1634 case Bytecodes::_ifnonnull :
1635 current_frame.pop_stack(
1636 VerificationType::reference_check(), CHECK_VERIFY(this));
1637 target = bcs.dest();
1638 stackmap_table.check_jump_target
1639 (¤t_frame, target, CHECK_VERIFY(this));
1640 no_control_flow = false; break;
1641 case Bytecodes::_goto :
1642 target = bcs.dest();
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, target, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_goto_w :
1647 target = bcs.dest_w();
1648 stackmap_table.check_jump_target(
1649 ¤t_frame, target, CHECK_VERIFY(this));
1650 no_control_flow = true; break;
1651 case Bytecodes::_tableswitch :
1652 case Bytecodes::_lookupswitch :
1653 verify_switch(
1654 &bcs, code_length, code_data, ¤t_frame,
1655 &stackmap_table, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1657 case Bytecodes::_ireturn :
1658 type = current_frame.pop_stack(
1659 VerificationType::integer_type(), CHECK_VERIFY(this));
1660 verify_return_value(return_type, type, bci,
1661 ¤t_frame, CHECK_VERIFY(this));
1662 no_control_flow = true; break;
1663 case Bytecodes::_lreturn :
1664 type2 = current_frame.pop_stack(
1665 VerificationType::long2_type(), CHECK_VERIFY(this));
1666 type = current_frame.pop_stack(
1667 VerificationType::long_type(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_freturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::float_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_dreturn :
1678 type2 = current_frame.pop_stack(
1679 VerificationType::double2_type(), CHECK_VERIFY(this));
1680 type = current_frame.pop_stack(
1681 VerificationType::double_type(), CHECK_VERIFY(this));
1682 verify_return_value(return_type, type, bci,
1683 ¤t_frame, CHECK_VERIFY(this));
1684 no_control_flow = true; break;
1685 case Bytecodes::_areturn :
1686 type = current_frame.pop_stack(
1687 VerificationType::reference_check(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_return :
1692 if (return_type != VerificationType::bogus_type()) {
1693 verify_error(ErrorContext::bad_code(bci),
1694 "Method expects a return value");
1695 return;
1696 }
1697 // Make sure "this" has been initialized if current method is an
1698 // <init>.
1699 if (_method->is_object_constructor() &&
1700 current_frame.flag_this_uninit()) {
1701 verify_error(ErrorContext::bad_code(bci),
1702 "Constructor must call super() or this() "
1703 "before return");
1704 return;
1705 }
1706 no_control_flow = true; break;
1707 case Bytecodes::_getstatic :
1708 case Bytecodes::_putstatic :
1709 // pass TRUE, operand can be an array type for getstatic/putstatic.
1710 verify_field_instructions(
1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_getfield :
1714 case Bytecodes::_putfield :
1715 // pass FALSE, operand can't be an array type for getfield/putfield.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_invokevirtual :
1720 case Bytecodes::_invokespecial :
1721 case Bytecodes::_invokestatic :
1722 case Bytecodes::_invokeinterface :
1723 case Bytecodes::_invokedynamic :
1724 verify_invoke_instructions(
1725 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1726 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1727 no_control_flow = false; break;
1728 case Bytecodes::_new :
1729 {
1730 u2 index = bcs.get_index_u2();
1731 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1732 VerificationType new_class_type =
1733 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1734 if (!new_class_type.is_object()) {
1735 verify_error(ErrorContext::bad_type(bci,
1736 TypeOrigin::cp(index, new_class_type)),
1737 "Illegal new instruction");
1738 return;
1739 }
1740 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1741 current_frame.push_stack(type, CHECK_VERIFY(this));
1742 no_control_flow = false; break;
1743 }
1744 case Bytecodes::_newarray :
1745 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1746 current_frame.pop_stack(
1747 VerificationType::integer_type(), CHECK_VERIFY(this));
1748 current_frame.push_stack(type, CHECK_VERIFY(this));
1749 no_control_flow = false; break;
1750 case Bytecodes::_anewarray :
1751 verify_anewarray(
1752 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 case Bytecodes::_arraylength :
1755 type = current_frame.pop_stack(
1756 VerificationType::reference_check(), CHECK_VERIFY(this));
1757 if (!(type.is_null() || type.is_array())) {
1758 verify_error(ErrorContext::bad_type(
1759 bci, current_frame.stack_top_ctx()),
1760 bad_type_msg, "arraylength");
1761 }
1762 current_frame.push_stack(
1763 VerificationType::integer_type(), CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 case Bytecodes::_checkcast :
1766 {
1767 u2 index = bcs.get_index_u2();
1768 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1769 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1770 VerificationType klass_type = cp_index_to_type(
1771 index, cp, CHECK_VERIFY(this));
1772 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1773 no_control_flow = false; break;
1774 }
1775 case Bytecodes::_instanceof : {
1776 u2 index = bcs.get_index_u2();
1777 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1778 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1779 current_frame.push_stack(
1780 VerificationType::integer_type(), CHECK_VERIFY(this));
1781 no_control_flow = false; break;
1782 }
1783 case Bytecodes::_monitorenter :
1784 case Bytecodes::_monitorexit : {
1785 VerificationType ref = current_frame.pop_stack(
1786 VerificationType::reference_check(), CHECK_VERIFY(this));
1787 no_control_flow = false; break;
1788 }
1789 case Bytecodes::_multianewarray :
1790 {
1791 u2 index = bcs.get_index_u2();
1792 u2 dim = *(bcs.bcp()+3);
1793 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1794 VerificationType new_array_type =
1795 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1796 if (!new_array_type.is_array()) {
1797 verify_error(ErrorContext::bad_type(bci,
1798 TypeOrigin::cp(index, new_array_type)),
1799 "Illegal constant pool index in multianewarray instruction");
1800 return;
1801 }
1802 if (dim < 1 || new_array_type.dimensions() < dim) {
1803 verify_error(ErrorContext::bad_code(bci),
1804 "Illegal dimension in multianewarray instruction: %d", dim);
1805 return;
1806 }
1807 for (int i = 0; i < dim; i++) {
1808 current_frame.pop_stack(
1809 VerificationType::integer_type(), CHECK_VERIFY(this));
1810 }
1811 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1812 no_control_flow = false; break;
1813 }
1814 case Bytecodes::_athrow :
1815 type = VerificationType::reference_type(
1816 vmSymbols::java_lang_Throwable());
1817 current_frame.pop_stack(type, CHECK_VERIFY(this));
1818 no_control_flow = true; break;
1819 default:
1820 // We only need to check the valid bytecodes in class file.
1821 // And jsr and ret are not in the new class file format in JDK1.6.
