1 /*
2 * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "jvm.h"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/verifier.hpp"
36 #include "classfile/vmClasses.hpp"
37 #include "classfile/vmSymbols.hpp"
38 #include "interpreter/bytecodes.hpp"
39 #include "interpreter/bytecodeStream.hpp"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define INLINE_TYPE_MAJOR_VERSION 56
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != NULL)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != NULL)
85 return _verify_byte_codes_fn;
86
87 // Load verify dll
88 char buffer[JVM_MAXPATHLEN];
89 char ebuf[1024];
90 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
91 return NULL; // Caller will throw VerifyError
92
93 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
94 if (lib_handle == NULL)
95 return NULL; // Caller will throw VerifyError
96
97 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
98 if (fn == NULL)
99 return NULL; // Caller will throw VerifyError
100
101 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
102 }
103
104
105 // Methods in Verifier
106
107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
108 return (class_loader == NULL || !should_verify_class) ?
109 BytecodeVerificationLocal : BytecodeVerificationRemote;
110 }
111
112 bool Verifier::relax_access_for(oop loader) {
113 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
114 bool need_verify =
115 // verifyAll
116 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
117 // verifyRemote
118 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
119 return !need_verify;
120 }
121
122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
123 assert(verify_class != NULL, "Unexpected null verify_class");
124 ResourceMark rm;
125 Symbol* s = verify_class->source_file_name();
126 const char* source_file = (s != NULL ? s->as_C_string() : NULL);
127 const char* verify = verify_class->external_name();
128 const char* resolve = resolve_class->external_name();
129 // print in a single call to reduce interleaving between threads
130 if (source_file != NULL) {
131 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
132 } else {
133 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
134 }
135 }
136
137 // Prints the end-verification message to the appropriate output.
138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
139 if (pending_exception != NULL) {
140 st->print("Verification for %s has", klassName);
141 oop message = java_lang_Throwable::message(pending_exception);
142 if (message != NULL) {
143 char* ex_msg = java_lang_String::as_utf8_string(message);
144 st->print_cr(" exception pending '%s %s'",
145 pending_exception->klass()->external_name(), ex_msg);
146 } else {
147 st->print_cr(" exception pending %s ",
148 pending_exception->klass()->external_name());
149 }
150 } else if (exception_name != NULL) {
151 st->print_cr("Verification for %s failed", klassName);
152 }
153 st->print_cr("End class verification for: %s", klassName);
154 }
155
156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
157 HandleMark hm(THREAD);
158 ResourceMark rm(THREAD);
159
160 // Eagerly allocate the identity hash code for a klass. This is a fallout
161 // from 6320749 and 8059924: hash code generator is not supposed to be called
162 // during the safepoint, but it allows to sneak the hashcode in during
163 // verification. Without this eager hashcode generation, we may end up
164 // installing the hashcode during some other operation, which may be at
165 // safepoint -- blowing up the checks. It was previously done as the side
166 // effect (sic!) for external_name(), but instead of doing that, we opt to
167 // explicitly push the hashcode in here. This is signify the following block
168 // is IMPORTANT:
169 if (klass->java_mirror() != NULL) {
170 klass->java_mirror()->identity_hash();
171 }
172
173 if (!is_eligible_for_verification(klass, should_verify_class)) {
174 return true;
175 }
176
177 // Timer includes any side effects of class verification (resolution,
178 // etc), but not recursive calls to Verifier::verify().
179 JavaThread* jt = THREAD;
180 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
181 ClassLoader::perf_class_verify_selftime(),
182 ClassLoader::perf_classes_verified(),
183 jt->get_thread_stat()->perf_recursion_counts_addr(),
184 jt->get_thread_stat()->perf_timers_addr(),
185 PerfClassTraceTime::CLASS_VERIFY);
186
187 // If the class should be verified, first see if we can use the split
188 // verifier. If not, or if verification fails and can failover, then
189 // call the inference verifier.
190 Symbol* exception_name = NULL;
191 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
192 char* message_buffer = NULL;
193 char* exception_message = NULL;
194
195 log_info(class, init)("Start class verification for: %s", klass->external_name());
196 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
197 ClassVerifier split_verifier(jt, klass);
198 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
199 split_verifier.verify_class(THREAD);
200 exception_name = split_verifier.result();
201
202 // If DumpSharedSpaces is set then don't fall back to the old verifier on
203 // verification failure. If a class fails verification with the split verifier,
204 // it might fail the CDS runtime verifier constraint check. In that case, we
205 // don't want to share the class. We only archive classes that pass the split
206 // verifier.
207 bool can_failover = !DumpSharedSpaces &&
208 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
209
210 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
211 (exception_name == vmSymbols::java_lang_VerifyError() ||
212 exception_name == vmSymbols::java_lang_ClassFormatError())) {
213 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
214 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
215 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
216 exception_message = message_buffer;
217 exception_name = inference_verify(
218 klass, message_buffer, message_buffer_len, THREAD);
219 }
220 if (exception_name != NULL) {
221 exception_message = split_verifier.exception_message();
222 }
223 } else {
224 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
225 exception_message = message_buffer;
226 exception_name = inference_verify(
227 klass, message_buffer, message_buffer_len, THREAD);
228 }
229
230 LogTarget(Info, class, init) lt1;
231 if (lt1.is_enabled()) {
232 LogStream ls(lt1);
233 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
234 }
235 LogTarget(Info, verification) lt2;
236 if (lt2.is_enabled()) {
237 LogStream ls(lt2);
238 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
239 }
240
241 if (HAS_PENDING_EXCEPTION) {
242 return false; // use the existing exception
243 } else if (exception_name == NULL) {
244 return true; // verification succeeded
245 } else { // VerifyError or ClassFormatError to be created and thrown
246 Klass* kls =
247 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
248 if (log_is_enabled(Debug, class, resolve)) {
249 Verifier::trace_class_resolution(kls, klass);
250 }
251
252 while (kls != NULL) {
253 if (kls == klass) {
254 // If the class being verified is the exception we're creating
255 // or one of it's superclasses, we're in trouble and are going
256 // to infinitely recurse when we try to initialize the exception.
257 // So bail out here by throwing the preallocated VM error.
258 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
259 }
260 kls = kls->super();
261 }
262 if (message_buffer != NULL) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != NULL, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
273
274 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
275
276 return (should_verify_for(klass->class_loader(), should_verify_class) &&
277 // return if the class is a bootstrapping class
278 // or defineClass specified not to verify by default (flags override passed arg)
279 // We need to skip the following four for bootstrapping
280 name != vmSymbols::java_lang_Object() &&
281 name != vmSymbols::java_lang_Class() &&
282 name != vmSymbols::java_lang_String() &&
283 name != vmSymbols::java_lang_Throwable() &&
284
285 // Can not verify the bytecodes for shared classes because they have
286 // already been rewritten to contain constant pool cache indices,
287 // which the verifier can't understand.
288 // Shared classes shouldn't have stackmaps either.
289 // However, bytecodes for shared old classes can be verified because
290 // they have not been rewritten.
291 !(klass->is_shared() && klass->is_rewritten()) &&
292
293 // As of the fix for 4486457 we disable verification for all of the
294 // dynamically-generated bytecodes associated with the 1.4
295 // reflection implementation, not just those associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 // NOTE: this is called too early in the bootstrapping process to be
298 // guarded by Universe::is_gte_jdk14x_version().
299 // Also for lambda generated code, gte jdk8
300 (!is_reflect));
301 }
302
303 Symbol* Verifier::inference_verify(
304 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
305 JavaThread* thread = THREAD;
306
307 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
308
309 if (verify_func == NULL) {
310 jio_snprintf(message, message_len, "Could not link verifier");
311 return vmSymbols::java_lang_VerifyError();
312 }
313
314 ResourceMark rm(thread);
315 log_info(verification)("Verifying class %s with old format", klass->external_name());
316
317 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
318 jint result;
319
320 {
321 HandleMark hm(thread);
322 ThreadToNativeFromVM ttn(thread);
323 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
324 // code knows that we have left the VM
325 JNIEnv *env = thread->jni_environment();
326 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
327 }
328
329 JNIHandles::destroy_local(cls);
330
331 // These numbers are chosen so that VerifyClassCodes interface doesn't need
332 // to be changed (still return jboolean (unsigned char)), and result is
333 // 1 when verification is passed.
334 if (result == 0) {
335 return vmSymbols::java_lang_VerifyError();
336 } else if (result == 1) {
337 return NULL; // verified.
338 } else if (result == 2) {
339 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL);
340 } else if (result == 3) {
341 return vmSymbols::java_lang_ClassFormatError();
342 } else {
343 ShouldNotReachHere();
344 return NULL;
345 }
346 }
347
348 TypeOrigin TypeOrigin::null() {
349 return TypeOrigin();
350 }
351 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
352 assert(frame != NULL, "Must have a frame");
353 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
354 frame->local_at(index));
355 }
356 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
357 assert(frame != NULL, "Must have a frame");
358 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
359 frame->stack_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
362 assert(frame != NULL, "Must have a frame");
363 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
364 frame->local_at(index));
365 }
366 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
367 assert(frame != NULL, "Must have a frame");
368 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
369 frame->stack_at(index));
370 }
371 TypeOrigin TypeOrigin::bad_index(u2 index) {
372 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type());
373 }
374 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
375 return TypeOrigin(CONST_POOL, index, NULL, vt);
376 }
377 TypeOrigin TypeOrigin::signature(VerificationType vt) {
378 return TypeOrigin(SIG, 0, NULL, vt);
379 }
380 TypeOrigin TypeOrigin::implicit(VerificationType t) {
381 return TypeOrigin(IMPLICIT, 0, NULL, t);
382 }
383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
384 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
385 VerificationType::bogus_type());
386 }
387
388 void TypeOrigin::reset_frame() {
389 if (_frame != NULL) {
390 _frame->restore();
391 }
392 }
393
394 void TypeOrigin::details(outputStream* ss) const {
395 _type.print_on(ss);
396 switch (_origin) {
397 case CF_LOCALS:
398 ss->print(" (current frame, locals[%d])", _index);
399 break;
400 case CF_STACK:
401 ss->print(" (current frame, stack[%d])", _index);
402 break;
403 case SM_LOCALS:
404 ss->print(" (stack map, locals[%d])", _index);
405 break;
406 case SM_STACK:
407 ss->print(" (stack map, stack[%d])", _index);
408 break;
409 case CONST_POOL:
410 ss->print(" (constant pool %d)", _index);
411 break;
412 case SIG:
413 ss->print(" (from method signature)");
414 break;
415 case IMPLICIT:
416 case FRAME_ONLY:
417 case NONE:
418 default:
419 ;
420 }
421 }
422
423 #ifdef ASSERT
424 void TypeOrigin::print_on(outputStream* str) const {
425 str->print("{%d,%d,%p:", _origin, _index, _frame);
426 if (_frame != NULL) {
427 _frame->print_on(str);
428 } else {
429 str->print("null");
430 }
431 str->print(",");
432 _type.print_on(str);
433 str->print("}");
434 }
435 #endif
436
437 void ErrorContext::details(outputStream* ss, const Method* method) const {
438 if (is_valid()) {
439 ss->cr();
440 ss->print_cr("Exception Details:");
441 location_details(ss, method);
442 reason_details(ss);
443 frame_details(ss);
444 bytecode_details(ss, method);
445 handler_details(ss, method);
446 stackmap_details(ss, method);
447 }
448 }
449
450 void ErrorContext::reason_details(outputStream* ss) const {
451 streamIndentor si(ss);
452 ss->indent().print_cr("Reason:");
453 streamIndentor si2(ss);
454 ss->indent().print("%s", "");
455 switch (_fault) {
456 case INVALID_BYTECODE:
457 ss->print("Error exists in the bytecode");
458 break;
459 case WRONG_TYPE:
460 if (_expected.is_valid()) {
461 ss->print("Type ");
462 _type.details(ss);
463 ss->print(" is not assignable to ");
464 _expected.details(ss);
465 } else {
466 ss->print("Invalid type: ");
467 _type.details(ss);
468 }
469 break;
470 case FLAGS_MISMATCH:
471 if (_expected.is_valid()) {
472 ss->print("Current frame's flags are not assignable "
473 "to stack map frame's.");
474 } else {
475 ss->print("Current frame's flags are invalid in this context.");
476 }
477 break;
478 case BAD_CP_INDEX:
479 ss->print("Constant pool index %d is invalid", _type.index());
480 break;
481 case BAD_LOCAL_INDEX:
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STACK_OVERFLOW:
491 ss->print("Exceeded max stack size.");
492 break;
493 case STACK_UNDERFLOW:
494 ss->print("Attempt to pop empty stack.");
495 break;
496 case MISSING_STACKMAP:
497 ss->print("Expected stackmap frame at this location.");
498 break;
499 case BAD_STACKMAP:
500 ss->print("Invalid stackmap specification.");
501 break;
502 case WRONG_INLINE_TYPE:
503 ss->print("Type ");
504 _type.details(ss);
505 ss->print(" and type ");
506 _expected.details(ss);
507 ss->print(" must be identical inline types.");
508 break;
509 case UNKNOWN:
510 default:
511 ShouldNotReachHere();
512 ss->print_cr("Unknown");
513 }
514 ss->cr();
515 }
516
517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
518 if (_bci != -1 && method != NULL) {
519 streamIndentor si(ss);
520 const char* bytecode_name = "<invalid>";
521 if (method->validate_bci(_bci) != -1) {
522 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
523 if (Bytecodes::is_defined(code)) {
524 bytecode_name = Bytecodes::name(code);
525 } else {
526 bytecode_name = "<illegal>";
527 }
528 }
529 InstanceKlass* ik = method->method_holder();
530 ss->indent().print_cr("Location:");
531 streamIndentor si2(ss);
532 ss->indent().print_cr("%s.%s%s @%d: %s",
533 ik->name()->as_C_string(), method->name()->as_C_string(),
534 method->signature()->as_C_string(), _bci, bytecode_name);
535 }
536 }
537
538 void ErrorContext::frame_details(outputStream* ss) const {
539 streamIndentor si(ss);
540 if (_type.is_valid() && _type.frame() != NULL) {
541 ss->indent().print_cr("Current Frame:");
542 streamIndentor si2(ss);
543 _type.frame()->print_on(ss);
544 }
545 if (_expected.is_valid() && _expected.frame() != NULL) {
546 ss->indent().print_cr("Stackmap Frame:");
547 streamIndentor si2(ss);
548 _expected.frame()->print_on(ss);
549 }
550 }
551
552 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
553 if (method != NULL) {
554 streamIndentor si(ss);
555 ss->indent().print_cr("Bytecode:");
556 streamIndentor si2(ss);
557 ss->print_data(method->code_base(), method->code_size(), false);
558 }
559 }
560
561 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
562 if (method != NULL) {
563 streamIndentor si(ss);
564 ExceptionTable table(method);
565 if (table.length() > 0) {
566 ss->indent().print_cr("Exception Handler Table:");
567 streamIndentor si2(ss);
568 for (int i = 0; i < table.length(); ++i) {
569 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
570 table.end_pc(i), table.handler_pc(i));
571 }
572 }
573 }
574 }
575
576 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
577 if (method != NULL && method->has_stackmap_table()) {
578 streamIndentor si(ss);
579 ss->indent().print_cr("Stackmap Table:");
580 Array<u1>* data = method->stackmap_data();
581 stack_map_table* sm_table =
582 stack_map_table::at((address)data->adr_at(0));
583 stack_map_frame* sm_frame = sm_table->entries();
584 streamIndentor si2(ss);
585 int current_offset = -1;
586 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
587 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
588 ss->indent();
589 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
590 sm_frame->print_truncated(ss, current_offset);
591 return;
592 }
593 sm_frame->print_on(ss, current_offset);
594 ss->cr();
595 current_offset += sm_frame->offset_delta();
596 sm_frame = sm_frame->next();
597 }
598 }
599 }
600
601 // Methods in ClassVerifier
602
603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
604 if (klass->is_inline_klass()) {
605 return VerificationType::inline_type(klass->name());
606 } else {
607 return VerificationType::reference_type(klass->name());
608 }
609 }
610
611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
612 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
613 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
614 _this_type = reference_or_inline_type(klass);
615 }
616
617 ClassVerifier::~ClassVerifier() {
618 // Decrement the reference count for any symbols created.
