1 /*
   2  * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.
   8  *
   9  * This code is distributed in the hope that it will be useful, but WITHOUT
  10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  12  * version 2 for more details (a copy is included in the LICENSE file that
  13  * accompanied this code).
  14  *
  15  * You should have received a copy of the GNU General Public License version
  16  * 2 along with this work; if not, write to the Free Software Foundation,
  17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  18  *
  19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  20  * or visit www.oracle.com if you need additional information or have any
  21  * questions.
  22  *
  23  */
  24 
  25 #include "precompiled.hpp"
  26 #include "cds/cdsConfig.hpp"
  27 #include "classfile/classFileStream.hpp"
  28 #include "classfile/classLoader.hpp"
  29 #include "classfile/javaClasses.hpp"
  30 #include "classfile/stackMapTable.hpp"
  31 #include "classfile/stackMapFrame.hpp"
  32 #include "classfile/stackMapTableFormat.hpp"
  33 #include "classfile/symbolTable.hpp"
  34 #include "classfile/systemDictionary.hpp"
  35 #include "classfile/verifier.hpp"
  36 #include "classfile/vmClasses.hpp"
  37 #include "classfile/vmSymbols.hpp"
  38 #include "interpreter/bytecodes.hpp"
  39 #include "interpreter/bytecodeStream.hpp"
  40 #include "jvm.h"
  41 #include "logging/log.hpp"
  42 #include "logging/logStream.hpp"
  43 #include "memory/oopFactory.hpp"
  44 #include "memory/resourceArea.hpp"
  45 #include "memory/universe.hpp"
  46 #include "oops/constantPool.inline.hpp"
  47 #include "oops/instanceKlass.inline.hpp"
  48 #include "oops/klass.inline.hpp"
  49 #include "oops/oop.inline.hpp"
  50 #include "oops/typeArrayOop.hpp"
  51 #include "runtime/arguments.hpp"
  52 #include "runtime/fieldDescriptor.hpp"
  53 #include "runtime/handles.inline.hpp"
  54 #include "runtime/interfaceSupport.inline.hpp"
  55 #include "runtime/javaCalls.hpp"
  56 #include "runtime/javaThread.hpp"
  57 #include "runtime/jniHandles.inline.hpp"
  58 #include "runtime/os.hpp"
  59 #include "runtime/safepointVerifiers.hpp"
  60 #include "services/threadService.hpp"
  61 #include "utilities/align.hpp"
  62 #include "utilities/bytes.hpp"
  63 
  64 #define NOFAILOVER_MAJOR_VERSION                       51
  65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  67 #define INLINE_TYPE_MAJOR_VERSION                       56
  68 #define MAX_ARRAY_DIMENSIONS 255
  69 
  70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  71 
  72 extern "C" {
  73   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  74 }
  75 
  76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  77 
  78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  79 
  80   if (_verify_byte_codes_fn != nullptr)
  81     return _verify_byte_codes_fn;
  82 
  83   MutexLocker locker(Verify_lock);
  84 
  85   if (_verify_byte_codes_fn != nullptr)
  86     return _verify_byte_codes_fn;
  87 
  88   // Load verify dll
  89   char buffer[JVM_MAXPATHLEN];
  90   char ebuf[1024];
  91   if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
  92     return nullptr; // Caller will throw VerifyError
  93 
  94   void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
  95   if (lib_handle == nullptr)
  96     return nullptr; // Caller will throw VerifyError
  97 
  98   void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
  99   if (fn == nullptr)
 100     return nullptr; // Caller will throw VerifyError
 101 
 102   return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
 103 }
 104 
 105 
 106 // Methods in Verifier
 107 
 108 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
 109   return (class_loader == nullptr || !should_verify_class) ?
 110     BytecodeVerificationLocal : BytecodeVerificationRemote;
 111 }
 112 
 113 bool Verifier::relax_access_for(oop loader) {
 114   bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
 115   bool need_verify =
 116     // verifyAll
 117     (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
 118     // verifyRemote
 119     (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
 120   return !need_verify;
 121 }
 122 
 123 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
 124   assert(verify_class != nullptr, "Unexpected null verify_class");
 125   ResourceMark rm;
 126   Symbol* s = verify_class->source_file_name();
 127   const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
 128   const char* verify = verify_class->external_name();
 129   const char* resolve = resolve_class->external_name();
 130   // print in a single call to reduce interleaving between threads
 131   if (source_file != nullptr) {
 132     log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
 133   } else {
 134     log_debug(class, resolve)("%s %s (verification)", verify, resolve);
 135   }
 136 }
 137 
 138 // Prints the end-verification message to the appropriate output.
 139 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
 140   if (pending_exception != nullptr) {
 141     st->print("Verification for %s has", klassName);
 142     oop message = java_lang_Throwable::message(pending_exception);
 143     if (message != nullptr) {
 144       char* ex_msg = java_lang_String::as_utf8_string(message);
 145       st->print_cr(" exception pending '%s %s'",
 146                    pending_exception->klass()->external_name(), ex_msg);
 147     } else {
 148       st->print_cr(" exception pending %s ",
 149                    pending_exception->klass()->external_name());
 150     }
 151   } else if (exception_name != nullptr) {
 152     st->print_cr("Verification for %s failed", klassName);
 153   }
 154   st->print_cr("End class verification for: %s", klassName);
 155 }
 156 
 157 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
 158   HandleMark hm(THREAD);
 159   ResourceMark rm(THREAD);
 160 
 161   // Eagerly allocate the identity hash code for a klass. This is a fallout
 162   // from 6320749 and 8059924: hash code generator is not supposed to be called
 163   // during the safepoint, but it allows to sneak the hashcode in during
 164   // verification. Without this eager hashcode generation, we may end up
 165   // installing the hashcode during some other operation, which may be at
 166   // safepoint -- blowing up the checks. It was previously done as the side
 167   // effect (sic!) for external_name(), but instead of doing that, we opt to
 168   // explicitly push the hashcode in here. This is signify the following block
 169   // is IMPORTANT:
 170   if (klass->java_mirror() != nullptr) {
 171     klass->java_mirror()->identity_hash();
 172   }
 173 
 174   if (!is_eligible_for_verification(klass, should_verify_class)) {
 175     return true;
 176   }
 177 
 178   // Timer includes any side effects of class verification (resolution,
 179   // etc), but not recursive calls to Verifier::verify().
 180   JavaThread* jt = THREAD;
 181   PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
 182                            ClassLoader::perf_class_verify_selftime(),
 183                            ClassLoader::perf_classes_verified(),
 184                            jt->get_thread_stat()->perf_recursion_counts_addr(),
 185                            jt->get_thread_stat()->perf_timers_addr(),
 186                            PerfClassTraceTime::CLASS_VERIFY);
 187 
 188   // If the class should be verified, first see if we can use the split
 189   // verifier.  If not, or if verification fails and can failover, then
 190   // call the inference verifier.
 191   Symbol* exception_name = nullptr;
 192   const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
 193   char* message_buffer = nullptr;
 194   char* exception_message = nullptr;
 195 
 196   log_info(class, init)("Start class verification for: %s", klass->external_name());
 197   if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
 198     ClassVerifier split_verifier(jt, klass);
 199     // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
 200     split_verifier.verify_class(THREAD);
 201     exception_name = split_verifier.result();
 202 
 203     // If dumping static archive then don't fall back to the old verifier on
 204     // verification failure. If a class fails verification with the split verifier,
 205     // it might fail the CDS runtime verifier constraint check. In that case, we
 206     // don't want to share the class. We only archive classes that pass the split
 207     // verifier.
 208     bool can_failover = !CDSConfig::is_dumping_static_archive() &&
 209       klass->major_version() < NOFAILOVER_MAJOR_VERSION;
 210 
 211     if (can_failover && !HAS_PENDING_EXCEPTION &&  // Split verifier doesn't set PENDING_EXCEPTION for failure
 212         (exception_name == vmSymbols::java_lang_VerifyError() ||
 213          exception_name == vmSymbols::java_lang_ClassFormatError())) {
 214       log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
 215       log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
 216       message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 217       exception_message = message_buffer;
 218       exception_name = inference_verify(
 219         klass, message_buffer, message_buffer_len, THREAD);
 220     }
 221     if (exception_name != nullptr) {
 222       exception_message = split_verifier.exception_message();
 223     }
 224   } else {
 225     message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
 226     exception_message = message_buffer;
 227     exception_name = inference_verify(
 228         klass, message_buffer, message_buffer_len, THREAD);
 229   }
 230 
 231   LogTarget(Info, class, init) lt1;
 232   if (lt1.is_enabled()) {
 233     LogStream ls(lt1);
 234     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 235   }
 236   LogTarget(Info, verification) lt2;
 237   if (lt2.is_enabled()) {
 238     LogStream ls(lt2);
 239     log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
 240   }
 241 
 242   if (HAS_PENDING_EXCEPTION) {
 243     return false; // use the existing exception
 244   } else if (exception_name == nullptr) {
 245     return true; // verification succeeded
 246   } else { // VerifyError or ClassFormatError to be created and thrown
 247     Klass* kls =
 248       SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
 249     if (log_is_enabled(Debug, class, resolve)) {
 250       Verifier::trace_class_resolution(kls, klass);
 251     }
 252 
 253     while (kls != nullptr) {
 254       if (kls == klass) {
 255         // If the class being verified is the exception we're creating
 256         // or one of it's superclasses, we're in trouble and are going
 257         // to infinitely recurse when we try to initialize the exception.
 258         // So bail out here by throwing the preallocated VM error.
 259         THROW_OOP_(Universe::internal_error_instance(), false);
 260       }
 261       kls = kls->super();
 262     }
 263     if (message_buffer != nullptr) {
 264       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 265     }
 266     assert(exception_message != nullptr, "");
 267     THROW_MSG_(exception_name, exception_message, false);
 268   }
 269 }
 270 
 271 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 272   Symbol* name = klass->name();
 273   Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
 274 
 275   bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
 276                                 klass->is_subtype_of(refl_serialization_ctor_klass);
 277 
 278   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 279     // return if the class is a bootstrapping class
 280     // or defineClass specified not to verify by default (flags override passed arg)
 281     // We need to skip the following four for bootstrapping
 282     name != vmSymbols::java_lang_Object() &&
 283     name != vmSymbols::java_lang_Class() &&
 284     name != vmSymbols::java_lang_String() &&
 285     name != vmSymbols::java_lang_Throwable() &&
 286 
 287     // Can not verify the bytecodes for shared classes because they have
 288     // already been rewritten to contain constant pool cache indices,
 289     // which the verifier can't understand.
 290     // Shared classes shouldn't have stackmaps either.
 291     // However, bytecodes for shared old classes can be verified because
 292     // they have not been rewritten.
 293     !(klass->is_shared() && klass->is_rewritten()) &&
 294 
 295     // As of the fix for 4486457 we disable verification for all of the
 296     // dynamically-generated bytecodes associated with
 297     // jdk/internal/reflect/SerializationConstructorAccessor.