1822 verify_error(ErrorContext::bad_code(bci),
1823 "Bad instruction: %02x", opcode);
1824 no_control_flow = false;
1825 return;
1826 } // end switch
1827 } // end Merge with the next instruction
1828
1829 // Look for possible jump target in exception handlers and see if it matches
1830 // current_frame. Don't do this check if it has already been done (for
1831 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1832 // opcodes, such as invokespecial, may set the this_uninit flag.
1833 assert(!(verified_exc_handlers && this_uninit),
1834 "Exception handler targets got verified before this_uninit got set");
1835 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1836 if (was_recursively_verified()) return;
1837 verify_exception_handler_targets(
1838 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1839 }
1840 } // end while
1841
1842 // Make sure that control flow does not fall through end of the method
1843 if (!no_control_flow) {
1844 verify_error(ErrorContext::bad_code(code_length),
1845 "Control flow falls through code end");
1846 return;
1847 }
1848 }
1849
1850 #undef bad_type_message
1851
1852 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1853 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1854 memset(code_data, 0, sizeof(char) * code_length);
1855 RawBytecodeStream bcs(m);
1856
1857 while (!bcs.is_last_bytecode()) {
1858 if (bcs.raw_next() != Bytecodes::_illegal) {
1859 int bci = bcs.bci();
1860 if (bcs.raw_code() == Bytecodes::_new) {
1861 code_data[bci] = NEW_OFFSET;
1862 } else {
1863 code_data[bci] = BYTECODE_OFFSET;
1864 }
1865 } else {
1866 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1867 return nullptr;
1868 }
1869 }
1870
1871 return code_data;
1872 }
1873
1874 // Since this method references the constant pool, call was_recursively_verified()
1875 // before calling this method to make sure a prior class load did not cause the
1876 // current class to get verified.
1877 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1878 ExceptionTable exhandlers(_method());
1879 int exlength = exhandlers.length();
1880 constantPoolHandle cp (THREAD, _method->constants());
1881
1882 for(int i = 0; i < exlength; i++) {
1883 u2 start_pc = exhandlers.start_pc(i);
1884 u2 end_pc = exhandlers.end_pc(i);
1885 u2 handler_pc = exhandlers.handler_pc(i);
1886 if (start_pc >= code_length || code_data[start_pc] == 0) {
1887 class_format_error("Illegal exception table start_pc %d", start_pc);
1888 return;
1889 }
1890 if (end_pc != code_length) { // special case: end_pc == code_length
1891 if (end_pc > code_length || code_data[end_pc] == 0) {
1892 class_format_error("Illegal exception table end_pc %d", end_pc);
1893 return;
1894 }
1895 }
1896 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1897 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1898 return;
1899 }
1900 u2 catch_type_index = exhandlers.catch_type_index(i);
1901 if (catch_type_index != 0) {
1902 VerificationType catch_type = cp_index_to_type(
1903 catch_type_index, cp, CHECK_VERIFY(this));
1904 VerificationType throwable =
1905 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1906 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1907 // do that, and we need to avoid a runtime resolution in case we are trying to
1908 // catch OutOfMemoryError.
1909 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1910 cp->klass_at(catch_type_index, CHECK);
1911 }
1912 bool is_subclass = throwable.is_assignable_from(
1913 catch_type, this, false, CHECK_VERIFY(this));
1914 if (!is_subclass) {
1915 // 4286534: should throw VerifyError according to recent spec change
1916 verify_error(ErrorContext::bad_type(handler_pc,
1917 TypeOrigin::cp(catch_type_index, catch_type),
1918 TypeOrigin::implicit(throwable)),
1919 "Catch type is not a subclass "
1920 "of Throwable in exception handler %d", handler_pc);
1921 return;
1922 }
1923 }
1924 if (start_pc < min) min = start_pc;
1925 if (end_pc > max) max = end_pc;
1926 }
1927 }
1928
1929 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1930 int localvariable_table_length = _method->localvariable_table_length();
1931 if (localvariable_table_length > 0) {
1932 LocalVariableTableElement* table = _method->localvariable_table_start();
1933 for (int i = 0; i < localvariable_table_length; i++) {
1934 u2 start_bci = table[i].start_bci;
1935 u2 length = table[i].length;
1936
1937 if (start_bci >= code_length || code_data[start_bci] == 0) {
1938 class_format_error(
1939 "Illegal local variable table start_pc %d", start_bci);
1940 return;
1941 }
1942 u4 end_bci = (u4)(start_bci + length);
1943 if (end_bci != code_length) {
1944 if (end_bci >= code_length || code_data[end_bci] == 0) {
1945 class_format_error( "Illegal local variable table length %d", length);
1946 return;
1947 }
1948 }
1949 }
1950 }
1951 }
1952
1953 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1954 StackMapFrame* current_frame,
1955 StackMapTable* stackmap_table,
1956 bool no_control_flow, TRAPS) {
1957 if (stackmap_index < stackmap_table->get_frame_count()) {
1958 int this_offset = stackmap_table->get_offset(stackmap_index);
1959 if (no_control_flow && this_offset > bci) {
1960 verify_error(ErrorContext::missing_stackmap(bci),
1961 "Expecting a stack map frame");
1962 return 0;
1963 }
1964 if (this_offset == bci) {
1965 ErrorContext ctx;
1966 // See if current stack map can be assigned to the frame in table.
1967 // current_frame is the stackmap frame got from the last instruction.
1968 // If matched, current_frame will be updated by this method.
1969 bool matches = stackmap_table->match_stackmap(
1970 current_frame, this_offset, stackmap_index,
1971 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1972 if (!matches) {
1973 // report type error
1974 verify_error(ctx, "Instruction type does not match stack map");
1975 return 0;
1976 }
1977 stackmap_index++;
1978 } else if (this_offset < bci) {
1979 // current_offset should have met this_offset.
1980 class_format_error("Bad stack map offset %d", this_offset);
1981 return 0;
1982 }
1983 } else if (no_control_flow) {
1984 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1985 return 0;
1986 }
1987 return stackmap_index;
1988 }
1989
1990 // Since this method references the constant pool, call was_recursively_verified()
1991 // before calling this method to make sure a prior class load did not cause the
1992 // current class to get verified.
