1 /* 2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "cds/cdsConfig.hpp" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/symbolTable.hpp" 34 #include "classfile/systemDictionary.hpp" 35 #include "classfile/verifier.hpp" 36 #include "classfile/vmClasses.hpp" 37 #include "classfile/vmSymbols.hpp" 38 #include "interpreter/bytecodes.hpp" 39 #include "interpreter/bytecodeStream.hpp" 40 #include "jvm.h" 41 #include "logging/log.hpp" 42 #include "logging/logStream.hpp" 43 #include "memory/oopFactory.hpp" 44 #include "memory/resourceArea.hpp" 45 #include "memory/universe.hpp" 46 #include "oops/constantPool.inline.hpp" 47 #include "oops/instanceKlass.inline.hpp" 48 #include "oops/klass.inline.hpp" 49 #include "oops/oop.inline.hpp" 50 #include "oops/typeArrayOop.hpp" 51 #include "runtime/arguments.hpp" 52 #include "runtime/fieldDescriptor.hpp" 53 #include "runtime/handles.inline.hpp" 54 #include "runtime/interfaceSupport.inline.hpp" 55 #include "runtime/javaCalls.hpp" 56 #include "runtime/javaThread.hpp" 57 #include "runtime/jniHandles.inline.hpp" 58 #include "runtime/os.hpp" 59 #include "runtime/safepointVerifiers.hpp" 60 #include "services/threadService.hpp" 61 #include "utilities/align.hpp" 62 #include "utilities/bytes.hpp" 63 64 #define NOFAILOVER_MAJOR_VERSION 51 65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 67 #define INLINE_TYPE_MAJOR_VERSION 56 68 #define MAX_ARRAY_DIMENSIONS 255 69 70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 71 72 extern "C" { 73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 74 } 75 76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr; 77 78 static verify_byte_codes_fn_t verify_byte_codes_fn() { 79 80 if (_verify_byte_codes_fn != nullptr) 81 return _verify_byte_codes_fn; 82 83 MutexLocker locker(Verify_lock); 84 85 if (_verify_byte_codes_fn != nullptr) 86 return _verify_byte_codes_fn; 87 88 // Load verify dll 89 char buffer[JVM_MAXPATHLEN]; 90 char ebuf[1024]; 91 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 92 return nullptr; // Caller will throw VerifyError 93 94 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 95 if (lib_handle == nullptr) 96 return nullptr; // Caller will throw VerifyError 97 98 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 99 if (fn == nullptr) 100 return nullptr; // Caller will throw VerifyError 101 102 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 103 } 104 105 106 // Methods in Verifier 107 108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 109 return (class_loader == nullptr || !should_verify_class) ? 110 BytecodeVerificationLocal : BytecodeVerificationRemote; 111 } 112 113 bool Verifier::relax_access_for(oop loader) { 114 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 115 bool need_verify = 116 // verifyAll 117 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 118 // verifyRemote 119 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 120 return !need_verify; 121 } 122 123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 124 assert(verify_class != nullptr, "Unexpected null verify_class"); 125 ResourceMark rm; 126 Symbol* s = verify_class->source_file_name(); 127 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr); 128 const char* verify = verify_class->external_name(); 129 const char* resolve = resolve_class->external_name(); 130 // print in a single call to reduce interleaving between threads 131 if (source_file != nullptr) { 132 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 133 } else { 134 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 135 } 136 } 137 138 // Prints the end-verification message to the appropriate output. 139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 140 if (pending_exception != nullptr) { 141 st->print("Verification for %s has", klassName); 142 oop message = java_lang_Throwable::message(pending_exception); 143 if (message != nullptr) { 144 char* ex_msg = java_lang_String::as_utf8_string(message); 145 st->print_cr(" exception pending '%s %s'", 146 pending_exception->klass()->external_name(), ex_msg); 147 } else { 148 st->print_cr(" exception pending %s ", 149 pending_exception->klass()->external_name()); 150 } 151 } else if (exception_name != nullptr) { 152 st->print_cr("Verification for %s failed", klassName); 153 } 154 st->print_cr("End class verification for: %s", klassName); 155 } 156 157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 158 HandleMark hm(THREAD); 159 ResourceMark rm(THREAD); 160 161 // Eagerly allocate the identity hash code for a klass. This is a fallout 162 // from 6320749 and 8059924: hash code generator is not supposed to be called 163 // during the safepoint, but it allows to sneak the hashcode in during 164 // verification. Without this eager hashcode generation, we may end up 165 // installing the hashcode during some other operation, which may be at 166 // safepoint -- blowing up the checks. It was previously done as the side 167 // effect (sic!) for external_name(), but instead of doing that, we opt to 168 // explicitly push the hashcode in here. This is signify the following block 169 // is IMPORTANT: 170 if (klass->java_mirror() != nullptr) { 171 klass->java_mirror()->identity_hash(); 172 } 173 174 if (!is_eligible_for_verification(klass, should_verify_class)) { 175 return true; 176 } 177 178 // Timer includes any side effects of class verification (resolution, 179 // etc), but not recursive calls to Verifier::verify(). 180 JavaThread* jt = THREAD; 181 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 182 ClassLoader::perf_class_verify_selftime(), 183 ClassLoader::perf_classes_verified(), 184 jt->get_thread_stat()->perf_recursion_counts_addr(), 185 jt->get_thread_stat()->perf_timers_addr(), 186 PerfClassTraceTime::CLASS_VERIFY); 187 188 // If the class should be verified, first see if we can use the split 189 // verifier. If not, or if verification fails and can failover, then 190 // call the inference verifier. 191 Symbol* exception_name = nullptr; 192 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 193 char* message_buffer = nullptr; 194 char* exception_message = nullptr; 195 196 log_info(class, init)("Start class verification for: %s", klass->external_name()); 197 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 198 ClassVerifier split_verifier(jt, klass); 199 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 200 split_verifier.verify_class(THREAD); 201 exception_name = split_verifier.result(); 202 203 // If dumping static archive then don't fall back to the old verifier on 204 // verification failure. If a class fails verification with the split verifier, 205 // it might fail the CDS runtime verifier constraint check. In that case, we 206 // don't want to share the class. We only archive classes that pass the split 207 // verifier. 208 bool can_failover = !CDSConfig::is_dumping_static_archive() && 209 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 210 211 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 212 (exception_name == vmSymbols::java_lang_VerifyError() || 213 exception_name == vmSymbols::java_lang_ClassFormatError())) { 214 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 215 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 216 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 217 exception_message = message_buffer; 218 exception_name = inference_verify( 219 klass, message_buffer, message_buffer_len, THREAD); 220 } 221 if (exception_name != nullptr) { 222 exception_message = split_verifier.exception_message(); 223 } 224 } else { 225 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 226 exception_message = message_buffer; 227 exception_name = inference_verify( 228 klass, message_buffer, message_buffer_len, THREAD); 229 } 230 231 LogTarget(Info, class, init) lt1; 232 if (lt1.is_enabled()) { 233 LogStream ls(lt1); 234 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 235 } 236 LogTarget(Info, verification) lt2; 237 if (lt2.is_enabled()) { 238 LogStream ls(lt2); 239 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 240 } 241 242 if (HAS_PENDING_EXCEPTION) { 243 return false; // use the existing exception 244 } else if (exception_name == nullptr) { 245 return true; // verification succeeded 246 } else { // VerifyError or ClassFormatError to be created and thrown 247 Klass* kls = 248 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 249 if (log_is_enabled(Debug, class, resolve)) { 250 Verifier::trace_class_resolution(kls, klass); 251 } 252 253 while (kls != nullptr) { 254 if (kls == klass) { 255 // If the class being verified is the exception we're creating 256 // or one of it's superclasses, we're in trouble and are going 257 // to infinitely recurse when we try to initialize the exception. 258 // So bail out here by throwing the preallocated VM error. 259 THROW_OOP_(Universe::internal_error_instance(), false); 260 } 261 kls = kls->super(); 262 } 263 if (message_buffer != nullptr) { 264 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 265 } 266 assert(exception_message != nullptr, ""); 267 THROW_MSG_(exception_name, exception_message, false); 268 } 269 } 270 271 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 272 Symbol* name = klass->name(); 273 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass(); 274 275 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr && 276 klass->is_subtype_of(refl_serialization_ctor_klass); 277 278 return (should_verify_for(klass->class_loader(), should_verify_class) && 279 // return if the class is a bootstrapping class 280 // or defineClass specified not to verify by default (flags override passed arg) 281 // We need to skip the following four for bootstrapping 282 name != vmSymbols::java_lang_Object() && 283 name != vmSymbols::java_lang_Class() && 284 name != vmSymbols::java_lang_String() && 285 name != vmSymbols::java_lang_Throwable() && 286 287 // Can not verify the bytecodes for shared classes because they have 288 // already been rewritten to contain constant pool cache indices, 289 // which the verifier can't understand. 290 // Shared classes shouldn't have stackmaps either. 291 // However, bytecodes for shared old classes can be verified because 292 // they have not been rewritten. 293 !(klass->is_shared() && klass->is_rewritten()) && 294 295 // As of the fix for 4486457 we disable verification for all of the 296 // dynamically-generated bytecodes associated with 297 // jdk/internal/reflect/SerializationConstructorAccessor. 298 (!is_reflect_accessor)); 299 } 300 301 Symbol* Verifier::inference_verify( 302 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 303 JavaThread* thread = THREAD; 304 305 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 306 307 if (verify_func == nullptr) { 308 jio_snprintf(message, message_len, "Could not link verifier"); 309 return vmSymbols::java_lang_VerifyError(); 310 } 311 312 ResourceMark rm(thread); 313 log_info(verification)("Verifying class %s with old format", klass->external_name()); 314 315 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 316 jint result; 317 318 { 319 HandleMark hm(thread); 320 ThreadToNativeFromVM ttn(thread); 321 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 322 // code knows that we have left the VM 323 JNIEnv *env = thread->jni_environment(); 324 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 325 } 326 327 JNIHandles::destroy_local(cls); 328 329 // These numbers are chosen so that VerifyClassCodes interface doesn't need 330 // to be changed (still return jboolean (unsigned char)), and result is 331 // 1 when verification is passed. 332 if (result == 0) { 333 return vmSymbols::java_lang_VerifyError(); 334 } else if (result == 1) { 335 return nullptr; // verified. 336 } else if (result == 2) { 337 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr); 338 } else if (result == 3) { 339 return vmSymbols::java_lang_ClassFormatError(); 340 } else { 341 ShouldNotReachHere(); 342 return nullptr; 343 } 344 } 345 346 TypeOrigin TypeOrigin::null() { 347 return TypeOrigin(); 348 } 349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) { 350 assert(frame != nullptr, "Must have a frame"); 351 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 352 frame->local_at(index)); 353 } 354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) { 355 assert(frame != nullptr, "Must have a frame"); 356 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 357 frame->stack_at(index)); 358 } 359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) { 360 assert(frame != nullptr, "Must have a frame"); 361 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 362 frame->local_at(index)); 363 } 364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) { 365 assert(frame != nullptr, "Must have a frame"); 366 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 367 frame->stack_at(index)); 368 } 369 TypeOrigin TypeOrigin::bad_index(int index) { 370 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type()); 371 } 372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) { 373 return TypeOrigin(CONST_POOL, index, nullptr, vt); 374 } 375 TypeOrigin TypeOrigin::signature(VerificationType vt) { 376 return TypeOrigin(SIG, 0, nullptr, vt); 377 } 378 TypeOrigin TypeOrigin::implicit(VerificationType t) { 379 return TypeOrigin(IMPLICIT, 0, nullptr, t); 380 } 381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 382 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 383 VerificationType::bogus_type()); 384 } 385 386 void TypeOrigin::reset_frame() { 387 if (_frame != nullptr) { 388 _frame->restore(); 389 } 390 } 391 392 void TypeOrigin::details(outputStream* ss) const { 393 _type.print_on(ss); 394 switch (_origin) { 395 case CF_LOCALS: 396 ss->print(" (current frame, locals[%d])", _index); 397 break; 398 case CF_STACK: 399 ss->print(" (current frame, stack[%d])", _index); 400 break; 401 case SM_LOCALS: 402 ss->print(" (stack map, locals[%d])", _index); 403 break; 404 case SM_STACK: 405 ss->print(" (stack map, stack[%d])", _index); 406 break; 407 case CONST_POOL: 408 ss->print(" (constant pool %d)", _index); 409 break; 410 case SIG: 411 ss->print(" (from method signature)"); 412 break; 413 case IMPLICIT: 414 case FRAME_ONLY: 415 case NONE: 416 default: 417 ; 418 } 419 } 420 421 #ifdef ASSERT 422 void TypeOrigin::print_on(outputStream* str) const { 423 str->print("{%d,%d,%p:", _origin, _index, _frame); 424 if (_frame != nullptr) { 425 _frame->print_on(str); 426 } else { 427 str->print("null"); 428 } 429 str->print(","); 430 _type.print_on(str); 431 str->print("}"); 432 } 433 #endif 434 435 void ErrorContext::details(outputStream* ss, const Method* method) const { 436 if (is_valid()) { 437 ss->cr(); 438 ss->print_cr("Exception Details:"); 439 location_details(ss, method); 