 298     (!is_reflect_accessor));
 299 }
 300 
 301 Symbol* Verifier::inference_verify(
 302     InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
 303   JavaThread* thread = THREAD;
 304 
 305   verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
 306 
 307   if (verify_func == nullptr) {
 308     jio_snprintf(message, message_len, "Could not link verifier");
 309     return vmSymbols::java_lang_VerifyError();
 310   }
 311 
 312   ResourceMark rm(thread);
 313   log_info(verification)("Verifying class %s with old format", klass->external_name());
 314 
 315   jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
 316   jint result;
 317 
 318   {
 319     HandleMark hm(thread);
 320     ThreadToNativeFromVM ttn(thread);
 321     // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
 322     // code knows that we have left the VM
 323     JNIEnv *env = thread->jni_environment();
 324     result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
 325   }
 326 
 327   JNIHandles::destroy_local(cls);
 328 
 329   // These numbers are chosen so that VerifyClassCodes interface doesn't need
 330   // to be changed (still return jboolean (unsigned char)), and result is
 331   // 1 when verification is passed.
 332   if (result == 0) {
 333     return vmSymbols::java_lang_VerifyError();
 334   } else if (result == 1) {
 335     return nullptr; // verified.
 336   } else if (result == 2) {
 337     THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
 338   } else if (result == 3) {
 339     return vmSymbols::java_lang_ClassFormatError();
 340   } else {
 341     ShouldNotReachHere();
 342     return nullptr;
 343   }
 344 }
 345 
 346 TypeOrigin TypeOrigin::null() {
 347   return TypeOrigin();
 348 }
 349 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
 350   assert(frame != nullptr, "Must have a frame");
 351   return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
 352      frame->local_at(index));
 353 }
 354 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
 355   assert(frame != nullptr, "Must have a frame");
 356   return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
 357       frame->stack_at(index));
 358 }
 359 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
 360   assert(frame != nullptr, "Must have a frame");
 361   return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
 362       frame->local_at(index));
 363 }
 364 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
 365   assert(frame != nullptr, "Must have a frame");
 366   return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
 367       frame->stack_at(index));
 368 }
 369 TypeOrigin TypeOrigin::bad_index(int index) {
 370   return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
 371 }
 372 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
 373   return TypeOrigin(CONST_POOL, index, nullptr, vt);
 374 }
 375 TypeOrigin TypeOrigin::signature(VerificationType vt) {
 376   return TypeOrigin(SIG, 0, nullptr, vt);
 377 }
 378 TypeOrigin TypeOrigin::implicit(VerificationType t) {
 379   return TypeOrigin(IMPLICIT, 0, nullptr, t);
 380 }
 381 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
 382   return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
 383                     VerificationType::bogus_type());
 384 }
 385 
 386 void TypeOrigin::reset_frame() {
 387   if (_frame != nullptr) {
 388     _frame->restore();
 389   }
 390 }
 391 
 392 void TypeOrigin::details(outputStream* ss) const {
 393   _type.print_on(ss);
 394   switch (_origin) {
 395     case CF_LOCALS:
 396       ss->print(" (current frame, locals[%d])", _index);
 397       break;
 398     case CF_STACK:
 399       ss->print(" (current frame, stack[%d])", _index);
 400       break;
 401     case SM_LOCALS:
 402       ss->print(" (stack map, locals[%d])", _index);
 403       break;
 404     case SM_STACK:
 405       ss->print(" (stack map, stack[%d])", _index);
 406       break;
 407     case CONST_POOL:
 408       ss->print(" (constant pool %d)", _index);
 409       break;
 410     case SIG:
 411       ss->print(" (from method signature)");
 412       break;
 413     case IMPLICIT:
 414     case FRAME_ONLY:
 415     case NONE:
 416     default:
 417       ;
 418   }
 419 }
 420 
 421 #ifdef ASSERT
 422 void TypeOrigin::print_on(outputStream* str) const {
 423   str->print("{%d,%d,%p:", _origin, _index, _frame);
 424   if (_frame != nullptr) {
 425     _frame->print_on(str);
 426   } else {
 427     str->print("null");
 428   }
 429   str->print(",");
 430   _type.print_on(str);
 431   str->print("}");
 432 }
 433 #endif
 434 
 435 void ErrorContext::details(outputStream* ss, const Method* method) const {
 436   if (is_valid()) {
 437     ss->cr();
 438     ss->print_cr("Exception Details:");
 439     location_details(ss, method);
 440     reason_details(ss);
 441     frame_details(ss);
 442     bytecode_details(ss, method);
 443     handler_details(ss, method);
 444     stackmap_details(ss, method);
 445   }
 446 }
 447 
 448 void ErrorContext::reason_details(outputStream* ss) const {
 449   streamIndentor si(ss);
 450   ss->indent().print_cr("Reason:");
 451   streamIndentor si2(ss);
 452   ss->indent().print("%s", "");
 453   switch (_fault) {
 454     case INVALID_BYTECODE:
 455       ss->print("Error exists in the bytecode");
 456       break;
 457     case WRONG_TYPE:
 458       if (_expected.is_valid()) {
 459         ss->print("Type ");
 460         _type.details(ss);
 461         ss->print(" is not assignable to ");
 462         _expected.details(ss);
 463       } else {
 464         ss->print("Invalid type: ");
 465         _type.details(ss);
 466       }
 467       break;
 468     case FLAGS_MISMATCH:
 469       if (_expected.is_valid()) {
 470         ss->print("Current frame's flags are not assignable "
 471                   "to stack map frame's.");
 472       } else {
 473         ss->print("Current frame's flags are invalid in this context.");
 474       }
 475       break;
 476     case BAD_CP_INDEX:
 477       ss->print("Constant pool index %d is invalid", _type.index());
 478       break;
 479     case BAD_LOCAL_INDEX:
 480       ss->print("Local index %d is invalid", _type.index());
 481       break;
 482     case LOCALS_SIZE_MISMATCH:
 483       ss->print("Current frame's local size doesn't match stackmap.");
 484       break;
 485     case STACK_SIZE_MISMATCH:
 486       ss->print("Current frame's stack size doesn't match stackmap.");
 487       break;
 488     case STACK_OVERFLOW:
 489       ss->print("Exceeded max stack size.");
 490       break;
 491     case STACK_UNDERFLOW:
 492       ss->print("Attempt to pop empty stack.");
 493       break;
 494     case MISSING_STACKMAP:
 495       ss->print("Expected stackmap frame at this location.");
 496       break;
 497     case BAD_STACKMAP:
 498       ss->print("Invalid stackmap specification.");
 499       break;
 500     case WRONG_INLINE_TYPE:
 501       ss->print("Type ");
 502       _type.details(ss);
 503       ss->print(" and type ");
 504       _expected.details(ss);
 505       ss->print(" must be identical inline types.");
 506       break;
 507     case UNKNOWN:
 508     default:
 509       ShouldNotReachHere();
 510       ss->print_cr("Unknown");
 511   }
 512   ss->cr();
 513 }
 514 
 515 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 516   if (_bci != -1 && method != nullptr) {
 517     streamIndentor si(ss);
 518     const char* bytecode_name = "<invalid>";
 519     if (method->validate_bci(_bci) != -1) {
 520       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 521       if (Bytecodes::is_defined(code)) {
 522           bytecode_name = Bytecodes::name(code);
 523       } else {
 524           bytecode_name = "<illegal>";
 525       }
 526     }
 527     InstanceKlass* ik = method->method_holder();
 528     ss->indent().print_cr("Location:");
 529     streamIndentor si2(ss);
 530     ss->indent().print_cr("%s.%s%s @%d: %s",
 531         ik->name()->as_C_string(), method->name()->as_C_string(),
 532         method->signature()->as_C_string(), _bci, bytecode_name);
 533   }
 534 }
 535 
 536 void ErrorContext::frame_details(outputStream* ss) const {
 537   streamIndentor si(ss);
 538   if (_type.is_valid() && _type.frame() != nullptr) {
 539     ss->indent().print_cr("Current Frame:");
 540     streamIndentor si2(ss);
 541     _type.frame()->print_on(ss);
 542   }
 543   if (_expected.is_valid() && _expected.frame() != nullptr) {
 544     ss->indent().print_cr("Stackmap Frame:");
 545     streamIndentor si2(ss);
 546     _expected.frame()->print_on(ss);
 547   }
 548 }
 549 
 550 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
 551   if (method != nullptr) {
 552     streamIndentor si(ss);
 553     ss->indent().print_cr("Bytecode:");
 554     streamIndentor si2(ss);
 555     ss->print_data(method->code_base(), method->code_size(), false);
 556   }
 557 }
 558 
 559 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
 560   if (method != nullptr) {
 561     streamIndentor si(ss);
 562     ExceptionTable table(method);
 563     if (table.length() > 0) {
 564       ss->indent().print_cr("Exception Handler Table:");
 565       streamIndentor si2(ss);
 566       for (int i = 0; i < table.length(); ++i) {
 567         ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
 568             table.end_pc(i), table.handler_pc(i));
 569       }
 570     }
 571   }
 572 }
 573 
 574 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
 575   if (method != nullptr && method->has_stackmap_table()) {
 576     streamIndentor si(ss);
 577     ss->indent().print_cr("Stackmap Table:");
 578     Array<u1>* data = method->stackmap_data();
 579     stack_map_table* sm_table =
 580         stack_map_table::at((address)data->adr_at(0));
 581     stack_map_frame* sm_frame = sm_table->entries();
 582     streamIndentor si2(ss);
 583     int current_offset = -1;
 584     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 585     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 586       ss->indent();
 587       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 588         sm_frame->print_truncated(ss, current_offset);
 589         return;
 590       }
 591       sm_frame->print_on(ss, current_offset);
 592       ss->cr();
 593       current_offset += sm_frame->offset_delta();
 594       sm_frame = sm_frame->next();
 595     }
 596   }
 597 }
 598 
 599 // Methods in ClassVerifier
 600 
 601 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 602     : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
 603       _message(nullptr), _klass(klass) {
 604   _this_type = VerificationType::reference_type(klass->name());
 605 }
 606 
 607 ClassVerifier::~ClassVerifier() {
 608   // Decrement the reference count for any symbols created.
 609   if (_symbols != nullptr) {
 610     for (int i = 0; i < _symbols->length(); i++) {
 611       Symbol* s = _symbols->at(i);
 612       s->decrement_refcount();
 613     }
 614   }
 615 }
 616 
 617 VerificationType ClassVerifier::object_type() const {
 618   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 619 }
 620 
 621 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 622   VerificationType vt = VerificationType::reference_type(
 623                          create_temporary_symbol(sig, (int)strlen(sig)));
 624   return TypeOrigin::implicit(vt);
 625 }
 626 
 627 static bool supports_strict_fields(InstanceKlass* klass) {
 628   int ver = klass->major_version();
 629   return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
 630          (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
 631 }
 632 
 633 void ClassVerifier::verify_class(TRAPS) {
 634   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 635 
 636   // Either verifying both local and remote classes or just remote classes.