1993 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1994 StackMapFrame* current_frame,
1995 StackMapTable* stackmap_table, TRAPS) {
1996 constantPoolHandle cp (THREAD, _method->constants());
1997 ExceptionTable exhandlers(_method());
1998 int exlength = exhandlers.length();
1999 for(int i = 0; i < exlength; i++) {
2000 u2 start_pc = exhandlers.start_pc(i);
2001 u2 end_pc = exhandlers.end_pc(i);
2002 u2 handler_pc = exhandlers.handler_pc(i);
2003 int catch_type_index = exhandlers.catch_type_index(i);
2004 if(bci >= start_pc && bci < end_pc) {
2005 u1 flags = current_frame->flags();
2006 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2007 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2008 if (catch_type_index != 0) {
2009 if (was_recursively_verified()) return;
2010 // We know that this index refers to a subclass of Throwable
2011 VerificationType catch_type = cp_index_to_type(
2012 catch_type_index, cp, CHECK_VERIFY(this));
2013 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2014 } else {
2015 VerificationType throwable =
2016 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2017 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2018 }
2019 ErrorContext ctx;
2020 bool matches = stackmap_table->match_stackmap(
2021 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2022 if (!matches) {
2023 verify_error(ctx, "Stack map does not match the one at "
2024 "exception handler %d", handler_pc);
2025 return;
2026 }
2027 }
2028 }
2029 }
2030
2031 void ClassVerifier::verify_cp_index(
2032 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2033 int nconstants = cp->length();
2034 if ((index <= 0) || (index >= nconstants)) {
2035 verify_error(ErrorContext::bad_cp_index(bci, index),
2036 "Illegal constant pool index %d in class %s",
2037 index, cp->pool_holder()->external_name());
2038 return;
2039 }
2040 }
2041
2042 void ClassVerifier::verify_cp_type(
2043 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2044
2045 // In some situations, bytecode rewriting may occur while we're verifying.
2046 // In this case, a constant pool cache exists and some indices refer to that
2047 // instead. Be sure we don't pick up such indices by accident.
2048 // We must check was_recursively_verified() before we get here.
2049 guarantee(cp->cache() == nullptr, "not rewritten yet");
2050
2051 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2052 unsigned int tag = cp->tag_at(index).value();
2053
2054 if ((types & (1 << tag)) == 0) {
2055 verify_error(ErrorContext::bad_cp_index(bci, index),
2056 "Illegal type at constant pool entry %d in class %s",
2057 index, cp->pool_holder()->external_name());
2058 return;
2059 }
2060 }
2061
2062 void ClassVerifier::verify_cp_class_type(
2063 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2064 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2065 constantTag tag = cp->tag_at(index);
2066 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2067 verify_error(ErrorContext::bad_cp_index(bci, index),
2068 "Illegal type at constant pool entry %d in class %s",
2069 index, cp->pool_holder()->external_name());
2070 return;
2071 }
2072 }
2073
2074 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2075 stringStream ss;
2076
2077 ctx.reset_frames();
2078 _exception_type = vmSymbols::java_lang_VerifyError();
2079 _error_context = ctx;
2080 va_list va;
2081 va_start(va, msg);
2082 ss.vprint(msg, va);
2083 va_end(va);
2084 _message = ss.as_string();
2085 #ifdef ASSERT
2086 ResourceMark rm;
2087 const char* exception_name = _exception_type->as_C_string();
2088 Exceptions::debug_check_abort(exception_name, nullptr);
2089 #endif // ndef ASSERT
2090 }
2091
2092 void ClassVerifier::class_format_error(const char* msg, ...) {
2093 stringStream ss;
2094 _exception_type = vmSymbols::java_lang_ClassFormatError();
2095 va_list va;
2096 va_start(va, msg);
2097 ss.vprint(msg, va);
2098 va_end(va);
2099 if (!_method.is_null()) {
2100 ss.print(" in method '");
2101 _method->print_external_name(&ss);
2102 ss.print("'");
2103 }
2104 _message = ss.as_string();
2105 }
2106
2107 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2108 HandleMark hm(THREAD);
2109 // Get current loader and protection domain first.
2110 oop loader = current_class()->class_loader();
2111 oop protection_domain = current_class()->protection_domain();
2112
2113 assert(name_in_supers(name, current_class()), "name should be a super class");
2114
2115 Klass* kls = SystemDictionary::resolve_or_fail(
2116 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2117 true, THREAD);
2118
2119 if (kls != nullptr) {
2120 if (log_is_enabled(Debug, class, resolve)) {
2121 Verifier::trace_class_resolution(kls, current_class());
2122 }
2123 }
2124 return kls;
2125 }
2126
2127 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2128 Klass* target_class,
2129 Symbol* field_name,
2130 Symbol* field_sig,
2131 bool is_method) {
2132 NoSafepointVerifier nosafepoint;
2133
2134 // If target class isn't a super class of this class, we don't worry about this case
2135 if (!this_class->is_subclass_of(target_class)) {
2136 return false;
2137 }
2138 // Check if the specified method or field is protected
2139 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2140 fieldDescriptor fd;
2141 if (is_method) {
2142 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2143 if (m != nullptr && m->is_protected()) {
2144 if (!this_class->is_same_class_package(m->method_holder())) {
2145 return true;
2146 }
2147 }
2148 } else {
2149 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2150 if (member_klass != nullptr && fd.is_protected()) {
2151 if (!this_class->is_same_class_package(member_klass)) {
2152 return true;
2153 }
2154 }
2155 }
2156 return false;
2157 }
2158
2159 void ClassVerifier::verify_ldc(
2160 int opcode, u2 index, StackMapFrame* current_frame,
2161 const constantPoolHandle& cp, int bci, TRAPS) {
2162 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2163 constantTag tag = cp->tag_at(index);
2164 unsigned int types = 0;
2165 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2166 if (!tag.is_unresolved_klass()) {
2167 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2168 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2169 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2170 | (1 << JVM_CONSTANT_Dynamic);
2171 // Note: The class file parser already verified the legality of
2172 // MethodHandle and MethodType constants.
2173 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2174 }
2175 } else {
2176 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2177 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2178 | (1 << JVM_CONSTANT_Dynamic);
2179 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2180 }
2181 if (tag.is_string()) {
2182 current_frame->push_stack(
2183 VerificationType::reference_type(
2184 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2185 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2186 current_frame->push_stack(
2187 VerificationType::reference_type(
2188 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2189 } else if (tag.is_int()) {
2190 current_frame->push_stack(
2191 VerificationType::integer_type(), CHECK_VERIFY(this));
2192 } else if (tag.is_float()) {
2193 current_frame->push_stack(
2194 VerificationType::float_type(), CHECK_VERIFY(this));
2195 } else if (tag.is_double()) {
2196 current_frame->push_stack_2(
2197 VerificationType::double_type(),
2198 VerificationType::double2_type(), CHECK_VERIFY(this));
2199 } else if (tag.is_long()) {
2200 current_frame->push_stack_2(
2201 VerificationType::long_type(),
2202 VerificationType::long2_type(), CHECK_VERIFY(this));
2203 } else if (tag.is_method_handle()) {
2204 current_frame->push_stack(
2205 VerificationType::reference_type(
2206 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2207 } else if (tag.is_method_type()) {
2208 current_frame->push_stack(
2209 VerificationType::reference_type(
2210 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2211 } else if (tag.is_dynamic_constant()) {
2212 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2213 // Field signature was checked in ClassFileParser.
