1 /*
2 * Copyright (c) 1998, 2026, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
91 void *lib_handle = nullptr;
92 // Load verify dll
93 if (is_vm_statically_linked()) {
94 lib_handle = os::get_default_process_handle();
95 } else {
96 char buffer[JVM_MAXPATHLEN];
97 char ebuf[1024];
98 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
99 return nullptr; // Caller will throw VerifyError
100
101 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
102 if (lib_handle == nullptr)
103 return nullptr; // Caller will throw VerifyError
104 }
105
106 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
107 if (fn == nullptr)
108 return nullptr; // Caller will throw VerifyError
109
110 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
111 }
112
113
114 // Methods in Verifier
115
116 // This method determines whether we run the verifier and class file format checking code.
117 bool Verifier::should_verify_for(oop class_loader) {
118 return class_loader == nullptr ?
119 BytecodeVerificationLocal : BytecodeVerificationRemote;
120 }
121
122 // This method determines whether we allow package access in access checks in reflection.
123 bool Verifier::relax_access_for(oop loader) {
124 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
125 bool need_verify =
126 // verifyAll
127 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
128 // verifyRemote
129 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
130 return !need_verify;
131 }
132
133 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
134 // or pass true for redefinition of any class.
135 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
136 Symbol* name = klass->name();
137
138 return (should_verify_class &&
139 // Can not verify the bytecodes for shared classes because they have
140 // already been rewritten to contain constant pool cache indices,
141 // which the verifier can't understand.
142 // Shared classes shouldn't have stackmaps either.
143 // However, bytecodes for shared old classes can be verified because
144 // they have not been rewritten.
145 !(klass->in_aot_cache() && klass->is_rewritten()));
146 }
147
148 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
149 assert(verify_class != nullptr, "Unexpected null verify_class");
150 ResourceMark rm;
151 Symbol* s = verify_class->source_file_name();
152 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
153 const char* verify = verify_class->external_name();
154 const char* resolve = resolve_class->external_name();
155 // print in a single call to reduce interleaving between threads
156 if (source_file != nullptr) {
157 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
158 } else {
159 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
160 }
161 }
162
163 // Prints the end-verification message to the appropriate output.
164 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
165 if (pending_exception != nullptr) {
166 st->print("Verification for %s has", klassName);
167 oop message = java_lang_Throwable::message(pending_exception);
168 if (message != nullptr) {
169 char* ex_msg = java_lang_String::as_utf8_string(message);
170 st->print_cr(" exception pending '%s %s'",
171 pending_exception->klass()->external_name(), ex_msg);
172 } else {
173 st->print_cr(" exception pending %s ",
174 pending_exception->klass()->external_name());
175 }
176 } else if (exception_name != nullptr) {
177 st->print_cr("Verification for %s failed", klassName);
178 }
179 st->print_cr("End class verification for: %s", klassName);
180 }
181
182 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
183 HandleMark hm(THREAD);
184 ResourceMark rm(THREAD);
185
186 // Eagerly allocate the identity hash code for a klass. This is a fallout
187 // from 6320749 and 8059924: hash code generator is not supposed to be called
188 // during the safepoint, but it allows to sneak the hashcode in during
189 // verification. Without this eager hashcode generation, we may end up
190 // installing the hashcode during some other operation, which may be at
191 // safepoint -- blowing up the checks. It was previously done as the side
192 // effect (sic!) for external_name(), but instead of doing that, we opt to
193 // explicitly push the hashcode in here. This is signify the following block
194 // is IMPORTANT:
195 assert(klass->java_mirror() != nullptr, "must be");
196 klass->java_mirror()->identity_hash();
197
198 if (!is_eligible_for_verification(klass, should_verify_class)) {
199 return true;
200 }
201
202 // Timer includes any side effects of class verification (resolution,
203 // etc), but not recursive calls to Verifier::verify().
204 JavaThread* jt = THREAD;
205 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
206 ClassLoader::perf_class_verify_selftime(),
207 ClassLoader::perf_classes_verified(),
208 jt->get_thread_stat()->perf_recursion_counts_addr(),
209 jt->get_thread_stat()->perf_timers_addr(),
210 PerfClassTraceTime::CLASS_VERIFY);
211
212 // If the class should be verified, first see if we can use the split
213 // verifier. If not, or if verification fails and can failover, then
214 // call the inference verifier.
215 Symbol* exception_name = nullptr;
216 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
217 char* message_buffer = nullptr;
218 char* exception_message = nullptr;
219
220 log_info(class, init)("Start class verification for: %s", klass->external_name());
221 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
222 ClassVerifier split_verifier(jt, klass);
223 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
224 split_verifier.verify_class(THREAD);
225 exception_name = split_verifier.result();
226
227 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
228 // the class will be excluded from the archive anyway.
229 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
230 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
231
232 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
233 (exception_name == vmSymbols::java_lang_VerifyError() ||
234 exception_name == vmSymbols::java_lang_ClassFormatError())) {
235 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
236 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
237 #if INCLUDE_CDS
238 // Exclude any classes that are verified with the old verifier, as the old verifier
239 // doesn't call SystemDictionaryShared::add_verification_constraint()
240 if (CDSConfig::is_dumping_archive()) {
241 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
242 SystemDictionaryShared::set_excluded(klass);
243 }
244 #endif
245 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
246 exception_message = message_buffer;
247 exception_name = inference_verify(
248 klass, message_buffer, message_buffer_len, THREAD);
249 }
250 if (exception_name != nullptr) {
251 exception_message = split_verifier.exception_message();
252 }
253 } else {
254 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
255 exception_message = message_buffer;
256 exception_name = inference_verify(
257 klass, message_buffer, message_buffer_len, THREAD);
258 }
259
260 LogTarget(Info, class, init) lt1;
261 if (lt1.is_enabled()) {
262 LogStream ls(lt1);
263 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
264 }
265 LogTarget(Info, verification) lt2;
266 if (lt2.is_enabled()) {
267 LogStream ls(lt2);
268 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
269 }
270
271 if (HAS_PENDING_EXCEPTION) {
272 return false; // use the existing exception
273 } else if (exception_name == nullptr) {
274 return true; // verification succeeded
275 } else { // VerifyError or ClassFormatError to be created and thrown
276 Klass* kls =
277 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
278 if (log_is_enabled(Debug, class, resolve)) {
279 Verifier::trace_class_resolution(kls, klass);
280 }
281
282 while (kls != nullptr) {
283 if (kls == klass) {
284 // If the class being verified is the exception we're creating
285 // or one of it's superclasses, we're in trouble and are going
286 // to infinitely recurse when we try to initialize the exception.
287 // So bail out here by throwing the preallocated VM error.
288 THROW_OOP_(Universe::internal_error_instance(), false);
289 }
290 kls = kls->super();
291 }
292 if (message_buffer != nullptr) {
293 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
294 }
295 assert(exception_message != nullptr, "");
296 THROW_MSG_(exception_name, exception_message, false);
297 }
298 }
299
300 Symbol* Verifier::inference_verify(
301 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
302 JavaThread* thread = THREAD;
303
304 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
305
306 if (verify_func == nullptr) {
307 jio_snprintf(message, message_len, "Could not link verifier");
308 return vmSymbols::java_lang_VerifyError();
309 }
310
311 ResourceMark rm(thread);
312 log_info(verification)("Verifying class %s with old format", klass->external_name());
313
314 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
315 jint result;
316
317 {
318 HandleMark hm(thread);
319 ThreadToNativeFromVM ttn(thread);
320 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
321 // code knows that we have left the VM
322 JNIEnv *env = thread->jni_environment();
323 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
324 }
325
326 JNIHandles::destroy_local(cls);
327
328 // These numbers are chosen so that VerifyClassCodes interface doesn't need
329 // to be changed (still return jboolean (unsigned char)), and result is
330 // 1 when verification is passed.
331 if (result == 0) {
332 return vmSymbols::java_lang_VerifyError();
333 } else if (result == 1) {
334 return nullptr; // verified.
335 } else if (result == 2) {
336 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
337 } else if (result == 3) {
338 return vmSymbols::java_lang_ClassFormatError();
339 } else {
340 ShouldNotReachHere();
341 return nullptr;
342 }
343 }
344
345 TypeOrigin TypeOrigin::null() {
346 return TypeOrigin();
347 }
348 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
349 assert(frame != nullptr, "Must have a frame");
350 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
351 frame->local_at(index));
352 }
353 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
354 assert(frame != nullptr, "Must have a frame");
355 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
356 frame->stack_at(index));
357 }
358 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
359 assert(frame != nullptr, "Must have a frame");
360 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
361 frame->local_at(index));
362 }
363 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
364 assert(frame != nullptr, "Must have a frame");
365 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
366 frame->stack_at(index));
367 }
368 TypeOrigin TypeOrigin::bad_index(int index) {
369 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
370 }
371 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
372 return TypeOrigin(CONST_POOL, index, nullptr, vt);
373 }
374 TypeOrigin TypeOrigin::signature(VerificationType vt) {
375 return TypeOrigin(SIG, 0, nullptr, vt);
376 }
377 TypeOrigin TypeOrigin::implicit(VerificationType t) {
378 return TypeOrigin(IMPLICIT, 0, nullptr, t);
379 }
380 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
381 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
382 VerificationType::bogus_type());
383 }
384
385 void TypeOrigin::reset_frame() {
386 if (_frame != nullptr) {
387 _frame->restore();
388 }
389 }
390
391 void TypeOrigin::details(outputStream* ss) const {
392 _type.print_on(ss);
393 switch (_origin) {
394 case CF_LOCALS:
395 ss->print(" (current frame, locals[%d])", _index);
396 break;
397 case CF_STACK:
398 ss->print(" (current frame, stack[%d])", _index);
399 break;
400 case SM_LOCALS:
401 ss->print(" (stack map, locals[%d])", _index);
402 break;
403 case SM_STACK:
404 ss->print(" (stack map, stack[%d])", _index);
405 break;
406 case CONST_POOL:
407 ss->print(" (constant pool %d)", _index);
408 break;
409 case SIG:
410 ss->print(" (from method signature)");
411 break;
412 case IMPLICIT:
413 case FRAME_ONLY:
414 case NONE:
415 default:
416 ;
417 }
418 }
419
420 #ifdef ASSERT
421 void TypeOrigin::print_on(outputStream* str) const {
422 str->print("{%d,%d,%p:", _origin, _index, _frame);
423 if (_frame != nullptr) {
424 _frame->print_on(str);
425 } else {
426 str->print("null");
427 }
428 str->print(",");
429 _type.print_on(str);
430 str->print("}");
431 }
432 #endif
433
434 void ErrorContext::details(outputStream* ss, const Method* method) const {
435 if (is_valid()) {
436 ss->cr();
437 ss->print_cr("Exception Details:");
438 location_details(ss, method);
439 reason_details(ss);
440 frame_details(ss);
441 bytecode_details(ss, method);
442 handler_details(ss, method);
443 stackmap_details(ss, method);
444 }
445 }
446
447 void ErrorContext::reason_details(outputStream* ss) const {
448 StreamIndentor si(ss, 2);
449 ss->print_cr("Reason:");
450
451 StreamIndentor si2(ss, 2);
452 switch (_fault) {
453 case INVALID_BYTECODE:
454 ss->print("Error exists in the bytecode");
455 break;
456 case WRONG_TYPE:
457 if (_expected.is_valid()) {
458 ss->print("Type ");
459 _type.details(ss);
460 ss->print(" is not assignable to ");
461 _expected.details(ss);
462 } else {
463 ss->print("Invalid type: ");
464 _type.details(ss);
465 }
466 break;
467 case FLAGS_MISMATCH:
468 if (_expected.is_valid()) {
469 ss->print("Current frame's flags are not assignable "
470 "to stack map frame's.");
471 } else {
472 ss->print("Current frame's flags are invalid in this context.");
473 }
474 break;
475 case BAD_CP_INDEX:
476 ss->print("Constant pool index %d is invalid", _type.index());
477 break;
478 case BAD_LOCAL_INDEX:
479 ss->print("Local index %d is invalid", _type.index());
480 break;
481 case BAD_STRICT_FIELDS:
482 ss->print("Invalid use of strict instance fields");
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STRICT_FIELDS_MISMATCH:
491 ss->print("Current frame's strict instance fields not compatible with stackmap.");
492 break;
493 case STACK_OVERFLOW:
494 ss->print("Exceeded max stack size.");
495 break;
496 case STACK_UNDERFLOW:
497 ss->print("Attempt to pop empty stack.");
498 break;
499 case MISSING_STACKMAP:
500 ss->print("Expected stackmap frame at this location.");
501 break;
502 case BAD_STACKMAP:
503 ss->print("Invalid stackmap specification.");
504 break;
505 case WRONG_INLINE_TYPE:
506 ss->print("Type ");
507 _type.details(ss);
508 ss->print(" and type ");
509 _expected.details(ss);
510 ss->print(" must be identical inline types.");
511 break;
512 case UNKNOWN:
513 default:
514 ShouldNotReachHere();
515 ss->print_cr("Unknown");
516 }
517 ss->cr();
518 }
519
520 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
521 if (_bci != -1 && method != nullptr) {
522 const char* bytecode_name = "<invalid>";
523 if (method->validate_bci(_bci) != -1) {
524 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
525 if (Bytecodes::is_defined(code)) {
526 bytecode_name = Bytecodes::name(code);
527 } else {
528 bytecode_name = "<illegal>";
529 }
530 }
531 InstanceKlass* ik = method->method_holder();
532
533 StreamIndentor si(ss, 2);
534 ss->print_cr("Location:");
535
536 StreamIndentor si2(ss, 2);
537 ss->print_cr("%s.%s%s @%d: %s",
538 ik->name()->as_C_string(), method->name()->as_C_string(),
539 method->signature()->as_C_string(), _bci, bytecode_name);
540 }
541 }
542
543 void ErrorContext::frame_details(outputStream* ss) const {
544 StreamIndentor si(ss, 2);
545 if (_type.is_valid() && _type.frame() != nullptr) {
546 ss->print_cr("Current Frame:");
547 StreamIndentor si2(ss, 2);
548 _type.frame()->print_on(ss);
549 }
550 if (_expected.is_valid() && _expected.frame() != nullptr) {
551 ss->print_cr("Stackmap Frame:");
552 StreamIndentor si2(ss, 2);
553 _expected.frame()->print_on(ss);
554 }
555 }
556
557 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
558 if (method != nullptr) {
559 StreamIndentor si(ss, 2);
560 ss->print_cr("Bytecode:");
561 StreamIndentor si2(ss, 2);
562 ss->print_data(method->code_base(), method->code_size(), false);
563 }
564 }
565
566 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
567 if (method != nullptr) {
568 StreamIndentor si(ss, 2);
569
570 ExceptionTable table(method);
571 if (table.length() > 0) {
572 ss->print_cr("Exception Handler Table:");
573 StreamIndentor si2(ss, 2);
574 for (int i = 0; i < table.length(); ++i) {
575 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
576 table.end_pc(i), table.handler_pc(i));
577 }
578 }
579 }
580 }
581
582 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
583 if (method != nullptr && method->has_stackmap_table()) {
584 StreamIndentor si(ss, 2);
585 ss->print_cr("Stackmap Table:");
586 Array<u1>* data = method->stackmap_data();
587 stack_map_table* sm_table =
588 stack_map_table::at((address)data->adr_at(0));
589 stack_map_frame* sm_frame = sm_table->entries();
590 StreamIndentor si2(ss, 2);
591 int current_offset = -1;
592 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
593 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
594 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
595 sm_frame->print_truncated(ss, current_offset);
596 return;
597 }
598 sm_frame->print_on(ss, current_offset);
599 ss->cr();
600 current_offset += sm_frame->offset_delta();
601 sm_frame = sm_frame->next();
602 }
603 }
604 }
605
606 // Methods in ClassVerifier
607
608 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
609 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
610 _message(nullptr), _klass(klass) {
611 _this_type = VerificationType::reference_type(klass->name());
612 }
613
614 ClassVerifier::~ClassVerifier() {
615 // Decrement the reference count for any symbols created.
