1 /* 2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "cds/cdsConfig.hpp" 26 #include "classfile/classFileStream.hpp" 27 #include "classfile/classLoader.hpp" 28 #include "classfile/javaClasses.hpp" 29 #include "classfile/stackMapTable.hpp" 30 #include "classfile/stackMapFrame.hpp" 31 #include "classfile/stackMapTableFormat.hpp" 32 #include "classfile/symbolTable.hpp" 33 #include "classfile/systemDictionary.hpp" 34 #include "classfile/verifier.hpp" 35 #include "classfile/vmClasses.hpp" 36 #include "classfile/vmSymbols.hpp" 37 #include "interpreter/bytecodes.hpp" 38 #include "interpreter/bytecodeStream.hpp" 39 #include "jvm.h" 40 #include "logging/log.hpp" 41 #include "logging/logStream.hpp" 42 #include "memory/oopFactory.hpp" 43 #include "memory/resourceArea.hpp" 44 #include "memory/universe.hpp" 45 #include "oops/constantPool.inline.hpp" 46 #include "oops/fieldStreams.inline.hpp" 47 #include "oops/instanceKlass.inline.hpp" 48 #include "oops/klass.inline.hpp" 49 #include "oops/oop.inline.hpp" 50 #include "oops/typeArrayOop.hpp" 51 #include "runtime/arguments.hpp" 52 #include "runtime/fieldDescriptor.inline.hpp" 53 #include "runtime/handles.inline.hpp" 54 #include "runtime/interfaceSupport.inline.hpp" 55 #include "runtime/javaCalls.hpp" 56 #include "runtime/javaThread.hpp" 57 #include "runtime/jniHandles.inline.hpp" 58 #include "runtime/os.hpp" 59 #include "runtime/safepointVerifiers.hpp" 60 #include "services/threadService.hpp" 61 #include "utilities/align.hpp" 62 #include "utilities/bytes.hpp" 63 #if INCLUDE_CDS 64 #include "classfile/systemDictionaryShared.hpp" 65 #endif 66 67 #define NOFAILOVER_MAJOR_VERSION 51 68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 70 #define INLINE_TYPE_MAJOR_VERSION 56 71 #define MAX_ARRAY_DIMENSIONS 255 72 73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 74 75 extern "C" { 76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 77 } 78 79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr; 80 81 static verify_byte_codes_fn_t verify_byte_codes_fn() { 82 83 if (_verify_byte_codes_fn != nullptr) 84 return _verify_byte_codes_fn; 85 86 MutexLocker locker(Verify_lock); 87 88 if (_verify_byte_codes_fn != nullptr) 89 return _verify_byte_codes_fn; 90 91 void *lib_handle = nullptr; 92 // Load verify dll 93 if (is_vm_statically_linked()) { 94 lib_handle = os::get_default_process_handle(); 95 } else { 96 char buffer[JVM_MAXPATHLEN]; 97 char ebuf[1024]; 98 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 99 return nullptr; // Caller will throw VerifyError 100 101 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 102 if (lib_handle == nullptr) 103 return nullptr; // Caller will throw VerifyError 104 } 105 106 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 107 if (fn == nullptr) 108 return nullptr; // Caller will throw VerifyError 109 110 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 111 } 112 113 114 // Methods in Verifier 115 116 // This method determines whether we run the verifier and class file format checking code. 117 bool Verifier::should_verify_for(oop class_loader) { 118 return class_loader == nullptr ? 119 BytecodeVerificationLocal : BytecodeVerificationRemote; 120 } 121 122 // This method determines whether we allow package access in access checks in reflection. 123 bool Verifier::relax_access_for(oop loader) { 124 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 125 bool need_verify = 126 // verifyAll 127 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 128 // verifyRemote 129 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 130 return !need_verify; 131 } 132 133 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above, 134 // or pass true for redefinition of any class. 135 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 136 Symbol* name = klass->name(); 137 138 return (should_verify_class && 139 // Can not verify the bytecodes for shared classes because they have 140 // already been rewritten to contain constant pool cache indices, 141 // which the verifier can't understand. 142 // Shared classes shouldn't have stackmaps either. 143 // However, bytecodes for shared old classes can be verified because 144 // they have not been rewritten. 145 !(klass->is_shared() && klass->is_rewritten())); 146 } 147 148 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 149 assert(verify_class != nullptr, "Unexpected null verify_class"); 150 ResourceMark rm; 151 Symbol* s = verify_class->source_file_name(); 152 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr); 153 const char* verify = verify_class->external_name(); 154 const char* resolve = resolve_class->external_name(); 155 // print in a single call to reduce interleaving between threads 156 if (source_file != nullptr) { 157 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 158 } else { 159 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 160 } 161 } 162 163 // Prints the end-verification message to the appropriate output. 164 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 165 if (pending_exception != nullptr) { 166 st->print("Verification for %s has", klassName); 167 oop message = java_lang_Throwable::message(pending_exception); 168 if (message != nullptr) { 169 char* ex_msg = java_lang_String::as_utf8_string(message); 170 st->print_cr(" exception pending '%s %s'", 171 pending_exception->klass()->external_name(), ex_msg); 172 } else { 173 st->print_cr(" exception pending %s ", 174 pending_exception->klass()->external_name()); 175 } 176 } else if (exception_name != nullptr) { 177 st->print_cr("Verification for %s failed", klassName); 178 } 179 st->print_cr("End class verification for: %s", klassName); 180 } 181 182 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 183 HandleMark hm(THREAD); 184 ResourceMark rm(THREAD); 185 186 // Eagerly allocate the identity hash code for a klass. This is a fallout 187 // from 6320749 and 8059924: hash code generator is not supposed to be called 188 // during the safepoint, but it allows to sneak the hashcode in during 189 // verification. Without this eager hashcode generation, we may end up 190 // installing the hashcode during some other operation, which may be at 191 // safepoint -- blowing up the checks. It was previously done as the side 192 // effect (sic!) for external_name(), but instead of doing that, we opt to 193 // explicitly push the hashcode in here. This is signify the following block 194 // is IMPORTANT: 195 if (klass->java_mirror() != nullptr) { 196 klass->java_mirror()->identity_hash(); 197 } 198 199 if (!is_eligible_for_verification(klass, should_verify_class)) { 200 return true; 201 } 202 203 // Timer includes any side effects of class verification (resolution, 204 // etc), but not recursive calls to Verifier::verify(). 205 JavaThread* jt = THREAD; 206 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 207 ClassLoader::perf_class_verify_selftime(), 208 ClassLoader::perf_classes_verified(), 209 jt->get_thread_stat()->perf_recursion_counts_addr(), 210 jt->get_thread_stat()->perf_timers_addr(), 211 PerfClassTraceTime::CLASS_VERIFY); 212 213 // If the class should be verified, first see if we can use the split 214 // verifier. If not, or if verification fails and can failover, then 215 // call the inference verifier. 216 Symbol* exception_name = nullptr; 217 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 218 char* message_buffer = nullptr; 219 char* exception_message = nullptr; 220 221 log_info(class, init)("Start class verification for: %s", klass->external_name()); 222 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 223 ClassVerifier split_verifier(jt, klass); 224 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 225 split_verifier.verify_class(THREAD); 226 exception_name = split_verifier.result(); 227 228 // If dumping static archive then don't fall back to the old verifier on 229 // verification failure. If a class fails verification with the split verifier, 230 // it might fail the CDS runtime verifier constraint check. In that case, we 231 // don't want to share the class. We only archive classes that pass the split 232 // verifier. 233 bool can_failover = !CDSConfig::is_dumping_static_archive() && 234 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 235 236 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 237 (exception_name == vmSymbols::java_lang_VerifyError() || 238 exception_name == vmSymbols::java_lang_ClassFormatError())) { 239 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 240 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 241 #if INCLUDE_CDS 242 // Exclude any classes that fail over during dynamic dumping 243 if (CDSConfig::is_dumping_dynamic_archive()) { 244 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping"); 245 SystemDictionaryShared::set_excluded(klass); 246 } 247 #endif 248 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 249 exception_message = message_buffer; 250 exception_name = inference_verify( 251 klass, message_buffer, message_buffer_len, THREAD); 252 } 253 if (exception_name != nullptr) { 254 exception_message = split_verifier.exception_message(); 255 } 256 } else { 257 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 258 exception_message = message_buffer; 259 exception_name = inference_verify( 260 klass, message_buffer, message_buffer_len, THREAD); 261 } 262 263 LogTarget(Info, class, init) lt1; 264 if (lt1.is_enabled()) { 265 LogStream ls(lt1); 266 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 267 } 268 LogTarget(Info, verification) lt2; 269 if (lt2.is_enabled()) { 270 LogStream ls(lt2); 271 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 272 } 273 274 if (HAS_PENDING_EXCEPTION) { 275 return false; // use the existing exception 276 } else if (exception_name == nullptr) { 277 return true; // verification succeeded 278 } else { // VerifyError or ClassFormatError to be created and thrown 279 Klass* kls = 280 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 281 if (log_is_enabled(Debug, class, resolve)) { 282 Verifier::trace_class_resolution(kls, klass); 283 } 284 285 while (kls != nullptr) { 286 if (kls == klass) { 287 // If the class being verified is the exception we're creating 288 // or one of it's superclasses, we're in trouble and are going 289 // to infinitely recurse when we try to initialize the exception. 290 // So bail out here by throwing the preallocated VM error. 291 THROW_OOP_(Universe::internal_error_instance(), false); 292 } 293 kls = kls->super(); 294 } 295 if (message_buffer != nullptr) { 296 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 297 } 298 assert(exception_message != nullptr, ""); 299 THROW_MSG_(exception_name, exception_message, false); 300 } 301 } 302 303 Symbol* Verifier::inference_verify( 304 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 305 JavaThread* thread = THREAD; 306 307 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 308 309 if (verify_func == nullptr) { 310 jio_snprintf(message, message_len, "Could not link verifier"); 311 return vmSymbols::java_lang_VerifyError(); 312 } 313 314 ResourceMark rm(thread); 315 log_info(verification)("Verifying class %s with old format", klass->external_name()); 316 317 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 318 jint result; 319 320 { 321 HandleMark hm(thread); 322 ThreadToNativeFromVM ttn(thread); 323 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 324 // code knows that we have left the VM 325 JNIEnv *env = thread->jni_environment(); 326 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 327 } 328 329 JNIHandles::destroy_local(cls); 330 331 // These numbers are chosen so that VerifyClassCodes interface doesn't need 332 // to be changed (still return jboolean (unsigned char)), and result is 333 // 1 when verification is passed. 334 if (result == 0) { 335 return vmSymbols::java_lang_VerifyError(); 336 } else if (result == 1) { 337 return nullptr; // verified. 338 } else if (result == 2) { 339 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr); 340 } else if (result == 3) { 341 return vmSymbols::java_lang_ClassFormatError(); 342 } else { 343 ShouldNotReachHere(); 344 return nullptr; 345 } 346 } 347 348 TypeOrigin TypeOrigin::null() { 349 return TypeOrigin(); 350 } 351 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) { 352 assert(frame != nullptr, "Must have a frame"); 353 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 354 frame->local_at(index)); 355 } 356 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) { 357 assert(frame != nullptr, "Must have a frame"); 358 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 359 frame->stack_at(index)); 360 } 361 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) { 362 assert(frame != nullptr, "Must have a frame"); 363 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 364 frame->local_at(index)); 365 } 366 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) { 367 assert(frame != nullptr, "Must have a frame"); 368 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 369 frame->stack_at(index)); 370 } 371 TypeOrigin TypeOrigin::bad_index(int index) { 372 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type()); 373 } 374 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) { 375 return TypeOrigin(CONST_POOL, index, nullptr, vt); 376 } 377 TypeOrigin TypeOrigin::signature(VerificationType vt) { 378 return TypeOrigin(SIG, 0, nullptr, vt); 379 } 380 TypeOrigin TypeOrigin::implicit(VerificationType t) { 381 return TypeOrigin(IMPLICIT, 0, nullptr, t); 382 } 383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 384 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 385 VerificationType::bogus_type()); 386 } 387 388 void TypeOrigin::reset_frame() { 389 if (_frame != nullptr) { 390 _frame->restore(); 391 } 392 } 393 394 void TypeOrigin::details(outputStream* ss) const { 395 _type.print_on(ss); 396 switch (_origin) { 397 case CF_LOCALS: 398 ss->print(" (current frame, locals[%d])", _index); 399 break; 400 case CF_STACK: 401 ss->print(" (current frame, stack[%d])", _index); 402 break; 403 case SM_LOCALS: 404 ss->print(" (stack map, locals[%d])", _index); 405 break; 406 case SM_STACK: 407 ss->print(" (stack map, stack[%d])", _index); 408 break; 409 case CONST_POOL: 410 ss->print(" (constant pool %d)", _index); 411 break; 412 case SIG: 413 ss->print(" (from method signature)"); 414 break; 415 case IMPLICIT: 416 case FRAME_ONLY: 417 case NONE: 418 default: 419 ; 420 } 421 } 422 423 #ifdef ASSERT 424 void TypeOrigin::print_on(outputStream* str) const { 425 str->print("{%d,%d,%p:", _origin, _index, _frame); 426 if (_frame != nullptr) { 427 _frame->print_on(str); 428 } else { 429 str->print("null"); 430 } 431 str->print(","); 432 _type.print_on(str); 433 str->print("}"); 434 } 435 #endif 436 437 void ErrorContext::details(outputStream* ss, const Method* method) const { 438 if (is_valid()) { 439 ss->cr(); 440 ss->print_cr("Exception Details:"); 