2214 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2215 "Invalid type for dynamic constant");
2216 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2217 "buffer type must match VerificationType size");
2218 uintptr_t constant_type_buffer[2];
2219 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2220 SignatureStream sig_stream(constant_type, false);
2221 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2222 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2223 if (n != opcode_n) {
2224 // wrong kind of ldc; reverify against updated type mask
2225 types &= ~(1 << JVM_CONSTANT_Dynamic);
2226 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2227 }
2228 for (int i = 0; i < n; i++) {
2229 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2230 }
2231 } else {
2232 /* Unreachable? verify_cp_type has already validated the cp type. */
2233 verify_error(
2234 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2235 return;
2236 }
2237 }
2238
2239 void ClassVerifier::verify_switch(
2240 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2241 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2242 int bci = bcs->bci();
2243 address bcp = bcs->bcp();
2244 address aligned_bcp = align_up(bcp + 1, jintSize);
2245
2246 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2247 // 4639449 & 4647081: padding bytes must be 0
2248 u2 padding_offset = 1;
2249 while ((bcp + padding_offset) < aligned_bcp) {
2250 if(*(bcp + padding_offset) != 0) {
2251 verify_error(ErrorContext::bad_code(bci),
2252 "Nonzero padding byte in lookupswitch or tableswitch");
2253 return;
2254 }
2255 padding_offset++;
2256 }
2257 }
2258
2259 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2260 int keys, delta;
2261 current_frame->pop_stack(
2262 VerificationType::integer_type(), CHECK_VERIFY(this));
2263 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2264 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2265 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2266 if (low > high) {
2267 verify_error(ErrorContext::bad_code(bci),
2268 "low must be less than or equal to high in tableswitch");
2269 return;
2270 }
2271 int64_t keys64 = ((int64_t)high - low) + 1;
2272 if (keys64 > 65535) { // Max code length
2273 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2274 return;
2275 }
2276 keys = (int)keys64;
2277 delta = 1;
2278 } else {
2279 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2280 if (keys < 0) {
2281 verify_error(ErrorContext::bad_code(bci),
2282 "number of keys in lookupswitch less than 0");
2283 return;
2284 }
2285 delta = 2;
2286 // Make sure that the lookupswitch items are sorted
2287 for (int i = 0; i < (keys - 1); i++) {
2288 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2289 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2290 if (this_key >= next_key) {
2291 verify_error(ErrorContext::bad_code(bci),
2292 "Bad lookupswitch instruction");
2293 return;
2294 }
2295 }
2296 }
2297 int target = bci + default_offset;
2298 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2299 for (int i = 0; i < keys; i++) {
2300 // Because check_jump_target() may safepoint, the bytecode could have
2301 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2302 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2303 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2304 stackmap_table->check_jump_target(
2305 current_frame, target, CHECK_VERIFY(this));
2306 }
2307 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2308 }
2309
2310 bool ClassVerifier::name_in_supers(
2311 Symbol* ref_name, InstanceKlass* current) {
2312 Klass* super = current->super();
2313 while (super != nullptr) {
2314 if (super->name() == ref_name) {
2315 return true;
2316 }
2317 super = super->super();
2318 }
2319 return false;
2320 }
2321
2322 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2323 StackMapFrame* current_frame,
2324 const constantPoolHandle& cp,
2325 bool allow_arrays,
2326 TRAPS) {
2327 u2 index = bcs->get_index_u2();
2328 verify_cp_type(bcs->bci(), index, cp,
2329 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2330
2331 // Get field name and signature
2332 Symbol* field_name = cp->uncached_name_ref_at(index);
2333 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2334 bool is_getfield = false;
2335
2336 // Field signature was checked in ClassFileParser.
2337 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2338 "Invalid field signature");
2339
2340 // Get referenced class type
2341 VerificationType ref_class_type = cp_ref_index_to_type(
2342 index, cp, CHECK_VERIFY(this));
2343 if (!ref_class_type.is_object() &&
2344 (!allow_arrays || !ref_class_type.is_array())) {
2345 verify_error(ErrorContext::bad_type(bcs->bci(),
2346 TypeOrigin::cp(index, ref_class_type)),
2347 "Expecting reference to class in class %s at constant pool index %d",
2348 _klass->external_name(), index);
2349 return;
2350 }
2351
2352 VerificationType target_class_type = ref_class_type;
2353
2354 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2355 "buffer type must match VerificationType size");
2356 uintptr_t field_type_buffer[2];
2357 VerificationType* field_type = (VerificationType*)field_type_buffer;
2358 // If we make a VerificationType[2] array directly, the compiler calls
2359 // to the c-runtime library to do the allocation instead of just
2360 // stack allocating it. Plus it would run constructors. This shows up
2361 // in performance profiles.
2362
2363 SignatureStream sig_stream(field_sig, false);
2364 VerificationType stack_object_type;
2365 int n = change_sig_to_verificationType(&sig_stream, field_type);
2366 int bci = bcs->bci();
2367 bool is_assignable;
2368 switch (bcs->raw_code()) {
2369 case Bytecodes::_getstatic: {
2370 for (int i = 0; i < n; i++) {
2371 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2372 }
2373 break;
2374 }
2375 case Bytecodes::_putstatic: {
2376 for (int i = n - 1; i >= 0; i--) {
2377 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2378 }
2379 break;
2380 }
2381 case Bytecodes::_getfield: {
2382 is_getfield = true;
2383 stack_object_type = current_frame->pop_stack(
2384 target_class_type, CHECK_VERIFY(this));
2385 goto check_protected;
2386 }
2387 case Bytecodes::_putfield: {
2388 for (int i = n - 1; i >= 0; i--) {
2389 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2390 }
2391 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2392
2393 // Field initialization is allowed before the superclass
2394 // initializer, if the field is defined within the current class.
2395 fieldDescriptor fd;
2396 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2397 target_class_type.equals(current_type());
2398 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2399 if (is_local_field) {
2400 // Set the type to the current type so the is_assignable check passes.
2401 stack_object_type = current_type();
2402 }
2403 } else if (supports_strict_fields(_klass)) {
2404 // `strict` fields are not writable, but only local fields produce verification errors
2405 if (is_local_field && fd.access_flags().is_strict()) {
2406 verify_error(ErrorContext::bad_code(bci),
2407 "Illegal use of putfield on a strict field");
2408 return;
2409 }
2410 }
2411 is_assignable = target_class_type.is_assignable_from(
2412 stack_object_type, this, false, CHECK_VERIFY(this));
2413 if (!is_assignable) {
2414 verify_error(ErrorContext::bad_type(bci,
2415 current_frame->stack_top_ctx(),
2416 TypeOrigin::cp(index, target_class_type)),
2417 "Bad type on operand stack in putfield");
2418 return;
2419 }
2420 }
2421 check_protected: {
2422 if (_this_type == stack_object_type)
2423 break; // stack_object_type must be assignable to _current_class_type
2424 if (was_recursively_verified()) {
2425 if (is_getfield) {
2426 // Push field type for getfield.