616 if (_symbols != nullptr) {
617 for (int i = 0; i < _symbols->length(); i++) {
618 Symbol* s = _symbols->at(i);
619 s->decrement_refcount();
620 }
621 }
622 }
623
624 VerificationType ClassVerifier::object_type() const {
625 return VerificationType::reference_type(vmSymbols::java_lang_Object());
626 }
627
628 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
629 VerificationType vt = VerificationType::reference_type(
630 create_temporary_symbol(sig, (int)strlen(sig)));
631 return TypeOrigin::implicit(vt);
632 }
633
634 static bool supports_strict_fields(InstanceKlass* klass) {
635 int ver = klass->major_version();
636 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
637 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
638 }
639
640 void ClassVerifier::verify_class(TRAPS) {
641 log_info(verification)("Verifying class %s with new format", _klass->external_name());
642
643 // Either verifying both local and remote classes or just remote classes.
644 assert(BytecodeVerificationRemote, "Should not be here");
645
646 Array<Method*>* methods = _klass->methods();
647 int num_methods = methods->length();
648
649 for (int index = 0; index < num_methods; index++) {
650 // Check for recursive re-verification before each method.
651 if (was_recursively_verified()) return;
652
653 Method* m = methods->at(index);
654 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
655 // If m is native or abstract, skip it. It is checked in class file
656 // parser that methods do not override a final method. Overpass methods
657 // are trusted since the VM generates them.
658 continue;
659 }
660 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
661 }
662
663 if (was_recursively_verified()){
664 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
665 log_info(class, init)("Recursive verification detected for: %s",
666 _klass->external_name());
667 }
668 }
669
670 // Translate the signature entries into verification types and save them in
671 // the growable array. Also, save the count of arguments.
672 void ClassVerifier::translate_signature(Symbol* const method_sig,
673 sig_as_verification_types* sig_verif_types) {
674 SignatureStream sig_stream(method_sig);
675 VerificationType sig_type[2];
676 int sig_i = 0;
677 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
678
679 // Translate the signature arguments into verification types.
680 while (!sig_stream.at_return_type()) {
681 int n = change_sig_to_verificationType(&sig_stream, sig_type);
682 assert(n <= 2, "Unexpected signature type");
683
684 // Store verification type(s). Longs and Doubles each have two verificationTypes.
685 for (int x = 0; x < n; x++) {
686 verif_types->push(sig_type[x]);
687 }
688 sig_i += n;
689 sig_stream.next();
690 }
691
692 // Set final arg count, not including the return type. The final arg count will
693 // be compared with sig_verify_types' length to see if there is a return type.
694 sig_verif_types->set_num_args(sig_i);
695
696 // Store verification type(s) for the return type, if there is one.
697 if (sig_stream.type() != T_VOID) {
698 int n = change_sig_to_verificationType(&sig_stream, sig_type);
699 assert(n <= 2, "Unexpected signature return type");
700 for (int y = 0; y < n; y++) {
701 verif_types->push(sig_type[y]);
702 }
703 }
704 }
705
706 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
707 int sig_index) {
708 // Translate the signature into verification types.
709 ConstantPool* cp = _klass->constants();
710 Symbol* const method_sig = cp->symbol_at(sig_index);
711 translate_signature(method_sig, sig_verif_types);
712
713 // Add the list of this signature's verification types to the table.
714 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
715 assert(is_unique, "Duplicate entries in method_signature_table");
716 }
717
718 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
719 HandleMark hm(THREAD);
720 _method = m; // initialize _method
721 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
722
723 // For clang, the only good constant format string is a literal constant format string.
724 #define bad_type_msg "Bad type on operand stack in %s"
725
726 u2 max_stack = m->verifier_max_stack();
727 u2 max_locals = m->max_locals();
728 constantPoolHandle cp(THREAD, m->constants());
729
730 // Method signature was checked in ClassFileParser.
731 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
732 "Invalid method signature");
733
734 // Collect the initial strict instance fields
735 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
736 if (m->is_object_constructor()) {
737 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
738 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
739 NameAndSig new_field(fs.name(), fs.signature());
740 if (IgnoreAssertUnsetFields) {
741 strict_fields->put(new_field, true);
742 } else {
743 strict_fields->put(new_field, false);
744 }
745 }
746 }
747 }
748
749 // Initial stack map frame: offset is 0, stack is initially empty.
750 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
751 // Set initial locals
752 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
753
754 u2 stackmap_index = 0; // index to the stackmap array
755
756 u4 code_length = m->code_size();
757
758 // Scan the bytecode and map each instruction's start offset to a number.
759 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
760
761 int ex_min = code_length;
762 int ex_max = -1;
763 // Look through each item on the exception table. Each of the fields must refer
764 // to a legal instruction.
765 if (was_recursively_verified()) return;
766 verify_exception_handler_table(
767 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
768
769 // Look through each entry on the local variable table and make sure
770 // its range of code array offsets is valid. (4169817)
771 if (m->has_localvariable_table()) {
772 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
773 }
774
775 Array<u1>* stackmap_data = m->stackmap_data();
776 StackMapStream stream(stackmap_data);
777 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
778 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
779
780 LogTarget(Debug, verification) lt;
781 if (lt.is_enabled()) {
782 LogStream ls(lt);
783 stackmap_table.print_on(&ls);
784 }
785
786 RawBytecodeStream bcs(m);
787
788 // Scan the byte code linearly from the start to the end
789 bool no_control_flow = false; // Set to true when there is no direct control
790 // flow from current instruction to the next
791 // instruction in sequence
792
793 Bytecodes::Code opcode;
794 while (!bcs.is_last_bytecode()) {
795 // Check for recursive re-verification before each bytecode.
796 if (was_recursively_verified()) return;
797
798 opcode = bcs.raw_next();
799 int bci = bcs.bci();
800
801 // Set current frame's offset to bci
802 current_frame.set_offset(bci);
803 current_frame.set_mark();
804
805 // Make sure every offset in stackmap table point to the beginning to
806 // an instruction. Match current_frame to stackmap_table entry with
807 // the same offset if exists.
808 stackmap_index = verify_stackmap_table(
809 stackmap_index, bci, ¤t_frame, &stackmap_table,
810 no_control_flow, CHECK_VERIFY(this));
811
812
813 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
814 bool verified_exc_handlers = false;
815
816 // Merge with the next instruction
817 {
818 VerificationType type, type2;
819 VerificationType atype;
820
821 LogTarget(Debug, verification) lt;
822 if (lt.is_enabled()) {
823 LogStream ls(lt);
824 current_frame.print_on(&ls);
825 lt.print("offset = %d, opcode = %s", bci,
826 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
827 }
828
829 // Make sure wide instruction is in correct format
830 if (bcs.is_wide()) {
831 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
832 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
833 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
834 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
835 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
836 opcode != Bytecodes::_dstore) {
837 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
838 * if we encounter a wide instruction that modifies an invalid
839 * opcode (not one of the ones listed above) */
840 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
841 return;
842 }
843 }
844
845 // Look for possible jump target in exception handlers and see if it
846 // matches current_frame. Do this check here for astore*, dstore*,
847 // fstore*, istore*, and lstore* opcodes because they can change the type
848 // state by adding a local. JVM Spec says that the incoming type state
849 // should be used for this check. So, do the check here before a possible
850 // local is added to the type state.
