1 /*
2 * Copyright (c) 1998, 2025, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "cds/cdsConfig.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
91 void *lib_handle = nullptr;
92 // Load verify dll
93 if (is_vm_statically_linked()) {
94 lib_handle = os::get_default_process_handle();
95 } else {
96 char buffer[JVM_MAXPATHLEN];
97 char ebuf[1024];
98 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
99 return nullptr; // Caller will throw VerifyError
100
101 lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
102 if (lib_handle == nullptr)
103 return nullptr; // Caller will throw VerifyError
104 }
105
106 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
107 if (fn == nullptr)
108 return nullptr; // Caller will throw VerifyError
109
110 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
111 }
112
113
114 // Methods in Verifier
115
116 // This method determines whether we run the verifier and class file format checking code.
117 bool Verifier::should_verify_for(oop class_loader) {
118 return class_loader == nullptr ?
119 BytecodeVerificationLocal : BytecodeVerificationRemote;
120 }
121
122 // This method determines whether we allow package access in access checks in reflection.
123 bool Verifier::relax_access_for(oop loader) {
124 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
125 bool need_verify =
126 // verifyAll
127 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
128 // verifyRemote
129 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
130 return !need_verify;
131 }
132
133 // Callers will pass should_verify_class as true, depending on the results of should_verify_for() above,
134 // or pass true for redefinition of any class.
135 static bool is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
136 Symbol* name = klass->name();
137
138 return (should_verify_class &&
139 // Can not verify the bytecodes for shared classes because they have
140 // already been rewritten to contain constant pool cache indices,
141 // which the verifier can't understand.
142 // Shared classes shouldn't have stackmaps either.
143 // However, bytecodes for shared old classes can be verified because
144 // they have not been rewritten.
145 !(klass->in_aot_cache() && klass->is_rewritten()));
146 }
147
148 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
149 assert(verify_class != nullptr, "Unexpected null verify_class");
150 ResourceMark rm;
151 Symbol* s = verify_class->source_file_name();
152 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
153 const char* verify = verify_class->external_name();
154 const char* resolve = resolve_class->external_name();
155 // print in a single call to reduce interleaving between threads
156 if (source_file != nullptr) {
157 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
158 } else {
159 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
160 }
161 }
162
163 // Prints the end-verification message to the appropriate output.
164 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
165 if (pending_exception != nullptr) {
166 st->print("Verification for %s has", klassName);
167 oop message = java_lang_Throwable::message(pending_exception);
168 if (message != nullptr) {
169 char* ex_msg = java_lang_String::as_utf8_string(message);
170 st->print_cr(" exception pending '%s %s'",
171 pending_exception->klass()->external_name(), ex_msg);
172 } else {
173 st->print_cr(" exception pending %s ",
174 pending_exception->klass()->external_name());
175 }
176 } else if (exception_name != nullptr) {
177 st->print_cr("Verification for %s failed", klassName);
178 }
179 st->print_cr("End class verification for: %s", klassName);
180 }
181
182 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
183 HandleMark hm(THREAD);
184 ResourceMark rm(THREAD);
185
186 // Eagerly allocate the identity hash code for a klass. This is a fallout
187 // from 6320749 and 8059924: hash code generator is not supposed to be called
188 // during the safepoint, but it allows to sneak the hashcode in during
189 // verification. Without this eager hashcode generation, we may end up
190 // installing the hashcode during some other operation, which may be at
191 // safepoint -- blowing up the checks. It was previously done as the side
192 // effect (sic!) for external_name(), but instead of doing that, we opt to
193 // explicitly push the hashcode in here. This is signify the following block
194 // is IMPORTANT:
195 if (klass->java_mirror() != nullptr) {
196 klass->java_mirror()->identity_hash();
197 }
198
199 if (!is_eligible_for_verification(klass, should_verify_class)) {
200 return true;
201 }
202
203 // Timer includes any side effects of class verification (resolution,
204 // etc), but not recursive calls to Verifier::verify().
205 JavaThread* jt = THREAD;
206 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
207 ClassLoader::perf_class_verify_selftime(),
208 ClassLoader::perf_classes_verified(),
209 jt->get_thread_stat()->perf_recursion_counts_addr(),
210 jt->get_thread_stat()->perf_timers_addr(),
211 PerfClassTraceTime::CLASS_VERIFY);
212
213 // If the class should be verified, first see if we can use the split
214 // verifier. If not, or if verification fails and can failover, then
215 // call the inference verifier.
216 Symbol* exception_name = nullptr;
217 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
218 char* message_buffer = nullptr;
219 char* exception_message = nullptr;
220
221 log_info(class, init)("Start class verification for: %s", klass->external_name());
222 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
223 ClassVerifier split_verifier(jt, klass);
224 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
225 split_verifier.verify_class(THREAD);
226 exception_name = split_verifier.result();
227
228 // If dumping {classic, final} static archive, don't bother to run the old verifier, as
229 // the class will be excluded from the archive anyway.
230 bool can_failover = !(CDSConfig::is_dumping_classic_static_archive() || CDSConfig::is_dumping_final_static_archive()) &&
231 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
232
233 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
234 (exception_name == vmSymbols::java_lang_VerifyError() ||
235 exception_name == vmSymbols::java_lang_ClassFormatError())) {
236 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
237 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
238 #if INCLUDE_CDS
239 // Exclude any classes that are verified with the old verifier, as the old verifier
240 // doesn't call SystemDictionaryShared::add_verification_constraint()
241 if (CDSConfig::is_dumping_archive()) {
242 SystemDictionaryShared::log_exclusion(klass, "Verified with old verifier");
243 SystemDictionaryShared::set_excluded(klass);
244 }
245 #endif
246 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
247 exception_message = message_buffer;
248 exception_name = inference_verify(
249 klass, message_buffer, message_buffer_len, THREAD);
250 }
251 if (exception_name != nullptr) {
252 exception_message = split_verifier.exception_message();
253 }
254 } else {
255 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
256 exception_message = message_buffer;
257 exception_name = inference_verify(
258 klass, message_buffer, message_buffer_len, THREAD);
259 }
260
261 LogTarget(Info, class, init) lt1;
262 if (lt1.is_enabled()) {
263 LogStream ls(lt1);
264 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
265 }
266 LogTarget(Info, verification) lt2;
267 if (lt2.is_enabled()) {
268 LogStream ls(lt2);
269 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
270 }
271
272 if (HAS_PENDING_EXCEPTION) {
273 return false; // use the existing exception
274 } else if (exception_name == nullptr) {
275 return true; // verification succeeded
276 } else { // VerifyError or ClassFormatError to be created and thrown
277 Klass* kls =
278 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
279 if (log_is_enabled(Debug, class, resolve)) {
280 Verifier::trace_class_resolution(kls, klass);
281 }
282
283 while (kls != nullptr) {
284 if (kls == klass) {
285 // If the class being verified is the exception we're creating
286 // or one of it's superclasses, we're in trouble and are going
287 // to infinitely recurse when we try to initialize the exception.
288 // So bail out here by throwing the preallocated VM error.
289 THROW_OOP_(Universe::internal_error_instance(), false);
290 }
291 kls = kls->super();
292 }
293 if (message_buffer != nullptr) {
294 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
295 }
296 assert(exception_message != nullptr, "");
297 THROW_MSG_(exception_name, exception_message, false);
298 }
299 }
300
301 Symbol* Verifier::inference_verify(
302 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
303 JavaThread* thread = THREAD;
304
305 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
306
307 if (verify_func == nullptr) {
308 jio_snprintf(message, message_len, "Could not link verifier");
309 return vmSymbols::java_lang_VerifyError();
310 }
311
312 ResourceMark rm(thread);
313 log_info(verification)("Verifying class %s with old format", klass->external_name());
314
315 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
316 jint result;
317
318 {
319 HandleMark hm(thread);
320 ThreadToNativeFromVM ttn(thread);
321 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
322 // code knows that we have left the VM
323 JNIEnv *env = thread->jni_environment();
324 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
325 }
326
327 JNIHandles::destroy_local(cls);
328
329 // These numbers are chosen so that VerifyClassCodes interface doesn't need
330 // to be changed (still return jboolean (unsigned char)), and result is
331 // 1 when verification is passed.
332 if (result == 0) {
333 return vmSymbols::java_lang_VerifyError();
334 } else if (result == 1) {
335 return nullptr; // verified.
336 } else if (result == 2) {
337 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
338 } else if (result == 3) {
339 return vmSymbols::java_lang_ClassFormatError();
340 } else {
341 ShouldNotReachHere();
342 return nullptr;
343 }
344 }
345
346 TypeOrigin TypeOrigin::null() {
347 return TypeOrigin();
348 }
349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
350 assert(frame != nullptr, "Must have a frame");
351 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
352 frame->local_at(index));
353 }
354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
355 assert(frame != nullptr, "Must have a frame");
356 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
357 frame->stack_at(index));
358 }
359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
360 assert(frame != nullptr, "Must have a frame");
361 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
362 frame->local_at(index));
363 }
364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
365 assert(frame != nullptr, "Must have a frame");
366 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
367 frame->stack_at(index));
368 }
369 TypeOrigin TypeOrigin::bad_index(int index) {
370 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
371 }
372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
373 return TypeOrigin(CONST_POOL, index, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::signature(VerificationType vt) {
376 return TypeOrigin(SIG, 0, nullptr, vt);
377 }
378 TypeOrigin TypeOrigin::implicit(VerificationType t) {
379 return TypeOrigin(IMPLICIT, 0, nullptr, t);
380 }
381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
382 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
383 VerificationType::bogus_type());
384 }
385
386 void TypeOrigin::reset_frame() {
387 if (_frame != nullptr) {
388 _frame->restore();
389 }
390 }
391
392 void TypeOrigin::details(outputStream* ss) const {
393 _type.print_on(ss);
394 switch (_origin) {
395 case CF_LOCALS:
396 ss->print(" (current frame, locals[%d])", _index);
397 break;
398 case CF_STACK:
399 ss->print(" (current frame, stack[%d])", _index);
400 break;
401 case SM_LOCALS:
402 ss->print(" (stack map, locals[%d])", _index);
403 break;
404 case SM_STACK:
405 ss->print(" (stack map, stack[%d])", _index);
406 break;
407 case CONST_POOL:
408 ss->print(" (constant pool %d)", _index);
409 break;
410 case SIG:
411 ss->print(" (from method signature)");
412 break;
413 case IMPLICIT:
414 case FRAME_ONLY:
415 case NONE:
416 default:
417 ;
418 }
419 }
420
421 #ifdef ASSERT
422 void TypeOrigin::print_on(outputStream* str) const {
423 str->print("{%d,%d,%p:", _origin, _index, _frame);
424 if (_frame != nullptr) {
425 _frame->print_on(str);
426 } else {
427 str->print("null");
428 }
429 str->print(",");
430 _type.print_on(str);
431 str->print("}");
432 }
433 #endif
434
435 void ErrorContext::details(outputStream* ss, const Method* method) const {
436 if (is_valid()) {
437 ss->cr();
438 ss->print_cr("Exception Details:");
439 location_details(ss, method);
440 reason_details(ss);
441 frame_details(ss);
442 bytecode_details(ss, method);
443 handler_details(ss, method);
444 stackmap_details(ss, method);
445 }
446 }
447
448 void ErrorContext::reason_details(outputStream* ss) const {
449 StreamIndentor si(ss, 2);
450 ss->print_cr("Reason:");
451
452 StreamIndentor si2(ss, 2);
453 switch (_fault) {
454 case INVALID_BYTECODE:
455 ss->print("Error exists in the bytecode");
456 break;
457 case WRONG_TYPE:
458 if (_expected.is_valid()) {
459 ss->print("Type ");
460 _type.details(ss);
461 ss->print(" is not assignable to ");
462 _expected.details(ss);
463 } else {
464 ss->print("Invalid type: ");
465 _type.details(ss);
466 }
467 break;
468 case FLAGS_MISMATCH:
469 if (_expected.is_valid()) {
470 ss->print("Current frame's flags are not assignable "
471 "to stack map frame's.");
472 } else {
473 ss->print("Current frame's flags are invalid in this context.");
474 }
475 break;
476 case BAD_CP_INDEX:
477 ss->print("Constant pool index %d is invalid", _type.index());
478 break;
479 case BAD_LOCAL_INDEX:
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case BAD_STRICT_FIELDS:
483 ss->print("Invalid use of strict instance fields");
484 break;
485 case LOCALS_SIZE_MISMATCH:
486 ss->print("Current frame's local size doesn't match stackmap.");
487 break;
488 case STACK_SIZE_MISMATCH:
489 ss->print("Current frame's stack size doesn't match stackmap.");
490 break;
491 case STRICT_FIELDS_MISMATCH:
492 ss->print("Current frame's strict instance fields not compatible with stackmap.");
493 break;
494 case STACK_OVERFLOW:
495 ss->print("Exceeded max stack size.");
496 break;
497 case STACK_UNDERFLOW:
498 ss->print("Attempt to pop empty stack.");
499 break;
500 case MISSING_STACKMAP:
501 ss->print("Expected stackmap frame at this location.");
502 break;
503 case BAD_STACKMAP:
504 ss->print("Invalid stackmap specification.");
505 break;
506 case WRONG_INLINE_TYPE:
507 ss->print("Type ");
508 _type.details(ss);
509 ss->print(" and type ");
510 _expected.details(ss);
511 ss->print(" must be identical inline types.");
512 break;
513 case UNKNOWN:
514 default:
515 ShouldNotReachHere();
516 ss->print_cr("Unknown");
517 }
518 ss->cr();
519 }
520
521 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
522 if (_bci != -1 && method != nullptr) {
523 const char* bytecode_name = "<invalid>";
524 if (method->validate_bci(_bci) != -1) {
525 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
526 if (Bytecodes::is_defined(code)) {
527 bytecode_name = Bytecodes::name(code);
528 } else {
529 bytecode_name = "<illegal>";
530 }
531 }
532 InstanceKlass* ik = method->method_holder();
533
534 StreamIndentor si(ss, 2);
535 ss->print_cr("Location:");
536
537 StreamIndentor si2(ss, 2);
538 ss->print_cr("%s.%s%s @%d: %s",
539 ik->name()->as_C_string(), method->name()->as_C_string(),
540 method->signature()->as_C_string(), _bci, bytecode_name);
541 }
542 }
543
544 void ErrorContext::frame_details(outputStream* ss) const {
545 StreamIndentor si(ss, 2);
546 if (_type.is_valid() && _type.frame() != nullptr) {
547 ss->print_cr("Current Frame:");
548 StreamIndentor si2(ss, 2);
549 _type.frame()->print_on(ss);
550 }
551 if (_expected.is_valid() && _expected.frame() != nullptr) {
552 ss->print_cr("Stackmap Frame:");
553 StreamIndentor si2(ss, 2);
554 _expected.frame()->print_on(ss);
555 }
556 }
557
558 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
559 if (method != nullptr) {
560 StreamIndentor si(ss, 2);
561 ss->print_cr("Bytecode:");
562 StreamIndentor si2(ss, 2);
563 ss->print_data(method->code_base(), method->code_size(), false);
564 }
565 }
566
567 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
568 if (method != nullptr) {
569 StreamIndentor si(ss, 2);
570
571 ExceptionTable table(method);
572 if (table.length() > 0) {
573 ss->print_cr("Exception Handler Table:");
574 StreamIndentor si2(ss, 2);
575 for (int i = 0; i < table.length(); ++i) {
576 ss->print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
577 table.end_pc(i), table.handler_pc(i));
578 }
579 }
580 }
581 }
582
583 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
584 if (method != nullptr && method->has_stackmap_table()) {
585 StreamIndentor si(ss, 2);
586 ss->print_cr("Stackmap Table:");
587 Array<u1>* data = method->stackmap_data();
588 stack_map_table* sm_table =
589 stack_map_table::at((address)data->adr_at(0));
590 stack_map_frame* sm_frame = sm_table->entries();
591 StreamIndentor si2(ss, 2);
592 int current_offset = -1;
593 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
594 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
595 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
596 sm_frame->print_truncated(ss, current_offset);
597 return;
598 }
599 sm_frame->print_on(ss, current_offset);
600 ss->cr();
601 current_offset += sm_frame->offset_delta();
602 sm_frame = sm_frame->next();
603 }
604 }
605 }
606
607 // Methods in ClassVerifier
608
609 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
610 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
611 _message(nullptr), _klass(klass) {
612 _this_type = VerificationType::reference_type(klass->name());
613 }
614
615 ClassVerifier::~ClassVerifier() {
616 // Decrement the reference count for any symbols created.
