1 /*
2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
91 void *lib_handle = nullptr;
92 // Load verify dll
93 if (is_vm_statically_linked()) {
94 lib_handle = os::get_default_process_handle();
95 } else {
96 char buffer[JVM_MAXPATHLEN];
97 char ebuf[1024];
98 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
99 return nullptr; // Caller will throw VerifyError
100
101 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
102 if (lib_handle == nullptr)
103 return nullptr; // Caller will throw VerifyError
104 }
105
106 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
107 if (fn == nullptr)
108 return nullptr; // Caller will throw VerifyError
109
110 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
111 }
112
113
114 // Methods in Verifier
115
116 // This method determines whether we run the verifier and class file format checking code.
117 bool Verifier::should_verify_for(oop class_loader) {
118 return class_loader == nullptr ?
119 BytecodeVerificationLocal : BytecodeVerificationRemote;
120 }
121
122 // This method determines whether we allow package access in access checks in reflection.
123 bool Verifier::relax_access_for(oop loader) {
124 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
125 bool need_verify =
126 // verifyAll
127 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
128 // verifyRemote
129 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
130 return !need_verify;
131 }
132
133 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
134 // or pass true for redefinition of any class.
135 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
136 Symbol* name = klass->name();
137
138 return (should_verify_class &&
139 // Can not verify the bytecodes for shared classes because they have
140 // already been rewritten to contain constant pool cache indices,
141 // which the verifier can't understand.
142 // Shared classes shouldn't have stackmaps either.
143 // However, bytecodes for shared old classes can be verified because
144 // they have not been rewritten.
145 !(klass->is_shared() && klass->is_rewritten()));
146 }
147
148 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
149 assert(verify_class != nullptr, "Unexpected null verify_class");
150 ResourceMark rm;
151 Symbol* s = verify_class->source_file_name();
152 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
153 const char* verify = verify_class->external_name();
154 const char* resolve = resolve_class->external_name();
155 // print in a single call to reduce interleaving between threads
156 if (source_file != nullptr) {
157 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
158 } else {
159 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
160 }
161 }
162
163 // Prints the end-verification message to the appropriate output.
164 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
165 if (pending_exception != nullptr) {
166 st->print("Verification for %s has", klassName);
167 oop message = java_lang_Throwable::message(pending_exception);
168 if (message != nullptr) {
169 char* ex_msg = java_lang_String::as_utf8_string(message);
170 st->print_cr(" exception pending '%s %s'",
171 pending_exception->klass()->external_name(), ex_msg);
172 } else {
173 st->print_cr(" exception pending %s ",
174 pending_exception->klass()->external_name());
175 }
176 } else if (exception_name != nullptr) {
177 st->print_cr("Verification for %s failed", klassName);
178 }
179 st->print_cr("End class verification for: %s", klassName);
180 }
181
182 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
183 HandleMark hm(THREAD);
184 ResourceMark rm(THREAD);
185
186 // Eagerly allocate the identity hash code for a klass. This is a fallout
187 // from 6320749 and 8059924: hash code generator is not supposed to be called
188 // during the safepoint, but it allows to sneak the hashcode in during
189 // verification. Without this eager hashcode generation, we may end up
190 // installing the hashcode during some other operation, which may be at
191 // safepoint -- blowing up the checks. It was previously done as the side
192 // effect (sic!) for external_name(), but instead of doing that, we opt to
193 // explicitly push the hashcode in here. This is signify the following block
194 // is IMPORTANT:
195 if (klass->java_mirror() != nullptr) {
196 klass->java_mirror()->identity_hash();
197 }
198
199 if (!is_eligible_for_verification(klass, should_verify_class)) {
200 return true;
201 }
202
203 // Timer includes any side effects of class verification (resolution,
204 // etc), but not recursive calls to Verifier::verify().
205 JavaThread* jt = THREAD;
206 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
207 ClassLoader::perf_class_verify_selftime(),
208 ClassLoader::perf_classes_verified(),
209 jt->get_thread_stat()->perf_recursion_counts_addr(),
210 jt->get_thread_stat()->perf_timers_addr(),
211 PerfClassTraceTime::CLASS_VERIFY);
212
213 // If the class should be verified, first see if we can use the split
214 // verifier. If not, or if verification fails and can failover, then
215 // call the inference verifier.
216 Symbol* exception_name = nullptr;
217 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
218 char* message_buffer = nullptr;
219 char* exception_message = nullptr;
220
221 log_info(class, init)("Start class verification for: %s", klass->external_name());
222 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
223 ClassVerifier split_verifier(jt, klass);
224 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
225 split_verifier.verify_class(THREAD);
226 exception_name = split_verifier.result();
227
228 // If dumping static archive then don't fall back to the old verifier on
229 // verification failure. If a class fails verification with the split verifier,
230 // it might fail the CDS runtime verifier constraint check. In that case, we
231 // don't want to share the class. We only archive classes that pass the split
232 // verifier.
233 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
234 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
235
236 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
237 (exception_name == vmSymbols::java_lang_VerifyError() ||
238 exception_name == vmSymbols::java_lang_ClassFormatError())) {
239 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
240 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
241 #if INCLUDE_CDS
242 // Exclude any classes that fail over during dynamic dumping
243 if (CDSConfig::is_dumping_dynamic_archive()) {
244 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
245 SystemDictionaryShared::set_excluded(klass);
246 }
247 #endif
248 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
249 exception_message = message_buffer;
250 exception_name = inference_verify(
251 klass, message_buffer, message_buffer_len, THREAD);
252 }
253 if (exception_name != nullptr) {
254 exception_message = split_verifier.exception_message();
255 }
256 } else {
257 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
258 exception_message = message_buffer;
259 exception_name = inference_verify(
260 klass, message_buffer, message_buffer_len, THREAD);
261 }
262
263 LogTarget(Info, class, init) lt1;
264 if (lt1.is_enabled()) {
265 LogStream ls(lt1);
266 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
267 }
268 LogTarget(Info, verification) lt2;
269 if (lt2.is_enabled()) {
270 LogStream ls(lt2);
271 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
272 }
273
274 if (HAS_PENDING_EXCEPTION) {
275 return false; // use the existing exception
276 } else if (exception_name == nullptr) {
277 return true; // verification succeeded
278 } else { // VerifyError or ClassFormatError to be created and thrown
279 Klass* kls =
280 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
281 if (log_is_enabled(Debug, class, resolve)) {
282 Verifier::trace_class_resolution(kls, klass);
283 }
284
285 while (kls != nullptr) {
286 if (kls == klass) {
287 // If the class being verified is the exception we're creating
288 // or one of it's superclasses, we're in trouble and are going
289 // to infinitely recurse when we try to initialize the exception.
290 // So bail out here by throwing the preallocated VM error.
291 THROW_OOP_(Universe::internal_error_instance(), false);
292 }
293 kls = kls->super();
294 }
295 if (message_buffer != nullptr) {
296 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
297 }
298 assert(exception_message != nullptr, "");
299 THROW_MSG_(exception_name, exception_message, false);
300 }
301 }
302
303 Symbol* Verifier::inference_verify(
304 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
305 JavaThread* thread = THREAD;
306
307 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
308
309 if (verify_func == nullptr) {
310 jio_snprintf(message, message_len, "Could not link verifier");
311 return vmSymbols::java_lang_VerifyError();
312 }
313
314 ResourceMark rm(thread);
315 log_info(verification)("Verifying class %s with old format", klass->external_name());
316
317 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
318 jint result;
319
320 {
321 HandleMark hm(thread);
322 ThreadToNativeFromVM ttn(thread);
323 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
324 // code knows that we have left the VM
325 JNIEnv *env = thread->jni_environment();
326 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
327 }
328
329 JNIHandles::destroy_local(cls);
330
331 // These numbers are chosen so that VerifyClassCodes interface doesn't need
332 // to be changed (still return jboolean (unsigned char)), and result is
333 // 1 when verification is passed.
334 if (result == 0) {
335 return vmSymbols::java_lang_VerifyError();
336 } else if (result == 1) {
337 return nullptr; // verified.
338 } else if (result == 2) {
339 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
340 } else if (result == 3) {
341 return vmSymbols::java_lang_ClassFormatError();
342 } else {
343 ShouldNotReachHere();
344 return nullptr;
345 }
346 }
347
348 TypeOrigin TypeOrigin::null() {
349 return TypeOrigin();
350 }
351 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
352 assert(frame != nullptr, "Must have a frame");
353 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
354 frame->local_at(index));
355 }
356 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
357 assert(frame != nullptr, "Must have a frame");
358 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
359 frame->stack_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
362 assert(frame != nullptr, "Must have a frame");
363 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
364 frame->local_at(index));
365 }
366 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
367 assert(frame != nullptr, "Must have a frame");
368 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
369 frame->stack_at(index));
370 }
371 TypeOrigin TypeOrigin::bad_index(int index) {
372 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
373 }
374 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
375 return TypeOrigin(CONST_POOL, index, nullptr, vt);
376 }
377 TypeOrigin TypeOrigin::signature(VerificationType vt) {
378 return TypeOrigin(SIG, 0, nullptr, vt);
379 }
380 TypeOrigin TypeOrigin::implicit(VerificationType t) {
381 return TypeOrigin(IMPLICIT, 0, nullptr, t);
382 }
383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
384 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
385 VerificationType::bogus_type());
386 }
387
388 void TypeOrigin::reset_frame() {
389 if (_frame != nullptr) {
390 _frame->restore();
391 }
392 }
393
394 void TypeOrigin::details(outputStream* ss) const {
395 _type.print_on(ss);
396 switch (_origin) {
397 case CF_LOCALS:
398 ss->print(" (current frame, locals[%d])", _index);
399 break;
400 case CF_STACK:
401 ss->print(" (current frame, stack[%d])", _index);
402 break;
403 case SM_LOCALS:
404 ss->print(" (stack map, locals[%d])", _index);
405 break;
406 case SM_STACK:
407 ss->print(" (stack map, stack[%d])", _index);
408 break;
409 case CONST_POOL:
410 ss->print(" (constant pool %d)", _index);
411 break;
412 case SIG:
413 ss->print(" (from method signature)");
414 break;
415 case IMPLICIT:
416 case FRAME_ONLY:
417 case NONE:
418 default:
419 ;
420 }
421 }
422
423 #ifdef ASSERT
424 void TypeOrigin::print_on(outputStream* str) const {
425 str->print("{%d,%d,%p:", _origin, _index, _frame);
426 if (_frame != nullptr) {
427 _frame->print_on(str);
428 } else {
429 str->print("null");
430 }
431 str->print(",");
432 _type.print_on(str);
433 str->print("}");
434 }
435 #endif
436
437 void ErrorContext::details(outputStream* ss, const Method* method) const {
438 if (is_valid()) {
439 ss->cr();
440 ss->print_cr("Exception Details:");
441 location_details(ss, method);
442 reason_details(ss);
443 frame_details(ss);
444 bytecode_details(ss, method);
445 handler_details(ss, method);
446 stackmap_details(ss, method);
447 }
448 }
449
450 void ErrorContext::reason_details(outputStream* ss) const {
451 streamIndentor si(ss);
452 ss->indent().print_cr("Reason:");
453 streamIndentor si2(ss);
454 ss->indent().print("%s", "");
455 switch (_fault) {
456 case INVALID_BYTECODE:
457 ss->print("Error exists in the bytecode");
458 break;
459 case WRONG_TYPE:
460 if (_expected.is_valid()) {
461 ss->print("Type ");
462 _type.details(ss);
463 ss->print(" is not assignable to ");
464 _expected.details(ss);
465 } else {
466 ss->print("Invalid type: ");
467 _type.details(ss);
468 }
469 break;
470 case FLAGS_MISMATCH:
471 if (_expected.is_valid()) {
472 ss->print("Current frame's flags are not assignable "
473 "to stack map frame's.");
474 } else {
475 ss->print("Current frame's flags are invalid in this context.");
476 }
477 break;
478 case BAD_CP_INDEX:
479 ss->print("Constant pool index %d is invalid", _type.index());
480 break;
481 case BAD_LOCAL_INDEX:
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case BAD_STRICT_FIELDS:
485 ss->print("Invalid use of strict instance fields");
486 break;
487 case LOCALS_SIZE_MISMATCH:
488 ss->print("Current frame's local size doesn't match stackmap.");
489 break;
490 case STACK_SIZE_MISMATCH:
491 ss->print("Current frame's stack size doesn't match stackmap.");
492 break;
493 case STRICT_FIELDS_MISMATCH:
494 ss->print("Current frame's strict instance fields not compatible with stackmap.");
495 break;
496 case STACK_OVERFLOW:
497 ss->print("Exceeded max stack size.");
498 break;
499 case STACK_UNDERFLOW:
500 ss->print("Attempt to pop empty stack.");
501 break;
502 case MISSING_STACKMAP:
503 ss->print("Expected stackmap frame at this location.");
504 break;
505 case BAD_STACKMAP:
506 ss->print("Invalid stackmap specification.");
507 break;
508 case WRONG_INLINE_TYPE:
509 ss->print("Type ");
510 _type.details(ss);
511 ss->print(" and type ");
512 _expected.details(ss);
513 ss->print(" must be identical inline types.");
514 break;
515 case UNKNOWN:
516 default:
517 ShouldNotReachHere();
518 ss->print_cr("Unknown");
519 }
520 ss->cr();
521 }
522
523 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
524 if (_bci != -1 && method != nullptr) {
525 streamIndentor si(ss);
526 const char* bytecode_name = "<invalid>";
527 if (method->validate_bci(_bci) != -1) {
528 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
529 if (Bytecodes::is_defined(code)) {
530 bytecode_name = Bytecodes::name(code);
531 } else {
532 bytecode_name = "<illegal>";
533 }
534 }
535 InstanceKlass* ik = method->method_holder();
536 ss->indent().print_cr("Location:");
537 streamIndentor si2(ss);
538 ss->indent().print_cr("%s.%s%s @%d: %s",
539 ik->name()->as_C_string(), method->name()->as_C_string(),
540 method->signature()->as_C_string(), _bci, bytecode_name);
541 }
542 }
543
544 void ErrorContext::frame_details(outputStream* ss) const {
545 streamIndentor si(ss);
546 if (_type.is_valid() && _type.frame() != nullptr) {
547 ss->indent().print_cr("Current Frame:");
548 streamIndentor si2(ss);
549 _type.frame()->print_on(ss);
550 }
551 if (_expected.is_valid() && _expected.frame() != nullptr) {
552 ss->indent().print_cr("Stackmap Frame:");
553 streamIndentor si2(ss);
554 _expected.frame()->print_on(ss);
555 }
556 }
557
558 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
559 if (method != nullptr) {
560 streamIndentor si(ss);
561 ss->indent().print_cr("Bytecode:");
562 streamIndentor si2(ss);
563 ss->print_data(method->code_base(), method->code_size(), false);
564 }
565 }
566
567 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
568 if (method != nullptr) {
569 streamIndentor si(ss);
570 ExceptionTable table(method);
571 if (table.length() > 0) {
572 ss->indent().print_cr("Exception Handler Table:");
573 streamIndentor si2(ss);
574 for (int i = 0; i < table.length(); ++i) {
575 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
576 table.end_pc(i), table.handler_pc(i));
577 }
578 }
579 }
580 }
581
582 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
583 if (method != nullptr && method->has_stackmap_table()) {
584 streamIndentor si(ss);
585 ss->indent().print_cr("Stackmap Table:");
586 Array<u1>* data = method->stackmap_data();
587 stack_map_table* sm_table =
588 stack_map_table::at((address)data->adr_at(0));
589 stack_map_frame* sm_frame = sm_table->entries();
590 streamIndentor si2(ss);
591 int current_offset = -1;
592 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
593 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
594 ss->indent();
595 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
596 sm_frame->print_truncated(ss, current_offset);
597 return;
598 }
599 sm_frame->print_on(ss, current_offset);
600 ss->cr();
601 current_offset += sm_frame->offset_delta();
602 sm_frame = sm_frame->next();
603 }
604 }
605 }
606
607 // Methods in ClassVerifier
608
609 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
610 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
611 _message(nullptr), _klass(klass) {
612 _this_type = VerificationType::reference_type(klass->name());
613 }
614
615 ClassVerifier::~ClassVerifier() {
616 // Decrement the reference count for any symbols created.