851 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
852 if (was_recursively_verified()) return;
853 verify_exception_handler_targets(
854 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
855 verified_exc_handlers = true;
856 }
857
858 if (was_recursively_verified()) return;
859
860 switch (opcode) {
861 case Bytecodes::_nop :
862 no_control_flow = false; break;
863 case Bytecodes::_aconst_null :
864 current_frame.push_stack(
865 VerificationType::null_type(), CHECK_VERIFY(this));
866 no_control_flow = false; break;
867 case Bytecodes::_iconst_m1 :
868 case Bytecodes::_iconst_0 :
869 case Bytecodes::_iconst_1 :
870 case Bytecodes::_iconst_2 :
871 case Bytecodes::_iconst_3 :
872 case Bytecodes::_iconst_4 :
873 case Bytecodes::_iconst_5 :
874 current_frame.push_stack(
875 VerificationType::integer_type(), CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_lconst_0 :
878 case Bytecodes::_lconst_1 :
879 current_frame.push_stack_2(
880 VerificationType::long_type(),
881 VerificationType::long2_type(), CHECK_VERIFY(this));
882 no_control_flow = false; break;
883 case Bytecodes::_fconst_0 :
884 case Bytecodes::_fconst_1 :
885 case Bytecodes::_fconst_2 :
886 current_frame.push_stack(
887 VerificationType::float_type(), CHECK_VERIFY(this));
888 no_control_flow = false; break;
889 case Bytecodes::_dconst_0 :
890 case Bytecodes::_dconst_1 :
891 current_frame.push_stack_2(
892 VerificationType::double_type(),
893 VerificationType::double2_type(), CHECK_VERIFY(this));
894 no_control_flow = false; break;
895 case Bytecodes::_sipush :
896 case Bytecodes::_bipush :
897 current_frame.push_stack(
898 VerificationType::integer_type(), CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 case Bytecodes::_ldc :
901 verify_ldc(
902 opcode, bcs.get_index_u1(), ¤t_frame,
903 cp, bci, CHECK_VERIFY(this));
904 no_control_flow = false; break;
905 case Bytecodes::_ldc_w :
906 case Bytecodes::_ldc2_w :
907 verify_ldc(
908 opcode, bcs.get_index_u2(), ¤t_frame,
909 cp, bci, CHECK_VERIFY(this));
910 no_control_flow = false; break;
911 case Bytecodes::_iload :
912 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
913 no_control_flow = false; break;
914 case Bytecodes::_iload_0 :
915 case Bytecodes::_iload_1 :
916 case Bytecodes::_iload_2 :
917 case Bytecodes::_iload_3 : {
918 int index = opcode - Bytecodes::_iload_0;
919 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
920 no_control_flow = false; break;
921 }
922 case Bytecodes::_lload :
923 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
924 no_control_flow = false; break;
925 case Bytecodes::_lload_0 :
926 case Bytecodes::_lload_1 :
927 case Bytecodes::_lload_2 :
928 case Bytecodes::_lload_3 : {
929 int index = opcode - Bytecodes::_lload_0;
930 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
931 no_control_flow = false; break;
932 }
933 case Bytecodes::_fload :
934 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
935 no_control_flow = false; break;
936 case Bytecodes::_fload_0 :
937 case Bytecodes::_fload_1 :
938 case Bytecodes::_fload_2 :
939 case Bytecodes::_fload_3 : {
940 int index = opcode - Bytecodes::_fload_0;
941 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
942 no_control_flow = false; break;
943 }
944 case Bytecodes::_dload :
945 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
946 no_control_flow = false; break;
947 case Bytecodes::_dload_0 :
948 case Bytecodes::_dload_1 :
949 case Bytecodes::_dload_2 :
950 case Bytecodes::_dload_3 : {
951 int index = opcode - Bytecodes::_dload_0;
952 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
953 no_control_flow = false; break;
954 }
955 case Bytecodes::_aload :
956 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
957 no_control_flow = false; break;
958 case Bytecodes::_aload_0 :
959 case Bytecodes::_aload_1 :
960 case Bytecodes::_aload_2 :
961 case Bytecodes::_aload_3 : {
962 int index = opcode - Bytecodes::_aload_0;
963 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
964 no_control_flow = false; break;
965 }
966 case Bytecodes::_iaload :
967 type = current_frame.pop_stack(
968 VerificationType::integer_type(), CHECK_VERIFY(this));
969 atype = current_frame.pop_stack(
970 VerificationType::reference_check(), CHECK_VERIFY(this));
971 if (!atype.is_int_array()) {
972 verify_error(ErrorContext::bad_type(bci,
973 current_frame.stack_top_ctx(), ref_ctx("[I")),
974 bad_type_msg, "iaload");
975 return;
976 }
977 current_frame.push_stack(
978 VerificationType::integer_type(), CHECK_VERIFY(this));
979 no_control_flow = false; break;
980 case Bytecodes::_baload :
981 type = current_frame.pop_stack(
982 VerificationType::integer_type(), CHECK_VERIFY(this));
983 atype = current_frame.pop_stack(
984 VerificationType::reference_check(), CHECK_VERIFY(this));
985 if (!atype.is_bool_array() && !atype.is_byte_array()) {
986 verify_error(
987 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
988 bad_type_msg, "baload");
989 return;
990 }
991 current_frame.push_stack(
992 VerificationType::integer_type(), CHECK_VERIFY(this));
993 no_control_flow = false; break;
994 case Bytecodes::_caload :
995 type = current_frame.pop_stack(
996 VerificationType::integer_type(), CHECK_VERIFY(this));
997 atype = current_frame.pop_stack(
998 VerificationType::reference_check(), CHECK_VERIFY(this));
999 if (!atype.is_char_array()) {
1000 verify_error(ErrorContext::bad_type(bci,
1001 current_frame.stack_top_ctx(), ref_ctx("[C")),
1002 bad_type_msg, "caload");
1003 return;
1004 }
1005 current_frame.push_stack(
1006 VerificationType::integer_type(), CHECK_VERIFY(this));
1007 no_control_flow = false; break;
1008 case Bytecodes::_saload :
1009 type = current_frame.pop_stack(
1010 VerificationType::integer_type(), CHECK_VERIFY(this));
1011 atype = current_frame.pop_stack(
1012 VerificationType::reference_check(), CHECK_VERIFY(this));
1013 if (!atype.is_short_array()) {
1014 verify_error(ErrorContext::bad_type(bci,
1015 current_frame.stack_top_ctx(), ref_ctx("[S")),
1016 bad_type_msg, "saload");
1017 return;
1018 }
1019 current_frame.push_stack(
1020 VerificationType::integer_type(), CHECK_VERIFY(this));
1021 no_control_flow = false; break;
1022 case Bytecodes::_laload :
1023 type = current_frame.pop_stack(
1024 VerificationType::integer_type(), CHECK_VERIFY(this));
1025 atype = current_frame.pop_stack(
1026 VerificationType::reference_check(), CHECK_VERIFY(this));
1027 if (!atype.is_long_array()) {
1028 verify_error(ErrorContext::bad_type(bci,
1029 current_frame.stack_top_ctx(), ref_ctx("[J")),
1030 bad_type_msg, "laload");
1031 return;
1032 }
1033 current_frame.push_stack_2(
1034 VerificationType::long_type(),
1035 VerificationType::long2_type(), CHECK_VERIFY(this));
1036 no_control_flow = false; break;
1037 case Bytecodes::_faload :
1038 type = current_frame.pop_stack(
1039 VerificationType::integer_type(), CHECK_VERIFY(this));
1040 atype = current_frame.pop_stack(
1041 VerificationType::reference_check(), CHECK_VERIFY(this));
1042 if (!atype.is_float_array()) {
1043 verify_error(ErrorContext::bad_type(bci,
1044 current_frame.stack_top_ctx(), ref_ctx("[F")),
1045 bad_type_msg, "faload");
1046 return;
1047 }
1048 current_frame.push_stack(
1049 VerificationType::float_type(), CHECK_VERIFY(this));
1050 no_control_flow = false; break;
1051 case Bytecodes::_daload :
1052 type = current_frame.pop_stack(
1053 VerificationType::integer_type(), CHECK_VERIFY(this));
1054 atype = current_frame.pop_stack(
1055 VerificationType::reference_check(), CHECK_VERIFY(this));
1056 if (!atype.is_double_array()) {
1057 verify_error(ErrorContext::bad_type(bci,
1058 current_frame.stack_top_ctx(), ref_ctx("[D")),
1059 bad_type_msg, "daload");
1060 return;
1061 }
1062 current_frame.push_stack_2(
1063 VerificationType::double_type(),
1064 VerificationType::double2_type(), CHECK_VERIFY(this));
1065 no_control_flow = false; break;
1066 case Bytecodes::_aaload : {
1067 type = current_frame.pop_stack(
1068 VerificationType::integer_type(), CHECK_VERIFY(this));
1069 atype = current_frame.pop_stack(
1070 VerificationType::reference_check(), CHECK_VERIFY(this));
1071 if (!atype.is_reference_array()) {
1072 verify_error(ErrorContext::bad_type(bci,
1073 current_frame.stack_top_ctx(),
1074 TypeOrigin::implicit(VerificationType::reference_check())),
1075 bad_type_msg, "aaload");
1076 return;
1077 }
1078 if (atype.is_null()) {
1079 current_frame.push_stack(
1080 VerificationType::null_type(), CHECK_VERIFY(this));
1081 } else {
1082 VerificationType component = atype.get_component(this);
1083 current_frame.push_stack(component, CHECK_VERIFY(this));
1084 }
1085 no_control_flow = false; break;
1086 }
1087 case Bytecodes::_istore :
1088 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_istore_0 :
1091 case Bytecodes::_istore_1 :
1092 case Bytecodes::_istore_2 :
1093 case Bytecodes::_istore_3 : {
1094 int index = opcode - Bytecodes::_istore_0;
1095 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1096 no_control_flow = false; break;
1097 }
1098 case Bytecodes::_lstore :
1099 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1100 no_control_flow = false; break;
1101 case Bytecodes::_lstore_0 :
1102 case Bytecodes::_lstore_1 :
1103 case Bytecodes::_lstore_2 :
1104 case Bytecodes::_lstore_3 : {
1105 int index = opcode - Bytecodes::_lstore_0;
1106 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1107 no_control_flow = false; break;
1108 }
1109 case Bytecodes::_fstore :
1110 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1111 no_control_flow = false; break;
1112 case Bytecodes::_fstore_0 :
1113 case Bytecodes::_fstore_1 :
1114 case Bytecodes::_fstore_2 :
1115 case Bytecodes::_fstore_3 : {
1116 int index = opcode - Bytecodes::_fstore_0;
1117 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1118 no_control_flow = false; break;
1119 }
1120 case Bytecodes::_dstore :
1121 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1122 no_control_flow = false; break;
1123 case Bytecodes::_dstore_0 :
1124 case Bytecodes::_dstore_1 :
1125 case Bytecodes::_dstore_2 :
1126 case Bytecodes::_dstore_3 : {
1127 int index = opcode - Bytecodes::_dstore_0;
1128 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1129 no_control_flow = false; break;
1130 }
1131 case Bytecodes::_astore :
1132 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1133 no_control_flow = false; break;
1134 case Bytecodes::_astore_0 :
1135 case Bytecodes::_astore_1 :
1136 case Bytecodes::_astore_2 :
1137 case Bytecodes::_astore_3 : {
1138 int index = opcode - Bytecodes::_astore_0;
1139 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1140 no_control_flow = false; break;
1141 }
1142 case Bytecodes::_iastore :
1143 type = current_frame.pop_stack(
1144 VerificationType::integer_type(), CHECK_VERIFY(this));
1145 type2 = current_frame.pop_stack(
1146 VerificationType::integer_type(), CHECK_VERIFY(this));
1147 atype = current_frame.pop_stack(
1148 VerificationType::reference_check(), CHECK_VERIFY(this));
1149 if (!atype.is_int_array()) {
1150 verify_error(ErrorContext::bad_type(bci,
1151 current_frame.stack_top_ctx(), ref_ctx("[I")),
1152 bad_type_msg, "iastore");
1153 return;
1154 }
1155 no_control_flow = false; break;
1156 case Bytecodes::_bastore :
1157 type = current_frame.pop_stack(
1158 VerificationType::integer_type(), CHECK_VERIFY(this));
1159 type2 = current_frame.pop_stack(
1160 VerificationType::integer_type(), CHECK_VERIFY(this));
1161 atype = current_frame.pop_stack(
1162 VerificationType::reference_check(), CHECK_VERIFY(this));
1163 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1164 verify_error(
1165 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1166 bad_type_msg, "bastore");
1167 return;
1168 }
1169 no_control_flow = false; break;
1170 case Bytecodes::_castore :
1171 current_frame.pop_stack(
1172 VerificationType::integer_type(), CHECK_VERIFY(this));
1173 current_frame.pop_stack(
1174 VerificationType::integer_type(), CHECK_VERIFY(this));
1175 atype = current_frame.pop_stack(
1176 VerificationType::reference_check(), CHECK_VERIFY(this));
1177 if (!atype.is_char_array()) {
1178 verify_error(ErrorContext::bad_type(bci,
1179 current_frame.stack_top_ctx(), ref_ctx("[C")),
1180 bad_type_msg, "castore");
1181 return;
1182 }
1183 no_control_flow = false; break;
1184 case Bytecodes::_sastore :
1185 current_frame.pop_stack(
1186 VerificationType::integer_type(), CHECK_VERIFY(this));
1187 current_frame.pop_stack(
1188 VerificationType::integer_type(), CHECK_VERIFY(this));
1189 atype = current_frame.pop_stack(
1190 VerificationType::reference_check(), CHECK_VERIFY(this));
1191 if (!atype.is_short_array()) {
1192 verify_error(ErrorContext::bad_type(bci,
1193 current_frame.stack_top_ctx(), ref_ctx("[S")),
1194 bad_type_msg, "sastore");
1195 return;
1196 }
1197 no_control_flow = false; break;
1198 case Bytecodes::_lastore :
1199 current_frame.pop_stack_2(
1200 VerificationType::long2_type(),
1201 VerificationType::long_type(), CHECK_VERIFY(this));
1202 current_frame.pop_stack(
1203 VerificationType::integer_type(), CHECK_VERIFY(this));
1204 atype = current_frame.pop_stack(
1205 VerificationType::reference_check(), CHECK_VERIFY(this));
1206 if (!atype.is_long_array()) {
1207 verify_error(ErrorContext::bad_type(bci,
1208 current_frame.stack_top_ctx(), ref_ctx("[J")),
1209 bad_type_msg, "lastore");
1210 return;
1211 }
1212 no_control_flow = false; break;
1213 case Bytecodes::_fastore :
1214 current_frame.pop_stack(
1215 VerificationType::float_type(), CHECK_VERIFY(this));
1216 current_frame.pop_stack
1217 (VerificationType::integer_type(), CHECK_VERIFY(this));
1218 atype = current_frame.pop_stack(
1219 VerificationType::reference_check(), CHECK_VERIFY(this));
1220 if (!atype.is_float_array()) {
1221 verify_error(ErrorContext::bad_type(bci,
1222 current_frame.stack_top_ctx(), ref_ctx("[F")),
1223 bad_type_msg, "fastore");
1224 return;
1225 }
1226 no_control_flow = false; break;
1227 case Bytecodes::_dastore :
1228 current_frame.pop_stack_2(
1229 VerificationType::double2_type(),
1230 VerificationType::double_type(), CHECK_VERIFY(this));
1231 current_frame.pop_stack(
1232 VerificationType::integer_type(), CHECK_VERIFY(this));
1233 atype = current_frame.pop_stack(
1234 VerificationType::reference_check(), CHECK_VERIFY(this));
1235 if (!atype.is_double_array()) {
1236 verify_error(ErrorContext::bad_type(bci,
1237 current_frame.stack_top_ctx(), ref_ctx("[D")),
1238 bad_type_msg, "dastore");
1239 return;
1240 }
1241 no_control_flow = false; break;
1242 case Bytecodes::_aastore :
1243 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1244 type2 = current_frame.pop_stack(
1245 VerificationType::integer_type(), CHECK_VERIFY(this));
1246 atype = current_frame.pop_stack(
1247 VerificationType::reference_check(), CHECK_VERIFY(this));
1248 // more type-checking is done at runtime
1249 if (!atype.is_reference_array()) {
1250 verify_error(ErrorContext::bad_type(bci,
1251 current_frame.stack_top_ctx(),
1252 TypeOrigin::implicit(VerificationType::reference_check())),
1253 bad_type_msg, "aastore");
1254 return;
1255 }
1256 // 4938384: relaxed constraint in JVMS 3rd edition.