441 location_details(ss, method); 442 reason_details(ss); 443 frame_details(ss); 444 bytecode_details(ss, method); 445 handler_details(ss, method); 446 stackmap_details(ss, method); 447 } 448 } 449 450 void ErrorContext::reason_details(outputStream* ss) const { 451 streamIndentor si(ss); 452 ss->indent().print_cr("Reason:"); 453 streamIndentor si2(ss); 454 ss->indent().print("%s", ""); 455 switch (_fault) { 456 case INVALID_BYTECODE: 457 ss->print("Error exists in the bytecode"); 458 break; 459 case WRONG_TYPE: 460 if (_expected.is_valid()) { 461 ss->print("Type "); 462 _type.details(ss); 463 ss->print(" is not assignable to "); 464 _expected.details(ss); 465 } else { 466 ss->print("Invalid type: "); 467 _type.details(ss); 468 } 469 break; 470 case FLAGS_MISMATCH: 471 if (_expected.is_valid()) { 472 ss->print("Current frame's flags are not assignable " 473 "to stack map frame's."); 474 } else { 475 ss->print("Current frame's flags are invalid in this context."); 476 } 477 break; 478 case BAD_CP_INDEX: 479 ss->print("Constant pool index %d is invalid", _type.index()); 480 break; 481 case BAD_LOCAL_INDEX: 482 ss->print("Local index %d is invalid", _type.index()); 483 break; 484 case BAD_STRICT_FIELDS: 485 ss->print("Invalid use of strict instance fields"); 486 break; 487 case LOCALS_SIZE_MISMATCH: 488 ss->print("Current frame's local size doesn't match stackmap."); 489 break; 490 case STACK_SIZE_MISMATCH: 491 ss->print("Current frame's stack size doesn't match stackmap."); 492 break; 493 case STRICT_FIELDS_MISMATCH: 494 ss->print("Current frame's strict instance fields not compatible with stackmap."); 495 break; 496 case STACK_OVERFLOW: 497 ss->print("Exceeded max stack size."); 498 break; 499 case STACK_UNDERFLOW: 500 ss->print("Attempt to pop empty stack."); 501 break; 502 case MISSING_STACKMAP: 503 ss->print("Expected stackmap frame at this location."); 504 break; 505 case BAD_STACKMAP: 506 ss->print("Invalid stackmap specification."); 507 break; 508 case WRONG_INLINE_TYPE: 509 ss->print("Type "); 510 _type.details(ss); 511 ss->print(" and type "); 512 _expected.details(ss); 513 ss->print(" must be identical inline types."); 514 break; 515 case UNKNOWN: 516 default: 517 ShouldNotReachHere(); 518 ss->print_cr("Unknown"); 519 } 520 ss->cr(); 521 } 522 523 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 524 if (_bci != -1 && method != nullptr) { 525 streamIndentor si(ss); 526 const char* bytecode_name = "<invalid>"; 527 if (method->validate_bci(_bci) != -1) { 528 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 529 if (Bytecodes::is_defined(code)) { 530 bytecode_name = Bytecodes::name(code); 531 } else { 532 bytecode_name = "<illegal>"; 533 } 534 } 535 InstanceKlass* ik = method->method_holder(); 536 ss->indent().print_cr("Location:"); 537 streamIndentor si2(ss); 538 ss->indent().print_cr("%s.%s%s @%d: %s", 539 ik->name()->as_C_string(), method->name()->as_C_string(), 540 method->signature()->as_C_string(), _bci, bytecode_name); 541 } 542 } 543 544 void ErrorContext::frame_details(outputStream* ss) const { 545 streamIndentor si(ss); 546 if (_type.is_valid() && _type.frame() != nullptr) { 547 ss->indent().print_cr("Current Frame:"); 548 streamIndentor si2(ss); 549 _type.frame()->print_on(ss); 550 } 551 if (_expected.is_valid() && _expected.frame() != nullptr) { 552 ss->indent().print_cr("Stackmap Frame:"); 553 streamIndentor si2(ss); 554 _expected.frame()->print_on(ss); 555 } 556 } 557 558 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 559 if (method != nullptr) { 560 streamIndentor si(ss); 561 ss->indent().print_cr("Bytecode:"); 562 streamIndentor si2(ss); 563 ss->print_data(method->code_base(), method->code_size(), false); 564 } 565 } 566 567 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 568 if (method != nullptr) { 569 streamIndentor si(ss); 570 ExceptionTable table(method); 571 if (table.length() > 0) { 572 ss->indent().print_cr("Exception Handler Table:"); 573 streamIndentor si2(ss); 574 for (int i = 0; i < table.length(); ++i) { 575 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 576 table.end_pc(i), table.handler_pc(i)); 577 } 578 } 579 } 580 } 581 582 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 583 if (method != nullptr && method->has_stackmap_table()) { 584 streamIndentor si(ss); 585 ss->indent().print_cr("Stackmap Table:"); 586 Array<u1>* data = method->stackmap_data(); 587 stack_map_table* sm_table = 588 stack_map_table::at((address)data->adr_at(0)); 589 stack_map_frame* sm_frame = sm_table->entries(); 590 streamIndentor si2(ss); 591 int current_offset = -1; 592 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 593 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 594 ss->indent(); 595 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 596 sm_frame->print_truncated(ss, current_offset); 597 return; 598 } 599 sm_frame->print_on(ss, current_offset); 600 ss->cr(); 601 current_offset += sm_frame->offset_delta(); 602 sm_frame = sm_frame->next(); 603 } 604 } 605 } 606 607 // Methods in ClassVerifier 608 609 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 610 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr), 611 _message(nullptr), _klass(klass) { 612 _this_type = VerificationType::reference_type(klass->name()); 613 } 614 615 ClassVerifier::~ClassVerifier() { 616 // Decrement the reference count for any symbols created. 617 if (_symbols != nullptr) { 618 for (int i = 0; i < _symbols->length(); i++) { 619 Symbol* s = _symbols->at(i); 620 s->decrement_refcount(); 621 } 622 } 623 } 624 625 VerificationType ClassVerifier::object_type() const { 626 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 627 } 628 629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 630 VerificationType vt = VerificationType::reference_type( 631 create_temporary_symbol(sig, (int)strlen(sig))); 632 return TypeOrigin::implicit(vt); 633 } 634 635 static bool supports_strict_fields(InstanceKlass* klass) { 636 int ver = klass->major_version(); 637 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION || 638 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION); 639 } 640 641 void ClassVerifier::verify_class(TRAPS) { 642 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 643 644 // Either verifying both local and remote classes or just remote classes. 645 assert(BytecodeVerificationRemote, "Should not be here"); 646 647 Array<Method*>* methods = _klass->methods(); 648 int num_methods = methods->length(); 649 650 for (int index = 0; index < num_methods; index++) { 651 // Check for recursive re-verification before each method. 652 if (was_recursively_verified()) return; 653 654 Method* m = methods->at(index); 655 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 656 // If m is native or abstract, skip it. It is checked in class file 657 // parser that methods do not override a final method. Overpass methods 658 // are trusted since the VM generates them. 659 continue; 660 } 661 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 662 } 663 664 if (was_recursively_verified()){ 665 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 666 log_info(class, init)("Recursive verification detected for: %s", 667 _klass->external_name()); 668 } 669 } 670 671 // Translate the signature entries into verification types and save them in 672 // the growable array. Also, save the count of arguments. 673 void ClassVerifier::translate_signature(Symbol* const method_sig, 674 sig_as_verification_types* sig_verif_types) { 675 SignatureStream sig_stream(method_sig); 676 VerificationType sig_type[2]; 677 int sig_i = 0; 678 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 679 680 // Translate the signature arguments into verification types. 681 while (!sig_stream.at_return_type()) { 682 int n = change_sig_to_verificationType(&sig_stream, sig_type); 683 assert(n <= 2, "Unexpected signature type"); 684 685 // Store verification type(s). Longs and Doubles each have two verificationTypes. 686 for (int x = 0; x < n; x++) { 687 verif_types->push(sig_type[x]); 688 } 689 sig_i += n; 690 sig_stream.next(); 691 } 692 693 // Set final arg count, not including the return type. The final arg count will 694 // be compared with sig_verify_types' length to see if there is a return type. 695 sig_verif_types->set_num_args(sig_i); 696 697 // Store verification type(s) for the return type, if there is one. 698 if (sig_stream.type() != T_VOID) { 699 int n = change_sig_to_verificationType(&sig_stream, sig_type); 700 assert(n <= 2, "Unexpected signature return type"); 701 for (int y = 0; y < n; y++) { 702 verif_types->push(sig_type[y]); 703 } 704 } 705 } 706 707 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 708 int sig_index) { 709 // Translate the signature into verification types. 710 ConstantPool* cp = _klass->constants(); 711 Symbol* const method_sig = cp->symbol_at(sig_index); 712 translate_signature(method_sig, sig_verif_types); 713 714 // Add the list of this signature's verification types to the table. 715 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 716 assert(is_unique, "Duplicate entries in method_signature_table"); 717 } 718 719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 720 HandleMark hm(THREAD); 721 _method = m; // initialize _method 722 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 723 724 // For clang, the only good constant format string is a literal constant format string. 725 #define bad_type_msg "Bad type on operand stack in %s" 726 727 u2 max_stack = m->verifier_max_stack(); 728 u2 max_locals = m->max_locals(); 729 constantPoolHandle cp(THREAD, m->constants()); 730 731 // Method signature was checked in ClassFileParser. 732 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 733 "Invalid method signature"); 734 735 // Collect the initial strict instance fields 736 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable(); 737 if (m->is_object_constructor()) { 738 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) { 739 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) { 740 NameAndSig new_field(fs.name(), fs.signature()); 741 if (IgnoreAssertUnsetFields) { 742 strict_fields->put(new_field, true); 743 } else { 744 strict_fields->put(new_field, false); 745 } 746 } 747 } 748 } 749 750 // Initial stack map frame: offset is 0, stack is initially empty. 751 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this); 752 // Set initial locals 753 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 754 755 u2 stackmap_index = 0; // index to the stackmap array 756 757 u4 code_length = m->code_size(); 758 759 // Scan the bytecode and map each instruction's start offset to a number. 760 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 761 762 int ex_min = code_length; 763 int ex_max = -1; 764 // Look through each item on the exception table. Each of the fields must refer 765 // to a legal instruction. 766 if (was_recursively_verified()) return; 767 verify_exception_handler_table( 768 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 769 770 // Look through each entry on the local variable table and make sure 771 // its range of code array offsets is valid. (4169817) 772 if (m->has_localvariable_table()) { 773 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 774 } 775 776 Array<u1>* stackmap_data = m->stackmap_data(); 777 StackMapStream stream(stackmap_data); 778 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD); 779 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this)); 780 781 LogTarget(Debug, verification) lt; 782 if (lt.is_enabled()) { 783 LogStream ls(lt); 784 stackmap_table.print_on(&ls); 785 } 786 787 RawBytecodeStream bcs(m); 788 789 // Scan the byte code linearly from the start to the end 790 bool no_control_flow = false; // Set to true when there is no direct control 791 // flow from current instruction to the next 792 // instruction in sequence 793 794 Bytecodes::Code opcode; 795 while (!bcs.is_last_bytecode()) { 796 // Check for recursive re-verification before each bytecode. 797 if (was_recursively_verified()) return; 798 799 opcode = bcs.raw_next(); 800 int bci = bcs.bci(); 801 802 // Set current frame's offset to bci 803 current_frame.set_offset(bci); 804 current_frame.set_mark(); 805 806 // Make sure every offset in stackmap table point to the beginning to 807 // an instruction. Match current_frame to stackmap_table entry with 808 // the same offset if exists. 809 stackmap_index = verify_stackmap_table( 810 stackmap_index, bci, ¤t_frame, &stackmap_table, 811 no_control_flow, CHECK_VERIFY(this)); 812 813 814 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 815 bool verified_exc_handlers = false; 816 817 // Merge with the next instruction 818 { 819 int target; 820 VerificationType type, type2; 821 VerificationType atype; 822 823 LogTarget(Debug, verification) lt; 824 if (lt.is_enabled()) { 825 LogStream ls(lt); 826 current_frame.print_on(&ls); 827 lt.print("offset = %d, opcode = %s", bci, 828 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 829 } 830 831 // Make sure wide instruction is in correct format 832 if (bcs.is_wide()) { 833 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 834 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 835 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 836 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 837 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 838 opcode != Bytecodes::_dstore) { 839 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 840 * if we encounter a wide instruction that modifies an invalid 841 * opcode (not one of the ones listed above) */ 842 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 843 return; 844 } 845 } 846 847 // Look for possible jump target in exception handlers and see if it 848 // matches current_frame. Do this check here for astore*, dstore*, 849 // fstore*, istore*, and lstore* opcodes because they can change the type 850 // state by adding a local. JVM Spec says that the incoming type state 851 // should be used for this check. So, do the check here before a possible 852 // local is added to the type state. 