1 /*
2 * Copyright (c) 1998, 2026, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
91 void *lib_handle = nullptr;
92 // Load verify dll
93 if (is_vm_statically_linked()) {
94 lib_handle = os::get_default_process_handle();
95 } else {
96 char buffer[JVM_MAXPATHLEN];
97 char ebuf[1024];
98 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
99 return nullptr; // Caller will throw VerifyError
100
101 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
102 if (lib_handle == nullptr)
103 return nullptr; // Caller will throw VerifyError
104 }
105
106 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
107 if (fn == nullptr)
108 return nullptr; // Caller will throw VerifyError
109
110 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
111 }
112
113
114 // Methods in Verifier
115
116 // This method determines whether we run the verifier and class file format checking code.
117 bool Verifier::should_verify_for(oop class_loader) {
118 return class_loader == nullptr ?
119 BytecodeVerificationLocal : BytecodeVerificationRemote;
120 }
121
122 // This method determines whether we allow package access in access checks in reflection.
123 bool Verifier::relax_access_for(oop loader) {
124 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
125 bool need_verify =
126 // verifyAll
127 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
128 // verifyRemote
129 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
130 return !need_verify;
131 }
132
133 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
134 // or pass true for redefinition of any class.
135 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
136 Symbol* name = klass->name();
137
138 return (should_verify_class &&
139 // Can not verify the bytecodes for shared classes because they have
140 // already been rewritten to contain constant pool cache indices,
141 // which the verifier can't understand.
142 // Shared classes shouldn't have stackmaps either.
143 // However, bytecodes for shared old classes can be verified because
144 // they have not been rewritten.
145 !(klass->in_aot_cache() && klass->is_rewritten()));
146 }
147
148 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
149 assert(verify_class != nullptr, "Unexpected null verify_class");
150 ResourceMark rm;
151 Symbol* s = verify_class->source_file_name();
152 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
153 const char* verify = verify_class->external_name();
154 const char* resolve = resolve_class->external_name();
155 // print in a single call to reduce interleaving between threads
156 if (source_file != nullptr) {
157 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
158 } else {
159 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
160 }
161 }
162
163 // Prints the end-verification message to the appropriate output.
164 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
165 if (pending_exception != nullptr) {
166 st->print("Verification for %s has", klassName);
167 oop message = java_lang_Throwable::message(pending_exception);
168 if (message != nullptr) {
169 char* ex_msg = java_lang_String::as_utf8_string(message);
170 st->print_cr(" exception pending '%s %s'",
171 pending_exception->klass()->external_name(), ex_msg);
172 } else {
173 st->print_cr(" exception pending %s ",
174 pending_exception->klass()->external_name());
175 }
176 } else if (exception_name != nullptr) {
177 st->print_cr("Verification for %s failed", klassName);
178 }
179 st->print_cr("End class verification for: %s", klassName);
180 }
181
182 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
183 HandleMark hm(THREAD);
184 ResourceMark rm(THREAD);
185
186 // Eagerly allocate the identity hash code for a klass. This is a fallout
187 // from 6320749 and 8059924: hash code generator is not supposed to be called
188 // during the safepoint, but it allows to sneak the hashcode in during
189 // verification. Without this eager hashcode generation, we may end up
190 // installing the hashcode during some other operation, which may be at
191 // safepoint -- blowing up the checks. It was previously done as the side
192 // effect (sic!) for external_name(), but instead of doing that, we opt to
193 // explicitly push the hashcode in here. This is signify the following block
194 // is IMPORTANT:
195 assert(klass->java_mirror() != nullptr, "must be");
196 klass->java_mirror()->identity_hash();
197
198 if (!is_eligible_for_verification(klass, should_verify_class)) {
199 return true;
200 }
201
202 // Timer includes any side effects of class verification (resolution,
203 // etc), but not recursive calls to Verifier::verify().
204 JavaThread* jt = THREAD;
205 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
206 ClassLoader::perf_class_verify_selftime(),
207 ClassLoader::perf_classes_verified(),
208 jt->get_thread_stat()->perf_recursion_counts_addr(),
209 jt->get_thread_stat()->perf_timers_addr(),
210 PerfClassTraceTime::CLASS_VERIFY);
211
212 // If the class should be verified, first see if we can use the split
213 // verifier. If not, or if verification fails and can failover, then
214 // call the inference verifier.
215 Symbol* exception_name = nullptr;
216 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
217 char* message_buffer = nullptr;
218 char* exception_message = nullptr;
219
220 log_info(class, init)("Start class verification for: %s", klass->external_name());
221 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
222 ClassVerifier split_verifier(jt, klass);
223 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
224 split_verifier.verify_class(THREAD);
225 exception_name = split_verifier.result();
226
227 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
228 // the class will be excluded from the archive anyway.
229 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
230 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
231
232 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
233 (exception_name == vmSymbols::java_lang_VerifyError() ||
234 exception_name == vmSymbols::java_lang_ClassFormatError())) {
235 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
236 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
237 #if INCLUDE_CDS
238 // Exclude any classes that are verified with the old verifier, as the old verifier
239 // doesn't call SystemDictionaryShared::add_verification_constraint()
240 if (CDSConfig::is_dumping_archive()) {
241 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
242 SystemDictionaryShared::set_excluded(klass);
243 }
244 #endif
245 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
246 exception_message = message_buffer;
247 exception_name = inference_verify(
248 klass, message_buffer, message_buffer_len, THREAD);
249 }
250 if (exception_name != nullptr) {
251 exception_message = split_verifier.exception_message();
252 }
253 } else {
254 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
255 exception_message = message_buffer;
256 exception_name = inference_verify(
257 klass, message_buffer, message_buffer_len, THREAD);
258 }
259
260 LogTarget(Info, class, init) lt1;
261 if (lt1.is_enabled()) {
262 LogStream ls(lt1);
263 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
264 }
265 LogTarget(Info, verification) lt2;
266 if (lt2.is_enabled()) {
267 LogStream ls(lt2);
268 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
269 }
270
271 if (HAS_PENDING_EXCEPTION) {
272 return false; // use the existing exception
273 } else if (exception_name == nullptr) {
274 return true; // verification succeeded
275 } else { // VerifyError or ClassFormatError to be created and thrown
276 Klass* kls =
277 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
278 if (log_is_enabled(Debug, class, resolve)) {
279 Verifier::trace_class_resolution(kls, klass);
280 }
281
282 while (kls != nullptr) {
283 if (kls == klass) {
284 // If the class being verified is the exception we're creating
285 // or one of it's superclasses, we're in trouble and are going
286 // to infinitely recurse when we try to initialize the exception.
287 // So bail out here by throwing the preallocated VM error.
288 THROW_OOP_(Universe::internal_error_instance(), false);
289 }
290 kls = kls->super();
291 }
292 if (message_buffer != nullptr) {
293 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
294 }
295 assert(exception_message != nullptr, "");
296 THROW_MSG_(exception_name, exception_message, false);
297 }
298 }
299
300 Symbol* Verifier::inference_verify(
301 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
302 JavaThread* thread = THREAD;
303
304 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
305
306 if (verify_func == nullptr) {
307 jio_snprintf(message, message_len, "Could not link verifier");
308 return vmSymbols::java_lang_VerifyError();
309 }
310
311 ResourceMark rm(thread);
312 log_info(verification)("Verifying class %s with old format", klass->external_name());
313
314 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
315 jint result;
316
317 {
318 HandleMark hm(thread);
319 ThreadToNativeFromVM ttn(thread);
320 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
321 // code knows that we have left the VM
322 JNIEnv *env = thread->jni_environment();
323 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
324 }
325
326 JNIHandles::destroy_local(cls);
327
328 // These numbers are chosen so that VerifyClassCodes interface doesn't need
329 // to be changed (still return jboolean (unsigned char)), and result is
330 // 1 when verification is passed.
331 if (result == 0) {
332 return vmSymbols::java_lang_VerifyError();
333 } else if (result == 1) {
334 return nullptr; // verified.
335 } else if (result == 2) {
336 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
337 } else if (result == 3) {
338 return vmSymbols::java_lang_ClassFormatError();
339 } else {
340 ShouldNotReachHere();
341 return nullptr;
342 }
343 }
344
345 TypeOrigin TypeOrigin::null() {
346 return TypeOrigin();
347 }
348 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
349 assert(frame != nullptr, "Must have a frame");
350 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
351 frame->local_at(index));
352 }
353 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
354 assert(frame != nullptr, "Must have a frame");
355 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
356 frame->stack_at(index));
357 }
358 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
359 assert(frame != nullptr, "Must have a frame");
360 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
361 frame->local_at(index));
362 }
363 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
364 assert(frame != nullptr, "Must have a frame");
365 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
366 frame->stack_at(index));
367 }
368 TypeOrigin TypeOrigin::bad_index(int index) {
369 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
370 }
371 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
372 return TypeOrigin(CONST_POOL, index, nullptr, vt);
373 }
374 TypeOrigin TypeOrigin::signature(VerificationType vt) {
375 return TypeOrigin(SIG, 0, nullptr, vt);
376 }
377 TypeOrigin TypeOrigin::implicit(VerificationType t) {
378 return TypeOrigin(IMPLICIT, 0, nullptr, t);
379 }
380 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
381 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
382 VerificationType::bogus_type());
383 }
384
385 void TypeOrigin::reset_frame() {
386 if (_frame != nullptr) {
387 _frame->restore();
388 }
389 }
390
391 void TypeOrigin::details(outputStream* ss) const {
392 _type.print_on(ss);
393 switch (_origin) {
394 case CF_LOCALS:
395 ss->print(" (current frame, locals[%d])", _index);
396 break;
397 case CF_STACK:
398 ss->print(" (current frame, stack[%d])", _index);
399 break;
400 case SM_LOCALS:
401 ss->print(" (stack map, locals[%d])", _index);
402 break;
403 case SM_STACK:
404 ss->print(" (stack map, stack[%d])", _index);
405 break;
406 case CONST_POOL:
407 ss->print(" (constant pool %d)", _index);
408 break;
409 case SIG:
410 ss->print(" (from method signature)");
411 break;
412 case IMPLICIT:
413 case FRAME_ONLY:
414 case NONE:
415 default:
416 ;
417 }
418 }
419
420 #ifdef ASSERT
421 void TypeOrigin::print_on(outputStream* str) const {
422 str->print("{%d,%d,%p:", _origin, _index, _frame);
423 if (_frame != nullptr) {
424 _frame->print_on(str);
425 } else {
426 str->print("null");
427 }
428 str->print(",");
429 _type.print_on(str);
430 str->print("}");
431 }
432 #endif
433
434 void ErrorContext::details(outputStream* ss, const Method* method) const {
435 if (is_valid()) {
436 ss->cr();
437 ss->print_cr("Exception Details:");
438 location_details(ss, method);
439 reason_details(ss);
440 frame_details(ss);
441 bytecode_details(ss, method);
442 handler_details(ss, method);
443 stackmap_details(ss, method);
444 }
445 }
446
447 void ErrorContext::reason_details(outputStream* ss) const {
448 StreamIndentor si(ss, 2);
449 ss->print_cr("Reason:");
450
451 StreamIndentor si2(ss, 2);
452 switch (_fault) {
453 case INVALID_BYTECODE:
454 ss->print("Error exists in the bytecode");
455 break;
456 case WRONG_TYPE:
457 if (_expected.is_valid()) {
458 ss->print("Type ");
459 _type.details(ss);
460 ss->print(" is not assignable to ");
461 _expected.details(ss);
462 } else {
463 ss->print("Invalid type: ");
464 _type.details(ss);
465 }
466 break;
467 case FLAGS_MISMATCH:
468 if (_expected.is_valid()) {
469 ss->print("Current frame's flags are not assignable "
470 "to stack map frame's.");
471 } else {
472 ss->print("Current frame's flags are invalid in this context.");
473 }
474 break;
475 case BAD_CP_INDEX:
476 ss->print("Constant pool index %d is invalid", _type.index());
477 break;
478 case BAD_LOCAL_INDEX:
479 ss->print("Local index %d is invalid", _type.index());
480 break;
481 case BAD_STRICT_FIELDS:
482 ss->print("Invalid use of strict instance fields");
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STRICT_FIELDS_MISMATCH:
491 ss->print("Current frame's strict instance fields not compatible with stackmap.");
492 break;
493 case STACK_OVERFLOW:
494 ss->print("Exceeded max stack size.");
495 break;
496 case STACK_UNDERFLOW:
497 ss->print("Attempt to pop empty stack.");
498 break;
499 case MISSING_STACKMAP:
500 ss->print("Expected stackmap frame at this location.");
501 break;
502 case BAD_STACKMAP:
503 ss->print("Invalid stackmap specification.");
504 break;
505 case WRONG_INLINE_TYPE:
506 ss->print("Type ");
507 _type.details(ss);
508 ss->print(" and type ");
509 _expected.details(ss);
510 ss->print(" must be identical inline types.");
511 break;
512 case UNKNOWN:
513 default:
514 ShouldNotReachHere();
515 ss->print_cr("Unknown");
516 }
517 ss->cr();
518 }
519
520 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
521 if (_bci != -1 && method != nullptr) {
522 const char* bytecode_name = "<invalid>";
523 if (method->validate_bci(_bci) != -1) {
524 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
525 if (Bytecodes::is_defined(code)) {
526 bytecode_name = Bytecodes::name(code);
527 } else {
528 bytecode_name = "<illegal>";
529 }
530 }
531 InstanceKlass* ik = method->method_holder();
532
533 StreamIndentor si(ss, 2);
534 ss->print_cr("Location:");
535
536 StreamIndentor si2(ss, 2);
537 ss->print_cr("%s.%s%s @%d: %s",
538 ik->name()->as_C_string(), method->name()->as_C_string(),
539 method->signature()->as_C_string(), _bci, bytecode_name);
540 }
541 }
542
543 void ErrorContext::frame_details(outputStream* ss) const {
544 StreamIndentor si(ss, 2);
545 if (_type.is_valid() && _type.frame() != nullptr) {
546 ss->print_cr("Current Frame:");
547 StreamIndentor si2(ss, 2);
548 _type.frame()->print_on(ss);
549 }
550 if (_expected.is_valid() && _expected.frame() != nullptr) {
551 ss->print_cr("Stackmap Frame:");
552 StreamIndentor si2(ss, 2);
553 _expected.frame()->print_on(ss);
554 }
555 }
556
557 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
558 if (method != nullptr) {
559 StreamIndentor si(ss, 2);
560 ss->print_cr("Bytecode:");
561 StreamIndentor si2(ss, 2);
562 ss->print_data(method->code_base(), method->code_size(), false);
563 }
564 }
565
566 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
567 if (method != nullptr) {
568 StreamIndentor si(ss, 2);
569
570 ExceptionTable table(method);
571 if (table.length() > 0) {
572 ss->print_cr("Exception Handler Table:");
573 StreamIndentor si2(ss, 2);
574 for (int i = 0; i < table.length(); ++i) {
575 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
576 table.end_pc(i), table.handler_pc(i));
577 }
578 }
579 }
580 }
581
582 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
583 if (method != nullptr && method->has_stackmap_table()) {
584 StreamIndentor si(ss, 2);
585 ss->print_cr("Stackmap Table:");
586 Array<u1>* data = method->stackmap_data();
587 stack_map_table* sm_table =
588 stack_map_table::at((address)data->adr_at(0));
589 stack_map_frame* sm_frame = sm_table->entries();
590 StreamIndentor si2(ss, 2);
591 int current_offset = -1;
592 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
593 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
594 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
595 sm_frame->print_truncated(ss, current_offset);
596 return;
597 }
598 sm_frame->print_on(ss, current_offset);
599 ss->cr();
600 current_offset += sm_frame->offset_delta();
601 sm_frame = sm_frame->next();
602 }
603 }
604 }
605
606 // Methods in ClassVerifier
607
608 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
609 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
610 _message(nullptr), _klass(klass) {
611 _this_type = VerificationType::reference_type(klass->name());
612 }
613
614 ClassVerifier::~ClassVerifier() {
615 // Decrement the reference count for any symbols created.