619 if (_symbols != NULL) {
620 for (int i = 0; i < _symbols->length(); i++) {
621 Symbol* s = _symbols->at(i);
622 s->decrement_refcount();
623 }
624 }
625 }
626
627 VerificationType ClassVerifier::object_type() const {
628 return VerificationType::reference_type(vmSymbols::java_lang_Object());
629 }
630
631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
632 VerificationType vt = VerificationType::reference_type(
633 create_temporary_symbol(sig, (int)strlen(sig)));
634 return TypeOrigin::implicit(vt);
635 }
636
637
638 void ClassVerifier::verify_class(TRAPS) {
639 log_info(verification)("Verifying class %s with new format", _klass->external_name());
640
641 // Either verifying both local and remote classes or just remote classes.
642 assert(BytecodeVerificationRemote, "Should not be here");
643
644 // Create hash table containing method signatures.
645 method_signatures_table_type method_signatures_table;
646 set_method_signatures_table(&method_signatures_table);
647
648 Array<Method*>* methods = _klass->methods();
649 int num_methods = methods->length();
650
651 for (int index = 0; index < num_methods; index++) {
652 // Check for recursive re-verification before each method.
653 if (was_recursively_verified()) return;
654
655 Method* m = methods->at(index);
656 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
657 // If m is native or abstract, skip it. It is checked in class file
658 // parser that methods do not override a final method. Overpass methods
659 // are trusted since the VM generates them.
660 continue;
661 }
662 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
663 }
664
665 if (was_recursively_verified()){
666 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
667 log_info(class, init)("Recursive verification detected for: %s",
668 _klass->external_name());
669 }
670 }
671
672 // Translate the signature entries into verification types and save them in
673 // the growable array. Also, save the count of arguments.
674 void ClassVerifier::translate_signature(Symbol* const method_sig,
675 sig_as_verification_types* sig_verif_types) {
676 SignatureStream sig_stream(method_sig);
677 VerificationType sig_type[2];
678 int sig_i = 0;
679 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
680
681 // Translate the signature arguments into verification types.
682 while (!sig_stream.at_return_type()) {
683 int n = change_sig_to_verificationType(&sig_stream, sig_type);
684 assert(n <= 2, "Unexpected signature type");
685
686 // Store verification type(s). Longs and Doubles each have two verificationTypes.
687 for (int x = 0; x < n; x++) {
688 verif_types->push(sig_type[x]);
689 }
690 sig_i += n;
691 sig_stream.next();
692 }
693
694 // Set final arg count, not including the return type. The final arg count will
695 // be compared with sig_verify_types' length to see if there is a return type.
696 sig_verif_types->set_num_args(sig_i);
697
698 // Store verification type(s) for the return type, if there is one.
699 if (sig_stream.type() != T_VOID) {
700 int n = change_sig_to_verificationType(&sig_stream, sig_type);
701 assert(n <= 2, "Unexpected signature return type");
702 for (int y = 0; y < n; y++) {
703 verif_types->push(sig_type[y]);
704 }
705 }
706 }
707
708 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
709 int sig_index) {
710 // Translate the signature into verification types.
711 ConstantPool* cp = _klass->constants();
712 Symbol* const method_sig = cp->symbol_at(sig_index);
713 translate_signature(method_sig, sig_verif_types);
714
715 // Add the list of this signature's verification types to the table.
716 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
717 assert(is_unique, "Duplicate entries in method_signature_table");
718 }
719
720 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
721 HandleMark hm(THREAD);
722 _method = m; // initialize _method
723 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
724
725 // For clang, the only good constant format string is a literal constant format string.
726 #define bad_type_msg "Bad type on operand stack in %s"
727
728 int32_t max_stack = m->verifier_max_stack();
729 int32_t max_locals = m->max_locals();
730 constantPoolHandle cp(THREAD, m->constants());
731
732 // Method signature was checked in ClassFileParser.
733 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
734 "Invalid method signature");
735
736 // Initial stack map frame: offset is 0, stack is initially empty.
737 StackMapFrame current_frame(max_locals, max_stack, this);
738 // Set initial locals
739 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
740
741 int32_t stackmap_index = 0; // index to the stackmap array
742
743 u4 code_length = m->code_size();
744
745 // Scan the bytecode and map each instruction's start offset to a number.
746 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
747
748 int ex_min = code_length;
749 int ex_max = -1;
750 // Look through each item on the exception table. Each of the fields must refer
751 // to a legal instruction.
752 if (was_recursively_verified()) return;
753 verify_exception_handler_table(
754 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
755
756 // Look through each entry on the local variable table and make sure
757 // its range of code array offsets is valid. (4169817)
758 if (m->has_localvariable_table()) {
759 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
760 }
761
762 Array<u1>* stackmap_data = m->stackmap_data();
763 StackMapStream stream(stackmap_data);
764 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
765 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
766 code_data, code_length, CHECK_VERIFY(this));
767
768 LogTarget(Debug, verification) lt;
769 if (lt.is_enabled()) {
770 ResourceMark rm(THREAD);
771 LogStream ls(lt);
772 stackmap_table.print_on(&ls);
773 }
774
775 RawBytecodeStream bcs(m);
776
777 // Scan the byte code linearly from the start to the end
778 bool no_control_flow = false; // Set to true when there is no direct control
779 // flow from current instruction to the next
780 // instruction in sequence
781
782 Bytecodes::Code opcode;
783 while (!bcs.is_last_bytecode()) {
784 // Check for recursive re-verification before each bytecode.
785 if (was_recursively_verified()) return;
786
787 opcode = bcs.raw_next();
788 u2 bci = bcs.bci();
789
790 // Set current frame's offset to bci
791 current_frame.set_offset(bci);
792 current_frame.set_mark();
793
794 // Make sure every offset in stackmap table point to the beginning to
795 // an instruction. Match current_frame to stackmap_table entry with
796 // the same offset if exists.
797 stackmap_index = verify_stackmap_table(
798 stackmap_index, bci, ¤t_frame, &stackmap_table,
799 no_control_flow, CHECK_VERIFY(this));
800
801
802 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
803 bool verified_exc_handlers = false;
804
805 // Merge with the next instruction
806 {
807 u2 index;
808 int target;
809 VerificationType type, type2;
810 VerificationType atype;
811
812 LogTarget(Debug, verification) lt;
813 if (lt.is_enabled()) {
814 ResourceMark rm(THREAD);
815 LogStream ls(lt);
816 current_frame.print_on(&ls);
817 lt.print("offset = %d, opcode = %s", bci,
818 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
819 }
820
821 // Make sure wide instruction is in correct format
822 if (bcs.is_wide()) {
823 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
824 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
825 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
826 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
827 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
828 opcode != Bytecodes::_dstore) {
829 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
830 * if we encounter a wide instruction that modifies an invalid
831 * opcode (not one of the ones listed above) */
832 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
833 return;
834 }
835 }
836
837 // Look for possible jump target in exception handlers and see if it
838 // matches current_frame. Do this check here for astore*, dstore*,
839 // fstore*, istore*, and lstore* opcodes because they can change the type
840 // state by adding a local. JVM Spec says that the incoming type state
841 // should be used for this check. So, do the check here before a possible
842 // local is added to the type state.