440 reason_details(ss); 441 frame_details(ss); 442 bytecode_details(ss, method); 443 handler_details(ss, method); 444 stackmap_details(ss, method); 445 } 446 } 447 448 void ErrorContext::reason_details(outputStream* ss) const { 449 streamIndentor si(ss); 450 ss->indent().print_cr("Reason:"); 451 streamIndentor si2(ss); 452 ss->indent().print("%s", ""); 453 switch (_fault) { 454 case INVALID_BYTECODE: 455 ss->print("Error exists in the bytecode"); 456 break; 457 case WRONG_TYPE: 458 if (_expected.is_valid()) { 459 ss->print("Type "); 460 _type.details(ss); 461 ss->print(" is not assignable to "); 462 _expected.details(ss); 463 } else { 464 ss->print("Invalid type: "); 465 _type.details(ss); 466 } 467 break; 468 case FLAGS_MISMATCH: 469 if (_expected.is_valid()) { 470 ss->print("Current frame's flags are not assignable " 471 "to stack map frame's."); 472 } else { 473 ss->print("Current frame's flags are invalid in this context."); 474 } 475 break; 476 case BAD_CP_INDEX: 477 ss->print("Constant pool index %d is invalid", _type.index()); 478 break; 479 case BAD_LOCAL_INDEX: 480 ss->print("Local index %d is invalid", _type.index()); 481 break; 482 case LOCALS_SIZE_MISMATCH: 483 ss->print("Current frame's local size doesn't match stackmap."); 484 break; 485 case STACK_SIZE_MISMATCH: 486 ss->print("Current frame's stack size doesn't match stackmap."); 487 break; 488 case STACK_OVERFLOW: 489 ss->print("Exceeded max stack size."); 490 break; 491 case STACK_UNDERFLOW: 492 ss->print("Attempt to pop empty stack."); 493 break; 494 case MISSING_STACKMAP: 495 ss->print("Expected stackmap frame at this location."); 496 break; 497 case BAD_STACKMAP: 498 ss->print("Invalid stackmap specification."); 499 break; 500 case WRONG_INLINE_TYPE: 501 ss->print("Type "); 502 _type.details(ss); 503 ss->print(" and type "); 504 _expected.details(ss); 505 ss->print(" must be identical inline types."); 506 break; 507 case UNKNOWN: 508 default: 509 ShouldNotReachHere(); 510 ss->print_cr("Unknown"); 511 } 512 ss->cr(); 513 } 514 515 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 516 if (_bci != -1 && method != nullptr) { 517 streamIndentor si(ss); 518 const char* bytecode_name = "<invalid>"; 519 if (method->validate_bci(_bci) != -1) { 520 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 521 if (Bytecodes::is_defined(code)) { 522 bytecode_name = Bytecodes::name(code); 523 } else { 524 bytecode_name = "<illegal>"; 525 } 526 } 527 InstanceKlass* ik = method->method_holder(); 528 ss->indent().print_cr("Location:"); 529 streamIndentor si2(ss); 530 ss->indent().print_cr("%s.%s%s @%d: %s", 531 ik->name()->as_C_string(), method->name()->as_C_string(), 532 method->signature()->as_C_string(), _bci, bytecode_name); 533 } 534 } 535 536 void ErrorContext::frame_details(outputStream* ss) const { 537 streamIndentor si(ss); 538 if (_type.is_valid() && _type.frame() != nullptr) { 539 ss->indent().print_cr("Current Frame:"); 540 streamIndentor si2(ss); 541 _type.frame()->print_on(ss); 542 } 543 if (_expected.is_valid() && _expected.frame() != nullptr) { 544 ss->indent().print_cr("Stackmap Frame:"); 545 streamIndentor si2(ss); 546 _expected.frame()->print_on(ss); 547 } 548 } 549 550 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 551 if (method != nullptr) { 552 streamIndentor si(ss); 553 ss->indent().print_cr("Bytecode:"); 554 streamIndentor si2(ss); 555 ss->print_data(method->code_base(), method->code_size(), false); 556 } 557 } 558 559 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 560 if (method != nullptr) { 561 streamIndentor si(ss); 562 ExceptionTable table(method); 563 if (table.length() > 0) { 564 ss->indent().print_cr("Exception Handler Table:"); 565 streamIndentor si2(ss); 566 for (int i = 0; i < table.length(); ++i) { 567 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 568 table.end_pc(i), table.handler_pc(i)); 569 } 570 } 571 } 572 } 573 574 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 575 if (method != nullptr && method->has_stackmap_table()) { 576 streamIndentor si(ss); 577 ss->indent().print_cr("Stackmap Table:"); 578 Array<u1>* data = method->stackmap_data(); 579 stack_map_table* sm_table = 580 stack_map_table::at((address)data->adr_at(0)); 581 stack_map_frame* sm_frame = sm_table->entries(); 582 streamIndentor si2(ss); 583 int current_offset = -1; 584 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 585 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 586 ss->indent(); 587 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 588 sm_frame->print_truncated(ss, current_offset); 589 return; 590 } 591 sm_frame->print_on(ss, current_offset); 592 ss->cr(); 593 current_offset += sm_frame->offset_delta(); 594 sm_frame = sm_frame->next(); 595 } 596 } 597 } 598 599 // Methods in ClassVerifier 600 601 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 602 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr), 603 _message(nullptr), _klass(klass) { 604 _this_type = VerificationType::reference_type(klass->name()); 605 } 606 607 ClassVerifier::~ClassVerifier() { 608 // Decrement the reference count for any symbols created. 609 if (_symbols != nullptr) { 610 for (int i = 0; i < _symbols->length(); i++) { 611 Symbol* s = _symbols->at(i); 612 s->decrement_refcount(); 613 } 614 } 615 } 616 617 VerificationType ClassVerifier::object_type() const { 618 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 619 } 620 621 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 622 VerificationType vt = VerificationType::reference_type( 623 create_temporary_symbol(sig, (int)strlen(sig))); 624 return TypeOrigin::implicit(vt); 625 } 626 627 static bool supports_strict_fields(InstanceKlass* klass) { 628 int ver = klass->major_version(); 629 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION || 630 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION); 631 } 632 633 void ClassVerifier::verify_class(TRAPS) { 634 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 635 636 // Either verifying both local and remote classes or just remote classes. 637 assert(BytecodeVerificationRemote, "Should not be here"); 638 639 Array<Method*>* methods = _klass->methods(); 640 int num_methods = methods->length(); 641 642 for (int index = 0; index < num_methods; index++) { 643 // Check for recursive re-verification before each method. 644 if (was_recursively_verified()) return; 645 646 Method* m = methods->at(index); 647 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 648 // If m is native or abstract, skip it. It is checked in class file 649 // parser that methods do not override a final method. Overpass methods 650 // are trusted since the VM generates them. 651 continue; 652 } 653 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 654 } 655 656 if (was_recursively_verified()){ 657 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 658 log_info(class, init)("Recursive verification detected for: %s", 659 _klass->external_name()); 660 } 661 } 662 663 // Translate the signature entries into verification types and save them in 664 // the growable array. Also, save the count of arguments. 665 void ClassVerifier::translate_signature(Symbol* const method_sig, 666 sig_as_verification_types* sig_verif_types) { 667 SignatureStream sig_stream(method_sig); 668 VerificationType sig_type[2]; 669 int sig_i = 0; 670 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 671 672 // Translate the signature arguments into verification types. 673 while (!sig_stream.at_return_type()) { 674 int n = change_sig_to_verificationType(&sig_stream, sig_type); 675 assert(n <= 2, "Unexpected signature type"); 676 677 // Store verification type(s). Longs and Doubles each have two verificationTypes. 678 for (int x = 0; x < n; x++) { 679 verif_types->push(sig_type[x]); 680 } 681 sig_i += n; 682 sig_stream.next(); 683 } 684 685 // Set final arg count, not including the return type. The final arg count will 686 // be compared with sig_verify_types' length to see if there is a return type. 687 sig_verif_types->set_num_args(sig_i); 688 689 // Store verification type(s) for the return type, if there is one. 690 if (sig_stream.type() != T_VOID) { 691 int n = change_sig_to_verificationType(&sig_stream, sig_type); 692 assert(n <= 2, "Unexpected signature return type"); 693 for (int y = 0; y < n; y++) { 694 verif_types->push(sig_type[y]); 695 } 696 } 697 } 698 699 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 700 int sig_index) { 701 // Translate the signature into verification types. 702 ConstantPool* cp = _klass->constants(); 703 Symbol* const method_sig = cp->symbol_at(sig_index); 704 translate_signature(method_sig, sig_verif_types); 705 706 // Add the list of this signature's verification types to the table. 707 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 708 assert(is_unique, "Duplicate entries in method_signature_table"); 709 } 710 711 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 712 HandleMark hm(THREAD); 713 _method = m; // initialize _method 714 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 715 716 // For clang, the only good constant format string is a literal constant format string. 717 #define bad_type_msg "Bad type on operand stack in %s" 718 719 u2 max_stack = m->verifier_max_stack(); 720 u2 max_locals = m->max_locals(); 721 constantPoolHandle cp(THREAD, m->constants()); 722 723 // Method signature was checked in ClassFileParser. 724 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 725 "Invalid method signature"); 726 727 // Initial stack map frame: offset is 0, stack is initially empty. 728 StackMapFrame current_frame(max_locals, max_stack, this); 729 // Set initial locals 730 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 731 732 u2 stackmap_index = 0; // index to the stackmap array 733 734 u4 code_length = m->code_size(); 735 736 // Scan the bytecode and map each instruction's start offset to a number. 737 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 738 739 int ex_min = code_length; 740 int ex_max = -1; 741 // Look through each item on the exception table. Each of the fields must refer 742 // to a legal instruction. 743 if (was_recursively_verified()) return; 744 verify_exception_handler_table( 745 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 746 747 // Look through each entry on the local variable table and make sure 748 // its range of code array offsets is valid. (4169817) 749 if (m->has_localvariable_table()) { 750 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 751 } 752 753 Array<u1>* stackmap_data = m->stackmap_data(); 754 StackMapStream stream(stackmap_data); 755 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 756 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 757 code_data, code_length, CHECK_VERIFY(this)); 758 759 LogTarget(Debug, verification) lt; 760 if (lt.is_enabled()) { 761 ResourceMark rm(THREAD); 762 LogStream ls(lt); 763 stackmap_table.print_on(&ls); 764 } 765 766 RawBytecodeStream bcs(m); 767 768 // Scan the byte code linearly from the start to the end 769 bool no_control_flow = false; // Set to true when there is no direct control 770 // flow from current instruction to the next 771 // instruction in sequence 772 773 Bytecodes::Code opcode; 774 while (!bcs.is_last_bytecode()) { 775 // Check for recursive re-verification before each bytecode. 776 if (was_recursively_verified()) return; 777 778 opcode = bcs.raw_next(); 779 int bci = bcs.bci(); 780 781 // Set current frame's offset to bci 782 current_frame.set_offset(bci); 783 current_frame.set_mark(); 784 785 // Make sure every offset in stackmap table point to the beginning to 786 // an instruction. Match current_frame to stackmap_table entry with 787 // the same offset if exists. 788 stackmap_index = verify_stackmap_table( 789 stackmap_index, bci, ¤t_frame, &stackmap_table, 790 no_control_flow, CHECK_VERIFY(this)); 791 792 793 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 794 bool verified_exc_handlers = false; 795 796 // Merge with the next instruction 797 { 798 int target; 799 VerificationType type, type2; 800 VerificationType atype; 801 802 LogTarget(Debug, verification) lt; 803 if (lt.is_enabled()) { 804 ResourceMark rm(THREAD); 805 LogStream ls(lt); 806 current_frame.print_on(&ls); 807 lt.print("offset = %d, opcode = %s", bci, 808 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 809 } 810 811 // Make sure wide instruction is in correct format 812 if (bcs.is_wide()) { 813 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 814 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 815 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 816 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 817 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 818 opcode != Bytecodes::_dstore) { 819 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 820 * if we encounter a wide instruction that modifies an invalid 821 * opcode (not one of the ones listed above) */ 822 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 823 return; 824 } 825 } 826 827 // Look for possible jump target in exception handlers and see if it 828 // matches current_frame. Do this check here for astore*, dstore*, 829 // fstore*, istore*, and lstore* opcodes because they can change the type 830 // state by adding a local. JVM Spec says that the incoming type state 831 // should be used for this check. So, do the check here before a possible 832 // local is added to the type state. 