 637   assert(BytecodeVerificationRemote, "Should not be here");
 638 
 639   Array<Method*>* methods = _klass->methods();
 640   int num_methods = methods->length();
 641 
 642   for (int index = 0; index < num_methods; index++) {
 643     // Check for recursive re-verification before each method.
 644     if (was_recursively_verified()) return;
 645 
 646     Method* m = methods->at(index);
 647     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 648       // If m is native or abstract, skip it.  It is checked in class file
 649       // parser that methods do not override a final method.  Overpass methods
 650       // are trusted since the VM generates them.
 651       continue;
 652     }
 653     verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
 654   }
 655 
 656   if (was_recursively_verified()){
 657     log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
 658     log_info(class, init)("Recursive verification detected for: %s",
 659                         _klass->external_name());
 660   }
 661 }
 662 
 663 // Translate the signature entries into verification types and save them in
 664 // the growable array.  Also, save the count of arguments.
 665 void ClassVerifier::translate_signature(Symbol* const method_sig,
 666                                         sig_as_verification_types* sig_verif_types) {
 667   SignatureStream sig_stream(method_sig);
 668   VerificationType sig_type[2];
 669   int sig_i = 0;
 670   GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
 671 
 672   // Translate the signature arguments into verification types.
 673   while (!sig_stream.at_return_type()) {
 674     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 675     assert(n <= 2, "Unexpected signature type");
 676 
 677     // Store verification type(s).  Longs and Doubles each have two verificationTypes.
 678     for (int x = 0; x < n; x++) {
 679       verif_types->push(sig_type[x]);
 680     }
 681     sig_i += n;
 682     sig_stream.next();
 683   }
 684 
 685   // Set final arg count, not including the return type.  The final arg count will
 686   // be compared with sig_verify_types' length to see if there is a return type.
 687   sig_verif_types->set_num_args(sig_i);
 688 
 689   // Store verification type(s) for the return type, if there is one.
 690   if (sig_stream.type() != T_VOID) {
 691     int n = change_sig_to_verificationType(&sig_stream, sig_type);
 692     assert(n <= 2, "Unexpected signature return type");
 693     for (int y = 0; y < n; y++) {
 694       verif_types->push(sig_type[y]);
 695     }
 696   }
 697 }
 698 
 699 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
 700                                             int sig_index) {
 701   // Translate the signature into verification types.
 702   ConstantPool* cp = _klass->constants();
 703   Symbol* const method_sig = cp->symbol_at(sig_index);
 704   translate_signature(method_sig, sig_verif_types);
 705 
 706   // Add the list of this signature's verification types to the table.
 707   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 708   assert(is_unique, "Duplicate entries in method_signature_table");
 709 }
 710 
 711 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 712   HandleMark hm(THREAD);
 713   _method = m;   // initialize _method
 714   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 715 
 716 // For clang, the only good constant format string is a literal constant format string.
 717 #define bad_type_msg "Bad type on operand stack in %s"
 718 
 719   u2 max_stack = m->verifier_max_stack();
 720   u2 max_locals = m->max_locals();
 721   constantPoolHandle cp(THREAD, m->constants());
 722 
 723   // Method signature was checked in ClassFileParser.
 724   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 725          "Invalid method signature");
 726 
 727   // Initial stack map frame: offset is 0, stack is initially empty.
 728   StackMapFrame current_frame(max_locals, max_stack, this);
 729   // Set initial locals
 730   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 731 
 732   u2 stackmap_index = 0; // index to the stackmap array
 733 
 734   u4 code_length = m->code_size();
 735 
 736   // Scan the bytecode and map each instruction's start offset to a number.
 737   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 738 
 739   int ex_min = code_length;
 740   int ex_max = -1;
 741   // Look through each item on the exception table. Each of the fields must refer
 742   // to a legal instruction.
 743   if (was_recursively_verified()) return;
 744   verify_exception_handler_table(
 745     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 746 
 747   // Look through each entry on the local variable table and make sure
 748   // its range of code array offsets is valid. (4169817)
 749   if (m->has_localvariable_table()) {
 750     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 751   }
 752 
 753   Array<u1>* stackmap_data = m->stackmap_data();
 754   StackMapStream stream(stackmap_data);
 755   StackMapReader reader(this, &stream, code_data, code_length, THREAD);
 756   StackMapTable stackmap_table(&reader, &current_frame, max_locals, max_stack,
 757                                code_data, code_length, CHECK_VERIFY(this));
 758 
 759   LogTarget(Debug, verification) lt;
 760   if (lt.is_enabled()) {
 761     ResourceMark rm(THREAD);
 762     LogStream ls(lt);
 763     stackmap_table.print_on(&ls);
 764   }
 765 
 766   RawBytecodeStream bcs(m);
 767 
 768   // Scan the byte code linearly from the start to the end
 769   bool no_control_flow = false; // Set to true when there is no direct control
 770                                 // flow from current instruction to the next
 771                                 // instruction in sequence
 772 
 773   Bytecodes::Code opcode;
 774   while (!bcs.is_last_bytecode()) {
 775     // Check for recursive re-verification before each bytecode.
 776     if (was_recursively_verified())  return;
 777 
 778     opcode = bcs.raw_next();
 779     int bci = bcs.bci();
 780 
 781     // Set current frame's offset to bci
 782     current_frame.set_offset(bci);
 783     current_frame.set_mark();
 784 
 785     // Make sure every offset in stackmap table point to the beginning to
 786     // an instruction. Match current_frame to stackmap_table entry with
 787     // the same offset if exists.
 788     stackmap_index = verify_stackmap_table(
 789       stackmap_index, bci, &current_frame, &stackmap_table,
 790       no_control_flow, CHECK_VERIFY(this));
 791 
 792 
 793     bool this_uninit = false;  // Set to true when invokespecial <init> initialized 'this'
 794     bool verified_exc_handlers = false;
 795 
 796     // Merge with the next instruction
 797     {
 798       int target;
 799       VerificationType type, type2;
 800       VerificationType atype;
 801 
 802       LogTarget(Debug, verification) lt;
 803       if (lt.is_enabled()) {
 804         ResourceMark rm(THREAD);
 805         LogStream ls(lt);
 806         current_frame.print_on(&ls);
 807         lt.print("offset = %d,  opcode = %s", bci,
 808                  opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
 809       }
 810 
 811       // Make sure wide instruction is in correct format
 812       if (bcs.is_wide()) {
 813         if (opcode != Bytecodes::_iinc   && opcode != Bytecodes::_iload  &&
 814             opcode != Bytecodes::_aload  && opcode != Bytecodes::_lload  &&
 815             opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
 816             opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload  &&
 817             opcode != Bytecodes::_dload  && opcode != Bytecodes::_fstore &&
 818             opcode != Bytecodes::_dstore) {
 819           /* Unreachable?  RawBytecodeStream's raw_next() returns 'illegal'
 820            * if we encounter a wide instruction that modifies an invalid
 821            * opcode (not one of the ones listed above) */
 822           verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
 823           return;
 824         }
 825       }
 826 
 827       // Look for possible jump target in exception handlers and see if it
 828       // matches current_frame.  Do this check here for astore*, dstore*,
 829       // fstore*, istore*, and lstore* opcodes because they can change the type
 830       // state by adding a local.  JVM Spec says that the incoming type state
 831       // should be used for this check.  So, do the check here before a possible
 832       // local is added to the type state.
 833       if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
 834         if (was_recursively_verified()) return;
 835         verify_exception_handler_targets(
 836           bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
 837         verified_exc_handlers = true;
 838       }
 839 
 840       if (was_recursively_verified()) return;
 841 
 842       switch (opcode) {
 843         case Bytecodes::_nop :
 844           no_control_flow = false; break;
 845         case Bytecodes::_aconst_null :
 846           current_frame.push_stack(
 847             VerificationType::null_type(), CHECK_VERIFY(this));
 848           no_control_flow = false; break;
 849         case Bytecodes::_iconst_m1 :
 850         case Bytecodes::_iconst_0 :
 851         case Bytecodes::_iconst_1 :
 852         case Bytecodes::_iconst_2 :
 853         case Bytecodes::_iconst_3 :
 854         case Bytecodes::_iconst_4 :
 855         case Bytecodes::_iconst_5 :
 856           current_frame.push_stack(
 857             VerificationType::integer_type(), CHECK_VERIFY(this));
 858           no_control_flow = false; break;
 859         case Bytecodes::_lconst_0 :
 860         case Bytecodes::_lconst_1 :
 861           current_frame.push_stack_2(
 862             VerificationType::long_type(),
 863             VerificationType::long2_type(), CHECK_VERIFY(this));
 864           no_control_flow = false; break;
 865         case Bytecodes::_fconst_0 :
 866         case Bytecodes::_fconst_1 :
 867         case Bytecodes::_fconst_2 :
 868           current_frame.push_stack(
 869             VerificationType::float_type(), CHECK_VERIFY(this));
 870           no_control_flow = false; break;
 871         case Bytecodes::_dconst_0 :
 872         case Bytecodes::_dconst_1 :
 873           current_frame.push_stack_2(
 874             VerificationType::double_type(),
 875             VerificationType::double2_type(), CHECK_VERIFY(this));
 876           no_control_flow = false; break;
 877         case Bytecodes::_sipush :
 878         case Bytecodes::_bipush :
 879           current_frame.push_stack(
 880             VerificationType::integer_type(), CHECK_VERIFY(this));
 881           no_control_flow = false; break;
 882         case Bytecodes::_ldc :
 883           verify_ldc(
 884             opcode, bcs.get_index_u1(), &current_frame,
 885             cp, bci, CHECK_VERIFY(this));
 886           no_control_flow = false; break;
 887         case Bytecodes::_ldc_w :
 888         case Bytecodes::_ldc2_w :
 889           verify_ldc(
 890             opcode, bcs.get_index_u2(), &current_frame,
 891             cp, bci, CHECK_VERIFY(this));
 892           no_control_flow = false; break;
 893         case Bytecodes::_iload :
 894           verify_iload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 895           no_control_flow = false; break;
 896         case Bytecodes::_iload_0 :
 897         case Bytecodes::_iload_1 :
 898         case Bytecodes::_iload_2 :
 899         case Bytecodes::_iload_3 : {
 900           int index = opcode - Bytecodes::_iload_0;
 901           verify_iload(index, &current_frame, CHECK_VERIFY(this));
 902           no_control_flow = false; break;
 903           }
 904         case Bytecodes::_lload :
 905           verify_lload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 906           no_control_flow = false; break;
 907         case Bytecodes::_lload_0 :
 908         case Bytecodes::_lload_1 :
 909         case Bytecodes::_lload_2 :
 910         case Bytecodes::_lload_3 : {
 911           int index = opcode - Bytecodes::_lload_0;
 912           verify_lload(index, &current_frame, CHECK_VERIFY(this));
 913           no_control_flow = false; break;
 914           }
 915         case Bytecodes::_fload :
 916           verify_fload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 917           no_control_flow = false; break;
 918         case Bytecodes::_fload_0 :
 919         case Bytecodes::_fload_1 :
 920         case Bytecodes::_fload_2 :
 921         case Bytecodes::_fload_3 : {
 922           int index = opcode - Bytecodes::_fload_0;
 923           verify_fload(index, &current_frame, CHECK_VERIFY(this));
 924           no_control_flow = false; break;