617 if (_symbols != nullptr) {
618 for (int i = 0; i < _symbols->length(); i++) {
619 Symbol* s = _symbols->at(i);
620 s->decrement_refcount();
621 }
622 }
623 }
624
625 VerificationType ClassVerifier::object_type() const {
626 return VerificationType::reference_type(vmSymbols::java_lang_Object());
627 }
628
629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
630 VerificationType vt = VerificationType::reference_type(
631 create_temporary_symbol(sig, (int)strlen(sig)));
632 return TypeOrigin::implicit(vt);
633 }
634
635 static bool supports_strict_fields(InstanceKlass* klass) {
636 int ver = klass->major_version();
637 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
638 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
639 }
640
641 void ClassVerifier::verify_class(TRAPS) {
642 log_info(verification)("Verifying class %s with new format", _klass->external_name());
643
644 // Either verifying both local and remote classes or just remote classes.
645 assert(BytecodeVerificationRemote, "Should not be here");
646
647 Array<Method*>* methods = _klass->methods();
648 int num_methods = methods->length();
649
650 for (int index = 0; index < num_methods; index++) {
651 // Check for recursive re-verification before each method.
652 if (was_recursively_verified()) return;
653
654 Method* m = methods->at(index);
655 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
656 // If m is native or abstract, skip it. It is checked in class file
657 // parser that methods do not override a final method. Overpass methods
658 // are trusted since the VM generates them.
659 continue;
660 }
661 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
662 }
663
664 if (was_recursively_verified()){
665 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
666 log_info(class, init)("Recursive verification detected for: %s",
667 _klass->external_name());
668 }
669 }
670
671 // Translate the signature entries into verification types and save them in
672 // the growable array. Also, save the count of arguments.
673 void ClassVerifier::translate_signature(Symbol* const method_sig,
674 sig_as_verification_types* sig_verif_types) {
675 SignatureStream sig_stream(method_sig);
676 VerificationType sig_type[2];
677 int sig_i = 0;
678 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
679
680 // Translate the signature arguments into verification types.
681 while (!sig_stream.at_return_type()) {
682 int n = change_sig_to_verificationType(&sig_stream, sig_type);
683 assert(n <= 2, "Unexpected signature type");
684
685 // Store verification type(s). Longs and Doubles each have two verificationTypes.
686 for (int x = 0; x < n; x++) {
687 verif_types->push(sig_type[x]);
688 }
689 sig_i += n;
690 sig_stream.next();
691 }
692
693 // Set final arg count, not including the return type. The final arg count will
694 // be compared with sig_verify_types' length to see if there is a return type.
695 sig_verif_types->set_num_args(sig_i);
696
697 // Store verification type(s) for the return type, if there is one.
698 if (sig_stream.type() != T_VOID) {
699 int n = change_sig_to_verificationType(&sig_stream, sig_type);
700 assert(n <= 2, "Unexpected signature return type");
701 for (int y = 0; y < n; y++) {
702 verif_types->push(sig_type[y]);
703 }
704 }
705 }
706
707 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
708 int sig_index) {
709 // Translate the signature into verification types.
710 ConstantPool* cp = _klass->constants();
711 Symbol* const method_sig = cp->symbol_at(sig_index);
712 translate_signature(method_sig, sig_verif_types);
713
714 // Add the list of this signature's verification types to the table.
715 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
716 assert(is_unique, "Duplicate entries in method_signature_table");
717 }
718
719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
720 HandleMark hm(THREAD);
721 _method = m; // initialize _method
722 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
723
724 // For clang, the only good constant format string is a literal constant format string.
725 #define bad_type_msg "Bad type on operand stack in %s"
726
727 u2 max_stack = m->verifier_max_stack();
728 u2 max_locals = m->max_locals();
729 constantPoolHandle cp(THREAD, m->constants());
730
731 // Method signature was checked in ClassFileParser.
732 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
733 "Invalid method signature");
734
735 // Collect the initial strict instance fields
736 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
737 if (m->is_object_constructor()) {
738 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
739 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
740 NameAndSig new_field(fs.name(), fs.signature());
741 if (IgnoreAssertUnsetFields) {
742 strict_fields->put(new_field, true);
743 } else {
744 strict_fields->put(new_field, false);
745 }
746 }
747 }
748 }
749
750 // Initial stack map frame: offset is 0, stack is initially empty.
751 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
752 // Set initial locals
753 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
754
755 u2 stackmap_index = 0; // index to the stackmap array
756
757 u4 code_length = m->code_size();
758
759 // Scan the bytecode and map each instruction's start offset to a number.
760 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
761
762 int ex_min = code_length;
763 int ex_max = -1;
764 // Look through each item on the exception table. Each of the fields must refer
765 // to a legal instruction.
766 if (was_recursively_verified()) return;
767 verify_exception_handler_table(
768 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
769
770 // Look through each entry on the local variable table and make sure
771 // its range of code array offsets is valid. (4169817)
772 if (m->has_localvariable_table()) {
773 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
774 }
775
776 Array<u1>* stackmap_data = m->stackmap_data();
777 StackMapStream stream(stackmap_data);
778 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
779 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
780
781 LogTarget(Debug, verification) lt;
782 if (lt.is_enabled()) {
783 LogStream ls(lt);
784 stackmap_table.print_on(&ls);
785 }
786
787 RawBytecodeStream bcs(m);
788
789 // Scan the byte code linearly from the start to the end
790 bool no_control_flow = false; // Set to true when there is no direct control
791 // flow from current instruction to the next
792 // instruction in sequence
793
794 Bytecodes::Code opcode;
795 while (!bcs.is_last_bytecode()) {
796 // Check for recursive re-verification before each bytecode.
797 if (was_recursively_verified()) return;
798
799 opcode = bcs.raw_next();
800 int bci = bcs.bci();
801
802 // Set current frame's offset to bci
803 current_frame.set_offset(bci);
804 current_frame.set_mark();
805
806 // Make sure every offset in stackmap table point to the beginning to
807 // an instruction. Match current_frame to stackmap_table entry with
808 // the same offset if exists.
809 stackmap_index = verify_stackmap_table(
810 stackmap_index, bci, ¤t_frame, &stackmap_table,
811 no_control_flow, CHECK_VERIFY(this));
812
813
814 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
815 bool verified_exc_handlers = false;
816
817 // Merge with the next instruction
818 {
819 VerificationType type, type2;
820 VerificationType atype;
821
822 LogTarget(Debug, verification) lt;
823 if (lt.is_enabled()) {
824 LogStream ls(lt);
825 current_frame.print_on(&ls);
826 lt.print("offset = %d, opcode = %s", bci,
827 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
828 }
829
830 // Make sure wide instruction is in correct format
831 if (bcs.is_wide()) {
832 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
833 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
834 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
835 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
836 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
837 opcode != Bytecodes::_dstore) {
838 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
839 * if we encounter a wide instruction that modifies an invalid
840 * opcode (not one of the ones listed above) */
841 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
842 return;
843 }
844 }
845
846 // Look for possible jump target in exception handlers and see if it
847 // matches current_frame. Do this check here for astore*, dstore*,
848 // fstore*, istore*, and lstore* opcodes because they can change the type
849 // state by adding a local. JVM Spec says that the incoming type state
850 // should be used for this check. So, do the check here before a possible
851 // local is added to the type state.