616 if (_symbols != nullptr) {
617 for (int i = 0; i < _symbols->length(); i++) {
618 Symbol* s = _symbols->at(i);
619 s->decrement_refcount();
620 }
621 }
622 }
623
624 VerificationType ClassVerifier::object_type() const {
625 return VerificationType::reference_type(vmSymbols::java_lang_Object());
626 }
627
628 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
629 VerificationType vt = VerificationType::reference_type(
630 create_temporary_symbol(sig, (int)strlen(sig)));
631 return TypeOrigin::implicit(vt);
632 }
633
634 static bool supports_strict_fields(InstanceKlass* klass) {
635 int ver = klass->major_version();
636 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
637 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
638 }
639
640 void ClassVerifier::verify_class(TRAPS) {
641 log_info(verification)("Verifying class %s with new format", _klass->external_name());
642
643 Array<Method*>* methods = _klass->methods();
644 int num_methods = methods->length();
645
646 for (int index = 0; index < num_methods; index++) {
647 // Check for recursive re-verification before each method.
648 if (was_recursively_verified()) return;
649
650 Method* m = methods->at(index);
651 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
652 // If m is native or abstract, skip it. It is checked in class file
653 // parser that methods do not override a final method. Overpass methods
654 // are trusted since the VM generates them.
655 continue;
656 }
657 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
658 }
659
660 if (was_recursively_verified()){
661 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
662 log_info(class, init)("Recursive verification detected for: %s",
663 _klass->external_name());
664 }
665 }
666
667 // Translate the signature entries into verification types and save them in
668 // the growable array. Also, save the count of arguments.
669 void ClassVerifier::translate_signature(Symbol* const method_sig,
670 sig_as_verification_types* sig_verif_types) {
671 SignatureStream sig_stream(method_sig);
672 VerificationType sig_type[2];
673 int sig_i = 0;
674 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
675
676 // Translate the signature arguments into verification types.
677 while (!sig_stream.at_return_type()) {
678 int n = change_sig_to_verificationType(&sig_stream, sig_type);
679 assert(n <= 2, "Unexpected signature type");
680
681 // Store verification type(s). Longs and Doubles each have two verificationTypes.
682 for (int x = 0; x < n; x++) {
683 verif_types->push(sig_type[x]);
684 }
685 sig_i += n;
686 sig_stream.next();
687 }
688
689 // Set final arg count, not including the return type. The final arg count will
690 // be compared with sig_verify_types' length to see if there is a return type.
691 sig_verif_types->set_num_args(sig_i);
692
693 // Store verification type(s) for the return type, if there is one.
694 if (sig_stream.type() != T_VOID) {
695 int n = change_sig_to_verificationType(&sig_stream, sig_type);
696 assert(n <= 2, "Unexpected signature return type");
697 for (int y = 0; y < n; y++) {
698 verif_types->push(sig_type[y]);
699 }
700 }
701 }
702
703 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
704 int sig_index) {
705 // Translate the signature into verification types.
706 ConstantPool* cp = _klass->constants();
707 Symbol* const method_sig = cp->symbol_at(sig_index);
708 translate_signature(method_sig, sig_verif_types);
709
710 // Add the list of this signature's verification types to the table.
711 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
712 assert(is_unique, "Duplicate entries in method_signature_table");
713 }
714
715 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
716 HandleMark hm(THREAD);
717 _method = m; // initialize _method
718 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
719
720 // For clang, the only good constant format string is a literal constant format string.
721 #define bad_type_msg "Bad type on operand stack in %s"
722
723 u2 max_stack = m->verifier_max_stack();
724 u2 max_locals = m->max_locals();
725 constantPoolHandle cp(THREAD, m->constants());
726
727 // Method signature was checked in ClassFileParser.
728 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
729 "Invalid method signature");
730
731 // Collect the initial strict instance fields
732 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
733 if (m->is_object_constructor()) {
734 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
735 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
736 NameAndSig new_field(fs.name(), fs.signature());
737 if (IgnoreAssertUnsetFields) {
738 strict_fields->put(new_field, true);
739 } else {
740 strict_fields->put(new_field, false);
741 }
742 }
743 }
744 }
745
746 // Initial stack map frame: offset is 0, stack is initially empty.
747 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
748 // Set initial locals
749 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
750
751 u2 stackmap_index = 0; // index to the stackmap array
752
753 u4 code_length = m->code_size();
754
755 // Scan the bytecode and map each instruction's start offset to a number.
756 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
757
758 int ex_min = code_length;
759 int ex_max = -1;
760 // Look through each item on the exception table. Each of the fields must refer
761 // to a legal instruction.
762 if (was_recursively_verified()) return;
763 verify_exception_handler_table(
764 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
765
766 // Look through each entry on the local variable table and make sure
767 // its range of code array offsets is valid. (4169817)
768 if (m->has_localvariable_table()) {
769 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
770 }
771
772 Array<u1>* stackmap_data = m->stackmap_data();
773 StackMapStream stream(stackmap_data);
774 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
775 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
776
777 LogTarget(Debug, verification) lt;
778 if (lt.is_enabled()) {
779 LogStream ls(lt);
780 stackmap_table.print_on(&ls);
781 }
782
783 RawBytecodeStream bcs(m);
784
785 // Scan the byte code linearly from the start to the end
786 bool no_control_flow = false; // Set to true when there is no direct control
787 // flow from current instruction to the next
788 // instruction in sequence
789
790 Bytecodes::Code opcode;
791 while (!bcs.is_last_bytecode()) {
792 // Check for recursive re-verification before each bytecode.
793 if (was_recursively_verified()) return;
794
795 opcode = bcs.raw_next();
796 int bci = bcs.bci();
797
798 // Set current frame's offset to bci
799 current_frame.set_offset(bci);
800 current_frame.set_mark();
801
802 // Make sure every offset in stackmap table point to the beginning to
803 // an instruction. Match current_frame to stackmap_table entry with
804 // the same offset if exists.
805 stackmap_index = verify_stackmap_table(
806 stackmap_index, bci, ¤t_frame, &stackmap_table,
807 no_control_flow, CHECK_VERIFY(this));
808
809
810 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
811 bool verified_exc_handlers = false;
812
813 // Merge with the next instruction
814 {
815 VerificationType type, type2;
816 VerificationType atype;
817
818 LogTarget(Debug, verification) lt;
819 if (lt.is_enabled()) {
820 LogStream ls(lt);
821 current_frame.print_on(&ls);
822 lt.print("offset = %d, opcode = %s", bci,
823 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
824 }
825
826 // Make sure wide instruction is in correct format
827 if (bcs.is_wide()) {
828 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
829 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
830 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
831 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
832 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
833 opcode != Bytecodes::_dstore) {
834 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
835 * if we encounter a wide instruction that modifies an invalid
836 * opcode (not one of the ones listed above) */
837 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
838 return;
839 }
840 }
841
842 // Look for possible jump target in exception handlers and see if it
843 // matches current_frame. Do this check here for astore*, dstore*,
844 // fstore*, istore*, and lstore* opcodes because they can change the type
845 // state by adding a local. JVM Spec says that the incoming type state
846 // should be used for this check. So, do the check here before a possible
847 // local is added to the type state.