833 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 834 if (was_recursively_verified()) return; 835 verify_exception_handler_targets( 836 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 837 verified_exc_handlers = true; 838 } 839 840 if (was_recursively_verified()) return; 841 842 switch (opcode) { 843 case Bytecodes::_nop : 844 no_control_flow = false; break; 845 case Bytecodes::_aconst_null : 846 current_frame.push_stack( 847 VerificationType::null_type(), CHECK_VERIFY(this)); 848 no_control_flow = false; break; 849 case Bytecodes::_iconst_m1 : 850 case Bytecodes::_iconst_0 : 851 case Bytecodes::_iconst_1 : 852 case Bytecodes::_iconst_2 : 853 case Bytecodes::_iconst_3 : 854 case Bytecodes::_iconst_4 : 855 case Bytecodes::_iconst_5 : 856 current_frame.push_stack( 857 VerificationType::integer_type(), CHECK_VERIFY(this)); 858 no_control_flow = false; break; 859 case Bytecodes::_lconst_0 : 860 case Bytecodes::_lconst_1 : 861 current_frame.push_stack_2( 862 VerificationType::long_type(), 863 VerificationType::long2_type(), CHECK_VERIFY(this)); 864 no_control_flow = false; break; 865 case Bytecodes::_fconst_0 : 866 case Bytecodes::_fconst_1 : 867 case Bytecodes::_fconst_2 : 868 current_frame.push_stack( 869 VerificationType::float_type(), CHECK_VERIFY(this)); 870 no_control_flow = false; break; 871 case Bytecodes::_dconst_0 : 872 case Bytecodes::_dconst_1 : 873 current_frame.push_stack_2( 874 VerificationType::double_type(), 875 VerificationType::double2_type(), CHECK_VERIFY(this)); 876 no_control_flow = false; break; 877 case Bytecodes::_sipush : 878 case Bytecodes::_bipush : 879 current_frame.push_stack( 880 VerificationType::integer_type(), CHECK_VERIFY(this)); 881 no_control_flow = false; break; 882 case Bytecodes::_ldc : 883 verify_ldc( 884 opcode, bcs.get_index_u1(), ¤t_frame, 885 cp, bci, CHECK_VERIFY(this)); 886 no_control_flow = false; break; 887 case Bytecodes::_ldc_w : 888 case Bytecodes::_ldc2_w : 889 verify_ldc( 890 opcode, bcs.get_index_u2(), ¤t_frame, 891 cp, bci, CHECK_VERIFY(this)); 892 no_control_flow = false; break; 893 case Bytecodes::_iload : 894 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 895 no_control_flow = false; break; 896 case Bytecodes::_iload_0 : 897 case Bytecodes::_iload_1 : 898 case Bytecodes::_iload_2 : 899 case Bytecodes::_iload_3 : { 900 int index = opcode - Bytecodes::_iload_0; 901 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 902 no_control_flow = false; break; 903 } 904 case Bytecodes::_lload : 905 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 906 no_control_flow = false; break; 907 case Bytecodes::_lload_0 : 908 case Bytecodes::_lload_1 : 909 case Bytecodes::_lload_2 : 910 case Bytecodes::_lload_3 : { 911 int index = opcode - Bytecodes::_lload_0; 912 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 913 no_control_flow = false; break; 914 } 915 case Bytecodes::_fload : 916 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 917 no_control_flow = false; break; 918 case Bytecodes::_fload_0 : 919 case Bytecodes::_fload_1 : 920 case Bytecodes::_fload_2 : 921 case Bytecodes::_fload_3 : { 922 int index = opcode - Bytecodes::_fload_0; 923 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 924 no_control_flow = false; break; 925 } 926 case Bytecodes::_dload : 927 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 928 no_control_flow = false; break; 929 case Bytecodes::_dload_0 : 930 case Bytecodes::_dload_1 : 931 case Bytecodes::_dload_2 : 932 case Bytecodes::_dload_3 : { 933 int index = opcode - Bytecodes::_dload_0; 934 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 935 no_control_flow = false; break; 936 } 937 case Bytecodes::_aload : 938 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 939 no_control_flow = false; break; 940 case Bytecodes::_aload_0 : 941 case Bytecodes::_aload_1 : 942 case Bytecodes::_aload_2 : 943 case Bytecodes::_aload_3 : { 944 int index = opcode - Bytecodes::_aload_0; 945 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 946 no_control_flow = false; break; 947 } 948 case Bytecodes::_iaload : 949 type = current_frame.pop_stack( 950 VerificationType::integer_type(), CHECK_VERIFY(this)); 951 atype = current_frame.pop_stack( 952 VerificationType::reference_check(), CHECK_VERIFY(this)); 953 if (!atype.is_int_array()) { 954 verify_error(ErrorContext::bad_type(bci, 955 current_frame.stack_top_ctx(), ref_ctx("[I")), 956 bad_type_msg, "iaload"); 957 return; 958 } 959 current_frame.push_stack( 960 VerificationType::integer_type(), CHECK_VERIFY(this)); 961 no_control_flow = false; break; 962 case Bytecodes::_baload : 963 type = current_frame.pop_stack( 964 VerificationType::integer_type(), CHECK_VERIFY(this)); 965 atype = current_frame.pop_stack( 966 VerificationType::reference_check(), CHECK_VERIFY(this)); 967 if (!atype.is_bool_array() && !atype.is_byte_array()) { 968 verify_error( 969 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 970 bad_type_msg, "baload"); 971 return; 972 } 973 current_frame.push_stack( 974 VerificationType::integer_type(), CHECK_VERIFY(this)); 975 no_control_flow = false; break; 976 case Bytecodes::_caload : 977 type = current_frame.pop_stack( 978 VerificationType::integer_type(), CHECK_VERIFY(this)); 979 atype = current_frame.pop_stack( 980 VerificationType::reference_check(), CHECK_VERIFY(this)); 981 if (!atype.is_char_array()) { 982 verify_error(ErrorContext::bad_type(bci, 983 current_frame.stack_top_ctx(), ref_ctx("[C")), 984 bad_type_msg, "caload"); 985 return; 986 } 987 current_frame.push_stack( 988 VerificationType::integer_type(), CHECK_VERIFY(this)); 989 no_control_flow = false; break; 990 case Bytecodes::_saload : 991 type = current_frame.pop_stack( 992 VerificationType::integer_type(), CHECK_VERIFY(this)); 993 atype = current_frame.pop_stack( 994 VerificationType::reference_check(), CHECK_VERIFY(this)); 995 if (!atype.is_short_array()) { 996 verify_error(ErrorContext::bad_type(bci, 997 current_frame.stack_top_ctx(), ref_ctx("[S")), 998 bad_type_msg, "saload"); 999 return; 1000 } 1001 current_frame.push_stack( 1002 VerificationType::integer_type(), CHECK_VERIFY(this)); 1003 no_control_flow = false; break; 1004 case Bytecodes::_laload : 1005 type = current_frame.pop_stack( 1006 VerificationType::integer_type(), CHECK_VERIFY(this)); 1007 atype = current_frame.pop_stack( 1008 VerificationType::reference_check(), CHECK_VERIFY(this)); 1009 if (!atype.is_long_array()) { 1010 verify_error(ErrorContext::bad_type(bci, 1011 current_frame.stack_top_ctx(), ref_ctx("[J")), 1012 bad_type_msg, "laload"); 1013 return; 1014 } 1015 current_frame.push_stack_2( 1016 VerificationType::long_type(), 1017 VerificationType::long2_type(), CHECK_VERIFY(this)); 1018 no_control_flow = false; break; 1019 case Bytecodes::_faload : 1020 type = current_frame.pop_stack( 1021 VerificationType::integer_type(), CHECK_VERIFY(this)); 1022 atype = current_frame.pop_stack( 1023 VerificationType::reference_check(), CHECK_VERIFY(this)); 1024 if (!atype.is_float_array()) { 1025 verify_error(ErrorContext::bad_type(bci, 1026 current_frame.stack_top_ctx(), ref_ctx("[F")), 1027 bad_type_msg, "faload"); 1028 return; 1029 } 1030 current_frame.push_stack( 1031 VerificationType::float_type(), CHECK_VERIFY(this)); 1032 no_control_flow = false; break; 1033 case Bytecodes::_daload : 1034 type = current_frame.pop_stack( 1035 VerificationType::integer_type(), CHECK_VERIFY(this)); 1036 atype = current_frame.pop_stack( 1037 VerificationType::reference_check(), CHECK_VERIFY(this)); 1038 if (!atype.is_double_array()) { 1039 verify_error(ErrorContext::bad_type(bci, 1040 current_frame.stack_top_ctx(), ref_ctx("[D")), 1041 bad_type_msg, "daload"); 1042 return; 1043 } 1044 current_frame.push_stack_2( 1045 VerificationType::double_type(), 1046 VerificationType::double2_type(), CHECK_VERIFY(this)); 1047 no_control_flow = false; break; 1048 case Bytecodes::_aaload : { 1049 type = current_frame.pop_stack( 1050 VerificationType::integer_type(), CHECK_VERIFY(this)); 1051 atype = current_frame.pop_stack( 1052 VerificationType::reference_check(), CHECK_VERIFY(this)); 1053 if (!atype.is_reference_array()) { 1054 verify_error(ErrorContext::bad_type(bci, 1055 current_frame.stack_top_ctx(), 1056 TypeOrigin::implicit(VerificationType::reference_check())), 1057 bad_type_msg, "aaload"); 1058 return; 1059 } 1060 if (atype.is_null()) { 1061 current_frame.push_stack( 1062 VerificationType::null_type(), CHECK_VERIFY(this)); 1063 } else { 1064 VerificationType component = atype.get_component(this); 1065 current_frame.push_stack(component, CHECK_VERIFY(this)); 1066 } 1067 no_control_flow = false; break; 1068 } 1069 case Bytecodes::_istore : 1070 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1071 no_control_flow = false; break; 1072 case Bytecodes::_istore_0 : 1073 case Bytecodes::_istore_1 : 1074 case Bytecodes::_istore_2 : 1075 case Bytecodes::_istore_3 : { 1076 int index = opcode - Bytecodes::_istore_0; 1077 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1078 no_control_flow = false; break; 1079 } 1080 case Bytecodes::_lstore : 1081 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1082 no_control_flow = false; break; 1083 case Bytecodes::_lstore_0 : 1084 case Bytecodes::_lstore_1 : 1085 case Bytecodes::_lstore_2 : 1086 case Bytecodes::_lstore_3 : { 1087 int index = opcode - Bytecodes::_lstore_0; 1088 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1089 no_control_flow = false; break; 1090 } 1091 case Bytecodes::_fstore : 1092 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1093 no_control_flow = false; break; 1094 case Bytecodes::_fstore_0 : 1095 case Bytecodes::_fstore_1 : 1096 case Bytecodes::_fstore_2 : 1097 case Bytecodes::_fstore_3 : { 1098 int index = opcode - Bytecodes::_fstore_0; 1099 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1100 no_control_flow = false; break; 1101 } 1102 case Bytecodes::_dstore : 1103 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1104 no_control_flow = false; break; 1105 case Bytecodes::_dstore_0 : 1106 case Bytecodes::_dstore_1 : 1107 case Bytecodes::_dstore_2 : 1108 case Bytecodes::_dstore_3 : { 1109 int index = opcode - Bytecodes::_dstore_0; 1110 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1111 no_control_flow = false; break; 1112 } 1113 case Bytecodes::_astore : 1114 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1115 no_control_flow = false; break; 1116 case Bytecodes::_astore_0 : 1117 case Bytecodes::_astore_1 : 1118 case Bytecodes::_astore_2 : 1119 case Bytecodes::_astore_3 : { 1120 int index = opcode - Bytecodes::_astore_0; 1121 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1122 no_control_flow = false; break; 1123 } 1124 case Bytecodes::_iastore : 1125 type = current_frame.pop_stack( 1126 VerificationType::integer_type(), CHECK_VERIFY(this)); 1127 type2 = current_frame.pop_stack( 1128 VerificationType::integer_type(), CHECK_VERIFY(this)); 1129 atype = current_frame.pop_stack( 1130 VerificationType::reference_check(), CHECK_VERIFY(this)); 1131 if (!atype.is_int_array()) { 1132 verify_error(ErrorContext::bad_type(bci, 1133 current_frame.stack_top_ctx(), ref_ctx("[I")), 1134 bad_type_msg, "iastore"); 1135 return; 1136 } 1137 no_control_flow = false; break; 1138 case Bytecodes::_bastore : 1139 type = current_frame.pop_stack( 1140 VerificationType::integer_type(), CHECK_VERIFY(this)); 1141 type2 = current_frame.pop_stack( 1142 VerificationType::integer_type(), CHECK_VERIFY(this)); 1143 atype = current_frame.pop_stack( 1144 VerificationType::reference_check(), CHECK_VERIFY(this)); 1145 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1146 verify_error( 1147 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1148 bad_type_msg, "bastore"); 1149 return; 1150 } 1151 no_control_flow = false; break; 1152 case Bytecodes::_castore : 1153 current_frame.pop_stack( 1154 VerificationType::integer_type(), CHECK_VERIFY(this)); 1155 current_frame.pop_stack( 1156 VerificationType::integer_type(), CHECK_VERIFY(this)); 1157 atype = current_frame.pop_stack( 1158 VerificationType::reference_check(), CHECK_VERIFY(this)); 1159 if (!atype.is_char_array()) { 1160 verify_error(ErrorContext::bad_type(bci, 1161 current_frame.stack_top_ctx(), ref_ctx("[C")), 1162 bad_type_msg, "castore"); 1163 return; 1164 } 1165 no_control_flow = false; break; 1166 case Bytecodes::_sastore : 1167 current_frame.pop_stack( 1168 VerificationType::integer_type(), CHECK_VERIFY(this)); 1169 current_frame.pop_stack( 1170 VerificationType::integer_type(), CHECK_VERIFY(this)); 1171 atype = current_frame.pop_stack( 1172 VerificationType::reference_check(), CHECK_VERIFY(this)); 1173 if (!atype.is_short_array()) { 1174 verify_error(ErrorContext::bad_type(bci, 1175 current_frame.stack_top_ctx(), ref_ctx("[S")), 1176 bad_type_msg, "sastore"); 1177 return; 1178 } 1179 no_control_flow = false; break; 1180 case Bytecodes::_lastore : 1181 current_frame.pop_stack_2( 1182 VerificationType::long2_type(), 1183 VerificationType::long_type(), CHECK_VERIFY(this)); 1184 current_frame.pop_stack( 1185 VerificationType::integer_type(), CHECK_VERIFY(this)); 1186 atype = current_frame.pop_stack( 1187 VerificationType::reference_check(), CHECK_VERIFY(this)); 1188 if (!atype.is_long_array()) { 1189 verify_error(ErrorContext::bad_type(bci, 1190 current_frame.stack_top_ctx(), ref_ctx("[J")), 1191 bad_type_msg, "lastore"); 1192 return; 1193 } 1194 no_control_flow = false; break; 1195 case Bytecodes::_fastore : 1196 current_frame.pop_stack( 1197 VerificationType::float_type(), CHECK_VERIFY(this)); 1198 current_frame.pop_stack 1199 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1200 atype = current_frame.pop_stack( 1201 VerificationType::reference_check(), CHECK_VERIFY(this)); 1202 if (!atype.is_float_array()) { 1203 verify_error(ErrorContext::bad_type(bci, 1204 current_frame.stack_top_ctx(), ref_ctx("[F")), 1205 bad_type_msg, "fastore"); 1206 return; 1207 } 1208 no_control_flow = false; break; 1209 case Bytecodes::_dastore : 1210 current_frame.pop_stack_2( 1211 VerificationType::double2_type(), 1212 VerificationType::double_type(), CHECK_VERIFY(this)); 1213 current_frame.pop_stack( 1214 VerificationType::integer_type(), CHECK_VERIFY(this)); 1215 atype = current_frame.pop_stack( 1216 VerificationType::reference_check(), CHECK_VERIFY(this)); 1217 if (!atype.is_double_array()) { 1218 verify_error(ErrorContext::bad_type(bci, 1219 current_frame.stack_top_ctx(), ref_ctx("[D")), 1220 bad_type_msg, "dastore"); 1221 return; 1222 } 1223 no_control_flow = false; break; 1224 case Bytecodes::_aastore : 1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1226 type2 = current_frame.pop_stack( 1227 VerificationType::integer_type(), CHECK_VERIFY(this)); 1228 atype = current_frame.pop_stack( 1229 VerificationType::reference_check(), CHECK_VERIFY(this)); 1230 // more type-checking is done at runtime 1231 if (!atype.is_reference_array()) { 1232 verify_error(ErrorContext::bad_type(bci, 1233 current_frame.stack_top_ctx(), 1234 TypeOrigin::implicit(VerificationType::reference_check())), 1235 bad_type_msg, "aastore"); 1236 return; 1237 } 1238 // 4938384: relaxed constraint in JVMS 3rd edition. 