617 if (_symbols != nullptr) {
618 for (int i = 0; i < _symbols->length(); i++) {
619 Symbol* s = _symbols->at(i);
620 s->decrement_refcount();
621 }
622 }
623 }
624
625 VerificationType ClassVerifier::object_type() const {
626 return VerificationType::reference_type(vmSymbols::java_lang_Object());
627 }
628
629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
630 VerificationType vt = VerificationType::reference_type(
631 create_temporary_symbol(sig, (int)strlen(sig)));
632 return TypeOrigin::implicit(vt);
633 }
634
635 static bool supports_strict_fields(InstanceKlass* klass) {
636 int ver = klass->major_version();
637 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
638 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
639 }
640
641 void ClassVerifier::verify_class(TRAPS) {
642 log_info(verification)("Verifying class %s with new format", _klass->external_name());
643
644 // Either verifying both local and remote classes or just remote classes.
645 assert(BytecodeVerificationRemote, "Should not be here");
646
647 Array<Method*>* methods = _klass->methods();
648 int num_methods = methods->length();
649
650 for (int index = 0; index < num_methods; index++) {
651 // Check for recursive re-verification before each method.
652 if (was_recursively_verified()) return;
653
654 Method* m = methods->at(index);
655 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
656 // If m is native or abstract, skip it. It is checked in class file
657 // parser that methods do not override a final method. Overpass methods
658 // are trusted since the VM generates them.
659 continue;
660 }
661 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
662 }
663
664 if (was_recursively_verified()){
665 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
666 log_info(class, init)("Recursive verification detected for: %s",
667 _klass->external_name());
668 }
669 }
670
671 // Translate the signature entries into verification types and save them in
672 // the growable array. Also, save the count of arguments.
673 void ClassVerifier::translate_signature(Symbol* const method_sig,
674 sig_as_verification_types* sig_verif_types) {
675 SignatureStream sig_stream(method_sig);
676 VerificationType sig_type[2];
677 int sig_i = 0;
678 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
679
680 // Translate the signature arguments into verification types.
681 while (!sig_stream.at_return_type()) {
682 int n = change_sig_to_verificationType(&sig_stream, sig_type);
683 assert(n <= 2, "Unexpected signature type");
684
685 // Store verification type(s). Longs and Doubles each have two verificationTypes.
686 for (int x = 0; x < n; x++) {
687 verif_types->push(sig_type[x]);
688 }
689 sig_i += n;
690 sig_stream.next();
691 }
692
693 // Set final arg count, not including the return type. The final arg count will
694 // be compared with sig_verify_types' length to see if there is a return type.
695 sig_verif_types->set_num_args(sig_i);
696
697 // Store verification type(s) for the return type, if there is one.
698 if (sig_stream.type() != T_VOID) {
699 int n = change_sig_to_verificationType(&sig_stream, sig_type);
700 assert(n <= 2, "Unexpected signature return type");
701 for (int y = 0; y < n; y++) {
702 verif_types->push(sig_type[y]);
703 }
704 }
705 }
706
707 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
708 int sig_index) {
709 // Translate the signature into verification types.
710 ConstantPool* cp = _klass->constants();
711 Symbol* const method_sig = cp->symbol_at(sig_index);
712 translate_signature(method_sig, sig_verif_types);
713
714 // Add the list of this signature's verification types to the table.
715 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
716 assert(is_unique, "Duplicate entries in method_signature_table");
717 }
718
719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
720 HandleMark hm(THREAD);
721 _method = m; // initialize _method
722 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
723
724 // For clang, the only good constant format string is a literal constant format string.
725 #define bad_type_msg "Bad type on operand stack in %s"
726
727 u2 max_stack = m->verifier_max_stack();
728 u2 max_locals = m->max_locals();
729 constantPoolHandle cp(THREAD, m->constants());
730
731 // Method signature was checked in ClassFileParser.
732 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
733 "Invalid method signature");
734
735 // Collect the initial strict instance fields
736 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
737 if (m->is_object_constructor()) {
738 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
739 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
740 NameAndSig new_field(fs.name(), fs.signature());
741 if (IgnoreAssertUnsetFields) {
742 strict_fields->put(new_field, true);
743 } else {
744 strict_fields->put(new_field, false);
745 }
746 }
747 }
748 }
749
750 // Initial stack map frame: offset is 0, stack is initially empty.
751 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
752 // Set initial locals
753 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
754
755 u2 stackmap_index = 0; // index to the stackmap array
756
757 u4 code_length = m->code_size();
758
759 // Scan the bytecode and map each instruction's start offset to a number.
760 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
761
762 int ex_min = code_length;
763 int ex_max = -1;
764 // Look through each item on the exception table. Each of the fields must refer
765 // to a legal instruction.
766 if (was_recursively_verified()) return;
767 verify_exception_handler_table(
768 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
769
770 // Look through each entry on the local variable table and make sure
771 // its range of code array offsets is valid. (4169817)
772 if (m->has_localvariable_table()) {
773 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
774 }
775
776 Array<u1>* stackmap_data = m->stackmap_data();
777 StackMapStream stream(stackmap_data);
778 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
779 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
780
781 LogTarget(Debug, verification) lt;
782 if (lt.is_enabled()) {
783 LogStream ls(lt);
784 stackmap_table.print_on(&ls);
785 }
786
787 RawBytecodeStream bcs(m);
788
789 // Scan the byte code linearly from the start to the end
790 bool no_control_flow = false; // Set to true when there is no direct control
791 // flow from current instruction to the next
792 // instruction in sequence
793
794 Bytecodes::Code opcode;
795 while (!bcs.is_last_bytecode()) {
796 // Check for recursive re-verification before each bytecode.
797 if (was_recursively_verified()) return;
798
799 opcode = bcs.raw_next();
800 int bci = bcs.bci();
801
802 // Set current frame's offset to bci
803 current_frame.set_offset(bci);
804 current_frame.set_mark();
805
806 // Make sure every offset in stackmap table point to the beginning to
807 // an instruction. Match current_frame to stackmap_table entry with
808 // the same offset if exists.
809 stackmap_index = verify_stackmap_table(
810 stackmap_index, bci, ¤t_frame, &stackmap_table,
811 no_control_flow, CHECK_VERIFY(this));
812
813
814 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
815 bool verified_exc_handlers = false;
816
817 // Merge with the next instruction
818 {
819 int target;
820 VerificationType type, type2;
821 VerificationType atype;
822
823 LogTarget(Debug, verification) lt;
824 if (lt.is_enabled()) {
825 LogStream ls(lt);
826 current_frame.print_on(&ls);
827 lt.print("offset = %d, opcode = %s", bci,
828 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
829 }
830
831 // Make sure wide instruction is in correct format
832 if (bcs.is_wide()) {
833 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
834 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
835 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
836 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
837 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
838 opcode != Bytecodes::_dstore) {
839 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
840 * if we encounter a wide instruction that modifies an invalid
841 * opcode (not one of the ones listed above) */
842 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
843 return;
844 }
845 }
846
847 // Look for possible jump target in exception handlers and see if it
848 // matches current_frame. Do this check here for astore*, dstore*,
849 // fstore*, istore*, and lstore* opcodes because they can change the type
850 // state by adding a local. JVM Spec says that the incoming type state
851 // should be used for this check. So, do the check here before a possible
852 // local is added to the type state.
853 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
854 if (was_recursively_verified()) return;
855 verify_exception_handler_targets(
856 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
857 verified_exc_handlers = true;
858 }
859
860 if (was_recursively_verified()) return;
861
862 switch (opcode) {
863 case Bytecodes::_nop :
864 no_control_flow = false; break;
865 case Bytecodes::_aconst_null :
866 current_frame.push_stack(
867 VerificationType::null_type(), CHECK_VERIFY(this));
868 no_control_flow = false; break;
869 case Bytecodes::_iconst_m1 :
870 case Bytecodes::_iconst_0 :
871 case Bytecodes::_iconst_1 :
872 case Bytecodes::_iconst_2 :
873 case Bytecodes::_iconst_3 :
874 case Bytecodes::_iconst_4 :
875 case Bytecodes::_iconst_5 :
876 current_frame.push_stack(
877 VerificationType::integer_type(), CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_lconst_0 :
880 case Bytecodes::_lconst_1 :
881 current_frame.push_stack_2(
882 VerificationType::long_type(),
883 VerificationType::long2_type(), CHECK_VERIFY(this));
884 no_control_flow = false; break;
885 case Bytecodes::_fconst_0 :
886 case Bytecodes::_fconst_1 :
887 case Bytecodes::_fconst_2 :
888 current_frame.push_stack(
889 VerificationType::float_type(), CHECK_VERIFY(this));
890 no_control_flow = false; break;
891 case Bytecodes::_dconst_0 :
892 case Bytecodes::_dconst_1 :
893 current_frame.push_stack_2(
894 VerificationType::double_type(),
895 VerificationType::double2_type(), CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_sipush :
898 case Bytecodes::_bipush :
899 current_frame.push_stack(
900 VerificationType::integer_type(), CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_ldc :
903 verify_ldc(
904 opcode, bcs.get_index_u1(), ¤t_frame,
905 cp, bci, CHECK_VERIFY(this));
906 no_control_flow = false; break;
907 case Bytecodes::_ldc_w :
908 case Bytecodes::_ldc2_w :
909 verify_ldc(
910 opcode, bcs.get_index_u2(), ¤t_frame,
911 cp, bci, CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_iload :
914 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
915 no_control_flow = false; break;
916 case Bytecodes::_iload_0 :
917 case Bytecodes::_iload_1 :
918 case Bytecodes::_iload_2 :
919 case Bytecodes::_iload_3 : {
920 int index = opcode - Bytecodes::_iload_0;
921 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
922 no_control_flow = false; break;
923 }
924 case Bytecodes::_lload :
925 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
926 no_control_flow = false; break;
927 case Bytecodes::_lload_0 :
928 case Bytecodes::_lload_1 :
929 case Bytecodes::_lload_2 :
930 case Bytecodes::_lload_3 : {
931 int index = opcode - Bytecodes::_lload_0;
932 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
933 no_control_flow = false; break;
934 }
935 case Bytecodes::_fload :
936 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
937 no_control_flow = false; break;
938 case Bytecodes::_fload_0 :
939 case Bytecodes::_fload_1 :
940 case Bytecodes::_fload_2 :
941 case Bytecodes::_fload_3 : {
942 int index = opcode - Bytecodes::_fload_0;
943 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