853 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 854 if (was_recursively_verified()) return; 855 verify_exception_handler_targets( 856 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 857 verified_exc_handlers = true; 858 } 859 860 if (was_recursively_verified()) return; 861 862 switch (opcode) { 863 case Bytecodes::_nop : 864 no_control_flow = false; break; 865 case Bytecodes::_aconst_null : 866 current_frame.push_stack( 867 VerificationType::null_type(), CHECK_VERIFY(this)); 868 no_control_flow = false; break; 869 case Bytecodes::_iconst_m1 : 870 case Bytecodes::_iconst_0 : 871 case Bytecodes::_iconst_1 : 872 case Bytecodes::_iconst_2 : 873 case Bytecodes::_iconst_3 : 874 case Bytecodes::_iconst_4 : 875 case Bytecodes::_iconst_5 : 876 current_frame.push_stack( 877 VerificationType::integer_type(), CHECK_VERIFY(this)); 878 no_control_flow = false; break; 879 case Bytecodes::_lconst_0 : 880 case Bytecodes::_lconst_1 : 881 current_frame.push_stack_2( 882 VerificationType::long_type(), 883 VerificationType::long2_type(), CHECK_VERIFY(this)); 884 no_control_flow = false; break; 885 case Bytecodes::_fconst_0 : 886 case Bytecodes::_fconst_1 : 887 case Bytecodes::_fconst_2 : 888 current_frame.push_stack( 889 VerificationType::float_type(), CHECK_VERIFY(this)); 890 no_control_flow = false; break; 891 case Bytecodes::_dconst_0 : 892 case Bytecodes::_dconst_1 : 893 current_frame.push_stack_2( 894 VerificationType::double_type(), 895 VerificationType::double2_type(), CHECK_VERIFY(this)); 896 no_control_flow = false; break; 897 case Bytecodes::_sipush : 898 case Bytecodes::_bipush : 899 current_frame.push_stack( 900 VerificationType::integer_type(), CHECK_VERIFY(this)); 901 no_control_flow = false; break; 902 case Bytecodes::_ldc : 903 verify_ldc( 904 opcode, bcs.get_index_u1(), ¤t_frame, 905 cp, bci, CHECK_VERIFY(this)); 906 no_control_flow = false; break; 907 case Bytecodes::_ldc_w : 908 case Bytecodes::_ldc2_w : 909 verify_ldc( 910 opcode, bcs.get_index_u2(), ¤t_frame, 911 cp, bci, CHECK_VERIFY(this)); 912 no_control_flow = false; break; 913 case Bytecodes::_iload : 914 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 915 no_control_flow = false; break; 916 case Bytecodes::_iload_0 : 917 case Bytecodes::_iload_1 : 918 case Bytecodes::_iload_2 : 919 case Bytecodes::_iload_3 : { 920 int index = opcode - Bytecodes::_iload_0; 921 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 922 no_control_flow = false; break; 923 } 924 case Bytecodes::_lload : 925 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 926 no_control_flow = false; break; 927 case Bytecodes::_lload_0 : 928 case Bytecodes::_lload_1 : 929 case Bytecodes::_lload_2 : 930 case Bytecodes::_lload_3 : { 931 int index = opcode - Bytecodes::_lload_0; 932 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 933 no_control_flow = false; break; 934 } 935 case Bytecodes::_fload : 936 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 937 no_control_flow = false; break; 938 case Bytecodes::_fload_0 : 939 case Bytecodes::_fload_1 : 940 case Bytecodes::_fload_2 : 941 case Bytecodes::_fload_3 : { 942 int index = opcode - Bytecodes::_fload_0; 943 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 944 no_control_flow = false; break; 945 } 946 case Bytecodes::_dload : 947 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 948 no_control_flow = false; break; 949 case Bytecodes::_dload_0 : 950 case Bytecodes::_dload_1 : 951 case Bytecodes::_dload_2 : 952 case Bytecodes::_dload_3 : { 953 int index = opcode - Bytecodes::_dload_0; 954 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 955 no_control_flow = false; break; 956 } 957 case Bytecodes::_aload : 958 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 959 no_control_flow = false; break; 960 case Bytecodes::_aload_0 : 961 case Bytecodes::_aload_1 : 962 case Bytecodes::_aload_2 : 963 case Bytecodes::_aload_3 : { 964 int index = opcode - Bytecodes::_aload_0; 965 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 966 no_control_flow = false; break; 967 } 968 case Bytecodes::_iaload : 969 type = current_frame.pop_stack( 970 VerificationType::integer_type(), CHECK_VERIFY(this)); 971 atype = current_frame.pop_stack( 972 VerificationType::reference_check(), CHECK_VERIFY(this)); 973 if (!atype.is_int_array()) { 974 verify_error(ErrorContext::bad_type(bci, 975 current_frame.stack_top_ctx(), ref_ctx("[I")), 976 bad_type_msg, "iaload"); 977 return; 978 } 979 current_frame.push_stack( 980 VerificationType::integer_type(), CHECK_VERIFY(this)); 981 no_control_flow = false; break; 982 case Bytecodes::_baload : 983 type = current_frame.pop_stack( 984 VerificationType::integer_type(), CHECK_VERIFY(this)); 985 atype = current_frame.pop_stack( 986 VerificationType::reference_check(), CHECK_VERIFY(this)); 987 if (!atype.is_bool_array() && !atype.is_byte_array()) { 988 verify_error( 989 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 990 bad_type_msg, "baload"); 991 return; 992 } 993 current_frame.push_stack( 994 VerificationType::integer_type(), CHECK_VERIFY(this)); 995 no_control_flow = false; break; 996 case Bytecodes::_caload : 997 type = current_frame.pop_stack( 998 VerificationType::integer_type(), CHECK_VERIFY(this)); 999 atype = current_frame.pop_stack( 1000 VerificationType::reference_check(), CHECK_VERIFY(this)); 1001 if (!atype.is_char_array()) { 1002 verify_error(ErrorContext::bad_type(bci, 1003 current_frame.stack_top_ctx(), ref_ctx("[C")), 1004 bad_type_msg, "caload"); 1005 return; 1006 } 1007 current_frame.push_stack( 1008 VerificationType::integer_type(), CHECK_VERIFY(this)); 1009 no_control_flow = false; break; 1010 case Bytecodes::_saload : 1011 type = current_frame.pop_stack( 1012 VerificationType::integer_type(), CHECK_VERIFY(this)); 1013 atype = current_frame.pop_stack( 1014 VerificationType::reference_check(), CHECK_VERIFY(this)); 1015 if (!atype.is_short_array()) { 1016 verify_error(ErrorContext::bad_type(bci, 1017 current_frame.stack_top_ctx(), ref_ctx("[S")), 1018 bad_type_msg, "saload"); 1019 return; 1020 } 1021 current_frame.push_stack( 1022 VerificationType::integer_type(), CHECK_VERIFY(this)); 1023 no_control_flow = false; break; 1024 case Bytecodes::_laload : 1025 type = current_frame.pop_stack( 1026 VerificationType::integer_type(), CHECK_VERIFY(this)); 1027 atype = current_frame.pop_stack( 1028 VerificationType::reference_check(), CHECK_VERIFY(this)); 1029 if (!atype.is_long_array()) { 1030 verify_error(ErrorContext::bad_type(bci, 1031 current_frame.stack_top_ctx(), ref_ctx("[J")), 1032 bad_type_msg, "laload"); 1033 return; 1034 } 1035 current_frame.push_stack_2( 1036 VerificationType::long_type(), 1037 VerificationType::long2_type(), CHECK_VERIFY(this)); 1038 no_control_flow = false; break; 1039 case Bytecodes::_faload : 1040 type = current_frame.pop_stack( 1041 VerificationType::integer_type(), CHECK_VERIFY(this)); 1042 atype = current_frame.pop_stack( 1043 VerificationType::reference_check(), CHECK_VERIFY(this)); 1044 if (!atype.is_float_array()) { 1045 verify_error(ErrorContext::bad_type(bci, 1046 current_frame.stack_top_ctx(), ref_ctx("[F")), 1047 bad_type_msg, "faload"); 1048 return; 1049 } 1050 current_frame.push_stack( 1051 VerificationType::float_type(), CHECK_VERIFY(this)); 1052 no_control_flow = false; break; 1053 case Bytecodes::_daload : 1054 type = current_frame.pop_stack( 1055 VerificationType::integer_type(), CHECK_VERIFY(this)); 1056 atype = current_frame.pop_stack( 1057 VerificationType::reference_check(), CHECK_VERIFY(this)); 1058 if (!atype.is_double_array()) { 1059 verify_error(ErrorContext::bad_type(bci, 1060 current_frame.stack_top_ctx(), ref_ctx("[D")), 1061 bad_type_msg, "daload"); 1062 return; 1063 } 1064 current_frame.push_stack_2( 1065 VerificationType::double_type(), 1066 VerificationType::double2_type(), CHECK_VERIFY(this)); 1067 no_control_flow = false; break; 1068 case Bytecodes::_aaload : { 1069 type = current_frame.pop_stack( 1070 VerificationType::integer_type(), CHECK_VERIFY(this)); 1071 atype = current_frame.pop_stack( 1072 VerificationType::reference_check(), CHECK_VERIFY(this)); 1073 if (!atype.is_reference_array()) { 1074 verify_error(ErrorContext::bad_type(bci, 1075 current_frame.stack_top_ctx(), 1076 TypeOrigin::implicit(VerificationType::reference_check())), 1077 bad_type_msg, "aaload"); 1078 return; 1079 } 1080 if (atype.is_null()) { 1081 current_frame.push_stack( 1082 VerificationType::null_type(), CHECK_VERIFY(this)); 1083 } else { 1084 VerificationType component = atype.get_component(this); 1085 current_frame.push_stack(component, CHECK_VERIFY(this)); 1086 } 1087 no_control_flow = false; break; 1088 } 1089 case Bytecodes::_istore : 1090 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1091 no_control_flow = false; break; 1092 case Bytecodes::_istore_0 : 1093 case Bytecodes::_istore_1 : 1094 case Bytecodes::_istore_2 : 1095 case Bytecodes::_istore_3 : { 1096 int index = opcode - Bytecodes::_istore_0; 1097 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1098 no_control_flow = false; break; 1099 } 1100 case Bytecodes::_lstore : 1101 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1102 no_control_flow = false; break; 1103 case Bytecodes::_lstore_0 : 1104 case Bytecodes::_lstore_1 : 1105 case Bytecodes::_lstore_2 : 1106 case Bytecodes::_lstore_3 : { 1107 int index = opcode - Bytecodes::_lstore_0; 1108 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1109 no_control_flow = false; break; 1110 } 1111 case Bytecodes::_fstore : 1112 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1113 no_control_flow = false; break; 1114 case Bytecodes::_fstore_0 : 1115 case Bytecodes::_fstore_1 : 1116 case Bytecodes::_fstore_2 : 1117 case Bytecodes::_fstore_3 : { 1118 int index = opcode - Bytecodes::_fstore_0; 1119 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1120 no_control_flow = false; break; 1121 } 1122 case Bytecodes::_dstore : 1123 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1124 no_control_flow = false; break; 1125 case Bytecodes::_dstore_0 : 1126 case Bytecodes::_dstore_1 : 1127 case Bytecodes::_dstore_2 : 1128 case Bytecodes::_dstore_3 : { 1129 int index = opcode - Bytecodes::_dstore_0; 1130 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1131 no_control_flow = false; break; 1132 } 1133 case Bytecodes::_astore : 1134 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1135 no_control_flow = false; break; 1136 case Bytecodes::_astore_0 : 1137 case Bytecodes::_astore_1 : 1138 case Bytecodes::_astore_2 : 1139 case Bytecodes::_astore_3 : { 1140 int index = opcode - Bytecodes::_astore_0; 1141 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1142 no_control_flow = false; break; 1143 } 1144 case Bytecodes::_iastore : 1145 type = current_frame.pop_stack( 1146 VerificationType::integer_type(), CHECK_VERIFY(this)); 1147 type2 = current_frame.pop_stack( 1148 VerificationType::integer_type(), CHECK_VERIFY(this)); 1149 atype = current_frame.pop_stack( 1150 VerificationType::reference_check(), CHECK_VERIFY(this)); 1151 if (!atype.is_int_array()) { 1152 verify_error(ErrorContext::bad_type(bci, 1153 current_frame.stack_top_ctx(), ref_ctx("[I")), 1154 bad_type_msg, "iastore"); 1155 return; 1156 } 1157 no_control_flow = false; break; 1158 case Bytecodes::_bastore : 1159 type = current_frame.pop_stack( 1160 VerificationType::integer_type(), CHECK_VERIFY(this)); 1161 type2 = current_frame.pop_stack( 1162 VerificationType::integer_type(), CHECK_VERIFY(this)); 1163 atype = current_frame.pop_stack( 1164 VerificationType::reference_check(), CHECK_VERIFY(this)); 1165 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1166 verify_error( 1167 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1168 bad_type_msg, "bastore"); 1169 return; 1170 } 1171 no_control_flow = false; break; 1172 case Bytecodes::_castore : 1173 current_frame.pop_stack( 1174 VerificationType::integer_type(), CHECK_VERIFY(this)); 1175 current_frame.pop_stack( 1176 VerificationType::integer_type(), CHECK_VERIFY(this)); 1177 atype = current_frame.pop_stack( 1178 VerificationType::reference_check(), CHECK_VERIFY(this)); 1179 if (!atype.is_char_array()) { 1180 verify_error(ErrorContext::bad_type(bci, 1181 current_frame.stack_top_ctx(), ref_ctx("[C")), 1182 bad_type_msg, "castore"); 1183 return; 1184 } 1185 no_control_flow = false; break; 1186 case Bytecodes::_sastore : 1187 current_frame.pop_stack( 1188 VerificationType::integer_type(), CHECK_VERIFY(this)); 1189 current_frame.pop_stack( 1190 VerificationType::integer_type(), CHECK_VERIFY(this)); 1191 atype = current_frame.pop_stack( 1192 VerificationType::reference_check(), CHECK_VERIFY(this)); 1193 if (!atype.is_short_array()) { 1194 verify_error(ErrorContext::bad_type(bci, 1195 current_frame.stack_top_ctx(), ref_ctx("[S")), 1196 bad_type_msg, "sastore"); 1197 return; 1198 } 1199 no_control_flow = false; break; 1200 case Bytecodes::_lastore : 1201 current_frame.pop_stack_2( 1202 VerificationType::long2_type(), 1203 VerificationType::long_type(), CHECK_VERIFY(this)); 1204 current_frame.pop_stack( 1205 VerificationType::integer_type(), CHECK_VERIFY(this)); 1206 atype = current_frame.pop_stack( 1207 VerificationType::reference_check(), CHECK_VERIFY(this)); 1208 if (!atype.is_long_array()) { 1209 verify_error(ErrorContext::bad_type(bci, 1210 current_frame.stack_top_ctx(), ref_ctx("[J")), 1211 bad_type_msg, "lastore"); 1212 return; 1213 } 1214 no_control_flow = false; break; 1215 case Bytecodes::_fastore : 1216 current_frame.pop_stack( 1217 VerificationType::float_type(), CHECK_VERIFY(this)); 1218 current_frame.pop_stack 1219 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1220 atype = current_frame.pop_stack( 1221 VerificationType::reference_check(), CHECK_VERIFY(this)); 1222 if (!atype.is_float_array()) { 1223 verify_error(ErrorContext::bad_type(bci, 1224 current_frame.stack_top_ctx(), ref_ctx("[F")), 1225 bad_type_msg, "fastore"); 1226 return; 1227 } 1228 no_control_flow = false; break; 1229 case Bytecodes::_dastore : 1230 current_frame.pop_stack_2( 1231 VerificationType::double2_type(), 1232 VerificationType::double_type(), CHECK_VERIFY(this)); 1233 current_frame.pop_stack( 1234 VerificationType::integer_type(), CHECK_VERIFY(this)); 1235 atype = current_frame.pop_stack( 1236 VerificationType::reference_check(), CHECK_VERIFY(this)); 1237 if (!atype.is_double_array()) { 1238 verify_error(ErrorContext::bad_type(bci, 1239 current_frame.stack_top_ctx(), ref_ctx("[D")), 1240 bad_type_msg, "dastore"); 1241 return; 1242 } 1243 no_control_flow = false; break; 1244 case Bytecodes::_aastore : 1245 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1246 type2 = current_frame.pop_stack( 1247 VerificationType::integer_type(), CHECK_VERIFY(this)); 1248 atype = current_frame.pop_stack( 1249 VerificationType::reference_check(), CHECK_VERIFY(this)); 1250 // more type-checking is done at runtime 1251 if (!atype.is_reference_array()) { 1252 verify_error(ErrorContext::bad_type(bci, 1253 current_frame.stack_top_ctx(), 1254 TypeOrigin::implicit(VerificationType::reference_check())), 1255 bad_type_msg, "aastore"); 1256 return; 1257 } 1258 // 4938384: relaxed constraint in JVMS 3rd edition. 