1239 no_control_flow = false; break; 1240 case Bytecodes::_pop : 1241 current_frame.pop_stack( 1242 VerificationType::category1_check(), CHECK_VERIFY(this)); 1243 no_control_flow = false; break; 1244 case Bytecodes::_pop2 : 1245 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1246 if (type.is_category1()) { 1247 current_frame.pop_stack( 1248 VerificationType::category1_check(), CHECK_VERIFY(this)); 1249 } else if (type.is_category2_2nd()) { 1250 current_frame.pop_stack( 1251 VerificationType::category2_check(), CHECK_VERIFY(this)); 1252 } else { 1253 /* Unreachable? Would need a category2_1st on TOS 1254 * which does not appear possible. */ 1255 verify_error( 1256 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1257 bad_type_msg, "pop2"); 1258 return; 1259 } 1260 no_control_flow = false; break; 1261 case Bytecodes::_dup : 1262 type = current_frame.pop_stack( 1263 VerificationType::category1_check(), CHECK_VERIFY(this)); 1264 current_frame.push_stack(type, CHECK_VERIFY(this)); 1265 current_frame.push_stack(type, CHECK_VERIFY(this)); 1266 no_control_flow = false; break; 1267 case Bytecodes::_dup_x1 : 1268 type = current_frame.pop_stack( 1269 VerificationType::category1_check(), CHECK_VERIFY(this)); 1270 type2 = current_frame.pop_stack( 1271 VerificationType::category1_check(), CHECK_VERIFY(this)); 1272 current_frame.push_stack(type, CHECK_VERIFY(this)); 1273 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1274 current_frame.push_stack(type, CHECK_VERIFY(this)); 1275 no_control_flow = false; break; 1276 case Bytecodes::_dup_x2 : 1277 { 1278 VerificationType type3; 1279 type = current_frame.pop_stack( 1280 VerificationType::category1_check(), CHECK_VERIFY(this)); 1281 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1282 if (type2.is_category1()) { 1283 type3 = current_frame.pop_stack( 1284 VerificationType::category1_check(), CHECK_VERIFY(this)); 1285 } else if (type2.is_category2_2nd()) { 1286 type3 = current_frame.pop_stack( 1287 VerificationType::category2_check(), CHECK_VERIFY(this)); 1288 } else { 1289 /* Unreachable? Would need a category2_1st at stack depth 2 with 1290 * a category1 on TOS which does not appear possible. */ 1291 verify_error(ErrorContext::bad_type( 1292 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1293 return; 1294 } 1295 current_frame.push_stack(type, CHECK_VERIFY(this)); 1296 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1297 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1298 current_frame.push_stack(type, CHECK_VERIFY(this)); 1299 no_control_flow = false; break; 1300 } 1301 case Bytecodes::_dup2 : 1302 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1303 if (type.is_category1()) { 1304 type2 = current_frame.pop_stack( 1305 VerificationType::category1_check(), CHECK_VERIFY(this)); 1306 } else if (type.is_category2_2nd()) { 1307 type2 = current_frame.pop_stack( 1308 VerificationType::category2_check(), CHECK_VERIFY(this)); 1309 } else { 1310 /* Unreachable? Would need a category2_1st on TOS which does not 1311 * appear possible. */ 1312 verify_error( 1313 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1314 bad_type_msg, "dup2"); 1315 return; 1316 } 1317 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1318 current_frame.push_stack(type, CHECK_VERIFY(this)); 1319 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1320 current_frame.push_stack(type, CHECK_VERIFY(this)); 1321 no_control_flow = false; break; 1322 case Bytecodes::_dup2_x1 : 1323 { 1324 VerificationType type3; 1325 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1326 if (type.is_category1()) { 1327 type2 = current_frame.pop_stack( 1328 VerificationType::category1_check(), CHECK_VERIFY(this)); 1329 } else if (type.is_category2_2nd()) { 1330 type2 = current_frame.pop_stack( 1331 VerificationType::category2_check(), CHECK_VERIFY(this)); 1332 } else { 1333 /* Unreachable? Would need a category2_1st on TOS which does 1334 * not appear possible. */ 1335 verify_error( 1336 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1337 bad_type_msg, "dup2_x1"); 1338 return; 1339 } 1340 type3 = current_frame.pop_stack( 1341 VerificationType::category1_check(), CHECK_VERIFY(this)); 1342 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1343 current_frame.push_stack(type, CHECK_VERIFY(this)); 1344 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1345 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1346 current_frame.push_stack(type, CHECK_VERIFY(this)); 1347 no_control_flow = false; break; 1348 } 1349 case Bytecodes::_dup2_x2 : 1350 { 1351 VerificationType type3, type4; 1352 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1353 if (type.is_category1()) { 1354 type2 = current_frame.pop_stack( 1355 VerificationType::category1_check(), CHECK_VERIFY(this)); 1356 } else if (type.is_category2_2nd()) { 1357 type2 = current_frame.pop_stack( 1358 VerificationType::category2_check(), CHECK_VERIFY(this)); 1359 } else { 1360 /* Unreachable? Would need a category2_1st on TOS which does 1361 * not appear possible. */ 1362 verify_error( 1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1364 bad_type_msg, "dup2_x2"); 1365 return; 1366 } 1367 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1368 if (type3.is_category1()) { 1369 type4 = current_frame.pop_stack( 1370 VerificationType::category1_check(), CHECK_VERIFY(this)); 1371 } else if (type3.is_category2_2nd()) { 1372 type4 = current_frame.pop_stack( 1373 VerificationType::category2_check(), CHECK_VERIFY(this)); 1374 } else { 1375 /* Unreachable? Would need a category2_1st on TOS after popping 1376 * a long/double or two category 1's, which does not 1377 * appear possible. */ 1378 verify_error( 1379 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1380 bad_type_msg, "dup2_x2"); 1381 return; 1382 } 1383 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1384 current_frame.push_stack(type, CHECK_VERIFY(this)); 1385 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1386 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1387 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1388 current_frame.push_stack(type, CHECK_VERIFY(this)); 1389 no_control_flow = false; break; 1390 } 1391 case Bytecodes::_swap : 1392 type = current_frame.pop_stack( 1393 VerificationType::category1_check(), CHECK_VERIFY(this)); 1394 type2 = current_frame.pop_stack( 1395 VerificationType::category1_check(), CHECK_VERIFY(this)); 1396 current_frame.push_stack(type, CHECK_VERIFY(this)); 1397 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1398 no_control_flow = false; break; 1399 case Bytecodes::_iadd : 1400 case Bytecodes::_isub : 1401 case Bytecodes::_imul : 1402 case Bytecodes::_idiv : 1403 case Bytecodes::_irem : 1404 case Bytecodes::_ishl : 1405 case Bytecodes::_ishr : 1406 case Bytecodes::_iushr : 1407 case Bytecodes::_ior : 1408 case Bytecodes::_ixor : 1409 case Bytecodes::_iand : 1410 current_frame.pop_stack( 1411 VerificationType::integer_type(), CHECK_VERIFY(this)); 1412 // fall through 1413 case Bytecodes::_ineg : 1414 current_frame.pop_stack( 1415 VerificationType::integer_type(), CHECK_VERIFY(this)); 1416 current_frame.push_stack( 1417 VerificationType::integer_type(), CHECK_VERIFY(this)); 1418 no_control_flow = false; break; 1419 case Bytecodes::_ladd : 1420 case Bytecodes::_lsub : 1421 case Bytecodes::_lmul : 1422 case Bytecodes::_ldiv : 1423 case Bytecodes::_lrem : 1424 case Bytecodes::_land : 1425 case Bytecodes::_lor : 1426 case Bytecodes::_lxor : 1427 current_frame.pop_stack_2( 1428 VerificationType::long2_type(), 1429 VerificationType::long_type(), CHECK_VERIFY(this)); 1430 // fall through 1431 case Bytecodes::_lneg : 1432 current_frame.pop_stack_2( 1433 VerificationType::long2_type(), 1434 VerificationType::long_type(), CHECK_VERIFY(this)); 1435 current_frame.push_stack_2( 1436 VerificationType::long_type(), 1437 VerificationType::long2_type(), CHECK_VERIFY(this)); 1438 no_control_flow = false; break; 1439 case Bytecodes::_lshl : 1440 case Bytecodes::_lshr : 1441 case Bytecodes::_lushr : 1442 current_frame.pop_stack( 1443 VerificationType::integer_type(), CHECK_VERIFY(this)); 1444 current_frame.pop_stack_2( 1445 VerificationType::long2_type(), 1446 VerificationType::long_type(), CHECK_VERIFY(this)); 1447 current_frame.push_stack_2( 1448 VerificationType::long_type(), 1449 VerificationType::long2_type(), CHECK_VERIFY(this)); 1450 no_control_flow = false; break; 1451 case Bytecodes::_fadd : 1452 case Bytecodes::_fsub : 1453 case Bytecodes::_fmul : 1454 case Bytecodes::_fdiv : 1455 case Bytecodes::_frem : 1456 current_frame.pop_stack( 1457 VerificationType::float_type(), CHECK_VERIFY(this)); 1458 // fall through 1459 case Bytecodes::_fneg : 1460 current_frame.pop_stack( 1461 VerificationType::float_type(), CHECK_VERIFY(this)); 1462 current_frame.push_stack( 1463 VerificationType::float_type(), CHECK_VERIFY(this)); 1464 no_control_flow = false; break; 1465 case Bytecodes::_dadd : 1466 case Bytecodes::_dsub : 1467 case Bytecodes::_dmul : 1468 case Bytecodes::_ddiv : 1469 case Bytecodes::_drem : 1470 current_frame.pop_stack_2( 1471 VerificationType::double2_type(), 1472 VerificationType::double_type(), CHECK_VERIFY(this)); 1473 // fall through 1474 case Bytecodes::_dneg : 1475 current_frame.pop_stack_2( 1476 VerificationType::double2_type(), 1477 VerificationType::double_type(), CHECK_VERIFY(this)); 1478 current_frame.push_stack_2( 1479 VerificationType::double_type(), 1480 VerificationType::double2_type(), CHECK_VERIFY(this)); 1481 no_control_flow = false; break; 1482 case Bytecodes::_iinc : 1483 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1484 no_control_flow = false; break; 1485 case Bytecodes::_i2l : 1486 type = current_frame.pop_stack( 1487 VerificationType::integer_type(), CHECK_VERIFY(this)); 1488 current_frame.push_stack_2( 1489 VerificationType::long_type(), 1490 VerificationType::long2_type(), CHECK_VERIFY(this)); 1491 no_control_flow = false; break; 1492 case Bytecodes::_l2i : 1493 current_frame.pop_stack_2( 1494 VerificationType::long2_type(), 1495 VerificationType::long_type(), CHECK_VERIFY(this)); 1496 current_frame.push_stack( 1497 VerificationType::integer_type(), CHECK_VERIFY(this)); 1498 no_control_flow = false; break; 1499 case Bytecodes::_i2f : 1500 current_frame.pop_stack( 1501 VerificationType::integer_type(), CHECK_VERIFY(this)); 1502 current_frame.push_stack( 1503 VerificationType::float_type(), CHECK_VERIFY(this)); 1504 no_control_flow = false; break; 1505 case Bytecodes::_i2d : 1506 current_frame.pop_stack( 1507 VerificationType::integer_type(), CHECK_VERIFY(this)); 1508 current_frame.push_stack_2( 1509 VerificationType::double_type(), 1510 VerificationType::double2_type(), CHECK_VERIFY(this)); 1511 no_control_flow = false; break; 1512 case Bytecodes::_l2f : 1513 current_frame.pop_stack_2( 1514 VerificationType::long2_type(), 1515 VerificationType::long_type(), CHECK_VERIFY(this)); 1516 current_frame.push_stack( 1517 VerificationType::float_type(), CHECK_VERIFY(this)); 1518 no_control_flow = false; break; 1519 case Bytecodes::_l2d : 1520 current_frame.pop_stack_2( 1521 VerificationType::long2_type(), 1522 VerificationType::long_type(), CHECK_VERIFY(this)); 1523 current_frame.push_stack_2( 1524 VerificationType::double_type(), 1525 VerificationType::double2_type(), CHECK_VERIFY(this)); 1526 no_control_flow = false; break; 1527 case Bytecodes::_f2i : 1528 current_frame.pop_stack( 1529 VerificationType::float_type(), CHECK_VERIFY(this)); 1530 current_frame.push_stack( 1531 VerificationType::integer_type(), CHECK_VERIFY(this)); 1532 no_control_flow = false; break; 1533 case Bytecodes::_f2l : 1534 current_frame.pop_stack( 1535 VerificationType::float_type(), CHECK_VERIFY(this)); 1536 current_frame.push_stack_2( 1537 VerificationType::long_type(), 1538 VerificationType::long2_type(), CHECK_VERIFY(this)); 1539 no_control_flow = false; break; 1540 case Bytecodes::_f2d : 1541 current_frame.pop_stack( 1542 VerificationType::float_type(), CHECK_VERIFY(this)); 1543 current_frame.push_stack_2( 1544 VerificationType::double_type(), 1545 VerificationType::double2_type(), CHECK_VERIFY(this)); 1546 no_control_flow = false; break; 1547 case Bytecodes::_d2i : 1548 current_frame.pop_stack_2( 1549 VerificationType::double2_type(), 1550 VerificationType::double_type(), CHECK_VERIFY(this)); 1551 current_frame.push_stack( 1552 VerificationType::integer_type(), CHECK_VERIFY(this)); 1553 no_control_flow = false; break; 1554 case Bytecodes::_d2l : 1555 current_frame.pop_stack_2( 1556 VerificationType::double2_type(), 1557 VerificationType::double_type(), CHECK_VERIFY(this)); 1558 current_frame.push_stack_2( 1559 VerificationType::long_type(), 1560 VerificationType::long2_type(), CHECK_VERIFY(this)); 1561 no_control_flow = false; break; 1562 case Bytecodes::_d2f : 1563 current_frame.pop_stack_2( 1564 VerificationType::double2_type(), 1565 VerificationType::double_type(), CHECK_VERIFY(this)); 1566 current_frame.push_stack( 1567 VerificationType::float_type(), CHECK_VERIFY(this)); 1568 no_control_flow = false; break; 1569 case Bytecodes::_i2b : 1570 case Bytecodes::_i2c : 1571 case Bytecodes::_i2s : 1572 current_frame.pop_stack( 1573 VerificationType::integer_type(), CHECK_VERIFY(this)); 1574 current_frame.push_stack( 1575 VerificationType::integer_type(), CHECK_VERIFY(this)); 1576 no_control_flow = false; break; 1577 case Bytecodes::_lcmp : 1578 current_frame.pop_stack_2( 1579 VerificationType::long2_type(), 1580 VerificationType::long_type(), CHECK_VERIFY(this)); 1581 current_frame.pop_stack_2( 1582 VerificationType::long2_type(), 1583 VerificationType::long_type(), CHECK_VERIFY(this)); 1584 current_frame.push_stack( 1585 VerificationType::integer_type(), CHECK_VERIFY(this)); 1586 no_control_flow = false; break; 1587 case Bytecodes::_fcmpl : 1588 case Bytecodes::_fcmpg : 1589 current_frame.pop_stack( 1590 VerificationType::float_type(), CHECK_VERIFY(this)); 1591 current_frame.pop_stack( 1592 VerificationType::float_type(), CHECK_VERIFY(this)); 1593 current_frame.push_stack( 1594 VerificationType::integer_type(), CHECK_VERIFY(this)); 1595 no_control_flow = false; break; 1596 case Bytecodes::_dcmpl : 1597 case Bytecodes::_dcmpg : 1598 current_frame.pop_stack_2( 1599 VerificationType::double2_type(), 1600 VerificationType::double_type(), CHECK_VERIFY(this)); 1601 current_frame.pop_stack_2( 1602 VerificationType::double2_type(), 1603 VerificationType::double_type(), CHECK_VERIFY(this)); 1604 current_frame.push_stack( 1605 VerificationType::integer_type(), CHECK_VERIFY(this)); 1606 no_control_flow = false; break; 1607 case Bytecodes::_if_icmpeq: 1608 case Bytecodes::_if_icmpne: 1609 case Bytecodes::_if_icmplt: 1610 case Bytecodes::_if_icmpge: 1611 case Bytecodes::_if_icmpgt: 1612 case Bytecodes::_if_icmple: 1613 current_frame.pop_stack( 1614 VerificationType::integer_type(), CHECK_VERIFY(this)); 1615 // fall through 1616 case Bytecodes::_ifeq: 1617 case Bytecodes::_ifne: 1618 case Bytecodes::_iflt: 1619 case Bytecodes::_ifge: 1620 case Bytecodes::_ifgt: 1621 case Bytecodes::_ifle: 1622 current_frame.pop_stack( 1623 VerificationType::integer_type(), CHECK_VERIFY(this)); 1624 target = bcs.dest(); 1625 stackmap_table.check_jump_target( 1626 ¤t_frame, target, CHECK_VERIFY(this)); 1627 no_control_flow = false; break; 1628 case Bytecodes::_if_acmpeq : 1629 case Bytecodes::_if_acmpne : 1630 current_frame.pop_stack( 1631 VerificationType::reference_check(), CHECK_VERIFY(this)); 1632 // fall through 1633 case Bytecodes::_ifnull : 1634 case Bytecodes::_ifnonnull : 1635 current_frame.pop_stack( 1636 VerificationType::reference_check(), CHECK_VERIFY(this)); 