843 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
844 if (was_recursively_verified()) return;
845 verify_exception_handler_targets(
846 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
847 verified_exc_handlers = true;
848 }
849
850 if (was_recursively_verified()) return;
851
852 switch (opcode) {
853 case Bytecodes::_nop :
854 no_control_flow = false; break;
855 case Bytecodes::_aconst_null :
856 current_frame.push_stack(
857 VerificationType::null_type(), CHECK_VERIFY(this));
858 no_control_flow = false; break;
859 case Bytecodes::_iconst_m1 :
860 case Bytecodes::_iconst_0 :
861 case Bytecodes::_iconst_1 :
862 case Bytecodes::_iconst_2 :
863 case Bytecodes::_iconst_3 :
864 case Bytecodes::_iconst_4 :
865 case Bytecodes::_iconst_5 :
866 current_frame.push_stack(
867 VerificationType::integer_type(), CHECK_VERIFY(this));
868 no_control_flow = false; break;
869 case Bytecodes::_lconst_0 :
870 case Bytecodes::_lconst_1 :
871 current_frame.push_stack_2(
872 VerificationType::long_type(),
873 VerificationType::long2_type(), CHECK_VERIFY(this));
874 no_control_flow = false; break;
875 case Bytecodes::_fconst_0 :
876 case Bytecodes::_fconst_1 :
877 case Bytecodes::_fconst_2 :
878 current_frame.push_stack(
879 VerificationType::float_type(), CHECK_VERIFY(this));
880 no_control_flow = false; break;
881 case Bytecodes::_dconst_0 :
882 case Bytecodes::_dconst_1 :
883 current_frame.push_stack_2(
884 VerificationType::double_type(),
885 VerificationType::double2_type(), CHECK_VERIFY(this));
886 no_control_flow = false; break;
887 case Bytecodes::_sipush :
888 case Bytecodes::_bipush :
889 current_frame.push_stack(
890 VerificationType::integer_type(), CHECK_VERIFY(this));
891 no_control_flow = false; break;
892 case Bytecodes::_ldc :
893 verify_ldc(
894 opcode, bcs.get_index_u1(), ¤t_frame,
895 cp, bci, CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_ldc_w :
898 case Bytecodes::_ldc2_w :
899 verify_ldc(
900 opcode, bcs.get_index_u2(), ¤t_frame,
901 cp, bci, CHECK_VERIFY(this));
902 no_control_flow = false; break;
903 case Bytecodes::_iload :
904 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
905 no_control_flow = false; break;
906 case Bytecodes::_iload_0 :
907 case Bytecodes::_iload_1 :
908 case Bytecodes::_iload_2 :
909 case Bytecodes::_iload_3 :
910 index = opcode - Bytecodes::_iload_0;
911 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_lload :
914 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
915 no_control_flow = false; break;
916 case Bytecodes::_lload_0 :
917 case Bytecodes::_lload_1 :
918 case Bytecodes::_lload_2 :
919 case Bytecodes::_lload_3 :
920 index = opcode - Bytecodes::_lload_0;
921 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
922 no_control_flow = false; break;
923 case Bytecodes::_fload :
924 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
925 no_control_flow = false; break;
926 case Bytecodes::_fload_0 :
927 case Bytecodes::_fload_1 :
928 case Bytecodes::_fload_2 :
929 case Bytecodes::_fload_3 :
930 index = opcode - Bytecodes::_fload_0;
931 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 case Bytecodes::_dload :
934 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
935 no_control_flow = false; break;
936 case Bytecodes::_dload_0 :
937 case Bytecodes::_dload_1 :
938 case Bytecodes::_dload_2 :
939 case Bytecodes::_dload_3 :
940 index = opcode - Bytecodes::_dload_0;
941 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
942 no_control_flow = false; break;
943 case Bytecodes::_aload :
944 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
945 no_control_flow = false; break;
946 case Bytecodes::_aload_0 :
947 case Bytecodes::_aload_1 :
948 case Bytecodes::_aload_2 :
949 case Bytecodes::_aload_3 :
950 index = opcode - Bytecodes::_aload_0;
951 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
952 no_control_flow = false; break;
953 case Bytecodes::_iaload :
954 type = current_frame.pop_stack(
955 VerificationType::integer_type(), CHECK_VERIFY(this));
956 atype = current_frame.pop_stack(
957 VerificationType::reference_check(), CHECK_VERIFY(this));
958 if (!atype.is_int_array()) {
959 verify_error(ErrorContext::bad_type(bci,
960 current_frame.stack_top_ctx(), ref_ctx("[I")),
961 bad_type_msg, "iaload");
962 return;
963 }
964 current_frame.push_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 no_control_flow = false; break;
967 case Bytecodes::_baload :
968 type = current_frame.pop_stack(
969 VerificationType::integer_type(), CHECK_VERIFY(this));
970 atype = current_frame.pop_stack(
971 VerificationType::reference_check(), CHECK_VERIFY(this));
972 if (!atype.is_bool_array() && !atype.is_byte_array()) {
973 verify_error(
974 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
975 bad_type_msg, "baload");
976 return;
977 }
978 current_frame.push_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 no_control_flow = false; break;
981 case Bytecodes::_caload :
982 type = current_frame.pop_stack(
983 VerificationType::integer_type(), CHECK_VERIFY(this));
984 atype = current_frame.pop_stack(
985 VerificationType::reference_check(), CHECK_VERIFY(this));
986 if (!atype.is_char_array()) {
987 verify_error(ErrorContext::bad_type(bci,
988 current_frame.stack_top_ctx(), ref_ctx("[C")),
989 bad_type_msg, "caload");
990 return;
991 }
992 current_frame.push_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 no_control_flow = false; break;
995 case Bytecodes::_saload :
996 type = current_frame.pop_stack(
997 VerificationType::integer_type(), CHECK_VERIFY(this));
998 atype = current_frame.pop_stack(
999 VerificationType::reference_check(), CHECK_VERIFY(this));
1000 if (!atype.is_short_array()) {
1001 verify_error(ErrorContext::bad_type(bci,
1002 current_frame.stack_top_ctx(), ref_ctx("[S")),
1003 bad_type_msg, "saload");
1004 return;
1005 }
1006 current_frame.push_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 no_control_flow = false; break;
1009 case Bytecodes::_laload :
1010 type = current_frame.pop_stack(
1011 VerificationType::integer_type(), CHECK_VERIFY(this));
1012 atype = current_frame.pop_stack(
1013 VerificationType::reference_check(), CHECK_VERIFY(this));
1014 if (!atype.is_long_array()) {
1015 verify_error(ErrorContext::bad_type(bci,
1016 current_frame.stack_top_ctx(), ref_ctx("[J")),
1017 bad_type_msg, "laload");
1018 return;
1019 }
1020 current_frame.push_stack_2(
1021 VerificationType::long_type(),
1022 VerificationType::long2_type(), CHECK_VERIFY(this));
1023 no_control_flow = false; break;
1024 case Bytecodes::_faload :
1025 type = current_frame.pop_stack(
1026 VerificationType::integer_type(), CHECK_VERIFY(this));
1027 atype = current_frame.pop_stack(
1028 VerificationType::reference_check(), CHECK_VERIFY(this));
1029 if (!atype.is_float_array()) {
1030 verify_error(ErrorContext::bad_type(bci,
1031 current_frame.stack_top_ctx(), ref_ctx("[F")),
1032 bad_type_msg, "faload");
1033 return;
1034 }
1035 current_frame.push_stack(
1036 VerificationType::float_type(), CHECK_VERIFY(this));
1037 no_control_flow = false; break;
1038 case Bytecodes::_daload :
1039 type = current_frame.pop_stack(
1040 VerificationType::integer_type(), CHECK_VERIFY(this));
1041 atype = current_frame.pop_stack(
1042 VerificationType::reference_check(), CHECK_VERIFY(this));
1043 if (!atype.is_double_array()) {
1044 verify_error(ErrorContext::bad_type(bci,
1045 current_frame.stack_top_ctx(), ref_ctx("[D")),
1046 bad_type_msg, "daload");
1047 return;
1048 }
1049 current_frame.push_stack_2(
1050 VerificationType::double_type(),
1051 VerificationType::double2_type(), CHECK_VERIFY(this));
1052 no_control_flow = false; break;
1053 case Bytecodes::_aaload : {
1054 type = current_frame.pop_stack(
1055 VerificationType::integer_type(), CHECK_VERIFY(this));
1056 atype = current_frame.pop_stack(
1057 VerificationType::reference_check(), CHECK_VERIFY(this));
1058 if (!atype.is_nonscalar_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(),
1061 TypeOrigin::implicit(VerificationType::reference_check())),
1062 bad_type_msg, "aaload");
1063 return;
1064 }
1065 if (atype.is_null()) {
1066 current_frame.push_stack(
1067 VerificationType::null_type(), CHECK_VERIFY(this));
1068 } else {
1069 VerificationType component = atype.get_component(this);
1070 current_frame.push_stack(component, CHECK_VERIFY(this));
1071 }
1072 no_control_flow = false; break;
1073 }
1074 case Bytecodes::_istore :
1075 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_istore_0 :
1078 case Bytecodes::_istore_1 :
1079 case Bytecodes::_istore_2 :
1080 case Bytecodes::_istore_3 :
1081 index = opcode - Bytecodes::_istore_0;
1082 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1083 no_control_flow = false; break;
1084 case Bytecodes::_lstore :
1085 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 case Bytecodes::_lstore_0 :
1088 case Bytecodes::_lstore_1 :
1089 case Bytecodes::_lstore_2 :
1090 case Bytecodes::_lstore_3 :
1091 index = opcode - Bytecodes::_lstore_0;
1092 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1093 no_control_flow = false; break;
1094 case Bytecodes::_fstore :
1095 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1096 no_control_flow = false; break;
1097 case Bytecodes::_fstore_0 :
1098 case Bytecodes::_fstore_1 :
1099 case Bytecodes::_fstore_2 :
1100 case Bytecodes::_fstore_3 :
1101 index = opcode - Bytecodes::_fstore_0;
1102 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1103 no_control_flow = false; break;
1104 case Bytecodes::_dstore :
1105 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1106 no_control_flow = false; break;
1107 case Bytecodes::_dstore_0 :
1108 case Bytecodes::_dstore_1 :
1109 case Bytecodes::_dstore_2 :
1110 case Bytecodes::_dstore_3 :
1111 index = opcode - Bytecodes::_dstore_0;
1112 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1113 no_control_flow = false; break;
1114 case Bytecodes::_astore :
1115 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1116 no_control_flow = false; break;
1117 case Bytecodes::_astore_0 :
1118 case Bytecodes::_astore_1 :
1119 case Bytecodes::_astore_2 :
1120 case Bytecodes::_astore_3 :
1121 index = opcode - Bytecodes::_astore_0;
1122 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1123 no_control_flow = false; break;
1124 case Bytecodes::_iastore :
1125 type = current_frame.pop_stack(
1126 VerificationType::integer_type(), CHECK_VERIFY(this));
1127 type2 = current_frame.pop_stack(
1128 VerificationType::integer_type(), CHECK_VERIFY(this));
1129 atype = current_frame.pop_stack(
1130 VerificationType::reference_check(), CHECK_VERIFY(this));
1131 if (!atype.is_int_array()) {
1132 verify_error(ErrorContext::bad_type(bci,
1133 current_frame.stack_top_ctx(), ref_ctx("[I")),
1134 bad_type_msg, "iastore");
1135 return;
1136 }
1137 no_control_flow = false; break;
1138 case Bytecodes::_bastore :
1139 type = current_frame.pop_stack(
1140 VerificationType::integer_type(), CHECK_VERIFY(this));
1141 type2 = current_frame.pop_stack(
1142 VerificationType::integer_type(), CHECK_VERIFY(this));
1143 atype = current_frame.pop_stack(
1144 VerificationType::reference_check(), CHECK_VERIFY(this));
1145 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1146 verify_error(
1147 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1148 bad_type_msg, "bastore");
1149 return;
1150 }
1151 no_control_flow = false; break;
1152 case Bytecodes::_castore :
1153 current_frame.pop_stack(
1154 VerificationType::integer_type(), CHECK_VERIFY(this));
1155 current_frame.pop_stack(
1156 VerificationType::integer_type(), CHECK_VERIFY(this));
1157 atype = current_frame.pop_stack(
1158 VerificationType::reference_check(), CHECK_VERIFY(this));
1159 if (!atype.is_char_array()) {
1160 verify_error(ErrorContext::bad_type(bci,
1161 current_frame.stack_top_ctx(), ref_ctx("[C")),
1162 bad_type_msg, "castore");
1163 return;
1164 }
1165 no_control_flow = false; break;
1166 case Bytecodes::_sastore :
1167 current_frame.pop_stack(
1168 VerificationType::integer_type(), CHECK_VERIFY(this));
1169 current_frame.pop_stack(
1170 VerificationType::integer_type(), CHECK_VERIFY(this));
1171 atype = current_frame.pop_stack(
1172 VerificationType::reference_check(), CHECK_VERIFY(this));
1173 if (!atype.is_short_array()) {
1174 verify_error(ErrorContext::bad_type(bci,
1175 current_frame.stack_top_ctx(), ref_ctx("[S")),
1176 bad_type_msg, "sastore");
1177 return;
1178 }
1179 no_control_flow = false; break;
1180 case Bytecodes::_lastore :
1181 current_frame.pop_stack_2(
1182 VerificationType::long2_type(),
1183 VerificationType::long_type(), CHECK_VERIFY(this));
1184 current_frame.pop_stack(
1185 VerificationType::integer_type(), CHECK_VERIFY(this));
1186 atype = current_frame.pop_stack(
1187 VerificationType::reference_check(), CHECK_VERIFY(this));
1188 if (!atype.is_long_array()) {
1189 verify_error(ErrorContext::bad_type(bci,
1190 current_frame.stack_top_ctx(), ref_ctx("[J")),
1191 bad_type_msg, "lastore");
1192 return;
1193 }
1194 no_control_flow = false; break;
1195 case Bytecodes::_fastore :
1196 current_frame.pop_stack(
1197 VerificationType::float_type(), CHECK_VERIFY(this));
1198 current_frame.pop_stack
1199 (VerificationType::integer_type(), CHECK_VERIFY(this));
1200 atype = current_frame.pop_stack(
1201 VerificationType::reference_check(), CHECK_VERIFY(this));
1202 if (!atype.is_float_array()) {
1203 verify_error(ErrorContext::bad_type(bci,
1204 current_frame.stack_top_ctx(), ref_ctx("[F")),
1205 bad_type_msg, "fastore");
1206 return;
1207 }
1208 no_control_flow = false; break;
1209 case Bytecodes::_dastore :
1210 current_frame.pop_stack_2(
1211 VerificationType::double2_type(),
1212 VerificationType::double_type(), CHECK_VERIFY(this));
1213 current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 if (!atype.is_double_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220 bad_type_msg, "dastore");
1221 return;
1222 }
1223 no_control_flow = false; break;
1224 case Bytecodes::_aastore :
1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226 type2 = current_frame.pop_stack(
1227 VerificationType::integer_type(), CHECK_VERIFY(this));
1228 atype = current_frame.pop_stack(
1229 VerificationType::reference_check(), CHECK_VERIFY(this));
1230 // more type-checking is done at runtime
1231 if (!atype.is_nonscalar_array()) {
1232 verify_error(ErrorContext::bad_type(bci,
1233 current_frame.stack_top_ctx(),
1234 TypeOrigin::implicit(VerificationType::reference_check())),
1235 bad_type_msg, "aastore");
1236 return;
1237 }
1238 // 4938384: relaxed constraint in JVMS 3nd edition.