848 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
849 if (was_recursively_verified()) return;
850 verify_exception_handler_targets(
851 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
852 verified_exc_handlers = true;
853 }
854
855 if (was_recursively_verified()) return;
856
857 switch (opcode) {
858 case Bytecodes::_nop :
859 no_control_flow = false; break;
860 case Bytecodes::_aconst_null :
861 current_frame.push_stack(
862 VerificationType::null_type(), CHECK_VERIFY(this));
863 no_control_flow = false; break;
864 case Bytecodes::_iconst_m1 :
865 case Bytecodes::_iconst_0 :
866 case Bytecodes::_iconst_1 :
867 case Bytecodes::_iconst_2 :
868 case Bytecodes::_iconst_3 :
869 case Bytecodes::_iconst_4 :
870 case Bytecodes::_iconst_5 :
871 current_frame.push_stack(
872 VerificationType::integer_type(), CHECK_VERIFY(this));
873 no_control_flow = false; break;
874 case Bytecodes::_lconst_0 :
875 case Bytecodes::_lconst_1 :
876 current_frame.push_stack_2(
877 VerificationType::long_type(),
878 VerificationType::long2_type(), CHECK_VERIFY(this));
879 no_control_flow = false; break;
880 case Bytecodes::_fconst_0 :
881 case Bytecodes::_fconst_1 :
882 case Bytecodes::_fconst_2 :
883 current_frame.push_stack(
884 VerificationType::float_type(), CHECK_VERIFY(this));
885 no_control_flow = false; break;
886 case Bytecodes::_dconst_0 :
887 case Bytecodes::_dconst_1 :
888 current_frame.push_stack_2(
889 VerificationType::double_type(),
890 VerificationType::double2_type(), CHECK_VERIFY(this));
891 no_control_flow = false; break;
892 case Bytecodes::_sipush :
893 case Bytecodes::_bipush :
894 current_frame.push_stack(
895 VerificationType::integer_type(), CHECK_VERIFY(this));
896 no_control_flow = false; break;
897 case Bytecodes::_ldc :
898 verify_ldc(
899 opcode, bcs.get_index_u1(), ¤t_frame,
900 cp, bci, CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_ldc_w :
903 case Bytecodes::_ldc2_w :
904 verify_ldc(
905 opcode, bcs.get_index_u2(), ¤t_frame,
906 cp, bci, CHECK_VERIFY(this));
907 no_control_flow = false; break;
908 case Bytecodes::_iload :
909 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
910 no_control_flow = false; break;
911 case Bytecodes::_iload_0 :
912 case Bytecodes::_iload_1 :
913 case Bytecodes::_iload_2 :
914 case Bytecodes::_iload_3 : {
915 int index = opcode - Bytecodes::_iload_0;
916 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
917 no_control_flow = false; break;
918 }
919 case Bytecodes::_lload :
920 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 case Bytecodes::_lload_0 :
923 case Bytecodes::_lload_1 :
924 case Bytecodes::_lload_2 :
925 case Bytecodes::_lload_3 : {
926 int index = opcode - Bytecodes::_lload_0;
927 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 }
930 case Bytecodes::_fload :
931 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 case Bytecodes::_fload_0 :
934 case Bytecodes::_fload_1 :
935 case Bytecodes::_fload_2 :
936 case Bytecodes::_fload_3 : {
937 int index = opcode - Bytecodes::_fload_0;
938 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
939 no_control_flow = false; break;
940 }
941 case Bytecodes::_dload :
942 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
943 no_control_flow = false; break;
944 case Bytecodes::_dload_0 :
945 case Bytecodes::_dload_1 :
946 case Bytecodes::_dload_2 :
947 case Bytecodes::_dload_3 : {
948 int index = opcode - Bytecodes::_dload_0;
949 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
950 no_control_flow = false; break;
951 }
952 case Bytecodes::_aload :
953 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
954 no_control_flow = false; break;
955 case Bytecodes::_aload_0 :
956 case Bytecodes::_aload_1 :
957 case Bytecodes::_aload_2 :
958 case Bytecodes::_aload_3 : {
959 int index = opcode - Bytecodes::_aload_0;
960 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
961 no_control_flow = false; break;
962 }
963 case Bytecodes::_iaload :
964 type = current_frame.pop_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 atype = current_frame.pop_stack(
967 VerificationType::reference_check(), CHECK_VERIFY(this));
968 if (!atype.is_int_array()) {
969 verify_error(ErrorContext::bad_type(bci,
970 current_frame.stack_top_ctx(), ref_ctx("[I")),
971 bad_type_msg, "iaload");
972 return;
973 }
974 current_frame.push_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 no_control_flow = false; break;
977 case Bytecodes::_baload :
978 type = current_frame.pop_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 atype = current_frame.pop_stack(
981 VerificationType::reference_check(), CHECK_VERIFY(this));
982 if (!atype.is_bool_array() && !atype.is_byte_array()) {
983 verify_error(
984 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
985 bad_type_msg, "baload");
986 return;
987 }
988 current_frame.push_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 no_control_flow = false; break;
991 case Bytecodes::_caload :
992 type = current_frame.pop_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 atype = current_frame.pop_stack(
995 VerificationType::reference_check(), CHECK_VERIFY(this));
996 if (!atype.is_char_array()) {
997 verify_error(ErrorContext::bad_type(bci,
998 current_frame.stack_top_ctx(), ref_ctx("[C")),
999 bad_type_msg, "caload");
1000 return;
1001 }
1002 current_frame.push_stack(
1003 VerificationType::integer_type(), CHECK_VERIFY(this));
1004 no_control_flow = false; break;
1005 case Bytecodes::_saload :
1006 type = current_frame.pop_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 atype = current_frame.pop_stack(
1009 VerificationType::reference_check(), CHECK_VERIFY(this));
1010 if (!atype.is_short_array()) {
1011 verify_error(ErrorContext::bad_type(bci,
1012 current_frame.stack_top_ctx(), ref_ctx("[S")),
1013 bad_type_msg, "saload");
1014 return;
1015 }
1016 current_frame.push_stack(
1017 VerificationType::integer_type(), CHECK_VERIFY(this));
1018 no_control_flow = false; break;
1019 case Bytecodes::_laload :
1020 type = current_frame.pop_stack(
1021 VerificationType::integer_type(), CHECK_VERIFY(this));
1022 atype = current_frame.pop_stack(
1023 VerificationType::reference_check(), CHECK_VERIFY(this));
1024 if (!atype.is_long_array()) {
1025 verify_error(ErrorContext::bad_type(bci,
1026 current_frame.stack_top_ctx(), ref_ctx("[J")),
1027 bad_type_msg, "laload");
1028 return;
1029 }
1030 current_frame.push_stack_2(
1031 VerificationType::long_type(),
1032 VerificationType::long2_type(), CHECK_VERIFY(this));
1033 no_control_flow = false; break;
1034 case Bytecodes::_faload :
1035 type = current_frame.pop_stack(
1036 VerificationType::integer_type(), CHECK_VERIFY(this));
1037 atype = current_frame.pop_stack(
1038 VerificationType::reference_check(), CHECK_VERIFY(this));
1039 if (!atype.is_float_array()) {
1040 verify_error(ErrorContext::bad_type(bci,
1041 current_frame.stack_top_ctx(), ref_ctx("[F")),
1042 bad_type_msg, "faload");
1043 return;
1044 }
1045 current_frame.push_stack(
1046 VerificationType::float_type(), CHECK_VERIFY(this));
1047 no_control_flow = false; break;
1048 case Bytecodes::_daload :
1049 type = current_frame.pop_stack(
1050 VerificationType::integer_type(), CHECK_VERIFY(this));
1051 atype = current_frame.pop_stack(
1052 VerificationType::reference_check(), CHECK_VERIFY(this));
1053 if (!atype.is_double_array()) {
1054 verify_error(ErrorContext::bad_type(bci,
1055 current_frame.stack_top_ctx(), ref_ctx("[D")),
1056 bad_type_msg, "daload");
1057 return;
1058 }
1059 current_frame.push_stack_2(
1060 VerificationType::double_type(),
1061 VerificationType::double2_type(), CHECK_VERIFY(this));
1062 no_control_flow = false; break;
1063 case Bytecodes::_aaload : {
1064 type = current_frame.pop_stack(
1065 VerificationType::integer_type(), CHECK_VERIFY(this));
1066 atype = current_frame.pop_stack(
1067 VerificationType::reference_check(), CHECK_VERIFY(this));
1068 if (!atype.is_reference_array()) {
1069 verify_error(ErrorContext::bad_type(bci,
1070 current_frame.stack_top_ctx(),
1071 TypeOrigin::implicit(VerificationType::reference_check())),
1072 bad_type_msg, "aaload");
1073 return;
1074 }
1075 if (atype.is_null()) {
1076 current_frame.push_stack(
1077 VerificationType::null_type(), CHECK_VERIFY(this));
1078 } else {
1079 VerificationType component = atype.get_component(this);
1080 current_frame.push_stack(component, CHECK_VERIFY(this));
1081 }
1082 no_control_flow = false; break;
1083 }
1084 case Bytecodes::_istore :
1085 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 case Bytecodes::_istore_0 :
1088 case Bytecodes::_istore_1 :
1089 case Bytecodes::_istore_2 :
1090 case Bytecodes::_istore_3 : {
1091 int index = opcode - Bytecodes::_istore_0;
1092 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1093 no_control_flow = false; break;
1094 }
1095 case Bytecodes::_lstore :
1096 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 case Bytecodes::_lstore_0 :
1099 case Bytecodes::_lstore_1 :
1100 case Bytecodes::_lstore_2 :
1101 case Bytecodes::_lstore_3 : {
1102 int index = opcode - Bytecodes::_lstore_0;
1103 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1104 no_control_flow = false; break;
1105 }
1106 case Bytecodes::_fstore :
1107 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 case Bytecodes::_fstore_0 :
1110 case Bytecodes::_fstore_1 :
1111 case Bytecodes::_fstore_2 :
1112 case Bytecodes::_fstore_3 : {
1113 int index = opcode - Bytecodes::_fstore_0;
1114 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1115 no_control_flow = false; break;
1116 }
1117 case Bytecodes::_dstore :
1118 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1119 no_control_flow = false; break;
1120 case Bytecodes::_dstore_0 :
1121 case Bytecodes::_dstore_1 :
1122 case Bytecodes::_dstore_2 :
1123 case Bytecodes::_dstore_3 : {
1124 int index = opcode - Bytecodes::_dstore_0;
1125 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1126 no_control_flow = false; break;
1127 }
1128 case Bytecodes::_astore :
1129 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1130 no_control_flow = false; break;
1131 case Bytecodes::_astore_0 :
1132 case Bytecodes::_astore_1 :
1133 case Bytecodes::_astore_2 :
1134 case Bytecodes::_astore_3 : {
1135 int index = opcode - Bytecodes::_astore_0;
1136 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1137 no_control_flow = false; break;
1138 }
1139 case Bytecodes::_iastore :
1140 type = current_frame.pop_stack(
1141 VerificationType::integer_type(), CHECK_VERIFY(this));
1142 type2 = current_frame.pop_stack(
1143 VerificationType::integer_type(), CHECK_VERIFY(this));
1144 atype = current_frame.pop_stack(
1145 VerificationType::reference_check(), CHECK_VERIFY(this));
1146 if (!atype.is_int_array()) {
1147 verify_error(ErrorContext::bad_type(bci,
1148 current_frame.stack_top_ctx(), ref_ctx("[I")),
1149 bad_type_msg, "iastore");
1150 return;
1151 }
1152 no_control_flow = false; break;
1153 case Bytecodes::_bastore :
1154 type = current_frame.pop_stack(
1155 VerificationType::integer_type(), CHECK_VERIFY(this));
1156 type2 = current_frame.pop_stack(
1157 VerificationType::integer_type(), CHECK_VERIFY(this));
1158 atype = current_frame.pop_stack(
1159 VerificationType::reference_check(), CHECK_VERIFY(this));
1160 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1161 verify_error(
1162 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1163 bad_type_msg, "bastore");
1164 return;
1165 }
1166 no_control_flow = false; break;
1167 case Bytecodes::_castore :
1168 current_frame.pop_stack(
1169 VerificationType::integer_type(), CHECK_VERIFY(this));
1170 current_frame.pop_stack(
1171 VerificationType::integer_type(), CHECK_VERIFY(this));
1172 atype = current_frame.pop_stack(
1173 VerificationType::reference_check(), CHECK_VERIFY(this));
1174 if (!atype.is_char_array()) {
1175 verify_error(ErrorContext::bad_type(bci,
1176 current_frame.stack_top_ctx(), ref_ctx("[C")),
1177 bad_type_msg, "castore");
1178 return;
1179 }
1180 no_control_flow = false; break;
1181 case Bytecodes::_sastore :
1182 current_frame.pop_stack(
1183 VerificationType::integer_type(), CHECK_VERIFY(this));
1184 current_frame.pop_stack(
1185 VerificationType::integer_type(), CHECK_VERIFY(this));
1186 atype = current_frame.pop_stack(
1187 VerificationType::reference_check(), CHECK_VERIFY(this));
1188 if (!atype.is_short_array()) {
1189 verify_error(ErrorContext::bad_type(bci,
1190 current_frame.stack_top_ctx(), ref_ctx("[S")),
1191 bad_type_msg, "sastore");
1192 return;
1193 }
1194 no_control_flow = false; break;
1195 case Bytecodes::_lastore :
1196 current_frame.pop_stack_2(
1197 VerificationType::long2_type(),
1198 VerificationType::long_type(), CHECK_VERIFY(this));
1199 current_frame.pop_stack(
1200 VerificationType::integer_type(), CHECK_VERIFY(this));
1201 atype = current_frame.pop_stack(
1202 VerificationType::reference_check(), CHECK_VERIFY(this));
1203 if (!atype.is_long_array()) {
1204 verify_error(ErrorContext::bad_type(bci,
1205 current_frame.stack_top_ctx(), ref_ctx("[J")),
1206 bad_type_msg, "lastore");
1207 return;
1208 }
1209 no_control_flow = false; break;
1210 case Bytecodes::_fastore :
1211 current_frame.pop_stack(
1212 VerificationType::float_type(), CHECK_VERIFY(this));
1213 current_frame.pop_stack
1214 (VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 if (!atype.is_float_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(), ref_ctx("[F")),
1220 bad_type_msg, "fastore");
1221 return;
1222 }
1223 no_control_flow = false; break;
1224 case Bytecodes::_dastore :
1225 current_frame.pop_stack_2(
1226 VerificationType::double2_type(),
1227 VerificationType::double_type(), CHECK_VERIFY(this));
1228 current_frame.pop_stack(
1229 VerificationType::integer_type(), CHECK_VERIFY(this));
1230 atype = current_frame.pop_stack(
1231 VerificationType::reference_check(), CHECK_VERIFY(this));
1232 if (!atype.is_double_array()) {
1233 verify_error(ErrorContext::bad_type(bci,
1234 current_frame.stack_top_ctx(), ref_ctx("[D")),
1235 bad_type_msg, "dastore");
1236 return;
1237 }
1238 no_control_flow = false; break;
1239 case Bytecodes::_aastore :
1240 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1241 type2 = current_frame.pop_stack(
1242 VerificationType::integer_type(), CHECK_VERIFY(this));
1243 atype = current_frame.pop_stack(
1244 VerificationType::reference_check(), CHECK_VERIFY(this));
1245 // more type-checking is done at runtime
1246 if (!atype.is_reference_array()) {
1247 verify_error(ErrorContext::bad_type(bci,
1248 current_frame.stack_top_ctx(),
1249 TypeOrigin::implicit(VerificationType::reference_check())),
1250 bad_type_msg, "aastore");
1251 return;
1252 }
1253 // 4938384: relaxed constraint in JVMS 3rd edition.