944 no_control_flow = false; break;
945 }
946 case Bytecodes::_dload :
947 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
948 no_control_flow = false; break;
949 case Bytecodes::_dload_0 :
950 case Bytecodes::_dload_1 :
951 case Bytecodes::_dload_2 :
952 case Bytecodes::_dload_3 : {
953 int index = opcode - Bytecodes::_dload_0;
954 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
955 no_control_flow = false; break;
956 }
957 case Bytecodes::_aload :
958 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
959 no_control_flow = false; break;
960 case Bytecodes::_aload_0 :
961 case Bytecodes::_aload_1 :
962 case Bytecodes::_aload_2 :
963 case Bytecodes::_aload_3 : {
964 int index = opcode - Bytecodes::_aload_0;
965 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
966 no_control_flow = false; break;
967 }
968 case Bytecodes::_iaload :
969 type = current_frame.pop_stack(
970 VerificationType::integer_type(), CHECK_VERIFY(this));
971 atype = current_frame.pop_stack(
972 VerificationType::reference_check(), CHECK_VERIFY(this));
973 if (!atype.is_int_array()) {
974 verify_error(ErrorContext::bad_type(bci,
975 current_frame.stack_top_ctx(), ref_ctx("[I")),
976 bad_type_msg, "iaload");
977 return;
978 }
979 current_frame.push_stack(
980 VerificationType::integer_type(), CHECK_VERIFY(this));
981 no_control_flow = false; break;
982 case Bytecodes::_baload :
983 type = current_frame.pop_stack(
984 VerificationType::integer_type(), CHECK_VERIFY(this));
985 atype = current_frame.pop_stack(
986 VerificationType::reference_check(), CHECK_VERIFY(this));
987 if (!atype.is_bool_array() && !atype.is_byte_array()) {
988 verify_error(
989 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
990 bad_type_msg, "baload");
991 return;
992 }
993 current_frame.push_stack(
994 VerificationType::integer_type(), CHECK_VERIFY(this));
995 no_control_flow = false; break;
996 case Bytecodes::_caload :
997 type = current_frame.pop_stack(
998 VerificationType::integer_type(), CHECK_VERIFY(this));
999 atype = current_frame.pop_stack(
1000 VerificationType::reference_check(), CHECK_VERIFY(this));
1001 if (!atype.is_char_array()) {
1002 verify_error(ErrorContext::bad_type(bci,
1003 current_frame.stack_top_ctx(), ref_ctx("[C")),
1004 bad_type_msg, "caload");
1005 return;
1006 }
1007 current_frame.push_stack(
1008 VerificationType::integer_type(), CHECK_VERIFY(this));
1009 no_control_flow = false; break;
1010 case Bytecodes::_saload :
1011 type = current_frame.pop_stack(
1012 VerificationType::integer_type(), CHECK_VERIFY(this));
1013 atype = current_frame.pop_stack(
1014 VerificationType::reference_check(), CHECK_VERIFY(this));
1015 if (!atype.is_short_array()) {
1016 verify_error(ErrorContext::bad_type(bci,
1017 current_frame.stack_top_ctx(), ref_ctx("[S")),
1018 bad_type_msg, "saload");
1019 return;
1020 }
1021 current_frame.push_stack(
1022 VerificationType::integer_type(), CHECK_VERIFY(this));
1023 no_control_flow = false; break;
1024 case Bytecodes::_laload :
1025 type = current_frame.pop_stack(
1026 VerificationType::integer_type(), CHECK_VERIFY(this));
1027 atype = current_frame.pop_stack(
1028 VerificationType::reference_check(), CHECK_VERIFY(this));
1029 if (!atype.is_long_array()) {
1030 verify_error(ErrorContext::bad_type(bci,
1031 current_frame.stack_top_ctx(), ref_ctx("[J")),
1032 bad_type_msg, "laload");
1033 return;
1034 }
1035 current_frame.push_stack_2(
1036 VerificationType::long_type(),
1037 VerificationType::long2_type(), CHECK_VERIFY(this));
1038 no_control_flow = false; break;
1039 case Bytecodes::_faload :
1040 type = current_frame.pop_stack(
1041 VerificationType::integer_type(), CHECK_VERIFY(this));
1042 atype = current_frame.pop_stack(
1043 VerificationType::reference_check(), CHECK_VERIFY(this));
1044 if (!atype.is_float_array()) {
1045 verify_error(ErrorContext::bad_type(bci,
1046 current_frame.stack_top_ctx(), ref_ctx("[F")),
1047 bad_type_msg, "faload");
1048 return;
1049 }
1050 current_frame.push_stack(
1051 VerificationType::float_type(), CHECK_VERIFY(this));
1052 no_control_flow = false; break;
1053 case Bytecodes::_daload :
1054 type = current_frame.pop_stack(
1055 VerificationType::integer_type(), CHECK_VERIFY(this));
1056 atype = current_frame.pop_stack(
1057 VerificationType::reference_check(), CHECK_VERIFY(this));
1058 if (!atype.is_double_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(), ref_ctx("[D")),
1061 bad_type_msg, "daload");
1062 return;
1063 }
1064 current_frame.push_stack_2(
1065 VerificationType::double_type(),
1066 VerificationType::double2_type(), CHECK_VERIFY(this));
1067 no_control_flow = false; break;
1068 case Bytecodes::_aaload : {
1069 type = current_frame.pop_stack(
1070 VerificationType::integer_type(), CHECK_VERIFY(this));
1071 atype = current_frame.pop_stack(
1072 VerificationType::reference_check(), CHECK_VERIFY(this));
1073 if (!atype.is_reference_array()) {
1074 verify_error(ErrorContext::bad_type(bci,
1075 current_frame.stack_top_ctx(),
1076 TypeOrigin::implicit(VerificationType::reference_check())),
1077 bad_type_msg, "aaload");
1078 return;
1079 }
1080 if (atype.is_null()) {
1081 current_frame.push_stack(
1082 VerificationType::null_type(), CHECK_VERIFY(this));
1083 } else {
1084 VerificationType component = atype.get_component(this);
1085 current_frame.push_stack(component, CHECK_VERIFY(this));
1086 }
1087 no_control_flow = false; break;
1088 }
1089 case Bytecodes::_istore :
1090 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1091 no_control_flow = false; break;
1092 case Bytecodes::_istore_0 :
1093 case Bytecodes::_istore_1 :
1094 case Bytecodes::_istore_2 :
1095 case Bytecodes::_istore_3 : {
1096 int index = opcode - Bytecodes::_istore_0;
1097 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1098 no_control_flow = false; break;
1099 }
1100 case Bytecodes::_lstore :
1101 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 case Bytecodes::_lstore_0 :
1104 case Bytecodes::_lstore_1 :
1105 case Bytecodes::_lstore_2 :
1106 case Bytecodes::_lstore_3 : {
1107 int index = opcode - Bytecodes::_lstore_0;
1108 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1109 no_control_flow = false; break;
1110 }
1111 case Bytecodes::_fstore :
1112 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1113 no_control_flow = false; break;
1114 case Bytecodes::_fstore_0 :
1115 case Bytecodes::_fstore_1 :
1116 case Bytecodes::_fstore_2 :
1117 case Bytecodes::_fstore_3 : {
1118 int index = opcode - Bytecodes::_fstore_0;
1119 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1120 no_control_flow = false; break;
1121 }
1122 case Bytecodes::_dstore :
1123 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1124 no_control_flow = false; break;
1125 case Bytecodes::_dstore_0 :
1126 case Bytecodes::_dstore_1 :
1127 case Bytecodes::_dstore_2 :
1128 case Bytecodes::_dstore_3 : {
1129 int index = opcode - Bytecodes::_dstore_0;
1130 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1131 no_control_flow = false; break;
1132 }
1133 case Bytecodes::_astore :
1134 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1135 no_control_flow = false; break;
1136 case Bytecodes::_astore_0 :
1137 case Bytecodes::_astore_1 :
1138 case Bytecodes::_astore_2 :
1139 case Bytecodes::_astore_3 : {
1140 int index = opcode - Bytecodes::_astore_0;
1141 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1142 no_control_flow = false; break;
1143 }
1144 case Bytecodes::_iastore :
1145 type = current_frame.pop_stack(
1146 VerificationType::integer_type(), CHECK_VERIFY(this));
1147 type2 = current_frame.pop_stack(
1148 VerificationType::integer_type(), CHECK_VERIFY(this));
1149 atype = current_frame.pop_stack(
1150 VerificationType::reference_check(), CHECK_VERIFY(this));
1151 if (!atype.is_int_array()) {
1152 verify_error(ErrorContext::bad_type(bci,
1153 current_frame.stack_top_ctx(), ref_ctx("[I")),
1154 bad_type_msg, "iastore");
1155 return;
1156 }
1157 no_control_flow = false; break;
1158 case Bytecodes::_bastore :
1159 type = current_frame.pop_stack(
1160 VerificationType::integer_type(), CHECK_VERIFY(this));
1161 type2 = current_frame.pop_stack(
1162 VerificationType::integer_type(), CHECK_VERIFY(this));
1163 atype = current_frame.pop_stack(
1164 VerificationType::reference_check(), CHECK_VERIFY(this));
1165 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1166 verify_error(
1167 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1168 bad_type_msg, "bastore");
1169 return;
1170 }
1171 no_control_flow = false; break;
1172 case Bytecodes::_castore :
1173 current_frame.pop_stack(
1174 VerificationType::integer_type(), CHECK_VERIFY(this));
1175 current_frame.pop_stack(
1176 VerificationType::integer_type(), CHECK_VERIFY(this));
1177 atype = current_frame.pop_stack(
1178 VerificationType::reference_check(), CHECK_VERIFY(this));
1179 if (!atype.is_char_array()) {
1180 verify_error(ErrorContext::bad_type(bci,
1181 current_frame.stack_top_ctx(), ref_ctx("[C")),
1182 bad_type_msg, "castore");
1183 return;
1184 }
1185 no_control_flow = false; break;
1186 case Bytecodes::_sastore :
1187 current_frame.pop_stack(
1188 VerificationType::integer_type(), CHECK_VERIFY(this));
1189 current_frame.pop_stack(
1190 VerificationType::integer_type(), CHECK_VERIFY(this));
1191 atype = current_frame.pop_stack(
1192 VerificationType::reference_check(), CHECK_VERIFY(this));
1193 if (!atype.is_short_array()) {
1194 verify_error(ErrorContext::bad_type(bci,
1195 current_frame.stack_top_ctx(), ref_ctx("[S")),
1196 bad_type_msg, "sastore");
1197 return;
1198 }
1199 no_control_flow = false; break;
1200 case Bytecodes::_lastore :
1201 current_frame.pop_stack_2(
1202 VerificationType::long2_type(),
1203 VerificationType::long_type(), CHECK_VERIFY(this));
1204 current_frame.pop_stack(
1205 VerificationType::integer_type(), CHECK_VERIFY(this));
1206 atype = current_frame.pop_stack(
1207 VerificationType::reference_check(), CHECK_VERIFY(this));
1208 if (!atype.is_long_array()) {
1209 verify_error(ErrorContext::bad_type(bci,
1210 current_frame.stack_top_ctx(), ref_ctx("[J")),
1211 bad_type_msg, "lastore");
1212 return;
1213 }
1214 no_control_flow = false; break;
1215 case Bytecodes::_fastore :
1216 current_frame.pop_stack(
1217 VerificationType::float_type(), CHECK_VERIFY(this));
1218 current_frame.pop_stack
1219 (VerificationType::integer_type(), CHECK_VERIFY(this));
1220 atype = current_frame.pop_stack(
1221 VerificationType::reference_check(), CHECK_VERIFY(this));
1222 if (!atype.is_float_array()) {
1223 verify_error(ErrorContext::bad_type(bci,
1224 current_frame.stack_top_ctx(), ref_ctx("[F")),
1225 bad_type_msg, "fastore");
1226 return;
1227 }
1228 no_control_flow = false; break;
1229 case Bytecodes::_dastore :
1230 current_frame.pop_stack_2(
1231 VerificationType::double2_type(),
1232 VerificationType::double_type(), CHECK_VERIFY(this));
1233 current_frame.pop_stack(
1234 VerificationType::integer_type(), CHECK_VERIFY(this));
1235 atype = current_frame.pop_stack(
1236 VerificationType::reference_check(), CHECK_VERIFY(this));
1237 if (!atype.is_double_array()) {
1238 verify_error(ErrorContext::bad_type(bci,
1239 current_frame.stack_top_ctx(), ref_ctx("[D")),
1240 bad_type_msg, "dastore");
1241 return;
1242 }
1243 no_control_flow = false; break;
1244 case Bytecodes::_aastore :
1245 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1246 type2 = current_frame.pop_stack(
1247 VerificationType::integer_type(), CHECK_VERIFY(this));
1248 atype = current_frame.pop_stack(
1249 VerificationType::reference_check(), CHECK_VERIFY(this));
1250 // more type-checking is done at runtime
1251 if (!atype.is_reference_array()) {
1252 verify_error(ErrorContext::bad_type(bci,
1253 current_frame.stack_top_ctx(),
1254 TypeOrigin::implicit(VerificationType::reference_check())),
1255 bad_type_msg, "aastore");
1256 return;
1257 }
1258 // 4938384: relaxed constraint in JVMS 3rd edition.