1257 no_control_flow = false; break;
1258 case Bytecodes::_pop :
1259 current_frame.pop_stack(
1260 VerificationType::category1_check(), CHECK_VERIFY(this));
1261 no_control_flow = false; break;
1262 case Bytecodes::_pop2 :
1263 type = current_frame.pop_stack(CHECK_VERIFY(this));
1264 if (type.is_category1()) {
1265 current_frame.pop_stack(
1266 VerificationType::category1_check(), CHECK_VERIFY(this));
1267 } else if (type.is_category2_2nd()) {
1268 current_frame.pop_stack(
1269 VerificationType::category2_check(), CHECK_VERIFY(this));
1270 } else {
1271 /* Unreachable? Would need a category2_1st on TOS
1272 * which does not appear possible. */
1273 verify_error(
1274 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1275 bad_type_msg, "pop2");
1276 return;
1277 }
1278 no_control_flow = false; break;
1279 case Bytecodes::_dup :
1280 type = current_frame.pop_stack(
1281 VerificationType::category1_check(), CHECK_VERIFY(this));
1282 current_frame.push_stack(type, CHECK_VERIFY(this));
1283 current_frame.push_stack(type, CHECK_VERIFY(this));
1284 no_control_flow = false; break;
1285 case Bytecodes::_dup_x1 :
1286 type = current_frame.pop_stack(
1287 VerificationType::category1_check(), CHECK_VERIFY(this));
1288 type2 = current_frame.pop_stack(
1289 VerificationType::category1_check(), CHECK_VERIFY(this));
1290 current_frame.push_stack(type, CHECK_VERIFY(this));
1291 current_frame.push_stack(type2, CHECK_VERIFY(this));
1292 current_frame.push_stack(type, CHECK_VERIFY(this));
1293 no_control_flow = false; break;
1294 case Bytecodes::_dup_x2 :
1295 {
1296 VerificationType type3;
1297 type = current_frame.pop_stack(
1298 VerificationType::category1_check(), CHECK_VERIFY(this));
1299 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1300 if (type2.is_category1()) {
1301 type3 = current_frame.pop_stack(
1302 VerificationType::category1_check(), CHECK_VERIFY(this));
1303 } else if (type2.is_category2_2nd()) {
1304 type3 = current_frame.pop_stack(
1305 VerificationType::category2_check(), CHECK_VERIFY(this));
1306 } else {
1307 /* Unreachable? Would need a category2_1st at stack depth 2 with
1308 * a category1 on TOS which does not appear possible. */
1309 verify_error(ErrorContext::bad_type(
1310 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1311 return;
1312 }
1313 current_frame.push_stack(type, CHECK_VERIFY(this));
1314 current_frame.push_stack(type3, CHECK_VERIFY(this));
1315 current_frame.push_stack(type2, CHECK_VERIFY(this));
1316 current_frame.push_stack(type, CHECK_VERIFY(this));
1317 no_control_flow = false; break;
1318 }
1319 case Bytecodes::_dup2 :
1320 type = current_frame.pop_stack(CHECK_VERIFY(this));
1321 if (type.is_category1()) {
1322 type2 = current_frame.pop_stack(
1323 VerificationType::category1_check(), CHECK_VERIFY(this));
1324 } else if (type.is_category2_2nd()) {
1325 type2 = current_frame.pop_stack(
1326 VerificationType::category2_check(), CHECK_VERIFY(this));
1327 } else {
1328 /* Unreachable? Would need a category2_1st on TOS which does not
1329 * appear possible. */
1330 verify_error(
1331 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1332 bad_type_msg, "dup2");
1333 return;
1334 }
1335 current_frame.push_stack(type2, CHECK_VERIFY(this));
1336 current_frame.push_stack(type, CHECK_VERIFY(this));
1337 current_frame.push_stack(type2, CHECK_VERIFY(this));
1338 current_frame.push_stack(type, CHECK_VERIFY(this));
1339 no_control_flow = false; break;
1340 case Bytecodes::_dup2_x1 :
1341 {
1342 VerificationType type3;
1343 type = current_frame.pop_stack(CHECK_VERIFY(this));
1344 if (type.is_category1()) {
1345 type2 = current_frame.pop_stack(
1346 VerificationType::category1_check(), CHECK_VERIFY(this));
1347 } else if (type.is_category2_2nd()) {
1348 type2 = current_frame.pop_stack(
1349 VerificationType::category2_check(), CHECK_VERIFY(this));
1350 } else {
1351 /* Unreachable? Would need a category2_1st on TOS which does
1352 * not appear possible. */
1353 verify_error(
1354 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1355 bad_type_msg, "dup2_x1");
1356 return;
1357 }
1358 type3 = current_frame.pop_stack(
1359 VerificationType::category1_check(), CHECK_VERIFY(this));
1360 current_frame.push_stack(type2, CHECK_VERIFY(this));
1361 current_frame.push_stack(type, CHECK_VERIFY(this));
1362 current_frame.push_stack(type3, CHECK_VERIFY(this));
1363 current_frame.push_stack(type2, CHECK_VERIFY(this));
1364 current_frame.push_stack(type, CHECK_VERIFY(this));
1365 no_control_flow = false; break;
1366 }
1367 case Bytecodes::_dup2_x2 :
1368 {
1369 VerificationType type3, type4;
1370 type = current_frame.pop_stack(CHECK_VERIFY(this));
1371 if (type.is_category1()) {
1372 type2 = current_frame.pop_stack(
1373 VerificationType::category1_check(), CHECK_VERIFY(this));
1374 } else if (type.is_category2_2nd()) {
1375 type2 = current_frame.pop_stack(
1376 VerificationType::category2_check(), CHECK_VERIFY(this));
1377 } else {
1378 /* Unreachable? Would need a category2_1st on TOS which does
1379 * not appear possible. */
1380 verify_error(
1381 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1382 bad_type_msg, "dup2_x2");
1383 return;
1384 }
1385 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1386 if (type3.is_category1()) {
1387 type4 = current_frame.pop_stack(
1388 VerificationType::category1_check(), CHECK_VERIFY(this));
1389 } else if (type3.is_category2_2nd()) {
1390 type4 = current_frame.pop_stack(
1391 VerificationType::category2_check(), CHECK_VERIFY(this));
1392 } else {
1393 /* Unreachable? Would need a category2_1st on TOS after popping
1394 * a long/double or two category 1's, which does not
1395 * appear possible. */
1396 verify_error(
1397 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1398 bad_type_msg, "dup2_x2");
1399 return;
1400 }
1401 current_frame.push_stack(type2, CHECK_VERIFY(this));
1402 current_frame.push_stack(type, CHECK_VERIFY(this));
1403 current_frame.push_stack(type4, CHECK_VERIFY(this));
1404 current_frame.push_stack(type3, CHECK_VERIFY(this));
1405 current_frame.push_stack(type2, CHECK_VERIFY(this));
1406 current_frame.push_stack(type, CHECK_VERIFY(this));
1407 no_control_flow = false; break;
1408 }
1409 case Bytecodes::_swap :
1410 type = current_frame.pop_stack(
1411 VerificationType::category1_check(), CHECK_VERIFY(this));
1412 type2 = current_frame.pop_stack(
1413 VerificationType::category1_check(), CHECK_VERIFY(this));
1414 current_frame.push_stack(type, CHECK_VERIFY(this));
1415 current_frame.push_stack(type2, CHECK_VERIFY(this));
1416 no_control_flow = false; break;
1417 case Bytecodes::_iadd :
1418 case Bytecodes::_isub :
1419 case Bytecodes::_imul :
1420 case Bytecodes::_idiv :
1421 case Bytecodes::_irem :
1422 case Bytecodes::_ishl :
1423 case Bytecodes::_ishr :
1424 case Bytecodes::_iushr :
1425 case Bytecodes::_ior :
1426 case Bytecodes::_ixor :
1427 case Bytecodes::_iand :
1428 current_frame.pop_stack(
1429 VerificationType::integer_type(), CHECK_VERIFY(this));
1430 // fall through
1431 case Bytecodes::_ineg :
1432 current_frame.pop_stack(
1433 VerificationType::integer_type(), CHECK_VERIFY(this));
1434 current_frame.push_stack(
1435 VerificationType::integer_type(), CHECK_VERIFY(this));
1436 no_control_flow = false; break;
1437 case Bytecodes::_ladd :
1438 case Bytecodes::_lsub :
1439 case Bytecodes::_lmul :
1440 case Bytecodes::_ldiv :
1441 case Bytecodes::_lrem :
1442 case Bytecodes::_land :
1443 case Bytecodes::_lor :
1444 case Bytecodes::_lxor :
1445 current_frame.pop_stack_2(
1446 VerificationType::long2_type(),
1447 VerificationType::long_type(), CHECK_VERIFY(this));
1448 // fall through
1449 case Bytecodes::_lneg :
1450 current_frame.pop_stack_2(
1451 VerificationType::long2_type(),
1452 VerificationType::long_type(), CHECK_VERIFY(this));
1453 current_frame.push_stack_2(
1454 VerificationType::long_type(),
1455 VerificationType::long2_type(), CHECK_VERIFY(this));
1456 no_control_flow = false; break;
1457 case Bytecodes::_lshl :
1458 case Bytecodes::_lshr :
1459 case Bytecodes::_lushr :
1460 current_frame.pop_stack(
1461 VerificationType::integer_type(), CHECK_VERIFY(this));
1462 current_frame.pop_stack_2(
1463 VerificationType::long2_type(),
1464 VerificationType::long_type(), CHECK_VERIFY(this));
1465 current_frame.push_stack_2(
1466 VerificationType::long_type(),
1467 VerificationType::long2_type(), CHECK_VERIFY(this));
1468 no_control_flow = false; break;
1469 case Bytecodes::_fadd :
1470 case Bytecodes::_fsub :
1471 case Bytecodes::_fmul :
1472 case Bytecodes::_fdiv :
1473 case Bytecodes::_frem :
1474 current_frame.pop_stack(
1475 VerificationType::float_type(), CHECK_VERIFY(this));
1476 // fall through
1477 case Bytecodes::_fneg :
1478 current_frame.pop_stack(
1479 VerificationType::float_type(), CHECK_VERIFY(this));
1480 current_frame.push_stack(
1481 VerificationType::float_type(), CHECK_VERIFY(this));
1482 no_control_flow = false; break;
1483 case Bytecodes::_dadd :
1484 case Bytecodes::_dsub :
1485 case Bytecodes::_dmul :
1486 case Bytecodes::_ddiv :
1487 case Bytecodes::_drem :
1488 current_frame.pop_stack_2(
1489 VerificationType::double2_type(),
1490 VerificationType::double_type(), CHECK_VERIFY(this));
1491 // fall through
1492 case Bytecodes::_dneg :
1493 current_frame.pop_stack_2(
1494 VerificationType::double2_type(),
1495 VerificationType::double_type(), CHECK_VERIFY(this));
1496 current_frame.push_stack_2(
1497 VerificationType::double_type(),
1498 VerificationType::double2_type(), CHECK_VERIFY(this));
1499 no_control_flow = false; break;
1500 case Bytecodes::_iinc :
1501 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1502 no_control_flow = false; break;
1503 case Bytecodes::_i2l :
1504 type = current_frame.pop_stack(
1505 VerificationType::integer_type(), CHECK_VERIFY(this));
1506 current_frame.push_stack_2(
1507 VerificationType::long_type(),
1508 VerificationType::long2_type(), CHECK_VERIFY(this));
1509 no_control_flow = false; break;
1510 case Bytecodes::_l2i :
1511 current_frame.pop_stack_2(
1512 VerificationType::long2_type(),
1513 VerificationType::long_type(), CHECK_VERIFY(this));
1514 current_frame.push_stack(
1515 VerificationType::integer_type(), CHECK_VERIFY(this));
1516 no_control_flow = false; break;
1517 case Bytecodes::_i2f :
1518 current_frame.pop_stack(
1519 VerificationType::integer_type(), CHECK_VERIFY(this));
1520 current_frame.push_stack(
1521 VerificationType::float_type(), CHECK_VERIFY(this));
1522 no_control_flow = false; break;
1523 case Bytecodes::_i2d :
1524 current_frame.pop_stack(
1525 VerificationType::integer_type(), CHECK_VERIFY(this));
1526 current_frame.push_stack_2(
1527 VerificationType::double_type(),
1528 VerificationType::double2_type(), CHECK_VERIFY(this));
1529 no_control_flow = false; break;
1530 case Bytecodes::_l2f :
1531 current_frame.pop_stack_2(
1532 VerificationType::long2_type(),
1533 VerificationType::long_type(), CHECK_VERIFY(this));
1534 current_frame.push_stack(
1535 VerificationType::float_type(), CHECK_VERIFY(this));
1536 no_control_flow = false; break;
1537 case Bytecodes::_l2d :
1538 current_frame.pop_stack_2(
1539 VerificationType::long2_type(),
1540 VerificationType::long_type(), CHECK_VERIFY(this));
1541 current_frame.push_stack_2(
1542 VerificationType::double_type(),
1543 VerificationType::double2_type(), CHECK_VERIFY(this));
1544 no_control_flow = false; break;
1545 case Bytecodes::_f2i :
1546 current_frame.pop_stack(