1259 no_control_flow = false; break; 1260 case Bytecodes::_pop : 1261 current_frame.pop_stack( 1262 VerificationType::category1_check(), CHECK_VERIFY(this)); 1263 no_control_flow = false; break; 1264 case Bytecodes::_pop2 : 1265 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1266 if (type.is_category1()) { 1267 current_frame.pop_stack( 1268 VerificationType::category1_check(), CHECK_VERIFY(this)); 1269 } else if (type.is_category2_2nd()) { 1270 current_frame.pop_stack( 1271 VerificationType::category2_check(), CHECK_VERIFY(this)); 1272 } else { 1273 /* Unreachable? Would need a category2_1st on TOS 1274 * which does not appear possible. */ 1275 verify_error( 1276 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1277 bad_type_msg, "pop2"); 1278 return; 1279 } 1280 no_control_flow = false; break; 1281 case Bytecodes::_dup : 1282 type = current_frame.pop_stack( 1283 VerificationType::category1_check(), CHECK_VERIFY(this)); 1284 current_frame.push_stack(type, CHECK_VERIFY(this)); 1285 current_frame.push_stack(type, CHECK_VERIFY(this)); 1286 no_control_flow = false; break; 1287 case Bytecodes::_dup_x1 : 1288 type = current_frame.pop_stack( 1289 VerificationType::category1_check(), CHECK_VERIFY(this)); 1290 type2 = current_frame.pop_stack( 1291 VerificationType::category1_check(), CHECK_VERIFY(this)); 1292 current_frame.push_stack(type, CHECK_VERIFY(this)); 1293 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1294 current_frame.push_stack(type, CHECK_VERIFY(this)); 1295 no_control_flow = false; break; 1296 case Bytecodes::_dup_x2 : 1297 { 1298 VerificationType type3; 1299 type = current_frame.pop_stack( 1300 VerificationType::category1_check(), CHECK_VERIFY(this)); 1301 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1302 if (type2.is_category1()) { 1303 type3 = current_frame.pop_stack( 1304 VerificationType::category1_check(), CHECK_VERIFY(this)); 1305 } else if (type2.is_category2_2nd()) { 1306 type3 = current_frame.pop_stack( 1307 VerificationType::category2_check(), CHECK_VERIFY(this)); 1308 } else { 1309 /* Unreachable? Would need a category2_1st at stack depth 2 with 1310 * a category1 on TOS which does not appear possible. */ 1311 verify_error(ErrorContext::bad_type( 1312 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1313 return; 1314 } 1315 current_frame.push_stack(type, CHECK_VERIFY(this)); 1316 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1317 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1318 current_frame.push_stack(type, CHECK_VERIFY(this)); 1319 no_control_flow = false; break; 1320 } 1321 case Bytecodes::_dup2 : 1322 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1323 if (type.is_category1()) { 1324 type2 = current_frame.pop_stack( 1325 VerificationType::category1_check(), CHECK_VERIFY(this)); 1326 } else if (type.is_category2_2nd()) { 1327 type2 = current_frame.pop_stack( 1328 VerificationType::category2_check(), CHECK_VERIFY(this)); 1329 } else { 1330 /* Unreachable? Would need a category2_1st on TOS which does not 1331 * appear possible. */ 1332 verify_error( 1333 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1334 bad_type_msg, "dup2"); 1335 return; 1336 } 1337 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1338 current_frame.push_stack(type, CHECK_VERIFY(this)); 1339 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1340 current_frame.push_stack(type, CHECK_VERIFY(this)); 1341 no_control_flow = false; break; 1342 case Bytecodes::_dup2_x1 : 1343 { 1344 VerificationType type3; 1345 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1346 if (type.is_category1()) { 1347 type2 = current_frame.pop_stack( 1348 VerificationType::category1_check(), CHECK_VERIFY(this)); 1349 } else if (type.is_category2_2nd()) { 1350 type2 = current_frame.pop_stack( 1351 VerificationType::category2_check(), CHECK_VERIFY(this)); 1352 } else { 1353 /* Unreachable? Would need a category2_1st on TOS which does 1354 * not appear possible. */ 1355 verify_error( 1356 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1357 bad_type_msg, "dup2_x1"); 1358 return; 1359 } 1360 type3 = current_frame.pop_stack( 1361 VerificationType::category1_check(), CHECK_VERIFY(this)); 1362 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1363 current_frame.push_stack(type, CHECK_VERIFY(this)); 1364 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1365 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1366 current_frame.push_stack(type, CHECK_VERIFY(this)); 1367 no_control_flow = false; break; 1368 } 1369 case Bytecodes::_dup2_x2 : 1370 { 1371 VerificationType type3, type4; 1372 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1373 if (type.is_category1()) { 1374 type2 = current_frame.pop_stack( 1375 VerificationType::category1_check(), CHECK_VERIFY(this)); 1376 } else if (type.is_category2_2nd()) { 1377 type2 = current_frame.pop_stack( 1378 VerificationType::category2_check(), CHECK_VERIFY(this)); 1379 } else { 1380 /* Unreachable? Would need a category2_1st on TOS which does 1381 * not appear possible. */ 1382 verify_error( 1383 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1384 bad_type_msg, "dup2_x2"); 1385 return; 1386 } 1387 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1388 if (type3.is_category1()) { 1389 type4 = current_frame.pop_stack( 1390 VerificationType::category1_check(), CHECK_VERIFY(this)); 1391 } else if (type3.is_category2_2nd()) { 1392 type4 = current_frame.pop_stack( 1393 VerificationType::category2_check(), CHECK_VERIFY(this)); 1394 } else { 1395 /* Unreachable? Would need a category2_1st on TOS after popping 1396 * a long/double or two category 1's, which does not 1397 * appear possible. */ 1398 verify_error( 1399 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1400 bad_type_msg, "dup2_x2"); 1401 return; 1402 } 1403 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1404 current_frame.push_stack(type, CHECK_VERIFY(this)); 1405 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1406 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1407 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1408 current_frame.push_stack(type, CHECK_VERIFY(this)); 1409 no_control_flow = false; break; 1410 } 1411 case Bytecodes::_swap : 1412 type = current_frame.pop_stack( 1413 VerificationType::category1_check(), CHECK_VERIFY(this)); 1414 type2 = current_frame.pop_stack( 1415 VerificationType::category1_check(), CHECK_VERIFY(this)); 1416 current_frame.push_stack(type, CHECK_VERIFY(this)); 1417 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1418 no_control_flow = false; break; 1419 case Bytecodes::_iadd : 1420 case Bytecodes::_isub : 1421 case Bytecodes::_imul : 1422 case Bytecodes::_idiv : 1423 case Bytecodes::_irem : 1424 case Bytecodes::_ishl : 1425 case Bytecodes::_ishr : 1426 case Bytecodes::_iushr : 1427 case Bytecodes::_ior : 1428 case Bytecodes::_ixor : 1429 case Bytecodes::_iand : 1430 current_frame.pop_stack( 1431 VerificationType::integer_type(), CHECK_VERIFY(this)); 1432 // fall through 1433 case Bytecodes::_ineg : 1434 current_frame.pop_stack( 1435 VerificationType::integer_type(), CHECK_VERIFY(this)); 1436 current_frame.push_stack( 1437 VerificationType::integer_type(), CHECK_VERIFY(this)); 1438 no_control_flow = false; break; 1439 case Bytecodes::_ladd : 1440 case Bytecodes::_lsub : 1441 case Bytecodes::_lmul : 1442 case Bytecodes::_ldiv : 1443 case Bytecodes::_lrem : 1444 case Bytecodes::_land : 1445 case Bytecodes::_lor : 1446 case Bytecodes::_lxor : 1447 current_frame.pop_stack_2( 1448 VerificationType::long2_type(), 1449 VerificationType::long_type(), CHECK_VERIFY(this)); 1450 // fall through 1451 case Bytecodes::_lneg : 1452 current_frame.pop_stack_2( 1453 VerificationType::long2_type(), 1454 VerificationType::long_type(), CHECK_VERIFY(this)); 1455 current_frame.push_stack_2( 1456 VerificationType::long_type(), 1457 VerificationType::long2_type(), CHECK_VERIFY(this)); 1458 no_control_flow = false; break; 1459 case Bytecodes::_lshl : 1460 case Bytecodes::_lshr : 1461 case Bytecodes::_lushr : 1462 current_frame.pop_stack( 1463 VerificationType::integer_type(), CHECK_VERIFY(this)); 1464 current_frame.pop_stack_2( 1465 VerificationType::long2_type(), 1466 VerificationType::long_type(), CHECK_VERIFY(this)); 1467 current_frame.push_stack_2( 1468 VerificationType::long_type(), 1469 VerificationType::long2_type(), CHECK_VERIFY(this)); 1470 no_control_flow = false; break; 1471 case Bytecodes::_fadd : 1472 case Bytecodes::_fsub : 1473 case Bytecodes::_fmul : 1474 case Bytecodes::_fdiv : 1475 case Bytecodes::_frem : 1476 current_frame.pop_stack( 1477 VerificationType::float_type(), CHECK_VERIFY(this)); 1478 // fall through 1479 case Bytecodes::_fneg : 1480 current_frame.pop_stack( 1481 VerificationType::float_type(), CHECK_VERIFY(this)); 1482 current_frame.push_stack( 1483 VerificationType::float_type(), CHECK_VERIFY(this)); 1484 no_control_flow = false; break; 1485 case Bytecodes::_dadd : 1486 case Bytecodes::_dsub : 1487 case Bytecodes::_dmul : 1488 case Bytecodes::_ddiv : 1489 case Bytecodes::_drem : 1490 current_frame.pop_stack_2( 1491 VerificationType::double2_type(), 1492 VerificationType::double_type(), CHECK_VERIFY(this)); 1493 // fall through 1494 case Bytecodes::_dneg : 1495 current_frame.pop_stack_2( 1496 VerificationType::double2_type(), 1497 VerificationType::double_type(), CHECK_VERIFY(this)); 1498 current_frame.push_stack_2( 1499 VerificationType::double_type(), 1500 VerificationType::double2_type(), CHECK_VERIFY(this)); 1501 no_control_flow = false; break; 1502 case Bytecodes::_iinc : 1503 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1504 no_control_flow = false; break; 1505 case Bytecodes::_i2l : 1506 type = current_frame.pop_stack( 1507 VerificationType::integer_type(), CHECK_VERIFY(this)); 1508 current_frame.push_stack_2( 1509 VerificationType::long_type(), 1510 VerificationType::long2_type(), CHECK_VERIFY(this)); 1511 no_control_flow = false; break; 1512 case Bytecodes::_l2i : 1513 current_frame.pop_stack_2( 1514 VerificationType::long2_type(), 1515 VerificationType::long_type(), CHECK_VERIFY(this)); 1516 current_frame.push_stack( 1517 VerificationType::integer_type(), CHECK_VERIFY(this)); 1518 no_control_flow = false; break; 1519 case Bytecodes::_i2f : 1520 current_frame.pop_stack( 1521 VerificationType::integer_type(), CHECK_VERIFY(this)); 1522 current_frame.push_stack( 1523 VerificationType::float_type(), CHECK_VERIFY(this)); 1524 no_control_flow = false; break; 1525 case Bytecodes::_i2d : 1526 current_frame.pop_stack( 1527 VerificationType::integer_type(), CHECK_VERIFY(this)); 1528 current_frame.push_stack_2( 1529 VerificationType::double_type(), 1530 VerificationType::double2_type(), CHECK_VERIFY(this)); 1531 no_control_flow = false; break; 1532 case Bytecodes::_l2f : 1533 current_frame.pop_stack_2( 1534 VerificationType::long2_type(), 1535 VerificationType::long_type(), CHECK_VERIFY(this)); 1536 current_frame.push_stack( 1537 VerificationType::float_type(), CHECK_VERIFY(this)); 1538 no_control_flow = false; break; 1539 case Bytecodes::_l2d : 1540 current_frame.pop_stack_2( 1541 VerificationType::long2_type(), 1542 VerificationType::long_type(), CHECK_VERIFY(this)); 1543 current_frame.push_stack_2( 1544 VerificationType::double_type(), 1545 VerificationType::double2_type(), CHECK_VERIFY(this)); 1546 no_control_flow = false; break; 1547 case Bytecodes::_f2i : 1548 current_frame.pop_stack( 1549 VerificationType::float_type(), CHECK_VERIFY(this)); 1550 current_frame.push_stack( 1551 VerificationType::integer_type(), CHECK_VERIFY(this)); 1552 no_control_flow = false; break; 1553 case Bytecodes::_f2l : 1554 current_frame.pop_stack( 1555 VerificationType::float_type(), CHECK_VERIFY(this)); 1556 current_frame.push_stack_2( 1557 VerificationType::long_type(), 1558 VerificationType::long2_type(), CHECK_VERIFY(this)); 1559 no_control_flow = false; break; 1560 case Bytecodes::_f2d : 1561 current_frame.pop_stack( 1562 VerificationType::float_type(), CHECK_VERIFY(this)); 1563 current_frame.push_stack_2( 1564 VerificationType::double_type(), 1565 VerificationType::double2_type(), CHECK_VERIFY(this)); 1566 no_control_flow = false; break; 1567 case Bytecodes::_d2i : 1568 current_frame.pop_stack_2( 1569 VerificationType::double2_type(), 1570 VerificationType::double_type(), CHECK_VERIFY(this)); 1571 current_frame.push_stack( 1572 VerificationType::integer_type(), CHECK_VERIFY(this)); 1573 no_control_flow = false; break; 1574 case Bytecodes::_d2l : 1575 current_frame.pop_stack_2( 1576 VerificationType::double2_type(), 1577 VerificationType::double_type(), CHECK_VERIFY(this)); 1578 current_frame.push_stack_2( 1579 VerificationType::long_type(), 1580 VerificationType::long2_type(), CHECK_VERIFY(this)); 1581 no_control_flow = false; break; 1582 case Bytecodes::_d2f : 1583 current_frame.pop_stack_2( 1584 VerificationType::double2_type(), 1585 VerificationType::double_type(), CHECK_VERIFY(this)); 1586 current_frame.push_stack( 1587 VerificationType::float_type(), CHECK_VERIFY(this)); 1588 no_control_flow = false; break; 1589 case Bytecodes::_i2b : 1590 case Bytecodes::_i2c : 1591 case Bytecodes::_i2s : 1592 current_frame.pop_stack( 1593 VerificationType::integer_type(), CHECK_VERIFY(this)); 1594 current_frame.push_stack( 1595 VerificationType::integer_type(), CHECK_VERIFY(this)); 1596 no_control_flow = false; break; 1597 case Bytecodes::_lcmp : 1598 current_frame.pop_stack_2( 1599 VerificationType::long2_type(), 1600 VerificationType::long_type(), CHECK_VERIFY(this)); 1601 current_frame.pop_stack_2( 1602 VerificationType::long2_type(), 1603 VerificationType::long_type(), CHECK_VERIFY(this)); 1604 current_frame.push_stack( 1605 VerificationType::integer_type(), CHECK_VERIFY(this)); 1606 no_control_flow = false; break; 1607 case Bytecodes::_fcmpl : 1608 case Bytecodes::_fcmpg : 1609 current_frame.pop_stack( 1610 VerificationType::float_type(), CHECK_VERIFY(this)); 1611 current_frame.pop_stack( 1612 VerificationType::float_type(), CHECK_VERIFY(this)); 1613 current_frame.push_stack( 1614 VerificationType::integer_type(), CHECK_VERIFY(this)); 1615 no_control_flow = false; break; 1616 case Bytecodes::_dcmpl : 1617 case Bytecodes::_dcmpg : 1618 current_frame.pop_stack_2( 1619 VerificationType::double2_type(), 1620 VerificationType::double_type(), CHECK_VERIFY(this)); 1621 current_frame.pop_stack_2( 1622 VerificationType::double2_type(), 1623 VerificationType::double_type(), CHECK_VERIFY(this)); 1624 current_frame.push_stack( 1625 VerificationType::integer_type(), CHECK_VERIFY(this)); 1626 no_control_flow = false; break; 1627 case Bytecodes::_if_icmpeq: 1628 case Bytecodes::_if_icmpne: 1629 case Bytecodes::_if_icmplt: 1630 case Bytecodes::_if_icmpge: 1631 case Bytecodes::_if_icmpgt: 1632 case Bytecodes::_if_icmple: 1633 current_frame.pop_stack( 1634 VerificationType::integer_type(), CHECK_VERIFY(this)); 1635 // fall through 1636 case Bytecodes::_ifeq: 1637 case Bytecodes::_ifne: 1638 case Bytecodes::_iflt: 1639 case Bytecodes::_ifge: 1640 case Bytecodes::_ifgt: 1641 case Bytecodes::_ifle: 1642 current_frame.pop_stack( 1643 VerificationType::integer_type(), CHECK_VERIFY(this)); 1644 target = bcs.dest(); 1645 stackmap_table.check_jump_target( 1646 ¤t_frame, target, CHECK_VERIFY(this)); 1647 no_control_flow = false; break; 1648 case Bytecodes::_if_acmpeq : 1649 case Bytecodes::_if_acmpne : 1650 current_frame.pop_stack( 1651 VerificationType::reference_check(), CHECK_VERIFY(this)); 1652 // fall through 1653 case Bytecodes::_ifnull : 1654 case