1254 no_control_flow = false; break;
1255 case Bytecodes::_pop :
1256 current_frame.pop_stack(
1257 VerificationType::category1_check(), CHECK_VERIFY(this));
1258 no_control_flow = false; break;
1259 case Bytecodes::_pop2 :
1260 type = current_frame.pop_stack(CHECK_VERIFY(this));
1261 if (type.is_category1()) {
1262 current_frame.pop_stack(
1263 VerificationType::category1_check(), CHECK_VERIFY(this));
1264 } else if (type.is_category2_2nd()) {
1265 current_frame.pop_stack(
1266 VerificationType::category2_check(), CHECK_VERIFY(this));
1267 } else {
1268 /* Unreachable? Would need a category2_1st on TOS
1269 * which does not appear possible. */
1270 verify_error(
1271 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1272 bad_type_msg, "pop2");
1273 return;
1274 }
1275 no_control_flow = false; break;
1276 case Bytecodes::_dup :
1277 type = current_frame.pop_stack(
1278 VerificationType::category1_check(), CHECK_VERIFY(this));
1279 current_frame.push_stack(type, CHECK_VERIFY(this));
1280 current_frame.push_stack(type, CHECK_VERIFY(this));
1281 no_control_flow = false; break;
1282 case Bytecodes::_dup_x1 :
1283 type = current_frame.pop_stack(
1284 VerificationType::category1_check(), CHECK_VERIFY(this));
1285 type2 = current_frame.pop_stack(
1286 VerificationType::category1_check(), CHECK_VERIFY(this));
1287 current_frame.push_stack(type, CHECK_VERIFY(this));
1288 current_frame.push_stack(type2, CHECK_VERIFY(this));
1289 current_frame.push_stack(type, CHECK_VERIFY(this));
1290 no_control_flow = false; break;
1291 case Bytecodes::_dup_x2 :
1292 {
1293 VerificationType type3;
1294 type = current_frame.pop_stack(
1295 VerificationType::category1_check(), CHECK_VERIFY(this));
1296 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1297 if (type2.is_category1()) {
1298 type3 = current_frame.pop_stack(
1299 VerificationType::category1_check(), CHECK_VERIFY(this));
1300 } else if (type2.is_category2_2nd()) {
1301 type3 = current_frame.pop_stack(
1302 VerificationType::category2_check(), CHECK_VERIFY(this));
1303 } else {
1304 /* Unreachable? Would need a category2_1st at stack depth 2 with
1305 * a category1 on TOS which does not appear possible. */
1306 verify_error(ErrorContext::bad_type(
1307 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1308 return;
1309 }
1310 current_frame.push_stack(type, CHECK_VERIFY(this));
1311 current_frame.push_stack(type3, CHECK_VERIFY(this));
1312 current_frame.push_stack(type2, CHECK_VERIFY(this));
1313 current_frame.push_stack(type, CHECK_VERIFY(this));
1314 no_control_flow = false; break;
1315 }
1316 case Bytecodes::_dup2 :
1317 type = current_frame.pop_stack(CHECK_VERIFY(this));
1318 if (type.is_category1()) {
1319 type2 = current_frame.pop_stack(
1320 VerificationType::category1_check(), CHECK_VERIFY(this));
1321 } else if (type.is_category2_2nd()) {
1322 type2 = current_frame.pop_stack(
1323 VerificationType::category2_check(), CHECK_VERIFY(this));
1324 } else {
1325 /* Unreachable? Would need a category2_1st on TOS which does not
1326 * appear possible. */
1327 verify_error(
1328 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1329 bad_type_msg, "dup2");
1330 return;
1331 }
1332 current_frame.push_stack(type2, CHECK_VERIFY(this));
1333 current_frame.push_stack(type, CHECK_VERIFY(this));
1334 current_frame.push_stack(type2, CHECK_VERIFY(this));
1335 current_frame.push_stack(type, CHECK_VERIFY(this));
1336 no_control_flow = false; break;
1337 case Bytecodes::_dup2_x1 :
1338 {
1339 VerificationType type3;
1340 type = current_frame.pop_stack(CHECK_VERIFY(this));
1341 if (type.is_category1()) {
1342 type2 = current_frame.pop_stack(
1343 VerificationType::category1_check(), CHECK_VERIFY(this));
1344 } else if (type.is_category2_2nd()) {
1345 type2 = current_frame.pop_stack(
1346 VerificationType::category2_check(), CHECK_VERIFY(this));
1347 } else {
1348 /* Unreachable? Would need a category2_1st on TOS which does
1349 * not appear possible. */
1350 verify_error(
1351 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1352 bad_type_msg, "dup2_x1");
1353 return;
1354 }
1355 type3 = current_frame.pop_stack(
1356 VerificationType::category1_check(), CHECK_VERIFY(this));
1357 current_frame.push_stack(type2, CHECK_VERIFY(this));
1358 current_frame.push_stack(type, CHECK_VERIFY(this));
1359 current_frame.push_stack(type3, CHECK_VERIFY(this));
1360 current_frame.push_stack(type2, CHECK_VERIFY(this));
1361 current_frame.push_stack(type, CHECK_VERIFY(this));
1362 no_control_flow = false; break;
1363 }
1364 case Bytecodes::_dup2_x2 :
1365 {
1366 VerificationType type3, type4;
1367 type = current_frame.pop_stack(CHECK_VERIFY(this));
1368 if (type.is_category1()) {
1369 type2 = current_frame.pop_stack(
1370 VerificationType::category1_check(), CHECK_VERIFY(this));
1371 } else if (type.is_category2_2nd()) {
1372 type2 = current_frame.pop_stack(
1373 VerificationType::category2_check(), CHECK_VERIFY(this));
1374 } else {
1375 /* Unreachable? Would need a category2_1st on TOS which does
1376 * not appear possible. */
1377 verify_error(
1378 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1379 bad_type_msg, "dup2_x2");
1380 return;
1381 }
1382 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1383 if (type3.is_category1()) {
1384 type4 = current_frame.pop_stack(
1385 VerificationType::category1_check(), CHECK_VERIFY(this));
1386 } else if (type3.is_category2_2nd()) {
1387 type4 = current_frame.pop_stack(
1388 VerificationType::category2_check(), CHECK_VERIFY(this));
1389 } else {
1390 /* Unreachable? Would need a category2_1st on TOS after popping
1391 * a long/double or two category 1's, which does not
1392 * appear possible. */
1393 verify_error(
1394 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1395 bad_type_msg, "dup2_x2");
1396 return;
1397 }
1398 current_frame.push_stack(type2, CHECK_VERIFY(this));
1399 current_frame.push_stack(type, CHECK_VERIFY(this));
1400 current_frame.push_stack(type4, CHECK_VERIFY(this));
1401 current_frame.push_stack(type3, CHECK_VERIFY(this));
1402 current_frame.push_stack(type2, CHECK_VERIFY(this));
1403 current_frame.push_stack(type, CHECK_VERIFY(this));
1404 no_control_flow = false; break;
1405 }
1406 case Bytecodes::_swap :
1407 type = current_frame.pop_stack(
1408 VerificationType::category1_check(), CHECK_VERIFY(this));
1409 type2 = current_frame.pop_stack(
1410 VerificationType::category1_check(), CHECK_VERIFY(this));
1411 current_frame.push_stack(type, CHECK_VERIFY(this));
1412 current_frame.push_stack(type2, CHECK_VERIFY(this));
1413 no_control_flow = false; break;
1414 case Bytecodes::_iadd :
1415 case Bytecodes::_isub :
1416 case Bytecodes::_imul :
1417 case Bytecodes::_idiv :
1418 case Bytecodes::_irem :
1419 case Bytecodes::_ishl :
1420 case Bytecodes::_ishr :
1421 case Bytecodes::_iushr :
1422 case Bytecodes::_ior :
1423 case Bytecodes::_ixor :
1424 case Bytecodes::_iand :
1425 current_frame.pop_stack(
1426 VerificationType::integer_type(), CHECK_VERIFY(this));
1427 // fall through
1428 case Bytecodes::_ineg :
1429 current_frame.pop_stack(
1430 VerificationType::integer_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack(
1432 VerificationType::integer_type(), CHECK_VERIFY(this));
1433 no_control_flow = false; break;
1434 case Bytecodes::_ladd :
1435 case Bytecodes::_lsub :
1436 case Bytecodes::_lmul :
1437 case Bytecodes::_ldiv :
1438 case Bytecodes::_lrem :
1439 case Bytecodes::_land :
1440 case Bytecodes::_lor :
1441 case Bytecodes::_lxor :
1442 current_frame.pop_stack_2(
1443 VerificationType::long2_type(),
1444 VerificationType::long_type(), CHECK_VERIFY(this));
1445 // fall through
1446 case Bytecodes::_lneg :
1447 current_frame.pop_stack_2(
1448 VerificationType::long2_type(),
1449 VerificationType::long_type(), CHECK_VERIFY(this));
1450 current_frame.push_stack_2(
1451 VerificationType::long_type(),
1452 VerificationType::long2_type(), CHECK_VERIFY(this));
1453 no_control_flow = false; break;
1454 case Bytecodes::_lshl :
1455 case Bytecodes::_lshr :
1456 case Bytecodes::_lushr :
1457 current_frame.pop_stack(
1458 VerificationType::integer_type(), CHECK_VERIFY(this));
1459 current_frame.pop_stack_2(
1460 VerificationType::long2_type(),
1461 VerificationType::long_type(), CHECK_VERIFY(this));
1462 current_frame.push_stack_2(
1463 VerificationType::long_type(),
1464 VerificationType::long2_type(), CHECK_VERIFY(this));
1465 no_control_flow = false; break;
1466 case Bytecodes::_fadd :
1467 case Bytecodes::_fsub :
1468 case Bytecodes::_fmul :
1469 case Bytecodes::_fdiv :
1470 case Bytecodes::_frem :
1471 current_frame.pop_stack(
1472 VerificationType::float_type(), CHECK_VERIFY(this));
1473 // fall through
1474 case Bytecodes::_fneg :
1475 current_frame.pop_stack(
1476 VerificationType::float_type(), CHECK_VERIFY(this));
1477 current_frame.push_stack(
1478 VerificationType::float_type(), CHECK_VERIFY(this));
1479 no_control_flow = false; break;
1480 case Bytecodes::_dadd :
1481 case Bytecodes::_dsub :
1482 case Bytecodes::_dmul :
1483 case Bytecodes::_ddiv :
1484 case Bytecodes::_drem :
1485 current_frame.pop_stack_2(
1486 VerificationType::double2_type(),
1487 VerificationType::double_type(), CHECK_VERIFY(this));
1488 // fall through
1489 case Bytecodes::_dneg :
1490 current_frame.pop_stack_2(
1491 VerificationType::double2_type(),
1492 VerificationType::double_type(), CHECK_VERIFY(this));
1493 current_frame.push_stack_2(
1494 VerificationType::double_type(),
1495 VerificationType::double2_type(), CHECK_VERIFY(this));
1496 no_control_flow = false; break;
1497 case Bytecodes::_iinc :
1498 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1499 no_control_flow = false; break;
1500 case Bytecodes::_i2l :
1501 type = current_frame.pop_stack(
1502 VerificationType::integer_type(), CHECK_VERIFY(this));
1503 current_frame.push_stack_2(
1504 VerificationType::long_type(),
1505 VerificationType::long2_type(), CHECK_VERIFY(this));
1506 no_control_flow = false; break;
1507 case Bytecodes::_l2i :
1508 current_frame.pop_stack_2(
1509 VerificationType::long2_type(),
1510 VerificationType::long_type(), CHECK_VERIFY(this));
1511 current_frame.push_stack(
1512 VerificationType::integer_type(), CHECK_VERIFY(this));
1513 no_control_flow = false; break;
1514 case Bytecodes::_i2f :
1515 current_frame.pop_stack(
1516 VerificationType::integer_type(), CHECK_VERIFY(this));
1517 current_frame.push_stack(
1518 VerificationType::float_type(), CHECK_VERIFY(this));
1519 no_control_flow = false; break;
1520 case Bytecodes::_i2d :
1521 current_frame.pop_stack(
1522 VerificationType::integer_type(), CHECK_VERIFY(this));
1523 current_frame.push_stack_2(
1524 VerificationType::double_type(),
1525 VerificationType::double2_type(), CHECK_VERIFY(this));
1526 no_control_flow = false; break;
1527 case Bytecodes::_l2f :
1528 current_frame.pop_stack_2(
1529 VerificationType::long2_type(),
1530 VerificationType::long_type(), CHECK_VERIFY(this));
1531 current_frame.push_stack(
1532 VerificationType::float_type(), CHECK_VERIFY(this));
1533 no_control_flow = false; break;
1534 case Bytecodes::_l2d :
1535 current_frame.pop_stack_2(
1536 VerificationType::long2_type(),
1537 VerificationType::long_type(), CHECK_VERIFY(this));
1538 current_frame.push_stack_2(
1539 VerificationType::double_type(),
1540 VerificationType::double2_type(), CHECK_VERIFY(this));
1541 no_control_flow = false; break;
1542 case Bytecodes::_f2i :
1543 current_frame.pop_stack(