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop :
1241 current_frame.pop_stack(
1242 VerificationType::category1_check(), CHECK_VERIFY(this));
1243 no_control_flow = false; break;
1244 case Bytecodes::_pop2 :
1245 type = current_frame.pop_stack(CHECK_VERIFY(this));
1246 if (type.is_category1()) {
1247 current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 } else if (type.is_category2_2nd()) {
1250 current_frame.pop_stack(
1251 VerificationType::category2_check(), CHECK_VERIFY(this));
1252 } else {
1253 /* Unreachable? Would need a category2_1st on TOS
1254 * which does not appear possible. */
1255 verify_error(
1256 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1257 bad_type_msg, "pop2");
1258 return;
1259 }
1260 no_control_flow = false; break;
1261 case Bytecodes::_dup :
1262 type = current_frame.pop_stack(
1263 VerificationType::category1_check(), CHECK_VERIFY(this));
1264 current_frame.push_stack(type, CHECK_VERIFY(this));
1265 current_frame.push_stack(type, CHECK_VERIFY(this));
1266 no_control_flow = false; break;
1267 case Bytecodes::_dup_x1 :
1268 type = current_frame.pop_stack(
1269 VerificationType::category1_check(), CHECK_VERIFY(this));
1270 type2 = current_frame.pop_stack(
1271 VerificationType::category1_check(), CHECK_VERIFY(this));
1272 current_frame.push_stack(type, CHECK_VERIFY(this));
1273 current_frame.push_stack(type2, CHECK_VERIFY(this));
1274 current_frame.push_stack(type, CHECK_VERIFY(this));
1275 no_control_flow = false; break;
1276 case Bytecodes::_dup_x2 :
1277 {
1278 VerificationType type3;
1279 type = current_frame.pop_stack(
1280 VerificationType::category1_check(), CHECK_VERIFY(this));
1281 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1282 if (type2.is_category1()) {
1283 type3 = current_frame.pop_stack(
1284 VerificationType::category1_check(), CHECK_VERIFY(this));
1285 } else if (type2.is_category2_2nd()) {
1286 type3 = current_frame.pop_stack(
1287 VerificationType::category2_check(), CHECK_VERIFY(this));
1288 } else {
1289 /* Unreachable? Would need a category2_1st at stack depth 2 with
1290 * a category1 on TOS which does not appear possible. */
1291 verify_error(ErrorContext::bad_type(
1292 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1293 return;
1294 }
1295 current_frame.push_stack(type, CHECK_VERIFY(this));
1296 current_frame.push_stack(type3, CHECK_VERIFY(this));
1297 current_frame.push_stack(type2, CHECK_VERIFY(this));
1298 current_frame.push_stack(type, CHECK_VERIFY(this));
1299 no_control_flow = false; break;
1300 }
1301 case Bytecodes::_dup2 :
1302 type = current_frame.pop_stack(CHECK_VERIFY(this));
1303 if (type.is_category1()) {
1304 type2 = current_frame.pop_stack(
1305 VerificationType::category1_check(), CHECK_VERIFY(this));
1306 } else if (type.is_category2_2nd()) {
1307 type2 = current_frame.pop_stack(
1308 VerificationType::category2_check(), CHECK_VERIFY(this));
1309 } else {
1310 /* Unreachable? Would need a category2_1st on TOS which does not
1311 * appear possible. */
1312 verify_error(
1313 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1314 bad_type_msg, "dup2");
1315 return;
1316 }
1317 current_frame.push_stack(type2, CHECK_VERIFY(this));
1318 current_frame.push_stack(type, CHECK_VERIFY(this));
1319 current_frame.push_stack(type2, CHECK_VERIFY(this));
1320 current_frame.push_stack(type, CHECK_VERIFY(this));
1321 no_control_flow = false; break;
1322 case Bytecodes::_dup2_x1 :
1323 {
1324 VerificationType type3;
1325 type = current_frame.pop_stack(CHECK_VERIFY(this));
1326 if (type.is_category1()) {
1327 type2 = current_frame.pop_stack(
1328 VerificationType::category1_check(), CHECK_VERIFY(this));
1329 } else if (type.is_category2_2nd()) {
1330 type2 = current_frame.pop_stack(
1331 VerificationType::category2_check(), CHECK_VERIFY(this));
1332 } else {
1333 /* Unreachable? Would need a category2_1st on TOS which does
1334 * not appear possible. */
1335 verify_error(
1336 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1337 bad_type_msg, "dup2_x1");
1338 return;
1339 }
1340 type3 = current_frame.pop_stack(
1341 VerificationType::category1_check(), CHECK_VERIFY(this));
1342 current_frame.push_stack(type2, CHECK_VERIFY(this));
1343 current_frame.push_stack(type, CHECK_VERIFY(this));
1344 current_frame.push_stack(type3, CHECK_VERIFY(this));
1345 current_frame.push_stack(type2, CHECK_VERIFY(this));
1346 current_frame.push_stack(type, CHECK_VERIFY(this));
1347 no_control_flow = false; break;
1348 }
1349 case Bytecodes::_dup2_x2 :
1350 {
1351 VerificationType type3, type4;
1352 type = current_frame.pop_stack(CHECK_VERIFY(this));
1353 if (type.is_category1()) {
1354 type2 = current_frame.pop_stack(
1355 VerificationType::category1_check(), CHECK_VERIFY(this));
1356 } else if (type.is_category2_2nd()) {
1357 type2 = current_frame.pop_stack(
1358 VerificationType::category2_check(), CHECK_VERIFY(this));
1359 } else {
1360 /* Unreachable? Would need a category2_1st on TOS which does
1361 * not appear possible. */
1362 verify_error(
1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364 bad_type_msg, "dup2_x2");
1365 return;
1366 }
1367 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1368 if (type3.is_category1()) {
1369 type4 = current_frame.pop_stack(
1370 VerificationType::category1_check(), CHECK_VERIFY(this));
1371 } else if (type3.is_category2_2nd()) {
1372 type4 = current_frame.pop_stack(
1373 VerificationType::category2_check(), CHECK_VERIFY(this));
1374 } else {
1375 /* Unreachable? Would need a category2_1st on TOS after popping
1376 * a long/double or two category 1's, which does not
1377 * appear possible. */
1378 verify_error(
1379 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1380 bad_type_msg, "dup2_x2");
1381 return;
1382 }
1383 current_frame.push_stack(type2, CHECK_VERIFY(this));
1384 current_frame.push_stack(type, CHECK_VERIFY(this));
1385 current_frame.push_stack(type4, CHECK_VERIFY(this));
1386 current_frame.push_stack(type3, CHECK_VERIFY(this));
1387 current_frame.push_stack(type2, CHECK_VERIFY(this));
1388 current_frame.push_stack(type, CHECK_VERIFY(this));
1389 no_control_flow = false; break;
1390 }
1391 case Bytecodes::_swap :
1392 type = current_frame.pop_stack(
1393 VerificationType::category1_check(), CHECK_VERIFY(this));
1394 type2 = current_frame.pop_stack(
1395 VerificationType::category1_check(), CHECK_VERIFY(this));
1396 current_frame.push_stack(type, CHECK_VERIFY(this));
1397 current_frame.push_stack(type2, CHECK_VERIFY(this));
1398 no_control_flow = false; break;
1399 case Bytecodes::_iadd :
1400 case Bytecodes::_isub :
1401 case Bytecodes::_imul :
1402 case Bytecodes::_idiv :
1403 case Bytecodes::_irem :
1404 case Bytecodes::_ishl :
1405 case Bytecodes::_ishr :
1406 case Bytecodes::_iushr :
1407 case Bytecodes::_ior :
1408 case Bytecodes::_ixor :
1409 case Bytecodes::_iand :
1410 current_frame.pop_stack(
1411 VerificationType::integer_type(), CHECK_VERIFY(this));
1412 // fall through
1413 case Bytecodes::_ineg :
1414 current_frame.pop_stack(
1415 VerificationType::integer_type(), CHECK_VERIFY(this));
1416 current_frame.push_stack(
1417 VerificationType::integer_type(), CHECK_VERIFY(this));
1418 no_control_flow = false; break;
1419 case Bytecodes::_ladd :
1420 case Bytecodes::_lsub :
1421 case Bytecodes::_lmul :
1422 case Bytecodes::_ldiv :
1423 case Bytecodes::_lrem :
1424 case Bytecodes::_land :
1425 case Bytecodes::_lor :
1426 case Bytecodes::_lxor :
1427 current_frame.pop_stack_2(
1428 VerificationType::long2_type(),
1429 VerificationType::long_type(), CHECK_VERIFY(this));
1430 // fall through
1431 case Bytecodes::_lneg :
1432 current_frame.pop_stack_2(
1433 VerificationType::long2_type(),
1434 VerificationType::long_type(), CHECK_VERIFY(this));
1435 current_frame.push_stack_2(
1436 VerificationType::long_type(),
1437 VerificationType::long2_type(), CHECK_VERIFY(this));
1438 no_control_flow = false; break;
1439 case Bytecodes::_lshl :
1440 case Bytecodes::_lshr :
1441 case Bytecodes::_lushr :
1442 current_frame.pop_stack(
1443 VerificationType::integer_type(), CHECK_VERIFY(this));
1444 current_frame.pop_stack_2(
1445 VerificationType::long2_type(),
1446 VerificationType::long_type(), CHECK_VERIFY(this));
1447 current_frame.push_stack_2(
1448 VerificationType::long_type(),
1449 VerificationType::long2_type(), CHECK_VERIFY(this));
1450 no_control_flow = false; break;
1451 case Bytecodes::_fadd :
1452 case Bytecodes::_fsub :
1453 case Bytecodes::_fmul :
1454 case Bytecodes::_fdiv :
1455 case Bytecodes::_frem :
1456 current_frame.pop_stack(
1457 VerificationType::float_type(), CHECK_VERIFY(this));
1458 // fall through
1459 case Bytecodes::_fneg :
1460 current_frame.pop_stack(
1461 VerificationType::float_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack(
1463 VerificationType::float_type(), CHECK_VERIFY(this));
1464 no_control_flow = false; break;
1465 case Bytecodes::_dadd :
1466 case Bytecodes::_dsub :
1467 case Bytecodes::_dmul :
1468 case Bytecodes::_ddiv :
1469 case Bytecodes::_drem :
1470 current_frame.pop_stack_2(
1471 VerificationType::double2_type(),
1472 VerificationType::double_type(), CHECK_VERIFY(this));
1473 // fall through
1474 case Bytecodes::_dneg :
1475 current_frame.pop_stack_2(
1476 VerificationType::double2_type(),
1477 VerificationType::double_type(), CHECK_VERIFY(this));
1478 current_frame.push_stack_2(
1479 VerificationType::double_type(),
1480 VerificationType::double2_type(), CHECK_VERIFY(this));
1481 no_control_flow = false; break;
1482 case Bytecodes::_iinc :
1483 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_i2l :
1486 type = current_frame.pop_stack(
1487 VerificationType::integer_type(), CHECK_VERIFY(this));
1488 current_frame.push_stack_2(
1489 VerificationType::long_type(),
1490 VerificationType::long2_type(), CHECK_VERIFY(this));
1491 no_control_flow = false; break;
1492 case Bytecodes::_l2i :
1493 current_frame.pop_stack_2(
1494 VerificationType::long2_type(),
1495 VerificationType::long_type(), CHECK_VERIFY(this));
1496 current_frame.push_stack(
1497 VerificationType::integer_type(), CHECK_VERIFY(this));
1498 no_control_flow = false; break;
1499 case Bytecodes::_i2f :
1500 current_frame.pop_stack(
1501 VerificationType::integer_type(), CHECK_VERIFY(this));
1502 current_frame.push_stack(
1503 VerificationType::float_type(), CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_i2d :
1506 current_frame.pop_stack(
1507 VerificationType::integer_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack_2(
1509 VerificationType::double_type(),
1510 VerificationType::double2_type(), CHECK_VERIFY(this));
1511 no_control_flow = false; break;
1512 case Bytecodes::_l2f :
1513 current_frame.pop_stack_2(
1514 VerificationType::long2_type(),
1515 VerificationType::long_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack(
1517 VerificationType::float_type(), CHECK_VERIFY(this));
1518 no_control_flow = false; break;
1519 case Bytecodes::_l2d :
1520 current_frame.pop_stack_2(
1521 VerificationType::long2_type(),
1522 VerificationType::long_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack_2(
1524 VerificationType::double_type(),
1525 VerificationType::double2_type(), CHECK_VERIFY(this));
1526 no_control_flow = false; break;
1527 case Bytecodes::_f2i :
1528 current_frame.pop_stack(
1529 VerificationType::float_type(), CHECK_VERIFY(this));
1530 current_frame.push_stack(
1531 VerificationType::integer_type(), CHECK_VERIFY(this));
1532 no_control_flow = false; break;
1533 case Bytecodes::_f2l :
1534 current_frame.pop_stack(
1535 VerificationType::float_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack_2(
1537 VerificationType::long_type(),
1538 VerificationType::long2_type(), CHECK_VERIFY(this));
1539 no_control_flow = false; break;
1540 case Bytecodes::_f2d :
1541 current_frame.pop_stack(
1542 VerificationType::float_type(), CHECK_VERIFY(this));
1543 current_frame.push_stack_2(
1544 VerificationType::double_type(),
1545 VerificationType::double2_type(), CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_d2i :
1548 current_frame.pop_stack_2(
1549 VerificationType::double2_type(),
1550 VerificationType::double_type(), CHECK_VERIFY(this));
1551 current_frame.push_stack(
1552 VerificationType::integer_type(), CHECK_VERIFY(this));
1553 no_control_flow = false; break;
1554 case Bytecodes::_d2l :
1555 current_frame.pop_stack_2(
1556 VerificationType::double2_type(),
1557 VerificationType::double_type(), CHECK_VERIFY(this));
1558 current_frame.push_stack_2(
1559 VerificationType::long_type(),
1560 VerificationType::long2_type(), CHECK_VERIFY(this));
1561 no_control_flow = false; break;
1562 case Bytecodes::_d2f :
1563 current_frame.pop_stack_2(
1564 VerificationType::double2_type(),
1565 VerificationType::double_type(), CHECK_VERIFY(this));
1566 current_frame.push_stack(
1567 VerificationType::float_type(), CHECK_VERIFY(this));
1568 no_control_flow = false; break;
1569 case Bytecodes::_i2b :
1570 case Bytecodes::_i2c :
1571 case Bytecodes::_i2s :
1572 current_frame.pop_stack(
1573 VerificationType::integer_type(), CHECK_VERIFY(this));
1574 current_frame.push_stack(
1575 VerificationType::integer_type(), CHECK_VERIFY(this));
1576 no_control_flow = false; break;
1577 case Bytecodes::_lcmp :
1578 current_frame.pop_stack_2(
1579 VerificationType::long2_type(),
1580 VerificationType::long_type(), CHECK_VERIFY(this));
1581 current_frame.pop_stack_2(
1582 VerificationType::long2_type(),
1583 VerificationType::long_type(), CHECK_VERIFY(this));
1584 current_frame.push_stack(
1585 VerificationType::integer_type(), CHECK_VERIFY(this));
1586 no_control_flow = false; break;
1587 case Bytecodes::_fcmpl :
1588 case Bytecodes::_fcmpg :
1589 current_frame.pop_stack(
1590 VerificationType::float_type(), CHECK_VERIFY(this));
1591 current_frame.pop_stack(
1592 VerificationType::float_type(), CHECK_VERIFY(this));
1593 current_frame.push_stack(
1594 VerificationType::integer_type(), CHECK_VERIFY(this));
1595 no_control_flow = false; break;
1596 case Bytecodes::_dcmpl :
1597 case Bytecodes::_dcmpg :
1598 current_frame.pop_stack_2(
1599 VerificationType::double2_type(),
1600 VerificationType::double_type(), CHECK_VERIFY(this));
1601 current_frame.pop_stack_2(
1602 VerificationType::double2_type(),
1603 VerificationType::double_type(), CHECK_VERIFY(this));
1604 current_frame.push_stack(
1605 VerificationType::integer_type(), CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 case Bytecodes::_if_icmpeq:
1608 case Bytecodes::_if_icmpne:
1609 case Bytecodes::_if_icmplt:
1610 case Bytecodes::_if_icmpge:
1611 case Bytecodes::_if_icmpgt:
1612 case Bytecodes::_if_icmple:
1613 current_frame.pop_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifeq:
1617 case Bytecodes::_ifne:
1618 case Bytecodes::_iflt:
1619 case Bytecodes::_ifge:
1620 case Bytecodes::_ifgt:
1621 case Bytecodes::_ifle:
1622 current_frame.pop_stack(
1623 VerificationType::integer_type(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target(
1626 ¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_if_acmpeq :
1629 case Bytecodes::_if_acmpne :
1630 current_frame.pop_stack(
1631 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1632 // fall through
1633 case Bytecodes::_ifnull :
1634 case Bytecodes::_ifnonnull :
1635 current_frame.pop_stack(
1636 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1637 target = bcs.dest();
1638 stackmap_table.check_jump_target
1639 (¤t_frame, target, CHECK_VERIFY(this));
1640 no_control_flow = false; break;
1641 case Bytecodes::_goto :
1642 target = bcs.dest();
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, target, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_goto_w :
1647 target = bcs.dest_w();
1648 stackmap_table.check_jump_target(
1649 ¤t_frame, target, CHECK_VERIFY(this));
1650 no_control_flow = true; break;
1651 case Bytecodes::_tableswitch :
1652 case Bytecodes::_lookupswitch :
1653 verify_switch(
1654 &bcs, code_length, code_data, ¤t_frame,
1655 &stackmap_table, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1657 case Bytecodes::_ireturn :
1658 type = current_frame.pop_stack(
1659 VerificationType::integer_type(), CHECK_VERIFY(this));
1660 verify_return_value(return_type, type, bci,
1661 ¤t_frame, CHECK_VERIFY(this));
1662 no_control_flow = true; break;
1663 case Bytecodes::_lreturn :
1664 type2 = current_frame.pop_stack(
1665 VerificationType::long2_type(), CHECK_VERIFY(this));
1666 type = current_frame.pop_stack(
1667 VerificationType::long_type(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_freturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::float_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_dreturn :
1678 type2 = current_frame.pop_stack(
1679 VerificationType::double2_type(), CHECK_VERIFY(this));
1680 type = current_frame.pop_stack(
1681 VerificationType::double_type(), CHECK_VERIFY(this));
1682 verify_return_value(return_type, type, bci,
1683 ¤t_frame, CHECK_VERIFY(this));
1684 no_control_flow = true; break;
1685 case Bytecodes::_areturn :
1686 type = current_frame.pop_stack(
1687 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_return :
1692 if (return_type != VerificationType::bogus_type()) {
1693 verify_error(ErrorContext::bad_code(bci),
1694 "Method expects a return value");
1695 return;
1696 }
1697 // Make sure "this" has been initialized if current method is an
1698 // <init>.