2427 for (int i = 0; i < n; i++) {
2428 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2429 }
2430 }
2431 return;
2432 }
2433 Symbol* ref_class_name =
2434 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2435 if (!name_in_supers(ref_class_name, current_class()))
2436 // stack_object_type must be assignable to _current_class_type since:
2437 // 1. stack_object_type must be assignable to ref_class.
2438 // 2. ref_class must be _current_class or a subclass of it. It can't
2439 // be a superclass of it. See revised JVMS 5.4.4.
2440 break;
2441
2442 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2443 if (is_protected_access(current_class(), ref_class_oop, field_name,
2444 field_sig, false)) {
2445 // It's protected access, check if stack object is assignable to
2446 // current class.
2447 is_assignable = current_type().is_assignable_from(
2448 stack_object_type, this, true, CHECK_VERIFY(this));
2449 if (!is_assignable) {
2450 verify_error(ErrorContext::bad_type(bci,
2451 current_frame->stack_top_ctx(),
2452 TypeOrigin::implicit(current_type())),
2453 "Bad access to protected data in %s",
2454 is_getfield ? "getfield" : "putfield");
2455 return;
2456 }
2457 }
2458 break;
2459 }
2460 default: ShouldNotReachHere();
2461 }
2462 if (is_getfield) {
2463 // Push field type for getfield after doing protection check.
2464 for (int i = 0; i < n; i++) {
2465 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2466 }
2467 }
2468 }
2469
2470 // Look at the method's handlers. If the bci is in the handler's try block
2471 // then check if the handler_pc is already on the stack. If not, push it
2472 // unless the handler has already been scanned.
2473 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2474 GrowableArray<u4>* handler_list,
2475 GrowableArray<u4>* handler_stack,
2476 u4 bci) {
2477 int exlength = exhandlers->length();
2478 for(int x = 0; x < exlength; x++) {
2479 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2480 u4 exhandler_pc = exhandlers->handler_pc(x);
2481 if (!handler_list->contains(exhandler_pc)) {
2482 handler_stack->append_if_missing(exhandler_pc);
2483 handler_list->append(exhandler_pc);
2484 }
2485 }
2486 }
2487 }
2488
2489 // Return TRUE if all code paths starting with start_bc_offset end in
2490 // bytecode athrow or loop.
2491 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2492 ResourceMark rm;
2493 // Create bytecode stream.
2494 RawBytecodeStream bcs(method());
2495 int code_length = method()->code_size();
2496 bcs.set_start(start_bc_offset);
2497
2498 // Create stack for storing bytecode start offsets for if* and *switch.
2499 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2500 // Create stack for handlers for try blocks containing this handler.
2501 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2502 // Create list of handlers that have been pushed onto the handler_stack
2503 // so that handlers embedded inside of their own TRY blocks only get
2504 // scanned once.
2505 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2506 // Create list of visited branch opcodes (goto* and if*).
2507 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2508 ExceptionTable exhandlers(_method());
2509
2510 while (true) {
2511 if (bcs.is_last_bytecode()) {
2512 // if no more starting offsets to parse or if at the end of the
2513 // method then return false.
2514 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2515 return false;
2516 // Pop a bytecode starting offset and scan from there.
2517 bcs.set_start(bci_stack->pop());
2518 }
2519 Bytecodes::Code opcode = bcs.raw_next();
2520 int bci = bcs.bci();
2521
2522 // If the bytecode is in a TRY block, push its handlers so they
2523 // will get parsed.
2524 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2525
2526 switch (opcode) {
2527 case Bytecodes::_if_icmpeq:
2528 case Bytecodes::_if_icmpne:
2529 case Bytecodes::_if_icmplt:
2530 case Bytecodes::_if_icmpge:
2531 case Bytecodes::_if_icmpgt:
2532 case Bytecodes::_if_icmple:
2533 case Bytecodes::_ifeq:
2534 case Bytecodes::_ifne:
2535 case Bytecodes::_iflt:
2536 case Bytecodes::_ifge:
2537 case Bytecodes::_ifgt:
2538 case Bytecodes::_ifle:
2539 case Bytecodes::_if_acmpeq:
2540 case Bytecodes::_if_acmpne:
2541 case Bytecodes::_ifnull:
2542 case Bytecodes::_ifnonnull: {
2543 int target = bcs.dest();
2544 if (visited_branches->contains(bci)) {
2545 if (bci_stack->is_empty()) {
2546 if (handler_stack->is_empty()) {
2547 return true;
2548 } else {
2549 // Parse the catch handlers for try blocks containing athrow.
2550 bcs.set_start(handler_stack->pop());
2551 }
2552 } else {
2553 // Pop a bytecode starting offset and scan from there.
2554 bcs.set_start(bci_stack->pop());
2555 }
2556 } else {
2557 if (target > bci) { // forward branch
2558 if (target >= code_length) return false;
2559 // Push the branch target onto the stack.
2560 bci_stack->push(target);
2561 // then, scan bytecodes starting with next.
2562 bcs.set_start(bcs.next_bci());
2563 } else { // backward branch
2564 // Push bytecode offset following backward branch onto the stack.
2565 bci_stack->push(bcs.next_bci());
2566 // Check bytecodes starting with branch target.
2567 bcs.set_start(target);
2568 }
2569 // Record target so we don't branch here again.
2570 visited_branches->append(bci);
2571 }
2572 break;
2573 }
2574
2575 case Bytecodes::_goto:
2576 case Bytecodes::_goto_w: {
2577 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2578 if (visited_branches->contains(bci)) {
2579 if (bci_stack->is_empty()) {
2580 if (handler_stack->is_empty()) {
2581 return true;
2582 } else {
2583 // Parse the catch handlers for try blocks containing athrow.
2584 bcs.set_start(handler_stack->pop());
2585 }
2586 } else {
2587 // Been here before, pop new starting offset from stack.
2588 bcs.set_start(bci_stack->pop());
2589 }
2590 } else {
2591 if (target >= code_length) return false;
2592 // Continue scanning from the target onward.
2593 bcs.set_start(target);
2594 // Record target so we don't branch here again.