Bytecodes::_ifnonnull : 1655 current_frame.pop_stack( 1656 VerificationType::reference_check(), CHECK_VERIFY(this)); 1657 target = bcs.dest(); 1658 stackmap_table.check_jump_target 1659 (¤t_frame, target, CHECK_VERIFY(this)); 1660 no_control_flow = false; break; 1661 case Bytecodes::_goto : 1662 target = bcs.dest(); 1663 stackmap_table.check_jump_target( 1664 ¤t_frame, target, CHECK_VERIFY(this)); 1665 no_control_flow = true; break; 1666 case Bytecodes::_goto_w : 1667 target = bcs.dest_w(); 1668 stackmap_table.check_jump_target( 1669 ¤t_frame, target, CHECK_VERIFY(this)); 1670 no_control_flow = true; break; 1671 case Bytecodes::_tableswitch : 1672 case Bytecodes::_lookupswitch : 1673 verify_switch( 1674 &bcs, code_length, code_data, ¤t_frame, 1675 &stackmap_table, CHECK_VERIFY(this)); 1676 no_control_flow = true; break; 1677 case Bytecodes::_ireturn : 1678 type = current_frame.pop_stack( 1679 VerificationType::integer_type(), CHECK_VERIFY(this)); 1680 verify_return_value(return_type, type, bci, 1681 ¤t_frame, CHECK_VERIFY(this)); 1682 no_control_flow = true; break; 1683 case Bytecodes::_lreturn : 1684 type2 = current_frame.pop_stack( 1685 VerificationType::long2_type(), CHECK_VERIFY(this)); 1686 type = current_frame.pop_stack( 1687 VerificationType::long_type(), CHECK_VERIFY(this)); 1688 verify_return_value(return_type, type, bci, 1689 ¤t_frame, CHECK_VERIFY(this)); 1690 no_control_flow = true; break; 1691 case Bytecodes::_freturn : 1692 type = current_frame.pop_stack( 1693 VerificationType::float_type(), CHECK_VERIFY(this)); 1694 verify_return_value(return_type, type, bci, 1695 ¤t_frame, CHECK_VERIFY(this)); 1696 no_control_flow = true; break; 1697 case Bytecodes::_dreturn : 1698 type2 = current_frame.pop_stack( 1699 VerificationType::double2_type(), CHECK_VERIFY(this)); 1700 type = current_frame.pop_stack( 1701 VerificationType::double_type(), CHECK_VERIFY(this)); 1702 verify_return_value(return_type, type, bci, 1703 ¤t_frame, CHECK_VERIFY(this)); 1704 no_control_flow = true; break; 1705 case Bytecodes::_areturn : 1706 type = current_frame.pop_stack( 1707 VerificationType::reference_check(), CHECK_VERIFY(this)); 1708 verify_return_value(return_type, type, bci, 1709 ¤t_frame, CHECK_VERIFY(this)); 1710 no_control_flow = true; break; 1711 case Bytecodes::_return : 1712 if (return_type != VerificationType::bogus_type()) { 1713 verify_error(ErrorContext::bad_code(bci), 1714 "Method expects a return value"); 1715 return; 1716 } 1717 // Make sure "this" has been initialized if current method is an 1718 // <init>. 1719 if (_method->is_object_constructor() && 1720 current_frame.flag_this_uninit()) { 1721 verify_error(ErrorContext::bad_code(bci), 1722 "Constructor must call super() or this() " 1723 "before return"); 1724 return; 1725 } 1726 no_control_flow = true; break; 1727 case Bytecodes::_getstatic : 1728 case Bytecodes::_putstatic : 1729 // pass TRUE, operand can be an array type for getstatic/putstatic. 1730 verify_field_instructions( 1731 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1732 no_control_flow = false; break; 1733 case Bytecodes::_getfield : 1734 case Bytecodes::_putfield : 1735 // pass FALSE, operand can't be an array type for getfield/putfield. 1736 verify_field_instructions( 1737 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1738 no_control_flow = false; break; 1739 case Bytecodes::_invokevirtual : 1740 case Bytecodes::_invokespecial : 1741 case Bytecodes::_invokestatic : 1742 case Bytecodes::_invokeinterface : 1743 case Bytecodes::_invokedynamic : 1744 verify_invoke_instructions( 1745 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1746 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this)); 1747 no_control_flow = false; break; 1748 case Bytecodes::_new : 1749 { 1750 u2 index = bcs.get_index_u2(); 1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1752 VerificationType new_class_type = 1753 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1754 if (!new_class_type.is_object()) { 1755 verify_error(ErrorContext::bad_type(bci, 1756 TypeOrigin::cp(index, new_class_type)), 1757 "Illegal new instruction"); 1758 return; 1759 } 1760 type = VerificationType::uninitialized_type(checked_cast<u2>(bci)); 1761 current_frame.push_stack(type, CHECK_VERIFY(this)); 1762 no_control_flow = false; break; 1763 } 1764 case Bytecodes::_newarray : 1765 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1766 current_frame.pop_stack( 1767 VerificationType::integer_type(), CHECK_VERIFY(this)); 1768 current_frame.push_stack(type, CHECK_VERIFY(this)); 1769 no_control_flow = false; break; 1770 case Bytecodes::_anewarray : 1771 verify_anewarray( 1772 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1773 no_control_flow = false; break; 1774 case Bytecodes::_arraylength : 1775 type = current_frame.pop_stack( 1776 VerificationType::reference_check(), CHECK_VERIFY(this)); 1777 if (!(type.is_null() || type.is_array())) { 1778 verify_error(ErrorContext::bad_type( 1779 bci, current_frame.stack_top_ctx()), 1780 bad_type_msg, "arraylength"); 1781 } 1782 current_frame.push_stack( 1783 VerificationType::integer_type(), CHECK_VERIFY(this)); 1784 no_control_flow = false; break; 1785 case Bytecodes::_checkcast : 1786 { 1787 u2 index = bcs.get_index_u2(); 1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1790 VerificationType klass_type = cp_index_to_type( 1791 index, cp, CHECK_VERIFY(this)); 1792 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1793 no_control_flow = false; break; 1794 } 1795 case Bytecodes::_instanceof : { 1796 u2 index = bcs.get_index_u2(); 1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1799 current_frame.push_stack( 1800 VerificationType::integer_type(), CHECK_VERIFY(this)); 1801 no_control_flow = false; break; 1802 } 1803 case Bytecodes::_monitorenter : 1804 case Bytecodes::_monitorexit : { 1805 VerificationType ref = current_frame.pop_stack( 1806 VerificationType::reference_check(), CHECK_VERIFY(this)); 1807 no_control_flow = false; break; 1808 } 1809 case Bytecodes::_multianewarray : 1810 { 1811 u2 index = bcs.get_index_u2(); 1812 u2 dim = *(bcs.bcp()+3); 1813 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1814 VerificationType new_array_type = 1815 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1816 if (!new_array_type.is_array()) { 1817 verify_error(ErrorContext::bad_type(bci, 1818 TypeOrigin::cp(index, new_array_type)), 1819 "Illegal constant pool index in multianewarray instruction"); 1820 return; 1821 } 1822 if (dim < 1 || new_array_type.dimensions() < dim) { 1823 verify_error(ErrorContext::bad_code(bci), 1824 "Illegal dimension in multianewarray instruction: %d", dim); 1825 return; 1826 } 1827 for (int i = 0; i < dim; i++) { 1828 current_frame.pop_stack( 1829 VerificationType::integer_type(), CHECK_VERIFY(this)); 1830 } 1831 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1832 no_control_flow = false; break; 1833 } 1834 case Bytecodes::_athrow : 1835 type = VerificationType::reference_type( 1836 vmSymbols::java_lang_Throwable()); 1837 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1838 no_control_flow = true; break; 1839 default: 1840 // We only need to check the valid bytecodes in class file. 1841 // And jsr and ret are not in the new class file format in JDK1.6. 1842 verify_error(ErrorContext::bad_code(bci), 1843 "Bad instruction: %02x", opcode); 1844 no_control_flow = false; 1845 return; 1846 } // end switch 1847 } // end Merge with the next instruction 1848 1849 // Look for possible jump target in exception handlers and see if it matches 1850 // current_frame. Don't do this check if it has already been done (for 1851 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1852 // opcodes, such as invokespecial, may set the this_uninit flag. 1853 assert(!(verified_exc_handlers && this_uninit), 1854 "Exception handler targets got verified before this_uninit got set"); 1855 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1856 if (was_recursively_verified()) return; 1857 verify_exception_handler_targets( 1858 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1859 } 1860 } // end while 1861 1862 // Make sure that control flow does not fall through end of the method 1863 if (!no_control_flow) { 1864 verify_error(ErrorContext::bad_code(code_length), 1865 "Control flow falls through code end"); 1866 return; 1867 } 1868 } 1869 1870 #undef bad_type_message 1871 1872 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1873 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1874 memset(code_data, 0, sizeof(char) * code_length); 1875 RawBytecodeStream bcs(m); 1876 1877 while (!bcs.is_last_bytecode()) { 1878 if (bcs.raw_next() != Bytecodes::_illegal) { 1879 int bci = bcs.bci(); 1880 if (bcs.raw_code() == Bytecodes::_new) { 1881 code_data[bci] = NEW_OFFSET; 1882 } else { 1883 code_data[bci] = BYTECODE_OFFSET; 1884 } 1885 } else { 1886 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1887 return nullptr; 1888 } 1889 } 1890 1891 return code_data; 1892 } 1893 1894 // Since this method references the constant pool, call was_recursively_verified() 1895 // before calling this method to make sure a prior class load did not cause the 1896 // current class to get verified. 1897 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1898 ExceptionTable exhandlers(_method()); 1899 int exlength = exhandlers.length(); 1900 constantPoolHandle cp (THREAD, _method->constants()); 1901 1902 for(int i = 0; i < exlength; i++) { 1903 u2 start_pc = exhandlers.start_pc(i); 1904 u2 end_pc = exhandlers.end_pc(i); 1905 u2 handler_pc = exhandlers.handler_pc(i); 1906 if (start_pc >= code_length || code_data[start_pc] == 0) { 1907 class_format_error("Illegal exception table start_pc %d", start_pc); 1908 return; 1909 } 1910 if (end_pc != code_length) { // special case: end_pc == code_length 1911 if (end_pc > code_length || code_data[end_pc] == 0) { 1912 class_format_error("Illegal exception table end_pc %d", end_pc); 1913 return; 1914 } 1915 } 1916 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1917 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1918 return; 1919 } 1920 u2 catch_type_index = exhandlers.catch_type_index(i); 1921 if (catch_type_index != 0) { 1922 VerificationType catch_type = cp_index_to_type( 1923 catch_type_index, cp, CHECK_VERIFY(this)); 1924 VerificationType throwable = 1925 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1926 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1927 // do that, and we need to avoid a runtime resolution in case we are trying to 1928 // catch OutOfMemoryError. 1929 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1930 cp->klass_at(catch_type_index, CHECK); 1931 } 1932 bool is_subclass = throwable.is_assignable_from( 1933 catch_type, this, false, CHECK_VERIFY(this)); 1934 if (!is_subclass) { 1935 // 4286534: should throw VerifyError according to recent spec change 1936 verify_error(ErrorContext::bad_type(handler_pc, 1937 TypeOrigin::cp(catch_type_index, catch_type), 1938 TypeOrigin::implicit(throwable)), 1939 "Catch type is not a subclass " 1940 "of Throwable in exception handler %d", handler_pc); 1941 return; 1942 } 1943 } 1944 if (start_pc < min) min = start_pc; 1945 if (end_pc > max) max = end_pc; 1946 } 1947 } 1948 1949 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1950 int localvariable_table_length = _method->localvariable_table_length(); 1951 if (localvariable_table_length > 0) { 1952 LocalVariableTableElement* table = _method->localvariable_table_start(); 1953 for (int i = 0; i < localvariable_table_length; i++) { 1954 u2 start_bci = table[i].start_bci; 1955 u2 length = table[i].length; 1956 1957 if (start_bci >= code_length || code_data[start_bci] == 0) { 1958 class_format_error( 1959 "Illegal local variable table start_pc %d", start_bci); 1960 return; 1961 } 1962 u4 end_bci = (u4)(start_bci + length); 1963 if (end_bci != code_length) { 1964 if (end_bci >= code_length || code_data[end_bci] == 0) { 1965 class_format_error( "Illegal local variable table length %d", length); 1966 return; 1967 } 1968 } 1969 } 1970 } 1971 } 1972 1973 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci, 1974 StackMapFrame* current_frame, 1975 StackMapTable* stackmap_table, 1976 bool no_control_flow, TRAPS) { 1977 if (stackmap_index < stackmap_table->get_frame_count()) { 1978 int this_offset = stackmap_table->get_offset(stackmap_index); 1979 if (no_control_flow && this_offset > bci) { 1980 verify_error(ErrorContext::missing_stackmap(bci), 1981 "Expecting a stack map frame"); 1982 return 0; 1983 } 1984 if (this_offset == bci) { 1985 ErrorContext ctx; 1986 // See if current stack map can be assigned to the frame in table. 1987 // current_frame is the stackmap frame got from the last instruction. 1988 // If matched, current_frame will be updated by this method. 1989 bool matches = stackmap_table->match_stackmap( 1990 current_frame, this_offset, stackmap_index, 1991 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 1992 if (!matches) { 1993 // report type error 1994 verify_error(ctx, "Instruction type does not match stack map"); 1995 return 0; 1996 } 1997 stackmap_index++; 1998 } else if (this_offset < bci) { 1999 // current_offset should have met this_offset. 2000 class_format_error("Bad stack map offset %d", this_offset); 2001 return 0; 2002 } 2003 } else if (no_control_flow) { 2004 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 2005 return 0; 2006 } 2007 return stackmap_index; 2008 } 2009 2010 // Since this method references the constant pool, call was_recursively_verified() 2011 // before calling this method to make sure a prior class load did not cause the 2012 // current class to get verified. 2013 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit, 2014 StackMapFrame* current_frame, 2015 StackMapTable* stackmap_table, TRAPS) { 2016 constantPoolHandle cp (THREAD, _method->constants()); 2017 ExceptionTable exhandlers(_method()); 2018 int exlength = exhandlers.length(); 2019 for(int i = 0; i < exlength; i++) { 2020 u2 start_pc = exhandlers.start_pc(i); 2021 u2 end_pc = exhandlers.end_pc(i); 2022 u2 handler_pc = exhandlers.handler_pc(i); 2023 int catch_type_index = exhandlers.catch_type_index(i); 2024 if(bci >= start_pc && bci < end_pc) { 2025 u1 flags = current_frame->flags(); 2026 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2027 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2028 if (catch_type_index != 0) { 2029 if (was_recursively_verified()) return; 2030 // We know that this index refers to a subclass of Throwable 2031 VerificationType catch_type = cp_index_to_type( 2032 catch_type_index, cp, CHECK_VERIFY(this)); 2033 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2034 } else { 2035 VerificationType throwable = 2036 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2037 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2038 } 2039 ErrorContext ctx; 2040 bool matches = stackmap_table->match_stackmap( 2041 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2042 if (!matches) { 2043 verify_error(ctx, "Stack map does not match the one at " 2044 "exception handler %d", handler_pc); 2045 return; 2046 } 2047 } 2048 } 2049 } 2050 2051 void ClassVerifier::verify_cp_index( 2052 int bci, const constantPoolHandle& cp, u2 index, TRAPS) { 2053 int nconstants = cp->length(); 2054 if ((index <= 0) || (index >= nconstants)) { 2055 verify_error(ErrorContext::bad_cp_index(bci, index), 2056 "Illegal constant pool index %d in class %s", 2057 index, cp->pool_holder()->external_name()); 2058 return; 2059 } 2060 } 2061 2062 void ClassVerifier::verify_cp_type( 2063 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2064 2065 // In some situations, bytecode rewriting may occur while we're verifying. 