1547 VerificationType::float_type(), CHECK_VERIFY(this));
1548 current_frame.push_stack(
1549 VerificationType::integer_type(), CHECK_VERIFY(this));
1550 no_control_flow = false; break;
1551 case Bytecodes::_f2l :
1552 current_frame.pop_stack(
1553 VerificationType::float_type(), CHECK_VERIFY(this));
1554 current_frame.push_stack_2(
1555 VerificationType::long_type(),
1556 VerificationType::long2_type(), CHECK_VERIFY(this));
1557 no_control_flow = false; break;
1558 case Bytecodes::_f2d :
1559 current_frame.pop_stack(
1560 VerificationType::float_type(), CHECK_VERIFY(this));
1561 current_frame.push_stack_2(
1562 VerificationType::double_type(),
1563 VerificationType::double2_type(), CHECK_VERIFY(this));
1564 no_control_flow = false; break;
1565 case Bytecodes::_d2i :
1566 current_frame.pop_stack_2(
1567 VerificationType::double2_type(),
1568 VerificationType::double_type(), CHECK_VERIFY(this));
1569 current_frame.push_stack(
1570 VerificationType::integer_type(), CHECK_VERIFY(this));
1571 no_control_flow = false; break;
1572 case Bytecodes::_d2l :
1573 current_frame.pop_stack_2(
1574 VerificationType::double2_type(),
1575 VerificationType::double_type(), CHECK_VERIFY(this));
1576 current_frame.push_stack_2(
1577 VerificationType::long_type(),
1578 VerificationType::long2_type(), CHECK_VERIFY(this));
1579 no_control_flow = false; break;
1580 case Bytecodes::_d2f :
1581 current_frame.pop_stack_2(
1582 VerificationType::double2_type(),
1583 VerificationType::double_type(), CHECK_VERIFY(this));
1584 current_frame.push_stack(
1585 VerificationType::float_type(), CHECK_VERIFY(this));
1586 no_control_flow = false; break;
1587 case Bytecodes::_i2b :
1588 case Bytecodes::_i2c :
1589 case Bytecodes::_i2s :
1590 current_frame.pop_stack(
1591 VerificationType::integer_type(), CHECK_VERIFY(this));
1592 current_frame.push_stack(
1593 VerificationType::integer_type(), CHECK_VERIFY(this));
1594 no_control_flow = false; break;
1595 case Bytecodes::_lcmp :
1596 current_frame.pop_stack_2(
1597 VerificationType::long2_type(),
1598 VerificationType::long_type(), CHECK_VERIFY(this));
1599 current_frame.pop_stack_2(
1600 VerificationType::long2_type(),
1601 VerificationType::long_type(), CHECK_VERIFY(this));
1602 current_frame.push_stack(
1603 VerificationType::integer_type(), CHECK_VERIFY(this));
1604 no_control_flow = false; break;
1605 case Bytecodes::_fcmpl :
1606 case Bytecodes::_fcmpg :
1607 current_frame.pop_stack(
1608 VerificationType::float_type(), CHECK_VERIFY(this));
1609 current_frame.pop_stack(
1610 VerificationType::float_type(), CHECK_VERIFY(this));
1611 current_frame.push_stack(
1612 VerificationType::integer_type(), CHECK_VERIFY(this));
1613 no_control_flow = false; break;
1614 case Bytecodes::_dcmpl :
1615 case Bytecodes::_dcmpg :
1616 current_frame.pop_stack_2(
1617 VerificationType::double2_type(),
1618 VerificationType::double_type(), CHECK_VERIFY(this));
1619 current_frame.pop_stack_2(
1620 VerificationType::double2_type(),
1621 VerificationType::double_type(), CHECK_VERIFY(this));
1622 current_frame.push_stack(
1623 VerificationType::integer_type(), CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_if_icmpeq:
1626 case Bytecodes::_if_icmpne:
1627 case Bytecodes::_if_icmplt:
1628 case Bytecodes::_if_icmpge:
1629 case Bytecodes::_if_icmpgt:
1630 case Bytecodes::_if_icmple:
1631 current_frame.pop_stack(
1632 VerificationType::integer_type(), CHECK_VERIFY(this));
1633 // fall through
1634 case Bytecodes::_ifeq:
1635 case Bytecodes::_ifne:
1636 case Bytecodes::_iflt:
1637 case Bytecodes::_ifge:
1638 case Bytecodes::_ifgt:
1639 case Bytecodes::_ifle:
1640 current_frame.pop_stack(
1641 VerificationType::integer_type(), CHECK_VERIFY(this));
1642 stackmap_table.check_jump_target(
1643 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1644 no_control_flow = false; break;
1645 case Bytecodes::_if_acmpeq :
1646 case Bytecodes::_if_acmpne :
1647 current_frame.pop_stack(
1648 object_type(), CHECK_VERIFY(this));
1649 // fall through
1650 case Bytecodes::_ifnull :
1651 case Bytecodes::_ifnonnull :
1652 current_frame.pop_stack(
1653 object_type(), CHECK_VERIFY(this));
1654 stackmap_table.check_jump_target
1655 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1656 no_control_flow = false; break;
1657 case Bytecodes::_goto :
1658 stackmap_table.check_jump_target(
1659 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_goto_w :
1662 stackmap_table.check_jump_target(
1663 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1664 no_control_flow = true; break;
1665 case Bytecodes::_tableswitch :
1666 case Bytecodes::_lookupswitch :
1667 verify_switch(
1668 &bcs, code_length, code_data, ¤t_frame,
1669 &stackmap_table, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_ireturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::integer_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_lreturn :
1678 type2 = current_frame.pop_stack(
1679 VerificationType::long2_type(), CHECK_VERIFY(this));
1680 type = current_frame.pop_stack(
1681 VerificationType::long_type(), CHECK_VERIFY(this));
1682 verify_return_value(return_type, type, bci,
1683 ¤t_frame, CHECK_VERIFY(this));
1684 no_control_flow = true; break;
1685 case Bytecodes::_freturn :
1686 type = current_frame.pop_stack(
1687 VerificationType::float_type(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_dreturn :
1692 type2 = current_frame.pop_stack(
1693 VerificationType::double2_type(), CHECK_VERIFY(this));
1694 type = current_frame.pop_stack(
1695 VerificationType::double_type(), CHECK_VERIFY(this));
1696 verify_return_value(return_type, type, bci,
1697 ¤t_frame, CHECK_VERIFY(this));
1698 no_control_flow = true; break;
1699 case Bytecodes::_areturn :
1700 type = current_frame.pop_stack(
1701 VerificationType::reference_check(), CHECK_VERIFY(this));
1702 verify_return_value(return_type, type, bci,
1703 ¤t_frame, CHECK_VERIFY(this));
1704 no_control_flow = true; break;
1705 case Bytecodes::_return :
1706 if (return_type != VerificationType::bogus_type()) {
1707 verify_error(ErrorContext::bad_code(bci),
1708 "Method expects a return value");
1709 return;
1710 }
1711 // Make sure "this" has been initialized if current method is an
1712 // <init>.
1713 if (_method->is_object_constructor() &&
1714 current_frame.flag_this_uninit()) {
1715 verify_error(ErrorContext::bad_code(bci),
1716 "Constructor must call super() or this() "
1717 "before return");
1718 return;
1719 }
1720 no_control_flow = true; break;
1721 case Bytecodes::_getstatic :
1722 case Bytecodes::_putstatic :
1723 // pass TRUE, operand can be an array type for getstatic/putstatic.
1724 verify_field_instructions(
1725 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1726 no_control_flow = false; break;
1727 case Bytecodes::_getfield :
1728 case Bytecodes::_putfield :
1729 // pass FALSE, operand can't be an array type for getfield/putfield.
1730 verify_field_instructions(
1731 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 case Bytecodes::_invokevirtual :
1734 case Bytecodes::_invokespecial :
1735 case Bytecodes::_invokestatic :
1736 case Bytecodes::_invokeinterface :
1737 case Bytecodes::_invokedynamic :
1738 verify_invoke_instructions(
1739 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1740 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1741 no_control_flow = false; break;
1742 case Bytecodes::_new :
1743 {
1744 u2 index = bcs.get_index_u2();
1745 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1746 VerificationType new_class_type =
1747 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1748 if (!new_class_type.is_object()) {
1749 verify_error(ErrorContext::bad_type(bci,
1750 TypeOrigin::cp(index, new_class_type)),
1751 "Illegal new instruction");
1752 return;
1753 }
1754 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1755 current_frame.push_stack(type, CHECK_VERIFY(this));
1756 no_control_flow = false; break;
1757 }
1758 case Bytecodes::_newarray :
1759 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1760 current_frame.pop_stack(
1761 VerificationType::integer_type(), CHECK_VERIFY(this));
1762 current_frame.push_stack(type, CHECK_VERIFY(this));
1763 no_control_flow = false; break;
1764 case Bytecodes::_anewarray :
1765 verify_anewarray(
1766 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1767 no_control_flow = false; break;
1768 case Bytecodes::_arraylength :
1769 type = current_frame.pop_stack(
1770 VerificationType::reference_check(), CHECK_VERIFY(this));
1771 if (!(type.is_null() || type.is_array())) {
1772 verify_error(ErrorContext::bad_type(
1773 bci, current_frame.stack_top_ctx()),
1774 bad_type_msg, "arraylength");
1775 }
1776 current_frame.push_stack(
1777 VerificationType::integer_type(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 case Bytecodes::_checkcast :
1780 {
1781 u2 index = bcs.get_index_u2();
1782 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1783 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1784 VerificationType klass_type = cp_index_to_type(
1785 index, cp, CHECK_VERIFY(this));
1786 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1787 no_control_flow = false; break;
1788 }
1789 case Bytecodes::_instanceof : {
1790 u2 index = bcs.get_index_u2();
1791 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1792 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1793 current_frame.push_stack(
1794 VerificationType::integer_type(), CHECK_VERIFY(this));
1795 no_control_flow = false; break;
1796 }
1797 case Bytecodes::_monitorenter :
1798 case Bytecodes::_monitorexit : {
1799 VerificationType ref = current_frame.pop_stack(
1800 VerificationType::reference_check(), CHECK_VERIFY(this));
1801 no_control_flow = false; break;
1802 }
1803 case Bytecodes::_multianewarray :
1804 {
1805 u2 index = bcs.get_index_u2();
1806 u2 dim = *(bcs.bcp()+3);
1807 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1808 VerificationType new_array_type =
1809 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1810 if (!new_array_type.is_array()) {
1811 verify_error(ErrorContext::bad_type(bci,
1812 TypeOrigin::cp(index, new_array_type)),
1813 "Illegal constant pool index in multianewarray instruction");
1814 return;
1815 }
1816 if (dim < 1 || new_array_type.dimensions() < dim) {
1817 verify_error(ErrorContext::bad_code(bci),
1818 "Illegal dimension in multianewarray instruction: %d", dim);
1819 return;
1820 }
1821 for (int i = 0; i < dim; i++) {
1822 current_frame.pop_stack(
1823 VerificationType::integer_type(), CHECK_VERIFY(this));
1824 }
1825 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1826 no_control_flow = false; break;
1827 }
1828 case Bytecodes::_athrow :
1829 type = VerificationType::reference_type(
1830 vmSymbols::java_lang_Throwable());
1831 current_frame.pop_stack(type, CHECK_VERIFY(this));
1832 no_control_flow = true; break;
1833 default:
1834 // We only need to check the valid bytecodes in class file.
1835 // And jsr and ret are not in the new class file format in JDK1.6.
1836 verify_error(ErrorContext::bad_code(bci),
1837 "Bad instruction: %02x", opcode);
1838 no_control_flow = false;
1839 return;
1840 } // end switch
1841 } // end Merge with the next instruction
1842
1843 // Look for possible jump target in exception handlers and see if it matches
1844 // current_frame. Don't do this check if it has already been done (for
1845 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1846 // opcodes, such as invokespecial, may set the this_uninit flag.