2595 visited_branches->append(bci);
2596 }
2597 break;
2598 }
2599
2600 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2601 // is difficult to determine where each switch alternative ends, parse
2602 // each switch alternative until either hit a 'return', 'athrow', or reach
2603 // the end of the method's bytecodes. This is gross but should be okay
2604 // because:
2605 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2606 // constructor invocations should be rare.
2607 // 2. if each switch alternative ends in an athrow then the parsing should be
2608 // short. If there is no athrow then it is bogus code, anyway.
2609 case Bytecodes::_lookupswitch:
2610 case Bytecodes::_tableswitch:
2611 {
2612 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2613 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2614 int keys, delta;
2615 if (opcode == Bytecodes::_tableswitch) {
2616 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2617 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2618 // This is invalid, but let the regular bytecode verifier
2619 // report this because the user will get a better error message.
2620 if (low > high) return true;
2621 keys = high - low + 1;
2622 delta = 1;
2623 } else {
2624 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2625 delta = 2;
2626 }
2627 // Invalid, let the regular bytecode verifier deal with it.
2628 if (keys < 0) return true;
2629
2630 // Push the offset of the next bytecode onto the stack.
2631 bci_stack->push(bcs.next_bci());
2632
2633 // Push the switch alternatives onto the stack.
2634 for (int i = 0; i < keys; i++) {
2635 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2636 if (target > code_length) return false;
2637 bci_stack->push(target);
2638 }
2639
2640 // Start bytecode parsing for the switch at the default alternative.
2641 if (default_offset > code_length) return false;
2642 bcs.set_start(default_offset);
2643 break;
2644 }
2645
2646 case Bytecodes::_return:
2647 return false;
2648
2649 case Bytecodes::_athrow:
2650 {
2651 if (bci_stack->is_empty()) {
2652 if (handler_stack->is_empty()) {
2653 return true;
2654 } else {
2655 // Parse the catch handlers for try blocks containing athrow.
2656 bcs.set_start(handler_stack->pop());
2657 }
2658 } else {
2659 // Pop a bytecode offset and starting scanning from there.
2660 bcs.set_start(bci_stack->pop());
2661 }
2662 }
2663 break;
2664
2665 default:
2666 ;
2667 } // end switch
2668 } // end while loop
2669
2670 return false;
2671 }
2672
2673 void ClassVerifier::verify_invoke_init(
2674 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2675 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2676 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2677 TRAPS) {
2678 int bci = bcs->bci();
2679 VerificationType type = current_frame->pop_stack(
2680 VerificationType::reference_check(), CHECK_VERIFY(this));
2681 if (type == VerificationType::uninitialized_this_type()) {
2682 // The method must be an <init> method of this class or its superclass
2683 Klass* superk = current_class()->super();
2684 if (ref_class_type.name() != current_class()->name() &&
2685 ref_class_type.name() != superk->name()) {
2686 verify_error(ErrorContext::bad_type(bci,
2687 TypeOrigin::implicit(ref_class_type),
2688 TypeOrigin::implicit(current_type())),
2689 "Bad <init> method call");
2690 return;
2691 }
2692
2693 // If this invokespecial call is done from inside of a TRY block then make
2694 // sure that all catch clause paths end in a throw. Otherwise, this can
2695 // result in returning an incomplete object.
2696 if (in_try_block) {
2697 ExceptionTable exhandlers(_method());
2698 int exlength = exhandlers.length();
2699 for(int i = 0; i < exlength; i++) {
2700 u2 start_pc = exhandlers.start_pc(i);
2701 u2 end_pc = exhandlers.end_pc(i);
2702
2703 if (bci >= start_pc && bci < end_pc) {
2704 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2705 verify_error(ErrorContext::bad_code(bci),
2706 "Bad <init> method call from after the start of a try block");
2707 return;
2708 } else if (log_is_enabled(Debug, verification)) {
2709 ResourceMark rm(THREAD);
2710 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2711 current_class()->name()->as_C_string());
2712 }
2713 }
2714 }
2715
2716 // Check the exception handler target stackmaps with the locals from the
2717 // incoming stackmap (before initialize_object() changes them to outgoing
2718 // state).
2719 if (was_recursively_verified()) return;
2720 verify_exception_handler_targets(bci, true, current_frame,
2721 stackmap_table, CHECK_VERIFY(this));
2722 } // in_try_block
2723
2724 current_frame->initialize_object(type, current_type());
2725 *this_uninit = true;
2726 } else if (type.is_uninitialized()) {
2727 u2 new_offset = type.bci();
2728 address new_bcp = bcs->bcp() - bci + new_offset;
2729 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2730 /* Unreachable? Stack map parsing ensures valid type and new
2731 * instructions have a valid BCI. */
2732 verify_error(ErrorContext::bad_code(new_offset),
2733 "Expecting new instruction");
2734 return;
2735 }
2736 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2737 if (was_recursively_verified()) return;
2738 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2739
2740 // The method must be an <init> method of the indicated class
2741 VerificationType new_class_type = cp_index_to_type(
2742 new_class_index, cp, CHECK_VERIFY(this));
2743 if (!new_class_type.equals(ref_class_type)) {
2744 verify_error(ErrorContext::bad_type(bci,
2745 TypeOrigin::cp(new_class_index, new_class_type),
2746 TypeOrigin::cp(ref_class_index, ref_class_type)),
2747 "Call to wrong <init> method");
2748 return;
2749 }
2750 // According to the VM spec, if the referent class is a superclass of the
2751 // current class, and is in a different runtime package, and the method is
2752 // protected, then the objectref must be the current class or a subclass
2753 // of the current class.
2754 VerificationType objectref_type = new_class_type;
2755 if (name_in_supers(ref_class_type.name(), current_class())) {
2756 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2757 if (was_recursively_verified()) return;
2758 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2759 vmSymbols::object_initializer_name(),
2760 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2761 Klass::OverpassLookupMode::find);
2762 // Do nothing if method is not found. Let resolution detect the error.
2763 if (m != nullptr) {
2764 InstanceKlass* mh = m->method_holder();
2765 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2766 bool assignable = current_type().is_assignable_from(
2767 objectref_type, this, true, CHECK_VERIFY(this));
2768 if (!assignable) {
2769 verify_error(ErrorContext::bad_type(bci,
2770 TypeOrigin::cp(new_class_index, objectref_type),
2771 TypeOrigin::implicit(current_type())),
2772 "Bad access to protected <init> method");
2773 return;
2774 }
2775 }
2776 }
2777 }
2778 // Check the exception handler target stackmaps with the locals from the
2779 // incoming stackmap (before initialize_object() changes them to outgoing
2780 // state).