2066 // In this case, a constant pool cache exists and some indices refer to that 2067 // instead. Be sure we don't pick up such indices by accident. 2068 // We must check was_recursively_verified() before we get here. 2069 guarantee(cp->cache() == nullptr, "not rewritten yet"); 2070 2071 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2072 unsigned int tag = cp->tag_at(index).value(); 2073 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op 2074 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) { 2075 verify_error(ErrorContext::bad_cp_index(bci, index), 2076 "Illegal type at constant pool entry %d in class %s", 2077 index, cp->pool_holder()->external_name()); 2078 return; 2079 } 2080 } 2081 2082 void ClassVerifier::verify_cp_class_type( 2083 int bci, u2 index, const constantPoolHandle& cp, TRAPS) { 2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2085 constantTag tag = cp->tag_at(index); 2086 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2087 verify_error(ErrorContext::bad_cp_index(bci, index), 2088 "Illegal type at constant pool entry %d in class %s", 2089 index, cp->pool_holder()->external_name()); 2090 return; 2091 } 2092 } 2093 2094 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2095 stringStream ss; 2096 2097 ctx.reset_frames(); 2098 _exception_type = vmSymbols::java_lang_VerifyError(); 2099 _error_context = ctx; 2100 va_list va; 2101 va_start(va, msg); 2102 ss.vprint(msg, va); 2103 va_end(va); 2104 _message = ss.as_string(); 2105 #ifdef ASSERT 2106 ResourceMark rm; 2107 const char* exception_name = _exception_type->as_C_string(); 2108 Exceptions::debug_check_abort(exception_name, nullptr); 2109 #endif // ndef ASSERT 2110 } 2111 2112 void ClassVerifier::class_format_error(const char* msg, ...) { 2113 stringStream ss; 2114 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2115 va_list va; 2116 va_start(va, msg); 2117 ss.vprint(msg, va); 2118 va_end(va); 2119 if (!_method.is_null()) { 2120 ss.print(" in method '"); 2121 _method->print_external_name(&ss); 2122 ss.print("'"); 2123 } 2124 _message = ss.as_string(); 2125 } 2126 2127 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2128 HandleMark hm(THREAD); 2129 // Get current loader first. 2130 oop loader = current_class()->class_loader(); 2131 2132 assert(name_in_supers(name, current_class()), "name should be a super class"); 2133 2134 Klass* kls = SystemDictionary::resolve_or_fail( 2135 name, Handle(THREAD, loader), true, THREAD); 2136 2137 if (kls != nullptr) { 2138 if (log_is_enabled(Debug, class, resolve)) { 2139 Verifier::trace_class_resolution(kls, current_class()); 2140 } 2141 } 2142 return kls; 2143 } 2144 2145 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2146 Klass* target_class, 2147 Symbol* field_name, 2148 Symbol* field_sig, 2149 bool is_method) { 2150 NoSafepointVerifier nosafepoint; 2151 2152 // If target class isn't a super class of this class, we don't worry about this case 2153 if (!this_class->is_subclass_of(target_class)) { 2154 return false; 2155 } 2156 // Check if the specified method or field is protected 2157 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2158 fieldDescriptor fd; 2159 if (is_method) { 2160 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2161 if (m != nullptr && m->is_protected()) { 2162 if (!this_class->is_same_class_package(m->method_holder())) { 2163 return true; 2164 } 2165 } 2166 } else { 2167 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2168 if (member_klass != nullptr && fd.is_protected()) { 2169 if (!this_class->is_same_class_package(member_klass)) { 2170 return true; 2171 } 2172 } 2173 } 2174 return false; 2175 } 2176 2177 void ClassVerifier::verify_ldc( 2178 int opcode, u2 index, StackMapFrame* current_frame, 2179 const constantPoolHandle& cp, int bci, TRAPS) { 2180 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2181 constantTag tag = cp->tag_at(index); 2182 unsigned int types = 0; 2183 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2184 if (!tag.is_unresolved_klass()) { 2185 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2186 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2187 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2188 | (1 << JVM_CONSTANT_Dynamic); 2189 // Note: The class file parser already verified the legality of 2190 // MethodHandle and MethodType constants. 2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2192 } 2193 } else { 2194 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2195 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2196 | (1 << JVM_CONSTANT_Dynamic); 2197 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2198 } 2199 if (tag.is_string()) { 2200 current_frame->push_stack( 2201 VerificationType::reference_type( 2202 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2203 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2204 current_frame->push_stack( 2205 VerificationType::reference_type( 2206 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2207 } else if (tag.is_int()) { 2208 current_frame->push_stack( 2209 VerificationType::integer_type(), CHECK_VERIFY(this)); 2210 } else if (tag.is_float()) { 2211 current_frame->push_stack( 2212 VerificationType::float_type(), CHECK_VERIFY(this)); 2213 } else if (tag.is_double()) { 2214 current_frame->push_stack_2( 2215 VerificationType::double_type(), 2216 VerificationType::double2_type(), CHECK_VERIFY(this)); 2217 } else if (tag.is_long()) { 2218 current_frame->push_stack_2( 2219 VerificationType::long_type(), 2220 VerificationType::long2_type(), CHECK_VERIFY(this)); 2221 } else if (tag.is_method_handle()) { 2222 current_frame->push_stack( 2223 VerificationType::reference_type( 2224 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2225 } else if (tag.is_method_type()) { 2226 current_frame->push_stack( 2227 VerificationType::reference_type( 2228 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2229 } else if (tag.is_dynamic_constant()) { 2230 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2231 // Field signature was checked in ClassFileParser. 2232 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2233 "Invalid type for dynamic constant"); 2234 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2235 "buffer type must match VerificationType size"); 2236 uintptr_t constant_type_buffer[2]; 2237 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2238 SignatureStream sig_stream(constant_type, false); 2239 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2240 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2241 if (n != opcode_n) { 2242 // wrong kind of ldc; reverify against updated type mask 2243 types &= ~(1 << JVM_CONSTANT_Dynamic); 2244 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2245 } 2246 for (int i = 0; i < n; i++) { 2247 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2248 } 2249 } else { 2250 /* Unreachable? verify_cp_type has already validated the cp type. */ 2251 verify_error( 2252 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2253 return; 2254 } 2255 } 2256 2257 void ClassVerifier::verify_switch( 2258 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2259 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2260 int bci = bcs->bci(); 2261 address bcp = bcs->bcp(); 2262 address aligned_bcp = align_up(bcp + 1, jintSize); 2263 2264 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2265 // 4639449 & 4647081: padding bytes must be 0 2266 u2 padding_offset = 1; 2267 while ((bcp + padding_offset) < aligned_bcp) { 2268 if(*(bcp + padding_offset) != 0) { 2269 verify_error(ErrorContext::bad_code(bci), 2270 "Nonzero padding byte in lookupswitch or tableswitch"); 2271 return; 2272 } 2273 padding_offset++; 2274 } 2275 } 2276 2277 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2278 int keys, delta; 2279 current_frame->pop_stack( 2280 VerificationType::integer_type(), CHECK_VERIFY(this)); 2281 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2282 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2283 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2284 if (low > high) { 2285 verify_error(ErrorContext::bad_code(bci), 2286 "low must be less than or equal to high in tableswitch"); 2287 return; 2288 } 2289 int64_t keys64 = ((int64_t)high - low) + 1; 2290 if (keys64 > 65535) { // Max code length 2291 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2292 return; 2293 } 2294 keys = (int)keys64; 2295 delta = 1; 2296 } else { 2297 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2298 if (keys < 0) { 2299 verify_error(ErrorContext::bad_code(bci), 2300 "number of keys in lookupswitch less than 0"); 2301 return; 2302 } 2303 delta = 2; 2304 // Make sure that the lookupswitch items are sorted 2305 for (int i = 0; i < (keys - 1); i++) { 2306 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2307 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2308 if (this_key >= next_key) { 2309 verify_error(ErrorContext::bad_code(bci), 2310 "Bad lookupswitch instruction"); 2311 return; 2312 } 2313 } 2314 } 2315 int target = bci + default_offset; 2316 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2317 for (int i = 0; i < keys; i++) { 2318 // Because check_jump_target() may safepoint, the bytecode could have 2319 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2320 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2321 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2322 stackmap_table->check_jump_target( 2323 current_frame, target, CHECK_VERIFY(this)); 2324 } 2325 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point 2326 } 2327 2328 bool ClassVerifier::name_in_supers( 2329 Symbol* ref_name, InstanceKlass* current) { 2330 Klass* super = current->super(); 2331 while (super != nullptr) { 2332 if (super->name() == ref_name) { 2333 return true; 2334 } 2335 super = super->super(); 2336 } 2337 return false; 2338 } 2339 2340 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2341 StackMapFrame* current_frame, 2342 const constantPoolHandle& cp, 2343 bool allow_arrays, 2344 TRAPS) { 2345 u2 index = bcs->get_index_u2(); 2346 verify_cp_type(bcs->bci(), index, cp, 2347 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2348 2349 // Get field name and signature 2350 Symbol* field_name = cp->uncached_name_ref_at(index); 2351 Symbol* field_sig = cp->uncached_signature_ref_at(index); 2352 bool is_getfield = false; 2353 2354 // Field signature was checked in ClassFileParser. 2355 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2356 "Invalid field signature"); 2357 2358 // Get referenced class type 2359 VerificationType ref_class_type = cp_ref_index_to_type( 2360 index, cp, CHECK_VERIFY(this)); 2361 if (!ref_class_type.is_object() && 2362 (!allow_arrays || !ref_class_type.is_array())) { 2363 verify_error(ErrorContext::bad_type(bcs->bci(), 2364 TypeOrigin::cp(index, ref_class_type)), 2365 "Expecting reference to class in class %s at constant pool index %d", 2366 _klass->external_name(), index); 2367 return; 2368 } 2369 2370 VerificationType target_class_type = ref_class_type; 2371 2372 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2373 "buffer type must match VerificationType size"); 2374 uintptr_t field_type_buffer[2]; 2375 VerificationType* field_type = (VerificationType*)field_type_buffer; 2376 // If we make a VerificationType[2] array directly, the compiler calls 2377 // to the c-runtime library to do the allocation instead of just 2378 // stack allocating it. Plus it would run constructors. This shows up 2379 // in performance profiles. 2380 2381 SignatureStream sig_stream(field_sig, false); 2382 VerificationType stack_object_type; 2383 int n = change_sig_to_verificationType(&sig_stream, field_type); 2384 int bci = bcs->bci(); 2385 bool is_assignable; 2386 switch (bcs->raw_code()) { 2387 case Bytecodes::_getstatic: { 2388 for (int i = 0; i < n; i++) { 2389 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2390 } 2391 break; 2392 } 2393 case Bytecodes::_putstatic: { 2394 for (int i = n - 1; i >= 0; i--) { 2395 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2396 } 2397 break; 2398 } 2399 case Bytecodes::_getfield: { 2400 is_getfield = true; 2401 stack_object_type = current_frame->pop_stack( 2402 target_class_type, CHECK_VERIFY(this)); 2403 goto check_protected; 2404 } 2405 case Bytecodes::_putfield: { 2406 for (int i = n - 1; i >= 0; i--) { 2407 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2408 } 2409 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2410 2411 // Field initialization is allowed before the superclass 2412 // initializer, if the field is defined within the current class. 2413 fieldDescriptor fd; 2414 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) && 2415 target_class_type.equals(current_type()); 2416 if (stack_object_type == VerificationType::uninitialized_this_type()) { 2417 if (is_local_field) { 2418 // Set the type to the current type so the is_assignable check passes. 2419 stack_object_type = current_type(); 2420 2421 if (fd.access_flags().is_strict()) { 2422 ResourceMark rm(THREAD); 2423 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) { 2424 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s", 2425 fd.name()->as_C_string(), fd.signature()->as_C_string()); 2426 verify_error(ErrorContext::bad_strict_fields(bci, current_frame), 2427 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string()); 2428 } 2429 } 2430 } 2431 } else if (supports_strict_fields(_klass)) { 2432 // `strict` fields are not writable, but only local fields produce verification errors 2433 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) { 2434 verify_error(ErrorContext::bad_code(bci), 2435 "Illegal use of putfield on a strict field"); 2436 return; 2437 } 2438 } 2439 is_assignable = target_class_type.is_assignable_from( 2440 stack_object_type, this, false, CHECK_VERIFY(this)); 2441 if (!is_assignable) { 2442 verify_error(ErrorContext::bad_type(bci, 2443 current_frame->stack_top_ctx(), 2444 TypeOrigin::cp(index, target_class_type)), 2445 "Bad type on operand stack in putfield"); 2446 return; 2447 } 2448 } 2449 check_protected: { 2450 if (_this_type == stack_object_type) 2451 break; // stack_object_type must be assignable to _current_class_type 2452 if (was_recursively_verified()) { 2453 if (is_getfield) { 2454 // Push field type for getfield. 