1847 assert(!(verified_exc_handlers && this_uninit),
1848 "Exception handler targets got verified before this_uninit got set");
1849 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1850 if (was_recursively_verified()) return;
1851 verify_exception_handler_targets(
1852 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1853 }
1854 } // end while
1855
1856 // Make sure that control flow does not fall through end of the method
1857 if (!no_control_flow) {
1858 verify_error(ErrorContext::bad_code(code_length),
1859 "Control flow falls through code end");
1860 return;
1861 }
1862 }
1863
1864 #undef bad_type_message
1865
1866 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1867 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1868 memset(code_data, 0, sizeof(char) * code_length);
1869 RawBytecodeStream bcs(m);
1870
1871 while (!bcs.is_last_bytecode()) {
1872 if (bcs.raw_next() != Bytecodes::_illegal) {
1873 int bci = bcs.bci();
1874 if (bcs.raw_code() == Bytecodes::_new) {
1875 code_data[bci] = NEW_OFFSET;
1876 } else {
1877 code_data[bci] = BYTECODE_OFFSET;
1878 }
1879 } else {
1880 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1881 return nullptr;
1882 }
1883 }
1884
1885 return code_data;
1886 }
1887
1888 // Since this method references the constant pool, call was_recursively_verified()
1889 // before calling this method to make sure a prior class load did not cause the
1890 // current class to get verified.
1891 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1892 ExceptionTable exhandlers(_method());
1893 int exlength = exhandlers.length();
1894 constantPoolHandle cp (THREAD, _method->constants());
1895
1896 for(int i = 0; i < exlength; i++) {
1897 u2 start_pc = exhandlers.start_pc(i);
1898 u2 end_pc = exhandlers.end_pc(i);
1899 u2 handler_pc = exhandlers.handler_pc(i);
1900 if (start_pc >= code_length || code_data[start_pc] == 0) {
1901 class_format_error("Illegal exception table start_pc %d", start_pc);
1902 return;
1903 }
1904 if (end_pc != code_length) { // special case: end_pc == code_length
1905 if (end_pc > code_length || code_data[end_pc] == 0) {
1906 class_format_error("Illegal exception table end_pc %d", end_pc);
1907 return;
1908 }
1909 }
1910 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1911 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1912 return;
1913 }
1914 u2 catch_type_index = exhandlers.catch_type_index(i);
1915 if (catch_type_index != 0) {
1916 VerificationType catch_type = cp_index_to_type(
1917 catch_type_index, cp, CHECK_VERIFY(this));
1918 VerificationType throwable =
1919 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1920 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1921 // do that, and we need to avoid a runtime resolution in case we are trying to
1922 // catch OutOfMemoryError.
1923 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1924 cp->klass_at(catch_type_index, CHECK);
1925 }
1926 bool is_subclass = throwable.is_assignable_from(
1927 catch_type, this, false, CHECK_VERIFY(this));
1928 if (!is_subclass) {
1929 // 4286534: should throw VerifyError according to recent spec change
1930 verify_error(ErrorContext::bad_type(handler_pc,
1931 TypeOrigin::cp(catch_type_index, catch_type),
1932 TypeOrigin::implicit(throwable)),
1933 "Catch type is not a subclass "
1934 "of Throwable in exception handler %d", handler_pc);
1935 return;
1936 }
1937 }
1938 if (start_pc < min) min = start_pc;
1939 if (end_pc > max) max = end_pc;
1940 }
1941 }
1942
1943 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1944 int localvariable_table_length = _method->localvariable_table_length();
1945 if (localvariable_table_length > 0) {
1946 LocalVariableTableElement* table = _method->localvariable_table_start();
1947 for (int i = 0; i < localvariable_table_length; i++) {
1948 u2 start_bci = table[i].start_bci;
1949 u2 length = table[i].length;
1950
1951 if (start_bci >= code_length || code_data[start_bci] == 0) {
1952 class_format_error(
1953 "Illegal local variable table start_pc %d", start_bci);
1954 return;
1955 }
1956 u4 end_bci = (u4)(start_bci + length);
1957 if (end_bci != code_length) {
1958 if (end_bci >= code_length || code_data[end_bci] == 0) {
1959 class_format_error( "Illegal local variable table length %d", length);
1960 return;
1961 }
1962 }
1963 }
1964 }
1965 }
1966
1967 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1968 StackMapFrame* current_frame,
1969 StackMapTable* stackmap_table,
1970 bool no_control_flow, TRAPS) {
1971 if (stackmap_index < stackmap_table->get_frame_count()) {
1972 int this_offset = stackmap_table->get_offset(stackmap_index);
1973 if (no_control_flow && this_offset > bci) {
1974 verify_error(ErrorContext::missing_stackmap(bci),
1975 "Expecting a stack map frame");
1976 return 0;
1977 }
1978 if (this_offset == bci) {
1979 ErrorContext ctx;
1980 // See if current stack map can be assigned to the frame in table.
1981 // current_frame is the stackmap frame got from the last instruction.
1982 // If matched, current_frame will be updated by this method.
1983 bool matches = stackmap_table->match_stackmap(
1984 current_frame, this_offset, stackmap_index,
1985 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1986 if (!matches) {
1987 // report type error
1988 verify_error(ctx, "Instruction type does not match stack map");
1989 return 0;
1990 }
1991 stackmap_index++;
1992 } else if (this_offset < bci) {
1993 // current_offset should have met this_offset.
1994 class_format_error("Bad stack map offset %d", this_offset);
1995 return 0;
1996 }
1997 } else if (no_control_flow) {
1998 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1999 return 0;
2000 }
2001 return stackmap_index;
2002 }
2003
2004 // Since this method references the constant pool, call was_recursively_verified()
2005 // before calling this method to make sure a prior class load did not cause the
2006 // current class to get verified.
2007 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
2008 StackMapFrame* current_frame,
2009 StackMapTable* stackmap_table, TRAPS) {
2010 constantPoolHandle cp (THREAD, _method->constants());
2011 ExceptionTable exhandlers(_method());
2012 int exlength = exhandlers.length();
2013 for(int i = 0; i < exlength; i++) {
2014 u2 start_pc = exhandlers.start_pc(i);
2015 u2 end_pc = exhandlers.end_pc(i);
2016 u2 handler_pc = exhandlers.handler_pc(i);
2017 int catch_type_index = exhandlers.catch_type_index(i);
2018 if(bci >= start_pc && bci < end_pc) {
2019 u1 flags = current_frame->flags();
2020 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2021 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2022 if (catch_type_index != 0) {
2023 if (was_recursively_verified()) return;
2024 // We know that this index refers to a subclass of Throwable
2025 VerificationType catch_type = cp_index_to_type(
2026 catch_type_index, cp, CHECK_VERIFY(this));
2027 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2028 } else {
2029 VerificationType throwable =
2030 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2031 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2032 }
2033 ErrorContext ctx;
2034 bool matches = stackmap_table->match_stackmap(
2035 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2036 if (!matches) {
2037 verify_error(ctx, "Stack map does not match the one at "
2038 "exception handler %d", handler_pc);
2039 return;
2040 }
2041 }
2042 }
2043 }
2044
2045 void ClassVerifier::verify_cp_index(
2046 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2047 int nconstants = cp->length();
2048 if ((index <= 0) || (index >= nconstants)) {
2049 verify_error(ErrorContext::bad_cp_index(bci, index),
2050 "Illegal constant pool index %d in class %s",
2051 index, cp->pool_holder()->external_name());
2052 return;
2053 }
2054 }
2055
2056 void ClassVerifier::verify_cp_type(
2057 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2058
2059 // In some situations, bytecode rewriting may occur while we're verifying.
2060 // In this case, a constant pool cache exists and some indices refer to that
2061 // instead. Be sure we don't pick up such indices by accident.
2062 // We must check was_recursively_verified() before we get here.
2063 guarantee(cp->cache() == nullptr, "not rewritten yet");
2064
2065 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2066 unsigned int tag = cp->tag_at(index).value();
2067 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2068 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2069 verify_error(ErrorContext::bad_cp_index(bci, index),
2070 "Illegal type at constant pool entry %d in class %s",
2071 index, cp->pool_holder()->external_name());
2072 return;
2073 }
2074 }
2075
2076 void ClassVerifier::verify_cp_class_type(
2077 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2078 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2079 constantTag tag = cp->tag_at(index);
2080 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2081 verify_error(ErrorContext::bad_cp_index(bci, index),
2082 "Illegal type at constant pool entry %d in class %s",
2083 index, cp->pool_holder()->external_name());
2084 return;
2085 }
2086 }
2087
2088 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2089 stringStream ss;
2090
2091 ctx.reset_frames();
2092 _exception_type = vmSymbols::java_lang_VerifyError();
2093 _error_context = ctx;
2094 va_list va;
2095 va_start(va, msg);
2096 ss.vprint(msg, va);
2097 va_end(va);
2098 _message = ss.as_string();
2099 #ifdef ASSERT
2100 ResourceMark rm;
2101 const char* exception_name = _exception_type->as_C_string();
2102 Exceptions::debug_check_abort(exception_name, nullptr);
2103 #endif // ndef ASSERT
2104 }
2105
2106 void ClassVerifier::class_format_error(const char* msg, ...) {
2107 stringStream ss;
2108 _exception_type = vmSymbols::java_lang_ClassFormatError();
2109 va_list va;
2110 va_start(va, msg);
2111 ss.vprint(msg, va);
2112 va_end(va);
2113 if (!_method.is_null()) {
2114 ss.print(" in method '");
2115 _method->print_external_name(&ss);
2116 ss.print("'");
2117 }
2118 _message = ss.as_string();
2119 }
2120
2121 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2122 HandleMark hm(THREAD);
2123 // Get current loader first.
2124 oop loader = current_class()->class_loader();
2125
2126 assert(name_in_supers(name, current_class()), "name should be a super class");
2127
2128 Klass* kls = SystemDictionary::resolve_or_fail(
2129 name, Handle(THREAD, loader), true, THREAD);
2130
2131 if (kls != nullptr) {
2132 if (log_is_enabled(Debug, class, resolve)) {
2133 Verifier::trace_class_resolution(kls, current_class());
2134 }
2135 }
2136 return kls;
2137 }
2138
2139 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2140 Klass* target_class,
2141 Symbol* field_name,
2142 Symbol* field_sig,
2143 bool is_method) {
2144 NoSafepointVerifier nosafepoint;
2145
2146 // If target class isn't a super class of this class, we don't worry about this case
2147 if (!this_class->is_subclass_of(target_class)) {
2148 return false;
2149 }
2150 // Check if the specified method or field is protected
2151 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2152 fieldDescriptor fd;
2153 if (is_method) {
2154 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2155 if (m != nullptr && m->is_protected()) {
2156 if (!this_class->is_same_class_package(m->method_holder())) {
2157 return true;
2158 }
2159 }
2160 } else {
2161 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2162 if (member_klass != nullptr && fd.is_protected()) {
2163 if (!this_class->is_same_class_package(member_klass)) {
2164 return true;
2165 }
2166 }
2167 }
2168 return false;
2169 }
2170
2171 void ClassVerifier::verify_ldc(
2172 int opcode, u2 index, StackMapFrame* current_frame,
2173 const constantPoolHandle& cp, int bci, TRAPS) {
2174 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2175 constantTag tag = cp->tag_at(index);
2176 unsigned int types = 0;
2177 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2178 if (!tag.is_unresolved_klass()) {
2179 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2180 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2181 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2182 | (1 << JVM_CONSTANT_Dynamic);
2183 // Note: The class file parser already verified the legality of
2184 // MethodHandle and MethodType constants.
2185 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2186 }
2187 } else {
2188 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2189 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2190 | (1 << JVM_CONSTANT_Dynamic);
2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2192 }
2193 if (tag.is_string()) {
2194 current_frame->push_stack(
2195 VerificationType::reference_type(
2196 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2197 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2198 current_frame->push_stack(
2199 VerificationType::reference_type(
2200 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2201 } else if (tag.is_int()) {
2202 current_frame->push_stack(
2203 VerificationType::integer_type(), CHECK_VERIFY(this));
2204 } else if (tag.is_float()) {
2205 current_frame->push_stack(
2206 VerificationType::float_type(), CHECK_VERIFY(this));
2207 } else if (tag.is_double()) {
2208 current_frame->push_stack_2(
2209 VerificationType::double_type(),
2210 VerificationType::double2_type(), CHECK_VERIFY(this));
2211 } else if (tag.is_long()) {
2212 current_frame->push_stack_2(
2213 VerificationType::long_type(),
2214 VerificationType::long2_type(), CHECK_VERIFY(this));
2215 } else if (tag.is_method_handle()) {
2216 current_frame->push_stack(
2217 VerificationType::reference_type(
2218 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2219 } else if (tag.is_method_type()) {
2220 current_frame->push_stack(
2221 VerificationType::reference_type(
2222 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2223 } else if (tag.is_dynamic_constant()) {
2224 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2225 // Field signature was checked in ClassFileParser.