2781 if (in_try_block) {
2782 if (was_recursively_verified()) return;
2783 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2784 stackmap_table, CHECK_VERIFY(this));
2785 }
2786 current_frame->initialize_object(type, new_class_type);
2787 } else {
2788 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2789 "Bad operand type when invoking <init>");
2790 return;
2791 }
2792 }
2793
2794 bool ClassVerifier::is_same_or_direct_interface(
2795 InstanceKlass* klass,
2796 VerificationType klass_type,
2797 VerificationType ref_class_type) {
2798 if (ref_class_type.equals(klass_type)) return true;
2799 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2800 if (local_interfaces != nullptr) {
2801 for (int x = 0; x < local_interfaces->length(); x++) {
2802 InstanceKlass* k = local_interfaces->at(x);
2803 assert (k != nullptr && k->is_interface(), "invalid interface");
2804 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2805 return true;
2806 }
2807 }
2808 }
2809 return false;
2810 }
2811
2812 void ClassVerifier::verify_invoke_instructions(
2813 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2814 bool in_try_block, bool *this_uninit,
2815 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2816 // Make sure the constant pool item is the right type
2817 u2 index = bcs->get_index_u2();
2818 Bytecodes::Code opcode = bcs->raw_code();
2819 unsigned int types = 0;
2820 switch (opcode) {
2821 case Bytecodes::_invokeinterface:
2822 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2823 break;
2824 case Bytecodes::_invokedynamic:
2825 types = 1 << JVM_CONSTANT_InvokeDynamic;
2826 break;
2827 case Bytecodes::_invokespecial:
2828 case Bytecodes::_invokestatic:
2829 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2830 (1 << JVM_CONSTANT_Methodref) :
2831 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2832 break;
2833 default:
2834 types = 1 << JVM_CONSTANT_Methodref;
2835 }
2836 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2837
2838 // Get method name and signature
2839 Symbol* method_name = cp->uncached_name_ref_at(index);
2840 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2841
2842 // Method signature was checked in ClassFileParser.
2843 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2844 "Invalid method signature");
2845
2846 // Get referenced class
2847 VerificationType ref_class_type;
2848 if (opcode == Bytecodes::_invokedynamic) {
2849 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2850 class_format_error(
2851 "invokedynamic instructions not supported by this class file version (%d), class %s",
2852 _klass->major_version(), _klass->external_name());
2853 return;
2854 }
2855 } else {
2856 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2857 }
2858
2859 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2860 "buffer type must match VerificationType size");
2861
2862 // Get the UTF8 index for this signature.
2863 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2864
2865 // Get the signature's verification types.
2866 sig_as_verification_types* mth_sig_verif_types;
2867 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2868 if (mth_sig_verif_types_ptr != nullptr) {
2869 // Found the entry for the signature's verification types in the hash table.
2870 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2871 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2872 } else {
2873 // Not found, add the entry to the table.
2874 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2875 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2876 create_method_sig_entry(mth_sig_verif_types, sig_index);
2877 }
2878
2879 // Get the number of arguments for this signature.
2880 int nargs = mth_sig_verif_types->num_args();
2881
2882 // Check instruction operands
2883 int bci = bcs->bci();
2884 if (opcode == Bytecodes::_invokeinterface) {
2885 address bcp = bcs->bcp();
2886 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2887 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2888 // the difference between the size of the operand stack before and after the instruction
2889 // executes.
2890 if (*(bcp+3) != (nargs+1)) {
2891 verify_error(ErrorContext::bad_code(bci),
2892 "Inconsistent args count operand in invokeinterface");
2893 return;
2894 }
2895 if (*(bcp+4) != 0) {
2896 verify_error(ErrorContext::bad_code(bci),
2897 "Fourth operand byte of invokeinterface must be zero");
2898 return;
2899 }
2900 }
2901
2902 if (opcode == Bytecodes::_invokedynamic) {
2903 address bcp = bcs->bcp();
2904 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2905 verify_error(ErrorContext::bad_code(bci),
2906 "Third and fourth operand bytes of invokedynamic must be zero");
2907 return;
2908 }
2909 }
2910
2911 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2912 // Make sure:
2913 // <init> can only be invoked by invokespecial.
2914 if (opcode != Bytecodes::_invokespecial ||
2915 method_name != vmSymbols::object_initializer_name()) {
2916 verify_error(ErrorContext::bad_code(bci),
2917 "Illegal call to internal method");
2918 return;
2919 }
2920 } else if (opcode == Bytecodes::_invokespecial
2921 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2922 && !ref_class_type.equals(VerificationType::reference_type(
2923 current_class()->super()->name()))) { // super() can never be an inline_type.
2924 bool subtype = false;
2925 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2926 subtype = ref_class_type.is_assignable_from(
2927 current_type(), this, false, CHECK_VERIFY(this));
2928 if (!subtype) {
2929 verify_error(ErrorContext::bad_code(bci),
2930 "Bad invokespecial instruction: "
2931 "current class isn't assignable to reference class.");
2932 return;
2933 } else if (have_imr_indirect) {
2934 verify_error(ErrorContext::bad_code(bci),
2935 "Bad invokespecial instruction: "
2936 "interface method reference is in an indirect superinterface.");
2937 return;
2938 }
2939
2940 }
2941
2942 // Get the verification types for the method's arguments.
2943 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2944 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2945 // Match method descriptor with operand stack
2946 // The arguments are on the stack in descending order.
2947 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2948 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2949 }
2950
2951 // Check objectref on operand stack
2952 if (opcode != Bytecodes::_invokestatic &&
2953 opcode != Bytecodes::_invokedynamic) {
2954 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2955 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2956 code_length, in_try_block, this_uninit, cp, stackmap_table,
2957 CHECK_VERIFY(this));
2958 if (was_recursively_verified()) return;
2959 } else { // other methods
2960 // Ensures that target class is assignable to method class.
2961 if (opcode == Bytecodes::_invokespecial) {
2962 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2963 } else if (opcode == Bytecodes::_invokevirtual) {
2964 VerificationType stack_object_type =
2965 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2966 if (current_type() != stack_object_type) {
2967 if (was_recursively_verified()) return;
2968 assert(cp->cache() == nullptr, "not rewritten yet");
2969 Symbol* ref_class_name =
2970 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2971 // See the comments in verify_field_instructions() for
2972 // the rationale behind this.
2973 if (name_in_supers(ref_class_name, current_class())) {
2974 Klass* ref_class = load_class(ref_class_name, CHECK);
2975 if (is_protected_access(
2976 _klass, ref_class, method_name, method_sig, true)) {
2977 // It's protected access, check if stack object is
2978 // assignable to current class.
2979 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2980 && stack_object_type.is_array()
2981 && method_name == vmSymbols::clone_name()) {
2982 // Special case: arrays pretend to implement public Object
2983 // clone().