1544 VerificationType::float_type(), CHECK_VERIFY(this));
1545 current_frame.push_stack(
1546 VerificationType::integer_type(), CHECK_VERIFY(this));
1547 no_control_flow = false; break;
1548 case Bytecodes::_f2l :
1549 current_frame.pop_stack(
1550 VerificationType::float_type(), CHECK_VERIFY(this));
1551 current_frame.push_stack_2(
1552 VerificationType::long_type(),
1553 VerificationType::long2_type(), CHECK_VERIFY(this));
1554 no_control_flow = false; break;
1555 case Bytecodes::_f2d :
1556 current_frame.pop_stack(
1557 VerificationType::float_type(), CHECK_VERIFY(this));
1558 current_frame.push_stack_2(
1559 VerificationType::double_type(),
1560 VerificationType::double2_type(), CHECK_VERIFY(this));
1561 no_control_flow = false; break;
1562 case Bytecodes::_d2i :
1563 current_frame.pop_stack_2(
1564 VerificationType::double2_type(),
1565 VerificationType::double_type(), CHECK_VERIFY(this));
1566 current_frame.push_stack(
1567 VerificationType::integer_type(), CHECK_VERIFY(this));
1568 no_control_flow = false; break;
1569 case Bytecodes::_d2l :
1570 current_frame.pop_stack_2(
1571 VerificationType::double2_type(),
1572 VerificationType::double_type(), CHECK_VERIFY(this));
1573 current_frame.push_stack_2(
1574 VerificationType::long_type(),
1575 VerificationType::long2_type(), CHECK_VERIFY(this));
1576 no_control_flow = false; break;
1577 case Bytecodes::_d2f :
1578 current_frame.pop_stack_2(
1579 VerificationType::double2_type(),
1580 VerificationType::double_type(), CHECK_VERIFY(this));
1581 current_frame.push_stack(
1582 VerificationType::float_type(), CHECK_VERIFY(this));
1583 no_control_flow = false; break;
1584 case Bytecodes::_i2b :
1585 case Bytecodes::_i2c :
1586 case Bytecodes::_i2s :
1587 current_frame.pop_stack(
1588 VerificationType::integer_type(), CHECK_VERIFY(this));
1589 current_frame.push_stack(
1590 VerificationType::integer_type(), CHECK_VERIFY(this));
1591 no_control_flow = false; break;
1592 case Bytecodes::_lcmp :
1593 current_frame.pop_stack_2(
1594 VerificationType::long2_type(),
1595 VerificationType::long_type(), CHECK_VERIFY(this));
1596 current_frame.pop_stack_2(
1597 VerificationType::long2_type(),
1598 VerificationType::long_type(), CHECK_VERIFY(this));
1599 current_frame.push_stack(
1600 VerificationType::integer_type(), CHECK_VERIFY(this));
1601 no_control_flow = false; break;
1602 case Bytecodes::_fcmpl :
1603 case Bytecodes::_fcmpg :
1604 current_frame.pop_stack(
1605 VerificationType::float_type(), CHECK_VERIFY(this));
1606 current_frame.pop_stack(
1607 VerificationType::float_type(), CHECK_VERIFY(this));
1608 current_frame.push_stack(
1609 VerificationType::integer_type(), CHECK_VERIFY(this));
1610 no_control_flow = false; break;
1611 case Bytecodes::_dcmpl :
1612 case Bytecodes::_dcmpg :
1613 current_frame.pop_stack_2(
1614 VerificationType::double2_type(),
1615 VerificationType::double_type(), CHECK_VERIFY(this));
1616 current_frame.pop_stack_2(
1617 VerificationType::double2_type(),
1618 VerificationType::double_type(), CHECK_VERIFY(this));
1619 current_frame.push_stack(
1620 VerificationType::integer_type(), CHECK_VERIFY(this));
1621 no_control_flow = false; break;
1622 case Bytecodes::_if_icmpeq:
1623 case Bytecodes::_if_icmpne:
1624 case Bytecodes::_if_icmplt:
1625 case Bytecodes::_if_icmpge:
1626 case Bytecodes::_if_icmpgt:
1627 case Bytecodes::_if_icmple:
1628 current_frame.pop_stack(
1629 VerificationType::integer_type(), CHECK_VERIFY(this));
1630 // fall through
1631 case Bytecodes::_ifeq:
1632 case Bytecodes::_ifne:
1633 case Bytecodes::_iflt:
1634 case Bytecodes::_ifge:
1635 case Bytecodes::_ifgt:
1636 case Bytecodes::_ifle:
1637 current_frame.pop_stack(
1638 VerificationType::integer_type(), CHECK_VERIFY(this));
1639 stackmap_table.check_jump_target(
1640 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1641 no_control_flow = false; break;
1642 case Bytecodes::_if_acmpeq :
1643 case Bytecodes::_if_acmpne :
1644 current_frame.pop_stack(
1645 object_type(), CHECK_VERIFY(this));
1646 // fall through
1647 case Bytecodes::_ifnull :
1648 case Bytecodes::_ifnonnull :
1649 current_frame.pop_stack(
1650 object_type(), CHECK_VERIFY(this));
1651 stackmap_table.check_jump_target
1652 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1653 no_control_flow = false; break;
1654 case Bytecodes::_goto :
1655 stackmap_table.check_jump_target(
1656 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1657 no_control_flow = true; break;
1658 case Bytecodes::_goto_w :
1659 stackmap_table.check_jump_target(
1660 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_tableswitch :
1663 case Bytecodes::_lookupswitch :
1664 verify_switch(
1665 &bcs, code_length, code_data, ¤t_frame,
1666 &stackmap_table, CHECK_VERIFY(this));
1667 no_control_flow = true; break;
1668 case Bytecodes::_ireturn :
1669 type = current_frame.pop_stack(
1670 VerificationType::integer_type(), CHECK_VERIFY(this));
1671 verify_return_value(return_type, type, bci,
1672 ¤t_frame, CHECK_VERIFY(this));
1673 no_control_flow = true; break;
1674 case Bytecodes::_lreturn :
1675 type2 = current_frame.pop_stack(
1676 VerificationType::long2_type(), CHECK_VERIFY(this));
1677 type = current_frame.pop_stack(
1678 VerificationType::long_type(), CHECK_VERIFY(this));
1679 verify_return_value(return_type, type, bci,
1680 ¤t_frame, CHECK_VERIFY(this));
1681 no_control_flow = true; break;
1682 case Bytecodes::_freturn :
1683 type = current_frame.pop_stack(
1684 VerificationType::float_type(), CHECK_VERIFY(this));
1685 verify_return_value(return_type, type, bci,
1686 ¤t_frame, CHECK_VERIFY(this));
1687 no_control_flow = true; break;
1688 case Bytecodes::_dreturn :
1689 type2 = current_frame.pop_stack(
1690 VerificationType::double2_type(), CHECK_VERIFY(this));
1691 type = current_frame.pop_stack(
1692 VerificationType::double_type(), CHECK_VERIFY(this));
1693 verify_return_value(return_type, type, bci,
1694 ¤t_frame, CHECK_VERIFY(this));
1695 no_control_flow = true; break;
1696 case Bytecodes::_areturn :
1697 type = current_frame.pop_stack(
1698 VerificationType::reference_check(), CHECK_VERIFY(this));
1699 verify_return_value(return_type, type, bci,
1700 ¤t_frame, CHECK_VERIFY(this));
1701 no_control_flow = true; break;
1702 case Bytecodes::_return :
1703 if (return_type != VerificationType::bogus_type()) {
1704 verify_error(ErrorContext::bad_code(bci),
1705 "Method expects a return value");
1706 return;
1707 }
1708 // Make sure "this" has been initialized if current method is an
1709 // <init>.
1710 if (_method->is_object_constructor() &&
1711 current_frame.flag_this_uninit()) {
1712 verify_error(ErrorContext::bad_code(bci),
1713 "Constructor must call super() or this() "
1714 "before return");
1715 return;
1716 }
1717 no_control_flow = true; break;
1718 case Bytecodes::_getstatic :
1719 case Bytecodes::_putstatic :
1720 // pass TRUE, operand can be an array type for getstatic/putstatic.
1721 verify_field_instructions(
1722 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1723 no_control_flow = false; break;
1724 case Bytecodes::_getfield :
1725 case Bytecodes::_putfield :
1726 // pass FALSE, operand can't be an array type for getfield/putfield.
1727 verify_field_instructions(
1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_invokevirtual :
1731 case Bytecodes::_invokespecial :
1732 case Bytecodes::_invokestatic :
1733 case Bytecodes::_invokeinterface :
1734 case Bytecodes::_invokedynamic :
1735 verify_invoke_instructions(
1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_new :
1740 {
1741 u2 index = bcs.get_index_u2();
1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743 VerificationType new_class_type =
1744 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745 if (!new_class_type.is_object()) {
1746 verify_error(ErrorContext::bad_type(bci,
1747 TypeOrigin::cp(index, new_class_type)),
1748 "Illegal new instruction");
1749 return;
1750 }
1751 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1752 current_frame.push_stack(type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_newarray :
1756 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1757 current_frame.pop_stack(
1758 VerificationType::integer_type(), CHECK_VERIFY(this));
1759 current_frame.push_stack(type, CHECK_VERIFY(this));
1760 no_control_flow = false; break;
1761 case Bytecodes::_anewarray :
1762 verify_anewarray(
1763 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 case Bytecodes::_arraylength :
1766 type = current_frame.pop_stack(
1767 VerificationType::reference_check(), CHECK_VERIFY(this));
1768 if (!(type.is_null() || type.is_array())) {
1769 verify_error(ErrorContext::bad_type(
1770 bci, current_frame.stack_top_ctx()),
1771 bad_type_msg, "arraylength");
1772 }
1773 current_frame.push_stack(
1774 VerificationType::integer_type(), CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 case Bytecodes::_checkcast :
1777 {
1778 u2 index = bcs.get_index_u2();
1779 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1780 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1781 VerificationType klass_type = cp_index_to_type(
1782 index, cp, CHECK_VERIFY(this));
1783 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 }
1786 case Bytecodes::_instanceof : {
1787 u2 index = bcs.get_index_u2();
1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790 current_frame.push_stack(
1791 VerificationType::integer_type(), CHECK_VERIFY(this));
1792 no_control_flow = false; break;
1793 }
1794 case Bytecodes::_monitorenter :
1795 case Bytecodes::_monitorexit : {
1796 VerificationType ref = current_frame.pop_stack(
1797 VerificationType::reference_check(), CHECK_VERIFY(this));
1798 no_control_flow = false; break;
1799 }
1800 case Bytecodes::_multianewarray :
1801 {
1802 u2 index = bcs.get_index_u2();
1803 u2 dim = *(bcs.bcp()+3);
1804 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1805 VerificationType new_array_type =
1806 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1807 if (!new_array_type.is_array()) {
1808 verify_error(ErrorContext::bad_type(bci,
1809 TypeOrigin::cp(index, new_array_type)),
1810 "Illegal constant pool index in multianewarray instruction");
1811 return;
1812 }
1813 if (dim < 1 || new_array_type.dimensions() < dim) {
1814 verify_error(ErrorContext::bad_code(bci),
1815 "Illegal dimension in multianewarray instruction: %d", dim);
1816 return;
1817 }
1818 for (int i = 0; i < dim; i++) {
1819 current_frame.pop_stack(
1820 VerificationType::integer_type(), CHECK_VERIFY(this));
1821 }
1822 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1823 no_control_flow = false; break;
1824 }
1825 case Bytecodes::_athrow :
1826 type = VerificationType::reference_type(
1827 vmSymbols::java_lang_Throwable());
1828 current_frame.pop_stack(type, CHECK_VERIFY(this));
1829 no_control_flow = true; break;
1830 default:
1831 // We only need to check the valid bytecodes in class file.
1832 // And jsr and ret are not in the new class file format in JDK1.6.
1833 verify_error(ErrorContext::bad_code(bci),
1834 "Bad instruction: %02x", opcode);
1835 no_control_flow = false;
1836 return;
1837 } // end switch
1838 } // end Merge with the next instruction
1839
1840 // Look for possible jump target in exception handlers and see if it matches
1841 // current_frame. Don't do this check if it has already been done (for
1842 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1843 // opcodes, such as invokespecial, may set the this_uninit flag.