1699 if (_method->is_object_constructor() &&
1700 current_frame.flag_this_uninit()) {
1701 verify_error(ErrorContext::bad_code(bci),
1702 "Constructor must call super() or this() "
1703 "before return");
1704 return;
1705 }
1706 no_control_flow = true; break;
1707 case Bytecodes::_getstatic :
1708 case Bytecodes::_putstatic :
1709 // pass TRUE, operand can be an array type for getstatic/putstatic.
1710 verify_field_instructions(
1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_getfield :
1714 case Bytecodes::_putfield :
1715 // pass FALSE, operand can't be an array type for getfield/putfield.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_withfield :
1720 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1721 class_format_error(
1722 "withfield not supported by this class file version (%d.%d), class %s",
1723 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1724 return;
1725 }
1726 // pass FALSE, operand can't be an array type for withfield.
1727 verify_field_instructions(
1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_invokevirtual :
1731 case Bytecodes::_invokespecial :
1732 case Bytecodes::_invokestatic :
1733 case Bytecodes::_invokeinterface :
1734 case Bytecodes::_invokedynamic :
1735 verify_invoke_instructions(
1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_new :
1740 {
1741 index = bcs.get_index_u2();
1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743 VerificationType new_class_type =
1744 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745 if (!new_class_type.is_object()) {
1746 verify_error(ErrorContext::bad_type(bci,
1747 TypeOrigin::cp(index, new_class_type)),
1748 "Illegal new instruction");
1749 return;
1750 }
1751 type = VerificationType::uninitialized_type(bci);
1752 current_frame.push_stack(type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_aconst_init :
1756 {
1757 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1758 class_format_error(
1759 "aconst_init not supported by this class file version (%d.%d), class %s",
1760 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1761 return;
1762 }
1763 index = bcs.get_index_u2();
1764 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1765 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1766 if (!ref_type.is_object()) {
1767 verify_error(ErrorContext::bad_type(bci,
1768 TypeOrigin::cp(index, ref_type)),
1769 "Illegal aconst_init instruction");
1770 return;
1771 }
1772 VerificationType inline_type =
1773 VerificationType::change_ref_to_inline_type(ref_type);
1774 current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 }
1777 case Bytecodes::_newarray :
1778 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1779 current_frame.pop_stack(
1780 VerificationType::integer_type(), CHECK_VERIFY(this));
1781 current_frame.push_stack(type, CHECK_VERIFY(this));
1782 no_control_flow = false; break;
1783 case Bytecodes::_anewarray :
1784 verify_anewarray(
1785 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1786 no_control_flow = false; break;
1787 case Bytecodes::_arraylength :
1788 type = current_frame.pop_stack(
1789 VerificationType::reference_check(), CHECK_VERIFY(this));
1790 if (!(type.is_null() || type.is_array())) {
1791 verify_error(ErrorContext::bad_type(
1792 bci, current_frame.stack_top_ctx()),
1793 bad_type_msg, "arraylength");
1794 }
1795 current_frame.push_stack(
1796 VerificationType::integer_type(), CHECK_VERIFY(this));
1797 no_control_flow = false; break;
1798 case Bytecodes::_checkcast :
1799 {
1800 index = bcs.get_index_u2();
1801 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803 VerificationType klass_type = cp_index_to_type(
1804 index, cp, CHECK_VERIFY(this));
1805 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1806 no_control_flow = false; break;
1807 }
1808 case Bytecodes::_instanceof : {
1809 index = bcs.get_index_u2();
1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812 current_frame.push_stack(
1813 VerificationType::integer_type(), CHECK_VERIFY(this));
1814 no_control_flow = false; break;
1815 }
1816 case Bytecodes::_monitorenter :
1817 case Bytecodes::_monitorexit : {
1818 VerificationType ref = current_frame.pop_stack(
1819 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1820 no_control_flow = false; break;
1821 }
1822 case Bytecodes::_multianewarray :
1823 {
1824 index = bcs.get_index_u2();
1825 u2 dim = *(bcs.bcp()+3);
1826 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1827 VerificationType new_array_type =
1828 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1829 if (!new_array_type.is_array()) {
1830 verify_error(ErrorContext::bad_type(bci,
1831 TypeOrigin::cp(index, new_array_type)),
1832 "Illegal constant pool index in multianewarray instruction");
1833 return;
1834 }
1835 if (dim < 1 || new_array_type.dimensions() < dim) {
1836 verify_error(ErrorContext::bad_code(bci),
1837 "Illegal dimension in multianewarray instruction: %d", dim);
1838 return;
1839 }
1840 for (int i = 0; i < dim; i++) {
1841 current_frame.pop_stack(
1842 VerificationType::integer_type(), CHECK_VERIFY(this));
1843 }
1844 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1845 no_control_flow = false; break;
1846 }
1847 case Bytecodes::_athrow :
1848 type = VerificationType::reference_type(
1849 vmSymbols::java_lang_Throwable());
1850 current_frame.pop_stack(type, CHECK_VERIFY(this));
1851 no_control_flow = true; break;
1852 default:
1853 // We only need to check the valid bytecodes in class file.
1854 // And jsr and ret are not in the new class file format in JDK1.6.
1855 verify_error(ErrorContext::bad_code(bci),
1856 "Bad instruction: %02x", opcode);
1857 no_control_flow = false;
1858 return;
1859 } // end switch
1860 } // end Merge with the next instruction
1861
1862 // Look for possible jump target in exception handlers and see if it matches
1863 // current_frame. Don't do this check if it has already been done (for
1864 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1865 // opcodes, such as invokespecial, may set the this_uninit flag.
1866 assert(!(verified_exc_handlers && this_uninit),
1867 "Exception handler targets got verified before this_uninit got set");
1868 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1869 if (was_recursively_verified()) return;
1870 verify_exception_handler_targets(
1871 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1872 }
1873 } // end while
1874
1875 // Make sure that control flow does not fall through end of the method
1876 if (!no_control_flow) {
1877 verify_error(ErrorContext::bad_code(code_length),
1878 "Control flow falls through code end");
1879 return;
1880 }
1881 }
1882
1883 #undef bad_type_message
1884
1885 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1886 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1887 memset(code_data, 0, sizeof(char) * code_length);
1888 RawBytecodeStream bcs(m);
1889
1890 while (!bcs.is_last_bytecode()) {
1891 if (bcs.raw_next() != Bytecodes::_illegal) {
1892 int bci = bcs.bci();
1893 if (bcs.raw_code() == Bytecodes::_new) {
1894 code_data[bci] = NEW_OFFSET;
1895 } else {
1896 code_data[bci] = BYTECODE_OFFSET;
1897 }
1898 } else {
1899 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1900 return NULL;
1901 }
1902 }
1903
1904 return code_data;
1905 }
1906
1907 // Since this method references the constant pool, call was_recursively_verified()
1908 // before calling this method to make sure a prior class load did not cause the
1909 // current class to get verified.
1910 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1911 ExceptionTable exhandlers(_method());
1912 int exlength = exhandlers.length();
1913 constantPoolHandle cp (THREAD, _method->constants());
1914
1915 for(int i = 0; i < exlength; i++) {
1916 u2 start_pc = exhandlers.start_pc(i);
1917 u2 end_pc = exhandlers.end_pc(i);
1918 u2 handler_pc = exhandlers.handler_pc(i);
1919 if (start_pc >= code_length || code_data[start_pc] == 0) {
1920 class_format_error("Illegal exception table start_pc %d", start_pc);
1921 return;
1922 }
1923 if (end_pc != code_length) { // special case: end_pc == code_length
1924 if (end_pc > code_length || code_data[end_pc] == 0) {
1925 class_format_error("Illegal exception table end_pc %d", end_pc);
1926 return;
1927 }
1928 }
1929 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1930 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1931 return;
1932 }
1933 int catch_type_index = exhandlers.catch_type_index(i);
1934 if (catch_type_index != 0) {
1935 VerificationType catch_type = cp_index_to_type(
1936 catch_type_index, cp, CHECK_VERIFY(this));
1937 VerificationType throwable =
1938 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1939 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1940 // do that, and we need to avoid a runtime resolution in case we are trying to
1941 // catch OutOfMemoryError.
1942 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1943 cp->klass_at(catch_type_index, CHECK);
1944 }
1945 bool is_subclass = throwable.is_assignable_from(
1946 catch_type, this, false, CHECK_VERIFY(this));
1947 if (!is_subclass) {
1948 // 4286534: should throw VerifyError according to recent spec change
1949 verify_error(ErrorContext::bad_type(handler_pc,
1950 TypeOrigin::cp(catch_type_index, catch_type),
1951 TypeOrigin::implicit(throwable)),
1952 "Catch type is not a subclass "
1953 "of Throwable in exception handler %d", handler_pc);
1954 return;
1955 }
1956 }
1957 if (start_pc < min) min = start_pc;
1958 if (end_pc > max) max = end_pc;
1959 }
1960 }
1961
1962 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1963 int localvariable_table_length = _method->localvariable_table_length();
1964 if (localvariable_table_length > 0) {
1965 LocalVariableTableElement* table = _method->localvariable_table_start();
1966 for (int i = 0; i < localvariable_table_length; i++) {
1967 u2 start_bci = table[i].start_bci;
1968 u2 length = table[i].length;
1969
1970 if (start_bci >= code_length || code_data[start_bci] == 0) {
1971 class_format_error(
1972 "Illegal local variable table start_pc %d", start_bci);
1973 return;
1974 }
1975 u4 end_bci = (u4)(start_bci + length);
1976 if (end_bci != code_length) {
1977 if (end_bci >= code_length || code_data[end_bci] == 0) {
1978 class_format_error( "Illegal local variable table length %d", length);
1979 return;
1980 }
1981 }
1982 }
1983 }
1984 }
1985
1986 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1987 StackMapFrame* current_frame,
1988 StackMapTable* stackmap_table,
1989 bool no_control_flow, TRAPS) {
1990 if (stackmap_index < stackmap_table->get_frame_count()) {
1991 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1992 if (no_control_flow && this_offset > bci) {
1993 verify_error(ErrorContext::missing_stackmap(bci),
1994 "Expecting a stack map frame");
1995 return 0;
1996 }
1997 if (this_offset == bci) {
1998 ErrorContext ctx;
1999 // See if current stack map can be assigned to the frame in table.
2000 // current_frame is the stackmap frame got from the last instruction.
2001 // If matched, current_frame will be updated by this method.
2002 bool matches = stackmap_table->match_stackmap(
2003 current_frame, this_offset, stackmap_index,
2004 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
2005 if (!matches) {
2006 // report type error
2007 verify_error(ctx, "Instruction type does not match stack map");
2008 return 0;
2009 }
2010 stackmap_index++;
2011 } else if (this_offset < bci) {
2012 // current_offset should have met this_offset.