1259 no_control_flow = false; break;
1260 case Bytecodes::_pop :
1261 current_frame.pop_stack(
1262 VerificationType::category1_check(), CHECK_VERIFY(this));
1263 no_control_flow = false; break;
1264 case Bytecodes::_pop2 :
1265 type = current_frame.pop_stack(CHECK_VERIFY(this));
1266 if (type.is_category1()) {
1267 current_frame.pop_stack(
1268 VerificationType::category1_check(), CHECK_VERIFY(this));
1269 } else if (type.is_category2_2nd()) {
1270 current_frame.pop_stack(
1271 VerificationType::category2_check(), CHECK_VERIFY(this));
1272 } else {
1273 /* Unreachable? Would need a category2_1st on TOS
1274 * which does not appear possible. */
1275 verify_error(
1276 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1277 bad_type_msg, "pop2");
1278 return;
1279 }
1280 no_control_flow = false; break;
1281 case Bytecodes::_dup :
1282 type = current_frame.pop_stack(
1283 VerificationType::category1_check(), CHECK_VERIFY(this));
1284 current_frame.push_stack(type, CHECK_VERIFY(this));
1285 current_frame.push_stack(type, CHECK_VERIFY(this));
1286 no_control_flow = false; break;
1287 case Bytecodes::_dup_x1 :
1288 type = current_frame.pop_stack(
1289 VerificationType::category1_check(), CHECK_VERIFY(this));
1290 type2 = current_frame.pop_stack(
1291 VerificationType::category1_check(), CHECK_VERIFY(this));
1292 current_frame.push_stack(type, CHECK_VERIFY(this));
1293 current_frame.push_stack(type2, CHECK_VERIFY(this));
1294 current_frame.push_stack(type, CHECK_VERIFY(this));
1295 no_control_flow = false; break;
1296 case Bytecodes::_dup_x2 :
1297 {
1298 VerificationType type3;
1299 type = current_frame.pop_stack(
1300 VerificationType::category1_check(), CHECK_VERIFY(this));
1301 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1302 if (type2.is_category1()) {
1303 type3 = current_frame.pop_stack(
1304 VerificationType::category1_check(), CHECK_VERIFY(this));
1305 } else if (type2.is_category2_2nd()) {
1306 type3 = current_frame.pop_stack(
1307 VerificationType::category2_check(), CHECK_VERIFY(this));
1308 } else {
1309 /* Unreachable? Would need a category2_1st at stack depth 2 with
1310 * a category1 on TOS which does not appear possible. */
1311 verify_error(ErrorContext::bad_type(
1312 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1313 return;
1314 }
1315 current_frame.push_stack(type, CHECK_VERIFY(this));
1316 current_frame.push_stack(type3, CHECK_VERIFY(this));
1317 current_frame.push_stack(type2, CHECK_VERIFY(this));
1318 current_frame.push_stack(type, CHECK_VERIFY(this));
1319 no_control_flow = false; break;
1320 }
1321 case Bytecodes::_dup2 :
1322 type = current_frame.pop_stack(CHECK_VERIFY(this));
1323 if (type.is_category1()) {
1324 type2 = current_frame.pop_stack(
1325 VerificationType::category1_check(), CHECK_VERIFY(this));
1326 } else if (type.is_category2_2nd()) {
1327 type2 = current_frame.pop_stack(
1328 VerificationType::category2_check(), CHECK_VERIFY(this));
1329 } else {
1330 /* Unreachable? Would need a category2_1st on TOS which does not
1331 * appear possible. */
1332 verify_error(
1333 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1334 bad_type_msg, "dup2");
1335 return;
1336 }
1337 current_frame.push_stack(type2, CHECK_VERIFY(this));
1338 current_frame.push_stack(type, CHECK_VERIFY(this));
1339 current_frame.push_stack(type2, CHECK_VERIFY(this));
1340 current_frame.push_stack(type, CHECK_VERIFY(this));
1341 no_control_flow = false; break;
1342 case Bytecodes::_dup2_x1 :
1343 {
1344 VerificationType type3;
1345 type = current_frame.pop_stack(CHECK_VERIFY(this));
1346 if (type.is_category1()) {
1347 type2 = current_frame.pop_stack(
1348 VerificationType::category1_check(), CHECK_VERIFY(this));
1349 } else if (type.is_category2_2nd()) {
1350 type2 = current_frame.pop_stack(
1351 VerificationType::category2_check(), CHECK_VERIFY(this));
1352 } else {
1353 /* Unreachable? Would need a category2_1st on TOS which does
1354 * not appear possible. */
1355 verify_error(
1356 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1357 bad_type_msg, "dup2_x1");
1358 return;
1359 }
1360 type3 = current_frame.pop_stack(
1361 VerificationType::category1_check(), CHECK_VERIFY(this));
1362 current_frame.push_stack(type2, CHECK_VERIFY(this));
1363 current_frame.push_stack(type, CHECK_VERIFY(this));
1364 current_frame.push_stack(type3, CHECK_VERIFY(this));
1365 current_frame.push_stack(type2, CHECK_VERIFY(this));
1366 current_frame.push_stack(type, CHECK_VERIFY(this));
1367 no_control_flow = false; break;
1368 }
1369 case Bytecodes::_dup2_x2 :
1370 {
1371 VerificationType type3, type4;
1372 type = current_frame.pop_stack(CHECK_VERIFY(this));
1373 if (type.is_category1()) {
1374 type2 = current_frame.pop_stack(
1375 VerificationType::category1_check(), CHECK_VERIFY(this));
1376 } else if (type.is_category2_2nd()) {
1377 type2 = current_frame.pop_stack(
1378 VerificationType::category2_check(), CHECK_VERIFY(this));
1379 } else {
1380 /* Unreachable? Would need a category2_1st on TOS which does
1381 * not appear possible. */
1382 verify_error(
1383 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1384 bad_type_msg, "dup2_x2");
1385 return;
1386 }
1387 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1388 if (type3.is_category1()) {
1389 type4 = current_frame.pop_stack(
1390 VerificationType::category1_check(), CHECK_VERIFY(this));
1391 } else if (type3.is_category2_2nd()) {
1392 type4 = current_frame.pop_stack(
1393 VerificationType::category2_check(), CHECK_VERIFY(this));
1394 } else {
1395 /* Unreachable? Would need a category2_1st on TOS after popping
1396 * a long/double or two category 1's, which does not
1397 * appear possible. */
1398 verify_error(
1399 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1400 bad_type_msg, "dup2_x2");
1401 return;
1402 }
1403 current_frame.push_stack(type2, CHECK_VERIFY(this));
1404 current_frame.push_stack(type, CHECK_VERIFY(this));
1405 current_frame.push_stack(type4, CHECK_VERIFY(this));
1406 current_frame.push_stack(type3, CHECK_VERIFY(this));
1407 current_frame.push_stack(type2, CHECK_VERIFY(this));
1408 current_frame.push_stack(type, CHECK_VERIFY(this));
1409 no_control_flow = false; break;
1410 }
1411 case Bytecodes::_swap :
1412 type = current_frame.pop_stack(
1413 VerificationType::category1_check(), CHECK_VERIFY(this));
1414 type2 = current_frame.pop_stack(
1415 VerificationType::category1_check(), CHECK_VERIFY(this));
1416 current_frame.push_stack(type, CHECK_VERIFY(this));
1417 current_frame.push_stack(type2, CHECK_VERIFY(this));
1418 no_control_flow = false; break;
1419 case Bytecodes::_iadd :
1420 case Bytecodes::_isub :
1421 case Bytecodes::_imul :
1422 case Bytecodes::_idiv :
1423 case Bytecodes::_irem :
1424 case Bytecodes::_ishl :
1425 case Bytecodes::_ishr :
1426 case Bytecodes::_iushr :
1427 case Bytecodes::_ior :
1428 case Bytecodes::_ixor :
1429 case Bytecodes::_iand :
1430 current_frame.pop_stack(
1431 VerificationType::integer_type(), CHECK_VERIFY(this));
1432 // fall through
1433 case Bytecodes::_ineg :
1434 current_frame.pop_stack(
1435 VerificationType::integer_type(), CHECK_VERIFY(this));
1436 current_frame.push_stack(
1437 VerificationType::integer_type(), CHECK_VERIFY(this));
1438 no_control_flow = false; break;
1439 case Bytecodes::_ladd :
1440 case Bytecodes::_lsub :
1441 case Bytecodes::_lmul :
1442 case Bytecodes::_ldiv :
1443 case Bytecodes::_lrem :
1444 case Bytecodes::_land :
1445 case Bytecodes::_lor :
1446 case Bytecodes::_lxor :
1447 current_frame.pop_stack_2(
1448 VerificationType::long2_type(),
1449 VerificationType::long_type(), CHECK_VERIFY(this));
1450 // fall through
1451 case Bytecodes::_lneg :
1452 current_frame.pop_stack_2(
1453 VerificationType::long2_type(),
1454 VerificationType::long_type(), CHECK_VERIFY(this));
1455 current_frame.push_stack_2(
1456 VerificationType::long_type(),
1457 VerificationType::long2_type(), CHECK_VERIFY(this));
1458 no_control_flow = false; break;
1459 case Bytecodes::_lshl :
1460 case Bytecodes::_lshr :
1461 case Bytecodes::_lushr :
1462 current_frame.pop_stack(
1463 VerificationType::integer_type(), CHECK_VERIFY(this));
1464 current_frame.pop_stack_2(
1465 VerificationType::long2_type(),
1466 VerificationType::long_type(), CHECK_VERIFY(this));
1467 current_frame.push_stack_2(
1468 VerificationType::long_type(),
1469 VerificationType::long2_type(), CHECK_VERIFY(this));
1470 no_control_flow = false; break;
1471 case Bytecodes::_fadd :
1472 case Bytecodes::_fsub :
1473 case Bytecodes::_fmul :
1474 case Bytecodes::_fdiv :
1475 case Bytecodes::_frem :
1476 current_frame.pop_stack(
1477 VerificationType::float_type(), CHECK_VERIFY(this));
1478 // fall through
1479 case Bytecodes::_fneg :
1480 current_frame.pop_stack(
1481 VerificationType::float_type(), CHECK_VERIFY(this));
1482 current_frame.push_stack(
1483 VerificationType::float_type(), CHECK_VERIFY(this));
1484 no_control_flow = false; break;
1485 case Bytecodes::_dadd :
1486 case Bytecodes::_dsub :
1487 case Bytecodes::_dmul :
1488 case Bytecodes::_ddiv :
1489 case Bytecodes::_drem :
1490 current_frame.pop_stack_2(
1491 VerificationType::double2_type(),
1492 VerificationType::double_type(), CHECK_VERIFY(this));
1493 // fall through
1494 case Bytecodes::_dneg :
1495 current_frame.pop_stack_2(
1496 VerificationType::double2_type(),
1497 VerificationType::double_type(), CHECK_VERIFY(this));
1498 current_frame.push_stack_2(
1499 VerificationType::double_type(),
1500 VerificationType::double2_type(), CHECK_VERIFY(this));
1501 no_control_flow = false; break;
1502 case Bytecodes::_iinc :
1503 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_i2l :
1506 type = current_frame.pop_stack(
1507 VerificationType::integer_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack_2(
1509 VerificationType::long_type(),
1510 VerificationType::long2_type(), CHECK_VERIFY(this));
1511 no_control_flow = false; break;
1512 case Bytecodes::_l2i :
1513 current_frame.pop_stack_2(
1514 VerificationType::long2_type(),
1515 VerificationType::long_type(), CHECK_VERIFY(this));
1516 current_frame.push_stack(
1517 VerificationType::integer_type(), CHECK_VERIFY(this));
1518 no_control_flow = false; break;
1519 case Bytecodes::_i2f :
1520 current_frame.pop_stack(
1521 VerificationType::integer_type(), CHECK_VERIFY(this));
1522 current_frame.push_stack(
1523 VerificationType::float_type(), CHECK_VERIFY(this));
1524 no_control_flow = false; break;
1525 case Bytecodes::_i2d :
1526 current_frame.pop_stack(
1527 VerificationType::integer_type(), CHECK_VERIFY(this));
1528 current_frame.push_stack_2(
1529 VerificationType::double_type(),
1530 VerificationType::double2_type(), CHECK_VERIFY(this));
1531 no_control_flow = false; break;
1532 case Bytecodes::_l2f :
1533 current_frame.pop_stack_2(
1534 VerificationType::long2_type(),
1535 VerificationType::long_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack(
1537 VerificationType::float_type(), CHECK_VERIFY(this));
1538 no_control_flow = false; break;
1539 case Bytecodes::_l2d :
1540 current_frame.pop_stack_2(
1541 VerificationType::long2_type(),
1542 VerificationType::long_type(), CHECK_VERIFY(this));
1543 current_frame.push_stack_2(
1544 VerificationType::double_type(),
1545 VerificationType::double2_type(), CHECK_VERIFY(this));
1546 no_control_flow = false; break;
1547 case Bytecodes::_f2i :
1548 current_frame.pop_stack(
1549 VerificationType::float_type(), CHECK_VERIFY(this));
1550 current_frame.push_stack(
1551 VerificationType::integer_type(), CHECK_VERIFY(this));
1552 no_control_flow = false; break;
1553 case Bytecodes::_f2l :
1554 current_frame.pop_stack(
1555 VerificationType::float_type(), CHECK_VERIFY(this));
1556 current_frame.push_stack_2(
1557 VerificationType::long_type(),
1558 VerificationType::long2_type(), CHECK_VERIFY(this));
1559 no_control_flow = false; break;
1560 case Bytecodes::_f2d :
1561 current_frame.pop_stack(
1562 VerificationType::float_type(), CHECK_VERIFY(this));
1563 current_frame.push_stack_2(
1564 VerificationType::double_type(),
1565 VerificationType::double2_type(), CHECK_VERIFY(this));
1566 no_control_flow = false; break;
1567 case Bytecodes::_d2i :
1568 current_frame.pop_stack_2(
1569 VerificationType::double2_type(),
1570 VerificationType::double_type(), CHECK_VERIFY(this));
1571 current_frame.push_stack(
1572 VerificationType::integer_type(), CHECK_VERIFY(this));
1573 no_control_flow = false; break;
1574 case Bytecodes::_d2l :
1575 current_frame.pop_stack_2(
1576 VerificationType::double2_type(),
1577 VerificationType::double_type(), CHECK_VERIFY(this));
1578 current_frame.push_stack_2(
1579 VerificationType::long_type(),
1580 VerificationType::long2_type(), CHECK_VERIFY(this));
1581 no_control_flow = false; break;
1582 case Bytecodes::_d2f :
1583 current_frame.pop_stack_2(
1584 VerificationType::double2_type(),
1585 VerificationType::double_type(), CHECK_VERIFY(this));
1586 current_frame.push_stack(
1587 VerificationType::float_type(), CHECK_VERIFY(this));
1588 no_control_flow = false; break;
1589 case Bytecodes::_i2b :
1590 case Bytecodes::_i2c :
1591 case Bytecodes::_i2s :
1592 current_frame.pop_stack(
1593 VerificationType::integer_type(), CHECK_VERIFY(this));
1594 current_frame.push_stack(
1595 VerificationType::integer_type(), CHECK_VERIFY(this));
1596 no_control_flow = false; break;
1597 case Bytecodes::_lcmp :
1598 current_frame.pop_stack_2(
1599 VerificationType::long2_type(),
1600 VerificationType::long_type(), CHECK_VERIFY(this));
1601 current_frame.pop_stack_2(
1602 VerificationType::long2_type(),
1603 VerificationType::long_type(), CHECK_VERIFY(this));
1604 current_frame.push_stack(
1605 VerificationType::integer_type(), CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 case Bytecodes::_fcmpl :
1608 case Bytecodes::_fcmpg :
1609 current_frame.pop_stack(
1610 VerificationType::float_type(), CHECK_VERIFY(this));