1844 assert(!(verified_exc_handlers && this_uninit),
1845 "Exception handler targets got verified before this_uninit got set");
1846 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1847 if (was_recursively_verified()) return;
1848 verify_exception_handler_targets(
1849 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1850 }
1851 } // end while
1852
1853 // Make sure that control flow does not fall through end of the method
1854 if (!no_control_flow) {
1855 verify_error(ErrorContext::bad_code(code_length),
1856 "Control flow falls through code end");
1857 return;
1858 }
1859 }
1860
1861 #undef bad_type_message
1862
1863 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1864 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1865 memset(code_data, 0, sizeof(char) * code_length);
1866 RawBytecodeStream bcs(m);
1867
1868 while (!bcs.is_last_bytecode()) {
1869 if (bcs.raw_next() != Bytecodes::_illegal) {
1870 int bci = bcs.bci();
1871 if (bcs.raw_code() == Bytecodes::_new) {
1872 code_data[bci] = NEW_OFFSET;
1873 } else {
1874 code_data[bci] = BYTECODE_OFFSET;
1875 }
1876 } else {
1877 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1878 return nullptr;
1879 }
1880 }
1881
1882 return code_data;
1883 }
1884
1885 // Since this method references the constant pool, call was_recursively_verified()
1886 // before calling this method to make sure a prior class load did not cause the
1887 // current class to get verified.
1888 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1889 ExceptionTable exhandlers(_method());
1890 int exlength = exhandlers.length();
1891 constantPoolHandle cp (THREAD, _method->constants());
1892
1893 for(int i = 0; i < exlength; i++) {
1894 u2 start_pc = exhandlers.start_pc(i);
1895 u2 end_pc = exhandlers.end_pc(i);
1896 u2 handler_pc = exhandlers.handler_pc(i);
1897 if (start_pc >= code_length || code_data[start_pc] == 0) {
1898 class_format_error("Illegal exception table start_pc %d", start_pc);
1899 return;
1900 }
1901 if (end_pc != code_length) { // special case: end_pc == code_length
1902 if (end_pc > code_length || code_data[end_pc] == 0) {
1903 class_format_error("Illegal exception table end_pc %d", end_pc);
1904 return;
1905 }
1906 }
1907 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1908 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1909 return;
1910 }
1911 u2 catch_type_index = exhandlers.catch_type_index(i);
1912 if (catch_type_index != 0) {
1913 VerificationType catch_type = cp_index_to_type(
1914 catch_type_index, cp, CHECK_VERIFY(this));
1915 VerificationType throwable =
1916 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1917 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1918 // do that, and we need to avoid a runtime resolution in case we are trying to
1919 // catch OutOfMemoryError.
1920 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1921 cp->klass_at(catch_type_index, CHECK);
1922 }
1923 bool is_subclass = throwable.is_assignable_from(
1924 catch_type, this, false, CHECK_VERIFY(this));
1925 if (!is_subclass) {
1926 // 4286534: should throw VerifyError according to recent spec change
1927 verify_error(ErrorContext::bad_type(handler_pc,
1928 TypeOrigin::cp(catch_type_index, catch_type),
1929 TypeOrigin::implicit(throwable)),
1930 "Catch type is not a subclass "
1931 "of Throwable in exception handler %d", handler_pc);
1932 return;
1933 }
1934 }
1935 if (start_pc < min) min = start_pc;
1936 if (end_pc > max) max = end_pc;
1937 }
1938 }
1939
1940 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1941 int localvariable_table_length = _method->localvariable_table_length();
1942 if (localvariable_table_length > 0) {
1943 LocalVariableTableElement* table = _method->localvariable_table_start();
1944 for (int i = 0; i < localvariable_table_length; i++) {
1945 u2 start_bci = table[i].start_bci;
1946 u2 length = table[i].length;
1947
1948 if (start_bci >= code_length || code_data[start_bci] == 0) {
1949 class_format_error(
1950 "Illegal local variable table start_pc %d", start_bci);
1951 return;
1952 }
1953 u4 end_bci = (u4)(start_bci + length);
1954 if (end_bci != code_length) {
1955 if (end_bci >= code_length || code_data[end_bci] == 0) {
1956 class_format_error( "Illegal local variable table length %d", length);
1957 return;
1958 }
1959 }
1960 }
1961 }
1962 }
1963
1964 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1965 StackMapFrame* current_frame,
1966 StackMapTable* stackmap_table,
1967 bool no_control_flow, TRAPS) {
1968 if (stackmap_index < stackmap_table->get_frame_count()) {
1969 int this_offset = stackmap_table->get_offset(stackmap_index);
1970 if (no_control_flow && this_offset > bci) {
1971 verify_error(ErrorContext::missing_stackmap(bci),
1972 "Expecting a stack map frame");
1973 return 0;
1974 }
1975 if (this_offset == bci) {
1976 ErrorContext ctx;
1977 // See if current stack map can be assigned to the frame in table.
1978 // current_frame is the stackmap frame got from the last instruction.
1979 // If matched, current_frame will be updated by this method.
1980 bool matches = stackmap_table->match_stackmap(
1981 current_frame, this_offset, stackmap_index,
1982 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1983 if (!matches) {
1984 // report type error
1985 verify_error(ctx, "Instruction type does not match stack map");
1986 return 0;
1987 }
1988 stackmap_index++;
1989 } else if (this_offset < bci) {
1990 // current_offset should have met this_offset.
1991 class_format_error("Bad stack map offset %d", this_offset);
1992 return 0;
1993 }
1994 } else if (no_control_flow) {
1995 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1996 return 0;
1997 }
1998 return stackmap_index;
1999 }
2000
2001 // Since this method references the constant pool, call was_recursively_verified()
2002 // before calling this method to make sure a prior class load did not cause the
2003 // current class to get verified.
2004 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
2005 StackMapFrame* current_frame,
2006 StackMapTable* stackmap_table, TRAPS) {
2007 constantPoolHandle cp (THREAD, _method->constants());
2008 ExceptionTable exhandlers(_method());
2009 int exlength = exhandlers.length();
2010 for(int i = 0; i < exlength; i++) {
2011 u2 start_pc = exhandlers.start_pc(i);
2012 u2 end_pc = exhandlers.end_pc(i);
2013 u2 handler_pc = exhandlers.handler_pc(i);
2014 int catch_type_index = exhandlers.catch_type_index(i);
2015 if(bci >= start_pc && bci < end_pc) {
2016 u1 flags = current_frame->flags();
2017 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2018 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2019 if (catch_type_index != 0) {
2020 if (was_recursively_verified()) return;
2021 // We know that this index refers to a subclass of Throwable
2022 VerificationType catch_type = cp_index_to_type(
2023 catch_type_index, cp, CHECK_VERIFY(this));
2024 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2025 } else {
2026 VerificationType throwable =
2027 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2028 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2029 }
2030 ErrorContext ctx;
2031 bool matches = stackmap_table->match_stackmap(
2032 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2033 if (!matches) {
2034 verify_error(ctx, "Stack map does not match the one at "
2035 "exception handler %d", handler_pc);
2036 return;
2037 }
2038 }
2039 }
2040 }
2041
2042 void ClassVerifier::verify_cp_index(
2043 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2044 int nconstants = cp->length();
2045 if ((index <= 0) || (index >= nconstants)) {
2046 verify_error(ErrorContext::bad_cp_index(bci, index),
2047 "Illegal constant pool index %d in class %s",
2048 index, cp->pool_holder()->external_name());
2049 return;
2050 }
2051 }
2052
2053 void ClassVerifier::verify_cp_type(
2054 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2055
2056 // In some situations, bytecode rewriting may occur while we're verifying.
2057 // In this case, a constant pool cache exists and some indices refer to that
2058 // instead. Be sure we don't pick up such indices by accident.
2059 // We must check was_recursively_verified() before we get here.
2060 guarantee(cp->cache() == nullptr, "not rewritten yet");
2061
2062 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2063 unsigned int tag = cp->tag_at(index).value();
2064 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2065 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2066 verify_error(ErrorContext::bad_cp_index(bci, index),
2067 "Illegal type at constant pool entry %d in class %s",
2068 index, cp->pool_holder()->external_name());
2069 return;
2070 }
2071 }
2072
2073 void ClassVerifier::verify_cp_class_type(
2074 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2075 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2076 constantTag tag = cp->tag_at(index);
2077 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2078 verify_error(ErrorContext::bad_cp_index(bci, index),
2079 "Illegal type at constant pool entry %d in class %s",
2080 index, cp->pool_holder()->external_name());
2081 return;
2082 }
2083 }
2084
2085 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2086 stringStream ss;
2087
2088 ctx.reset_frames();
2089 _exception_type = vmSymbols::java_lang_VerifyError();
2090 _error_context = ctx;
2091 va_list va;
2092 va_start(va, msg);
2093 ss.vprint(msg, va);
2094 va_end(va);
2095 _message = ss.as_string();
2096 #ifdef ASSERT
2097 ResourceMark rm;
2098 const char* exception_name = _exception_type->as_C_string();
2099 Exceptions::debug_check_abort(exception_name, nullptr);
2100 #endif // ndef ASSERT
2101 }
2102
2103 void ClassVerifier::class_format_error(const char* msg, ...) {
2104 stringStream ss;
2105 _exception_type = vmSymbols::java_lang_ClassFormatError();
2106 va_list va;
2107 va_start(va, msg);
2108 ss.vprint(msg, va);
2109 va_end(va);
2110 if (!_method.is_null()) {
2111 ss.print(" in method '");
2112 _method->print_external_name(&ss);
2113 ss.print("'");
2114 }
2115 _message = ss.as_string();
2116 }
2117
2118 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2119 HandleMark hm(THREAD);
2120 // Get current loader first.
2121 oop loader = current_class()->class_loader();
2122
2123 assert(name_in_supers(name, current_class()), "name should be a super class");
2124
2125 Klass* kls = SystemDictionary::resolve_or_fail(
2126 name, Handle(THREAD, loader), true, THREAD);
2127
2128 if (kls != nullptr) {
2129 if (log_is_enabled(Debug, class, resolve)) {
2130 Verifier::trace_class_resolution(kls, current_class());
2131 }
2132 }
2133 return kls;
2134 }
2135
2136 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2137 Klass* target_class,
2138 Symbol* field_name,
2139 Symbol* field_sig,
2140 bool is_method) {
2141 NoSafepointVerifier nosafepoint;
2142
2143 // If target class isn't a super class of this class, we don't worry about this case
2144 if (!this_class->is_subclass_of(target_class)) {
2145 return false;
2146 }
2147 // Check if the specified method or field is protected
2148 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2149 fieldDescriptor fd;
2150 if (is_method) {
2151 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2152 if (m != nullptr && m->is_protected()) {
2153 if (!this_class->is_same_class_package(m->method_holder())) {
2154 return true;
2155 }
2156 }
2157 } else {
2158 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2159 if (member_klass != nullptr && fd.is_protected()) {
2160 if (!this_class->is_same_class_package(member_klass)) {
2161 return true;
2162 }
2163 }
2164 }
2165 return false;
2166 }
2167
2168 void ClassVerifier::verify_ldc(
2169 int opcode, u2 index, StackMapFrame* current_frame,
2170 const constantPoolHandle& cp, int bci, TRAPS) {
2171 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2172 constantTag tag = cp->tag_at(index);
2173 unsigned int types = 0;
2174 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2175 if (!tag.is_unresolved_klass()) {
2176 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2177 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2178 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2179 | (1 << JVM_CONSTANT_Dynamic);
2180 // Note: The class file parser already verified the legality of
2181 // MethodHandle and MethodType constants.
2182 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2183 }
2184 } else {
2185 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2186 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2187 | (1 << JVM_CONSTANT_Dynamic);
2188 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2189 }
2190 if (tag.is_string()) {
2191 current_frame->push_stack(
2192 VerificationType::reference_type(
2193 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2194 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2195 current_frame->push_stack(
2196 VerificationType::reference_type(
2197 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2198 } else if (tag.is_int()) {
2199 current_frame->push_stack(
2200 VerificationType::integer_type(), CHECK_VERIFY(this));
2201 } else if (tag.is_float()) {
2202 current_frame->push_stack(
2203 VerificationType::float_type(), CHECK_VERIFY(this));
2204 } else if (tag.is_double()) {
2205 current_frame->push_stack_2(
2206 VerificationType::double_type(),
2207 VerificationType::double2_type(), CHECK_VERIFY(this));
2208 } else if (tag.is_long()) {
2209 current_frame->push_stack_2(
2210 VerificationType::long_type(),
2211 VerificationType::long2_type(), CHECK_VERIFY(this));
2212 } else if (tag.is_method_handle()) {
2213 current_frame->push_stack(
2214 VerificationType::reference_type(
2215 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2216 } else if (tag.is_method_type()) {
2217 current_frame->push_stack(
2218 VerificationType::reference_type(
2219 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2220 } else if (tag.is_dynamic_constant()) {
2221 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2222 // Field signature was checked in ClassFileParser.