2013 class_format_error("Bad stack map offset %d", this_offset);
2014 return 0;
2015 }
2016 } else if (no_control_flow) {
2017 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2018 return 0;
2019 }
2020 return stackmap_index;
2021 }
2022
2023 // Since this method references the constant pool, call was_recursively_verified()
2024 // before calling this method to make sure a prior class load did not cause the
2025 // current class to get verified.
2026 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2027 StackMapFrame* current_frame,
2028 StackMapTable* stackmap_table, TRAPS) {
2029 constantPoolHandle cp (THREAD, _method->constants());
2030 ExceptionTable exhandlers(_method());
2031 int exlength = exhandlers.length();
2032 for(int i = 0; i < exlength; i++) {
2033 u2 start_pc = exhandlers.start_pc(i);
2034 u2 end_pc = exhandlers.end_pc(i);
2035 u2 handler_pc = exhandlers.handler_pc(i);
2036 int catch_type_index = exhandlers.catch_type_index(i);
2037 if(bci >= start_pc && bci < end_pc) {
2038 u1 flags = current_frame->flags();
2039 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2040 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2041 if (catch_type_index != 0) {
2042 if (was_recursively_verified()) return;
2043 // We know that this index refers to a subclass of Throwable
2044 VerificationType catch_type = cp_index_to_type(
2045 catch_type_index, cp, CHECK_VERIFY(this));
2046 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2047 } else {
2048 VerificationType throwable =
2049 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2050 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2051 }
2052 ErrorContext ctx;
2053 bool matches = stackmap_table->match_stackmap(
2054 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2055 if (!matches) {
2056 verify_error(ctx, "Stack map does not match the one at "
2057 "exception handler %d", handler_pc);
2058 return;
2059 }
2060 }
2061 }
2062 }
2063
2064 void ClassVerifier::verify_cp_index(
2065 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2066 int nconstants = cp->length();
2067 if ((index <= 0) || (index >= nconstants)) {
2068 verify_error(ErrorContext::bad_cp_index(bci, index),
2069 "Illegal constant pool index %d in class %s",
2070 index, cp->pool_holder()->external_name());
2071 return;
2072 }
2073 }
2074
2075 void ClassVerifier::verify_cp_type(
2076 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2077
2078 // In some situations, bytecode rewriting may occur while we're verifying.
2079 // In this case, a constant pool cache exists and some indices refer to that
2080 // instead. Be sure we don't pick up such indices by accident.
2081 // We must check was_recursively_verified() before we get here.
2082 guarantee(cp->cache() == NULL, "not rewritten yet");
2083
2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085 unsigned int tag = cp->tag_at(index).value();
2086
2087 if ((types & (1 << tag)) == 0) {
2088 verify_error(ErrorContext::bad_cp_index(bci, index),
2089 "Illegal type at constant pool entry %d in class %s",
2090 index, cp->pool_holder()->external_name());
2091 return;
2092 }
2093 }
2094
2095 void ClassVerifier::verify_cp_class_type(
2096 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2097 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2098 constantTag tag = cp->tag_at(index);
2099 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2100 verify_error(ErrorContext::bad_cp_index(bci, index),
2101 "Illegal type at constant pool entry %d in class %s",
2102 index, cp->pool_holder()->external_name());
2103 return;
2104 }
2105 }
2106
2107 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2108 stringStream ss;
2109
2110 ctx.reset_frames();
2111 _exception_type = vmSymbols::java_lang_VerifyError();
2112 _error_context = ctx;
2113 va_list va;
2114 va_start(va, msg);
2115 ss.vprint(msg, va);
2116 va_end(va);
2117 _message = ss.as_string();
2118 #ifdef ASSERT
2119 ResourceMark rm;
2120 const char* exception_name = _exception_type->as_C_string();
2121 Exceptions::debug_check_abort(exception_name, NULL);
2122 #endif // ndef ASSERT
2123 }
2124
2125 void ClassVerifier::class_format_error(const char* msg, ...) {
2126 stringStream ss;
2127 _exception_type = vmSymbols::java_lang_ClassFormatError();
2128 va_list va;
2129 va_start(va, msg);
2130 ss.vprint(msg, va);
2131 va_end(va);
2132 if (!_method.is_null()) {
2133 ss.print(" in method '");
2134 _method->print_external_name(&ss);
2135 ss.print("'");
2136 }
2137 _message = ss.as_string();
2138 }
2139
2140 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2141 HandleMark hm(THREAD);
2142 // Get current loader and protection domain first.
2143 oop loader = current_class()->class_loader();
2144 oop protection_domain = current_class()->protection_domain();
2145
2146 assert(name_in_supers(name, current_class()), "name should be a super class");
2147
2148 Klass* kls = SystemDictionary::resolve_or_fail(
2149 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2150 true, THREAD);
2151
2152 if (kls != NULL) {
2153 if (log_is_enabled(Debug, class, resolve)) {
2154 Verifier::trace_class_resolution(kls, current_class());
2155 }
2156 }
2157 return kls;
2158 }
2159
2160 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2161 Klass* target_class,
2162 Symbol* field_name,
2163 Symbol* field_sig,
2164 bool is_method) {
2165 NoSafepointVerifier nosafepoint;
2166
2167 // If target class isn't a super class of this class, we don't worry about this case
2168 if (!this_class->is_subclass_of(target_class)) {
2169 return false;
2170 }
2171 // Check if the specified method or field is protected
2172 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2173 fieldDescriptor fd;
2174 if (is_method) {
2175 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2176 if (m != NULL && m->is_protected()) {
2177 if (!this_class->is_same_class_package(m->method_holder())) {
2178 return true;
2179 }
2180 }
2181 } else {
2182 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2183 if (member_klass != NULL && fd.is_protected()) {
2184 if (!this_class->is_same_class_package(member_klass)) {
2185 return true;
2186 }
2187 }
2188 }
2189 return false;
2190 }
2191
2192 void ClassVerifier::verify_ldc(
2193 int opcode, u2 index, StackMapFrame* current_frame,
2194 const constantPoolHandle& cp, u2 bci, TRAPS) {
2195 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2196 constantTag tag = cp->tag_at(index);
2197 unsigned int types = 0;
2198 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2199 if (!tag.is_unresolved_klass()) {
2200 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2201 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2202 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2203 | (1 << JVM_CONSTANT_Dynamic);
2204 // Note: The class file parser already verified the legality of
2205 // MethodHandle and MethodType constants.
2206 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207 }
2208 } else {
2209 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2210 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2211 | (1 << JVM_CONSTANT_Dynamic);
2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213 }
2214 if (tag.is_string()) {
2215 current_frame->push_stack(
2216 VerificationType::reference_type(
2217 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2218 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2219 current_frame->push_stack(
2220 VerificationType::reference_type(
2221 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2222 } else if (tag.is_int()) {
2223 current_frame->push_stack(
2224 VerificationType::integer_type(), CHECK_VERIFY(this));
2225 } else if (tag.is_float()) {
2226 current_frame->push_stack(
2227 VerificationType::float_type(), CHECK_VERIFY(this));
2228 } else if (tag.is_double()) {
2229 current_frame->push_stack_2(
2230 VerificationType::double_type(),
2231 VerificationType::double2_type(), CHECK_VERIFY(this));
2232 } else if (tag.is_long()) {
2233 current_frame->push_stack_2(
2234 VerificationType::long_type(),
2235 VerificationType::long2_type(), CHECK_VERIFY(this));
2236 } else if (tag.is_method_handle()) {
2237 current_frame->push_stack(
2238 VerificationType::reference_type(
2239 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2240 } else if (tag.is_method_type()) {
2241 current_frame->push_stack(
2242 VerificationType::reference_type(
2243 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2244 } else if (tag.is_dynamic_constant()) {
2245 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2246 // Field signature was checked in ClassFileParser.
2247 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2248 "Invalid type for dynamic constant");
2249 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2250 "buffer type must match VerificationType size");
2251 uintptr_t constant_type_buffer[2];
2252 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2253 SignatureStream sig_stream(constant_type, false);
2254 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2255 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2256 if (n != opcode_n) {
2257 // wrong kind of ldc; reverify against updated type mask
2258 types &= ~(1 << JVM_CONSTANT_Dynamic);
2259 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2260 }
2261 for (int i = 0; i < n; i++) {
2262 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2263 }
2264 } else {
2265 /* Unreachable? verify_cp_type has already validated the cp type. */
2266 verify_error(
2267 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2268 return;
2269 }
2270 }
2271
2272 void ClassVerifier::verify_switch(
2273 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2274 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2275 int bci = bcs->bci();
2276 address bcp = bcs->bcp();
2277 address aligned_bcp = align_up(bcp + 1, jintSize);
2278
2279 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2280 // 4639449 & 4647081: padding bytes must be 0
2281 u2 padding_offset = 1;
2282 while ((bcp + padding_offset) < aligned_bcp) {
2283 if(*(bcp + padding_offset) != 0) {
2284 verify_error(ErrorContext::bad_code(bci),
2285 "Nonzero padding byte in lookupswitch or tableswitch");
2286 return;
2287 }
2288 padding_offset++;
2289 }
2290 }
2291
2292 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2293 int keys, delta;
2294 current_frame->pop_stack(
2295 VerificationType::integer_type(), CHECK_VERIFY(this));
2296 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2297 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2298 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2299 if (low > high) {
2300 verify_error(ErrorContext::bad_code(bci),
2301 "low must be less than or equal to high in tableswitch");
2302 return;
2303 }
2304 keys = high - low + 1;
2305 if (keys < 0) {
2306 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2307 return;
2308 }
2309 delta = 1;
2310 } else {
2311 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2312 if (keys < 0) {
2313 verify_error(ErrorContext::bad_code(bci),
2314 "number of keys in lookupswitch less than 0");
2315 return;
2316 }
2317 delta = 2;
2318 // Make sure that the lookupswitch items are sorted
2319 for (int i = 0; i < (keys - 1); i++) {
2320 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2321 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2322 if (this_key >= next_key) {
2323 verify_error(ErrorContext::bad_code(bci),
2324 "Bad lookupswitch instruction");
2325 return;
2326 }
2327 }
2328 }
2329 int target = bci + default_offset;
2330 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2331 for (int i = 0; i < keys; i++) {
2332 // Because check_jump_target() may safepoint, the bytecode could have
2333 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2334 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2335 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2336 stackmap_table->check_jump_target(
2337 current_frame, target, CHECK_VERIFY(this));
2338 }
2339 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point
2340 }
2341
2342 bool ClassVerifier::name_in_supers(
2343 Symbol* ref_name, InstanceKlass* current) {
2344 Klass* super = current->super();
2345 while (super != NULL) {
2346 if (super->name() == ref_name) {
2347 return true;
2348 }
2349 super = super->super();
2350 }
2351 return false;
2352 }
2353
2354 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2355 StackMapFrame* current_frame,
2356 const constantPoolHandle& cp,
2357 bool allow_arrays,
2358 TRAPS) {
2359 u2 index = bcs->get_index_u2();
2360 verify_cp_type(bcs->bci(), index, cp,
2361 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2362
2363 // Get field name and signature
2364 Symbol* field_name = cp->name_ref_at(index);
2365 Symbol* field_sig = cp->signature_ref_at(index);
2366 bool is_getfield = false;
2367
2368 // Field signature was checked in ClassFileParser.
2369 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2370 "Invalid field signature");
2371
2372 // Get referenced class type
2373 VerificationType ref_class_type = cp_ref_index_to_type(
2374 index, cp, CHECK_VERIFY(this));
2375 if (!ref_class_type.is_object() &&
2376 (!allow_arrays || !ref_class_type.is_array())) {
2377 verify_error(ErrorContext::bad_type(bcs->bci(),
2378 TypeOrigin::cp(index, ref_class_type)),
2379 "Expecting reference to class in class %s at constant pool index %d",
2380 _klass->external_name(), index);
2381 return;
2382 }
2383
2384 VerificationType target_class_type = ref_class_type;
2385
2386 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2387 "buffer type must match VerificationType size");
2388 uintptr_t field_type_buffer[2];
2389 VerificationType* field_type = (VerificationType*)field_type_buffer;
2390 // If we make a VerificationType[2] array directly, the compiler calls
2391 // to the c-runtime library to do the allocation instead of just
2392 // stack allocating it. Plus it would run constructors. This shows up
2393 // in performance profiles.
2394
2395 SignatureStream sig_stream(field_sig, false);
2396 VerificationType stack_object_type;
2397 int n = change_sig_to_verificationType(&sig_stream, field_type);
2398 u2 bci = bcs->bci();
2399 bool is_assignable;
2400 switch (bcs->raw_code()) {
2401 case Bytecodes::_getstatic: {
2402 for (int i = 0; i < n; i++) {
2403 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404 }
2405 break;
2406 }
2407 case Bytecodes::_putstatic: {
2408 for (int i = n - 1; i >= 0; i--) {
2409 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2410 }
2411 break;
2412 }
2413 case Bytecodes::_withfield: {
2414 for (int i = n - 1; i >= 0; i--) {
2415 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2416 }
2417 // Check that the receiver is a subtype of the referenced class.
2418 current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2419 VerificationType target_inline_type =
2420 VerificationType::change_ref_to_inline_type(target_class_type);
2421 current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2422 break;
2423 }
2424 case Bytecodes::_getfield: {
2425 is_getfield = true;
2426 stack_object_type = current_frame->pop_stack(
2427 target_class_type, CHECK_VERIFY(this));
2428 goto check_protected;
2429 }
2430 case Bytecodes::_putfield: {
2431 for (int i = n - 1; i >= 0; i--) {
2432 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2433 }
2434 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2435
2436 // The JVMS 2nd edition allows field initialization before the superclass
2437 // initializer, if the field is defined within the current class.