1637 target = bcs.dest(); 1638 stackmap_table.check_jump_target 1639 (¤t_frame, target, CHECK_VERIFY(this)); 1640 no_control_flow = false; break; 1641 case Bytecodes::_goto : 1642 target = bcs.dest(); 1643 stackmap_table.check_jump_target( 1644 ¤t_frame, target, CHECK_VERIFY(this)); 1645 no_control_flow = true; break; 1646 case Bytecodes::_goto_w : 1647 target = bcs.dest_w(); 1648 stackmap_table.check_jump_target( 1649 ¤t_frame, target, CHECK_VERIFY(this)); 1650 no_control_flow = true; break; 1651 case Bytecodes::_tableswitch : 1652 case Bytecodes::_lookupswitch : 1653 verify_switch( 1654 &bcs, code_length, code_data, ¤t_frame, 1655 &stackmap_table, CHECK_VERIFY(this)); 1656 no_control_flow = true; break; 1657 case Bytecodes::_ireturn : 1658 type = current_frame.pop_stack( 1659 VerificationType::integer_type(), CHECK_VERIFY(this)); 1660 verify_return_value(return_type, type, bci, 1661 ¤t_frame, CHECK_VERIFY(this)); 1662 no_control_flow = true; break; 1663 case Bytecodes::_lreturn : 1664 type2 = current_frame.pop_stack( 1665 VerificationType::long2_type(), CHECK_VERIFY(this)); 1666 type = current_frame.pop_stack( 1667 VerificationType::long_type(), CHECK_VERIFY(this)); 1668 verify_return_value(return_type, type, bci, 1669 ¤t_frame, CHECK_VERIFY(this)); 1670 no_control_flow = true; break; 1671 case Bytecodes::_freturn : 1672 type = current_frame.pop_stack( 1673 VerificationType::float_type(), CHECK_VERIFY(this)); 1674 verify_return_value(return_type, type, bci, 1675 ¤t_frame, CHECK_VERIFY(this)); 1676 no_control_flow = true; break; 1677 case Bytecodes::_dreturn : 1678 type2 = current_frame.pop_stack( 1679 VerificationType::double2_type(), CHECK_VERIFY(this)); 1680 type = current_frame.pop_stack( 1681 VerificationType::double_type(), CHECK_VERIFY(this)); 1682 verify_return_value(return_type, type, bci, 1683 ¤t_frame, CHECK_VERIFY(this)); 1684 no_control_flow = true; break; 1685 case Bytecodes::_areturn : 1686 type = current_frame.pop_stack( 1687 VerificationType::reference_check(), CHECK_VERIFY(this)); 1688 verify_return_value(return_type, type, bci, 1689 ¤t_frame, CHECK_VERIFY(this)); 1690 no_control_flow = true; break; 1691 case Bytecodes::_return : 1692 if (return_type != VerificationType::bogus_type()) { 1693 verify_error(ErrorContext::bad_code(bci), 1694 "Method expects a return value"); 1695 return; 1696 } 1697 // Make sure "this" has been initialized if current method is an 1698 // <init>. 1699 if (_method->is_object_constructor() && 1700 current_frame.flag_this_uninit()) { 1701 verify_error(ErrorContext::bad_code(bci), 1702 "Constructor must call super() or this() " 1703 "before return"); 1704 return; 1705 } 1706 no_control_flow = true; break; 1707 case Bytecodes::_getstatic : 1708 case Bytecodes::_putstatic : 1709 // pass TRUE, operand can be an array type for getstatic/putstatic. 1710 verify_field_instructions( 1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1712 no_control_flow = false; break; 1713 case Bytecodes::_getfield : 1714 case Bytecodes::_putfield : 1715 // pass FALSE, operand can't be an array type for getfield/putfield. 1716 verify_field_instructions( 1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1718 no_control_flow = false; break; 1719 case Bytecodes::_invokevirtual : 1720 case Bytecodes::_invokespecial : 1721 case Bytecodes::_invokestatic : 1722 case Bytecodes::_invokeinterface : 1723 case Bytecodes::_invokedynamic : 1724 verify_invoke_instructions( 1725 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1726 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this)); 1727 no_control_flow = false; break; 1728 case Bytecodes::_new : 1729 { 1730 u2 index = bcs.get_index_u2(); 1731 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1732 VerificationType new_class_type = 1733 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1734 if (!new_class_type.is_object()) { 1735 verify_error(ErrorContext::bad_type(bci, 1736 TypeOrigin::cp(index, new_class_type)), 1737 "Illegal new instruction"); 1738 return; 1739 } 1740 type = VerificationType::uninitialized_type(checked_cast<u2>(bci)); 1741 current_frame.push_stack(type, CHECK_VERIFY(this)); 1742 no_control_flow = false; break; 1743 } 1744 case Bytecodes::_newarray : 1745 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1746 current_frame.pop_stack( 1747 VerificationType::integer_type(), CHECK_VERIFY(this)); 1748 current_frame.push_stack(type, CHECK_VERIFY(this)); 1749 no_control_flow = false; break; 1750 case Bytecodes::_anewarray : 1751 verify_anewarray( 1752 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1753 no_control_flow = false; break; 1754 case Bytecodes::_arraylength : 1755 type = current_frame.pop_stack( 1756 VerificationType::reference_check(), CHECK_VERIFY(this)); 1757 if (!(type.is_null() || type.is_array())) { 1758 verify_error(ErrorContext::bad_type( 1759 bci, current_frame.stack_top_ctx()), 1760 bad_type_msg, "arraylength"); 1761 } 1762 current_frame.push_stack( 1763 VerificationType::integer_type(), CHECK_VERIFY(this)); 1764 no_control_flow = false; break; 1765 case Bytecodes::_checkcast : 1766 { 1767 u2 index = bcs.get_index_u2(); 1768 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1769 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1770 VerificationType klass_type = cp_index_to_type( 1771 index, cp, CHECK_VERIFY(this)); 1772 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1773 no_control_flow = false; break; 1774 } 1775 case Bytecodes::_instanceof : { 1776 u2 index = bcs.get_index_u2(); 1777 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1778 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1779 current_frame.push_stack( 1780 VerificationType::integer_type(), CHECK_VERIFY(this)); 1781 no_control_flow = false; break; 1782 } 1783 case Bytecodes::_monitorenter : 1784 case Bytecodes::_monitorexit : { 1785 VerificationType ref = current_frame.pop_stack( 1786 VerificationType::reference_check(), CHECK_VERIFY(this)); 1787 no_control_flow = false; break; 1788 } 1789 case Bytecodes::_multianewarray : 1790 { 1791 u2 index = bcs.get_index_u2(); 1792 u2 dim = *(bcs.bcp()+3); 1793 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1794 VerificationType new_array_type = 1795 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1796 if (!new_array_type.is_array()) { 1797 verify_error(ErrorContext::bad_type(bci, 1798 TypeOrigin::cp(index, new_array_type)), 1799 "Illegal constant pool index in multianewarray instruction"); 1800 return; 1801 } 1802 if (dim < 1 || new_array_type.dimensions() < dim) { 1803 verify_error(ErrorContext::bad_code(bci), 1804 "Illegal dimension in multianewarray instruction: %d", dim); 1805 return; 1806 } 1807 for (int i = 0; i < dim; i++) { 1808 current_frame.pop_stack( 1809 VerificationType::integer_type(), CHECK_VERIFY(this)); 1810 } 1811 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1812 no_control_flow = false; break; 1813 } 1814 case Bytecodes::_athrow : 1815 type = VerificationType::reference_type( 1816 vmSymbols::java_lang_Throwable()); 1817 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1818 no_control_flow = true; break; 1819 default: 1820 // We only need to check the valid bytecodes in class file. 1821 // And jsr and ret are not in the new class file format in JDK1.6. 1822 verify_error(ErrorContext::bad_code(bci), 1823 "Bad instruction: %02x", opcode); 1824 no_control_flow = false; 1825 return; 1826 } // end switch 1827 } // end Merge with the next instruction 1828 1829 // Look for possible jump target in exception handlers and see if it matches 1830 // current_frame. Don't do this check if it has already been done (for 1831 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1832 // opcodes, such as invokespecial, may set the this_uninit flag. 1833 assert(!(verified_exc_handlers && this_uninit), 1834 "Exception handler targets got verified before this_uninit got set"); 1835 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1836 if (was_recursively_verified()) return; 1837 verify_exception_handler_targets( 1838 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1839 } 1840 } // end while 1841 1842 // Make sure that control flow does not fall through end of the method 1843 if (!no_control_flow) { 1844 verify_error(ErrorContext::bad_code(code_length), 1845 "Control flow falls through code end"); 1846 return; 1847 } 1848 } 1849 1850 #undef bad_type_message 1851 1852 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1853 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1854 memset(code_data, 0, sizeof(char) * code_length); 1855 RawBytecodeStream bcs(m); 1856 1857 while (!bcs.is_last_bytecode()) { 1858 if (bcs.raw_next() != Bytecodes::_illegal) { 1859 int bci = bcs.bci(); 1860 if (bcs.raw_code() == Bytecodes::_new) { 1861 code_data[bci] = NEW_OFFSET; 1862 } else { 1863 code_data[bci] = BYTECODE_OFFSET; 1864 } 1865 } else { 1866 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1867 return nullptr; 1868 } 1869 } 1870 1871 return code_data; 1872 } 1873 1874 // Since this method references the constant pool, call was_recursively_verified() 1875 // before calling this method to make sure a prior class load did not cause the 1876 // current class to get verified. 1877 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1878 ExceptionTable exhandlers(_method()); 1879 int exlength = exhandlers.length(); 1880 constantPoolHandle cp (THREAD, _method->constants()); 1881 1882 for(int i = 0; i < exlength; i++) { 1883 u2 start_pc = exhandlers.start_pc(i); 1884 u2 end_pc = exhandlers.end_pc(i); 1885 u2 handler_pc = exhandlers.handler_pc(i); 1886 if (start_pc >= code_length || code_data[start_pc] == 0) { 1887 class_format_error("Illegal exception table start_pc %d", start_pc); 1888 return; 1889 } 1890 if (end_pc != code_length) { // special case: end_pc == code_length 1891 if (end_pc > code_length || code_data[end_pc] == 0) { 1892 class_format_error("Illegal exception table end_pc %d", end_pc); 1893 return; 1894 } 1895 } 1896 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1897 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1898 return; 1899 } 1900 u2 catch_type_index = exhandlers.catch_type_index(i); 1901 if (catch_type_index != 0) { 1902 VerificationType catch_type = cp_index_to_type( 1903 catch_type_index, cp, CHECK_VERIFY(this)); 1904 VerificationType throwable = 1905 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1906 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1907 // do that, and we need to avoid a runtime resolution in case we are trying to 1908 // catch OutOfMemoryError. 1909 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1910 cp->klass_at(catch_type_index, CHECK); 1911 } 1912 bool is_subclass = throwable.is_assignable_from( 1913 catch_type, this, false, CHECK_VERIFY(this)); 1914 if (!is_subclass) { 1915 // 4286534: should throw VerifyError according to recent spec change 1916 verify_error(ErrorContext::bad_type(handler_pc, 1917 TypeOrigin::cp(catch_type_index, catch_type), 1918 TypeOrigin::implicit(throwable)), 1919 "Catch type is not a subclass " 1920 "of Throwable in exception handler %d", handler_pc); 1921 return; 1922 } 1923 } 1924 if (start_pc < min) min = start_pc; 1925 if (end_pc > max) max = end_pc; 1926 } 1927 } 1928 1929 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1930 int localvariable_table_length = _method->localvariable_table_length(); 1931 if (localvariable_table_length > 0) { 1932 LocalVariableTableElement* table = _method->localvariable_table_start(); 1933 for (int i = 0; i < localvariable_table_length; i++) { 1934 u2 start_bci = table[i].start_bci; 1935 u2 length = table[i].length; 1936 1937 if (start_bci >= code_length || code_data[start_bci] == 0) { 1938 class_format_error( 1939 "Illegal local variable table start_pc %d", start_bci); 1940 return; 1941 } 1942 u4 end_bci = (u4)(start_bci + length); 1943 if (end_bci != code_length) { 1944 if (end_bci >= code_length || code_data[end_bci] == 0) { 1945 class_format_error( "Illegal local variable table length %d", length); 1946 return; 1947 } 1948 } 1949 } 1950 } 1951 } 1952 1953 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci, 1954 StackMapFrame* current_frame, 1955 StackMapTable* stackmap_table, 1956 bool no_control_flow, TRAPS) { 1957 if (stackmap_index < stackmap_table->get_frame_count()) { 1958 int this_offset = stackmap_table->get_offset(stackmap_index); 1959 if (no_control_flow && this_offset > bci) { 1960 verify_error(ErrorContext::missing_stackmap(bci), 1961 "Expecting a stack map frame"); 1962 return 0; 1963 } 1964 if (this_offset == bci) { 1965 ErrorContext ctx; 1966 // See if current stack map can be assigned to the frame in table. 1967 // current_frame is the stackmap frame got from the last instruction. 1968 // If matched, current_frame will be updated by this method. 1969 bool matches = stackmap_table->match_stackmap( 1970 current_frame, this_offset, stackmap_index, 1971 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1972 if (!matches) { 1973 // report type error 1974 verify_error(ctx, "Instruction type does not match stack map"); 1975 return 0; 1976 } 1977 stackmap_index++; 1978 } else if (this_offset < bci) { 1979 // current_offset should have met this_offset. 1980 class_format_error("Bad stack map offset %d", this_offset); 1981 return 0; 1982 } 1983 } else if (no_control_flow) { 1984 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 1985 return 0; 1986 } 1987 return stackmap_index; 1988 } 1989 1990 // Since this method references the constant pool, call was_recursively_verified() 1991 // before calling this method to make sure a prior class load did not cause the 1992 // current class to get verified. 1993 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit, 1994 StackMapFrame* current_frame, 1995 StackMapTable* stackmap_table, TRAPS) { 1996 constantPoolHandle cp (THREAD, _method->constants()); 1997 ExceptionTable exhandlers(_method()); 1998 int exlength = exhandlers.length(); 1999 for(int i = 0; i < exlength; i++) { 2000 u2 start_pc = exhandlers.start_pc(i); 2001 u2 end_pc = exhandlers.end_pc(i); 2002 u2 handler_pc = exhandlers.handler_pc(i); 2003 int catch_type_index = exhandlers.catch_type_index(i); 2004 if(bci >= start_pc && bci < end_pc) { 2005 u1 flags = current_frame->flags(); 2006 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2007 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2008 if (catch_type_index != 0) { 2009 if (was_recursively_verified()) return; 2010 // We know that this index refers to a subclass of Throwable 2011 VerificationType catch_type = cp_index_to_type( 2012 catch_type_index, cp, CHECK_VERIFY(this)); 2013 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2014 } else { 2015 VerificationType throwable = 2016 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2017 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2018 } 2019 ErrorContext ctx; 2020 bool matches = stackmap_table->match_stackmap( 2021 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2022 if (!matches) { 2023 verify_error(ctx, "Stack map does not match the one at " 2024 "exception handler %d", handler_pc); 2025 return; 2026 } 2027 } 2028 } 2029 } 2030 2031 void ClassVerifier::verify_cp_index( 2032 int bci, const constantPoolHandle& cp, u2 index, TRAPS) { 2033 int nconstants = cp->length(); 2034 if ((index <= 0) || (index >= nconstants)) { 2035 verify_error(ErrorContext::bad_cp_index(bci, index), 2036 "Illegal constant pool index %d in class %s", 2037 index, cp->pool_holder()->external_name()); 2038 return; 2039 } 2040 } 2041 2042 void ClassVerifier::verify_cp_type( 2043 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2044 2045 // In some situations, bytecode rewriting may occur while we're verifying. 