852 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
853 if (was_recursively_verified()) return;
854 verify_exception_handler_targets(
855 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
856 verified_exc_handlers = true;
857 }
858
859 if (was_recursively_verified()) return;
860
861 switch (opcode) {
862 case Bytecodes::_nop :
863 no_control_flow = false; break;
864 case Bytecodes::_aconst_null :
865 current_frame.push_stack(
866 VerificationType::null_type(), CHECK_VERIFY(this));
867 no_control_flow = false; break;
868 case Bytecodes::_iconst_m1 :
869 case Bytecodes::_iconst_0 :
870 case Bytecodes::_iconst_1 :
871 case Bytecodes::_iconst_2 :
872 case Bytecodes::_iconst_3 :
873 case Bytecodes::_iconst_4 :
874 case Bytecodes::_iconst_5 :
875 current_frame.push_stack(
876 VerificationType::integer_type(), CHECK_VERIFY(this));
877 no_control_flow = false; break;
878 case Bytecodes::_lconst_0 :
879 case Bytecodes::_lconst_1 :
880 current_frame.push_stack_2(
881 VerificationType::long_type(),
882 VerificationType::long2_type(), CHECK_VERIFY(this));
883 no_control_flow = false; break;
884 case Bytecodes::_fconst_0 :
885 case Bytecodes::_fconst_1 :
886 case Bytecodes::_fconst_2 :
887 current_frame.push_stack(
888 VerificationType::float_type(), CHECK_VERIFY(this));
889 no_control_flow = false; break;
890 case Bytecodes::_dconst_0 :
891 case Bytecodes::_dconst_1 :
892 current_frame.push_stack_2(
893 VerificationType::double_type(),
894 VerificationType::double2_type(), CHECK_VERIFY(this));
895 no_control_flow = false; break;
896 case Bytecodes::_sipush :
897 case Bytecodes::_bipush :
898 current_frame.push_stack(
899 VerificationType::integer_type(), CHECK_VERIFY(this));
900 no_control_flow = false; break;
901 case Bytecodes::_ldc :
902 verify_ldc(
903 opcode, bcs.get_index_u1(), ¤t_frame,
904 cp, bci, CHECK_VERIFY(this));
905 no_control_flow = false; break;
906 case Bytecodes::_ldc_w :
907 case Bytecodes::_ldc2_w :
908 verify_ldc(
909 opcode, bcs.get_index_u2(), ¤t_frame,
910 cp, bci, CHECK_VERIFY(this));
911 no_control_flow = false; break;
912 case Bytecodes::_iload :
913 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
914 no_control_flow = false; break;
915 case Bytecodes::_iload_0 :
916 case Bytecodes::_iload_1 :
917 case Bytecodes::_iload_2 :
918 case Bytecodes::_iload_3 : {
919 int index = opcode - Bytecodes::_iload_0;
920 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 }
923 case Bytecodes::_lload :
924 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
925 no_control_flow = false; break;
926 case Bytecodes::_lload_0 :
927 case Bytecodes::_lload_1 :
928 case Bytecodes::_lload_2 :
929 case Bytecodes::_lload_3 : {
930 int index = opcode - Bytecodes::_lload_0;
931 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 }
934 case Bytecodes::_fload :
935 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
936 no_control_flow = false; break;
937 case Bytecodes::_fload_0 :
938 case Bytecodes::_fload_1 :
939 case Bytecodes::_fload_2 :
940 case Bytecodes::_fload_3 : {
941 int index = opcode - Bytecodes::_fload_0;
942 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
943 no_control_flow = false; break;
944 }
945 case Bytecodes::_dload :
946 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
947 no_control_flow = false; break;
948 case Bytecodes::_dload_0 :
949 case Bytecodes::_dload_1 :
950 case Bytecodes::_dload_2 :
951 case Bytecodes::_dload_3 : {
952 int index = opcode - Bytecodes::_dload_0;
953 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
954 no_control_flow = false; break;
955 }
956 case Bytecodes::_aload :
957 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
958 no_control_flow = false; break;
959 case Bytecodes::_aload_0 :
960 case Bytecodes::_aload_1 :
961 case Bytecodes::_aload_2 :
962 case Bytecodes::_aload_3 : {
963 int index = opcode - Bytecodes::_aload_0;
964 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
965 no_control_flow = false; break;
966 }
967 case Bytecodes::_iaload :
968 type = current_frame.pop_stack(
969 VerificationType::integer_type(), CHECK_VERIFY(this));
970 atype = current_frame.pop_stack(
971 VerificationType::reference_check(), CHECK_VERIFY(this));
972 if (!atype.is_int_array()) {
973 verify_error(ErrorContext::bad_type(bci,
974 current_frame.stack_top_ctx(), ref_ctx("[I")),
975 bad_type_msg, "iaload");
976 return;
977 }
978 current_frame.push_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 no_control_flow = false; break;
981 case Bytecodes::_baload :
982 type = current_frame.pop_stack(
983 VerificationType::integer_type(), CHECK_VERIFY(this));
984 atype = current_frame.pop_stack(
985 VerificationType::reference_check(), CHECK_VERIFY(this));
986 if (!atype.is_bool_array() && !atype.is_byte_array()) {
987 verify_error(
988 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
989 bad_type_msg, "baload");
990 return;
991 }
992 current_frame.push_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 no_control_flow = false; break;
995 case Bytecodes::_caload :
996 type = current_frame.pop_stack(
997 VerificationType::integer_type(), CHECK_VERIFY(this));
998 atype = current_frame.pop_stack(
999 VerificationType::reference_check(), CHECK_VERIFY(this));
1000 if (!atype.is_char_array()) {
1001 verify_error(ErrorContext::bad_type(bci,
1002 current_frame.stack_top_ctx(), ref_ctx("[C")),
1003 bad_type_msg, "caload");
1004 return;
1005 }
1006 current_frame.push_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 no_control_flow = false; break;
1009 case Bytecodes::_saload :
1010 type = current_frame.pop_stack(
1011 VerificationType::integer_type(), CHECK_VERIFY(this));
1012 atype = current_frame.pop_stack(
1013 VerificationType::reference_check(), CHECK_VERIFY(this));
1014 if (!atype.is_short_array()) {
1015 verify_error(ErrorContext::bad_type(bci,
1016 current_frame.stack_top_ctx(), ref_ctx("[S")),
1017 bad_type_msg, "saload");
1018 return;
1019 }
1020 current_frame.push_stack(
1021 VerificationType::integer_type(), CHECK_VERIFY(this));
1022 no_control_flow = false; break;
1023 case Bytecodes::_laload :
1024 type = current_frame.pop_stack(
1025 VerificationType::integer_type(), CHECK_VERIFY(this));
1026 atype = current_frame.pop_stack(
1027 VerificationType::reference_check(), CHECK_VERIFY(this));
1028 if (!atype.is_long_array()) {
1029 verify_error(ErrorContext::bad_type(bci,
1030 current_frame.stack_top_ctx(), ref_ctx("[J")),
1031 bad_type_msg, "laload");
1032 return;
1033 }
1034 current_frame.push_stack_2(
1035 VerificationType::long_type(),
1036 VerificationType::long2_type(), CHECK_VERIFY(this));
1037 no_control_flow = false; break;
1038 case Bytecodes::_faload :
1039 type = current_frame.pop_stack(
1040 VerificationType::integer_type(), CHECK_VERIFY(this));
1041 atype = current_frame.pop_stack(
1042 VerificationType::reference_check(), CHECK_VERIFY(this));
1043 if (!atype.is_float_array()) {
1044 verify_error(ErrorContext::bad_type(bci,
1045 current_frame.stack_top_ctx(), ref_ctx("[F")),
1046 bad_type_msg, "faload");
1047 return;
1048 }
1049 current_frame.push_stack(
1050 VerificationType::float_type(), CHECK_VERIFY(this));
1051 no_control_flow = false; break;
1052 case Bytecodes::_daload :
1053 type = current_frame.pop_stack(
1054 VerificationType::integer_type(), CHECK_VERIFY(this));
1055 atype = current_frame.pop_stack(
1056 VerificationType::reference_check(), CHECK_VERIFY(this));
1057 if (!atype.is_double_array()) {
1058 verify_error(ErrorContext::bad_type(bci,
1059 current_frame.stack_top_ctx(), ref_ctx("[D")),
1060 bad_type_msg, "daload");
1061 return;
1062 }
1063 current_frame.push_stack_2(
1064 VerificationType::double_type(),
1065 VerificationType::double2_type(), CHECK_VERIFY(this));
1066 no_control_flow = false; break;
1067 case Bytecodes::_aaload : {
1068 type = current_frame.pop_stack(
1069 VerificationType::integer_type(), CHECK_VERIFY(this));
1070 atype = current_frame.pop_stack(
1071 VerificationType::reference_check(), CHECK_VERIFY(this));
1072 if (!atype.is_reference_array()) {
1073 verify_error(ErrorContext::bad_type(bci,
1074 current_frame.stack_top_ctx(),
1075 TypeOrigin::implicit(VerificationType::reference_check())),
1076 bad_type_msg, "aaload");
1077 return;
1078 }
1079 if (atype.is_null()) {
1080 current_frame.push_stack(
1081 VerificationType::null_type(), CHECK_VERIFY(this));
1082 } else {
1083 VerificationType component = atype.get_component(this);
1084 current_frame.push_stack(component, CHECK_VERIFY(this));
1085 }
1086 no_control_flow = false; break;
1087 }
1088 case Bytecodes::_istore :
1089 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1090 no_control_flow = false; break;
1091 case Bytecodes::_istore_0 :
1092 case Bytecodes::_istore_1 :
1093 case Bytecodes::_istore_2 :
1094 case Bytecodes::_istore_3 : {
1095 int index = opcode - Bytecodes::_istore_0;
1096 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 }
1099 case Bytecodes::_lstore :
1100 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1101 no_control_flow = false; break;
1102 case Bytecodes::_lstore_0 :
1103 case Bytecodes::_lstore_1 :
1104 case Bytecodes::_lstore_2 :
1105 case Bytecodes::_lstore_3 : {
1106 int index = opcode - Bytecodes::_lstore_0;
1107 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 }
1110 case Bytecodes::_fstore :
1111 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1112 no_control_flow = false; break;
1113 case Bytecodes::_fstore_0 :
1114 case Bytecodes::_fstore_1 :
1115 case Bytecodes::_fstore_2 :
1116 case Bytecodes::_fstore_3 : {
1117 int index = opcode - Bytecodes::_fstore_0;
1118 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1119 no_control_flow = false; break;
1120 }
1121 case Bytecodes::_dstore :
1122 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1123 no_control_flow = false; break;
1124 case Bytecodes::_dstore_0 :
1125 case Bytecodes::_dstore_1 :
1126 case Bytecodes::_dstore_2 :
1127 case Bytecodes::_dstore_3 : {
1128 int index = opcode - Bytecodes::_dstore_0;
1129 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1130 no_control_flow = false; break;
1131 }
1132 case Bytecodes::_astore :
1133 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1134 no_control_flow = false; break;
1135 case Bytecodes::_astore_0 :
1136 case Bytecodes::_astore_1 :
1137 case Bytecodes::_astore_2 :
1138 case Bytecodes::_astore_3 : {
1139 int index = opcode - Bytecodes::_astore_0;
1140 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1141 no_control_flow = false; break;
1142 }
1143 case Bytecodes::_iastore :
1144 type = current_frame.pop_stack(
1145 VerificationType::integer_type(), CHECK_VERIFY(this));
1146 type2 = current_frame.pop_stack(
1147 VerificationType::integer_type(), CHECK_VERIFY(this));
1148 atype = current_frame.pop_stack(
1149 VerificationType::reference_check(), CHECK_VERIFY(this));
1150 if (!atype.is_int_array()) {
1151 verify_error(ErrorContext::bad_type(bci,
1152 current_frame.stack_top_ctx(), ref_ctx("[I")),
1153 bad_type_msg, "iastore");
1154 return;
1155 }
1156 no_control_flow = false; break;
1157 case Bytecodes::_bastore :
1158 type = current_frame.pop_stack(
1159 VerificationType::integer_type(), CHECK_VERIFY(this));
1160 type2 = current_frame.pop_stack(
1161 VerificationType::integer_type(), CHECK_VERIFY(this));
1162 atype = current_frame.pop_stack(
1163 VerificationType::reference_check(), CHECK_VERIFY(this));
1164 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1165 verify_error(
1166 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1167 bad_type_msg, "bastore");
1168 return;
1169 }
1170 no_control_flow = false; break;
1171 case Bytecodes::_castore :
1172 current_frame.pop_stack(
1173 VerificationType::integer_type(), CHECK_VERIFY(this));
1174 current_frame.pop_stack(
1175 VerificationType::integer_type(), CHECK_VERIFY(this));
1176 atype = current_frame.pop_stack(
1177 VerificationType::reference_check(), CHECK_VERIFY(this));
1178 if (!atype.is_char_array()) {
1179 verify_error(ErrorContext::bad_type(bci,
1180 current_frame.stack_top_ctx(), ref_ctx("[C")),
1181 bad_type_msg, "castore");
1182 return;
1183 }
1184 no_control_flow = false; break;
1185 case Bytecodes::_sastore :
1186 current_frame.pop_stack(
1187 VerificationType::integer_type(), CHECK_VERIFY(this));
1188 current_frame.pop_stack(
1189 VerificationType::integer_type(), CHECK_VERIFY(this));
1190 atype = current_frame.pop_stack(
1191 VerificationType::reference_check(), CHECK_VERIFY(this));
1192 if (!atype.is_short_array()) {
1193 verify_error(ErrorContext::bad_type(bci,
1194 current_frame.stack_top_ctx(), ref_ctx("[S")),
1195 bad_type_msg, "sastore");
1196 return;
1197 }
1198 no_control_flow = false; break;
1199 case Bytecodes::_lastore :
1200 current_frame.pop_stack_2(
1201 VerificationType::long2_type(),
1202 VerificationType::long_type(), CHECK_VERIFY(this));
1203 current_frame.pop_stack(
1204 VerificationType::integer_type(), CHECK_VERIFY(this));
1205 atype = current_frame.pop_stack(
1206 VerificationType::reference_check(), CHECK_VERIFY(this));
1207 if (!atype.is_long_array()) {
1208 verify_error(ErrorContext::bad_type(bci,
1209 current_frame.stack_top_ctx(), ref_ctx("[J")),
1210 bad_type_msg, "lastore");
1211 return;
1212 }
1213 no_control_flow = false; break;
1214 case Bytecodes::_fastore :
1215 current_frame.pop_stack(
1216 VerificationType::float_type(), CHECK_VERIFY(this));
1217 current_frame.pop_stack
1218 (VerificationType::integer_type(), CHECK_VERIFY(this));
1219 atype = current_frame.pop_stack(
1220 VerificationType::reference_check(), CHECK_VERIFY(this));
1221 if (!atype.is_float_array()) {
1222 verify_error(ErrorContext::bad_type(bci,
1223 current_frame.stack_top_ctx(), ref_ctx("[F")),
1224 bad_type_msg, "fastore");
1225 return;
1226 }
1227 no_control_flow = false; break;
1228 case Bytecodes::_dastore :
1229 current_frame.pop_stack_2(
1230 VerificationType::double2_type(),
1231 VerificationType::double_type(), CHECK_VERIFY(this));
1232 current_frame.pop_stack(
1233 VerificationType::integer_type(), CHECK_VERIFY(this));
1234 atype = current_frame.pop_stack(
1235 VerificationType::reference_check(), CHECK_VERIFY(this));
1236 if (!atype.is_double_array()) {
1237 verify_error(ErrorContext::bad_type(bci,
1238 current_frame.stack_top_ctx(), ref_ctx("[D")),
1239 bad_type_msg, "dastore");
1240 return;
1241 }
1242 no_control_flow = false; break;
1243 case Bytecodes::_aastore :
1244 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1245 type2 = current_frame.pop_stack(
1246 VerificationType::integer_type(), CHECK_VERIFY(this));
1247 atype = current_frame.pop_stack(
1248 VerificationType::reference_check(), CHECK_VERIFY(this));
1249 // more type-checking is done at runtime
1250 if (!atype.is_reference_array()) {
1251 verify_error(ErrorContext::bad_type(bci,
1252 current_frame.stack_top_ctx(),
1253 TypeOrigin::implicit(VerificationType::reference_check())),
1254 bad_type_msg, "aastore");
1255 return;
1256 }
1257 // 4938384: relaxed constraint in JVMS 3rd edition.