2438 fieldDescriptor fd;
2439 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2440 target_class_type.equals(current_type()) &&
2441 _klass->find_local_field(field_name, field_sig, &fd)) {
2442 stack_object_type = current_type();
2443 }
2444 is_assignable = target_class_type.is_assignable_from(
2445 stack_object_type, this, false, CHECK_VERIFY(this));
2446 if (!is_assignable) {
2447 verify_error(ErrorContext::bad_type(bci,
2448 current_frame->stack_top_ctx(),
2449 TypeOrigin::cp(index, target_class_type)),
2450 "Bad type on operand stack in putfield");
2451 return;
2452 }
2453 }
2454 check_protected: {
2455 if (_this_type == stack_object_type)
2456 break; // stack_object_type must be assignable to _current_class_type
2457 if (was_recursively_verified()) {
2458 if (is_getfield) {
2459 // Push field type for getfield.
2460 for (int i = 0; i < n; i++) {
2461 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2462 }
2463 }
2464 return;
2465 }
2466 Symbol* ref_class_name =
2467 cp->klass_name_at(cp->klass_ref_index_at(index));
2468 if (!name_in_supers(ref_class_name, current_class()))
2469 // stack_object_type must be assignable to _current_class_type since:
2470 // 1. stack_object_type must be assignable to ref_class.
2471 // 2. ref_class must be _current_class or a subclass of it. It can't
2472 // be a superclass of it. See revised JVMS 5.4.4.
2473 break;
2474
2475 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2476 if (is_protected_access(current_class(), ref_class_oop, field_name,
2477 field_sig, false)) {
2478 // It's protected access, check if stack object is assignable to
2479 // current class.
2480 is_assignable = current_type().is_assignable_from(
2481 stack_object_type, this, true, CHECK_VERIFY(this));
2482 if (!is_assignable) {
2483 verify_error(ErrorContext::bad_type(bci,
2484 current_frame->stack_top_ctx(),
2485 TypeOrigin::implicit(current_type())),
2486 "Bad access to protected data in %s",
2487 is_getfield ? "getfield" : "putfield");
2488 return;
2489 }
2490 }
2491 break;
2492 }
2493 default: ShouldNotReachHere();
2494 }
2495 if (is_getfield) {
2496 // Push field type for getfield after doing protection check.
2497 for (int i = 0; i < n; i++) {
2498 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2499 }
2500 }
2501 }
2502
2503 // Look at the method's handlers. If the bci is in the handler's try block
2504 // then check if the handler_pc is already on the stack. If not, push it
2505 // unless the handler has already been scanned.
2506 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2507 GrowableArray<u4>* handler_list,
2508 GrowableArray<u4>* handler_stack,
2509 u4 bci) {
2510 int exlength = exhandlers->length();
2511 for(int x = 0; x < exlength; x++) {
2512 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2513 u4 exhandler_pc = exhandlers->handler_pc(x);
2514 if (!handler_list->contains(exhandler_pc)) {
2515 handler_stack->append_if_missing(exhandler_pc);
2516 handler_list->append(exhandler_pc);
2517 }
2518 }
2519 }
2520 }
2521
2522 // Return TRUE if all code paths starting with start_bc_offset end in
2523 // bytecode athrow or loop.
2524 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2525 ResourceMark rm;
2526 // Create bytecode stream.
2527 RawBytecodeStream bcs(method());
2528 u4 code_length = method()->code_size();
2529 bcs.set_start(start_bc_offset);
2530 u4 target;
2531 // Create stack for storing bytecode start offsets for if* and *switch.
2532 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2533 // Create stack for handlers for try blocks containing this handler.
2534 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2535 // Create list of handlers that have been pushed onto the handler_stack
2536 // so that handlers embedded inside of their own TRY blocks only get
2537 // scanned once.
2538 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2539 // Create list of visited branch opcodes (goto* and if*).
2540 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2541 ExceptionTable exhandlers(_method());
2542
2543 while (true) {
2544 if (bcs.is_last_bytecode()) {
2545 // if no more starting offsets to parse or if at the end of the
2546 // method then return false.
2547 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2548 return false;
2549 // Pop a bytecode starting offset and scan from there.
2550 bcs.set_start(bci_stack->pop());
2551 }
2552 Bytecodes::Code opcode = bcs.raw_next();
2553 u4 bci = bcs.bci();
2554
2555 // If the bytecode is in a TRY block, push its handlers so they
2556 // will get parsed.
2557 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2558
2559 switch (opcode) {
2560 case Bytecodes::_if_icmpeq:
2561 case Bytecodes::_if_icmpne:
2562 case Bytecodes::_if_icmplt:
2563 case Bytecodes::_if_icmpge:
2564 case Bytecodes::_if_icmpgt:
2565 case Bytecodes::_if_icmple:
2566 case Bytecodes::_ifeq:
2567 case Bytecodes::_ifne:
2568 case Bytecodes::_iflt:
2569 case Bytecodes::_ifge:
2570 case Bytecodes::_ifgt:
2571 case Bytecodes::_ifle:
2572 case Bytecodes::_if_acmpeq:
2573 case Bytecodes::_if_acmpne:
2574 case Bytecodes::_ifnull:
2575 case Bytecodes::_ifnonnull:
2576 target = bcs.dest();
2577 if (visited_branches->contains(bci)) {
2578 if (bci_stack->is_empty()) {
2579 if (handler_stack->is_empty()) {
2580 return true;
2581 } else {
2582 // Parse the catch handlers for try blocks containing athrow.
2583 bcs.set_start(handler_stack->pop());
2584 }
2585 } else {
2586 // Pop a bytecode starting offset and scan from there.
2587 bcs.set_start(bci_stack->pop());
2588 }
2589 } else {
2590 if (target > bci) { // forward branch
2591 if (target >= code_length) return false;
2592 // Push the branch target onto the stack.
2593 bci_stack->push(target);
2594 // then, scan bytecodes starting with next.
2595 bcs.set_start(bcs.next_bci());
2596 } else { // backward branch
2597 // Push bytecode offset following backward branch onto the stack.
2598 bci_stack->push(bcs.next_bci());
2599 // Check bytecodes starting with branch target.
2600 bcs.set_start(target);
2601 }
2602 // Record target so we don't branch here again.
2603 visited_branches->append(bci);
2604 }
2605 break;
2606
2607 case Bytecodes::_goto:
2608 case Bytecodes::_goto_w:
2609 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2610 if (visited_branches->contains(bci)) {
2611 if (bci_stack->is_empty()) {
2612 if (handler_stack->is_empty()) {
2613 return true;
2614 } else {
2615 // Parse the catch handlers for try blocks containing athrow.
2616 bcs.set_start(handler_stack->pop());
2617 }
2618 } else {
2619 // Been here before, pop new starting offset from stack.
2620 bcs.set_start(bci_stack->pop());
2621 }
2622 } else {
2623 if (target >= code_length) return false;
2624 // Continue scanning from the target onward.
2625 bcs.set_start(target);
2626 // Record target so we don't branch here again.
2627 visited_branches->append(bci);
2628 }
2629 break;
2630
2631 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2632 // is difficult to determine where each switch alternative ends, parse
2633 // each switch alternative until either hit a 'return', 'athrow', or reach
2634 // the end of the method's bytecodes. This is gross but should be okay
2635 // because:
2636 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2637 // constructor invocations should be rare.
2638 // 2. if each switch alternative ends in an athrow then the parsing should be
2639 // short. If there is no athrow then it is bogus code, anyway.
2640 case Bytecodes::_lookupswitch:
2641 case Bytecodes::_tableswitch:
2642 {
2643 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2644 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2645 int keys, delta;
2646 if (opcode == Bytecodes::_tableswitch) {
2647 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2648 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2649 // This is invalid, but let the regular bytecode verifier
2650 // report this because the user will get a better error message.
2651 if (low > high) return true;
2652 keys = high - low + 1;
2653 delta = 1;
2654 } else {
2655 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2656 delta = 2;
2657 }
2658 // Invalid, let the regular bytecode verifier deal with it.
2659 if (keys < 0) return true;
2660
2661 // Push the offset of the next bytecode onto the stack.
2662 bci_stack->push(bcs.next_bci());
2663
2664 // Push the switch alternatives onto the stack.
2665 for (int i = 0; i < keys; i++) {
2666 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2667 if (target > code_length) return false;
2668 bci_stack->push(target);
2669 }
2670
2671 // Start bytecode parsing for the switch at the default alternative.
2672 if (default_offset > code_length) return false;
2673 bcs.set_start(default_offset);
2674 break;
2675 }
2676
2677 case Bytecodes::_return:
2678 return false;
2679
2680 case Bytecodes::_athrow:
2681 {
2682 if (bci_stack->is_empty()) {
2683 if (handler_stack->is_empty()) {
2684 return true;
2685 } else {
2686 // Parse the catch handlers for try blocks containing athrow.
2687 bcs.set_start(handler_stack->pop());
2688 }
2689 } else {
2690 // Pop a bytecode offset and starting scanning from there.
2691 bcs.set_start(bci_stack->pop());
2692 }
2693 }
2694 break;
2695
2696 default:
2697 ;
2698 } // end switch
2699 } // end while loop
2700
2701 return false;
2702 }
2703
2704 void ClassVerifier::verify_invoke_init(
2705 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2706 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2707 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2708 TRAPS) {
2709 u2 bci = bcs->bci();
2710 VerificationType type = current_frame->pop_stack(
2711 VerificationType::reference_check(), CHECK_VERIFY(this));
2712 if (type == VerificationType::uninitialized_this_type()) {
2713 // The method must be an <init> method of this class or its superclass
2714 Klass* superk = current_class()->super();
2715 if (ref_class_type.name() != current_class()->name() &&
2716 ref_class_type.name() != superk->name()) {
2717 verify_error(ErrorContext::bad_type(bci,
2718 TypeOrigin::implicit(ref_class_type),
2719 TypeOrigin::implicit(current_type())),
2720 "Bad <init> method call");
2721 return;
2722 }
2723
2724 // If this invokespecial call is done from inside of a TRY block then make
2725 // sure that all catch clause paths end in a throw. Otherwise, this can
2726 // result in returning an incomplete object.
2727 if (in_try_block) {
2728 ExceptionTable exhandlers(_method());
2729 int exlength = exhandlers.length();
2730 for(int i = 0; i < exlength; i++) {
2731 u2 start_pc = exhandlers.start_pc(i);
2732 u2 end_pc = exhandlers.end_pc(i);
2733
2734 if (bci >= start_pc && bci < end_pc) {
2735 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2736 verify_error(ErrorContext::bad_code(bci),
2737 "Bad <init> method call from after the start of a try block");
2738 return;
2739 } else if (log_is_enabled(Debug, verification)) {
2740 ResourceMark rm(THREAD);
2741 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2742 current_class()->name()->as_C_string());
2743 }
2744 }
2745 }
2746
2747 // Check the exception handler target stackmaps with the locals from the
2748 // incoming stackmap (before initialize_object() changes them to outgoing
2749 // state).
2750 if (was_recursively_verified()) return;
2751 verify_exception_handler_targets(bci, true, current_frame,
2752 stackmap_table, CHECK_VERIFY(this));
2753 } // in_try_block
2754
2755 current_frame->initialize_object(type, current_type());
2756 *this_uninit = true;
2757 } else if (type.is_uninitialized()) {
2758 u2 new_offset = type.bci();
2759 address new_bcp = bcs->bcp() - bci + new_offset;
2760 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2761 /* Unreachable? Stack map parsing ensures valid type and new
2762 * instructions have a valid BCI. */
2763 verify_error(ErrorContext::bad_code(new_offset),
2764 "Expecting new instruction");
2765 return;
2766 }
2767 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2768 if (was_recursively_verified()) return;
2769 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2770
2771 // The method must be an <init> method of the indicated class
2772 VerificationType new_class_type = cp_index_to_type(
2773 new_class_index, cp, CHECK_VERIFY(this));
2774 if (!new_class_type.equals(ref_class_type)) {
2775 verify_error(ErrorContext::bad_type(bci,
2776 TypeOrigin::cp(new_class_index, new_class_type),
2777 TypeOrigin::cp(ref_class_index, ref_class_type)),
2778 "Call to wrong <init> method");
2779 return;
2780 }
2781 // According to the VM spec, if the referent class is a superclass of the
2782 // current class, and is in a different runtime package, and the method is
2783 // protected, then the objectref must be the current class or a subclass
2784 // of the current class.
2785 VerificationType objectref_type = new_class_type;
2786 if (name_in_supers(ref_class_type.name(), current_class())) {
2787 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2788 if (was_recursively_verified()) return;
2789 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2790 vmSymbols::object_initializer_name(),
2791 cp->signature_ref_at(bcs->get_index_u2()),
2792 Klass::OverpassLookupMode::find);
2793 // Do nothing if method is not found. Let resolution detect the error.
2794 if (m != NULL) {
2795 InstanceKlass* mh = m->method_holder();
2796 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2797 bool assignable = current_type().is_assignable_from(
2798 objectref_type, this, true, CHECK_VERIFY(this));
2799 if (!assignable) {
2800 verify_error(ErrorContext::bad_type(bci,
2801 TypeOrigin::cp(new_class_index, objectref_type),
2802 TypeOrigin::implicit(current_type())),
2803 "Bad access to protected <init> method");
2804 return;
2805 }
2806 }
2807 }
2808 }
2809 // Check the exception handler target stackmaps with the locals from the
2810 // incoming stackmap (before initialize_object() changes them to outgoing
2811 // state).