1611 current_frame.pop_stack(
1612 VerificationType::float_type(), CHECK_VERIFY(this));
1613 current_frame.push_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 no_control_flow = false; break;
1616 case Bytecodes::_dcmpl :
1617 case Bytecodes::_dcmpg :
1618 current_frame.pop_stack_2(
1619 VerificationType::double2_type(),
1620 VerificationType::double_type(), CHECK_VERIFY(this));
1621 current_frame.pop_stack_2(
1622 VerificationType::double2_type(),
1623 VerificationType::double_type(), CHECK_VERIFY(this));
1624 current_frame.push_stack(
1625 VerificationType::integer_type(), CHECK_VERIFY(this));
1626 no_control_flow = false; break;
1627 case Bytecodes::_if_icmpeq:
1628 case Bytecodes::_if_icmpne:
1629 case Bytecodes::_if_icmplt:
1630 case Bytecodes::_if_icmpge:
1631 case Bytecodes::_if_icmpgt:
1632 case Bytecodes::_if_icmple:
1633 current_frame.pop_stack(
1634 VerificationType::integer_type(), CHECK_VERIFY(this));
1635 // fall through
1636 case Bytecodes::_ifeq:
1637 case Bytecodes::_ifne:
1638 case Bytecodes::_iflt:
1639 case Bytecodes::_ifge:
1640 case Bytecodes::_ifgt:
1641 case Bytecodes::_ifle:
1642 current_frame.pop_stack(
1643 VerificationType::integer_type(), CHECK_VERIFY(this));
1644 target = bcs.dest();
1645 stackmap_table.check_jump_target(
1646 ¤t_frame, target, CHECK_VERIFY(this));
1647 no_control_flow = false; break;
1648 case Bytecodes::_if_acmpeq :
1649 case Bytecodes::_if_acmpne :
1650 current_frame.pop_stack(
1651 VerificationType::reference_check(), CHECK_VERIFY(this));
1652 // fall through
1653 case Bytecodes::_ifnull :
1654 case Bytecodes::_ifnonnull :
1655 current_frame.pop_stack(
1656 VerificationType::reference_check(), CHECK_VERIFY(this));
1657 target = bcs.dest();
1658 stackmap_table.check_jump_target
1659 (¤t_frame, target, CHECK_VERIFY(this));
1660 no_control_flow = false; break;
1661 case Bytecodes::_goto :
1662 target = bcs.dest();
1663 stackmap_table.check_jump_target(
1664 ¤t_frame, target, CHECK_VERIFY(this));
1665 no_control_flow = true; break;
1666 case Bytecodes::_goto_w :
1667 target = bcs.dest_w();
1668 stackmap_table.check_jump_target(
1669 ¤t_frame, target, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_tableswitch :
1672 case Bytecodes::_lookupswitch :
1673 verify_switch(
1674 &bcs, code_length, code_data, ¤t_frame,
1675 &stackmap_table, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_ireturn :
1678 type = current_frame.pop_stack(
1679 VerificationType::integer_type(), CHECK_VERIFY(this));
1680 verify_return_value(return_type, type, bci,
1681 ¤t_frame, CHECK_VERIFY(this));
1682 no_control_flow = true; break;
1683 case Bytecodes::_lreturn :
1684 type2 = current_frame.pop_stack(
1685 VerificationType::long2_type(), CHECK_VERIFY(this));
1686 type = current_frame.pop_stack(
1687 VerificationType::long_type(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_freturn :
1692 type = current_frame.pop_stack(
1693 VerificationType::float_type(), CHECK_VERIFY(this));
1694 verify_return_value(return_type, type, bci,
1695 ¤t_frame, CHECK_VERIFY(this));
1696 no_control_flow = true; break;
1697 case Bytecodes::_dreturn :
1698 type2 = current_frame.pop_stack(
1699 VerificationType::double2_type(), CHECK_VERIFY(this));
1700 type = current_frame.pop_stack(
1701 VerificationType::double_type(), CHECK_VERIFY(this));
1702 verify_return_value(return_type, type, bci,
1703 ¤t_frame, CHECK_VERIFY(this));
1704 no_control_flow = true; break;
1705 case Bytecodes::_areturn :
1706 type = current_frame.pop_stack(
1707 VerificationType::reference_check(), CHECK_VERIFY(this));
1708 verify_return_value(return_type, type, bci,
1709 ¤t_frame, CHECK_VERIFY(this));
1710 no_control_flow = true; break;
1711 case Bytecodes::_return :
1712 if (return_type != VerificationType::bogus_type()) {
1713 verify_error(ErrorContext::bad_code(bci),
1714 "Method expects a return value");
1715 return;
1716 }
1717 // Make sure "this" has been initialized if current method is an
1718 // <init>.
1719 if (_method->is_object_constructor() &&
1720 current_frame.flag_this_uninit()) {
1721 verify_error(ErrorContext::bad_code(bci),
1722 "Constructor must call super() or this() "
1723 "before return");
1724 return;
1725 }
1726 no_control_flow = true; break;
1727 case Bytecodes::_getstatic :
1728 case Bytecodes::_putstatic :
1729 // pass TRUE, operand can be an array type for getstatic/putstatic.
1730 verify_field_instructions(
1731 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 case Bytecodes::_getfield :
1734 case Bytecodes::_putfield :
1735 // pass FALSE, operand can't be an array type for getfield/putfield.
1736 verify_field_instructions(
1737 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_invokevirtual :
1740 case Bytecodes::_invokespecial :
1741 case Bytecodes::_invokestatic :
1742 case Bytecodes::_invokeinterface :
1743 case Bytecodes::_invokedynamic :
1744 verify_invoke_instructions(
1745 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1746 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1747 no_control_flow = false; break;
1748 case Bytecodes::_new :
1749 {
1750 u2 index = bcs.get_index_u2();
1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752 VerificationType new_class_type =
1753 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1754 if (!new_class_type.is_object()) {
1755 verify_error(ErrorContext::bad_type(bci,
1756 TypeOrigin::cp(index, new_class_type)),
1757 "Illegal new instruction");
1758 return;
1759 }
1760 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1761 current_frame.push_stack(type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_newarray :
1765 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1766 current_frame.pop_stack(
1767 VerificationType::integer_type(), CHECK_VERIFY(this));
1768 current_frame.push_stack(type, CHECK_VERIFY(this));
1769 no_control_flow = false; break;
1770 case Bytecodes::_anewarray :
1771 verify_anewarray(
1772 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1773 no_control_flow = false; break;
1774 case Bytecodes::_arraylength :
1775 type = current_frame.pop_stack(
1776 VerificationType::reference_check(), CHECK_VERIFY(this));
1777 if (!(type.is_null() || type.is_array())) {
1778 verify_error(ErrorContext::bad_type(
1779 bci, current_frame.stack_top_ctx()),
1780 bad_type_msg, "arraylength");
1781 }
1782 current_frame.push_stack(
1783 VerificationType::integer_type(), CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 case Bytecodes::_checkcast :
1786 {
1787 u2 index = bcs.get_index_u2();
1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790 VerificationType klass_type = cp_index_to_type(
1791 index, cp, CHECK_VERIFY(this));
1792 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 }
1795 case Bytecodes::_instanceof : {
1796 u2 index = bcs.get_index_u2();
1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799 current_frame.push_stack(
1800 VerificationType::integer_type(), CHECK_VERIFY(this));
1801 no_control_flow = false; break;
1802 }
1803 case Bytecodes::_monitorenter :
1804 case Bytecodes::_monitorexit : {
1805 VerificationType ref = current_frame.pop_stack(
1806 VerificationType::reference_check(), CHECK_VERIFY(this));
1807 no_control_flow = false; break;
1808 }
1809 case Bytecodes::_multianewarray :
1810 {
1811 u2 index = bcs.get_index_u2();
1812 u2 dim = *(bcs.bcp()+3);
1813 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1814 VerificationType new_array_type =
1815 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1816 if (!new_array_type.is_array()) {
1817 verify_error(ErrorContext::bad_type(bci,
1818 TypeOrigin::cp(index, new_array_type)),
1819 "Illegal constant pool index in multianewarray instruction");
1820 return;
1821 }
1822 if (dim < 1 || new_array_type.dimensions() < dim) {
1823 verify_error(ErrorContext::bad_code(bci),
1824 "Illegal dimension in multianewarray instruction: %d", dim);
1825 return;
1826 }
1827 for (int i = 0; i < dim; i++) {
1828 current_frame.pop_stack(
1829 VerificationType::integer_type(), CHECK_VERIFY(this));
1830 }
1831 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1832 no_control_flow = false; break;
1833 }
1834 case Bytecodes::_athrow :
1835 type = VerificationType::reference_type(
1836 vmSymbols::java_lang_Throwable());
1837 current_frame.pop_stack(type, CHECK_VERIFY(this));
1838 no_control_flow = true; break;
1839 default:
1840 // We only need to check the valid bytecodes in class file.
1841 // And jsr and ret are not in the new class file format in JDK1.6.
1842 verify_error(ErrorContext::bad_code(bci),
1843 "Bad instruction: %02x", opcode);
1844 no_control_flow = false;
1845 return;
1846 } // end switch
1847 } // end Merge with the next instruction
1848
1849 // Look for possible jump target in exception handlers and see if it matches
1850 // current_frame. Don't do this check if it has already been done (for
1851 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1852 // opcodes, such as invokespecial, may set the this_uninit flag.
1853 assert(!(verified_exc_handlers && this_uninit),
1854 "Exception handler targets got verified before this_uninit got set");
1855 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1856 if (was_recursively_verified()) return;
1857 verify_exception_handler_targets(
1858 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1859 }
1860 } // end while
1861
1862 // Make sure that control flow does not fall through end of the method
1863 if (!no_control_flow) {
1864 verify_error(ErrorContext::bad_code(code_length),
1865 "Control flow falls through code end");
1866 return;
1867 }
1868 }
1869
1870 #undef bad_type_message
1871
1872 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1873 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1874 memset(code_data, 0, sizeof(char) * code_length);
1875 RawBytecodeStream bcs(m);
1876
1877 while (!bcs.is_last_bytecode()) {
1878 if (bcs.raw_next() != Bytecodes::_illegal) {
1879 int bci = bcs.bci();
1880 if (bcs.raw_code() == Bytecodes::_new) {
1881 code_data[bci] = NEW_OFFSET;
1882 } else {
1883 code_data[bci] = BYTECODE_OFFSET;
1884 }
1885 } else {
1886 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1887 return nullptr;
1888 }
1889 }
1890
1891 return code_data;
1892 }
1893
1894 // Since this method references the constant pool, call was_recursively_verified()
1895 // before calling this method to make sure a prior class load did not cause the
1896 // current class to get verified.
1897 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1898 ExceptionTable exhandlers(_method());
1899 int exlength = exhandlers.length();
1900 constantPoolHandle cp (THREAD, _method->constants());
1901
1902 for(int i = 0; i < exlength; i++) {
1903 u2 start_pc = exhandlers.start_pc(i);
1904 u2 end_pc = exhandlers.end_pc(i);
1905 u2 handler_pc = exhandlers.handler_pc(i);
1906 if (start_pc >= code_length || code_data[start_pc] == 0) {
1907 class_format_error("Illegal exception table start_pc %d", start_pc);
1908 return;
1909 }
1910 if (end_pc != code_length) { // special case: end_pc == code_length
1911 if (end_pc > code_length || code_data[end_pc] == 0) {
1912 class_format_error("Illegal exception table end_pc %d", end_pc);
1913 return;
1914 }
1915 }
1916 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1917 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1918 return;
1919 }
1920 u2 catch_type_index = exhandlers.catch_type_index(i);
1921 if (catch_type_index != 0) {
1922 VerificationType catch_type = cp_index_to_type(
1923 catch_type_index, cp, CHECK_VERIFY(this));
1924 VerificationType throwable =
1925 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1926 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1927 // do that, and we need to avoid a runtime resolution in case we are trying to
1928 // catch OutOfMemoryError.
1929 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1930 cp->klass_at(catch_type_index, CHECK);
1931 }
1932 bool is_subclass = throwable.is_assignable_from(
1933 catch_type, this, false, CHECK_VERIFY(this));
1934 if (!is_subclass) {
1935 // 4286534: should throw VerifyError according to recent spec change
1936 verify_error(ErrorContext::bad_type(handler_pc,
1937 TypeOrigin::cp(catch_type_index, catch_type),
1938 TypeOrigin::implicit(throwable)),
1939 "Catch type is not a subclass "
1940 "of Throwable in exception handler %d", handler_pc);
1941 return;
1942 }
1943 }
1944 if (start_pc < min) min = start_pc;
1945 if (end_pc > max) max = end_pc;
1946 }
1947 }
1948
1949 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1950 int localvariable_table_length = _method->localvariable_table_length();
1951 if (localvariable_table_length > 0) {
1952 LocalVariableTableElement* table = _method->localvariable_table_start();
1953 for (int i = 0; i < localvariable_table_length; i++) {
1954 u2 start_bci = table[i].start_bci;
1955 u2 length = table[i].length;
1956
1957 if (start_bci >= code_length || code_data[start_bci] == 0) {
1958 class_format_error(
1959 "Illegal local variable table start_pc %d", start_bci);
1960 return;
1961 }
1962 u4 end_bci = (u4)(start_bci + length);
1963 if (end_bci != code_length) {
1964 if (end_bci >= code_length || code_data[end_bci] == 0) {
1965 class_format_error( "Illegal local variable table length %d", length);
1966 return;
1967 }
1968 }
1969 }
1970 }
1971 }
1972
1973 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1974 StackMapFrame* current_frame,
1975 StackMapTable* stackmap_table,
1976 bool no_control_flow, TRAPS) {
1977 if (stackmap_index < stackmap_table->get_frame_count()) {
1978 int this_offset = stackmap_table->get_offset(stackmap_index);
1979 if (no_control_flow && this_offset > bci) {
1980 verify_error(ErrorContext::missing_stackmap(bci),
1981 "Expecting a stack map frame");
1982 return 0;
1983 }
1984 if (this_offset == bci) {
1985 ErrorContext ctx;
1986 // See if current stack map can be assigned to the frame in table.