 925           }
 926         case Bytecodes::_dload :
 927           verify_dload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 928           no_control_flow = false; break;
 929         case Bytecodes::_dload_0 :
 930         case Bytecodes::_dload_1 :
 931         case Bytecodes::_dload_2 :
 932         case Bytecodes::_dload_3 : {
 933           int index = opcode - Bytecodes::_dload_0;
 934           verify_dload(index, &current_frame, CHECK_VERIFY(this));
 935           no_control_flow = false; break;
 936           }
 937         case Bytecodes::_aload :
 938           verify_aload(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
 939           no_control_flow = false; break;
 940         case Bytecodes::_aload_0 :
 941         case Bytecodes::_aload_1 :
 942         case Bytecodes::_aload_2 :
 943         case Bytecodes::_aload_3 : {
 944           int index = opcode - Bytecodes::_aload_0;
 945           verify_aload(index, &current_frame, CHECK_VERIFY(this));
 946           no_control_flow = false; break;
 947           }
 948         case Bytecodes::_iaload :
 949           type = current_frame.pop_stack(
 950             VerificationType::integer_type(), CHECK_VERIFY(this));
 951           atype = current_frame.pop_stack(
 952             VerificationType::reference_check(), CHECK_VERIFY(this));
 953           if (!atype.is_int_array()) {
 954             verify_error(ErrorContext::bad_type(bci,
 955                 current_frame.stack_top_ctx(), ref_ctx("[I")),
 956                 bad_type_msg, "iaload");
 957             return;
 958           }
 959           current_frame.push_stack(
 960             VerificationType::integer_type(), CHECK_VERIFY(this));
 961           no_control_flow = false; break;
 962         case Bytecodes::_baload :
 963           type = current_frame.pop_stack(
 964             VerificationType::integer_type(), CHECK_VERIFY(this));
 965           atype = current_frame.pop_stack(
 966             VerificationType::reference_check(), CHECK_VERIFY(this));
 967           if (!atype.is_bool_array() && !atype.is_byte_array()) {
 968             verify_error(
 969                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
 970                 bad_type_msg, "baload");
 971             return;
 972           }
 973           current_frame.push_stack(
 974             VerificationType::integer_type(), CHECK_VERIFY(this));
 975           no_control_flow = false; break;
 976         case Bytecodes::_caload :
 977           type = current_frame.pop_stack(
 978             VerificationType::integer_type(), CHECK_VERIFY(this));
 979           atype = current_frame.pop_stack(
 980             VerificationType::reference_check(), CHECK_VERIFY(this));
 981           if (!atype.is_char_array()) {
 982             verify_error(ErrorContext::bad_type(bci,
 983                 current_frame.stack_top_ctx(), ref_ctx("[C")),
 984                 bad_type_msg, "caload");
 985             return;
 986           }
 987           current_frame.push_stack(
 988             VerificationType::integer_type(), CHECK_VERIFY(this));
 989           no_control_flow = false; break;
 990         case Bytecodes::_saload :
 991           type = current_frame.pop_stack(
 992             VerificationType::integer_type(), CHECK_VERIFY(this));
 993           atype = current_frame.pop_stack(
 994             VerificationType::reference_check(), CHECK_VERIFY(this));
 995           if (!atype.is_short_array()) {
 996             verify_error(ErrorContext::bad_type(bci,
 997                 current_frame.stack_top_ctx(), ref_ctx("[S")),
 998                 bad_type_msg, "saload");
 999             return;
1000           }
1001           current_frame.push_stack(
1002             VerificationType::integer_type(), CHECK_VERIFY(this));
1003           no_control_flow = false; break;
1004         case Bytecodes::_laload :
1005           type = current_frame.pop_stack(
1006             VerificationType::integer_type(), CHECK_VERIFY(this));
1007           atype = current_frame.pop_stack(
1008             VerificationType::reference_check(), CHECK_VERIFY(this));
1009           if (!atype.is_long_array()) {
1010             verify_error(ErrorContext::bad_type(bci,
1011                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1012                 bad_type_msg, "laload");
1013             return;
1014           }
1015           current_frame.push_stack_2(
1016             VerificationType::long_type(),
1017             VerificationType::long2_type(), CHECK_VERIFY(this));
1018           no_control_flow = false; break;
1019         case Bytecodes::_faload :
1020           type = current_frame.pop_stack(
1021             VerificationType::integer_type(), CHECK_VERIFY(this));
1022           atype = current_frame.pop_stack(
1023             VerificationType::reference_check(), CHECK_VERIFY(this));
1024           if (!atype.is_float_array()) {
1025             verify_error(ErrorContext::bad_type(bci,
1026                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1027                 bad_type_msg, "faload");
1028             return;
1029           }
1030           current_frame.push_stack(
1031             VerificationType::float_type(), CHECK_VERIFY(this));
1032           no_control_flow = false; break;
1033         case Bytecodes::_daload :
1034           type = current_frame.pop_stack(
1035             VerificationType::integer_type(), CHECK_VERIFY(this));
1036           atype = current_frame.pop_stack(
1037             VerificationType::reference_check(), CHECK_VERIFY(this));
1038           if (!atype.is_double_array()) {
1039             verify_error(ErrorContext::bad_type(bci,
1040                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1041                 bad_type_msg, "daload");
1042             return;
1043           }
1044           current_frame.push_stack_2(
1045             VerificationType::double_type(),
1046             VerificationType::double2_type(), CHECK_VERIFY(this));
1047           no_control_flow = false; break;
1048         case Bytecodes::_aaload : {
1049           type = current_frame.pop_stack(
1050             VerificationType::integer_type(), CHECK_VERIFY(this));
1051           atype = current_frame.pop_stack(
1052             VerificationType::reference_check(), CHECK_VERIFY(this));
1053           if (!atype.is_reference_array()) {
1054             verify_error(ErrorContext::bad_type(bci,
1055                 current_frame.stack_top_ctx(),
1056                 TypeOrigin::implicit(VerificationType::reference_check())),
1057                 bad_type_msg, "aaload");
1058             return;
1059           }
1060           if (atype.is_null()) {
1061             current_frame.push_stack(
1062               VerificationType::null_type(), CHECK_VERIFY(this));
1063           } else {
1064             VerificationType component = atype.get_component(this);
1065             current_frame.push_stack(component, CHECK_VERIFY(this));
1066           }
1067           no_control_flow = false; break;
1068         }
1069         case Bytecodes::_istore :
1070           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1071           no_control_flow = false; break;
1072         case Bytecodes::_istore_0 :
1073         case Bytecodes::_istore_1 :
1074         case Bytecodes::_istore_2 :
1075         case Bytecodes::_istore_3 : {
1076           int index = opcode - Bytecodes::_istore_0;
1077           verify_istore(index, &current_frame, CHECK_VERIFY(this));
1078           no_control_flow = false; break;
1079           }
1080         case Bytecodes::_lstore :
1081           verify_lstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1082           no_control_flow = false; break;
1083         case Bytecodes::_lstore_0 :
1084         case Bytecodes::_lstore_1 :
1085         case Bytecodes::_lstore_2 :
1086         case Bytecodes::_lstore_3 : {
1087           int index = opcode - Bytecodes::_lstore_0;
1088           verify_lstore(index, &current_frame, CHECK_VERIFY(this));
1089           no_control_flow = false; break;
1090           }
1091         case Bytecodes::_fstore :
1092           verify_fstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1093           no_control_flow = false; break;
1094         case Bytecodes::_fstore_0 :
1095         case Bytecodes::_fstore_1 :
1096         case Bytecodes::_fstore_2 :
1097         case Bytecodes::_fstore_3 : {
1098           int index = opcode - Bytecodes::_fstore_0;
1099           verify_fstore(index, &current_frame, CHECK_VERIFY(this));
1100           no_control_flow = false; break;
1101           }
1102         case Bytecodes::_dstore :
1103           verify_dstore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1104           no_control_flow = false; break;
1105         case Bytecodes::_dstore_0 :
1106         case Bytecodes::_dstore_1 :
1107         case Bytecodes::_dstore_2 :
1108         case Bytecodes::_dstore_3 : {
1109           int index = opcode - Bytecodes::_dstore_0;
1110           verify_dstore(index, &current_frame, CHECK_VERIFY(this));
1111           no_control_flow = false; break;
1112           }
1113         case Bytecodes::_astore :
1114           verify_astore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1115           no_control_flow = false; break;
1116         case Bytecodes::_astore_0 :
1117         case Bytecodes::_astore_1 :
1118         case Bytecodes::_astore_2 :
1119         case Bytecodes::_astore_3 : {
1120           int index = opcode - Bytecodes::_astore_0;
1121           verify_astore(index, &current_frame, CHECK_VERIFY(this));
1122           no_control_flow = false; break;
1123           }
1124         case Bytecodes::_iastore :
1125           type = current_frame.pop_stack(
1126             VerificationType::integer_type(), CHECK_VERIFY(this));
1127           type2 = current_frame.pop_stack(
1128             VerificationType::integer_type(), CHECK_VERIFY(this));
1129           atype = current_frame.pop_stack(
1130             VerificationType::reference_check(), CHECK_VERIFY(this));
1131           if (!atype.is_int_array()) {
1132             verify_error(ErrorContext::bad_type(bci,
1133                 current_frame.stack_top_ctx(), ref_ctx("[I")),
1134                 bad_type_msg, "iastore");
1135             return;
1136           }
1137           no_control_flow = false; break;
1138         case Bytecodes::_bastore :
1139           type = current_frame.pop_stack(
1140             VerificationType::integer_type(), CHECK_VERIFY(this));
1141           type2 = current_frame.pop_stack(
1142             VerificationType::integer_type(), CHECK_VERIFY(this));
1143           atype = current_frame.pop_stack(
1144             VerificationType::reference_check(), CHECK_VERIFY(this));
1145           if (!atype.is_bool_array() && !atype.is_byte_array()) {
1146             verify_error(
1147                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1148                 bad_type_msg, "bastore");
1149             return;
1150           }
1151           no_control_flow = false; break;
1152         case Bytecodes::_castore :
1153           current_frame.pop_stack(
1154             VerificationType::integer_type(), CHECK_VERIFY(this));
1155           current_frame.pop_stack(
1156             VerificationType::integer_type(), CHECK_VERIFY(this));
1157           atype = current_frame.pop_stack(
1158             VerificationType::reference_check(), CHECK_VERIFY(this));
1159           if (!atype.is_char_array()) {
1160             verify_error(ErrorContext::bad_type(bci,
1161                 current_frame.stack_top_ctx(), ref_ctx("[C")),
1162                 bad_type_msg, "castore");
1163             return;
1164           }
1165           no_control_flow = false; break;
1166         case Bytecodes::_sastore :
1167           current_frame.pop_stack(
1168             VerificationType::integer_type(), CHECK_VERIFY(this));
1169           current_frame.pop_stack(
1170             VerificationType::integer_type(), CHECK_VERIFY(this));
1171           atype = current_frame.pop_stack(
1172             VerificationType::reference_check(), CHECK_VERIFY(this));
1173           if (!atype.is_short_array()) {
1174             verify_error(ErrorContext::bad_type(bci,
1175                 current_frame.stack_top_ctx(), ref_ctx("[S")),
1176                 bad_type_msg, "sastore");
1177             return;
1178           }
1179           no_control_flow = false; break;
1180         case Bytecodes::_lastore :
1181           current_frame.pop_stack_2(
1182             VerificationType::long2_type(),
1183             VerificationType::long_type(), CHECK_VERIFY(this));
1184           current_frame.pop_stack(