2046 // In this case, a constant pool cache exists and some indices refer to that 2047 // instead. Be sure we don't pick up such indices by accident. 2048 // We must check was_recursively_verified() before we get here. 2049 guarantee(cp->cache() == nullptr, "not rewritten yet"); 2050 2051 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2052 unsigned int tag = cp->tag_at(index).value(); 2053 2054 if ((types & (1 << tag)) == 0) { 2055 verify_error(ErrorContext::bad_cp_index(bci, index), 2056 "Illegal type at constant pool entry %d in class %s", 2057 index, cp->pool_holder()->external_name()); 2058 return; 2059 } 2060 } 2061 2062 void ClassVerifier::verify_cp_class_type( 2063 int bci, u2 index, const constantPoolHandle& cp, TRAPS) { 2064 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2065 constantTag tag = cp->tag_at(index); 2066 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2067 verify_error(ErrorContext::bad_cp_index(bci, index), 2068 "Illegal type at constant pool entry %d in class %s", 2069 index, cp->pool_holder()->external_name()); 2070 return; 2071 } 2072 } 2073 2074 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2075 stringStream ss; 2076 2077 ctx.reset_frames(); 2078 _exception_type = vmSymbols::java_lang_VerifyError(); 2079 _error_context = ctx; 2080 va_list va; 2081 va_start(va, msg); 2082 ss.vprint(msg, va); 2083 va_end(va); 2084 _message = ss.as_string(); 2085 #ifdef ASSERT 2086 ResourceMark rm; 2087 const char* exception_name = _exception_type->as_C_string(); 2088 Exceptions::debug_check_abort(exception_name, nullptr); 2089 #endif // ndef ASSERT 2090 } 2091 2092 void ClassVerifier::class_format_error(const char* msg, ...) { 2093 stringStream ss; 2094 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2095 va_list va; 2096 va_start(va, msg); 2097 ss.vprint(msg, va); 2098 va_end(va); 2099 if (!_method.is_null()) { 2100 ss.print(" in method '"); 2101 _method->print_external_name(&ss); 2102 ss.print("'"); 2103 } 2104 _message = ss.as_string(); 2105 } 2106 2107 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2108 HandleMark hm(THREAD); 2109 // Get current loader and protection domain first. 2110 oop loader = current_class()->class_loader(); 2111 oop protection_domain = current_class()->protection_domain(); 2112 2113 assert(name_in_supers(name, current_class()), "name should be a super class"); 2114 2115 Klass* kls = SystemDictionary::resolve_or_fail( 2116 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2117 true, THREAD); 2118 2119 if (kls != nullptr) { 2120 if (log_is_enabled(Debug, class, resolve)) { 2121 Verifier::trace_class_resolution(kls, current_class()); 2122 } 2123 } 2124 return kls; 2125 } 2126 2127 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2128 Klass* target_class, 2129 Symbol* field_name, 2130 Symbol* field_sig, 2131 bool is_method) { 2132 NoSafepointVerifier nosafepoint; 2133 2134 // If target class isn't a super class of this class, we don't worry about this case 2135 if (!this_class->is_subclass_of(target_class)) { 2136 return false; 2137 } 2138 // Check if the specified method or field is protected 2139 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2140 fieldDescriptor fd; 2141 if (is_method) { 2142 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2143 if (m != nullptr && m->is_protected()) { 2144 if (!this_class->is_same_class_package(m->method_holder())) { 2145 return true; 2146 } 2147 } 2148 } else { 2149 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2150 if (member_klass != nullptr && fd.is_protected()) { 2151 if (!this_class->is_same_class_package(member_klass)) { 2152 return true; 2153 } 2154 } 2155 } 2156 return false; 2157 } 2158 2159 void ClassVerifier::verify_ldc( 2160 int opcode, u2 index, StackMapFrame* current_frame, 2161 const constantPoolHandle& cp, int bci, TRAPS) { 2162 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2163 constantTag tag = cp->tag_at(index); 2164 unsigned int types = 0; 2165 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2166 if (!tag.is_unresolved_klass()) { 2167 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2168 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2169 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2170 | (1 << JVM_CONSTANT_Dynamic); 2171 // Note: The class file parser already verified the legality of 2172 // MethodHandle and MethodType constants. 2173 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2174 } 2175 } else { 2176 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2177 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2178 | (1 << JVM_CONSTANT_Dynamic); 2179 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2180 } 2181 if (tag.is_string()) { 2182 current_frame->push_stack( 2183 VerificationType::reference_type( 2184 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2185 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2186 current_frame->push_stack( 2187 VerificationType::reference_type( 2188 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2189 } else if (tag.is_int()) { 2190 current_frame->push_stack( 2191 VerificationType::integer_type(), CHECK_VERIFY(this)); 2192 } else if (tag.is_float()) { 2193 current_frame->push_stack( 2194 VerificationType::float_type(), CHECK_VERIFY(this)); 2195 } else if (tag.is_double()) { 2196 current_frame->push_stack_2( 2197 VerificationType::double_type(), 2198 VerificationType::double2_type(), CHECK_VERIFY(this)); 2199 } else if (tag.is_long()) { 2200 current_frame->push_stack_2( 2201 VerificationType::long_type(), 2202 VerificationType::long2_type(), CHECK_VERIFY(this)); 2203 } else if (tag.is_method_handle()) { 2204 current_frame->push_stack( 2205 VerificationType::reference_type( 2206 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2207 } else if (tag.is_method_type()) { 2208 current_frame->push_stack( 2209 VerificationType::reference_type( 2210 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2211 } else if (tag.is_dynamic_constant()) { 2212 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2213 // Field signature was checked in ClassFileParser. 2214 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2215 "Invalid type for dynamic constant"); 2216 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2217 "buffer type must match VerificationType size"); 2218 uintptr_t constant_type_buffer[2]; 2219 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2220 SignatureStream sig_stream(constant_type, false); 2221 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2222 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2223 if (n != opcode_n) { 2224 // wrong kind of ldc; reverify against updated type mask 2225 types &= ~(1 << JVM_CONSTANT_Dynamic); 2226 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2227 } 2228 for (int i = 0; i < n; i++) { 2229 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2230 } 2231 } else { 2232 /* Unreachable? verify_cp_type has already validated the cp type. */ 2233 verify_error( 2234 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2235 return; 2236 } 2237 } 2238 2239 void ClassVerifier::verify_switch( 2240 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2241 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2242 int bci = bcs->bci(); 2243 address bcp = bcs->bcp(); 2244 address aligned_bcp = align_up(bcp + 1, jintSize); 2245 2246 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2247 // 4639449 & 4647081: padding bytes must be 0 2248 u2 padding_offset = 1; 2249 while ((bcp + padding_offset) < aligned_bcp) { 2250 if(*(bcp + padding_offset) != 0) { 2251 verify_error(ErrorContext::bad_code(bci), 2252 "Nonzero padding byte in lookupswitch or tableswitch"); 2253 return; 2254 } 2255 padding_offset++; 2256 } 2257 } 2258 2259 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2260 int keys, delta; 2261 current_frame->pop_stack( 2262 VerificationType::integer_type(), CHECK_VERIFY(this)); 2263 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2264 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2265 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2266 if (low > high) { 2267 verify_error(ErrorContext::bad_code(bci), 2268 "low must be less than or equal to high in tableswitch"); 2269 return; 2270 } 2271 int64_t keys64 = ((int64_t)high - low) + 1; 2272 if (keys64 > 65535) { // Max code length 2273 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2274 return; 2275 } 2276 keys = (int)keys64; 2277 delta = 1; 2278 } else { 2279 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2280 if (keys < 0) { 2281 verify_error(ErrorContext::bad_code(bci), 2282 "number of keys in lookupswitch less than 0"); 2283 return; 2284 } 2285 delta = 2; 2286 // Make sure that the lookupswitch items are sorted 2287 for (int i = 0; i < (keys - 1); i++) { 2288 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2289 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2290 if (this_key >= next_key) { 2291 verify_error(ErrorContext::bad_code(bci), 2292 "Bad lookupswitch instruction"); 2293 return; 2294 } 2295 } 2296 } 2297 int target = bci + default_offset; 2298 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2299 for (int i = 0; i < keys; i++) { 2300 // Because check_jump_target() may safepoint, the bytecode could have 2301 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2302 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2303 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2304 stackmap_table->check_jump_target( 2305 current_frame, target, CHECK_VERIFY(this)); 2306 } 2307 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point 2308 } 2309 2310 bool ClassVerifier::name_in_supers( 2311 Symbol* ref_name, InstanceKlass* current) { 2312 Klass* super = current->super(); 2313 while (super != nullptr) { 2314 if (super->name() == ref_name) { 2315 return true; 2316 } 2317 super = super->super(); 2318 } 2319 return false; 2320 } 2321 2322 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2323 StackMapFrame* current_frame, 2324 const constantPoolHandle& cp, 2325 bool allow_arrays, 2326 TRAPS) { 2327 u2 index = bcs->get_index_u2(); 2328 verify_cp_type(bcs->bci(), index, cp, 2329 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2330 2331 // Get field name and signature 2332 Symbol* field_name = cp->uncached_name_ref_at(index); 2333 Symbol* field_sig = cp->uncached_signature_ref_at(index); 2334 bool is_getfield = false; 2335 2336 // Field signature was checked in ClassFileParser. 2337 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2338 "Invalid field signature"); 2339 2340 // Get referenced class type 2341 VerificationType ref_class_type = cp_ref_index_to_type( 2342 index, cp, CHECK_VERIFY(this)); 2343 if (!ref_class_type.is_object() && 2344 (!allow_arrays || !ref_class_type.is_array())) { 2345 verify_error(ErrorContext::bad_type(bcs->bci(), 2346 TypeOrigin::cp(index, ref_class_type)), 2347 "Expecting reference to class in class %s at constant pool index %d", 2348 _klass->external_name(), index); 2349 return; 2350 } 2351 2352 VerificationType target_class_type = ref_class_type; 2353 2354 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2355 "buffer type must match VerificationType size"); 2356 uintptr_t field_type_buffer[2]; 2357 VerificationType* field_type = (VerificationType*)field_type_buffer; 2358 // If we make a VerificationType[2] array directly, the compiler calls 2359 // to the c-runtime library to do the allocation instead of just 2360 // stack allocating it. Plus it would run constructors. This shows up 2361 // in performance profiles. 2362 2363 SignatureStream sig_stream(field_sig, false); 2364 VerificationType stack_object_type; 2365 int n = change_sig_to_verificationType(&sig_stream, field_type); 2366 int bci = bcs->bci(); 2367 bool is_assignable; 2368 switch (bcs->raw_code()) { 2369 case Bytecodes::_getstatic: { 2370 for (int i = 0; i < n; i++) { 2371 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2372 } 2373 break; 2374 } 2375 case Bytecodes::_putstatic: { 2376 for (int i = n - 1; i >= 0; i--) { 2377 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2378 } 2379 break; 2380 } 2381 case Bytecodes::_getfield: { 2382 is_getfield = true; 2383 stack_object_type = current_frame->pop_stack( 2384 target_class_type, CHECK_VERIFY(this)); 2385 goto check_protected; 2386 } 2387 case Bytecodes::_putfield: { 2388 for (int i = n - 1; i >= 0; i--) { 2389 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2390 } 2391 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2392 2393 // Field initialization is allowed before the superclass 2394 // initializer, if the field is defined within the current class. 2395 fieldDescriptor fd; 2396 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) && 2397 target_class_type.equals(current_type()); 2398 if (stack_object_type == VerificationType::uninitialized_this_type()) { 2399 if (is_local_field) { 2400 // Set the type to the current type so the is_assignable check passes. 2401 stack_object_type = current_type(); 2402 } 2403 } else if (supports_strict_fields(_klass)) { 2404 // `strict` fields are not writable, but only local fields produce verification errors 2405 if (is_local_field && fd.access_flags().is_strict()) { 2406 verify_error(ErrorContext::bad_code(bci), 2407 "Illegal use of putfield on a strict field"); 2408 return; 2409 } 2410 } 2411 is_assignable = target_class_type.is_assignable_from( 2412 stack_object_type, this, false, CHECK_VERIFY(this)); 2413 if (!is_assignable) { 2414 verify_error(ErrorContext::bad_type(bci, 2415 current_frame->stack_top_ctx(), 2416 TypeOrigin::cp(index, target_class_type)), 2417 "Bad type on operand stack in putfield"); 2418 return; 2419 } 2420 } 2421 check_protected: { 2422 if (_this_type == stack_object_type) 2423 break; // stack_object_type must be assignable to _current_class_type 2424 if (was_recursively_verified()) { 2425 if (is_getfield) { 2426 // Push field type for getfield. 