2223 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2224 "Invalid type for dynamic constant");
2225 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2226 "buffer type must match VerificationType size");
2227 uintptr_t constant_type_buffer[2];
2228 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2229 SignatureStream sig_stream(constant_type, false);
2230 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2231 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2232 if (n != opcode_n) {
2233 // wrong kind of ldc; reverify against updated type mask
2234 types &= ~(1 << JVM_CONSTANT_Dynamic);
2235 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2236 }
2237 for (int i = 0; i < n; i++) {
2238 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2239 }
2240 } else {
2241 /* Unreachable? verify_cp_type has already validated the cp type. */
2242 verify_error(
2243 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2244 return;
2245 }
2246 }
2247
2248 void ClassVerifier::verify_switch(
2249 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2250 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2251 int bci = bcs->bci();
2252 address bcp = bcs->bcp();
2253 address aligned_bcp = align_up(bcp + 1, jintSize);
2254
2255 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2256 // 4639449 & 4647081: padding bytes must be 0
2257 u2 padding_offset = 1;
2258 while ((bcp + padding_offset) < aligned_bcp) {
2259 if(*(bcp + padding_offset) != 0) {
2260 verify_error(ErrorContext::bad_code(bci),
2261 "Nonzero padding byte in lookupswitch or tableswitch");
2262 return;
2263 }
2264 padding_offset++;
2265 }
2266 }
2267
2268 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2269 int keys, delta;
2270 current_frame->pop_stack(
2271 VerificationType::integer_type(), CHECK_VERIFY(this));
2272 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2273 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2274 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2275 if (low > high) {
2276 verify_error(ErrorContext::bad_code(bci),
2277 "low must be less than or equal to high in tableswitch");
2278 return;
2279 }
2280 int64_t keys64 = ((int64_t)high - low) + 1;
2281 if (keys64 > 65535) { // Max code length
2282 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2283 return;
2284 }
2285 keys = (int)keys64;
2286 delta = 1;
2287 } else {
2288 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2289 if (keys < 0) {
2290 verify_error(ErrorContext::bad_code(bci),
2291 "number of keys in lookupswitch less than 0");
2292 return;
2293 }
2294 delta = 2;
2295 // Make sure that the lookupswitch items are sorted
2296 for (int i = 0; i < (keys - 1); i++) {
2297 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2298 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2299 if (this_key >= next_key) {
2300 verify_error(ErrorContext::bad_code(bci),
2301 "Bad lookupswitch instruction");
2302 return;
2303 }
2304 }
2305 }
2306 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2307 for (int i = 0; i < keys; i++) {
2308 // Because check_jump_target() may safepoint, the bytecode could have
2309 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2310 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2311 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2312 stackmap_table->check_jump_target(
2313 current_frame, bci, offset, CHECK_VERIFY(this));
2314 }
2315 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2316 }
2317
2318 bool ClassVerifier::name_in_supers(
2319 Symbol* ref_name, InstanceKlass* current) {
2320 Klass* super = current->super();
2321 while (super != nullptr) {
2322 if (super->name() == ref_name) {
2323 return true;
2324 }
2325 super = super->super();
2326 }
2327 return false;
2328 }
2329
2330 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2331 StackMapFrame* current_frame,
2332 const constantPoolHandle& cp,
2333 bool allow_arrays,
2334 TRAPS) {
2335 u2 index = bcs->get_index_u2();
2336 verify_cp_type(bcs->bci(), index, cp,
2337 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2338
2339 // Get field name and signature
2340 Symbol* field_name = cp->uncached_name_ref_at(index);
2341 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2342 bool is_getfield = false;
2343
2344 // Field signature was checked in ClassFileParser.
2345 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2346 "Invalid field signature");
2347
2348 // Get referenced class type
2349 VerificationType ref_class_type = cp_ref_index_to_type(
2350 index, cp, CHECK_VERIFY(this));
2351 if (!ref_class_type.is_object() &&
2352 (!allow_arrays || !ref_class_type.is_array())) {
2353 verify_error(ErrorContext::bad_type(bcs->bci(),
2354 TypeOrigin::cp(index, ref_class_type)),
2355 "Expecting reference to class in class %s at constant pool index %d",
2356 _klass->external_name(), index);
2357 return;
2358 }
2359
2360 VerificationType target_class_type = ref_class_type;
2361
2362 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2363 "buffer type must match VerificationType size");
2364 uintptr_t field_type_buffer[2];
2365 VerificationType* field_type = (VerificationType*)field_type_buffer;
2366 // If we make a VerificationType[2] array directly, the compiler calls
2367 // to the c-runtime library to do the allocation instead of just
2368 // stack allocating it. Plus it would run constructors. This shows up
2369 // in performance profiles.
2370
2371 SignatureStream sig_stream(field_sig, false);
2372 VerificationType stack_object_type;
2373 int n = change_sig_to_verificationType(&sig_stream, field_type);
2374 int bci = bcs->bci();
2375 bool is_assignable;
2376 switch (bcs->raw_code()) {
2377 case Bytecodes::_getstatic: {
2378 for (int i = 0; i < n; i++) {
2379 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2380 }
2381 break;
2382 }
2383 case Bytecodes::_putstatic: {
2384 for (int i = n - 1; i >= 0; i--) {
2385 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2386 }
2387 break;
2388 }
2389 case Bytecodes::_getfield: {
2390 is_getfield = true;
2391 stack_object_type = current_frame->pop_stack(
2392 target_class_type, CHECK_VERIFY(this));
2393 goto check_protected;
2394 }
2395 case Bytecodes::_putfield: {
2396 for (int i = n - 1; i >= 0; i--) {
2397 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2398 }
2399 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2400
2401 // Field initialization is allowed before the superclass
2402 // initializer, if the field is defined within the current class.
2403 fieldDescriptor fd;
2404 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2405 target_class_type.equals(current_type());
2406 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2407 if (is_local_field) {
2408 // Set the type to the current type so the is_assignable check passes.
2409 stack_object_type = current_type();
2410
2411 if (fd.access_flags().is_strict()) {
2412 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2413 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2414 fd.name()->as_C_string(), fd.signature()->as_C_string());
2415 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2416 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2417 }
2418 }
2419 }
2420 } else if (supports_strict_fields(_klass)) {
2421 // `strict` fields are not writable, but only local fields produce verification errors
2422 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2423 verify_error(ErrorContext::bad_code(bci),
2424 "Illegal use of putfield on a strict field");
2425 return;
2426 }
2427 }
2428 is_assignable = target_class_type.is_assignable_from(
2429 stack_object_type, this, false, CHECK_VERIFY(this));
2430 if (!is_assignable) {
2431 verify_error(ErrorContext::bad_type(bci,
2432 current_frame->stack_top_ctx(),
2433 TypeOrigin::cp(index, target_class_type)),
2434 "Bad type on operand stack in putfield");
2435 return;
2436 }
2437 }
2438 check_protected: {
2439 if (_this_type == stack_object_type)
2440 break; // stack_object_type must be assignable to _current_class_type
2441 if (was_recursively_verified()) {
2442 if (is_getfield) {
2443 // Push field type for getfield.
2444 for (int i = 0; i < n; i++) {
2445 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2446 }
2447 }
2448 return;
2449 }
2450 Symbol* ref_class_name =
2451 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2452 if (!name_in_supers(ref_class_name, current_class()))
2453 // stack_object_type must be assignable to _current_class_type since:
2454 // 1. stack_object_type must be assignable to ref_class.
2455 // 2. ref_class must be _current_class or a subclass of it. It can't
2456 // be a superclass of it. See revised JVMS 5.4.4.
2457 break;
2458
2459 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2460 if (is_protected_access(current_class(), ref_class_oop, field_name,
2461 field_sig, false)) {
2462 // It's protected access, check if stack object is assignable to
2463 // current class.
2464 is_assignable = current_type().is_assignable_from(
2465 stack_object_type, this, true, CHECK_VERIFY(this));
2466 if (!is_assignable) {
2467 verify_error(ErrorContext::bad_type(bci,
2468 current_frame->stack_top_ctx(),
2469 TypeOrigin::implicit(current_type())),
2470 "Bad access to protected data in %s",
2471 is_getfield ? "getfield" : "putfield");
2472 return;
2473 }
2474 }
2475 break;
2476 }
2477 default: ShouldNotReachHere();
2478 }
2479 if (is_getfield) {
2480 // Push field type for getfield after doing protection check.
2481 for (int i = 0; i < n; i++) {
2482 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2483 }
2484 }
2485 }
2486
2487 void ClassVerifier::verify_invoke_init(
2488 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2489 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2490 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2491 TRAPS) {
2492 int bci = bcs->bci();
2493 VerificationType type = current_frame->pop_stack(
2494 VerificationType::reference_check(), CHECK_VERIFY(this));
2495 if (type == VerificationType::uninitialized_this_type()) {
2496 // The method must be an <init> method of this class or its superclass
2497 Klass* superk = current_class()->super();
2498 if (ref_class_type.name() != current_class()->name() &&
2499 ref_class_type.name() != superk->name()) {
2500 verify_error(ErrorContext::bad_type(bci,
2501 TypeOrigin::implicit(ref_class_type),
2502 TypeOrigin::implicit(current_type())),
2503 "Bad <init> method call");
2504 return;
2505 } else if (ref_class_type.name() == superk->name()) {
2506 // Strict final fields must be satisfied by this point
2507 if (!current_frame->verify_unset_fields_satisfied()) {
2508 log_info(verification)("Strict instance fields not initialized");
2509 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2510 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2511 }
2512 }
2513
2514 // If this invokespecial call is done from inside of a TRY block then make
2515 // sure that all catch clause paths end in a throw. Otherwise, this can
2516 // result in returning an incomplete object.
2517 if (in_try_block) {
2518 // Check the exception handler target stackmaps with the locals from the
2519 // incoming stackmap (before initialize_object() changes them to outgoing
2520 // state).
2521 if (was_recursively_verified()) return;
2522 verify_exception_handler_targets(bci, true, current_frame,
2523 stackmap_table, CHECK_VERIFY(this));
2524 } // in_try_block
2525
2526 current_frame->initialize_object(type, current_type());
2527 *this_uninit = true;
2528 } else if (type.is_uninitialized()) {
2529 u2 new_offset = type.bci();
2530 address new_bcp = bcs->bcp() - bci + new_offset;
2531 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2532 /* Unreachable? Stack map parsing ensures valid type and new
2533 * instructions have a valid BCI. */
2534 verify_error(ErrorContext::bad_code(new_offset),
2535 "Expecting new instruction");
2536 return;
2537 }
2538 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2539 if (was_recursively_verified()) return;
2540 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2541
2542 // The method must be an <init> method of the indicated class
2543 VerificationType new_class_type = cp_index_to_type(
2544 new_class_index, cp, CHECK_VERIFY(this));
2545 if (!new_class_type.equals(ref_class_type)) {
2546 verify_error(ErrorContext::bad_type(bci,
2547 TypeOrigin::cp(new_class_index, new_class_type),
2548 TypeOrigin::cp(ref_class_index, ref_class_type)),
2549 "Call to wrong <init> method");
2550 return;
2551 }
2552 // According to the VM spec, if the referent class is a superclass of the
2553 // current class, and is in a different runtime package, and the method is
2554 // protected, then the objectref must be the current class or a subclass
2555 // of the current class.
2556 VerificationType objectref_type = new_class_type;
2557 if (name_in_supers(ref_class_type.name(), current_class())) {
2558 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2559 if (was_recursively_verified()) return;
2560 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2561 vmSymbols::object_initializer_name(),
2562 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2563 Klass::OverpassLookupMode::find);
2564 // Do nothing if method is not found. Let resolution detect the error.
2565 if (m != nullptr) {
2566 InstanceKlass* mh = m->method_holder();
2567 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2568 bool assignable = current_type().is_assignable_from(
2569 objectref_type, this, true, CHECK_VERIFY(this));
2570 if (!assignable) {
2571 verify_error(ErrorContext::bad_type(bci,
2572 TypeOrigin::cp(new_class_index, objectref_type),
2573 TypeOrigin::implicit(current_type())),
2574 "Bad access to protected <init> method");
2575 return;
2576 }
2577 }
2578 }
2579 }
2580 // Check the exception handler target stackmaps with the locals from the
2581 // incoming stackmap (before initialize_object() changes them to outgoing
2582 // state).
2583 if (in_try_block) {
2584 if (was_recursively_verified()) return;
2585 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2586 stackmap_table, CHECK_VERIFY(this));
2587 }
2588 current_frame->initialize_object(type, new_class_type);
2589 } else {
2590 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2591 "Bad operand type when invoking <init>");
2592 return;
2593 }
2594 }
2595
2596 bool ClassVerifier::is_same_or_direct_interface(
2597 InstanceKlass* klass,
2598 VerificationType klass_type,
2599 VerificationType ref_class_type) {
2600 if (ref_class_type.equals(klass_type)) return true;
2601 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2602 if (local_interfaces != nullptr) {
2603 for (int x = 0; x < local_interfaces->length(); x++) {
2604 InstanceKlass* k = local_interfaces->at(x);
2605 assert (k != nullptr && k->is_interface(), "invalid interface");
2606 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2607 return true;
2608 }
2609 }
2610 }
2611 return false;
2612 }
2613
2614 void ClassVerifier::verify_invoke_instructions(
2615 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2616 bool in_try_block, bool *this_uninit,
2617 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2618 // Make sure the constant pool item is the right type
2619 u2 index = bcs->get_index_u2();
2620 Bytecodes::Code opcode = bcs->raw_code();
2621 unsigned int types = 0;
2622 switch (opcode) {
2623 case Bytecodes::_invokeinterface:
2624 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2625 break;
2626 case Bytecodes::_invokedynamic:
2627 types = 1 << JVM_CONSTANT_InvokeDynamic;
2628 break;
2629 case Bytecodes::_invokespecial:
2630 case Bytecodes::_invokestatic:
2631 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2632 (1 << JVM_CONSTANT_Methodref) :
2633 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2634 break;
2635 default:
2636 types = 1 << JVM_CONSTANT_Methodref;
2637 }
2638 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2639
2640 // Get method name and signature
2641 Symbol* method_name = cp->uncached_name_ref_at(index);
2642 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2643
2644 // Method signature was checked in ClassFileParser.