1185             VerificationType::integer_type(), CHECK_VERIFY(this));
1186           atype = current_frame.pop_stack(
1187             VerificationType::reference_check(), CHECK_VERIFY(this));
1188           if (!atype.is_long_array()) {
1189             verify_error(ErrorContext::bad_type(bci,
1190                 current_frame.stack_top_ctx(), ref_ctx("[J")),
1191                 bad_type_msg, "lastore");
1192             return;
1193           }
1194           no_control_flow = false; break;
1195         case Bytecodes::_fastore :
1196           current_frame.pop_stack(
1197             VerificationType::float_type(), CHECK_VERIFY(this));
1198           current_frame.pop_stack
1199             (VerificationType::integer_type(), CHECK_VERIFY(this));
1200           atype = current_frame.pop_stack(
1201             VerificationType::reference_check(), CHECK_VERIFY(this));
1202           if (!atype.is_float_array()) {
1203             verify_error(ErrorContext::bad_type(bci,
1204                 current_frame.stack_top_ctx(), ref_ctx("[F")),
1205                 bad_type_msg, "fastore");
1206             return;
1207           }
1208           no_control_flow = false; break;
1209         case Bytecodes::_dastore :
1210           current_frame.pop_stack_2(
1211             VerificationType::double2_type(),
1212             VerificationType::double_type(), CHECK_VERIFY(this));
1213           current_frame.pop_stack(
1214             VerificationType::integer_type(), CHECK_VERIFY(this));
1215           atype = current_frame.pop_stack(
1216             VerificationType::reference_check(), CHECK_VERIFY(this));
1217           if (!atype.is_double_array()) {
1218             verify_error(ErrorContext::bad_type(bci,
1219                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220                 bad_type_msg, "dastore");
1221             return;
1222           }
1223           no_control_flow = false; break;
1224         case Bytecodes::_aastore :
1225           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226           type2 = current_frame.pop_stack(
1227             VerificationType::integer_type(), CHECK_VERIFY(this));
1228           atype = current_frame.pop_stack(
1229             VerificationType::reference_check(), CHECK_VERIFY(this));
1230           // more type-checking is done at runtime
1231           if (!atype.is_reference_array()) {
1232             verify_error(ErrorContext::bad_type(bci,
1233                 current_frame.stack_top_ctx(),
1234                 TypeOrigin::implicit(VerificationType::reference_check())),
1235                 bad_type_msg, "aastore");
1236             return;
1237           }
1238           // 4938384: relaxed constraint in JVMS 3rd edition.
1239           no_control_flow = false; break;
1240         case Bytecodes::_pop :
1241           current_frame.pop_stack(
1242             VerificationType::category1_check(), CHECK_VERIFY(this));
1243           no_control_flow = false; break;
1244         case Bytecodes::_pop2 :
1245           type = current_frame.pop_stack(CHECK_VERIFY(this));
1246           if (type.is_category1()) {
1247             current_frame.pop_stack(
1248               VerificationType::category1_check(), CHECK_VERIFY(this));
1249           } else if (type.is_category2_2nd()) {
1250             current_frame.pop_stack(
1251               VerificationType::category2_check(), CHECK_VERIFY(this));
1252           } else {
1253             /* Unreachable? Would need a category2_1st on TOS
1254              * which does not appear possible. */
1255             verify_error(
1256                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1257                 bad_type_msg, "pop2");
1258             return;
1259           }
1260           no_control_flow = false; break;
1261         case Bytecodes::_dup :
1262           type = current_frame.pop_stack(
1263             VerificationType::category1_check(), CHECK_VERIFY(this));
1264           current_frame.push_stack(type, CHECK_VERIFY(this));
1265           current_frame.push_stack(type, CHECK_VERIFY(this));
1266           no_control_flow = false; break;
1267         case Bytecodes::_dup_x1 :
1268           type = current_frame.pop_stack(
1269             VerificationType::category1_check(), CHECK_VERIFY(this));
1270           type2 = current_frame.pop_stack(
1271             VerificationType::category1_check(), CHECK_VERIFY(this));
1272           current_frame.push_stack(type, CHECK_VERIFY(this));
1273           current_frame.push_stack(type2, CHECK_VERIFY(this));
1274           current_frame.push_stack(type, CHECK_VERIFY(this));
1275           no_control_flow = false; break;
1276         case Bytecodes::_dup_x2 :
1277         {
1278           VerificationType type3;
1279           type = current_frame.pop_stack(
1280             VerificationType::category1_check(), CHECK_VERIFY(this));
1281           type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1282           if (type2.is_category1()) {
1283             type3 = current_frame.pop_stack(
1284               VerificationType::category1_check(), CHECK_VERIFY(this));
1285           } else if (type2.is_category2_2nd()) {
1286             type3 = current_frame.pop_stack(
1287               VerificationType::category2_check(), CHECK_VERIFY(this));
1288           } else {
1289             /* Unreachable? Would need a category2_1st at stack depth 2 with
1290              * a category1 on TOS which does not appear possible. */
1291             verify_error(ErrorContext::bad_type(
1292                 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1293             return;
1294           }
1295           current_frame.push_stack(type, CHECK_VERIFY(this));
1296           current_frame.push_stack(type3, CHECK_VERIFY(this));
1297           current_frame.push_stack(type2, CHECK_VERIFY(this));
1298           current_frame.push_stack(type, CHECK_VERIFY(this));
1299           no_control_flow = false; break;
1300         }
1301         case Bytecodes::_dup2 :
1302           type = current_frame.pop_stack(CHECK_VERIFY(this));
1303           if (type.is_category1()) {
1304             type2 = current_frame.pop_stack(
1305               VerificationType::category1_check(), CHECK_VERIFY(this));
1306           } else if (type.is_category2_2nd()) {
1307             type2 = current_frame.pop_stack(
1308               VerificationType::category2_check(), CHECK_VERIFY(this));
1309           } else {
1310             /* Unreachable?  Would need a category2_1st on TOS which does not
1311              * appear possible. */
1312             verify_error(
1313                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1314                 bad_type_msg, "dup2");
1315             return;
1316           }
1317           current_frame.push_stack(type2, CHECK_VERIFY(this));
1318           current_frame.push_stack(type, CHECK_VERIFY(this));
1319           current_frame.push_stack(type2, CHECK_VERIFY(this));
1320           current_frame.push_stack(type, CHECK_VERIFY(this));
1321           no_control_flow = false; break;
1322         case Bytecodes::_dup2_x1 :
1323         {
1324           VerificationType type3;
1325           type = current_frame.pop_stack(CHECK_VERIFY(this));
1326           if (type.is_category1()) {
1327             type2 = current_frame.pop_stack(
1328               VerificationType::category1_check(), CHECK_VERIFY(this));
1329           } else if (type.is_category2_2nd()) {
1330             type2 = current_frame.pop_stack(
1331               VerificationType::category2_check(), CHECK_VERIFY(this));
1332           } else {
1333             /* Unreachable?  Would need a category2_1st on TOS which does
1334              * not appear possible. */
1335             verify_error(
1336                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1337                 bad_type_msg, "dup2_x1");
1338             return;
1339           }
1340           type3 = current_frame.pop_stack(
1341             VerificationType::category1_check(), CHECK_VERIFY(this));
1342           current_frame.push_stack(type2, CHECK_VERIFY(this));
1343           current_frame.push_stack(type, CHECK_VERIFY(this));
1344           current_frame.push_stack(type3, CHECK_VERIFY(this));
1345           current_frame.push_stack(type2, CHECK_VERIFY(this));
1346           current_frame.push_stack(type, CHECK_VERIFY(this));
1347           no_control_flow = false; break;
1348         }
1349         case Bytecodes::_dup2_x2 :
1350         {
1351           VerificationType type3, type4;
1352           type = current_frame.pop_stack(CHECK_VERIFY(this));
1353           if (type.is_category1()) {
1354             type2 = current_frame.pop_stack(
1355               VerificationType::category1_check(), CHECK_VERIFY(this));
1356           } else if (type.is_category2_2nd()) {
1357             type2 = current_frame.pop_stack(
1358               VerificationType::category2_check(), CHECK_VERIFY(this));
1359           } else {
1360             /* Unreachable?  Would need a category2_1st on TOS which does
1361              * not appear possible. */
1362             verify_error(
1363                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1364                 bad_type_msg, "dup2_x2");
1365             return;
1366           }
1367           type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1368           if (type3.is_category1()) {
1369             type4 = current_frame.pop_stack(
1370               VerificationType::category1_check(), CHECK_VERIFY(this));
1371           } else if (type3.is_category2_2nd()) {
1372             type4 = current_frame.pop_stack(
1373               VerificationType::category2_check(), CHECK_VERIFY(this));
1374           } else {
1375             /* Unreachable?  Would need a category2_1st on TOS after popping
1376              * a long/double or two category 1's, which does not
1377              * appear possible. */
1378             verify_error(
1379                 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1380                 bad_type_msg, "dup2_x2");
1381             return;
1382           }
1383           current_frame.push_stack(type2, CHECK_VERIFY(this));
1384           current_frame.push_stack(type, CHECK_VERIFY(this));
1385           current_frame.push_stack(type4, CHECK_VERIFY(this));
1386           current_frame.push_stack(type3, CHECK_VERIFY(this));
1387           current_frame.push_stack(type2, CHECK_VERIFY(this));
1388           current_frame.push_stack(type, CHECK_VERIFY(this));
1389           no_control_flow = false; break;
1390         }
1391         case Bytecodes::_swap :
1392           type = current_frame.pop_stack(
1393             VerificationType::category1_check(), CHECK_VERIFY(this));
1394           type2 = current_frame.pop_stack(
1395             VerificationType::category1_check(), CHECK_VERIFY(this));
1396           current_frame.push_stack(type, CHECK_VERIFY(this));
1397           current_frame.push_stack(type2, CHECK_VERIFY(this));
1398           no_control_flow = false; break;
1399         case Bytecodes::_iadd :
1400         case Bytecodes::_isub :
1401         case Bytecodes::_imul :
1402         case Bytecodes::_idiv :
1403         case Bytecodes::_irem :
1404         case Bytecodes::_ishl :
1405         case Bytecodes::_ishr :
1406         case Bytecodes::_iushr :
1407         case Bytecodes::_ior :
1408         case Bytecodes::_ixor :
1409         case Bytecodes::_iand :
1410           current_frame.pop_stack(
1411             VerificationType::integer_type(), CHECK_VERIFY(this));
1412           // fall through
1413         case Bytecodes::_ineg :
1414           current_frame.pop_stack(
1415             VerificationType::integer_type(), CHECK_VERIFY(this));
1416           current_frame.push_stack(
1417             VerificationType::integer_type(), CHECK_VERIFY(this));
1418           no_control_flow = false; break;
1419         case Bytecodes::_ladd :
1420         case Bytecodes::_lsub :
1421         case Bytecodes::_lmul :
1422         case Bytecodes::_ldiv :
1423         case Bytecodes::_lrem :
1424         case Bytecodes::_land :
1425         case Bytecodes::_lor :
1426         case Bytecodes::_lxor :
1427           current_frame.pop_stack_2(
1428             VerificationType::long2_type(),
1429             VerificationType::long_type(), CHECK_VERIFY(this));
1430           // fall through
1431         case Bytecodes::_lneg :
1432           current_frame.pop_stack_2(
1433             VerificationType::long2_type(),
1434             VerificationType::long_type(), CHECK_VERIFY(this));
1435           current_frame.push_stack_2(
1436             VerificationType::long_type(),
1437             VerificationType::long2_type(), CHECK_VERIFY(this));