1987 // current_frame is the stackmap frame got from the last instruction.
1988 // If matched, current_frame will be updated by this method.
1989 bool matches = stackmap_table->match_stackmap(
1990 current_frame, this_offset, stackmap_index,
1991 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1992 if (!matches) {
1993 // report type error
1994 verify_error(ctx, "Instruction type does not match stack map");
1995 return 0;
1996 }
1997 stackmap_index++;
1998 } else if (this_offset < bci) {
1999 // current_offset should have met this_offset.
2000 class_format_error("Bad stack map offset %d", this_offset);
2001 return 0;
2002 }
2003 } else if (no_control_flow) {
2004 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2005 return 0;
2006 }
2007 return stackmap_index;
2008 }
2009
2010 // Since this method references the constant pool, call was_recursively_verified()
2011 // before calling this method to make sure a prior class load did not cause the
2012 // current class to get verified.
2013 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
2014 StackMapFrame* current_frame,
2015 StackMapTable* stackmap_table, TRAPS) {
2016 constantPoolHandle cp (THREAD, _method->constants());
2017 ExceptionTable exhandlers(_method());
2018 int exlength = exhandlers.length();
2019 for(int i = 0; i < exlength; i++) {
2020 u2 start_pc = exhandlers.start_pc(i);
2021 u2 end_pc = exhandlers.end_pc(i);
2022 u2 handler_pc = exhandlers.handler_pc(i);
2023 int catch_type_index = exhandlers.catch_type_index(i);
2024 if(bci >= start_pc && bci < end_pc) {
2025 u1 flags = current_frame->flags();
2026 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2027 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2028 if (catch_type_index != 0) {
2029 if (was_recursively_verified()) return;
2030 // We know that this index refers to a subclass of Throwable
2031 VerificationType catch_type = cp_index_to_type(
2032 catch_type_index, cp, CHECK_VERIFY(this));
2033 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2034 } else {
2035 VerificationType throwable =
2036 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2037 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2038 }
2039 ErrorContext ctx;
2040 bool matches = stackmap_table->match_stackmap(
2041 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2042 if (!matches) {
2043 verify_error(ctx, "Stack map does not match the one at "
2044 "exception handler %d", handler_pc);
2045 return;
2046 }
2047 }
2048 }
2049 }
2050
2051 void ClassVerifier::verify_cp_index(
2052 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2053 int nconstants = cp->length();
2054 if ((index <= 0) || (index >= nconstants)) {
2055 verify_error(ErrorContext::bad_cp_index(bci, index),
2056 "Illegal constant pool index %d in class %s",
2057 index, cp->pool_holder()->external_name());
2058 return;
2059 }
2060 }
2061
2062 void ClassVerifier::verify_cp_type(
2063 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2064
2065 // In some situations, bytecode rewriting may occur while we're verifying.
2066 // In this case, a constant pool cache exists and some indices refer to that
2067 // instead. Be sure we don't pick up such indices by accident.
2068 // We must check was_recursively_verified() before we get here.
2069 guarantee(cp->cache() == nullptr, "not rewritten yet");
2070
2071 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2072 unsigned int tag = cp->tag_at(index).value();
2073 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2074 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2075 verify_error(ErrorContext::bad_cp_index(bci, index),
2076 "Illegal type at constant pool entry %d in class %s",
2077 index, cp->pool_holder()->external_name());
2078 return;
2079 }
2080 }
2081
2082 void ClassVerifier::verify_cp_class_type(
2083 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085 constantTag tag = cp->tag_at(index);
2086 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2087 verify_error(ErrorContext::bad_cp_index(bci, index),
2088 "Illegal type at constant pool entry %d in class %s",
2089 index, cp->pool_holder()->external_name());
2090 return;
2091 }
2092 }
2093
2094 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2095 stringStream ss;
2096
2097 ctx.reset_frames();
2098 _exception_type = vmSymbols::java_lang_VerifyError();
2099 _error_context = ctx;
2100 va_list va;
2101 va_start(va, msg);
2102 ss.vprint(msg, va);
2103 va_end(va);
2104 _message = ss.as_string();
2105 #ifdef ASSERT
2106 ResourceMark rm;
2107 const char* exception_name = _exception_type->as_C_string();
2108 Exceptions::debug_check_abort(exception_name, nullptr);
2109 #endif // ndef ASSERT
2110 }
2111
2112 void ClassVerifier::class_format_error(const char* msg, ...) {
2113 stringStream ss;
2114 _exception_type = vmSymbols::java_lang_ClassFormatError();
2115 va_list va;
2116 va_start(va, msg);
2117 ss.vprint(msg, va);
2118 va_end(va);
2119 if (!_method.is_null()) {
2120 ss.print(" in method '");
2121 _method->print_external_name(&ss);
2122 ss.print("'");
2123 }
2124 _message = ss.as_string();
2125 }
2126
2127 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2128 HandleMark hm(THREAD);
2129 // Get current loader first.
2130 oop loader = current_class()->class_loader();
2131
2132 assert(name_in_supers(name, current_class()), "name should be a super class");
2133
2134 Klass* kls = SystemDictionary::resolve_or_fail(
2135 name, Handle(THREAD, loader), true, THREAD);
2136
2137 if (kls != nullptr) {
2138 if (log_is_enabled(Debug, class, resolve)) {
2139 Verifier::trace_class_resolution(kls, current_class());
2140 }
2141 }
2142 return kls;
2143 }
2144
2145 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2146 Klass* target_class,
2147 Symbol* field_name,
2148 Symbol* field_sig,
2149 bool is_method) {
2150 NoSafepointVerifier nosafepoint;
2151
2152 // If target class isn't a super class of this class, we don't worry about this case
2153 if (!this_class->is_subclass_of(target_class)) {
2154 return false;
2155 }
2156 // Check if the specified method or field is protected
2157 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2158 fieldDescriptor fd;
2159 if (is_method) {
2160 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2161 if (m != nullptr && m->is_protected()) {
2162 if (!this_class->is_same_class_package(m->method_holder())) {
2163 return true;
2164 }
2165 }
2166 } else {
2167 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2168 if (member_klass != nullptr && fd.is_protected()) {
2169 if (!this_class->is_same_class_package(member_klass)) {
2170 return true;
2171 }
2172 }
2173 }
2174 return false;
2175 }
2176
2177 void ClassVerifier::verify_ldc(
2178 int opcode, u2 index, StackMapFrame* current_frame,
2179 const constantPoolHandle& cp, int bci, TRAPS) {
2180 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2181 constantTag tag = cp->tag_at(index);
2182 unsigned int types = 0;
2183 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2184 if (!tag.is_unresolved_klass()) {
2185 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2186 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2187 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2188 | (1 << JVM_CONSTANT_Dynamic);
2189 // Note: The class file parser already verified the legality of
2190 // MethodHandle and MethodType constants.
2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2192 }
2193 } else {
2194 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2195 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2196 | (1 << JVM_CONSTANT_Dynamic);
2197 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2198 }
2199 if (tag.is_string()) {
2200 current_frame->push_stack(
2201 VerificationType::reference_type(
2202 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2203 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2204 current_frame->push_stack(
2205 VerificationType::reference_type(
2206 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2207 } else if (tag.is_int()) {
2208 current_frame->push_stack(
2209 VerificationType::integer_type(), CHECK_VERIFY(this));
2210 } else if (tag.is_float()) {
2211 current_frame->push_stack(
2212 VerificationType::float_type(), CHECK_VERIFY(this));
2213 } else if (tag.is_double()) {
2214 current_frame->push_stack_2(
2215 VerificationType::double_type(),
2216 VerificationType::double2_type(), CHECK_VERIFY(this));
2217 } else if (tag.is_long()) {
2218 current_frame->push_stack_2(
2219 VerificationType::long_type(),
2220 VerificationType::long2_type(), CHECK_VERIFY(this));
2221 } else if (tag.is_method_handle()) {
2222 current_frame->push_stack(
2223 VerificationType::reference_type(
2224 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2225 } else if (tag.is_method_type()) {
2226 current_frame->push_stack(
2227 VerificationType::reference_type(
2228 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2229 } else if (tag.is_dynamic_constant()) {
2230 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2231 // Field signature was checked in ClassFileParser.
2232 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2233 "Invalid type for dynamic constant");
2234 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2235 "buffer type must match VerificationType size");
2236 uintptr_t constant_type_buffer[2];
2237 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2238 SignatureStream sig_stream(constant_type, false);
2239 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2240 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2241 if (n != opcode_n) {
2242 // wrong kind of ldc; reverify against updated type mask
2243 types &= ~(1 << JVM_CONSTANT_Dynamic);
2244 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2245 }
2246 for (int i = 0; i < n; i++) {
2247 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2248 }
2249 } else {
2250 /* Unreachable? verify_cp_type has already validated the cp type. */
2251 verify_error(
2252 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2253 return;
2254 }
2255 }
2256
2257 void ClassVerifier::verify_switch(
2258 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2259 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2260 int bci = bcs->bci();
2261 address bcp = bcs->bcp();
2262 address aligned_bcp = align_up(bcp + 1, jintSize);
2263
2264 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2265 // 4639449 & 4647081: padding bytes must be 0
2266 u2 padding_offset = 1;
2267 while ((bcp + padding_offset) < aligned_bcp) {
2268 if(*(bcp + padding_offset) != 0) {
2269 verify_error(ErrorContext::bad_code(bci),
2270 "Nonzero padding byte in lookupswitch or tableswitch");
2271 return;
2272 }
2273 padding_offset++;
2274 }
2275 }
2276
2277 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2278 int keys, delta;
2279 current_frame->pop_stack(
2280 VerificationType::integer_type(), CHECK_VERIFY(this));
2281 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2282 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2283 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2284 if (low > high) {
2285 verify_error(ErrorContext::bad_code(bci),
2286 "low must be less than or equal to high in tableswitch");
2287 return;
2288 }
2289 int64_t keys64 = ((int64_t)high - low) + 1;
2290 if (keys64 > 65535) { // Max code length
2291 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2292 return;
2293 }
2294 keys = (int)keys64;
2295 delta = 1;
2296 } else {
2297 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2298 if (keys < 0) {
2299 verify_error(ErrorContext::bad_code(bci),
2300 "number of keys in lookupswitch less than 0");
2301 return;
2302 }
2303 delta = 2;
2304 // Make sure that the lookupswitch items are sorted
2305 for (int i = 0; i < (keys - 1); i++) {
2306 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2307 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2308 if (this_key >= next_key) {
2309 verify_error(ErrorContext::bad_code(bci),
2310 "Bad lookupswitch instruction");
2311 return;
2312 }
2313 }
2314 }
2315 int target = bci + default_offset;
2316 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2317 for (int i = 0; i < keys; i++) {
2318 // Because check_jump_target() may safepoint, the bytecode could have
2319 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2320 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2321 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2322 stackmap_table->check_jump_target(
2323 current_frame, target, CHECK_VERIFY(this));
2324 }
2325 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2326 }
2327
2328 bool ClassVerifier::name_in_supers(
2329 Symbol* ref_name, InstanceKlass* current) {
2330 Klass* super = current->super();
2331 while (super != nullptr) {
2332 if (super->name() == ref_name) {
2333 return true;
2334 }
2335 super = super->super();
2336 }
2337 return false;
2338 }
2339
2340 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2341 StackMapFrame* current_frame,
2342 const constantPoolHandle& cp,
2343 bool allow_arrays,
2344 TRAPS) {
2345 u2 index = bcs->get_index_u2();
2346 verify_cp_type(bcs->bci(), index, cp,
2347 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2348
2349 // Get field name and signature
2350 Symbol* field_name = cp->uncached_name_ref_at(index);
2351 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2352 bool is_getfield = false;
2353
2354 // Field signature was checked in ClassFileParser.
2355 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2356 "Invalid field signature");
2357
2358 // Get referenced class type
2359 VerificationType ref_class_type = cp_ref_index_to_type(
2360 index, cp, CHECK_VERIFY(this));
2361 if (!ref_class_type.is_object() &&
2362 (!allow_arrays || !ref_class_type.is_array())) {
2363 verify_error(ErrorContext::bad_type(bcs->bci(),
2364 TypeOrigin::cp(index, ref_class_type)),
2365 "Expecting reference to class in class %s at constant pool index %d",
2366 _klass->external_name(), index);
2367 return;
2368 }
2369
2370 VerificationType target_class_type = ref_class_type;
2371
2372 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2373 "buffer type must match VerificationType size");
2374 uintptr_t field_type_buffer[2];
2375 VerificationType* field_type = (VerificationType*)field_type_buffer;
2376 // If we make a VerificationType[2] array directly, the compiler calls
2377 // to the c-runtime library to do the allocation instead of just
2378 // stack allocating it. Plus it would run constructors. This shows up
2379 // in performance profiles.
2380
2381 SignatureStream sig_stream(field_sig, false);
2382 VerificationType stack_object_type;
2383 int n = change_sig_to_verificationType(&sig_stream, field_type);
2384 int bci = bcs->bci();
2385 bool is_assignable;
2386 switch (bcs->raw_code()) {
2387 case Bytecodes::_getstatic: {
2388 for (int i = 0; i < n; i++) {
2389 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2390 }
2391 break;
2392 }
2393 case Bytecodes::_putstatic: {
2394 for (int i = n - 1; i >= 0; i--) {
2395 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2396 }
2397 break;
2398 }
2399 case Bytecodes::_getfield: {
2400 is_getfield = true;
2401 stack_object_type = current_frame->pop_stack(
2402 target_class_type, CHECK_VERIFY(this));
2403 goto check_protected;
2404 }
2405 case Bytecodes::_putfield: {
2406 for (int i = n - 1; i >= 0; i--) {
2407 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2408 }
2409 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2410
2411 // Field initialization is allowed before the superclass
2412 // initializer, if the field is defined within the current class.