2427 for (int i = 0; i < n; i++) { 2428 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2429 } 2430 } 2431 return; 2432 } 2433 Symbol* ref_class_name = 2434 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2435 if (!name_in_supers(ref_class_name, current_class())) 2436 // stack_object_type must be assignable to _current_class_type since: 2437 // 1. stack_object_type must be assignable to ref_class. 2438 // 2. ref_class must be _current_class or a subclass of it. It can't 2439 // be a superclass of it. See revised JVMS 5.4.4. 2440 break; 2441 2442 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2443 if (is_protected_access(current_class(), ref_class_oop, field_name, 2444 field_sig, false)) { 2445 // It's protected access, check if stack object is assignable to 2446 // current class. 2447 is_assignable = current_type().is_assignable_from( 2448 stack_object_type, this, true, CHECK_VERIFY(this)); 2449 if (!is_assignable) { 2450 verify_error(ErrorContext::bad_type(bci, 2451 current_frame->stack_top_ctx(), 2452 TypeOrigin::implicit(current_type())), 2453 "Bad access to protected data in %s", 2454 is_getfield ? "getfield" : "putfield"); 2455 return; 2456 } 2457 } 2458 break; 2459 } 2460 default: ShouldNotReachHere(); 2461 } 2462 if (is_getfield) { 2463 // Push field type for getfield after doing protection check. 2464 for (int i = 0; i < n; i++) { 2465 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2466 } 2467 } 2468 } 2469 2470 // Look at the method's handlers. If the bci is in the handler's try block 2471 // then check if the handler_pc is already on the stack. If not, push it 2472 // unless the handler has already been scanned. 2473 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2474 GrowableArray<u4>* handler_list, 2475 GrowableArray<u4>* handler_stack, 2476 u4 bci) { 2477 int exlength = exhandlers->length(); 2478 for(int x = 0; x < exlength; x++) { 2479 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2480 u4 exhandler_pc = exhandlers->handler_pc(x); 2481 if (!handler_list->contains(exhandler_pc)) { 2482 handler_stack->append_if_missing(exhandler_pc); 2483 handler_list->append(exhandler_pc); 2484 } 2485 } 2486 } 2487 } 2488 2489 // Return TRUE if all code paths starting with start_bc_offset end in 2490 // bytecode athrow or loop. 2491 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2492 ResourceMark rm; 2493 // Create bytecode stream. 2494 RawBytecodeStream bcs(method()); 2495 int code_length = method()->code_size(); 2496 bcs.set_start(start_bc_offset); 2497 2498 // Create stack for storing bytecode start offsets for if* and *switch. 2499 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2500 // Create stack for handlers for try blocks containing this handler. 2501 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2502 // Create list of handlers that have been pushed onto the handler_stack 2503 // so that handlers embedded inside of their own TRY blocks only get 2504 // scanned once. 2505 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2506 // Create list of visited branch opcodes (goto* and if*). 2507 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2508 ExceptionTable exhandlers(_method()); 2509 2510 while (true) { 2511 if (bcs.is_last_bytecode()) { 2512 // if no more starting offsets to parse or if at the end of the 2513 // method then return false. 2514 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length)) 2515 return false; 2516 // Pop a bytecode starting offset and scan from there. 2517 bcs.set_start(bci_stack->pop()); 2518 } 2519 Bytecodes::Code opcode = bcs.raw_next(); 2520 int bci = bcs.bci(); 2521 2522 // If the bytecode is in a TRY block, push its handlers so they 2523 // will get parsed. 2524 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2525 2526 switch (opcode) { 2527 case Bytecodes::_if_icmpeq: 2528 case Bytecodes::_if_icmpne: 2529 case Bytecodes::_if_icmplt: 2530 case Bytecodes::_if_icmpge: 2531 case Bytecodes::_if_icmpgt: 2532 case Bytecodes::_if_icmple: 2533 case Bytecodes::_ifeq: 2534 case Bytecodes::_ifne: 2535 case Bytecodes::_iflt: 2536 case Bytecodes::_ifge: 2537 case Bytecodes::_ifgt: 2538 case Bytecodes::_ifle: 2539 case Bytecodes::_if_acmpeq: 2540 case Bytecodes::_if_acmpne: 2541 case Bytecodes::_ifnull: 2542 case Bytecodes::_ifnonnull: { 2543 int target = bcs.dest(); 2544 if (visited_branches->contains(bci)) { 2545 if (bci_stack->is_empty()) { 2546 if (handler_stack->is_empty()) { 2547 return true; 2548 } else { 2549 // Parse the catch handlers for try blocks containing athrow. 2550 bcs.set_start(handler_stack->pop()); 2551 } 2552 } else { 2553 // Pop a bytecode starting offset and scan from there. 2554 bcs.set_start(bci_stack->pop()); 2555 } 2556 } else { 2557 if (target > bci) { // forward branch 2558 if (target >= code_length) return false; 2559 // Push the branch target onto the stack. 2560 bci_stack->push(target); 2561 // then, scan bytecodes starting with next. 2562 bcs.set_start(bcs.next_bci()); 2563 } else { // backward branch 2564 // Push bytecode offset following backward branch onto the stack. 2565 bci_stack->push(bcs.next_bci()); 2566 // Check bytecodes starting with branch target. 2567 bcs.set_start(target); 2568 } 2569 // Record target so we don't branch here again. 2570 visited_branches->append(bci); 2571 } 2572 break; 2573 } 2574 2575 case Bytecodes::_goto: 2576 case Bytecodes::_goto_w: { 2577 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2578 if (visited_branches->contains(bci)) { 2579 if (bci_stack->is_empty()) { 2580 if (handler_stack->is_empty()) { 2581 return true; 2582 } else { 2583 // Parse the catch handlers for try blocks containing athrow. 2584 bcs.set_start(handler_stack->pop()); 2585 } 2586 } else { 2587 // Been here before, pop new starting offset from stack. 2588 bcs.set_start(bci_stack->pop()); 2589 } 2590 } else { 2591 if (target >= code_length) return false; 2592 // Continue scanning from the target onward. 2593 bcs.set_start(target); 2594 // Record target so we don't branch here again. 2595 visited_branches->append(bci); 2596 } 2597 break; 2598 } 2599 2600 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2601 // is difficult to determine where each switch alternative ends, parse 2602 // each switch alternative until either hit a 'return', 'athrow', or reach 2603 // the end of the method's bytecodes. This is gross but should be okay 2604 // because: 2605 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2606 // constructor invocations should be rare. 2607 // 2. if each switch alternative ends in an athrow then the parsing should be 2608 // short. If there is no athrow then it is bogus code, anyway. 2609 case Bytecodes::_lookupswitch: 2610 case Bytecodes::_tableswitch: 2611 { 2612 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2613 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2614 int keys, delta; 2615 if (opcode == Bytecodes::_tableswitch) { 2616 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2617 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2618 // This is invalid, but let the regular bytecode verifier 2619 // report this because the user will get a better error message. 2620 if (low > high) return true; 2621 keys = high - low + 1; 2622 delta = 1; 2623 } else { 2624 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2625 delta = 2; 2626 } 2627 // Invalid, let the regular bytecode verifier deal with it. 2628 if (keys < 0) return true; 2629 2630 // Push the offset of the next bytecode onto the stack. 2631 bci_stack->push(bcs.next_bci()); 2632 2633 // Push the switch alternatives onto the stack. 2634 for (int i = 0; i < keys; i++) { 2635 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2636 if (target > code_length) return false; 2637 bci_stack->push(target); 2638 } 2639 2640 // Start bytecode parsing for the switch at the default alternative. 2641 if (default_offset > code_length) return false; 2642 bcs.set_start(default_offset); 2643 break; 2644 } 2645 2646 case Bytecodes::_return: 2647 return false; 2648 2649 case Bytecodes::_athrow: 2650 { 2651 if (bci_stack->is_empty()) { 2652 if (handler_stack->is_empty()) { 2653 return true; 2654 } else { 2655 // Parse the catch handlers for try blocks containing athrow. 2656 bcs.set_start(handler_stack->pop()); 2657 } 2658 } else { 2659 // Pop a bytecode offset and starting scanning from there. 2660 bcs.set_start(bci_stack->pop()); 2661 } 2662 } 2663 break; 2664 2665 default: 2666 ; 2667 } // end switch 2668 } // end while loop 2669 2670 return false; 2671 } 2672 2673 void ClassVerifier::verify_invoke_init( 2674 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2675 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2676 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2677 TRAPS) { 2678 int bci = bcs->bci(); 2679 VerificationType type = current_frame->pop_stack( 2680 VerificationType::reference_check(), CHECK_VERIFY(this)); 2681 if (type == VerificationType::uninitialized_this_type()) { 2682 // The method must be an <init> method of this class or its superclass 2683 Klass* superk = current_class()->super(); 2684 if (ref_class_type.name() != current_class()->name() && 2685 ref_class_type.name() != superk->name()) { 2686 verify_error(ErrorContext::bad_type(bci, 2687 TypeOrigin::implicit(ref_class_type), 2688 TypeOrigin::implicit(current_type())), 2689 "Bad <init> method call"); 2690 return; 2691 } 2692 2693 // If this invokespecial call is done from inside of a TRY block then make 2694 // sure that all catch clause paths end in a throw. Otherwise, this can 2695 // result in returning an incomplete object. 2696 if (in_try_block) { 2697 ExceptionTable exhandlers(_method()); 2698 int exlength = exhandlers.length(); 2699 for(int i = 0; i < exlength; i++) { 2700 u2 start_pc = exhandlers.start_pc(i); 2701 u2 end_pc = exhandlers.end_pc(i); 2702 2703 if (bci >= start_pc && bci < end_pc) { 2704 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2705 verify_error(ErrorContext::bad_code(bci), 2706 "Bad <init> method call from after the start of a try block"); 2707 return; 2708 } else if (log_is_enabled(Debug, verification)) { 2709 ResourceMark rm(THREAD); 2710 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2711 current_class()->name()->as_C_string()); 2712 } 2713 } 2714 } 2715 2716 // Check the exception handler target stackmaps with the locals from the 2717 // incoming stackmap (before initialize_object() changes them to outgoing 2718 // state). 2719 if (was_recursively_verified()) return; 2720 verify_exception_handler_targets(bci, true, current_frame, 2721 stackmap_table, CHECK_VERIFY(this)); 2722 } // in_try_block 2723 2724 current_frame->initialize_object(type, current_type()); 2725 *this_uninit = true; 2726 } else if (type.is_uninitialized()) { 2727 u2 new_offset = type.bci(); 2728 address new_bcp = bcs->bcp() - bci + new_offset; 2729 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2730 /* Unreachable? Stack map parsing ensures valid type and new 2731 * instructions have a valid BCI. */ 2732 verify_error(ErrorContext::bad_code(new_offset), 2733 "Expecting new instruction"); 2734 return; 2735 } 2736 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2737 if (was_recursively_verified()) return; 2738 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2739 2740 // The method must be an <init> method of the indicated class 2741 VerificationType new_class_type = cp_index_to_type( 2742 new_class_index, cp, CHECK_VERIFY(this)); 2743 if (!new_class_type.equals(ref_class_type)) { 2744 verify_error(ErrorContext::bad_type(bci, 2745 TypeOrigin::cp(new_class_index, new_class_type), 2746 TypeOrigin::cp(ref_class_index, ref_class_type)), 2747 "Call to wrong <init> method"); 2748 return; 2749 } 2750 // According to the VM spec, if the referent class is a superclass of the 2751 // current class, and is in a different runtime package, and the method is 2752 // protected, then the objectref must be the current class or a subclass 2753 // of the current class. 2754 VerificationType objectref_type = new_class_type; 2755 if (name_in_supers(ref_class_type.name(), current_class())) { 2756 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2757 if (was_recursively_verified()) return; 2758 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2759 vmSymbols::object_initializer_name(), 2760 cp->uncached_signature_ref_at(bcs->get_index_u2()), 2761 Klass::OverpassLookupMode::find); 2762 // Do nothing if method is not found. Let resolution detect the error. 2763 if (m != nullptr) { 2764 InstanceKlass* mh = m->method_holder(); 2765 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2766 bool assignable = current_type().is_assignable_from( 2767 objectref_type, this, true, CHECK_VERIFY(this)); 2768 if (!assignable) { 2769 verify_error(ErrorContext::bad_type(bci, 2770 TypeOrigin::cp(new_class_index, objectref_type), 2771 TypeOrigin::implicit(current_type())), 2772 "Bad access to protected <init> method"); 2773 return; 2774 } 2775 } 2776 } 2777 } 2778 // Check the exception handler target stackmaps with the locals from the 2779 // incoming stackmap (before initialize_object() changes them to outgoing 2780 // state). 2781 if (in_try_block) { 2782 if (was_recursively_verified()) return; 2783 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2784 stackmap_table, CHECK_VERIFY(this)); 2785 } 2786 current_frame->initialize_object(type, new_class_type); 2787 } else { 2788 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2789 "Bad operand type when invoking <init>"); 2790 return; 2791 } 2792 } 2793 2794 bool ClassVerifier::is_same_or_direct_interface( 2795 InstanceKlass* klass, 2796 VerificationType klass_type, 2797 VerificationType ref_class_type) { 2798 if (ref_class_type.equals(klass_type)) return true; 2799 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2800 if (local_interfaces != nullptr) { 2801 for (int x = 0; x < local_interfaces->length(); x++) { 2802 InstanceKlass* k = local_interfaces->at(x); 2803 assert (k != nullptr && k->is_interface(), "invalid interface"); 2804 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2805 return true; 2806 } 2807 } 2808 } 2809 return false; 2810 } 2811 2812 void ClassVerifier::verify_invoke_instructions( 2813 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2814 bool in_try_block, bool *this_uninit, 2815 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2816 // Make sure the constant pool item is the right type 2817 u2 index = bcs->get_index_u2(); 2818 Bytecodes::Code opcode = bcs->raw_code(); 2819 unsigned int types = 0; 2820 switch (opcode) { 2821 case Bytecodes::_invokeinterface: 2822 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2823 break; 2824 case Bytecodes::_invokedynamic: 2825 types = 1 << JVM_CONSTANT_InvokeDynamic; 2826 break; 2827 case Bytecodes::_invokespecial: 2828 case Bytecodes::_invokestatic: 2829 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2830 (1 << JVM_CONSTANT_Methodref) : 2831 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2832 break; 2833 default: 2834 types = 1 << JVM_CONSTANT_Methodref; 2835 } 2836 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2837 2838 // Get method name and signature 2839 Symbol* method_name = cp->uncached_name_ref_at(index); 2840 Symbol* method_sig = cp->uncached_signature_ref_at(index); 2841 2842 // Method signature was checked in ClassFileParser. 