1438           no_control_flow = false; break;
1439         case Bytecodes::_lshl :
1440         case Bytecodes::_lshr :
1441         case Bytecodes::_lushr :
1442           current_frame.pop_stack(
1443             VerificationType::integer_type(), CHECK_VERIFY(this));
1444           current_frame.pop_stack_2(
1445             VerificationType::long2_type(),
1446             VerificationType::long_type(), CHECK_VERIFY(this));
1447           current_frame.push_stack_2(
1448             VerificationType::long_type(),
1449             VerificationType::long2_type(), CHECK_VERIFY(this));
1450           no_control_flow = false; break;
1451         case Bytecodes::_fadd :
1452         case Bytecodes::_fsub :
1453         case Bytecodes::_fmul :
1454         case Bytecodes::_fdiv :
1455         case Bytecodes::_frem :
1456           current_frame.pop_stack(
1457             VerificationType::float_type(), CHECK_VERIFY(this));
1458           // fall through
1459         case Bytecodes::_fneg :
1460           current_frame.pop_stack(
1461             VerificationType::float_type(), CHECK_VERIFY(this));
1462           current_frame.push_stack(
1463             VerificationType::float_type(), CHECK_VERIFY(this));
1464           no_control_flow = false; break;
1465         case Bytecodes::_dadd :
1466         case Bytecodes::_dsub :
1467         case Bytecodes::_dmul :
1468         case Bytecodes::_ddiv :
1469         case Bytecodes::_drem :
1470           current_frame.pop_stack_2(
1471             VerificationType::double2_type(),
1472             VerificationType::double_type(), CHECK_VERIFY(this));
1473           // fall through
1474         case Bytecodes::_dneg :
1475           current_frame.pop_stack_2(
1476             VerificationType::double2_type(),
1477             VerificationType::double_type(), CHECK_VERIFY(this));
1478           current_frame.push_stack_2(
1479             VerificationType::double_type(),
1480             VerificationType::double2_type(), CHECK_VERIFY(this));
1481           no_control_flow = false; break;
1482         case Bytecodes::_iinc :
1483           verify_iinc(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1484           no_control_flow = false; break;
1485         case Bytecodes::_i2l :
1486           type = current_frame.pop_stack(
1487             VerificationType::integer_type(), CHECK_VERIFY(this));
1488           current_frame.push_stack_2(
1489             VerificationType::long_type(),
1490             VerificationType::long2_type(), CHECK_VERIFY(this));
1491           no_control_flow = false; break;
1492        case Bytecodes::_l2i :
1493           current_frame.pop_stack_2(
1494             VerificationType::long2_type(),
1495             VerificationType::long_type(), CHECK_VERIFY(this));
1496           current_frame.push_stack(
1497             VerificationType::integer_type(), CHECK_VERIFY(this));
1498           no_control_flow = false; break;
1499         case Bytecodes::_i2f :
1500           current_frame.pop_stack(
1501             VerificationType::integer_type(), CHECK_VERIFY(this));
1502           current_frame.push_stack(
1503             VerificationType::float_type(), CHECK_VERIFY(this));
1504           no_control_flow = false; break;
1505         case Bytecodes::_i2d :
1506           current_frame.pop_stack(
1507             VerificationType::integer_type(), CHECK_VERIFY(this));
1508           current_frame.push_stack_2(
1509             VerificationType::double_type(),
1510             VerificationType::double2_type(), CHECK_VERIFY(this));
1511           no_control_flow = false; break;
1512         case Bytecodes::_l2f :
1513           current_frame.pop_stack_2(
1514             VerificationType::long2_type(),
1515             VerificationType::long_type(), CHECK_VERIFY(this));
1516           current_frame.push_stack(
1517             VerificationType::float_type(), CHECK_VERIFY(this));
1518           no_control_flow = false; break;
1519         case Bytecodes::_l2d :
1520           current_frame.pop_stack_2(
1521             VerificationType::long2_type(),
1522             VerificationType::long_type(), CHECK_VERIFY(this));
1523           current_frame.push_stack_2(
1524             VerificationType::double_type(),
1525             VerificationType::double2_type(), CHECK_VERIFY(this));
1526           no_control_flow = false; break;
1527         case Bytecodes::_f2i :
1528           current_frame.pop_stack(
1529             VerificationType::float_type(), CHECK_VERIFY(this));
1530           current_frame.push_stack(
1531             VerificationType::integer_type(), CHECK_VERIFY(this));
1532           no_control_flow = false; break;
1533         case Bytecodes::_f2l :
1534           current_frame.pop_stack(
1535             VerificationType::float_type(), CHECK_VERIFY(this));
1536           current_frame.push_stack_2(
1537             VerificationType::long_type(),
1538             VerificationType::long2_type(), CHECK_VERIFY(this));
1539           no_control_flow = false; break;
1540         case Bytecodes::_f2d :
1541           current_frame.pop_stack(
1542             VerificationType::float_type(), CHECK_VERIFY(this));
1543           current_frame.push_stack_2(
1544             VerificationType::double_type(),
1545             VerificationType::double2_type(), CHECK_VERIFY(this));
1546           no_control_flow = false; break;
1547         case Bytecodes::_d2i :
1548           current_frame.pop_stack_2(
1549             VerificationType::double2_type(),
1550             VerificationType::double_type(), CHECK_VERIFY(this));
1551           current_frame.push_stack(
1552             VerificationType::integer_type(), CHECK_VERIFY(this));
1553           no_control_flow = false; break;
1554         case Bytecodes::_d2l :
1555           current_frame.pop_stack_2(
1556             VerificationType::double2_type(),
1557             VerificationType::double_type(), CHECK_VERIFY(this));
1558           current_frame.push_stack_2(
1559             VerificationType::long_type(),
1560             VerificationType::long2_type(), CHECK_VERIFY(this));
1561           no_control_flow = false; break;
1562         case Bytecodes::_d2f :
1563           current_frame.pop_stack_2(
1564             VerificationType::double2_type(),
1565             VerificationType::double_type(), CHECK_VERIFY(this));
1566           current_frame.push_stack(
1567             VerificationType::float_type(), CHECK_VERIFY(this));
1568           no_control_flow = false; break;
1569         case Bytecodes::_i2b :
1570         case Bytecodes::_i2c :
1571         case Bytecodes::_i2s :
1572           current_frame.pop_stack(
1573             VerificationType::integer_type(), CHECK_VERIFY(this));
1574           current_frame.push_stack(
1575             VerificationType::integer_type(), CHECK_VERIFY(this));
1576           no_control_flow = false; break;
1577         case Bytecodes::_lcmp :
1578           current_frame.pop_stack_2(
1579             VerificationType::long2_type(),
1580             VerificationType::long_type(), CHECK_VERIFY(this));
1581           current_frame.pop_stack_2(
1582             VerificationType::long2_type(),
1583             VerificationType::long_type(), CHECK_VERIFY(this));
1584           current_frame.push_stack(
1585             VerificationType::integer_type(), CHECK_VERIFY(this));
1586           no_control_flow = false; break;
1587         case Bytecodes::_fcmpl :
1588         case Bytecodes::_fcmpg :
1589           current_frame.pop_stack(
1590             VerificationType::float_type(), CHECK_VERIFY(this));
1591           current_frame.pop_stack(
1592             VerificationType::float_type(), CHECK_VERIFY(this));
1593           current_frame.push_stack(
1594             VerificationType::integer_type(), CHECK_VERIFY(this));
1595           no_control_flow = false; break;
1596         case Bytecodes::_dcmpl :
1597         case Bytecodes::_dcmpg :
1598           current_frame.pop_stack_2(
1599             VerificationType::double2_type(),
1600             VerificationType::double_type(), CHECK_VERIFY(this));
1601           current_frame.pop_stack_2(
1602             VerificationType::double2_type(),
1603             VerificationType::double_type(), CHECK_VERIFY(this));
1604           current_frame.push_stack(
1605             VerificationType::integer_type(), CHECK_VERIFY(this));
1606           no_control_flow = false; break;
1607         case Bytecodes::_if_icmpeq:
1608         case Bytecodes::_if_icmpne:
1609         case Bytecodes::_if_icmplt:
1610         case Bytecodes::_if_icmpge:
1611         case Bytecodes::_if_icmpgt:
1612         case Bytecodes::_if_icmple:
1613           current_frame.pop_stack(
1614             VerificationType::integer_type(), CHECK_VERIFY(this));
1615           // fall through
1616         case Bytecodes::_ifeq:
1617         case Bytecodes::_ifne:
1618         case Bytecodes::_iflt:
1619         case Bytecodes::_ifge:
1620         case Bytecodes::_ifgt:
1621         case Bytecodes::_ifle:
1622           current_frame.pop_stack(
1623             VerificationType::integer_type(), CHECK_VERIFY(this));
1624           target = bcs.dest();
1625           stackmap_table.check_jump_target(
1626             &current_frame, target, CHECK_VERIFY(this));
1627           no_control_flow = false; break;
1628         case Bytecodes::_if_acmpeq :
1629         case Bytecodes::_if_acmpne :
1630           current_frame.pop_stack(
1631             VerificationType::reference_check(), CHECK_VERIFY(this));
1632           // fall through
1633         case Bytecodes::_ifnull :
1634         case Bytecodes::_ifnonnull :
1635           current_frame.pop_stack(
1636             VerificationType::reference_check(), CHECK_VERIFY(this));
1637           target = bcs.dest();
1638           stackmap_table.check_jump_target
1639             (&current_frame, target, CHECK_VERIFY(this));
1640           no_control_flow = false; break;
1641         case Bytecodes::_goto :
1642           target = bcs.dest();
1643           stackmap_table.check_jump_target(
1644             &current_frame, target, CHECK_VERIFY(this));
1645           no_control_flow = true; break;
1646         case Bytecodes::_goto_w :
1647           target = bcs.dest_w();
1648           stackmap_table.check_jump_target(
1649             &current_frame, target, CHECK_VERIFY(this));
1650           no_control_flow = true; break;
1651         case Bytecodes::_tableswitch :
1652         case Bytecodes::_lookupswitch :
1653           verify_switch(
1654             &bcs, code_length, code_data, &current_frame,
1655             &stackmap_table, CHECK_VERIFY(this));
1656           no_control_flow = true; break;
1657         case Bytecodes::_ireturn :
1658           type = current_frame.pop_stack(
1659             VerificationType::integer_type(), CHECK_VERIFY(this));
1660           verify_return_value(return_type, type, bci,
1661                               &current_frame, CHECK_VERIFY(this));
1662           no_control_flow = true; break;
1663         case Bytecodes::_lreturn :
1664           type2 = current_frame.pop_stack(
1665             VerificationType::long2_type(), CHECK_VERIFY(this));
1666           type = current_frame.pop_stack(
1667             VerificationType::long_type(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_freturn :
1672           type = current_frame.pop_stack(
1673             VerificationType::float_type(), CHECK_VERIFY(this));
1674           verify_return_value(return_type, type, bci,
1675                               &current_frame, CHECK_VERIFY(this));
1676           no_control_flow = true; break;
1677         case Bytecodes::_dreturn :
1678           type2 = current_frame.pop_stack(
1679             VerificationType::double2_type(),  CHECK_VERIFY(this));
1680           type = current_frame.pop_stack(
1681             VerificationType::double_type(), CHECK_VERIFY(this));
1682           verify_return_value(return_type, type, bci,
1683                               &current_frame, CHECK_VERIFY(this));
1684           no_control_flow = true; break;
1685         case Bytecodes::_areturn :
1686           type = current_frame.pop_stack(
1687             VerificationType::reference_check(), CHECK_VERIFY(this));
1688           verify_return_value(return_type, type, bci,
1689                               &current_frame, CHECK_VERIFY(this));
1690           no_control_flow = true; break;
1691         case Bytecodes::_return :
1692           if (return_type != VerificationType::bogus_type()) {
1693             verify_error(ErrorContext::bad_code(bci),
1694                          "Method expects a return value");
1695             return;
1696           }
1697           // Make sure "this" has been initialized if current method is an
1698           // <init>.