2455 for (int i = 0; i < n; i++) { 2456 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2457 } 2458 } 2459 return; 2460 } 2461 Symbol* ref_class_name = 2462 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 2463 if (!name_in_supers(ref_class_name, current_class())) 2464 // stack_object_type must be assignable to _current_class_type since: 2465 // 1. stack_object_type must be assignable to ref_class. 2466 // 2. ref_class must be _current_class or a subclass of it. It can't 2467 // be a superclass of it. See revised JVMS 5.4.4. 2468 break; 2469 2470 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2471 if (is_protected_access(current_class(), ref_class_oop, field_name, 2472 field_sig, false)) { 2473 // It's protected access, check if stack object is assignable to 2474 // current class. 2475 is_assignable = current_type().is_assignable_from( 2476 stack_object_type, this, true, CHECK_VERIFY(this)); 2477 if (!is_assignable) { 2478 verify_error(ErrorContext::bad_type(bci, 2479 current_frame->stack_top_ctx(), 2480 TypeOrigin::implicit(current_type())), 2481 "Bad access to protected data in %s", 2482 is_getfield ? "getfield" : "putfield"); 2483 return; 2484 } 2485 } 2486 break; 2487 } 2488 default: ShouldNotReachHere(); 2489 } 2490 if (is_getfield) { 2491 // Push field type for getfield after doing protection check. 2492 for (int i = 0; i < n; i++) { 2493 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2494 } 2495 } 2496 } 2497 2498 // Look at the method's handlers. If the bci is in the handler's try block 2499 // then check if the handler_pc is already on the stack. If not, push it 2500 // unless the handler has already been scanned. 2501 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2502 GrowableArray<u4>* handler_list, 2503 GrowableArray<u4>* handler_stack, 2504 u4 bci) { 2505 int exlength = exhandlers->length(); 2506 for(int x = 0; x < exlength; x++) { 2507 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2508 u4 exhandler_pc = exhandlers->handler_pc(x); 2509 if (!handler_list->contains(exhandler_pc)) { 2510 handler_stack->append_if_missing(exhandler_pc); 2511 handler_list->append(exhandler_pc); 2512 } 2513 } 2514 } 2515 } 2516 2517 // Return TRUE if all code paths starting with start_bc_offset end in 2518 // bytecode athrow or loop. 2519 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2520 ResourceMark rm; 2521 // Create bytecode stream. 2522 RawBytecodeStream bcs(method()); 2523 int code_length = method()->code_size(); 2524 bcs.set_start(start_bc_offset); 2525 2526 // Create stack for storing bytecode start offsets for if* and *switch. 2527 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2528 // Create stack for handlers for try blocks containing this handler. 2529 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2530 // Create list of handlers that have been pushed onto the handler_stack 2531 // so that handlers embedded inside of their own TRY blocks only get 2532 // scanned once. 2533 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2534 // Create list of visited branch opcodes (goto* and if*). 2535 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2536 ExceptionTable exhandlers(_method()); 2537 2538 while (true) { 2539 if (bcs.is_last_bytecode()) { 2540 // if no more starting offsets to parse or if at the end of the 2541 // method then return false. 2542 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length)) 2543 return false; 2544 // Pop a bytecode starting offset and scan from there. 2545 bcs.set_start(bci_stack->pop()); 2546 } 2547 Bytecodes::Code opcode = bcs.raw_next(); 2548 int bci = bcs.bci(); 2549 2550 // If the bytecode is in a TRY block, push its handlers so they 2551 // will get parsed. 2552 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2553 2554 switch (opcode) { 2555 case Bytecodes::_if_icmpeq: 2556 case Bytecodes::_if_icmpne: 2557 case Bytecodes::_if_icmplt: 2558 case Bytecodes::_if_icmpge: 2559 case Bytecodes::_if_icmpgt: 2560 case Bytecodes::_if_icmple: 2561 case Bytecodes::_ifeq: 2562 case Bytecodes::_ifne: 2563 case Bytecodes::_iflt: 2564 case Bytecodes::_ifge: 2565 case Bytecodes::_ifgt: 2566 case Bytecodes::_ifle: 2567 case Bytecodes::_if_acmpeq: 2568 case Bytecodes::_if_acmpne: 2569 case Bytecodes::_ifnull: 2570 case Bytecodes::_ifnonnull: { 2571 int target = bcs.dest(); 2572 if (visited_branches->contains(bci)) { 2573 if (bci_stack->is_empty()) { 2574 if (handler_stack->is_empty()) { 2575 return true; 2576 } else { 2577 // Parse the catch handlers for try blocks containing athrow. 2578 bcs.set_start(handler_stack->pop()); 2579 } 2580 } else { 2581 // Pop a bytecode starting offset and scan from there. 2582 bcs.set_start(bci_stack->pop()); 2583 } 2584 } else { 2585 if (target > bci) { // forward branch 2586 if (target >= code_length) return false; 2587 // Push the branch target onto the stack. 2588 bci_stack->push(target); 2589 // then, scan bytecodes starting with next. 2590 bcs.set_start(bcs.next_bci()); 2591 } else { // backward branch 2592 // Push bytecode offset following backward branch onto the stack. 2593 bci_stack->push(bcs.next_bci()); 2594 // Check bytecodes starting with branch target. 2595 bcs.set_start(target); 2596 } 2597 // Record target so we don't branch here again. 2598 visited_branches->append(bci); 2599 } 2600 break; 2601 } 2602 2603 case Bytecodes::_goto: 2604 case Bytecodes::_goto_w: { 2605 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2606 if (visited_branches->contains(bci)) { 2607 if (bci_stack->is_empty()) { 2608 if (handler_stack->is_empty()) { 2609 return true; 2610 } else { 2611 // Parse the catch handlers for try blocks containing athrow. 2612 bcs.set_start(handler_stack->pop()); 2613 } 2614 } else { 2615 // Been here before, pop new starting offset from stack. 2616 bcs.set_start(bci_stack->pop()); 2617 } 2618 } else { 2619 if (target >= code_length) return false; 2620 // Continue scanning from the target onward. 2621 bcs.set_start(target); 2622 // Record target so we don't branch here again. 2623 visited_branches->append(bci); 2624 } 2625 break; 2626 } 2627 2628 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2629 // is difficult to determine where each switch alternative ends, parse 2630 // each switch alternative until either hit a 'return', 'athrow', or reach 2631 // the end of the method's bytecodes. This is gross but should be okay 2632 // because: 2633 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2634 // constructor invocations should be rare. 2635 // 2. if each switch alternative ends in an athrow then the parsing should be 2636 // short. If there is no athrow then it is bogus code, anyway. 2637 case Bytecodes::_lookupswitch: 2638 case Bytecodes::_tableswitch: 2639 { 2640 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2641 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2642 int keys, delta; 2643 if (opcode == Bytecodes::_tableswitch) { 2644 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2645 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2646 // This is invalid, but let the regular bytecode verifier 2647 // report this because the user will get a better error message. 2648 if (low > high) return true; 2649 keys = high - low + 1; 2650 delta = 1; 2651 } else { 2652 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2653 delta = 2; 2654 } 2655 // Invalid, let the regular bytecode verifier deal with it. 2656 if (keys < 0) return true; 2657 2658 // Push the offset of the next bytecode onto the stack. 2659 bci_stack->push(bcs.next_bci()); 2660 2661 // Push the switch alternatives onto the stack. 2662 for (int i = 0; i < keys; i++) { 2663 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2664 if (target > code_length) return false; 2665 bci_stack->push(target); 2666 } 2667 2668 // Start bytecode parsing for the switch at the default alternative. 2669 if (default_offset > code_length) return false; 2670 bcs.set_start(default_offset); 2671 break; 2672 } 2673 2674 case Bytecodes::_return: 2675 return false; 2676 2677 case Bytecodes::_athrow: 2678 { 2679 if (bci_stack->is_empty()) { 2680 if (handler_stack->is_empty()) { 2681 return true; 2682 } else { 2683 // Parse the catch handlers for try blocks containing athrow. 2684 bcs.set_start(handler_stack->pop()); 2685 } 2686 } else { 2687 // Pop a bytecode offset and starting scanning from there. 2688 bcs.set_start(bci_stack->pop()); 2689 } 2690 } 2691 break; 2692 2693 default: 2694 ; 2695 } // end switch 2696 } // end while loop 2697 2698 return false; 2699 } 2700 2701 void ClassVerifier::verify_invoke_init( 2702 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2703 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2704 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2705 TRAPS) { 2706 int bci = bcs->bci(); 2707 VerificationType type = current_frame->pop_stack( 2708 VerificationType::reference_check(), CHECK_VERIFY(this)); 2709 if (type == VerificationType::uninitialized_this_type()) { 2710 // The method must be an <init> method of this class or its superclass 2711 Klass* superk = current_class()->super(); 2712 if (ref_class_type.name() != current_class()->name() && 2713 ref_class_type.name() != superk->name()) { 2714 verify_error(ErrorContext::bad_type(bci, 2715 TypeOrigin::implicit(ref_class_type), 2716 TypeOrigin::implicit(current_type())), 2717 "Bad <init> method call"); 2718 return; 2719 } else if (ref_class_type.name() == superk->name()) { 2720 // Strict final fields must be satisfied by this point 2721 if (!current_frame->verify_unset_fields_satisfied()) { 2722 log_info(verification)("Strict instance fields not initialized"); 2723 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields()); 2724 current_frame->unsatisfied_strict_fields_error(current_class(), bci); 2725 } 2726 } 2727 2728 // If this invokespecial call is done from inside of a TRY block then make 2729 // sure that all catch clause paths end in a throw. Otherwise, this can 2730 // result in returning an incomplete object. 2731 if (in_try_block) { 2732 ExceptionTable exhandlers(_method()); 2733 int exlength = exhandlers.length(); 2734 for(int i = 0; i < exlength; i++) { 2735 u2 start_pc = exhandlers.start_pc(i); 2736 u2 end_pc = exhandlers.end_pc(i); 2737 2738 if (bci >= start_pc && bci < end_pc) { 2739 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2740 verify_error(ErrorContext::bad_code(bci), 2741 "Bad <init> method call from after the start of a try block"); 2742 return; 2743 } else if (log_is_enabled(Debug, verification)) { 2744 ResourceMark rm(THREAD); 2745 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2746 current_class()->name()->as_C_string()); 2747 } 2748 } 2749 } 2750 2751 // Check the exception handler target stackmaps with the locals from the 2752 // incoming stackmap (before initialize_object() changes them to outgoing 2753 // state). 2754 if (was_recursively_verified()) return; 2755 verify_exception_handler_targets(bci, true, current_frame, 2756 stackmap_table, CHECK_VERIFY(this)); 2757 } // in_try_block 2758 2759 current_frame->initialize_object(type, current_type()); 2760 *this_uninit = true; 2761 } else if (type.is_uninitialized()) { 2762 u2 new_offset = type.bci(); 2763 address new_bcp = bcs->bcp() - bci + new_offset; 2764 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2765 /* Unreachable? Stack map parsing ensures valid type and new 2766 * instructions have a valid BCI. */ 2767 verify_error(ErrorContext::bad_code(new_offset), 2768 "Expecting new instruction"); 2769 return; 2770 } 2771 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2772 if (was_recursively_verified()) return; 2773 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2774 2775 // The method must be an <init> method of the indicated class 2776 VerificationType new_class_type = cp_index_to_type( 2777 new_class_index, cp, CHECK_VERIFY(this)); 2778 if (!new_class_type.equals(ref_class_type)) { 2779 verify_error(ErrorContext::bad_type(bci, 2780 TypeOrigin::cp(new_class_index, new_class_type), 2781 TypeOrigin::cp(ref_class_index, ref_class_type)), 2782 "Call to wrong <init> method"); 2783 return; 2784 } 2785 // According to the VM spec, if the referent class is a superclass of the 2786 // current class, and is in a different runtime package, and the method is 2787 // protected, then the objectref must be the current class or a subclass 2788 // of the current class. 2789 VerificationType objectref_type = new_class_type; 2790 if (name_in_supers(ref_class_type.name(), current_class())) { 2791 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2792 if (was_recursively_verified()) return; 2793 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2794 vmSymbols::object_initializer_name(), 2795 cp->uncached_signature_ref_at(bcs->get_index_u2()), 2796 Klass::OverpassLookupMode::find); 2797 // Do nothing if method is not found. Let resolution detect the error. 2798 if (m != nullptr) { 2799 InstanceKlass* mh = m->method_holder(); 2800 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2801 bool assignable = current_type().is_assignable_from( 2802 objectref_type, this, true, CHECK_VERIFY(this)); 2803 if (!assignable) { 2804 verify_error(ErrorContext::bad_type(bci, 2805 TypeOrigin::cp(new_class_index, objectref_type), 2806 TypeOrigin::implicit(current_type())), 2807 "Bad access to protected <init> method"); 2808 return; 2809 } 2810 } 2811 } 2812 } 2813 // Check the exception handler target stackmaps with the locals from the 2814 // incoming stackmap (before initialize_object() changes them to outgoing 2815 // state). 2816 if (in_try_block) { 2817 if (was_recursively_verified()) return; 2818 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2819 stackmap_table, CHECK_VERIFY(this)); 2820 } 2821 current_frame->initialize_object(type, new_class_type); 2822 } else { 2823 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2824 "Bad operand type when invoking <init>"); 2825 return; 2826 } 2827 } 2828 2829 bool ClassVerifier::is_same_or_direct_interface( 2830 InstanceKlass* klass, 2831 VerificationType klass_type, 2832 VerificationType ref_class_type) { 2833 if (ref_class_type.equals(klass_type)) return true; 2834 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2835 if (local_interfaces != nullptr) { 2836 for (int x = 0; x < local_interfaces->length(); x++) { 2837 InstanceKlass* k = local_interfaces->at(x); 2838 assert (k != nullptr && k->is_interface(), "invalid interface"); 2839 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2840 return true; 2841 } 2842 } 2843 } 2844 return false; 2845 } 2846 2847 void ClassVerifier::verify_invoke_instructions( 2848 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2849 bool in_try_block, bool *this_uninit, 2850 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2851 // Make sure the constant pool item is the right type 2852 u2 index = bcs->get_index_u2(); 2853 Bytecodes::Code opcode = bcs->raw_code(); 2854 unsigned int types = 0; 2855 switch (opcode) { 2856 case Bytecodes::_invokeinterface: 2857 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2858 break; 2859 case Bytecodes::_invokedynamic: 2860 types = 1 << JVM_CONSTANT_InvokeDynamic; 2861 break; 2862 case Bytecodes::_invokespecial: 2863 case Bytecodes::_invokestatic: 2864 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2865 (1 << JVM_CONSTANT_Methodref) : 2866 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2867 break; 2868 default: 2869 types = 1 << JVM_CONSTANT_Methodref; 2870 } 2871 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2872 2873 // Get method name and signature 2874 Symbol* method_name = cp->uncached_name_ref_at(index); 2875 Symbol* method_sig = cp->uncached_signature_ref_at(index); 2876 2877 // Method signature was checked in ClassFileParser. 