1258 no_control_flow = false; break;
1259 case Bytecodes::_pop :
1260 current_frame.pop_stack(
1261 VerificationType::category1_check(), CHECK_VERIFY(this));
1262 no_control_flow = false; break;
1263 case Bytecodes::_pop2 :
1264 type = current_frame.pop_stack(CHECK_VERIFY(this));
1265 if (type.is_category1()) {
1266 current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 } else if (type.is_category2_2nd()) {
1269 current_frame.pop_stack(
1270 VerificationType::category2_check(), CHECK_VERIFY(this));
1271 } else {
1272 /* Unreachable? Would need a category2_1st on TOS
1273 * which does not appear possible. */
1274 verify_error(
1275 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1276 bad_type_msg, "pop2");
1277 return;
1278 }
1279 no_control_flow = false; break;
1280 case Bytecodes::_dup :
1281 type = current_frame.pop_stack(
1282 VerificationType::category1_check(), CHECK_VERIFY(this));
1283 current_frame.push_stack(type, CHECK_VERIFY(this));
1284 current_frame.push_stack(type, CHECK_VERIFY(this));
1285 no_control_flow = false; break;
1286 case Bytecodes::_dup_x1 :
1287 type = current_frame.pop_stack(
1288 VerificationType::category1_check(), CHECK_VERIFY(this));
1289 type2 = current_frame.pop_stack(
1290 VerificationType::category1_check(), CHECK_VERIFY(this));
1291 current_frame.push_stack(type, CHECK_VERIFY(this));
1292 current_frame.push_stack(type2, CHECK_VERIFY(this));
1293 current_frame.push_stack(type, CHECK_VERIFY(this));
1294 no_control_flow = false; break;
1295 case Bytecodes::_dup_x2 :
1296 {
1297 VerificationType type3;
1298 type = current_frame.pop_stack(
1299 VerificationType::category1_check(), CHECK_VERIFY(this));
1300 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1301 if (type2.is_category1()) {
1302 type3 = current_frame.pop_stack(
1303 VerificationType::category1_check(), CHECK_VERIFY(this));
1304 } else if (type2.is_category2_2nd()) {
1305 type3 = current_frame.pop_stack(
1306 VerificationType::category2_check(), CHECK_VERIFY(this));
1307 } else {
1308 /* Unreachable? Would need a category2_1st at stack depth 2 with
1309 * a category1 on TOS which does not appear possible. */
1310 verify_error(ErrorContext::bad_type(
1311 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1312 return;
1313 }
1314 current_frame.push_stack(type, CHECK_VERIFY(this));
1315 current_frame.push_stack(type3, CHECK_VERIFY(this));
1316 current_frame.push_stack(type2, CHECK_VERIFY(this));
1317 current_frame.push_stack(type, CHECK_VERIFY(this));
1318 no_control_flow = false; break;
1319 }
1320 case Bytecodes::_dup2 :
1321 type = current_frame.pop_stack(CHECK_VERIFY(this));
1322 if (type.is_category1()) {
1323 type2 = current_frame.pop_stack(
1324 VerificationType::category1_check(), CHECK_VERIFY(this));
1325 } else if (type.is_category2_2nd()) {
1326 type2 = current_frame.pop_stack(
1327 VerificationType::category2_check(), CHECK_VERIFY(this));
1328 } else {
1329 /* Unreachable? Would need a category2_1st on TOS which does not
1330 * appear possible. */
1331 verify_error(
1332 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1333 bad_type_msg, "dup2");
1334 return;
1335 }
1336 current_frame.push_stack(type2, CHECK_VERIFY(this));
1337 current_frame.push_stack(type, CHECK_VERIFY(this));
1338 current_frame.push_stack(type2, CHECK_VERIFY(this));
1339 current_frame.push_stack(type, CHECK_VERIFY(this));
1340 no_control_flow = false; break;
1341 case Bytecodes::_dup2_x1 :
1342 {
1343 VerificationType type3;
1344 type = current_frame.pop_stack(CHECK_VERIFY(this));
1345 if (type.is_category1()) {
1346 type2 = current_frame.pop_stack(
1347 VerificationType::category1_check(), CHECK_VERIFY(this));
1348 } else if (type.is_category2_2nd()) {
1349 type2 = current_frame.pop_stack(
1350 VerificationType::category2_check(), CHECK_VERIFY(this));
1351 } else {
1352 /* Unreachable? Would need a category2_1st on TOS which does
1353 * not appear possible. */
1354 verify_error(
1355 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1356 bad_type_msg, "dup2_x1");
1357 return;
1358 }
1359 type3 = current_frame.pop_stack(
1360 VerificationType::category1_check(), CHECK_VERIFY(this));
1361 current_frame.push_stack(type2, CHECK_VERIFY(this));
1362 current_frame.push_stack(type, CHECK_VERIFY(this));
1363 current_frame.push_stack(type3, CHECK_VERIFY(this));
1364 current_frame.push_stack(type2, CHECK_VERIFY(this));
1365 current_frame.push_stack(type, CHECK_VERIFY(this));
1366 no_control_flow = false; break;
1367 }
1368 case Bytecodes::_dup2_x2 :
1369 {
1370 VerificationType type3, type4;
1371 type = current_frame.pop_stack(CHECK_VERIFY(this));
1372 if (type.is_category1()) {
1373 type2 = current_frame.pop_stack(
1374 VerificationType::category1_check(), CHECK_VERIFY(this));
1375 } else if (type.is_category2_2nd()) {
1376 type2 = current_frame.pop_stack(
1377 VerificationType::category2_check(), CHECK_VERIFY(this));
1378 } else {
1379 /* Unreachable? Would need a category2_1st on TOS which does
1380 * not appear possible. */
1381 verify_error(
1382 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1383 bad_type_msg, "dup2_x2");
1384 return;
1385 }
1386 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1387 if (type3.is_category1()) {
1388 type4 = current_frame.pop_stack(
1389 VerificationType::category1_check(), CHECK_VERIFY(this));
1390 } else if (type3.is_category2_2nd()) {
1391 type4 = current_frame.pop_stack(
1392 VerificationType::category2_check(), CHECK_VERIFY(this));
1393 } else {
1394 /* Unreachable? Would need a category2_1st on TOS after popping
1395 * a long/double or two category 1's, which does not
1396 * appear possible. */
1397 verify_error(
1398 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1399 bad_type_msg, "dup2_x2");
1400 return;
1401 }
1402 current_frame.push_stack(type2, CHECK_VERIFY(this));
1403 current_frame.push_stack(type, CHECK_VERIFY(this));
1404 current_frame.push_stack(type4, CHECK_VERIFY(this));
1405 current_frame.push_stack(type3, CHECK_VERIFY(this));
1406 current_frame.push_stack(type2, CHECK_VERIFY(this));
1407 current_frame.push_stack(type, CHECK_VERIFY(this));
1408 no_control_flow = false; break;
1409 }
1410 case Bytecodes::_swap :
1411 type = current_frame.pop_stack(
1412 VerificationType::category1_check(), CHECK_VERIFY(this));
1413 type2 = current_frame.pop_stack(
1414 VerificationType::category1_check(), CHECK_VERIFY(this));
1415 current_frame.push_stack(type, CHECK_VERIFY(this));
1416 current_frame.push_stack(type2, CHECK_VERIFY(this));
1417 no_control_flow = false; break;
1418 case Bytecodes::_iadd :
1419 case Bytecodes::_isub :
1420 case Bytecodes::_imul :
1421 case Bytecodes::_idiv :
1422 case Bytecodes::_irem :
1423 case Bytecodes::_ishl :
1424 case Bytecodes::_ishr :
1425 case Bytecodes::_iushr :
1426 case Bytecodes::_ior :
1427 case Bytecodes::_ixor :
1428 case Bytecodes::_iand :
1429 current_frame.pop_stack(
1430 VerificationType::integer_type(), CHECK_VERIFY(this));
1431 // fall through
1432 case Bytecodes::_ineg :
1433 current_frame.pop_stack(
1434 VerificationType::integer_type(), CHECK_VERIFY(this));
1435 current_frame.push_stack(
1436 VerificationType::integer_type(), CHECK_VERIFY(this));
1437 no_control_flow = false; break;
1438 case Bytecodes::_ladd :
1439 case Bytecodes::_lsub :
1440 case Bytecodes::_lmul :
1441 case Bytecodes::_ldiv :
1442 case Bytecodes::_lrem :
1443 case Bytecodes::_land :
1444 case Bytecodes::_lor :
1445 case Bytecodes::_lxor :
1446 current_frame.pop_stack_2(
1447 VerificationType::long2_type(),
1448 VerificationType::long_type(), CHECK_VERIFY(this));
1449 // fall through
1450 case Bytecodes::_lneg :
1451 current_frame.pop_stack_2(
1452 VerificationType::long2_type(),
1453 VerificationType::long_type(), CHECK_VERIFY(this));
1454 current_frame.push_stack_2(
1455 VerificationType::long_type(),
1456 VerificationType::long2_type(), CHECK_VERIFY(this));
1457 no_control_flow = false; break;
1458 case Bytecodes::_lshl :
1459 case Bytecodes::_lshr :
1460 case Bytecodes::_lushr :
1461 current_frame.pop_stack(
1462 VerificationType::integer_type(), CHECK_VERIFY(this));
1463 current_frame.pop_stack_2(
1464 VerificationType::long2_type(),
1465 VerificationType::long_type(), CHECK_VERIFY(this));
1466 current_frame.push_stack_2(
1467 VerificationType::long_type(),
1468 VerificationType::long2_type(), CHECK_VERIFY(this));
1469 no_control_flow = false; break;
1470 case Bytecodes::_fadd :
1471 case Bytecodes::_fsub :
1472 case Bytecodes::_fmul :
1473 case Bytecodes::_fdiv :
1474 case Bytecodes::_frem :
1475 current_frame.pop_stack(
1476 VerificationType::float_type(), CHECK_VERIFY(this));
1477 // fall through
1478 case Bytecodes::_fneg :
1479 current_frame.pop_stack(
1480 VerificationType::float_type(), CHECK_VERIFY(this));
1481 current_frame.push_stack(
1482 VerificationType::float_type(), CHECK_VERIFY(this));
1483 no_control_flow = false; break;
1484 case Bytecodes::_dadd :
1485 case Bytecodes::_dsub :
1486 case Bytecodes::_dmul :
1487 case Bytecodes::_ddiv :
1488 case Bytecodes::_drem :
1489 current_frame.pop_stack_2(
1490 VerificationType::double2_type(),
1491 VerificationType::double_type(), CHECK_VERIFY(this));
1492 // fall through
1493 case Bytecodes::_dneg :
1494 current_frame.pop_stack_2(
1495 VerificationType::double2_type(),
1496 VerificationType::double_type(), CHECK_VERIFY(this));
1497 current_frame.push_stack_2(
1498 VerificationType::double_type(),
1499 VerificationType::double2_type(), CHECK_VERIFY(this));
1500 no_control_flow = false; break;
1501 case Bytecodes::_iinc :
1502 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1503 no_control_flow = false; break;
1504 case Bytecodes::_i2l :
1505 type = current_frame.pop_stack(
1506 VerificationType::integer_type(), CHECK_VERIFY(this));
1507 current_frame.push_stack_2(
1508 VerificationType::long_type(),
1509 VerificationType::long2_type(), CHECK_VERIFY(this));
1510 no_control_flow = false; break;
1511 case Bytecodes::_l2i :
1512 current_frame.pop_stack_2(
1513 VerificationType::long2_type(),
1514 VerificationType::long_type(), CHECK_VERIFY(this));
1515 current_frame.push_stack(
1516 VerificationType::integer_type(), CHECK_VERIFY(this));
1517 no_control_flow = false; break;
1518 case Bytecodes::_i2f :
1519 current_frame.pop_stack(
1520 VerificationType::integer_type(), CHECK_VERIFY(this));
1521 current_frame.push_stack(
1522 VerificationType::float_type(), CHECK_VERIFY(this));
1523 no_control_flow = false; break;
1524 case Bytecodes::_i2d :
1525 current_frame.pop_stack(
1526 VerificationType::integer_type(), CHECK_VERIFY(this));
1527 current_frame.push_stack_2(
1528 VerificationType::double_type(),
1529 VerificationType::double2_type(), CHECK_VERIFY(this));
1530 no_control_flow = false; break;
1531 case Bytecodes::_l2f :
1532 current_frame.pop_stack_2(
1533 VerificationType::long2_type(),
1534 VerificationType::long_type(), CHECK_VERIFY(this));
1535 current_frame.push_stack(
1536 VerificationType::float_type(), CHECK_VERIFY(this));
1537 no_control_flow = false; break;
1538 case Bytecodes::_l2d :
1539 current_frame.pop_stack_2(
1540 VerificationType::long2_type(),
1541 VerificationType::long_type(), CHECK_VERIFY(this));
1542 current_frame.push_stack_2(
1543 VerificationType::double_type(),
1544 VerificationType::double2_type(), CHECK_VERIFY(this));
1545 no_control_flow = false; break;
1546 case Bytecodes::_f2i :
1547 current_frame.pop_stack(
1548 VerificationType::float_type(), CHECK_VERIFY(this));
1549 current_frame.push_stack(
1550 VerificationType::integer_type(), CHECK_VERIFY(this));