1699           if (_method->is_object_constructor() &&
1700               current_frame.flag_this_uninit()) {
1701             verify_error(ErrorContext::bad_code(bci),
1702                          "Constructor must call super() or this() "
1703                          "before return");
1704             return;
1705           }
1706           no_control_flow = true; break;
1707         case Bytecodes::_getstatic :
1708         case Bytecodes::_putstatic :
1709           // pass TRUE, operand can be an array type for getstatic/putstatic.
1710           verify_field_instructions(
1711             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1712           no_control_flow = false; break;
1713         case Bytecodes::_getfield :
1714         case Bytecodes::_putfield :
1715           // pass FALSE, operand can't be an array type for getfield/putfield.
1716           verify_field_instructions(
1717             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1718           no_control_flow = false; break;
1719         case Bytecodes::_invokevirtual :
1720         case Bytecodes::_invokespecial :
1721         case Bytecodes::_invokestatic :
1722         case Bytecodes::_invokeinterface :
1723         case Bytecodes::_invokedynamic :
1724           verify_invoke_instructions(
1725             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1726             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1727           no_control_flow = false; break;
1728         case Bytecodes::_new :
1729         {
1730           u2 index = bcs.get_index_u2();
1731           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1732           VerificationType new_class_type =
1733             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1734           if (!new_class_type.is_object()) {
1735             verify_error(ErrorContext::bad_type(bci,
1736                 TypeOrigin::cp(index, new_class_type)),
1737                 "Illegal new instruction");
1738             return;
1739           }
1740           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1741           current_frame.push_stack(type, CHECK_VERIFY(this));
1742           no_control_flow = false; break;
1743         }
1744         case Bytecodes::_newarray :
1745           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1746           current_frame.pop_stack(
1747             VerificationType::integer_type(),  CHECK_VERIFY(this));
1748           current_frame.push_stack(type, CHECK_VERIFY(this));
1749           no_control_flow = false; break;
1750         case Bytecodes::_anewarray :
1751           verify_anewarray(
1752             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1753           no_control_flow = false; break;
1754         case Bytecodes::_arraylength :
1755           type = current_frame.pop_stack(
1756             VerificationType::reference_check(), CHECK_VERIFY(this));
1757           if (!(type.is_null() || type.is_array())) {
1758             verify_error(ErrorContext::bad_type(
1759                 bci, current_frame.stack_top_ctx()),
1760                 bad_type_msg, "arraylength");
1761           }
1762           current_frame.push_stack(
1763             VerificationType::integer_type(), CHECK_VERIFY(this));
1764           no_control_flow = false; break;
1765         case Bytecodes::_checkcast :
1766         {
1767           u2 index = bcs.get_index_u2();
1768           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1769           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1770           VerificationType klass_type = cp_index_to_type(
1771             index, cp, CHECK_VERIFY(this));
1772           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1773           no_control_flow = false; break;
1774         }
1775         case Bytecodes::_instanceof : {
1776           u2 index = bcs.get_index_u2();
1777           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1778           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1779           current_frame.push_stack(
1780             VerificationType::integer_type(), CHECK_VERIFY(this));
1781           no_control_flow = false; break;
1782         }
1783         case Bytecodes::_monitorenter :
1784         case Bytecodes::_monitorexit : {
1785           VerificationType ref = current_frame.pop_stack(
1786             VerificationType::reference_check(), CHECK_VERIFY(this));
1787           no_control_flow = false; break;
1788         }
1789         case Bytecodes::_multianewarray :
1790         {
1791           u2 index = bcs.get_index_u2();
1792           u2 dim = *(bcs.bcp()+3);
1793           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1794           VerificationType new_array_type =
1795             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1796           if (!new_array_type.is_array()) {
1797             verify_error(ErrorContext::bad_type(bci,
1798                 TypeOrigin::cp(index, new_array_type)),
1799                 "Illegal constant pool index in multianewarray instruction");
1800             return;
1801           }
1802           if (dim < 1 || new_array_type.dimensions() < dim) {
1803             verify_error(ErrorContext::bad_code(bci),
1804                 "Illegal dimension in multianewarray instruction: %d", dim);
1805             return;
1806           }
1807           for (int i = 0; i < dim; i++) {
1808             current_frame.pop_stack(
1809               VerificationType::integer_type(), CHECK_VERIFY(this));
1810           }
1811           current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1812           no_control_flow = false; break;
1813         }
1814         case Bytecodes::_athrow :
1815           type = VerificationType::reference_type(
1816             vmSymbols::java_lang_Throwable());
1817           current_frame.pop_stack(type, CHECK_VERIFY(this));
1818           no_control_flow = true; break;
1819         default:
1820           // We only need to check the valid bytecodes in class file.
1821           // And jsr and ret are not in the new class file format in JDK1.6.
1822           verify_error(ErrorContext::bad_code(bci),
1823               "Bad instruction: %02x", opcode);
1824           no_control_flow = false;
1825           return;
1826       }  // end switch
1827     }  // end Merge with the next instruction
1828 
1829     // Look for possible jump target in exception handlers and see if it matches
1830     // current_frame.  Don't do this check if it has already been done (for
1831     // ([a,d,f,i,l]store* opcodes).  This check cannot be done earlier because
1832     // opcodes, such as invokespecial, may set the this_uninit flag.
1833     assert(!(verified_exc_handlers && this_uninit),
1834       "Exception handler targets got verified before this_uninit got set");
1835     if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1836       if (was_recursively_verified()) return;
1837       verify_exception_handler_targets(
1838         bci, this_uninit, &current_frame, &stackmap_table, CHECK_VERIFY(this));
1839     }
1840   } // end while
1841 
1842   // Make sure that control flow does not fall through end of the method
1843   if (!no_control_flow) {
1844     verify_error(ErrorContext::bad_code(code_length),
1845         "Control flow falls through code end");
1846     return;
1847   }
1848 }
1849 
1850 #undef bad_type_message
1851 
1852 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1853   char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1854   memset(code_data, 0, sizeof(char) * code_length);
1855   RawBytecodeStream bcs(m);
1856 
1857   while (!bcs.is_last_bytecode()) {
1858     if (bcs.raw_next() != Bytecodes::_illegal) {
1859       int bci = bcs.bci();
1860       if (bcs.raw_code() == Bytecodes::_new) {
1861         code_data[bci] = NEW_OFFSET;
1862       } else {
1863         code_data[bci] = BYTECODE_OFFSET;
1864       }
1865     } else {
1866       verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1867       return nullptr;
1868     }
1869   }
1870 
1871   return code_data;
1872 }
1873 
1874 // Since this method references the constant pool, call was_recursively_verified()
1875 // before calling this method to make sure a prior class load did not cause the
1876 // current class to get verified.
1877 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1878   ExceptionTable exhandlers(_method());
1879   int exlength = exhandlers.length();
1880   constantPoolHandle cp (THREAD, _method->constants());
1881 
1882   for(int i = 0; i < exlength; i++) {
1883     u2 start_pc = exhandlers.start_pc(i);
1884     u2 end_pc = exhandlers.end_pc(i);
1885     u2 handler_pc = exhandlers.handler_pc(i);
1886     if (start_pc >= code_length || code_data[start_pc] == 0) {
1887       class_format_error("Illegal exception table start_pc %d", start_pc);
1888       return;
1889     }
1890     if (end_pc != code_length) {   // special case: end_pc == code_length
1891       if (end_pc > code_length || code_data[end_pc] == 0) {
1892         class_format_error("Illegal exception table end_pc %d", end_pc);
1893         return;
1894       }
1895     }
1896     if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1897       class_format_error("Illegal exception table handler_pc %d", handler_pc);
1898       return;
1899     }
1900     u2 catch_type_index = exhandlers.catch_type_index(i);
1901     if (catch_type_index != 0) {
1902       VerificationType catch_type = cp_index_to_type(
1903         catch_type_index, cp, CHECK_VERIFY(this));
1904       VerificationType throwable =
1905         VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1906       // If the catch type is Throwable pre-resolve it now as the assignable check won't
1907       // do that, and we need to avoid a runtime resolution in case we are trying to
1908       // catch OutOfMemoryError.