2226 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2227 "Invalid type for dynamic constant");
2228 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2229 "buffer type must match VerificationType size");
2230 uintptr_t constant_type_buffer[2];
2231 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2232 SignatureStream sig_stream(constant_type, false);
2233 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2234 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2235 if (n != opcode_n) {
2236 // wrong kind of ldc; reverify against updated type mask
2237 types &= ~(1 << JVM_CONSTANT_Dynamic);
2238 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2239 }
2240 for (int i = 0; i < n; i++) {
2241 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2242 }
2243 } else {
2244 /* Unreachable? verify_cp_type has already validated the cp type. */
2245 verify_error(
2246 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2247 return;
2248 }
2249 }
2250
2251 void ClassVerifier::verify_switch(
2252 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2253 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2254 int bci = bcs->bci();
2255 address bcp = bcs->bcp();
2256 address aligned_bcp = align_up(bcp + 1, jintSize);
2257
2258 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2259 // 4639449 & 4647081: padding bytes must be 0
2260 u2 padding_offset = 1;
2261 while ((bcp + padding_offset) < aligned_bcp) {
2262 if(*(bcp + padding_offset) != 0) {
2263 verify_error(ErrorContext::bad_code(bci),
2264 "Nonzero padding byte in lookupswitch or tableswitch");
2265 return;
2266 }
2267 padding_offset++;
2268 }
2269 }
2270
2271 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2272 int keys, delta;
2273 current_frame->pop_stack(
2274 VerificationType::integer_type(), CHECK_VERIFY(this));
2275 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2276 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2277 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2278 if (low > high) {
2279 verify_error(ErrorContext::bad_code(bci),
2280 "low must be less than or equal to high in tableswitch");
2281 return;
2282 }
2283 int64_t keys64 = ((int64_t)high - low) + 1;
2284 if (keys64 > 65535) { // Max code length
2285 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2286 return;
2287 }
2288 keys = (int)keys64;
2289 delta = 1;
2290 } else {
2291 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2292 if (keys < 0) {
2293 verify_error(ErrorContext::bad_code(bci),
2294 "number of keys in lookupswitch less than 0");
2295 return;
2296 }
2297 delta = 2;
2298 // Make sure that the lookupswitch items are sorted
2299 for (int i = 0; i < (keys - 1); i++) {
2300 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2301 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2302 if (this_key >= next_key) {
2303 verify_error(ErrorContext::bad_code(bci),
2304 "Bad lookupswitch instruction");
2305 return;
2306 }
2307 }
2308 }
2309 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2310 for (int i = 0; i < keys; i++) {
2311 // Because check_jump_target() may safepoint, the bytecode could have
2312 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2313 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2314 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2315 stackmap_table->check_jump_target(
2316 current_frame, bci, offset, CHECK_VERIFY(this));
2317 }
2318 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2319 }
2320
2321 bool ClassVerifier::name_in_supers(
2322 Symbol* ref_name, InstanceKlass* current) {
2323 Klass* super = current->super();
2324 while (super != nullptr) {
2325 if (super->name() == ref_name) {
2326 return true;
2327 }
2328 super = super->super();
2329 }
2330 return false;
2331 }
2332
2333 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2334 StackMapFrame* current_frame,
2335 const constantPoolHandle& cp,
2336 bool allow_arrays,
2337 TRAPS) {
2338 u2 index = bcs->get_index_u2();
2339 verify_cp_type(bcs->bci(), index, cp,
2340 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2341
2342 // Get field name and signature
2343 Symbol* field_name = cp->uncached_name_ref_at(index);
2344 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2345 bool is_getfield = false;
2346
2347 // Field signature was checked in ClassFileParser.
2348 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2349 "Invalid field signature");
2350
2351 // Get referenced class type
2352 VerificationType ref_class_type = cp_ref_index_to_type(
2353 index, cp, CHECK_VERIFY(this));
2354 if (!ref_class_type.is_object() &&
2355 (!allow_arrays || !ref_class_type.is_array())) {
2356 verify_error(ErrorContext::bad_type(bcs->bci(),
2357 TypeOrigin::cp(index, ref_class_type)),
2358 "Expecting reference to class in class %s at constant pool index %d",
2359 _klass->external_name(), index);
2360 return;
2361 }
2362
2363 VerificationType target_class_type = ref_class_type;
2364
2365 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2366 "buffer type must match VerificationType size");
2367 uintptr_t field_type_buffer[2];
2368 VerificationType* field_type = (VerificationType*)field_type_buffer;
2369 // If we make a VerificationType[2] array directly, the compiler calls
2370 // to the c-runtime library to do the allocation instead of just
2371 // stack allocating it. Plus it would run constructors. This shows up
2372 // in performance profiles.
2373
2374 SignatureStream sig_stream(field_sig, false);
2375 VerificationType stack_object_type;
2376 int n = change_sig_to_verificationType(&sig_stream, field_type);
2377 int bci = bcs->bci();
2378 bool is_assignable;
2379 switch (bcs->raw_code()) {
2380 case Bytecodes::_getstatic: {
2381 for (int i = 0; i < n; i++) {
2382 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2383 }
2384 break;
2385 }
2386 case Bytecodes::_putstatic: {
2387 for (int i = n - 1; i >= 0; i--) {
2388 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2389 }
2390 break;
2391 }
2392 case Bytecodes::_getfield: {
2393 is_getfield = true;
2394 stack_object_type = current_frame->pop_stack(
2395 target_class_type, CHECK_VERIFY(this));
2396 goto check_protected;
2397 }
2398 case Bytecodes::_putfield: {
2399 for (int i = n - 1; i >= 0; i--) {
2400 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2401 }
2402 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2403
2404 // Field initialization is allowed before the superclass
2405 // initializer, if the field is defined within the current class.
2406 fieldDescriptor fd;
2407 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2408 target_class_type.equals(current_type());
2409 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2410 if (is_local_field) {
2411 // Set the type to the current type so the is_assignable check passes.
2412 stack_object_type = current_type();
2413
2414 if (fd.access_flags().is_strict()) {
2415 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2416 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2417 fd.name()->as_C_string(), fd.signature()->as_C_string());
2418 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2419 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2420 }
2421 }
2422 }
2423 } else if (supports_strict_fields(_klass)) {
2424 // `strict` fields are not writable, but only local fields produce verification errors
2425 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2426 verify_error(ErrorContext::bad_code(bci),
2427 "Illegal use of putfield on a strict field");
2428 return;
2429 }
2430 }
2431 is_assignable = target_class_type.is_assignable_from(
2432 stack_object_type, this, false, CHECK_VERIFY(this));
2433 if (!is_assignable) {
2434 verify_error(ErrorContext::bad_type(bci,
2435 current_frame->stack_top_ctx(),
2436 TypeOrigin::cp(index, target_class_type)),
2437 "Bad type on operand stack in putfield");
2438 return;
2439 }
2440 }
2441 check_protected: {
2442 if (_this_type == stack_object_type)
2443 break; // stack_object_type must be assignable to _current_class_type
2444 if (was_recursively_verified()) {
2445 if (is_getfield) {
2446 // Push field type for getfield.
2447 for (int i = 0; i < n; i++) {
2448 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2449 }
2450 }
2451 return;
2452 }
2453 Symbol* ref_class_name =
2454 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2455 if (!name_in_supers(ref_class_name, current_class()))
2456 // stack_object_type must be assignable to _current_class_type since:
2457 // 1. stack_object_type must be assignable to ref_class.
2458 // 2. ref_class must be _current_class or a subclass of it. It can't
2459 // be a superclass of it. See revised JVMS 5.4.4.
2460 break;
2461
2462 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2463 if (is_protected_access(current_class(), ref_class_oop, field_name,
2464 field_sig, false)) {
2465 // It's protected access, check if stack object is assignable to
2466 // current class.
2467 is_assignable = current_type().is_assignable_from(
2468 stack_object_type, this, true, CHECK_VERIFY(this));
2469 if (!is_assignable) {
2470 verify_error(ErrorContext::bad_type(bci,
2471 current_frame->stack_top_ctx(),
2472 TypeOrigin::implicit(current_type())),
2473 "Bad access to protected data in %s",
2474 is_getfield ? "getfield" : "putfield");
2475 return;
2476 }
2477 }
2478 break;
2479 }
2480 default: ShouldNotReachHere();
2481 }
2482 if (is_getfield) {
2483 // Push field type for getfield after doing protection check.
2484 for (int i = 0; i < n; i++) {
2485 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2486 }
2487 }
2488 }
2489
2490 void ClassVerifier::verify_invoke_init(
2491 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2492 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2493 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2494 TRAPS) {
2495 int bci = bcs->bci();
2496 VerificationType type = current_frame->pop_stack(
2497 VerificationType::reference_check(), CHECK_VERIFY(this));
2498 if (type == VerificationType::uninitialized_this_type()) {
2499 // The method must be an <init> method of this class or its superclass
2500 Klass* superk = current_class()->super();
2501 if (ref_class_type.name() != current_class()->name() &&
2502 ref_class_type.name() != superk->name()) {
2503 verify_error(ErrorContext::bad_type(bci,
2504 TypeOrigin::implicit(ref_class_type),
2505 TypeOrigin::implicit(current_type())),
2506 "Bad <init> method call");
2507 return;
2508 } else if (ref_class_type.name() == superk->name()) {
2509 // Strict final fields must be satisfied by this point
2510 if (!current_frame->verify_unset_fields_satisfied()) {
2511 log_info(verification)("Strict instance fields not initialized");
2512 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2513 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2514 }
2515 }
2516
2517 // If this invokespecial call is done from inside of a TRY block then make
2518 // sure that all catch clause paths end in a throw. Otherwise, this can
2519 // result in returning an incomplete object.
2520 if (in_try_block) {
2521 // Check the exception handler target stackmaps with the locals from the
2522 // incoming stackmap (before initialize_object() changes them to outgoing
2523 // state).
2524 if (was_recursively_verified()) return;
2525 verify_exception_handler_targets(bci, true, current_frame,
2526 stackmap_table, CHECK_VERIFY(this));
2527 } // in_try_block
2528
2529 current_frame->initialize_object(type, current_type());
2530 *this_uninit = true;
2531 } else if (type.is_uninitialized()) {
2532 u2 new_offset = type.bci();
2533 address new_bcp = bcs->bcp() - bci + new_offset;
2534 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2535 /* Unreachable? Stack map parsing ensures valid type and new
2536 * instructions have a valid BCI. */
2537 verify_error(ErrorContext::bad_code(new_offset),
2538 "Expecting new instruction");
2539 return;
2540 }
2541 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2542 if (was_recursively_verified()) return;
2543 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2544
2545 // The method must be an <init> method of the indicated class
2546 VerificationType new_class_type = cp_index_to_type(
2547 new_class_index, cp, CHECK_VERIFY(this));
2548 if (!new_class_type.equals(ref_class_type)) {
2549 verify_error(ErrorContext::bad_type(bci,
2550 TypeOrigin::cp(new_class_index, new_class_type),
2551 TypeOrigin::cp(ref_class_index, ref_class_type)),
2552 "Call to wrong <init> method");
2553 return;
2554 }
2555 // According to the VM spec, if the referent class is a superclass of the
2556 // current class, and is in a different runtime package, and the method is
2557 // protected, then the objectref must be the current class or a subclass
2558 // of the current class.
2559 VerificationType objectref_type = new_class_type;
2560 if (name_in_supers(ref_class_type.name(), current_class())) {
2561 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2562 if (was_recursively_verified()) return;
2563 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2564 vmSymbols::object_initializer_name(),
2565 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2566 Klass::OverpassLookupMode::find);
2567 // Do nothing if method is not found. Let resolution detect the error.
2568 if (m != nullptr) {
2569 InstanceKlass* mh = m->method_holder();
2570 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2571 bool assignable = current_type().is_assignable_from(
2572 objectref_type, this, true, CHECK_VERIFY(this));
2573 if (!assignable) {
2574 verify_error(ErrorContext::bad_type(bci,
2575 TypeOrigin::cp(new_class_index, objectref_type),
2576 TypeOrigin::implicit(current_type())),
2577 "Bad access to protected <init> method");
2578 return;
2579 }
2580 }
2581 }
2582 }
2583 // Check the exception handler target stackmaps with the locals from the
2584 // incoming stackmap (before initialize_object() changes them to outgoing
2585 // state).