2413 fieldDescriptor fd;
2414 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2415 target_class_type.equals(current_type());
2416 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2417 if (is_local_field) {
2418 // Set the type to the current type so the is_assignable check passes.
2419 stack_object_type = current_type();
2420
2421 if (fd.access_flags().is_strict()) {
2422 ResourceMark rm(THREAD);
2423 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2424 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2425 fd.name()->as_C_string(), fd.signature()->as_C_string());
2426 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2427 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2428 }
2429 }
2430 }
2431 } else if (supports_strict_fields(_klass)) {
2432 // `strict` fields are not writable, but only local fields produce verification errors
2433 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2434 verify_error(ErrorContext::bad_code(bci),
2435 "Illegal use of putfield on a strict field");
2436 return;
2437 }
2438 }
2439 is_assignable = target_class_type.is_assignable_from(
2440 stack_object_type, this, false, CHECK_VERIFY(this));
2441 if (!is_assignable) {
2442 verify_error(ErrorContext::bad_type(bci,
2443 current_frame->stack_top_ctx(),
2444 TypeOrigin::cp(index, target_class_type)),
2445 "Bad type on operand stack in putfield");
2446 return;
2447 }
2448 }
2449 check_protected: {
2450 if (_this_type == stack_object_type)
2451 break; // stack_object_type must be assignable to _current_class_type
2452 if (was_recursively_verified()) {
2453 if (is_getfield) {
2454 // Push field type for getfield.
2455 for (int i = 0; i < n; i++) {
2456 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2457 }
2458 }
2459 return;
2460 }
2461 Symbol* ref_class_name =
2462 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2463 if (!name_in_supers(ref_class_name, current_class()))
2464 // stack_object_type must be assignable to _current_class_type since:
2465 // 1. stack_object_type must be assignable to ref_class.
2466 // 2. ref_class must be _current_class or a subclass of it. It can't
2467 // be a superclass of it. See revised JVMS 5.4.4.
2468 break;
2469
2470 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2471 if (is_protected_access(current_class(), ref_class_oop, field_name,
2472 field_sig, false)) {
2473 // It's protected access, check if stack object is assignable to
2474 // current class.
2475 is_assignable = current_type().is_assignable_from(
2476 stack_object_type, this, true, CHECK_VERIFY(this));
2477 if (!is_assignable) {
2478 verify_error(ErrorContext::bad_type(bci,
2479 current_frame->stack_top_ctx(),
2480 TypeOrigin::implicit(current_type())),
2481 "Bad access to protected data in %s",
2482 is_getfield ? "getfield" : "putfield");
2483 return;
2484 }
2485 }
2486 break;
2487 }
2488 default: ShouldNotReachHere();
2489 }
2490 if (is_getfield) {
2491 // Push field type for getfield after doing protection check.
2492 for (int i = 0; i < n; i++) {
2493 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2494 }
2495 }
2496 }
2497
2498 // Look at the method's handlers. If the bci is in the handler's try block
2499 // then check if the handler_pc is already on the stack. If not, push it
2500 // unless the handler has already been scanned.
2501 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2502 GrowableArray<u4>* handler_list,
2503 GrowableArray<u4>* handler_stack,
2504 u4 bci) {
2505 int exlength = exhandlers->length();
2506 for(int x = 0; x < exlength; x++) {
2507 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2508 u4 exhandler_pc = exhandlers->handler_pc(x);
2509 if (!handler_list->contains(exhandler_pc)) {
2510 handler_stack->append_if_missing(exhandler_pc);
2511 handler_list->append(exhandler_pc);
2512 }
2513 }
2514 }
2515 }
2516
2517 // Return TRUE if all code paths starting with start_bc_offset end in
2518 // bytecode athrow or loop.
2519 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2520 ResourceMark rm;
2521 // Create bytecode stream.
2522 RawBytecodeStream bcs(method());
2523 int code_length = method()->code_size();
2524 bcs.set_start(start_bc_offset);
2525
2526 // Create stack for storing bytecode start offsets for if* and *switch.
2527 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2528 // Create stack for handlers for try blocks containing this handler.
2529 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2530 // Create list of handlers that have been pushed onto the handler_stack
2531 // so that handlers embedded inside of their own TRY blocks only get
2532 // scanned once.
2533 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2534 // Create list of visited branch opcodes (goto* and if*).
2535 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2536 ExceptionTable exhandlers(_method());
2537
2538 while (true) {
2539 if (bcs.is_last_bytecode()) {
2540 // if no more starting offsets to parse or if at the end of the
2541 // method then return false.
2542 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2543 return false;
2544 // Pop a bytecode starting offset and scan from there.
2545 bcs.set_start(bci_stack->pop());
2546 }
2547 Bytecodes::Code opcode = bcs.raw_next();
2548 int bci = bcs.bci();
2549
2550 // If the bytecode is in a TRY block, push its handlers so they
2551 // will get parsed.
2552 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2553
2554 switch (opcode) {
2555 case Bytecodes::_if_icmpeq:
2556 case Bytecodes::_if_icmpne:
2557 case Bytecodes::_if_icmplt:
2558 case Bytecodes::_if_icmpge:
2559 case Bytecodes::_if_icmpgt:
2560 case Bytecodes::_if_icmple:
2561 case Bytecodes::_ifeq:
2562 case Bytecodes::_ifne:
2563 case Bytecodes::_iflt:
2564 case Bytecodes::_ifge:
2565 case Bytecodes::_ifgt:
2566 case Bytecodes::_ifle:
2567 case Bytecodes::_if_acmpeq:
2568 case Bytecodes::_if_acmpne:
2569 case Bytecodes::_ifnull:
2570 case Bytecodes::_ifnonnull: {
2571 int target = bcs.dest();
2572 if (visited_branches->contains(bci)) {
2573 if (bci_stack->is_empty()) {
2574 if (handler_stack->is_empty()) {
2575 return true;
2576 } else {
2577 // Parse the catch handlers for try blocks containing athrow.
2578 bcs.set_start(handler_stack->pop());
2579 }
2580 } else {
2581 // Pop a bytecode starting offset and scan from there.
2582 bcs.set_start(bci_stack->pop());
2583 }
2584 } else {
2585 if (target > bci) { // forward branch
2586 if (target >= code_length) return false;
2587 // Push the branch target onto the stack.
2588 bci_stack->push(target);
2589 // then, scan bytecodes starting with next.
2590 bcs.set_start(bcs.next_bci());
2591 } else { // backward branch
2592 // Push bytecode offset following backward branch onto the stack.
2593 bci_stack->push(bcs.next_bci());
2594 // Check bytecodes starting with branch target.
2595 bcs.set_start(target);
2596 }
2597 // Record target so we don't branch here again.
2598 visited_branches->append(bci);
2599 }
2600 break;
2601 }
2602
2603 case Bytecodes::_goto:
2604 case Bytecodes::_goto_w: {
2605 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2606 if (visited_branches->contains(bci)) {
2607 if (bci_stack->is_empty()) {
2608 if (handler_stack->is_empty()) {
2609 return true;
2610 } else {
2611 // Parse the catch handlers for try blocks containing athrow.
2612 bcs.set_start(handler_stack->pop());
2613 }
2614 } else {
2615 // Been here before, pop new starting offset from stack.
2616 bcs.set_start(bci_stack->pop());
2617 }
2618 } else {
2619 if (target >= code_length) return false;
2620 // Continue scanning from the target onward.
2621 bcs.set_start(target);
2622 // Record target so we don't branch here again.
2623 visited_branches->append(bci);
2624 }
2625 break;
2626 }
2627
2628 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2629 // is difficult to determine where each switch alternative ends, parse
2630 // each switch alternative until either hit a 'return', 'athrow', or reach
2631 // the end of the method's bytecodes. This is gross but should be okay
2632 // because:
2633 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2634 // constructor invocations should be rare.
2635 // 2. if each switch alternative ends in an athrow then the parsing should be
2636 // short. If there is no athrow then it is bogus code, anyway.
2637 case Bytecodes::_lookupswitch:
2638 case Bytecodes::_tableswitch:
2639 {
2640 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2641 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2642 int keys, delta;
2643 if (opcode == Bytecodes::_tableswitch) {
2644 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2645 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2646 // This is invalid, but let the regular bytecode verifier
2647 // report this because the user will get a better error message.
2648 if (low > high) return true;
2649 keys = high - low + 1;
2650 delta = 1;
2651 } else {
2652 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2653 delta = 2;
2654 }
2655 // Invalid, let the regular bytecode verifier deal with it.
2656 if (keys < 0) return true;
2657
2658 // Push the offset of the next bytecode onto the stack.
2659 bci_stack->push(bcs.next_bci());
2660
2661 // Push the switch alternatives onto the stack.
2662 for (int i = 0; i < keys; i++) {
2663 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2664 if (target > code_length) return false;
2665 bci_stack->push(target);
2666 }
2667
2668 // Start bytecode parsing for the switch at the default alternative.
2669 if (default_offset > code_length) return false;
2670 bcs.set_start(default_offset);
2671 break;
2672 }
2673
2674 case Bytecodes::_return:
2675 return false;
2676
2677 case Bytecodes::_athrow:
2678 {
2679 if (bci_stack->is_empty()) {
2680 if (handler_stack->is_empty()) {
2681 return true;
2682 } else {
2683 // Parse the catch handlers for try blocks containing athrow.
2684 bcs.set_start(handler_stack->pop());
2685 }
2686 } else {
2687 // Pop a bytecode offset and starting scanning from there.
2688 bcs.set_start(bci_stack->pop());
2689 }
2690 }
2691 break;
2692
2693 default:
2694 ;
2695 } // end switch
2696 } // end while loop
2697
2698 return false;
2699 }
2700
2701 void ClassVerifier::verify_invoke_init(
2702 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2703 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2704 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2705 TRAPS) {
2706 int bci = bcs->bci();
2707 VerificationType type = current_frame->pop_stack(
2708 VerificationType::reference_check(), CHECK_VERIFY(this));
2709 if (type == VerificationType::uninitialized_this_type()) {
2710 // The method must be an <init> method of this class or its superclass
2711 Klass* superk = current_class()->super();
2712 if (ref_class_type.name() != current_class()->name() &&
2713 ref_class_type.name() != superk->name()) {
2714 verify_error(ErrorContext::bad_type(bci,
2715 TypeOrigin::implicit(ref_class_type),
2716 TypeOrigin::implicit(current_type())),
2717 "Bad <init> method call");
2718 return;
2719 } else if (ref_class_type.name() == superk->name()) {
2720 // Strict final fields must be satisfied by this point
2721 if (!current_frame->verify_unset_fields_satisfied()) {
2722 log_info(verification)("Strict instance fields not initialized");
2723 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2724 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2725 }
2726 }
2727
2728 // If this invokespecial call is done from inside of a TRY block then make
2729 // sure that all catch clause paths end in a throw. Otherwise, this can
2730 // result in returning an incomplete object.
2731 if (in_try_block) {
2732 ExceptionTable exhandlers(_method());
2733 int exlength = exhandlers.length();
2734 for(int i = 0; i < exlength; i++) {
2735 u2 start_pc = exhandlers.start_pc(i);
2736 u2 end_pc = exhandlers.end_pc(i);
2737
2738 if (bci >= start_pc && bci < end_pc) {
2739 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2740 verify_error(ErrorContext::bad_code(bci),
2741 "Bad <init> method call from after the start of a try block");
2742 return;
2743 } else if (log_is_enabled(Debug, verification)) {
2744 ResourceMark rm(THREAD);
2745 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2746 current_class()->name()->as_C_string());
2747 }
2748 }
2749 }
2750
2751 // Check the exception handler target stackmaps with the locals from the
2752 // incoming stackmap (before initialize_object() changes them to outgoing
2753 // state).
2754 if (was_recursively_verified()) return;
2755 verify_exception_handler_targets(bci, true, current_frame,
2756 stackmap_table, CHECK_VERIFY(this));
2757 } // in_try_block
2758
2759 current_frame->initialize_object(type, current_type());
2760 *this_uninit = true;
2761 } else if (type.is_uninitialized()) {
2762 u2 new_offset = type.bci();
2763 address new_bcp = bcs->bcp() - bci + new_offset;
2764 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2765 /* Unreachable? Stack map parsing ensures valid type and new
2766 * instructions have a valid BCI. */
2767 verify_error(ErrorContext::bad_code(new_offset),
2768 "Expecting new instruction");
2769 return;
2770 }
2771 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2772 if (was_recursively_verified()) return;
2773 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2774
2775 // The method must be an <init> method of the indicated class
2776 VerificationType new_class_type = cp_index_to_type(
2777 new_class_index, cp, CHECK_VERIFY(this));
2778 if (!new_class_type.equals(ref_class_type)) {
2779 verify_error(ErrorContext::bad_type(bci,
2780 TypeOrigin::cp(new_class_index, new_class_type),
2781 TypeOrigin::cp(ref_class_index, ref_class_type)),
2782 "Call to wrong <init> method");
2783 return;
2784 }
2785 // According to the VM spec, if the referent class is a superclass of the
2786 // current class, and is in a different runtime package, and the method is
2787 // protected, then the objectref must be the current class or a subclass
2788 // of the current class.
2789 VerificationType objectref_type = new_class_type;
2790 if (name_in_supers(ref_class_type.name(), current_class())) {
2791 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2792 if (was_recursively_verified()) return;
2793 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2794 vmSymbols::object_initializer_name(),
2795 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2796 Klass::OverpassLookupMode::find);
2797 // Do nothing if method is not found. Let resolution detect the error.