2812 if (in_try_block) {
2813 if (was_recursively_verified()) return;
2814 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2815 stackmap_table, CHECK_VERIFY(this));
2816 }
2817 current_frame->initialize_object(type, new_class_type);
2818 } else {
2819 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2820 "Bad operand type when invoking <init>");
2821 return;
2822 }
2823 }
2824
2825 bool ClassVerifier::is_same_or_direct_interface(
2826 InstanceKlass* klass,
2827 VerificationType klass_type,
2828 VerificationType ref_class_type) {
2829 if (ref_class_type.equals(klass_type)) return true;
2830 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2831 if (local_interfaces != NULL) {
2832 for (int x = 0; x < local_interfaces->length(); x++) {
2833 InstanceKlass* k = local_interfaces->at(x);
2834 assert (k != NULL && k->is_interface(), "invalid interface");
2835 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2836 return true;
2837 }
2838 }
2839 }
2840 return false;
2841 }
2842
2843 void ClassVerifier::verify_invoke_instructions(
2844 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2845 bool in_try_block, bool *this_uninit,
2846 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2847 // Make sure the constant pool item is the right type
2848 u2 index = bcs->get_index_u2();
2849 Bytecodes::Code opcode = bcs->raw_code();
2850 unsigned int types = 0;
2851 switch (opcode) {
2852 case Bytecodes::_invokeinterface:
2853 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2854 break;
2855 case Bytecodes::_invokedynamic:
2856 types = 1 << JVM_CONSTANT_InvokeDynamic;
2857 break;
2858 case Bytecodes::_invokespecial:
2859 case Bytecodes::_invokestatic:
2860 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2861 (1 << JVM_CONSTANT_Methodref) :
2862 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2863 break;
2864 default:
2865 types = 1 << JVM_CONSTANT_Methodref;
2866 }
2867 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2868
2869 // Get method name and signature
2870 Symbol* method_name = cp->name_ref_at(index);
2871 Symbol* method_sig = cp->signature_ref_at(index);
2872
2873 // Method signature was checked in ClassFileParser.
2874 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2875 "Invalid method signature");
2876
2877 // Get referenced class
2878 VerificationType ref_class_type;
2879 if (opcode == Bytecodes::_invokedynamic) {
2880 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2881 class_format_error(
2882 "invokedynamic instructions not supported by this class file version (%d), class %s",
2883 _klass->major_version(), _klass->external_name());
2884 return;
2885 }
2886 } else {
2887 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2888 }
2889
2890 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2891 "buffer type must match VerificationType size");
2892
2893 // Get the UTF8 index for this signature.
2894 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2895
2896 // Get the signature's verification types.
2897 sig_as_verification_types* mth_sig_verif_types;
2898 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2899 if (mth_sig_verif_types_ptr != NULL) {
2900 // Found the entry for the signature's verification types in the hash table.
2901 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2902 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value");
2903 } else {
2904 // Not found, add the entry to the table.
2905 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2906 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2907 create_method_sig_entry(mth_sig_verif_types, sig_index);
2908 }
2909
2910 // Get the number of arguments for this signature.
2911 int nargs = mth_sig_verif_types->num_args();
2912
2913 // Check instruction operands
2914 u2 bci = bcs->bci();
2915 if (opcode == Bytecodes::_invokeinterface) {
2916 address bcp = bcs->bcp();
2917 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2918 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2919 // the difference between the size of the operand stack before and after the instruction
2920 // executes.
2921 if (*(bcp+3) != (nargs+1)) {
2922 verify_error(ErrorContext::bad_code(bci),
2923 "Inconsistent args count operand in invokeinterface");
2924 return;
2925 }
2926 if (*(bcp+4) != 0) {
2927 verify_error(ErrorContext::bad_code(bci),
2928 "Fourth operand byte of invokeinterface must be zero");
2929 return;
2930 }
2931 }
2932
2933 if (opcode == Bytecodes::_invokedynamic) {
2934 address bcp = bcs->bcp();
2935 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2936 verify_error(ErrorContext::bad_code(bci),
2937 "Third and fourth operand bytes of invokedynamic must be zero");
2938 return;
2939 }
2940 }
2941
2942 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2943 // Make sure <init> can only be invoked by invokespecial or invokestatic.
2944 // The allowed invocation mode of <init> depends on its signature.
2945 if ((opcode != Bytecodes::_invokespecial &&
2946 opcode != Bytecodes::_invokestatic) ||
2947 method_name != vmSymbols::object_initializer_name()) {
2948 verify_error(ErrorContext::bad_code(bci),
2949 "Illegal call to internal method");
2950 return;
2951 }
2952 } else if (opcode == Bytecodes::_invokespecial
2953 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2954 && !ref_class_type.equals(VerificationType::reference_type(
2955 current_class()->super()->name()))) { // super() can never be an inline_type.
2956 bool subtype = false;
2957 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2958 subtype = ref_class_type.is_assignable_from(
2959 current_type(), this, false, CHECK_VERIFY(this));
2960 if (!subtype) {
2961 verify_error(ErrorContext::bad_code(bci),
2962 "Bad invokespecial instruction: "
2963 "current class isn't assignable to reference class.");
2964 return;
2965 } else if (have_imr_indirect) {
2966 verify_error(ErrorContext::bad_code(bci),
2967 "Bad invokespecial instruction: "
2968 "interface method reference is in an indirect superinterface.");
2969 return;
2970 }
2971
2972 }
2973
2974 // Get the verification types for the method's arguments.
2975 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2976 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2977 // Match method descriptor with operand stack
2978 // The arguments are on the stack in descending order.
2979 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2980 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2981 }
2982
2983 // Check objectref on operand stack
2984 if (opcode != Bytecodes::_invokestatic &&
2985 opcode != Bytecodes::_invokedynamic) {
2986 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2987 // (use of <init> as a static factory is handled under invokestatic)
2988 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2989 code_length, in_try_block, this_uninit, cp, stackmap_table,
2990 CHECK_VERIFY(this));
2991 if (was_recursively_verified()) return;
2992 } else { // other methods
2993 // Ensures that target class is assignable to method class.
2994 if (opcode == Bytecodes::_invokespecial) {
2995 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2996 } else if (opcode == Bytecodes::_invokevirtual) {
2997 VerificationType stack_object_type =
2998 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2999 if (current_type() != stack_object_type) {
3000 if (was_recursively_verified()) return;
3001 assert(cp->cache() == NULL, "not rewritten yet");
3002 Symbol* ref_class_name =
3003 cp->klass_name_at(cp->klass_ref_index_at(index));
3004 // See the comments in verify_field_instructions() for
3005 // the rationale behind this.
3006 if (name_in_supers(ref_class_name, current_class())) {
3007 Klass* ref_class = load_class(ref_class_name, CHECK);
3008 if (is_protected_access(
3009 _klass, ref_class, method_name, method_sig, true)) {
3010 // It's protected access, check if stack object is
3011 // assignable to current class.
3012 bool is_assignable = current_type().is_assignable_from(
3013 stack_object_type, this, true, CHECK_VERIFY(this));
3014 if (!is_assignable) {
3015 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3016 && stack_object_type.is_array()
3017 && method_name == vmSymbols::clone_name()) {
3018 // Special case: arrays pretend to implement public Object
3019 // clone().
3020 } else {
3021 verify_error(ErrorContext::bad_type(bci,
3022 current_frame->stack_top_ctx(),
3023 TypeOrigin::implicit(current_type())),
3024 "Bad access to protected data in invokevirtual");
3025 return;
3026 }
3027 }
3028 }
3029 }
3030 }
3031 } else {
3032 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3033 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3034 }
3035 }
3036 }
3037 // Push the result type.
3038 int sig_verif_types_len = sig_verif_types->length();
3039 if (sig_verif_types_len > nargs) { // There's a return type
3040 if (method_name == vmSymbols::object_initializer_name() &&
3041 opcode != Bytecodes::_invokestatic) {
3042 // an <init> method must have a void return type, unless it's a static factory
3043 verify_error(ErrorContext::bad_code(bci),
3044 "Return type must be void in <init> method");
3045 return;
3046 }
3047
3048 assert(sig_verif_types_len <= nargs + 2,
3049 "Signature verification types array return type is bogus");
3050 for (int i = nargs; i < sig_verif_types_len; i++) {
3051 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3052 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3053 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3054 }
3055 } else {
3056 // an <init> method may not have a void return type, if it's a static factory
3057 if (method_name == vmSymbols::object_initializer_name() &&
3058 opcode != Bytecodes::_invokespecial) {
3059 verify_error(ErrorContext::bad_code(bci),
3060 "Return type must be non-void in <init> static factory method");
3061 return;
3062 }
3063 }
3064 }
3065
3066 VerificationType ClassVerifier::get_newarray_type(
3067 u2 index, u2 bci, TRAPS) {
3068 const char* from_bt[] = {
3069 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3070 };
3071 if (index < T_BOOLEAN || index > T_LONG) {
3072 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3073 return VerificationType::bogus_type();
3074 }
3075
3076 // from_bt[index] contains the array signature which has a length of 2
3077 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3078 return VerificationType::reference_type(sig);
3079 }
3080
3081 void ClassVerifier::verify_anewarray(
3082 u2 bci, u2 index, const constantPoolHandle& cp,
3083 StackMapFrame* current_frame, TRAPS) {
3084 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3085 current_frame->pop_stack(
3086 VerificationType::integer_type(), CHECK_VERIFY(this));
3087
3088 if (was_recursively_verified()) return;
3089 VerificationType component_type =
3090 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3091 int length;
3092 char* arr_sig_str;
3093 if (component_type.is_array()) { // it's an array
3094 const char* component_name = component_type.name()->as_utf8();
3095 // Check for more than MAX_ARRAY_DIMENSIONS
3096 length = (int)strlen(component_name);
3097 if (length > MAX_ARRAY_DIMENSIONS &&
3098 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3099 verify_error(ErrorContext::bad_code(bci),
3100 "Illegal anewarray instruction, array has more than 255 dimensions");
3101 }
3102 // add one dimension to component
3103 length++;
3104 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3105 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3106 JVM_SIGNATURE_ARRAY, component_name);
3107 assert(n == length, "Unexpected number of characters in string");
3108 } else { // it's an object or interface
3109 const char* component_name = component_type.name()->as_utf8();
3110 char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3111 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3112 length = (int)strlen(component_name) + 3;
3113 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3114 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3115 JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3116 assert(n == length, "Unexpected number of characters in string");
3117 }
3118 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3119 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3120 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3121 }
3122
3123 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3124 current_frame->get_local(
3125 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3126 current_frame->push_stack(
3127 VerificationType::integer_type(), CHECK_VERIFY(this));
3128 }
3129
3130 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3131 current_frame->get_local_2(
3132 index, VerificationType::long_type(),
3133 VerificationType::long2_type(), CHECK_VERIFY(this));
3134 current_frame->push_stack_2(
3135 VerificationType::long_type(),
3136 VerificationType::long2_type(), CHECK_VERIFY(this));
3137 }
3138
3139 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3140 current_frame->get_local(
3141 index, VerificationType::float_type(), CHECK_VERIFY(this));
3142 current_frame->push_stack(
3143 VerificationType::float_type(), CHECK_VERIFY(this));
3144 }
3145
3146 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3147 current_frame->get_local_2(
3148 index, VerificationType::double_type(),
3149 VerificationType::double2_type(), CHECK_VERIFY(this));
3150 current_frame->push_stack_2(
3151 VerificationType::double_type(),
3152 VerificationType::double2_type(), CHECK_VERIFY(this));
3153 }
3154
3155 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3156 VerificationType type = current_frame->get_local(
3157 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3158 current_frame->push_stack(type, CHECK_VERIFY(this));
3159 }
3160
3161 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3162 current_frame->pop_stack(
3163 VerificationType::integer_type(), CHECK_VERIFY(this));
3164 current_frame->set_local(
3165 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3166 }
3167
3168 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3169 current_frame->pop_stack_2(
3170 VerificationType::long2_type(),
3171 VerificationType::long_type(), CHECK_VERIFY(this));
3172 current_frame->set_local_2(
3173 index, VerificationType::long_type(),
3174 VerificationType::long2_type(), CHECK_VERIFY(this));
3175 }
3176
3177 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3178 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3179 current_frame->set_local(
3180 index, VerificationType::float_type(), CHECK_VERIFY(this));
3181 }
3182
3183 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3184 current_frame->pop_stack_2(
3185 VerificationType::double2_type(),
3186 VerificationType::double_type(), CHECK_VERIFY(this));
3187 current_frame->set_local_2(
3188 index, VerificationType::double_type(),
3189 VerificationType::double2_type(), CHECK_VERIFY(this));
3190 }
3191
3192 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3193 VerificationType type = current_frame->pop_stack(
3194 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3195 current_frame->set_local(index, type, CHECK_VERIFY(this));
3196 }
3197
3198 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3199 VerificationType type = current_frame->get_local(
3200 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3201 current_frame->set_local(index, type, CHECK_VERIFY(this));
3202 }
3203
3204 void ClassVerifier::verify_return_value(
3205 VerificationType return_type, VerificationType type, u2 bci,
3206 StackMapFrame* current_frame, TRAPS) {
3207 if (return_type == VerificationType::bogus_type()) {
3208 verify_error(ErrorContext::bad_type(bci,
3209 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3210 "Method does not expect a return value");
3211 return;
3212 }
3213 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3214 if (!match) {
3215 verify_error(ErrorContext::bad_type(bci,
3216 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3217 "Bad return type");
3218 return;
3219 }
3220 }
3221
3222 // The verifier creates symbols which are substrings of Symbols.
3223 // These are stored in the verifier until the end of verification so that
3224 // they can be reference counted.
3225 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3226 // Quick deduplication check
3227 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) {
3228 return _previous_symbol;
3229 }
3230 Symbol* sym = SymbolTable::new_symbol(name, length);
3231 if (!sym->is_permanent()) {
3232 if (_symbols == NULL) {
3233 _symbols = new GrowableArray<Symbol*>(50, 0, NULL);
3234 }
3235 _symbols->push(sym);
3236 }
3237 _previous_symbol = sym;
3238 return sym;
3239 }