2586 if (in_try_block) {
2587 if (was_recursively_verified()) return;
2588 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2589 stackmap_table, CHECK_VERIFY(this));
2590 }
2591 current_frame->initialize_object(type, new_class_type);
2592 } else {
2593 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2594 "Bad operand type when invoking <init>");
2595 return;
2596 }
2597 }
2598
2599 bool ClassVerifier::is_same_or_direct_interface(
2600 InstanceKlass* klass,
2601 VerificationType klass_type,
2602 VerificationType ref_class_type) {
2603 if (ref_class_type.equals(klass_type)) return true;
2604 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2605 if (local_interfaces != nullptr) {
2606 for (int x = 0; x < local_interfaces->length(); x++) {
2607 InstanceKlass* k = local_interfaces->at(x);
2608 assert (k != nullptr && k->is_interface(), "invalid interface");
2609 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2610 return true;
2611 }
2612 }
2613 }
2614 return false;
2615 }
2616
2617 void ClassVerifier::verify_invoke_instructions(
2618 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2619 bool in_try_block, bool *this_uninit,
2620 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2621 // Make sure the constant pool item is the right type
2622 u2 index = bcs->get_index_u2();
2623 Bytecodes::Code opcode = bcs->raw_code();
2624 unsigned int types = 0;
2625 switch (opcode) {
2626 case Bytecodes::_invokeinterface:
2627 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2628 break;
2629 case Bytecodes::_invokedynamic:
2630 types = 1 << JVM_CONSTANT_InvokeDynamic;
2631 break;
2632 case Bytecodes::_invokespecial:
2633 case Bytecodes::_invokestatic:
2634 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2635 (1 << JVM_CONSTANT_Methodref) :
2636 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2637 break;
2638 default:
2639 types = 1 << JVM_CONSTANT_Methodref;
2640 }
2641 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2642
2643 // Get method name and signature
2644 Symbol* method_name = cp->uncached_name_ref_at(index);
2645 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2646
2647 // Method signature was checked in ClassFileParser.
2648 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2649 "Invalid method signature");
2650
2651 // Get referenced class
2652 VerificationType ref_class_type;
2653 if (opcode == Bytecodes::_invokedynamic) {
2654 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2655 class_format_error(
2656 "invokedynamic instructions not supported by this class file version (%d), class %s",
2657 _klass->major_version(), _klass->external_name());
2658 return;
2659 }
2660 } else {
2661 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2662 }
2663
2664 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2665 "buffer type must match VerificationType size");
2666
2667 // Get the UTF8 index for this signature.
2668 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2669
2670 // Get the signature's verification types.
2671 sig_as_verification_types* mth_sig_verif_types;
2672 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2673 if (mth_sig_verif_types_ptr != nullptr) {
2674 // Found the entry for the signature's verification types in the hash table.
2675 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2676 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2677 } else {
2678 // Not found, add the entry to the table.
2679 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2680 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2681 create_method_sig_entry(mth_sig_verif_types, sig_index);
2682 }
2683
2684 // Get the number of arguments for this signature.
2685 int nargs = mth_sig_verif_types->num_args();
2686
2687 // Check instruction operands
2688 int bci = bcs->bci();
2689 if (opcode == Bytecodes::_invokeinterface) {
2690 address bcp = bcs->bcp();
2691 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2692 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2693 // the difference between the size of the operand stack before and after the instruction
2694 // executes.
2695 if (*(bcp+3) != (nargs+1)) {
2696 verify_error(ErrorContext::bad_code(bci),
2697 "Inconsistent args count operand in invokeinterface");
2698 return;
2699 }
2700 if (*(bcp+4) != 0) {
2701 verify_error(ErrorContext::bad_code(bci),
2702 "Fourth operand byte of invokeinterface must be zero");
2703 return;
2704 }
2705 }
2706
2707 if (opcode == Bytecodes::_invokedynamic) {
2708 address bcp = bcs->bcp();
2709 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2710 verify_error(ErrorContext::bad_code(bci),
2711 "Third and fourth operand bytes of invokedynamic must be zero");
2712 return;
2713 }
2714 }
2715
2716 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2717 // Make sure:
2718 // <init> can only be invoked by invokespecial.
2719 if (opcode != Bytecodes::_invokespecial ||
2720 method_name != vmSymbols::object_initializer_name()) {
2721 verify_error(ErrorContext::bad_code(bci),
2722 "Illegal call to internal method");
2723 return;
2724 }
2725 }
2726 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2727 // or any superclass (including Object).
2728 else if (opcode == Bytecodes::_invokespecial
2729 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2730 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { // super() can never be an inline_type.
2731
2732 // We know it is not current class, direct superinterface or immediate superclass. That means it
2733 // could be:
2734 // - a totally unrelated class or interface
2735 // - an indirect superinterface
2736 // - an indirect superclass (including Object)
2737 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2738 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2739 // implemented as assignability treats all interfaces as Object.
2740
2741 bool is_interface = false; // This can only be set true if the assignability check will return true
2742 // and we loaded the class. For any other "true" returns (e.g. same class
2743 // or Object) we either can't get here (same class already excluded above)
2744 // or we know it is not an interface (i.e. Object).
2745 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2746 &is_interface, CHECK_VERIFY(this));
2747 if (!subtype) { // Totally unrelated class
2748 verify_error(ErrorContext::bad_code(bci),
2749 "Bad invokespecial instruction: "
2750 "current class isn't assignable to reference class.");
2751 return;
2752 } else {
2753 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2754 // Any interface use is an error.
2755 if (is_interface) {
2756 verify_error(ErrorContext::bad_code(bci),
2757 "Bad invokespecial instruction: "
2758 "interface method to invoke is not in a direct superinterface.");
2759 return;
2760 }
2761 }
2762 }
2763
2764 // Get the verification types for the method's arguments.
2765 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2766 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2767 // Match method descriptor with operand stack
2768 // The arguments are on the stack in descending order.
2769 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2770 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2771 }
2772
2773 // Check objectref on operand stack
2774 if (opcode != Bytecodes::_invokestatic &&
2775 opcode != Bytecodes::_invokedynamic) {
2776 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2777 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2778 code_length, in_try_block, this_uninit, cp, stackmap_table,
2779 CHECK_VERIFY(this));
2780 if (was_recursively_verified()) return;
2781 } else { // other methods
2782 // Ensures that target class is assignable to method class.
2783 if (opcode == Bytecodes::_invokespecial) {
2784 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2785 } else if (opcode == Bytecodes::_invokevirtual) {
2786 VerificationType stack_object_type =
2787 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2788 if (current_type() != stack_object_type) {
2789 if (was_recursively_verified()) return;
2790 assert(cp->cache() == nullptr, "not rewritten yet");
2791 Symbol* ref_class_name =
2792 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2793 // See the comments in verify_field_instructions() for
2794 // the rationale behind this.
2795 if (name_in_supers(ref_class_name, current_class())) {
2796 Klass* ref_class = load_class(ref_class_name, CHECK);
2797 if (is_protected_access(
2798 _klass, ref_class, method_name, method_sig, true)) {
2799 // It's protected access, check if stack object is
2800 // assignable to current class.
2801 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2802 && stack_object_type.is_array()
2803 && method_name == vmSymbols::clone_name()) {
2804 // Special case: arrays pretend to implement public Object
2805 // clone().
2806 } else {
2807 bool is_assignable = current_type().is_assignable_from(
2808 stack_object_type, this, true, CHECK_VERIFY(this));
2809 if (!is_assignable) {
2810 verify_error(ErrorContext::bad_type(bci,
2811 current_frame->stack_top_ctx(),
2812 TypeOrigin::implicit(current_type())),
2813 "Bad access to protected data in invokevirtual");
2814 return;
2815 }
2816 }
2817 }
2818 }
2819 }
2820 } else {
2821 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2822 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2823 }
2824 }
2825 }
2826 // Push the result type.
2827 int sig_verif_types_len = sig_verif_types->length();
2828 if (sig_verif_types_len > nargs) { // There's a return type
2829 if (method_name == vmSymbols::object_initializer_name()) {
2830 // an <init> method must have a void return type
2831 verify_error(ErrorContext::bad_code(bci),
2832 "Return type must be void in <init> method");
2833 return;
2834 }
2835
2836 assert(sig_verif_types_len <= nargs + 2,
2837 "Signature verification types array return type is bogus");
2838 for (int i = nargs; i < sig_verif_types_len; i++) {
2839 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2840 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2841 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2842 }
2843 }
2844 }
2845
2846 VerificationType ClassVerifier::get_newarray_type(
2847 u2 index, int bci, TRAPS) {
2848 const char* from_bt[] = {
2849 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2850 };
2851 if (index < T_BOOLEAN || index > T_LONG) {
2852 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2853 return VerificationType::bogus_type();
2854 }
2855
2856 // from_bt[index] contains the array signature which has a length of 2
2857 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2858 return VerificationType::reference_type(sig);
2859 }
2860
2861 void ClassVerifier::verify_anewarray(
2862 int bci, u2 index, const constantPoolHandle& cp,
2863 StackMapFrame* current_frame, TRAPS) {
2864 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2865 current_frame->pop_stack(
2866 VerificationType::integer_type(), CHECK_VERIFY(this));
2867
2868 if (was_recursively_verified()) return;
2869 VerificationType component_type =
2870 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2871 int length;
2872 char* arr_sig_str;
2873 if (component_type.is_array()) { // it's an array
2874 const char* component_name = component_type.name()->as_utf8();
2875 // Check for more than MAX_ARRAY_DIMENSIONS
2876 length = (int)strlen(component_name);
2877 if (length > MAX_ARRAY_DIMENSIONS &&
2878 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2879 verify_error(ErrorContext::bad_code(bci),
2880 "Illegal anewarray instruction, array has more than 255 dimensions");
2881 }
2882 // add one dimension to component
2883 length++;
2884 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2885 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2886 JVM_SIGNATURE_ARRAY, component_name);
2887 assert(n == length, "Unexpected number of characters in string");
2888 } else { // it's an object or interface
2889 const char* component_name = component_type.name()->as_utf8();
2890 // add one dimension to component with 'L' prepended and ';' postpended.
2891 length = (int)strlen(component_name) + 3;
2892 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2893 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2894 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2895 assert(n == length, "Unexpected number of characters in string");
2896 }
2897 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2898 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2899 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2900 }
2901
2902 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2903 current_frame->get_local(
2904 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2905 current_frame->push_stack(
2906 VerificationType::integer_type(), CHECK_VERIFY(this));
2907 }
2908
2909 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2910 current_frame->get_local_2(
2911 index, VerificationType::long_type(),
2912 VerificationType::long2_type(), CHECK_VERIFY(this));
2913 current_frame->push_stack_2(
2914 VerificationType::long_type(),
2915 VerificationType::long2_type(), CHECK_VERIFY(this));
2916 }
2917
2918 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2919 current_frame->get_local(
2920 index, VerificationType::float_type(), CHECK_VERIFY(this));
2921 current_frame->push_stack(
2922 VerificationType::float_type(), CHECK_VERIFY(this));
2923 }
2924
2925 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2926 current_frame->get_local_2(
2927 index, VerificationType::double_type(),
2928 VerificationType::double2_type(), CHECK_VERIFY(this));
2929 current_frame->push_stack_2(
2930 VerificationType::double_type(),
2931 VerificationType::double2_type(), CHECK_VERIFY(this));
2932 }
2933
2934 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2935 VerificationType type = current_frame->get_local(
2936 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2937 current_frame->push_stack(type, CHECK_VERIFY(this));
2938 }
2939
2940 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2941 current_frame->pop_stack(
2942 VerificationType::integer_type(), CHECK_VERIFY(this));
2943 current_frame->set_local(
2944 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2945 }
2946
2947 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2948 current_frame->pop_stack_2(
2949 VerificationType::long2_type(),
2950 VerificationType::long_type(), CHECK_VERIFY(this));
2951 current_frame->set_local_2(
2952 index, VerificationType::long_type(),
2953 VerificationType::long2_type(), CHECK_VERIFY(this));
2954 }
2955
2956 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2957 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2958 current_frame->set_local(
2959 index, VerificationType::float_type(), CHECK_VERIFY(this));
2960 }
2961
2962 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2963 current_frame->pop_stack_2(
2964 VerificationType::double2_type(),
2965 VerificationType::double_type(), CHECK_VERIFY(this));
2966 current_frame->set_local_2(
2967 index, VerificationType::double_type(),
2968 VerificationType::double2_type(), CHECK_VERIFY(this));
2969 }
2970
2971 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2972 VerificationType type = current_frame->pop_stack(
2973 VerificationType::reference_check(), CHECK_VERIFY(this));
2974 current_frame->set_local(index, type, CHECK_VERIFY(this));
2975 }
2976
2977 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2978 VerificationType type = current_frame->get_local(
2979 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2980 current_frame->set_local(index, type, CHECK_VERIFY(this));
2981 }
2982
2983 void ClassVerifier::verify_return_value(
2984 VerificationType return_type, VerificationType type, int bci,
2985 StackMapFrame* current_frame, TRAPS) {
2986 if (return_type == VerificationType::bogus_type()) {
2987 verify_error(ErrorContext::bad_type(bci,
2988 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2989 "Method does not expect a return value");
2990 return;
2991 }
2992 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2993 if (!match) {
2994 verify_error(ErrorContext::bad_type(bci,
2995 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2996 "Bad return type");
2997 return;
2998 }
2999 }
3000
3001 // The verifier creates symbols which are substrings of Symbols.
3002 // These are stored in the verifier until the end of verification so that
3003 // they can be reference counted.
3004 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3005 // Quick deduplication check
3006 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3007 return _previous_symbol;
3008 }
3009 Symbol* sym = SymbolTable::new_symbol(name, length);
3010 if (!sym->is_permanent()) {
3011 if (_symbols == nullptr) {
3012 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3013 }
3014 _symbols->push(sym);
3015 }
3016 _previous_symbol = sym;
3017 return sym;
3018 }