1551 no_control_flow = false; break;
1552 case Bytecodes::_f2l :
1553 current_frame.pop_stack(
1554 VerificationType::float_type(), CHECK_VERIFY(this));
1555 current_frame.push_stack_2(
1556 VerificationType::long_type(),
1557 VerificationType::long2_type(), CHECK_VERIFY(this));
1558 no_control_flow = false; break;
1559 case Bytecodes::_f2d :
1560 current_frame.pop_stack(
1561 VerificationType::float_type(), CHECK_VERIFY(this));
1562 current_frame.push_stack_2(
1563 VerificationType::double_type(),
1564 VerificationType::double2_type(), CHECK_VERIFY(this));
1565 no_control_flow = false; break;
1566 case Bytecodes::_d2i :
1567 current_frame.pop_stack_2(
1568 VerificationType::double2_type(),
1569 VerificationType::double_type(), CHECK_VERIFY(this));
1570 current_frame.push_stack(
1571 VerificationType::integer_type(), CHECK_VERIFY(this));
1572 no_control_flow = false; break;
1573 case Bytecodes::_d2l :
1574 current_frame.pop_stack_2(
1575 VerificationType::double2_type(),
1576 VerificationType::double_type(), CHECK_VERIFY(this));
1577 current_frame.push_stack_2(
1578 VerificationType::long_type(),
1579 VerificationType::long2_type(), CHECK_VERIFY(this));
1580 no_control_flow = false; break;
1581 case Bytecodes::_d2f :
1582 current_frame.pop_stack_2(
1583 VerificationType::double2_type(),
1584 VerificationType::double_type(), CHECK_VERIFY(this));
1585 current_frame.push_stack(
1586 VerificationType::float_type(), CHECK_VERIFY(this));
1587 no_control_flow = false; break;
1588 case Bytecodes::_i2b :
1589 case Bytecodes::_i2c :
1590 case Bytecodes::_i2s :
1591 current_frame.pop_stack(
1592 VerificationType::integer_type(), CHECK_VERIFY(this));
1593 current_frame.push_stack(
1594 VerificationType::integer_type(), CHECK_VERIFY(this));
1595 no_control_flow = false; break;
1596 case Bytecodes::_lcmp :
1597 current_frame.pop_stack_2(
1598 VerificationType::long2_type(),
1599 VerificationType::long_type(), CHECK_VERIFY(this));
1600 current_frame.pop_stack_2(
1601 VerificationType::long2_type(),
1602 VerificationType::long_type(), CHECK_VERIFY(this));
1603 current_frame.push_stack(
1604 VerificationType::integer_type(), CHECK_VERIFY(this));
1605 no_control_flow = false; break;
1606 case Bytecodes::_fcmpl :
1607 case Bytecodes::_fcmpg :
1608 current_frame.pop_stack(
1609 VerificationType::float_type(), CHECK_VERIFY(this));
1610 current_frame.pop_stack(
1611 VerificationType::float_type(), CHECK_VERIFY(this));
1612 current_frame.push_stack(
1613 VerificationType::integer_type(), CHECK_VERIFY(this));
1614 no_control_flow = false; break;
1615 case Bytecodes::_dcmpl :
1616 case Bytecodes::_dcmpg :
1617 current_frame.pop_stack_2(
1618 VerificationType::double2_type(),
1619 VerificationType::double_type(), CHECK_VERIFY(this));
1620 current_frame.pop_stack_2(
1621 VerificationType::double2_type(),
1622 VerificationType::double_type(), CHECK_VERIFY(this));
1623 current_frame.push_stack(
1624 VerificationType::integer_type(), CHECK_VERIFY(this));
1625 no_control_flow = false; break;
1626 case Bytecodes::_if_icmpeq:
1627 case Bytecodes::_if_icmpne:
1628 case Bytecodes::_if_icmplt:
1629 case Bytecodes::_if_icmpge:
1630 case Bytecodes::_if_icmpgt:
1631 case Bytecodes::_if_icmple:
1632 current_frame.pop_stack(
1633 VerificationType::integer_type(), CHECK_VERIFY(this));
1634 // fall through
1635 case Bytecodes::_ifeq:
1636 case Bytecodes::_ifne:
1637 case Bytecodes::_iflt:
1638 case Bytecodes::_ifge:
1639 case Bytecodes::_ifgt:
1640 case Bytecodes::_ifle:
1641 current_frame.pop_stack(
1642 VerificationType::integer_type(), CHECK_VERIFY(this));
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1645 no_control_flow = false; break;
1646 case Bytecodes::_if_acmpeq :
1647 case Bytecodes::_if_acmpne :
1648 current_frame.pop_stack(
1649 object_type(), CHECK_VERIFY(this));
1650 // fall through
1651 case Bytecodes::_ifnull :
1652 case Bytecodes::_ifnonnull :
1653 current_frame.pop_stack(
1654 object_type(), CHECK_VERIFY(this));
1655 stackmap_table.check_jump_target
1656 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1657 no_control_flow = false; break;
1658 case Bytecodes::_goto :
1659 stackmap_table.check_jump_target(
1660 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_goto_w :
1663 stackmap_table.check_jump_target(
1664 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1665 no_control_flow = true; break;
1666 case Bytecodes::_tableswitch :
1667 case Bytecodes::_lookupswitch :
1668 verify_switch(
1669 &bcs, code_length, code_data, ¤t_frame,
1670 &stackmap_table, CHECK_VERIFY(this));
1671 no_control_flow = true; break;
1672 case Bytecodes::_ireturn :
1673 type = current_frame.pop_stack(
1674 VerificationType::integer_type(), CHECK_VERIFY(this));
1675 verify_return_value(return_type, type, bci,
1676 ¤t_frame, CHECK_VERIFY(this));
1677 no_control_flow = true; break;
1678 case Bytecodes::_lreturn :
1679 type2 = current_frame.pop_stack(
1680 VerificationType::long2_type(), CHECK_VERIFY(this));
1681 type = current_frame.pop_stack(
1682 VerificationType::long_type(), CHECK_VERIFY(this));
1683 verify_return_value(return_type, type, bci,
1684 ¤t_frame, CHECK_VERIFY(this));
1685 no_control_flow = true; break;
1686 case Bytecodes::_freturn :
1687 type = current_frame.pop_stack(
1688 VerificationType::float_type(), CHECK_VERIFY(this));
1689 verify_return_value(return_type, type, bci,
1690 ¤t_frame, CHECK_VERIFY(this));
1691 no_control_flow = true; break;
1692 case Bytecodes::_dreturn :
1693 type2 = current_frame.pop_stack(
1694 VerificationType::double2_type(), CHECK_VERIFY(this));
1695 type = current_frame.pop_stack(
1696 VerificationType::double_type(), CHECK_VERIFY(this));
1697 verify_return_value(return_type, type, bci,
1698 ¤t_frame, CHECK_VERIFY(this));
1699 no_control_flow = true; break;
1700 case Bytecodes::_areturn :
1701 type = current_frame.pop_stack(
1702 VerificationType::reference_check(), CHECK_VERIFY(this));
1703 verify_return_value(return_type, type, bci,
1704 ¤t_frame, CHECK_VERIFY(this));
1705 no_control_flow = true; break;
1706 case Bytecodes::_return :
1707 if (return_type != VerificationType::bogus_type()) {
1708 verify_error(ErrorContext::bad_code(bci),
1709 "Method expects a return value");
1710 return;
1711 }
1712 // Make sure "this" has been initialized if current method is an
1713 // <init>.
1714 if (_method->is_object_constructor() &&
1715 current_frame.flag_this_uninit()) {
1716 verify_error(ErrorContext::bad_code(bci),
1717 "Constructor must call super() or this() "
1718 "before return");
1719 return;
1720 }
1721 no_control_flow = true; break;
1722 case Bytecodes::_getstatic :
1723 case Bytecodes::_putstatic :
1724 // pass TRUE, operand can be an array type for getstatic/putstatic.
1725 verify_field_instructions(
1726 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1727 no_control_flow = false; break;
1728 case Bytecodes::_getfield :
1729 case Bytecodes::_putfield :
1730 // pass FALSE, operand can't be an array type for getfield/putfield.
1731 verify_field_instructions(
1732 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_invokevirtual :
1735 case Bytecodes::_invokespecial :
1736 case Bytecodes::_invokestatic :
1737 case Bytecodes::_invokeinterface :
1738 case Bytecodes::_invokedynamic :
1739 verify_invoke_instructions(
1740 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1741 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1742 no_control_flow = false; break;
1743 case Bytecodes::_new :
1744 {
1745 u2 index = bcs.get_index_u2();
1746 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1747 VerificationType new_class_type =
1748 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1749 if (!new_class_type.is_object()) {
1750 verify_error(ErrorContext::bad_type(bci,
1751 TypeOrigin::cp(index, new_class_type)),
1752 "Illegal new instruction");
1753 return;
1754 }
1755 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1756 current_frame.push_stack(type, CHECK_VERIFY(this));
1757 no_control_flow = false; break;
1758 }
1759 case Bytecodes::_newarray :
1760 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1761 current_frame.pop_stack(
1762 VerificationType::integer_type(), CHECK_VERIFY(this));
1763 current_frame.push_stack(type, CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 case Bytecodes::_anewarray :
1766 verify_anewarray(
1767 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1768 no_control_flow = false; break;
1769 case Bytecodes::_arraylength :
1770 type = current_frame.pop_stack(
1771 VerificationType::reference_check(), CHECK_VERIFY(this));
1772 if (!(type.is_null() || type.is_array())) {
1773 verify_error(ErrorContext::bad_type(
1774 bci, current_frame.stack_top_ctx()),
1775 bad_type_msg, "arraylength");
1776 }
1777 current_frame.push_stack(
1778 VerificationType::integer_type(), CHECK_VERIFY(this));
1779 no_control_flow = false; break;
1780 case Bytecodes::_checkcast :
1781 {
1782 u2 index = bcs.get_index_u2();
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1785 VerificationType klass_type = cp_index_to_type(
1786 index, cp, CHECK_VERIFY(this));
1787 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1788 no_control_flow = false; break;
1789 }
1790 case Bytecodes::_instanceof : {
1791 u2 index = bcs.get_index_u2();
1792 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1793 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1794 current_frame.push_stack(
1795 VerificationType::integer_type(), CHECK_VERIFY(this));
1796 no_control_flow = false; break;
1797 }
1798 case Bytecodes::_monitorenter :
1799 case Bytecodes::_monitorexit : {
1800 VerificationType ref = current_frame.pop_stack(
1801 VerificationType::reference_check(), CHECK_VERIFY(this));
1802 no_control_flow = false; break;
1803 }
1804 case Bytecodes::_multianewarray :
1805 {
1806 u2 index = bcs.get_index_u2();
1807 u2 dim = *(bcs.bcp()+3);
1808 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1809 VerificationType new_array_type =
1810 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1811 if (!new_array_type.is_array()) {
1812 verify_error(ErrorContext::bad_type(bci,
1813 TypeOrigin::cp(index, new_array_type)),
1814 "Illegal constant pool index in multianewarray instruction");
1815 return;
1816 }
1817 if (dim < 1 || new_array_type.dimensions() < dim) {
1818 verify_error(ErrorContext::bad_code(bci),
1819 "Illegal dimension in multianewarray instruction: %d", dim);
1820 return;
1821 }
1822 for (int i = 0; i < dim; i++) {
1823 current_frame.pop_stack(
1824 VerificationType::integer_type(), CHECK_VERIFY(this));
1825 }
1826 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1827 no_control_flow = false; break;
1828 }
1829 case Bytecodes::_athrow :
1830 type = VerificationType::reference_type(
1831 vmSymbols::java_lang_Throwable());
1832 current_frame.pop_stack(type, CHECK_VERIFY(this));
1833 no_control_flow = true; break;
1834 default:
1835 // We only need to check the valid bytecodes in class file.
1836 // And jsr and ret are not in the new class file format in JDK1.6.
1837 verify_error(ErrorContext::bad_code(bci),
1838 "Bad instruction: %02x", opcode);
1839 no_control_flow = false;
1840 return;
1841 } // end switch
1842 } // end Merge with the next instruction
1843
1844 // Look for possible jump target in exception handlers and see if it matches
1845 // current_frame. Don't do this check if it has already been done (for
1846 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1847 // opcodes, such as invokespecial, may set the this_uninit flag.