2645 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2646 "Invalid method signature");
2647
2648 // Get referenced class
2649 VerificationType ref_class_type;
2650 if (opcode == Bytecodes::_invokedynamic) {
2651 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2652 class_format_error(
2653 "invokedynamic instructions not supported by this class file version (%d), class %s",
2654 _klass->major_version(), _klass->external_name());
2655 return;
2656 }
2657 } else {
2658 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2659 }
2660
2661 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2662 "buffer type must match VerificationType size");
2663
2664 // Get the UTF8 index for this signature.
2665 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2666
2667 // Get the signature's verification types.
2668 sig_as_verification_types* mth_sig_verif_types;
2669 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2670 if (mth_sig_verif_types_ptr != nullptr) {
2671 // Found the entry for the signature's verification types in the hash table.
2672 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2673 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2674 } else {
2675 // Not found, add the entry to the table.
2676 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2677 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2678 create_method_sig_entry(mth_sig_verif_types, sig_index);
2679 }
2680
2681 // Get the number of arguments for this signature.
2682 int nargs = mth_sig_verif_types->num_args();
2683
2684 // Check instruction operands
2685 int bci = bcs->bci();
2686 if (opcode == Bytecodes::_invokeinterface) {
2687 address bcp = bcs->bcp();
2688 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2689 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2690 // the difference between the size of the operand stack before and after the instruction
2691 // executes.
2692 if (*(bcp+3) != (nargs+1)) {
2693 verify_error(ErrorContext::bad_code(bci),
2694 "Inconsistent args count operand in invokeinterface");
2695 return;
2696 }
2697 if (*(bcp+4) != 0) {
2698 verify_error(ErrorContext::bad_code(bci),
2699 "Fourth operand byte of invokeinterface must be zero");
2700 return;
2701 }
2702 }
2703
2704 if (opcode == Bytecodes::_invokedynamic) {
2705 address bcp = bcs->bcp();
2706 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2707 verify_error(ErrorContext::bad_code(bci),
2708 "Third and fourth operand bytes of invokedynamic must be zero");
2709 return;
2710 }
2711 }
2712
2713 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2714 // Make sure:
2715 // <init> can only be invoked by invokespecial.
2716 if (opcode != Bytecodes::_invokespecial ||
2717 method_name != vmSymbols::object_initializer_name()) {
2718 verify_error(ErrorContext::bad_code(bci),
2719 "Illegal call to internal method");
2720 return;
2721 }
2722 }
2723 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2724 // or any superclass (including Object).
2725 else if (opcode == Bytecodes::_invokespecial
2726 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2727 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { // super() can never be an inline_type.
2728
2729 // We know it is not current class, direct superinterface or immediate superclass. That means it
2730 // could be:
2731 // - a totally unrelated class or interface
2732 // - an indirect superinterface
2733 // - an indirect superclass (including Object)
2734 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2735 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2736 // implemented as assignability treats all interfaces as Object.
2737
2738 bool is_interface = false; // This can only be set true if the assignability check will return true
2739 // and we loaded the class. For any other "true" returns (e.g. same class
2740 // or Object) we either can't get here (same class already excluded above)
2741 // or we know it is not an interface (i.e. Object).
2742 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2743 &is_interface, CHECK_VERIFY(this));
2744 if (!subtype) { // Totally unrelated class
2745 verify_error(ErrorContext::bad_code(bci),
2746 "Bad invokespecial instruction: "
2747 "current class isn't assignable to reference class.");
2748 return;
2749 } else {
2750 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2751 // Any interface use is an error.
2752 if (is_interface) {
2753 verify_error(ErrorContext::bad_code(bci),
2754 "Bad invokespecial instruction: "
2755 "interface method to invoke is not in a direct superinterface.");
2756 return;
2757 }
2758 }
2759 }
2760
2761 // Get the verification types for the method's arguments.
2762 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2763 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2764 // Match method descriptor with operand stack
2765 // The arguments are on the stack in descending order.
2766 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2767 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2768 }
2769
2770 // Check objectref on operand stack
2771 if (opcode != Bytecodes::_invokestatic &&
2772 opcode != Bytecodes::_invokedynamic) {
2773 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2774 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2775 code_length, in_try_block, this_uninit, cp, stackmap_table,
2776 CHECK_VERIFY(this));
2777 if (was_recursively_verified()) return;
2778 } else { // other methods
2779 // Ensures that target class is assignable to method class.
2780 if (opcode == Bytecodes::_invokespecial) {
2781 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2782 } else if (opcode == Bytecodes::_invokevirtual) {
2783 VerificationType stack_object_type =
2784 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2785 if (current_type() != stack_object_type) {
2786 if (was_recursively_verified()) return;
2787 assert(cp->cache() == nullptr, "not rewritten yet");
2788 Symbol* ref_class_name =
2789 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2790 // See the comments in verify_field_instructions() for
2791 // the rationale behind this.
2792 if (name_in_supers(ref_class_name, current_class())) {
2793 Klass* ref_class = load_class(ref_class_name, CHECK);
2794 if (is_protected_access(
2795 _klass, ref_class, method_name, method_sig, true)) {
2796 // It's protected access, check if stack object is
2797 // assignable to current class.
2798 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2799 && stack_object_type.is_array()
2800 && method_name == vmSymbols::clone_name()) {
2801 // Special case: arrays pretend to implement public Object
2802 // clone().
2803 } else {
2804 bool is_assignable = current_type().is_assignable_from(
2805 stack_object_type, this, true, CHECK_VERIFY(this));
2806 if (!is_assignable) {
2807 verify_error(ErrorContext::bad_type(bci,
2808 current_frame->stack_top_ctx(),
2809 TypeOrigin::implicit(current_type())),
2810 "Bad access to protected data in invokevirtual");
2811 return;
2812 }
2813 }
2814 }
2815 }
2816 }
2817 } else {
2818 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2819 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2820 }
2821 }
2822 }
2823 // Push the result type.
2824 int sig_verif_types_len = sig_verif_types->length();
2825 if (sig_verif_types_len > nargs) { // There's a return type
2826 if (method_name == vmSymbols::object_initializer_name()) {
2827 // an <init> method must have a void return type
2828 verify_error(ErrorContext::bad_code(bci),
2829 "Return type must be void in <init> method");
2830 return;
2831 }
2832
2833 assert(sig_verif_types_len <= nargs + 2,
2834 "Signature verification types array return type is bogus");
2835 for (int i = nargs; i < sig_verif_types_len; i++) {
2836 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2837 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2838 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2839 }
2840 }
2841 }
2842
2843 VerificationType ClassVerifier::get_newarray_type(
2844 u2 index, int bci, TRAPS) {
2845 const char* from_bt[] = {
2846 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2847 };
2848 if (index < T_BOOLEAN || index > T_LONG) {
2849 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2850 return VerificationType::bogus_type();
2851 }
2852
2853 // from_bt[index] contains the array signature which has a length of 2
2854 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2855 return VerificationType::reference_type(sig);
2856 }
2857
2858 void ClassVerifier::verify_anewarray(
2859 int bci, u2 index, const constantPoolHandle& cp,
2860 StackMapFrame* current_frame, TRAPS) {
2861 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2862 current_frame->pop_stack(
2863 VerificationType::integer_type(), CHECK_VERIFY(this));
2864
2865 if (was_recursively_verified()) return;
2866 VerificationType component_type =
2867 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2868 int length;
2869 char* arr_sig_str;
2870 if (component_type.is_array()) { // it's an array
2871 const char* component_name = component_type.name()->as_utf8();
2872 // Check for more than MAX_ARRAY_DIMENSIONS
2873 length = (int)strlen(component_name);
2874 if (length > MAX_ARRAY_DIMENSIONS &&
2875 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2876 verify_error(ErrorContext::bad_code(bci),
2877 "Illegal anewarray instruction, array has more than 255 dimensions");
2878 }
2879 // add one dimension to component
2880 length++;
2881 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2882 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2883 JVM_SIGNATURE_ARRAY, component_name);
2884 assert(n == length, "Unexpected number of characters in string");
2885 } else { // it's an object or interface
2886 const char* component_name = component_type.name()->as_utf8();
2887 // add one dimension to component with 'L' prepended and ';' postpended.
2888 length = (int)strlen(component_name) + 3;
2889 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2890 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2891 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2892 assert(n == length, "Unexpected number of characters in string");
2893 }
2894 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2895 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2896 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2897 }
2898
2899 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2900 current_frame->get_local(
2901 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2902 current_frame->push_stack(
2903 VerificationType::integer_type(), CHECK_VERIFY(this));
2904 }
2905
2906 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2907 current_frame->get_local_2(
2908 index, VerificationType::long_type(),
2909 VerificationType::long2_type(), CHECK_VERIFY(this));
2910 current_frame->push_stack_2(
2911 VerificationType::long_type(),
2912 VerificationType::long2_type(), CHECK_VERIFY(this));
2913 }
2914
2915 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2916 current_frame->get_local(
2917 index, VerificationType::float_type(), CHECK_VERIFY(this));
2918 current_frame->push_stack(
2919 VerificationType::float_type(), CHECK_VERIFY(this));
2920 }
2921
2922 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2923 current_frame->get_local_2(
2924 index, VerificationType::double_type(),
2925 VerificationType::double2_type(), CHECK_VERIFY(this));
2926 current_frame->push_stack_2(
2927 VerificationType::double_type(),
2928 VerificationType::double2_type(), CHECK_VERIFY(this));
2929 }
2930
2931 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2932 VerificationType type = current_frame->get_local(
2933 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2934 current_frame->push_stack(type, CHECK_VERIFY(this));
2935 }
2936
2937 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2938 current_frame->pop_stack(
2939 VerificationType::integer_type(), CHECK_VERIFY(this));
2940 current_frame->set_local(
2941 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2942 }
2943
2944 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2945 current_frame->pop_stack_2(
2946 VerificationType::long2_type(),
2947 VerificationType::long_type(), CHECK_VERIFY(this));
2948 current_frame->set_local_2(
2949 index, VerificationType::long_type(),
2950 VerificationType::long2_type(), CHECK_VERIFY(this));
2951 }
2952
2953 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2954 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2955 current_frame->set_local(
2956 index, VerificationType::float_type(), CHECK_VERIFY(this));
2957 }
2958
2959 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2960 current_frame->pop_stack_2(
2961 VerificationType::double2_type(),
2962 VerificationType::double_type(), CHECK_VERIFY(this));
2963 current_frame->set_local_2(
2964 index, VerificationType::double_type(),
2965 VerificationType::double2_type(), CHECK_VERIFY(this));
2966 }
2967
2968 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2969 VerificationType type = current_frame->pop_stack(
2970 VerificationType::reference_check(), CHECK_VERIFY(this));
2971 current_frame->set_local(index, type, CHECK_VERIFY(this));
2972 }
2973
2974 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2975 VerificationType type = current_frame->get_local(
2976 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2977 current_frame->set_local(index, type, CHECK_VERIFY(this));
2978 }
2979
2980 void ClassVerifier::verify_return_value(
2981 VerificationType return_type, VerificationType type, int bci,
2982 StackMapFrame* current_frame, TRAPS) {
2983 if (return_type == VerificationType::bogus_type()) {
2984 verify_error(ErrorContext::bad_type(bci,
2985 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2986 "Method does not expect a return value");
2987 return;
2988 }
2989 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2990 if (!match) {
2991 verify_error(ErrorContext::bad_type(bci,
2992 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2993 "Bad return type");
2994 return;
2995 }
2996 }
2997
2998 // The verifier creates symbols which are substrings of Symbols.
2999 // These are stored in the verifier until the end of verification so that
3000 // they can be reference counted.
3001 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3002 // Quick deduplication check
3003 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3004 return _previous_symbol;
3005 }
3006 Symbol* sym = SymbolTable::new_symbol(name, length);
3007 if (!sym->is_permanent()) {
3008 if (_symbols == nullptr) {
3009 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3010 }
3011 _symbols->push(sym);
3012 }
3013 _previous_symbol = sym;
3014 return sym;
3015 }