2843 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2844 "Invalid method signature"); 2845 2846 // Get referenced class 2847 VerificationType ref_class_type; 2848 if (opcode == Bytecodes::_invokedynamic) { 2849 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2850 class_format_error( 2851 "invokedynamic instructions not supported by this class file version (%d), class %s", 2852 _klass->major_version(), _klass->external_name()); 2853 return; 2854 } 2855 } else { 2856 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2857 } 2858 2859 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2860 "buffer type must match VerificationType size"); 2861 2862 // Get the UTF8 index for this signature. 2863 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index)); 2864 2865 // Get the signature's verification types. 2866 sig_as_verification_types* mth_sig_verif_types; 2867 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2868 if (mth_sig_verif_types_ptr != nullptr) { 2869 // Found the entry for the signature's verification types in the hash table. 2870 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2871 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value"); 2872 } else { 2873 // Not found, add the entry to the table. 2874 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2875 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2876 create_method_sig_entry(mth_sig_verif_types, sig_index); 2877 } 2878 2879 // Get the number of arguments for this signature. 2880 int nargs = mth_sig_verif_types->num_args(); 2881 2882 // Check instruction operands 2883 int bci = bcs->bci(); 2884 if (opcode == Bytecodes::_invokeinterface) { 2885 address bcp = bcs->bcp(); 2886 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2887 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2888 // the difference between the size of the operand stack before and after the instruction 2889 // executes. 2890 if (*(bcp+3) != (nargs+1)) { 2891 verify_error(ErrorContext::bad_code(bci), 2892 "Inconsistent args count operand in invokeinterface"); 2893 return; 2894 } 2895 if (*(bcp+4) != 0) { 2896 verify_error(ErrorContext::bad_code(bci), 2897 "Fourth operand byte of invokeinterface must be zero"); 2898 return; 2899 } 2900 } 2901 2902 if (opcode == Bytecodes::_invokedynamic) { 2903 address bcp = bcs->bcp(); 2904 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2905 verify_error(ErrorContext::bad_code(bci), 2906 "Third and fourth operand bytes of invokedynamic must be zero"); 2907 return; 2908 } 2909 } 2910 2911 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2912 // Make sure: 2913 // <init> can only be invoked by invokespecial. 2914 if (opcode != Bytecodes::_invokespecial || 2915 method_name != vmSymbols::object_initializer_name()) { 2916 verify_error(ErrorContext::bad_code(bci), 2917 "Illegal call to internal method"); 2918 return; 2919 } 2920 } else if (opcode == Bytecodes::_invokespecial 2921 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2922 && !ref_class_type.equals(VerificationType::reference_type( 2923 current_class()->super()->name()))) { // super() can never be an inline_type. 2924 bool subtype = false; 2925 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2926 subtype = ref_class_type.is_assignable_from( 2927 current_type(), this, false, CHECK_VERIFY(this)); 2928 if (!subtype) { 2929 verify_error(ErrorContext::bad_code(bci), 2930 "Bad invokespecial instruction: " 2931 "current class isn't assignable to reference class."); 2932 return; 2933 } else if (have_imr_indirect) { 2934 verify_error(ErrorContext::bad_code(bci), 2935 "Bad invokespecial instruction: " 2936 "interface method reference is in an indirect superinterface."); 2937 return; 2938 } 2939 2940 } 2941 2942 // Get the verification types for the method's arguments. 2943 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2944 assert(sig_verif_types != nullptr, "Missing signature's array of verification types"); 2945 // Match method descriptor with operand stack 2946 // The arguments are on the stack in descending order. 2947 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2948 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2949 } 2950 2951 // Check objectref on operand stack 2952 if (opcode != Bytecodes::_invokestatic && 2953 opcode != Bytecodes::_invokedynamic) { 2954 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2955 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2956 code_length, in_try_block, this_uninit, cp, stackmap_table, 2957 CHECK_VERIFY(this)); 2958 if (was_recursively_verified()) return; 2959 } else { // other methods 2960 // Ensures that target class is assignable to method class. 2961 if (opcode == Bytecodes::_invokespecial) { 2962 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2963 } else if (opcode == Bytecodes::_invokevirtual) { 2964 VerificationType stack_object_type = 2965 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2966 if (current_type() != stack_object_type) { 2967 if (was_recursively_verified()) return; 2968 assert(cp->cache() == nullptr, "not rewritten yet"); 2969 Symbol* ref_class_name = 2970 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2971 // See the comments in verify_field_instructions() for 2972 // the rationale behind this. 2973 if (name_in_supers(ref_class_name, current_class())) { 2974 Klass* ref_class = load_class(ref_class_name, CHECK); 2975 if (is_protected_access( 2976 _klass, ref_class, method_name, method_sig, true)) { 2977 // It's protected access, check if stack object is 2978 // assignable to current class. 2979 if (ref_class_type.name() == vmSymbols::java_lang_Object() 2980 && stack_object_type.is_array() 2981 && method_name == vmSymbols::clone_name()) { 2982 // Special case: arrays pretend to implement public Object 2983 // clone(). 2984 } else { 2985 bool is_assignable = current_type().is_assignable_from( 2986 stack_object_type, this, true, CHECK_VERIFY(this)); 2987 if (!is_assignable) { 2988 verify_error(ErrorContext::bad_type(bci, 2989 current_frame->stack_top_ctx(), 2990 TypeOrigin::implicit(current_type())), 2991 "Bad access to protected data in invokevirtual"); 2992 return; 2993 } 2994 } 2995 } 2996 } 2997 } 2998 } else { 2999 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3000 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3001 } 3002 } 3003 } 3004 // Push the result type. 3005 int sig_verif_types_len = sig_verif_types->length(); 3006 if (sig_verif_types_len > nargs) { // There's a return type 3007 if (method_name == vmSymbols::object_initializer_name()) { 3008 // an <init> method must have a void return type 3009 verify_error(ErrorContext::bad_code(bci), 3010 "Return type must be void in <init> method"); 3011 return; 3012 } 3013 3014 assert(sig_verif_types_len <= nargs + 2, 3015 "Signature verification types array return type is bogus"); 3016 for (int i = nargs; i < sig_verif_types_len; i++) { 3017 assert(i == nargs || sig_verif_types->at(i).is_long2() || 3018 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 3019 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 3020 } 3021 } 3022 } 3023 3024 VerificationType ClassVerifier::get_newarray_type( 3025 u2 index, int bci, TRAPS) { 3026 const char* from_bt[] = { 3027 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3028 }; 3029 if (index < T_BOOLEAN || index > T_LONG) { 3030 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3031 return VerificationType::bogus_type(); 3032 } 3033 3034 // from_bt[index] contains the array signature which has a length of 2 3035 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3036 return VerificationType::reference_type(sig); 3037 } 3038 3039 void ClassVerifier::verify_anewarray( 3040 int bci, u2 index, const constantPoolHandle& cp, 3041 StackMapFrame* current_frame, TRAPS) { 3042 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3043 current_frame->pop_stack( 3044 VerificationType::integer_type(), CHECK_VERIFY(this)); 3045 3046 if (was_recursively_verified()) return; 3047 VerificationType component_type = 3048 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3049 int length; 3050 char* arr_sig_str; 3051 if (component_type.is_array()) { // it's an array 3052 const char* component_name = component_type.name()->as_utf8(); 3053 // Check for more than MAX_ARRAY_DIMENSIONS 3054 length = (int)strlen(component_name); 3055 if (length > MAX_ARRAY_DIMENSIONS && 3056 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3057 verify_error(ErrorContext::bad_code(bci), 3058 "Illegal anewarray instruction, array has more than 255 dimensions"); 3059 } 3060 // add one dimension to component 3061 length++; 3062 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3063 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3064 JVM_SIGNATURE_ARRAY, component_name); 3065 assert(n == length, "Unexpected number of characters in string"); 3066 } else { // it's an object or interface 3067 const char* component_name = component_type.name()->as_utf8(); 3068 // add one dimension to component with 'L' prepended and ';' postpended. 3069 length = (int)strlen(component_name) + 3; 3070 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3071 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3072 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3073 assert(n == length, "Unexpected number of characters in string"); 3074 } 3075 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3076 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3077 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3078 } 3079 3080 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) { 3081 current_frame->get_local( 3082 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3083 current_frame->push_stack( 3084 VerificationType::integer_type(), CHECK_VERIFY(this)); 3085 } 3086 3087 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) { 3088 current_frame->get_local_2( 3089 index, VerificationType::long_type(), 3090 VerificationType::long2_type(), CHECK_VERIFY(this)); 3091 current_frame->push_stack_2( 3092 VerificationType::long_type(), 3093 VerificationType::long2_type(), CHECK_VERIFY(this)); 3094 } 3095 3096 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) { 3097 current_frame->get_local( 3098 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3099 current_frame->push_stack( 3100 VerificationType::float_type(), CHECK_VERIFY(this)); 3101 } 3102 3103 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) { 3104 current_frame->get_local_2( 3105 index, VerificationType::double_type(), 3106 VerificationType::double2_type(), CHECK_VERIFY(this)); 3107 current_frame->push_stack_2( 3108 VerificationType::double_type(), 3109 VerificationType::double2_type(), CHECK_VERIFY(this)); 3110 } 3111 3112 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) { 3113 VerificationType type = current_frame->get_local( 3114 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3115 current_frame->push_stack(type, CHECK_VERIFY(this)); 3116 } 3117 3118 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) { 3119 current_frame->pop_stack( 3120 VerificationType::integer_type(), CHECK_VERIFY(this)); 3121 current_frame->set_local( 3122 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3123 } 3124 3125 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) { 3126 current_frame->pop_stack_2( 3127 VerificationType::long2_type(), 3128 VerificationType::long_type(), CHECK_VERIFY(this)); 3129 current_frame->set_local_2( 3130 index, VerificationType::long_type(), 3131 VerificationType::long2_type(), CHECK_VERIFY(this)); 3132 } 3133 3134 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) { 3135 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3136 current_frame->set_local( 3137 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3138 } 3139 3140 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) { 3141 current_frame->pop_stack_2( 3142 VerificationType::double2_type(), 3143 VerificationType::double_type(), CHECK_VERIFY(this)); 3144 current_frame->set_local_2( 3145 index, VerificationType::double_type(), 3146 VerificationType::double2_type(), CHECK_VERIFY(this)); 3147 } 3148 3149 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) { 3150 VerificationType type = current_frame->pop_stack( 3151 VerificationType::reference_check(), CHECK_VERIFY(this)); 3152 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3153 } 3154 3155 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) { 3156 VerificationType type = current_frame->get_local( 3157 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3158 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3159 } 3160 3161 void ClassVerifier::verify_return_value( 3162 VerificationType return_type, VerificationType type, int bci, 3163 StackMapFrame* current_frame, TRAPS) { 3164 if (return_type == VerificationType::bogus_type()) { 3165 verify_error(ErrorContext::bad_type(bci, 3166 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3167 "Method does not expect a return value"); 3168 return; 3169 } 3170 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3171 if (!match) { 3172 verify_error(ErrorContext::bad_type(bci, 3173 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3174 "Bad return type"); 3175 return; 3176 } 3177 } 3178 3179 // The verifier creates symbols which are substrings of Symbols. 3180 // These are stored in the verifier until the end of verification so that 3181 // they can be reference counted. 3182 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3183 // Quick deduplication check 3184 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) { 3185 return _previous_symbol; 3186 } 3187 Symbol* sym = SymbolTable::new_symbol(name, length); 3188 if (!sym->is_permanent()) { 3189 if (_symbols == nullptr) { 3190 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr); 3191 } 3192 _symbols->push(sym); 3193 } 3194 _previous_symbol = sym; 3195 return sym; 3196 }