1848 assert(!(verified_exc_handlers && this_uninit),
1849 "Exception handler targets got verified before this_uninit got set");
1850 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1851 if (was_recursively_verified()) return;
1852 verify_exception_handler_targets(
1853 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1854 }
1855 } // end while
1856
1857 // Make sure that control flow does not fall through end of the method
1858 if (!no_control_flow) {
1859 verify_error(ErrorContext::bad_code(code_length),
1860 "Control flow falls through code end");
1861 return;
1862 }
1863 }
1864
1865 #undef bad_type_message
1866
1867 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1868 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1869 memset(code_data, 0, sizeof(char) * code_length);
1870 RawBytecodeStream bcs(m);
1871
1872 while (!bcs.is_last_bytecode()) {
1873 if (bcs.raw_next() != Bytecodes::_illegal) {
1874 int bci = bcs.bci();
1875 if (bcs.raw_code() == Bytecodes::_new) {
1876 code_data[bci] = NEW_OFFSET;
1877 } else {
1878 code_data[bci] = BYTECODE_OFFSET;
1879 }
1880 } else {
1881 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1882 return nullptr;
1883 }
1884 }
1885
1886 return code_data;
1887 }
1888
1889 // Since this method references the constant pool, call was_recursively_verified()
1890 // before calling this method to make sure a prior class load did not cause the
1891 // current class to get verified.
1892 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1893 ExceptionTable exhandlers(_method());
1894 int exlength = exhandlers.length();
1895 constantPoolHandle cp (THREAD, _method->constants());
1896
1897 for(int i = 0; i < exlength; i++) {
1898 u2 start_pc = exhandlers.start_pc(i);
1899 u2 end_pc = exhandlers.end_pc(i);
1900 u2 handler_pc = exhandlers.handler_pc(i);
1901 if (start_pc >= code_length || code_data[start_pc] == 0) {
1902 class_format_error("Illegal exception table start_pc %d", start_pc);
1903 return;
1904 }
1905 if (end_pc != code_length) { // special case: end_pc == code_length
1906 if (end_pc > code_length || code_data[end_pc] == 0) {
1907 class_format_error("Illegal exception table end_pc %d", end_pc);
1908 return;
1909 }
1910 }
1911 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1912 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1913 return;
1914 }
1915 u2 catch_type_index = exhandlers.catch_type_index(i);
1916 if (catch_type_index != 0) {
1917 VerificationType catch_type = cp_index_to_type(
1918 catch_type_index, cp, CHECK_VERIFY(this));
1919 VerificationType throwable =
1920 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1921 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1922 // do that, and we need to avoid a runtime resolution in case we are trying to
1923 // catch OutOfMemoryError.
1924 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1925 cp->klass_at(catch_type_index, CHECK);
1926 }
1927 bool is_subclass = throwable.is_assignable_from(
1928 catch_type, this, false, CHECK_VERIFY(this));
1929 if (!is_subclass) {
1930 // 4286534: should throw VerifyError according to recent spec change
1931 verify_error(ErrorContext::bad_type(handler_pc,
1932 TypeOrigin::cp(catch_type_index, catch_type),
1933 TypeOrigin::implicit(throwable)),
1934 "Catch type is not a subclass "
1935 "of Throwable in exception handler %d", handler_pc);
1936 return;
1937 }
1938 }
1939 if (start_pc < min) min = start_pc;
1940 if (end_pc > max) max = end_pc;
1941 }
1942 }
1943
1944 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1945 int localvariable_table_length = _method->localvariable_table_length();
1946 if (localvariable_table_length > 0) {
1947 LocalVariableTableElement* table = _method->localvariable_table_start();
1948 for (int i = 0; i < localvariable_table_length; i++) {
1949 u2 start_bci = table[i].start_bci;
1950 u2 length = table[i].length;
1951
1952 if (start_bci >= code_length || code_data[start_bci] == 0) {
1953 class_format_error(
1954 "Illegal local variable table start_pc %d", start_bci);
1955 return;
1956 }
1957 u4 end_bci = (u4)(start_bci + length);
1958 if (end_bci != code_length) {
1959 if (end_bci >= code_length || code_data[end_bci] == 0) {
1960 class_format_error( "Illegal local variable table length %d", length);
1961 return;
1962 }
1963 }
1964 }
1965 }
1966 }
1967
1968 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1969 StackMapFrame* current_frame,
1970 StackMapTable* stackmap_table,
1971 bool no_control_flow, TRAPS) {
1972 if (stackmap_index < stackmap_table->get_frame_count()) {
1973 int this_offset = stackmap_table->get_offset(stackmap_index);
1974 if (no_control_flow && this_offset > bci) {
1975 verify_error(ErrorContext::missing_stackmap(bci),
1976 "Expecting a stack map frame");
1977 return 0;
1978 }
1979 if (this_offset == bci) {
1980 ErrorContext ctx;
1981 // See if current stack map can be assigned to the frame in table.
1982 // current_frame is the stackmap frame got from the last instruction.
1983 // If matched, current_frame will be updated by this method.
1984 bool matches = stackmap_table->match_stackmap(
1985 current_frame, this_offset, stackmap_index,
1986 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1987 if (!matches) {
1988 // report type error
1989 verify_error(ctx, "Instruction type does not match stack map");
1990 return 0;
1991 }
1992 stackmap_index++;
1993 } else if (this_offset < bci) {
1994 // current_offset should have met this_offset.
1995 class_format_error("Bad stack map offset %d", this_offset);
1996 return 0;
1997 }
1998 } else if (no_control_flow) {
1999 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2000 return 0;
2001 }
2002 return stackmap_index;
2003 }
2004
2005 // Since this method references the constant pool, call was_recursively_verified()
2006 // before calling this method to make sure a prior class load did not cause the
2007 // current class to get verified.
2008 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
2009 StackMapFrame* current_frame,
2010 StackMapTable* stackmap_table, TRAPS) {
2011 constantPoolHandle cp (THREAD, _method->constants());
2012 ExceptionTable exhandlers(_method());
2013 int exlength = exhandlers.length();
2014 for(int i = 0; i < exlength; i++) {
2015 u2 start_pc = exhandlers.start_pc(i);
2016 u2 end_pc = exhandlers.end_pc(i);
2017 u2 handler_pc = exhandlers.handler_pc(i);
2018 int catch_type_index = exhandlers.catch_type_index(i);
2019 if(bci >= start_pc && bci < end_pc) {
2020 u1 flags = current_frame->flags();
2021 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2022 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2023 if (catch_type_index != 0) {
2024 if (was_recursively_verified()) return;
2025 // We know that this index refers to a subclass of Throwable
2026 VerificationType catch_type = cp_index_to_type(
2027 catch_type_index, cp, CHECK_VERIFY(this));
2028 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2029 } else {
2030 VerificationType throwable =
2031 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2032 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2033 }
2034 ErrorContext ctx;
2035 bool matches = stackmap_table->match_stackmap(
2036 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2037 if (!matches) {
2038 verify_error(ctx, "Stack map does not match the one at "
2039 "exception handler %d", handler_pc);
2040 return;
2041 }
2042 }
2043 }
2044 }
2045
2046 void ClassVerifier::verify_cp_index(
2047 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2048 int nconstants = cp->length();
2049 if ((index <= 0) || (index >= nconstants)) {
2050 verify_error(ErrorContext::bad_cp_index(bci, index),
2051 "Illegal constant pool index %d in class %s",
2052 index, cp->pool_holder()->external_name());
2053 return;
2054 }
2055 }
2056
2057 void ClassVerifier::verify_cp_type(
2058 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2059
2060 // In some situations, bytecode rewriting may occur while we're verifying.
2061 // In this case, a constant pool cache exists and some indices refer to that
2062 // instead. Be sure we don't pick up such indices by accident.
2063 // We must check was_recursively_verified() before we get here.
2064 guarantee(cp->cache() == nullptr, "not rewritten yet");
2065
2066 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2067 unsigned int tag = cp->tag_at(index).value();
2068 // tags up to JVM_CONSTANT_ExternalMax are verifiable and valid for shift op
2069 if (tag > JVM_CONSTANT_ExternalMax || (types & (1 << tag)) == 0) {
2070 verify_error(ErrorContext::bad_cp_index(bci, index),
2071 "Illegal type at constant pool entry %d in class %s",
2072 index, cp->pool_holder()->external_name());
2073 return;
2074 }
2075 }
2076
2077 void ClassVerifier::verify_cp_class_type(
2078 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2079 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2080 constantTag tag = cp->tag_at(index);
2081 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2082 verify_error(ErrorContext::bad_cp_index(bci, index),
2083 "Illegal type at constant pool entry %d in class %s",
2084 index, cp->pool_holder()->external_name());
2085 return;
2086 }
2087 }
2088
2089 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2090 stringStream ss;
2091
2092 ctx.reset_frames();
2093 _exception_type = vmSymbols::java_lang_VerifyError();
2094 _error_context = ctx;
2095 va_list va;
2096 va_start(va, msg);
2097 ss.vprint(msg, va);
2098 va_end(va);
2099 _message = ss.as_string();
2100 #ifdef ASSERT
2101 ResourceMark rm;
2102 const char* exception_name = _exception_type->as_C_string();
2103 Exceptions::debug_check_abort(exception_name, nullptr);
2104 #endif // ndef ASSERT
2105 }
2106
2107 void ClassVerifier::class_format_error(const char* msg, ...) {
2108 stringStream ss;
2109 _exception_type = vmSymbols::java_lang_ClassFormatError();
2110 va_list va;
2111 va_start(va, msg);
2112 ss.vprint(msg, va);
2113 va_end(va);
2114 if (!_method.is_null()) {
2115 ss.print(" in method '");
2116 _method->print_external_name(&ss);
2117 ss.print("'");
2118 }
2119 _message = ss.as_string();
2120 }
2121
2122 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2123 HandleMark hm(THREAD);
2124 // Get current loader first.
2125 oop loader = current_class()->class_loader();
2126
2127 assert(name_in_supers(name, current_class()), "name should be a super class");
2128
2129 Klass* kls = SystemDictionary::resolve_or_fail(
2130 name, Handle(THREAD, loader), true, THREAD);
2131
2132 if (kls != nullptr) {
2133 if (log_is_enabled(Debug, class, resolve)) {
2134 Verifier::trace_class_resolution(kls, current_class());
2135 }
2136 }
2137 return kls;
2138 }
2139
2140 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2141 Klass* target_class,
2142 Symbol* field_name,
2143 Symbol* field_sig,
2144 bool is_method) {
2145 NoSafepointVerifier nosafepoint;
2146
2147 // If target class isn't a super class of this class, we don't worry about this case
2148 if (!this_class->is_subclass_of(target_class)) {
2149 return false;
2150 }
2151 // Check if the specified method or field is protected
2152 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2153 fieldDescriptor fd;
2154 if (is_method) {
2155 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2156 if (m != nullptr && m->is_protected()) {
2157 if (!this_class->is_same_class_package(m->method_holder())) {
2158 return true;
2159 }
2160 }
2161 } else {
2162 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2163 if (member_klass != nullptr && fd.is_protected()) {
2164 if (!this_class->is_same_class_package(member_klass)) {
2165 return true;
2166 }
2167 }
2168 }
2169 return false;
2170 }
2171
2172 void ClassVerifier::verify_ldc(
2173 int opcode, u2 index, StackMapFrame* current_frame,
2174 const constantPoolHandle& cp, int bci, TRAPS) {
2175 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2176 constantTag tag = cp->tag_at(index);
2177 unsigned int types = 0;
2178 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2179 if (!tag.is_unresolved_klass()) {
2180 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2181 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2182 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2183 | (1 << JVM_CONSTANT_Dynamic);
2184 // Note: The class file parser already verified the legality of
2185 // MethodHandle and MethodType constants.
2186 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2187 }
2188 } else {
2189 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2190 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2191 | (1 << JVM_CONSTANT_Dynamic);
2192 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2193 }
2194 if (tag.is_string()) {
2195 current_frame->push_stack(
2196 VerificationType::reference_type(
2197 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2198 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2199 current_frame->push_stack(
2200 VerificationType::reference_type(
2201 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2202 } else if (tag.is_int()) {
2203 current_frame->push_stack(
2204 VerificationType::integer_type(), CHECK_VERIFY(this));
2205 } else if (tag.is_float()) {
2206 current_frame->push_stack(
2207 VerificationType::float_type(), CHECK_VERIFY(this));
2208 } else if (tag.is_double()) {
2209 current_frame->push_stack_2(
2210 VerificationType::double_type(),
2211 VerificationType::double2_type(), CHECK_VERIFY(this));
2212 } else if (tag.is_long()) {
2213 current_frame->push_stack_2(
2214 VerificationType::long_type(),
2215 VerificationType::long2_type(), CHECK_VERIFY(this));
2216 } else if (tag.is_method_handle()) {
2217 current_frame->push_stack(
2218 VerificationType::reference_type(
2219 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2220 } else if (tag.is_method_type()) {
2221 current_frame->push_stack(
2222 VerificationType::reference_type(
2223 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2224 } else if (tag.is_dynamic_constant()) {
2225 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2226 // Field signature was checked in ClassFileParser.