2798 if (m != nullptr) {
2799 InstanceKlass* mh = m->method_holder();
2800 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2801 bool assignable = current_type().is_assignable_from(
2802 objectref_type, this, true, CHECK_VERIFY(this));
2803 if (!assignable) {
2804 verify_error(ErrorContext::bad_type(bci,
2805 TypeOrigin::cp(new_class_index, objectref_type),
2806 TypeOrigin::implicit(current_type())),
2807 "Bad access to protected <init> method");
2808 return;
2809 }
2810 }
2811 }
2812 }
2813 // Check the exception handler target stackmaps with the locals from the
2814 // incoming stackmap (before initialize_object() changes them to outgoing
2815 // state).
2816 if (in_try_block) {
2817 if (was_recursively_verified()) return;
2818 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2819 stackmap_table, CHECK_VERIFY(this));
2820 }
2821 current_frame->initialize_object(type, new_class_type);
2822 } else {
2823 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2824 "Bad operand type when invoking <init>");
2825 return;
2826 }
2827 }
2828
2829 bool ClassVerifier::is_same_or_direct_interface(
2830 InstanceKlass* klass,
2831 VerificationType klass_type,
2832 VerificationType ref_class_type) {
2833 if (ref_class_type.equals(klass_type)) return true;
2834 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2835 if (local_interfaces != nullptr) {
2836 for (int x = 0; x < local_interfaces->length(); x++) {
2837 InstanceKlass* k = local_interfaces->at(x);
2838 assert (k != nullptr && k->is_interface(), "invalid interface");
2839 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2840 return true;
2841 }
2842 }
2843 }
2844 return false;
2845 }
2846
2847 void ClassVerifier::verify_invoke_instructions(
2848 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2849 bool in_try_block, bool *this_uninit,
2850 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2851 // Make sure the constant pool item is the right type
2852 u2 index = bcs->get_index_u2();
2853 Bytecodes::Code opcode = bcs->raw_code();
2854 unsigned int types = 0;
2855 switch (opcode) {
2856 case Bytecodes::_invokeinterface:
2857 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2858 break;
2859 case Bytecodes::_invokedynamic:
2860 types = 1 << JVM_CONSTANT_InvokeDynamic;
2861 break;
2862 case Bytecodes::_invokespecial:
2863 case Bytecodes::_invokestatic:
2864 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2865 (1 << JVM_CONSTANT_Methodref) :
2866 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2867 break;
2868 default:
2869 types = 1 << JVM_CONSTANT_Methodref;
2870 }
2871 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2872
2873 // Get method name and signature
2874 Symbol* method_name = cp->uncached_name_ref_at(index);
2875 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2876
2877 // Method signature was checked in ClassFileParser.
2878 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2879 "Invalid method signature");
2880
2881 // Get referenced class
2882 VerificationType ref_class_type;
2883 if (opcode == Bytecodes::_invokedynamic) {
2884 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2885 class_format_error(
2886 "invokedynamic instructions not supported by this class file version (%d), class %s",
2887 _klass->major_version(), _klass->external_name());
2888 return;
2889 }
2890 } else {
2891 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2892 }
2893
2894 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2895 "buffer type must match VerificationType size");
2896
2897 // Get the UTF8 index for this signature.
2898 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2899
2900 // Get the signature's verification types.
2901 sig_as_verification_types* mth_sig_verif_types;
2902 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2903 if (mth_sig_verif_types_ptr != nullptr) {
2904 // Found the entry for the signature's verification types in the hash table.
2905 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2906 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2907 } else {
2908 // Not found, add the entry to the table.
2909 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2910 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2911 create_method_sig_entry(mth_sig_verif_types, sig_index);
2912 }
2913
2914 // Get the number of arguments for this signature.
2915 int nargs = mth_sig_verif_types->num_args();
2916
2917 // Check instruction operands
2918 int bci = bcs->bci();
2919 if (opcode == Bytecodes::_invokeinterface) {
2920 address bcp = bcs->bcp();
2921 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2922 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2923 // the difference between the size of the operand stack before and after the instruction
2924 // executes.
2925 if (*(bcp+3) != (nargs+1)) {
2926 verify_error(ErrorContext::bad_code(bci),
2927 "Inconsistent args count operand in invokeinterface");
2928 return;
2929 }
2930 if (*(bcp+4) != 0) {
2931 verify_error(ErrorContext::bad_code(bci),
2932 "Fourth operand byte of invokeinterface must be zero");
2933 return;
2934 }
2935 }
2936
2937 if (opcode == Bytecodes::_invokedynamic) {
2938 address bcp = bcs->bcp();
2939 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2940 verify_error(ErrorContext::bad_code(bci),
2941 "Third and fourth operand bytes of invokedynamic must be zero");
2942 return;
2943 }
2944 }
2945
2946 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2947 // Make sure:
2948 // <init> can only be invoked by invokespecial.
2949 if (opcode != Bytecodes::_invokespecial ||
2950 method_name != vmSymbols::object_initializer_name()) {
2951 verify_error(ErrorContext::bad_code(bci),
2952 "Illegal call to internal method");
2953 return;
2954 }
2955 } else if (opcode == Bytecodes::_invokespecial
2956 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2957 && !ref_class_type.equals(VerificationType::reference_type(
2958 current_class()->super()->name()))) { // super() can never be an inline_type.
2959 bool subtype = false;
2960 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2961 subtype = ref_class_type.is_assignable_from(
2962 current_type(), this, false, CHECK_VERIFY(this));
2963 if (!subtype) {
2964 verify_error(ErrorContext::bad_code(bci),
2965 "Bad invokespecial instruction: "
2966 "current class isn't assignable to reference class.");
2967 return;
2968 } else if (have_imr_indirect) {
2969 verify_error(ErrorContext::bad_code(bci),
2970 "Bad invokespecial instruction: "
2971 "interface method reference is in an indirect superinterface.");
2972 return;
2973 }
2974
2975 }
2976
2977 // Get the verification types for the method's arguments.
2978 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2979 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2980 // Match method descriptor with operand stack
2981 // The arguments are on the stack in descending order.
2982 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2983 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2984 }
2985
2986 // Check objectref on operand stack
2987 if (opcode != Bytecodes::_invokestatic &&
2988 opcode != Bytecodes::_invokedynamic) {
2989 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2990 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2991 code_length, in_try_block, this_uninit, cp, stackmap_table,
2992 CHECK_VERIFY(this));
2993 if (was_recursively_verified()) return;
2994 } else { // other methods
2995 // Ensures that target class is assignable to method class.
2996 if (opcode == Bytecodes::_invokespecial) {
2997 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2998 } else if (opcode == Bytecodes::_invokevirtual) {
2999 VerificationType stack_object_type =
3000 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3001 if (current_type() != stack_object_type) {
3002 if (was_recursively_verified()) return;
3003 assert(cp->cache() == nullptr, "not rewritten yet");
3004 Symbol* ref_class_name =
3005 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
3006 // See the comments in verify_field_instructions() for
3007 // the rationale behind this.
3008 if (name_in_supers(ref_class_name, current_class())) {
3009 Klass* ref_class = load_class(ref_class_name, CHECK);
3010 if (is_protected_access(
3011 _klass, ref_class, method_name, method_sig, true)) {
3012 // It's protected access, check if stack object is
3013 // assignable to current class.
3014 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3015 && stack_object_type.is_array()
3016 && method_name == vmSymbols::clone_name()) {
3017 // Special case: arrays pretend to implement public Object
3018 // clone().
3019 } else {
3020 bool is_assignable = current_type().is_assignable_from(
3021 stack_object_type, this, true, CHECK_VERIFY(this));
3022 if (!is_assignable) {
3023 verify_error(ErrorContext::bad_type(bci,
3024 current_frame->stack_top_ctx(),
3025 TypeOrigin::implicit(current_type())),
3026 "Bad access to protected data in invokevirtual");
3027 return;
3028 }
3029 }
3030 }
3031 }
3032 }
3033 } else {
3034 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3035 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3036 }
3037 }
3038 }
3039 // Push the result type.
3040 int sig_verif_types_len = sig_verif_types->length();
3041 if (sig_verif_types_len > nargs) { // There's a return type
3042 if (method_name == vmSymbols::object_initializer_name()) {
3043 // an <init> method must have a void return type
3044 verify_error(ErrorContext::bad_code(bci),
3045 "Return type must be void in <init> method");
3046 return;
3047 }
3048
3049 assert(sig_verif_types_len <= nargs + 2,
3050 "Signature verification types array return type is bogus");
3051 for (int i = nargs; i < sig_verif_types_len; i++) {
3052 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3053 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3054 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3055 }
3056 }
3057 }
3058
3059 VerificationType ClassVerifier::get_newarray_type(
3060 u2 index, int bci, TRAPS) {
3061 const char* from_bt[] = {
3062 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3063 };
3064 if (index < T_BOOLEAN || index > T_LONG) {
3065 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3066 return VerificationType::bogus_type();
3067 }
3068
3069 // from_bt[index] contains the array signature which has a length of 2
3070 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3071 return VerificationType::reference_type(sig);
3072 }
3073
3074 void ClassVerifier::verify_anewarray(
3075 int bci, u2 index, const constantPoolHandle& cp,
3076 StackMapFrame* current_frame, TRAPS) {
3077 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3078 current_frame->pop_stack(
3079 VerificationType::integer_type(), CHECK_VERIFY(this));
3080
3081 if (was_recursively_verified()) return;
3082 VerificationType component_type =
3083 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3084 int length;
3085 char* arr_sig_str;
3086 if (component_type.is_array()) { // it's an array
3087 const char* component_name = component_type.name()->as_utf8();
3088 // Check for more than MAX_ARRAY_DIMENSIONS
3089 length = (int)strlen(component_name);
3090 if (length > MAX_ARRAY_DIMENSIONS &&
3091 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3092 verify_error(ErrorContext::bad_code(bci),
3093 "Illegal anewarray instruction, array has more than 255 dimensions");
3094 }
3095 // add one dimension to component
3096 length++;
3097 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3098 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3099 JVM_SIGNATURE_ARRAY, component_name);
3100 assert(n == length, "Unexpected number of characters in string");
3101 } else { // it's an object or interface
3102 const char* component_name = component_type.name()->as_utf8();
3103 // add one dimension to component with 'L' prepended and ';' postpended.
3104 length = (int)strlen(component_name) + 3;
3105 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3106 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3107 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3108 assert(n == length, "Unexpected number of characters in string");
3109 }
3110 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3111 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3112 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3113 }
3114
3115 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3116 current_frame->get_local(
3117 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3118 current_frame->push_stack(
3119 VerificationType::integer_type(), CHECK_VERIFY(this));
3120 }
3121
3122 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3123 current_frame->get_local_2(
3124 index, VerificationType::long_type(),
3125 VerificationType::long2_type(), CHECK_VERIFY(this));
3126 current_frame->push_stack_2(
3127 VerificationType::long_type(),
3128 VerificationType::long2_type(), CHECK_VERIFY(this));
3129 }
3130
3131 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3132 current_frame->get_local(
3133 index, VerificationType::float_type(), CHECK_VERIFY(this));
3134 current_frame->push_stack(
3135 VerificationType::float_type(), CHECK_VERIFY(this));
3136 }
3137
3138 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3139 current_frame->get_local_2(
3140 index, VerificationType::double_type(),
3141 VerificationType::double2_type(), CHECK_VERIFY(this));
3142 current_frame->push_stack_2(
3143 VerificationType::double_type(),
3144 VerificationType::double2_type(), CHECK_VERIFY(this));
3145 }
3146
3147 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3148 VerificationType type = current_frame->get_local(
3149 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3150 current_frame->push_stack(type, CHECK_VERIFY(this));
3151 }
3152
3153 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3154 current_frame->pop_stack(
3155 VerificationType::integer_type(), CHECK_VERIFY(this));
3156 current_frame->set_local(
3157 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3158 }
3159
3160 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3161 current_frame->pop_stack_2(
3162 VerificationType::long2_type(),
3163 VerificationType::long_type(), CHECK_VERIFY(this));
3164 current_frame->set_local_2(
3165 index, VerificationType::long_type(),
3166 VerificationType::long2_type(), CHECK_VERIFY(this));
3167 }
3168
3169 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3170 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3171 current_frame->set_local(
3172 index, VerificationType::float_type(), CHECK_VERIFY(this));
3173 }
3174
3175 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3176 current_frame->pop_stack_2(
3177 VerificationType::double2_type(),
3178 VerificationType::double_type(), CHECK_VERIFY(this));
3179 current_frame->set_local_2(
3180 index, VerificationType::double_type(),
3181 VerificationType::double2_type(), CHECK_VERIFY(this));
3182 }
3183
3184 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3185 VerificationType type = current_frame->pop_stack(
3186 VerificationType::reference_check(), CHECK_VERIFY(this));
3187 current_frame->set_local(index, type, CHECK_VERIFY(this));
3188 }
3189
3190 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3191 VerificationType type = current_frame->get_local(
3192 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3193 current_frame->set_local(index, type, CHECK_VERIFY(this));
3194 }
3195
3196 void ClassVerifier::verify_return_value(
3197 VerificationType return_type, VerificationType type, int bci,
3198 StackMapFrame* current_frame, TRAPS) {
3199 if (return_type == VerificationType::bogus_type()) {
3200 verify_error(ErrorContext::bad_type(bci,
3201 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3202 "Method does not expect a return value");
3203 return;
3204 }
3205 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3206 if (!match) {
3207 verify_error(ErrorContext::bad_type(bci,
3208 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3209 "Bad return type");
3210 return;
3211 }
3212 }
3213
3214 // The verifier creates symbols which are substrings of Symbols.
3215 // These are stored in the verifier until the end of verification so that
3216 // they can be reference counted.
3217 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3218 // Quick deduplication check
3219 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3220 return _previous_symbol;
3221 }
3222 Symbol* sym = SymbolTable::new_symbol(name, length);
3223 if (!sym->is_permanent()) {
3224 if (_symbols == nullptr) {
3225 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3226 }
3227 _symbols->push(sym);
3228 }
3229 _previous_symbol = sym;
3230 return sym;
3231 }