2878 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2879 "Invalid method signature"); 2880 2881 // Get referenced class 2882 VerificationType ref_class_type; 2883 if (opcode == Bytecodes::_invokedynamic) { 2884 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2885 class_format_error( 2886 "invokedynamic instructions not supported by this class file version (%d), class %s", 2887 _klass->major_version(), _klass->external_name()); 2888 return; 2889 } 2890 } else { 2891 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2892 } 2893 2894 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2895 "buffer type must match VerificationType size"); 2896 2897 // Get the UTF8 index for this signature. 2898 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index)); 2899 2900 // Get the signature's verification types. 2901 sig_as_verification_types* mth_sig_verif_types; 2902 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2903 if (mth_sig_verif_types_ptr != nullptr) { 2904 // Found the entry for the signature's verification types in the hash table. 2905 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2906 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value"); 2907 } else { 2908 // Not found, add the entry to the table. 2909 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2910 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2911 create_method_sig_entry(mth_sig_verif_types, sig_index); 2912 } 2913 2914 // Get the number of arguments for this signature. 2915 int nargs = mth_sig_verif_types->num_args(); 2916 2917 // Check instruction operands 2918 int bci = bcs->bci(); 2919 if (opcode == Bytecodes::_invokeinterface) { 2920 address bcp = bcs->bcp(); 2921 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2922 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2923 // the difference between the size of the operand stack before and after the instruction 2924 // executes. 2925 if (*(bcp+3) != (nargs+1)) { 2926 verify_error(ErrorContext::bad_code(bci), 2927 "Inconsistent args count operand in invokeinterface"); 2928 return; 2929 } 2930 if (*(bcp+4) != 0) { 2931 verify_error(ErrorContext::bad_code(bci), 2932 "Fourth operand byte of invokeinterface must be zero"); 2933 return; 2934 } 2935 } 2936 2937 if (opcode == Bytecodes::_invokedynamic) { 2938 address bcp = bcs->bcp(); 2939 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2940 verify_error(ErrorContext::bad_code(bci), 2941 "Third and fourth operand bytes of invokedynamic must be zero"); 2942 return; 2943 } 2944 } 2945 2946 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2947 // Make sure: 2948 // <init> can only be invoked by invokespecial. 2949 if (opcode != Bytecodes::_invokespecial || 2950 method_name != vmSymbols::object_initializer_name()) { 2951 verify_error(ErrorContext::bad_code(bci), 2952 "Illegal call to internal method"); 2953 return; 2954 } 2955 } else if (opcode == Bytecodes::_invokespecial 2956 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2957 && !ref_class_type.equals(VerificationType::reference_type( 2958 current_class()->super()->name()))) { // super() can never be an inline_type. 2959 bool subtype = false; 2960 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2961 subtype = ref_class_type.is_assignable_from( 2962 current_type(), this, false, CHECK_VERIFY(this)); 2963 if (!subtype) { 2964 verify_error(ErrorContext::bad_code(bci), 2965 "Bad invokespecial instruction: " 2966 "current class isn't assignable to reference class."); 2967 return; 2968 } else if (have_imr_indirect) { 2969 verify_error(ErrorContext::bad_code(bci), 2970 "Bad invokespecial instruction: " 2971 "interface method reference is in an indirect superinterface."); 2972 return; 2973 } 2974 2975 } 2976 2977 // Get the verification types for the method's arguments. 2978 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2979 assert(sig_verif_types != nullptr, "Missing signature's array of verification types"); 2980 // Match method descriptor with operand stack 2981 // The arguments are on the stack in descending order. 2982 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2983 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2984 } 2985 2986 // Check objectref on operand stack 2987 if (opcode != Bytecodes::_invokestatic && 2988 opcode != Bytecodes::_invokedynamic) { 2989 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2990 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2991 code_length, in_try_block, this_uninit, cp, stackmap_table, 2992 CHECK_VERIFY(this)); 2993 if (was_recursively_verified()) return; 2994 } else { // other methods 2995 // Ensures that target class is assignable to method class. 2996 if (opcode == Bytecodes::_invokespecial) { 2997 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2998 } else if (opcode == Bytecodes::_invokevirtual) { 2999 VerificationType stack_object_type = 3000 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3001 if (current_type() != stack_object_type) { 3002 if (was_recursively_verified()) return; 3003 assert(cp->cache() == nullptr, "not rewritten yet"); 3004 Symbol* ref_class_name = 3005 cp->klass_name_at(cp->uncached_klass_ref_index_at(index)); 3006 // See the comments in verify_field_instructions() for 3007 // the rationale behind this. 3008 if (name_in_supers(ref_class_name, current_class())) { 3009 Klass* ref_class = load_class(ref_class_name, CHECK); 3010 if (is_protected_access( 3011 _klass, ref_class, method_name, method_sig, true)) { 3012 // It's protected access, check if stack object is 3013 // assignable to current class. 3014 if (ref_class_type.name() == vmSymbols::java_lang_Object() 3015 && stack_object_type.is_array() 3016 && method_name == vmSymbols::clone_name()) { 3017 // Special case: arrays pretend to implement public Object 3018 // clone(). 3019 } else { 3020 bool is_assignable = current_type().is_assignable_from( 3021 stack_object_type, this, true, CHECK_VERIFY(this)); 3022 if (!is_assignable) { 3023 verify_error(ErrorContext::bad_type(bci, 3024 current_frame->stack_top_ctx(), 3025 TypeOrigin::implicit(current_type())), 3026 "Bad access to protected data in invokevirtual"); 3027 return; 3028 } 3029 } 3030 } 3031 } 3032 } 3033 } else { 3034 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3035 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3036 } 3037 } 3038 } 3039 // Push the result type. 3040 int sig_verif_types_len = sig_verif_types->length(); 3041 if (sig_verif_types_len > nargs) { // There's a return type 3042 if (method_name == vmSymbols::object_initializer_name()) { 3043 // an <init> method must have a void return type 3044 verify_error(ErrorContext::bad_code(bci), 3045 "Return type must be void in <init> method"); 3046 return; 3047 } 3048 3049 assert(sig_verif_types_len <= nargs + 2, 3050 "Signature verification types array return type is bogus"); 3051 for (int i = nargs; i < sig_verif_types_len; i++) { 3052 assert(i == nargs || sig_verif_types->at(i).is_long2() || 3053 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 3054 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 3055 } 3056 } 3057 } 3058 3059 VerificationType ClassVerifier::get_newarray_type( 3060 u2 index, int bci, TRAPS) { 3061 const char* from_bt[] = { 3062 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3063 }; 3064 if (index < T_BOOLEAN || index > T_LONG) { 3065 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3066 return VerificationType::bogus_type(); 3067 } 3068 3069 // from_bt[index] contains the array signature which has a length of 2 3070 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3071 return VerificationType::reference_type(sig); 3072 } 3073 3074 void ClassVerifier::verify_anewarray( 3075 int bci, u2 index, const constantPoolHandle& cp, 3076 StackMapFrame* current_frame, TRAPS) { 3077 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3078 current_frame->pop_stack( 3079 VerificationType::integer_type(), CHECK_VERIFY(this)); 3080 3081 if (was_recursively_verified()) return; 3082 VerificationType component_type = 3083 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3084 int length; 3085 char* arr_sig_str; 3086 if (component_type.is_array()) { // it's an array 3087 const char* component_name = component_type.name()->as_utf8(); 3088 // Check for more than MAX_ARRAY_DIMENSIONS 3089 length = (int)strlen(component_name); 3090 if (length > MAX_ARRAY_DIMENSIONS && 3091 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3092 verify_error(ErrorContext::bad_code(bci), 3093 "Illegal anewarray instruction, array has more than 255 dimensions"); 3094 } 3095 // add one dimension to component 3096 length++; 3097 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3098 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3099 JVM_SIGNATURE_ARRAY, component_name); 3100 assert(n == length, "Unexpected number of characters in string"); 3101 } else { // it's an object or interface 3102 const char* component_name = component_type.name()->as_utf8(); 3103 // add one dimension to component with 'L' prepended and ';' postpended. 3104 length = (int)strlen(component_name) + 3; 3105 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3106 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3107 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name); 3108 assert(n == length, "Unexpected number of characters in string"); 3109 } 3110 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3111 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3112 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3113 } 3114 3115 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) { 3116 current_frame->get_local( 3117 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3118 current_frame->push_stack( 3119 VerificationType::integer_type(), CHECK_VERIFY(this)); 3120 } 3121 3122 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) { 3123 current_frame->get_local_2( 3124 index, VerificationType::long_type(), 3125 VerificationType::long2_type(), CHECK_VERIFY(this)); 3126 current_frame->push_stack_2( 3127 VerificationType::long_type(), 3128 VerificationType::long2_type(), CHECK_VERIFY(this)); 3129 } 3130 3131 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) { 3132 current_frame->get_local( 3133 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3134 current_frame->push_stack( 3135 VerificationType::float_type(), CHECK_VERIFY(this)); 3136 } 3137 3138 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) { 3139 current_frame->get_local_2( 3140 index, VerificationType::double_type(), 3141 VerificationType::double2_type(), CHECK_VERIFY(this)); 3142 current_frame->push_stack_2( 3143 VerificationType::double_type(), 3144 VerificationType::double2_type(), CHECK_VERIFY(this)); 3145 } 3146 3147 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) { 3148 VerificationType type = current_frame->get_local( 3149 index, VerificationType::reference_check(), CHECK_VERIFY(this)); 3150 current_frame->push_stack(type, CHECK_VERIFY(this)); 3151 } 3152 3153 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) { 3154 current_frame->pop_stack( 3155 VerificationType::integer_type(), CHECK_VERIFY(this)); 3156 current_frame->set_local( 3157 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3158 } 3159 3160 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) { 3161 current_frame->pop_stack_2( 3162 VerificationType::long2_type(), 3163 VerificationType::long_type(), CHECK_VERIFY(this)); 3164 current_frame->set_local_2( 3165 index, VerificationType::long_type(), 3166 VerificationType::long2_type(), CHECK_VERIFY(this)); 3167 } 3168 3169 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) { 3170 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3171 current_frame->set_local( 3172 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3173 } 3174 3175 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) { 3176 current_frame->pop_stack_2( 3177 VerificationType::double2_type(), 3178 VerificationType::double_type(), CHECK_VERIFY(this)); 3179 current_frame->set_local_2( 3180 index, VerificationType::double_type(), 3181 VerificationType::double2_type(), CHECK_VERIFY(this)); 3182 } 3183 3184 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) { 3185 VerificationType type = current_frame->pop_stack( 3186 VerificationType::reference_check(), CHECK_VERIFY(this)); 3187 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3188 } 3189 3190 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) { 3191 VerificationType type = current_frame->get_local( 3192 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3193 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3194 } 3195 3196 void ClassVerifier::verify_return_value( 3197 VerificationType return_type, VerificationType type, int bci, 3198 StackMapFrame* current_frame, TRAPS) { 3199 if (return_type == VerificationType::bogus_type()) { 3200 verify_error(ErrorContext::bad_type(bci, 3201 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3202 "Method does not expect a return value"); 3203 return; 3204 } 3205 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3206 if (!match) { 3207 verify_error(ErrorContext::bad_type(bci, 3208 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3209 "Bad return type"); 3210 return; 3211 } 3212 } 3213 3214 // The verifier creates symbols which are substrings of Symbols. 3215 // These are stored in the verifier until the end of verification so that 3216 // they can be reference counted. 3217 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3218 // Quick deduplication check 3219 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) { 3220 return _previous_symbol; 3221 } 3222 Symbol* sym = SymbolTable::new_symbol(name, length); 3223 if (!sym->is_permanent()) { 3224 if (_symbols == nullptr) { 3225 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr); 3226 } 3227 _symbols->push(sym); 3228 } 3229 _previous_symbol = sym; 3230 return sym; 3231 }