2227 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2228 "Invalid type for dynamic constant");
2229 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2230 "buffer type must match VerificationType size");
2231 uintptr_t constant_type_buffer[2];
2232 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2233 SignatureStream sig_stream(constant_type, false);
2234 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2235 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2236 if (n != opcode_n) {
2237 // wrong kind of ldc; reverify against updated type mask
2238 types &= ~(1 << JVM_CONSTANT_Dynamic);
2239 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2240 }
2241 for (int i = 0; i < n; i++) {
2242 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2243 }
2244 } else {
2245 /* Unreachable? verify_cp_type has already validated the cp type. */
2246 verify_error(
2247 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2248 return;
2249 }
2250 }
2251
2252 void ClassVerifier::verify_switch(
2253 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2254 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2255 int bci = bcs->bci();
2256 address bcp = bcs->bcp();
2257 address aligned_bcp = align_up(bcp + 1, jintSize);
2258
2259 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2260 // 4639449 & 4647081: padding bytes must be 0
2261 u2 padding_offset = 1;
2262 while ((bcp + padding_offset) < aligned_bcp) {
2263 if(*(bcp + padding_offset) != 0) {
2264 verify_error(ErrorContext::bad_code(bci),
2265 "Nonzero padding byte in lookupswitch or tableswitch");
2266 return;
2267 }
2268 padding_offset++;
2269 }
2270 }
2271
2272 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2273 int keys, delta;
2274 current_frame->pop_stack(
2275 VerificationType::integer_type(), CHECK_VERIFY(this));
2276 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2277 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2278 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2279 if (low > high) {
2280 verify_error(ErrorContext::bad_code(bci),
2281 "low must be less than or equal to high in tableswitch");
2282 return;
2283 }
2284 int64_t keys64 = ((int64_t)high - low) + 1;
2285 if (keys64 > 65535) { // Max code length
2286 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2287 return;
2288 }
2289 keys = (int)keys64;
2290 delta = 1;
2291 } else {
2292 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2293 if (keys < 0) {
2294 verify_error(ErrorContext::bad_code(bci),
2295 "number of keys in lookupswitch less than 0");
2296 return;
2297 }
2298 delta = 2;
2299 // Make sure that the lookupswitch items are sorted
2300 for (int i = 0; i < (keys - 1); i++) {
2301 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2302 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2303 if (this_key >= next_key) {
2304 verify_error(ErrorContext::bad_code(bci),
2305 "Bad lookupswitch instruction");
2306 return;
2307 }
2308 }
2309 }
2310 stackmap_table->check_jump_target(current_frame, bci, default_offset, CHECK_VERIFY(this));
2311 for (int i = 0; i < keys; i++) {
2312 // Because check_jump_target() may safepoint, the bytecode could have
2313 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2314 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2315 int offset = (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2316 stackmap_table->check_jump_target(
2317 current_frame, bci, offset, CHECK_VERIFY(this));
2318 }
2319 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2320 }
2321
2322 bool ClassVerifier::name_in_supers(
2323 Symbol* ref_name, InstanceKlass* current) {
2324 Klass* super = current->super();
2325 while (super != nullptr) {
2326 if (super->name() == ref_name) {
2327 return true;
2328 }
2329 super = super->super();
2330 }
2331 return false;
2332 }
2333
2334 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2335 StackMapFrame* current_frame,
2336 const constantPoolHandle& cp,
2337 bool allow_arrays,
2338 TRAPS) {
2339 u2 index = bcs->get_index_u2();
2340 verify_cp_type(bcs->bci(), index, cp,
2341 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2342
2343 // Get field name and signature
2344 Symbol* field_name = cp->uncached_name_ref_at(index);
2345 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2346 bool is_getfield = false;
2347
2348 // Field signature was checked in ClassFileParser.
2349 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2350 "Invalid field signature");
2351
2352 // Get referenced class type
2353 VerificationType ref_class_type = cp_ref_index_to_type(
2354 index, cp, CHECK_VERIFY(this));
2355 if (!ref_class_type.is_object() &&
2356 (!allow_arrays || !ref_class_type.is_array())) {
2357 verify_error(ErrorContext::bad_type(bcs->bci(),
2358 TypeOrigin::cp(index, ref_class_type)),
2359 "Expecting reference to class in class %s at constant pool index %d",
2360 _klass->external_name(), index);
2361 return;
2362 }
2363
2364 VerificationType target_class_type = ref_class_type;
2365
2366 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2367 "buffer type must match VerificationType size");
2368 uintptr_t field_type_buffer[2];
2369 VerificationType* field_type = (VerificationType*)field_type_buffer;
2370 // If we make a VerificationType[2] array directly, the compiler calls
2371 // to the c-runtime library to do the allocation instead of just
2372 // stack allocating it. Plus it would run constructors. This shows up
2373 // in performance profiles.
2374
2375 SignatureStream sig_stream(field_sig, false);
2376 VerificationType stack_object_type;
2377 int n = change_sig_to_verificationType(&sig_stream, field_type);
2378 int bci = bcs->bci();
2379 bool is_assignable;
2380 switch (bcs->raw_code()) {
2381 case Bytecodes::_getstatic: {
2382 for (int i = 0; i < n; i++) {
2383 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2384 }
2385 break;
2386 }
2387 case Bytecodes::_putstatic: {
2388 for (int i = n - 1; i >= 0; i--) {
2389 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2390 }
2391 break;
2392 }
2393 case Bytecodes::_getfield: {
2394 is_getfield = true;
2395 stack_object_type = current_frame->pop_stack(
2396 target_class_type, CHECK_VERIFY(this));
2397 goto check_protected;
2398 }
2399 case Bytecodes::_putfield: {
2400 for (int i = n - 1; i >= 0; i--) {
2401 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2402 }
2403 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2404
2405 // Field initialization is allowed before the superclass
2406 // initializer, if the field is defined within the current class.
2407 fieldDescriptor fd;
2408 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2409 target_class_type.equals(current_type());
2410 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2411 if (is_local_field) {
2412 // Set the type to the current type so the is_assignable check passes.
2413 stack_object_type = current_type();
2414
2415 if (fd.access_flags().is_strict()) {
2416 ResourceMark rm(THREAD);
2417 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2418 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2419 fd.name()->as_C_string(), fd.signature()->as_C_string());
2420 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2421 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2422 }
2423 }
2424 }
2425 } else if (supports_strict_fields(_klass)) {
2426 // `strict` fields are not writable, but only local fields produce verification errors
2427 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2428 verify_error(ErrorContext::bad_code(bci),
2429 "Illegal use of putfield on a strict field");
2430 return;
2431 }
2432 }
2433 is_assignable = target_class_type.is_assignable_from(
2434 stack_object_type, this, false, CHECK_VERIFY(this));
2435 if (!is_assignable) {
2436 verify_error(ErrorContext::bad_type(bci,
2437 current_frame->stack_top_ctx(),
2438 TypeOrigin::cp(index, target_class_type)),
2439 "Bad type on operand stack in putfield");
2440 return;
2441 }
2442 }
2443 check_protected: {
2444 if (_this_type == stack_object_type)
2445 break; // stack_object_type must be assignable to _current_class_type
2446 if (was_recursively_verified()) {
2447 if (is_getfield) {
2448 // Push field type for getfield.
2449 for (int i = 0; i < n; i++) {
2450 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2451 }
2452 }
2453 return;
2454 }
2455 Symbol* ref_class_name =
2456 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2457 if (!name_in_supers(ref_class_name, current_class()))
2458 // stack_object_type must be assignable to _current_class_type since:
2459 // 1. stack_object_type must be assignable to ref_class.
2460 // 2. ref_class must be _current_class or a subclass of it. It can't
2461 // be a superclass of it. See revised JVMS 5.4.4.
2462 break;
2463
2464 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2465 if (is_protected_access(current_class(), ref_class_oop, field_name,
2466 field_sig, false)) {
2467 // It's protected access, check if stack object is assignable to
2468 // current class.
2469 is_assignable = current_type().is_assignable_from(
2470 stack_object_type, this, true, CHECK_VERIFY(this));
2471 if (!is_assignable) {
2472 verify_error(ErrorContext::bad_type(bci,
2473 current_frame->stack_top_ctx(),
2474 TypeOrigin::implicit(current_type())),
2475 "Bad access to protected data in %s",
2476 is_getfield ? "getfield" : "putfield");
2477 return;
2478 }
2479 }
2480 break;
2481 }
2482 default: ShouldNotReachHere();
2483 }
2484 if (is_getfield) {
2485 // Push field type for getfield after doing protection check.
2486 for (int i = 0; i < n; i++) {
2487 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2488 }
2489 }
2490 }
2491
2492 void ClassVerifier::verify_invoke_init(
2493 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2494 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2495 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2496 TRAPS) {
2497 int bci = bcs->bci();
2498 VerificationType type = current_frame->pop_stack(
2499 VerificationType::reference_check(), CHECK_VERIFY(this));
2500 if (type == VerificationType::uninitialized_this_type()) {
2501 // The method must be an <init> method of this class or its superclass
2502 Klass* superk = current_class()->super();
2503 if (ref_class_type.name() != current_class()->name() &&
2504 ref_class_type.name() != superk->name()) {
2505 verify_error(ErrorContext::bad_type(bci,
2506 TypeOrigin::implicit(ref_class_type),
2507 TypeOrigin::implicit(current_type())),
2508 "Bad <init> method call");
2509 return;
2510 } else if (ref_class_type.name() == superk->name()) {
2511 // Strict final fields must be satisfied by this point
2512 if (!current_frame->verify_unset_fields_satisfied()) {
2513 log_info(verification)("Strict instance fields not initialized");
2514 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2515 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2516 }
2517 }
2518
2519 // If this invokespecial call is done from inside of a TRY block then make
2520 // sure that all catch clause paths end in a throw. Otherwise, this can
2521 // result in returning an incomplete object.
2522 if (in_try_block) {
2523 // Check the exception handler target stackmaps with the locals from the
2524 // incoming stackmap (before initialize_object() changes them to outgoing
2525 // state).
2526 if (was_recursively_verified()) return;
2527 verify_exception_handler_targets(bci, true, current_frame,
2528 stackmap_table, CHECK_VERIFY(this));
2529 } // in_try_block
2530
2531 current_frame->initialize_object(type, current_type());
2532 *this_uninit = true;
2533 } else if (type.is_uninitialized()) {
2534 u2 new_offset = type.bci();
2535 address new_bcp = bcs->bcp() - bci + new_offset;
2536 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2537 /* Unreachable? Stack map parsing ensures valid type and new
2538 * instructions have a valid BCI. */
2539 verify_error(ErrorContext::bad_code(new_offset),
2540 "Expecting new instruction");
2541 return;
2542 }
2543 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2544 if (was_recursively_verified()) return;
2545 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2546
2547 // The method must be an <init> method of the indicated class
2548 VerificationType new_class_type = cp_index_to_type(
2549 new_class_index, cp, CHECK_VERIFY(this));
2550 if (!new_class_type.equals(ref_class_type)) {
2551 verify_error(ErrorContext::bad_type(bci,
2552 TypeOrigin::cp(new_class_index, new_class_type),
2553 TypeOrigin::cp(ref_class_index, ref_class_type)),
2554 "Call to wrong <init> method");
2555 return;
2556 }
2557 // According to the VM spec, if the referent class is a superclass of the
2558 // current class, and is in a different runtime package, and the method is
2559 // protected, then the objectref must be the current class or a subclass
2560 // of the current class.
2561 VerificationType objectref_type = new_class_type;
2562 if (name_in_supers(ref_class_type.name(), current_class())) {
2563 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2564 if (was_recursively_verified()) return;
2565 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2566 vmSymbols::object_initializer_name(),
2567 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2568 Klass::OverpassLookupMode::find);
2569 // Do nothing if method is not found. Let resolution detect the error.
2570 if (m != nullptr) {
2571 InstanceKlass* mh = m->method_holder();
2572 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2573 bool assignable = current_type().is_assignable_from(
2574 objectref_type, this, true, CHECK_VERIFY(this));
2575 if (!assignable) {
2576 verify_error(ErrorContext::bad_type(bci,
2577 TypeOrigin::cp(new_class_index, objectref_type),
2578 TypeOrigin::implicit(current_type())),
2579 "Bad access to protected <init> method");
2580 return;
2581 }
2582 }
2583 }
2584 }
2585 // Check the exception handler target stackmaps with the locals from the
2586 // incoming stackmap (before initialize_object() changes them to outgoing
2587 // state).
2588 if (in_try_block) {
2589 if (was_recursively_verified()) return;
2590 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2591 stackmap_table, CHECK_VERIFY(this));
2592 }
2593 current_frame->initialize_object(type, new_class_type);
2594 } else {
2595 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2596 "Bad operand type when invoking <init>");
2597 return;
2598 }
2599 }
2600
2601 bool ClassVerifier::is_same_or_direct_interface(
2602 InstanceKlass* klass,
2603 VerificationType klass_type,
2604 VerificationType ref_class_type) {
2605 if (ref_class_type.equals(klass_type)) return true;
2606 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2607 if (local_interfaces != nullptr) {
2608 for (int x = 0; x < local_interfaces->length(); x++) {
2609 InstanceKlass* k = local_interfaces->at(x);
2610 assert (k != nullptr && k->is_interface(), "invalid interface");
2611 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2612 return true;
2613 }
2614 }
2615 }
2616 return false;
2617 }
2618
2619 void ClassVerifier::verify_invoke_instructions(
2620 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2621 bool in_try_block, bool *this_uninit,
2622 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2623 // Make sure the constant pool item is the right type
2624 u2 index = bcs->get_index_u2();
2625 Bytecodes::Code opcode = bcs->raw_code();
2626 unsigned int types = 0;
2627 switch (opcode) {
2628 case Bytecodes::_invokeinterface:
2629 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2630 break;
2631 case Bytecodes::_invokedynamic:
2632 types = 1 << JVM_CONSTANT_InvokeDynamic;
2633 break;
2634 case Bytecodes::_invokespecial:
2635 case Bytecodes::_invokestatic:
2636 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2637 (1 << JVM_CONSTANT_Methodref) :
2638 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2639 break;
2640 default:
2641 types = 1 << JVM_CONSTANT_Methodref;
2642 }
2643 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2644
2645 // Get method name and signature
2646 Symbol* method_name = cp->uncached_name_ref_at(index);
2647 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2648
2649 // Method signature was checked in ClassFileParser.