2984 } else {
2985 bool is_assignable = current_type().is_assignable_from(
2986 stack_object_type, this, true, CHECK_VERIFY(this));
2987 if (!is_assignable) {
2988 verify_error(ErrorContext::bad_type(bci,
2989 current_frame->stack_top_ctx(),
2990 TypeOrigin::implicit(current_type())),
2991 "Bad access to protected data in invokevirtual");
2992 return;
2993 }
2994 }
2995 }
2996 }
2997 }
2998 } else {
2999 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3000 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3001 }
3002 }
3003 }
3004 // Push the result type.
3005 int sig_verif_types_len = sig_verif_types->length();
3006 if (sig_verif_types_len > nargs) { // There's a return type
3007 if (method_name == vmSymbols::object_initializer_name()) {
3008 // an <init> method must have a void return type
3009 verify_error(ErrorContext::bad_code(bci),
3010 "Return type must be void in <init> method");
3011 return;
3012 }
3013
3014 assert(sig_verif_types_len <= nargs + 2,
3015 "Signature verification types array return type is bogus");
3016 for (int i = nargs; i < sig_verif_types_len; i++) {
3017 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3018 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3019 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3020 }
3021 }
3022 }
3023
3024 VerificationType ClassVerifier::get_newarray_type(
3025 u2 index, int bci, TRAPS) {
3026 const char* from_bt[] = {
3027 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3028 };
3029 if (index < T_BOOLEAN || index > T_LONG) {
3030 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3031 return VerificationType::bogus_type();
3032 }
3033
3034 // from_bt[index] contains the array signature which has a length of 2
3035 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3036 return VerificationType::reference_type(sig);
3037 }
3038
3039 void ClassVerifier::verify_anewarray(
3040 int bci, u2 index, const constantPoolHandle& cp,
3041 StackMapFrame* current_frame, TRAPS) {
3042 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3043 current_frame->pop_stack(
3044 VerificationType::integer_type(), CHECK_VERIFY(this));
3045
3046 if (was_recursively_verified()) return;
3047 VerificationType component_type =
3048 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3049 int length;
3050 char* arr_sig_str;
3051 if (component_type.is_array()) { // it's an array
3052 const char* component_name = component_type.name()->as_utf8();
3053 // Check for more than MAX_ARRAY_DIMENSIONS
3054 length = (int)strlen(component_name);
3055 if (length > MAX_ARRAY_DIMENSIONS &&
3056 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3057 verify_error(ErrorContext::bad_code(bci),
3058 "Illegal anewarray instruction, array has more than 255 dimensions");
3059 }
3060 // add one dimension to component
3061 length++;
3062 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3063 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3064 JVM_SIGNATURE_ARRAY, component_name);
3065 assert(n == length, "Unexpected number of characters in string");
3066 } else { // it's an object or interface
3067 const char* component_name = component_type.name()->as_utf8();
3068 // add one dimension to component with 'L' prepended and ';' postpended.
3069 length = (int)strlen(component_name) + 3;
3070 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3071 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3072 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3073 assert(n == length, "Unexpected number of characters in string");
3074 }
3075 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3076 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3077 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3078 }
3079
3080 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3081 current_frame->get_local(
3082 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3083 current_frame->push_stack(
3084 VerificationType::integer_type(), CHECK_VERIFY(this));
3085 }
3086
3087 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3088 current_frame->get_local_2(
3089 index, VerificationType::long_type(),
3090 VerificationType::long2_type(), CHECK_VERIFY(this));
3091 current_frame->push_stack_2(
3092 VerificationType::long_type(),
3093 VerificationType::long2_type(), CHECK_VERIFY(this));
3094 }
3095
3096 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3097 current_frame->get_local(
3098 index, VerificationType::float_type(), CHECK_VERIFY(this));
3099 current_frame->push_stack(
3100 VerificationType::float_type(), CHECK_VERIFY(this));
3101 }
3102
3103 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3104 current_frame->get_local_2(
3105 index, VerificationType::double_type(),
3106 VerificationType::double2_type(), CHECK_VERIFY(this));
3107 current_frame->push_stack_2(
3108 VerificationType::double_type(),
3109 VerificationType::double2_type(), CHECK_VERIFY(this));
3110 }
3111
3112 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3113 VerificationType type = current_frame->get_local(
3114 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3115 current_frame->push_stack(type, CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3119 current_frame->pop_stack(
3120 VerificationType::integer_type(), CHECK_VERIFY(this));
3121 current_frame->set_local(
3122 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3123 }
3124
3125 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3126 current_frame->pop_stack_2(
3127 VerificationType::long2_type(),
3128 VerificationType::long_type(), CHECK_VERIFY(this));
3129 current_frame->set_local_2(
3130 index, VerificationType::long_type(),
3131 VerificationType::long2_type(), CHECK_VERIFY(this));
3132 }
3133
3134 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3135 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3136 current_frame->set_local(
3137 index, VerificationType::float_type(), CHECK_VERIFY(this));
3138 }
3139
3140 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3141 current_frame->pop_stack_2(
3142 VerificationType::double2_type(),
3143 VerificationType::double_type(), CHECK_VERIFY(this));
3144 current_frame->set_local_2(
3145 index, VerificationType::double_type(),
3146 VerificationType::double2_type(), CHECK_VERIFY(this));
3147 }
3148
3149 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3150 VerificationType type = current_frame->pop_stack(
3151 VerificationType::reference_check(), CHECK_VERIFY(this));
3152 current_frame->set_local(index, type, CHECK_VERIFY(this));
3153 }
3154
3155 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3156 VerificationType type = current_frame->get_local(
3157 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3158 current_frame->set_local(index, type, CHECK_VERIFY(this));
3159 }
3160
3161 void ClassVerifier::verify_return_value(
3162 VerificationType return_type, VerificationType type, int bci,
3163 StackMapFrame* current_frame, TRAPS) {
3164 if (return_type == VerificationType::bogus_type()) {
3165 verify_error(ErrorContext::bad_type(bci,
3166 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3167 "Method does not expect a return value");
3168 return;
3169 }
3170 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3171 if (!match) {
3172 verify_error(ErrorContext::bad_type(bci,
3173 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3174 "Bad return type");
3175 return;
3176 }
3177 }
3178
3179 // The verifier creates symbols which are substrings of Symbols.
3180 // These are stored in the verifier until the end of verification so that
3181 // they can be reference counted.
3182 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3183 // Quick deduplication check
3184 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3185 return _previous_symbol;
3186 }
3187 Symbol* sym = SymbolTable::new_symbol(name, length);
3188 if (!sym->is_permanent()) {
3189 if (_symbols == nullptr) {
3190 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3191 }
3192 _symbols->push(sym);
3193 }
3194 _previous_symbol = sym;
3195 return sym;
3196 }