2650 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2651 "Invalid method signature");
2652
2653 // Get referenced class
2654 VerificationType ref_class_type;
2655 if (opcode == Bytecodes::_invokedynamic) {
2656 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2657 class_format_error(
2658 "invokedynamic instructions not supported by this class file version (%d), class %s",
2659 _klass->major_version(), _klass->external_name());
2660 return;
2661 }
2662 } else {
2663 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2664 }
2665
2666 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2667 "buffer type must match VerificationType size");
2668
2669 // Get the UTF8 index for this signature.
2670 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2671
2672 // Get the signature's verification types.
2673 sig_as_verification_types* mth_sig_verif_types;
2674 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2675 if (mth_sig_verif_types_ptr != nullptr) {
2676 // Found the entry for the signature's verification types in the hash table.
2677 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2678 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2679 } else {
2680 // Not found, add the entry to the table.
2681 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2682 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2683 create_method_sig_entry(mth_sig_verif_types, sig_index);
2684 }
2685
2686 // Get the number of arguments for this signature.
2687 int nargs = mth_sig_verif_types->num_args();
2688
2689 // Check instruction operands
2690 int bci = bcs->bci();
2691 if (opcode == Bytecodes::_invokeinterface) {
2692 address bcp = bcs->bcp();
2693 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2694 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2695 // the difference between the size of the operand stack before and after the instruction
2696 // executes.
2697 if (*(bcp+3) != (nargs+1)) {
2698 verify_error(ErrorContext::bad_code(bci),
2699 "Inconsistent args count operand in invokeinterface");
2700 return;
2701 }
2702 if (*(bcp+4) != 0) {
2703 verify_error(ErrorContext::bad_code(bci),
2704 "Fourth operand byte of invokeinterface must be zero");
2705 return;
2706 }
2707 }
2708
2709 if (opcode == Bytecodes::_invokedynamic) {
2710 address bcp = bcs->bcp();
2711 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2712 verify_error(ErrorContext::bad_code(bci),
2713 "Third and fourth operand bytes of invokedynamic must be zero");
2714 return;
2715 }
2716 }
2717
2718 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2719 // Make sure:
2720 // <init> can only be invoked by invokespecial.
2721 if (opcode != Bytecodes::_invokespecial ||
2722 method_name != vmSymbols::object_initializer_name()) {
2723 verify_error(ErrorContext::bad_code(bci),
2724 "Illegal call to internal method");
2725 return;
2726 }
2727 }
2728 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2729 // or any superclass (including Object).
2730 else if (opcode == Bytecodes::_invokespecial
2731 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2732 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { // super() can never be an inline_type.
2733
2734 // We know it is not current class, direct superinterface or immediate superclass. That means it
2735 // could be:
2736 // - a totally unrelated class or interface
2737 // - an indirect superinterface
2738 // - an indirect superclass (including Object)
2739 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2740 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2741 // implemented as assignability treats all interfaces as Object.
2742
2743 bool is_interface = false; // This can only be set true if the assignability check will return true
2744 // and we loaded the class. For any other "true" returns (e.g. same class
2745 // or Object) we either can't get here (same class already excluded above)
2746 // or we know it is not an interface (i.e. Object).
2747 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2748 &is_interface, CHECK_VERIFY(this));
2749 if (!subtype) { // Totally unrelated class
2750 verify_error(ErrorContext::bad_code(bci),
2751 "Bad invokespecial instruction: "
2752 "current class isn't assignable to reference class.");
2753 return;
2754 } else {
2755 // Indirect superclass (including Object), indirect interface, or unrelated interface.
2756 // Any interface use is an error.
2757 if (is_interface) {
2758 verify_error(ErrorContext::bad_code(bci),
2759 "Bad invokespecial instruction: "
2760 "interface method to invoke is not in a direct superinterface.");
2761 return;
2762 }
2763 }
2764 }
2765
2766 // Get the verification types for the method's arguments.
2767 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2768 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2769 // Match method descriptor with operand stack
2770 // The arguments are on the stack in descending order.
2771 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2772 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2773 }
2774
2775 // Check objectref on operand stack
2776 if (opcode != Bytecodes::_invokestatic &&
2777 opcode != Bytecodes::_invokedynamic) {
2778 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2779 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2780 code_length, in_try_block, this_uninit, cp, stackmap_table,
2781 CHECK_VERIFY(this));
2782 if (was_recursively_verified()) return;
2783 } else { // other methods
2784 // Ensures that target class is assignable to method class.
2785 if (opcode == Bytecodes::_invokespecial) {
2786 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2787 } else if (opcode == Bytecodes::_invokevirtual) {
2788 VerificationType stack_object_type =
2789 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2790 if (current_type() != stack_object_type) {
2791 if (was_recursively_verified()) return;
2792 assert(cp->cache() == nullptr, "not rewritten yet");
2793 Symbol* ref_class_name =
2794 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2795 // See the comments in verify_field_instructions() for
2796 // the rationale behind this.
2797 if (name_in_supers(ref_class_name, current_class())) {
2798 Klass* ref_class = load_class(ref_class_name, CHECK);
2799 if (is_protected_access(
2800 _klass, ref_class, method_name, method_sig, true)) {
2801 // It's protected access, check if stack object is
2802 // assignable to current class.
2803 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2804 && stack_object_type.is_array()
2805 && method_name == vmSymbols::clone_name()) {
2806 // Special case: arrays pretend to implement public Object
2807 // clone().
2808 } else {
2809 bool is_assignable = current_type().is_assignable_from(
2810 stack_object_type, this, true, CHECK_VERIFY(this));
2811 if (!is_assignable) {
2812 verify_error(ErrorContext::bad_type(bci,
2813 current_frame->stack_top_ctx(),
2814 TypeOrigin::implicit(current_type())),
2815 "Bad access to protected data in invokevirtual");
2816 return;
2817 }
2818 }
2819 }
2820 }
2821 }
2822 } else {
2823 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2824 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2825 }
2826 }
2827 }
2828 // Push the result type.
2829 int sig_verif_types_len = sig_verif_types->length();
2830 if (sig_verif_types_len > nargs) { // There's a return type
2831 if (method_name == vmSymbols::object_initializer_name()) {
2832 // an <init> method must have a void return type
2833 verify_error(ErrorContext::bad_code(bci),
2834 "Return type must be void in <init> method");
2835 return;
2836 }
2837
2838 assert(sig_verif_types_len <= nargs + 2,
2839 "Signature verification types array return type is bogus");
2840 for (int i = nargs; i < sig_verif_types_len; i++) {
2841 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2842 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2843 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2844 }
2845 }
2846 }
2847
2848 VerificationType ClassVerifier::get_newarray_type(
2849 u2 index, int bci, TRAPS) {
2850 const char* from_bt[] = {
2851 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2852 };
2853 if (index < T_BOOLEAN || index > T_LONG) {
2854 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2855 return VerificationType::bogus_type();
2856 }
2857
2858 // from_bt[index] contains the array signature which has a length of 2
2859 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2860 return VerificationType::reference_type(sig);
2861 }
2862
2863 void ClassVerifier::verify_anewarray(
2864 int bci, u2 index, const constantPoolHandle& cp,
2865 StackMapFrame* current_frame, TRAPS) {
2866 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
2867 current_frame->pop_stack(
2868 VerificationType::integer_type(), CHECK_VERIFY(this));
2869
2870 if (was_recursively_verified()) return;
2871 VerificationType component_type =
2872 cp_index_to_type(index, cp, CHECK_VERIFY(this));
2873 int length;
2874 char* arr_sig_str;
2875 if (component_type.is_array()) { // it's an array
2876 const char* component_name = component_type.name()->as_utf8();
2877 // Check for more than MAX_ARRAY_DIMENSIONS
2878 length = (int)strlen(component_name);
2879 if (length > MAX_ARRAY_DIMENSIONS &&
2880 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
2881 verify_error(ErrorContext::bad_code(bci),
2882 "Illegal anewarray instruction, array has more than 255 dimensions");
2883 }
2884 // add one dimension to component
2885 length++;
2886 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2887 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
2888 JVM_SIGNATURE_ARRAY, component_name);
2889 assert(n == length, "Unexpected number of characters in string");
2890 } else { // it's an object or interface
2891 const char* component_name = component_type.name()->as_utf8();
2892 // add one dimension to component with 'L' prepended and ';' postpended.
2893 length = (int)strlen(component_name) + 3;
2894 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
2895 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
2896 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
2897 assert(n == length, "Unexpected number of characters in string");
2898 }
2899 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
2900 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
2901 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
2902 }
2903
2904 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
2905 current_frame->get_local(
2906 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2907 current_frame->push_stack(
2908 VerificationType::integer_type(), CHECK_VERIFY(this));
2909 }
2910
2911 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
2912 current_frame->get_local_2(
2913 index, VerificationType::long_type(),
2914 VerificationType::long2_type(), CHECK_VERIFY(this));
2915 current_frame->push_stack_2(
2916 VerificationType::long_type(),
2917 VerificationType::long2_type(), CHECK_VERIFY(this));
2918 }
2919
2920 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
2921 current_frame->get_local(
2922 index, VerificationType::float_type(), CHECK_VERIFY(this));
2923 current_frame->push_stack(
2924 VerificationType::float_type(), CHECK_VERIFY(this));
2925 }
2926
2927 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
2928 current_frame->get_local_2(
2929 index, VerificationType::double_type(),
2930 VerificationType::double2_type(), CHECK_VERIFY(this));
2931 current_frame->push_stack_2(
2932 VerificationType::double_type(),
2933 VerificationType::double2_type(), CHECK_VERIFY(this));
2934 }
2935
2936 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
2937 VerificationType type = current_frame->get_local(
2938 index, VerificationType::reference_check(), CHECK_VERIFY(this));
2939 current_frame->push_stack(type, CHECK_VERIFY(this));
2940 }
2941
2942 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
2943 current_frame->pop_stack(
2944 VerificationType::integer_type(), CHECK_VERIFY(this));
2945 current_frame->set_local(
2946 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2947 }
2948
2949 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
2950 current_frame->pop_stack_2(
2951 VerificationType::long2_type(),
2952 VerificationType::long_type(), CHECK_VERIFY(this));
2953 current_frame->set_local_2(
2954 index, VerificationType::long_type(),
2955 VerificationType::long2_type(), CHECK_VERIFY(this));
2956 }
2957
2958 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
2959 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
2960 current_frame->set_local(
2961 index, VerificationType::float_type(), CHECK_VERIFY(this));
2962 }
2963
2964 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
2965 current_frame->pop_stack_2(
2966 VerificationType::double2_type(),
2967 VerificationType::double_type(), CHECK_VERIFY(this));
2968 current_frame->set_local_2(
2969 index, VerificationType::double_type(),
2970 VerificationType::double2_type(), CHECK_VERIFY(this));
2971 }
2972
2973 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
2974 VerificationType type = current_frame->pop_stack(
2975 VerificationType::reference_check(), CHECK_VERIFY(this));
2976 current_frame->set_local(index, type, CHECK_VERIFY(this));
2977 }
2978
2979 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
2980 VerificationType type = current_frame->get_local(
2981 index, VerificationType::integer_type(), CHECK_VERIFY(this));
2982 current_frame->set_local(index, type, CHECK_VERIFY(this));
2983 }
2984
2985 void ClassVerifier::verify_return_value(
2986 VerificationType return_type, VerificationType type, int bci,
2987 StackMapFrame* current_frame, TRAPS) {
2988 if (return_type == VerificationType::bogus_type()) {
2989 verify_error(ErrorContext::bad_type(bci,
2990 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2991 "Method does not expect a return value");
2992 return;
2993 }
2994 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
2995 if (!match) {
2996 verify_error(ErrorContext::bad_type(bci,
2997 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
2998 "Bad return type");
2999 return;
3000 }
3001 }
3002
3003 // The verifier creates symbols which are substrings of Symbols.
3004 // These are stored in the verifier until the end of verification so that
3005 // they can be reference counted.
3006 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3007 // Quick deduplication check
3008 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3009 return _previous_symbol;
3010 }
3011 Symbol* sym = SymbolTable::new_symbol(name, length);
3012 if (!sym->is_permanent()) {
3013 if (_symbols == nullptr) {
3014 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3015 }
3016 _symbols->push(sym);
3017 }
3018 _previous_symbol = sym;
3019 return sym;
3020 }