1909       if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1910         cp->klass_at(catch_type_index, CHECK);
1911       }
1912       bool is_subclass = throwable.is_assignable_from(
1913         catch_type, this, false, CHECK_VERIFY(this));
1914       if (!is_subclass) {
1915         // 4286534: should throw VerifyError according to recent spec change
1916         verify_error(ErrorContext::bad_type(handler_pc,
1917             TypeOrigin::cp(catch_type_index, catch_type),
1918             TypeOrigin::implicit(throwable)),
1919             "Catch type is not a subclass "
1920             "of Throwable in exception handler %d", handler_pc);
1921         return;
1922       }
1923     }
1924     if (start_pc < min) min = start_pc;
1925     if (end_pc > max) max = end_pc;
1926   }
1927 }
1928 
1929 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1930   int localvariable_table_length = _method->localvariable_table_length();
1931   if (localvariable_table_length > 0) {
1932     LocalVariableTableElement* table = _method->localvariable_table_start();
1933     for (int i = 0; i < localvariable_table_length; i++) {
1934       u2 start_bci = table[i].start_bci;
1935       u2 length = table[i].length;
1936 
1937       if (start_bci >= code_length || code_data[start_bci] == 0) {
1938         class_format_error(
1939           "Illegal local variable table start_pc %d", start_bci);
1940         return;
1941       }
1942       u4 end_bci = (u4)(start_bci + length);
1943       if (end_bci != code_length) {
1944         if (end_bci >= code_length || code_data[end_bci] == 0) {
1945           class_format_error( "Illegal local variable table length %d", length);
1946           return;
1947         }
1948       }
1949     }
1950   }
1951 }
1952 
1953 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1954                                         StackMapFrame* current_frame,
1955                                         StackMapTable* stackmap_table,
1956                                         bool no_control_flow, TRAPS) {
1957   if (stackmap_index < stackmap_table->get_frame_count()) {
1958     int this_offset = stackmap_table->get_offset(stackmap_index);
1959     if (no_control_flow && this_offset > bci) {
1960       verify_error(ErrorContext::missing_stackmap(bci),
1961                    "Expecting a stack map frame");
1962       return 0;
1963     }
1964     if (this_offset == bci) {
1965       ErrorContext ctx;
1966       // See if current stack map can be assigned to the frame in table.
1967       // current_frame is the stackmap frame got from the last instruction.
1968       // If matched, current_frame will be updated by this method.
1969       bool matches = stackmap_table->match_stackmap(
1970         current_frame, this_offset, stackmap_index,
1971         !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1972       if (!matches) {
1973         // report type error
1974         verify_error(ctx, "Instruction type does not match stack map");
1975         return 0;
1976       }
1977       stackmap_index++;
1978     } else if (this_offset < bci) {
1979       // current_offset should have met this_offset.
1980       class_format_error("Bad stack map offset %d", this_offset);
1981       return 0;
1982     }
1983   } else if (no_control_flow) {
1984     verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1985     return 0;
1986   }
1987   return stackmap_index;
1988 }
1989 
1990 // Since this method references the constant pool, call was_recursively_verified()
1991 // before calling this method to make sure a prior class load did not cause the
1992 // current class to get verified.
1993 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1994                                                      StackMapFrame* current_frame,
1995                                                      StackMapTable* stackmap_table, TRAPS) {
1996   constantPoolHandle cp (THREAD, _method->constants());
1997   ExceptionTable exhandlers(_method());
1998   int exlength = exhandlers.length();
1999   for(int i = 0; i < exlength; i++) {
2000     u2 start_pc = exhandlers.start_pc(i);
2001     u2 end_pc = exhandlers.end_pc(i);
2002     u2 handler_pc = exhandlers.handler_pc(i);
2003     int catch_type_index = exhandlers.catch_type_index(i);
2004     if(bci >= start_pc && bci < end_pc) {
2005       u1 flags = current_frame->flags();
2006       if (this_uninit) {  flags |= FLAG_THIS_UNINIT; }
2007       StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2008       if (catch_type_index != 0) {
2009         if (was_recursively_verified()) return;
2010         // We know that this index refers to a subclass of Throwable
2011         VerificationType catch_type = cp_index_to_type(
2012           catch_type_index, cp, CHECK_VERIFY(this));
2013         new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2014       } else {
2015         VerificationType throwable =
2016           VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2017         new_frame->push_stack(throwable, CHECK_VERIFY(this));
2018       }
2019       ErrorContext ctx;
2020       bool matches = stackmap_table->match_stackmap(
2021         new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2022       if (!matches) {
2023         verify_error(ctx, "Stack map does not match the one at "
2024             "exception handler %d", handler_pc);
2025         return;
2026       }
2027     }
2028   }
2029 }
2030 
2031 void ClassVerifier::verify_cp_index(
2032     int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2033   int nconstants = cp->length();
2034   if ((index <= 0) || (index >= nconstants)) {
2035     verify_error(ErrorContext::bad_cp_index(bci, index),
2036         "Illegal constant pool index %d in class %s",
2037         index, cp->pool_holder()->external_name());
2038     return;
2039   }
2040 }
2041 
2042 void ClassVerifier::verify_cp_type(
2043     int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2044 
2045   // In some situations, bytecode rewriting may occur while we're verifying.
2046   // In this case, a constant pool cache exists and some indices refer to that
2047   // instead.  Be sure we don't pick up such indices by accident.
2048   // We must check was_recursively_verified() before we get here.
2049   guarantee(cp->cache() == nullptr, "not rewritten yet");
2050 
2051   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2052   unsigned int tag = cp->tag_at(index).value();
2053 
2054   if ((types & (1 << tag)) == 0) {
2055     verify_error(ErrorContext::bad_cp_index(bci, index),
2056       "Illegal type at constant pool entry %d in class %s",
2057       index, cp->pool_holder()->external_name());
2058     return;
2059   }
2060 }
2061 
2062 void ClassVerifier::verify_cp_class_type(
2063     int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2064   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2065   constantTag tag = cp->tag_at(index);
2066   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2067     verify_error(ErrorContext::bad_cp_index(bci, index),
2068         "Illegal type at constant pool entry %d in class %s",
2069         index, cp->pool_holder()->external_name());
2070     return;
2071   }
2072 }
2073 
2074 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2075   stringStream ss;
2076 
2077   ctx.reset_frames();
2078   _exception_type = vmSymbols::java_lang_VerifyError();
2079   _error_context = ctx;
2080   va_list va;
2081   va_start(va, msg);
2082   ss.vprint(msg, va);
2083   va_end(va);
2084   _message = ss.as_string();
2085 #ifdef ASSERT
2086   ResourceMark rm;
2087   const char* exception_name = _exception_type->as_C_string();
2088   Exceptions::debug_check_abort(exception_name, nullptr);
2089 #endif // ndef ASSERT
2090 }
2091 
2092 void ClassVerifier::class_format_error(const char* msg, ...) {
2093   stringStream ss;
2094   _exception_type = vmSymbols::java_lang_ClassFormatError();
2095   va_list va;
2096   va_start(va, msg);
2097   ss.vprint(msg, va);
2098   va_end(va);
2099   if (!_method.is_null()) {
2100     ss.print(" in method '");
2101     _method->print_external_name(&ss);
2102     ss.print("'");
2103   }
2104   _message = ss.as_string();
2105 }
2106 
2107 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2108   HandleMark hm(THREAD);
2109   // Get current loader and protection domain first.
2110   oop loader = current_class()->class_loader();
2111   oop protection_domain = current_class()->protection_domain();
2112 
2113   assert(name_in_supers(name, current_class()), "name should be a super class");
2114 
2115   Klass* kls = SystemDictionary::resolve_or_fail(
2116     name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2117     true, THREAD);
2118 
2119   if (kls != nullptr) {
2120     if (log_is_enabled(Debug, class, resolve)) {
2121       Verifier::trace_class_resolution(kls, current_class());
2122     }
2123   }
2124   return kls;
2125 }
2126 
2127 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2128                                         Klass* target_class,
2129                                         Symbol* field_name,
2130                                         Symbol* field_sig,
2131                                         bool is_method) {
2132   NoSafepointVerifier nosafepoint;
2133 
2134   // If target class isn't a super class of this class, we don't worry about this case
2135   if (!this_class->is_subclass_of(target_class)) {
2136     return false;
2137   }
2138   // Check if the specified method or field is protected
2139   InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2140   fieldDescriptor fd;
2141   if (is_method) {
2142     Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2143     if (m != nullptr && m->is_protected()) {
2144       if (!this_class->is_same_class_package(m->method_holder())) {
2145         return true;
2146       }
2147     }
2148   } else {
2149     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2150     if (member_klass != nullptr && fd.is_protected()) {
2151       if (!this_class->is_same_class_package(member_klass)) {
2152         return true;
2153       }
2154     }
2155   }
2156   return false;
2157 }
2158 
2159 void ClassVerifier::verify_ldc(
2160     int opcode, u2 index, StackMapFrame* current_frame,
2161     const constantPoolHandle& cp, int bci, TRAPS) {
2162   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2163   constantTag tag = cp->tag_at(index);
2164   unsigned int types = 0;
2165   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2166     if (!tag.is_unresolved_klass()) {
2167       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2168             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2169             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2170             | (1 << JVM_CONSTANT_Dynamic);
2171       // Note:  The class file parser already verified the legality of
2172       // MethodHandle and MethodType constants.
2173       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2174     }
2175   } else {
2176     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2177     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2178           | (1 << JVM_CONSTANT_Dynamic);
2179     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2180   }
2181   if (tag.is_string()) {
2182     current_frame->push_stack(
2183       VerificationType::reference_type(
2184         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2185   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2186     current_frame->push_stack(
2187       VerificationType::reference_type(
2188         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2189   } else if (tag.is_int()) {
2190     current_frame->push_stack(
2191       VerificationType::integer_type(), CHECK_VERIFY(this));
2192   } else if (tag.is_float()) {
2193     current_frame->push_stack(
2194       VerificationType::float_type(), CHECK_VERIFY(this));
2195   } else if (tag.is_double()) {
2196     current_frame->push_stack_2(
2197       VerificationType::double_type(),
2198       VerificationType::double2_type(), CHECK_VERIFY(this));
2199   } else if (tag.is_long()) {
2200     current_frame->push_stack_2(
2201       VerificationType::long_type(),
2202       VerificationType::long2_type(), CHECK_VERIFY(this));
2203   } else if (tag.is_method_handle()) {
2204     current_frame->push_stack(
2205       VerificationType::reference_type(
2206         vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2207   } else if (tag.is_method_type()) {
2208     current_frame->push_stack(
2209       VerificationType::reference_type(
2210         vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2211   } else if (tag.is_dynamic_constant()) {
2212     Symbol* constant_type = cp->uncached_signature_ref_at(index);
2213     // Field signature was checked in ClassFileParser.
2214     assert(SignatureVerifier::is_valid_type_signature(constant_type),
2215            "Invalid type for dynamic constant");
2216     assert(sizeof(VerificationType) == sizeof(uintptr_t),
2217           "buffer type must match VerificationType size");
2218     uintptr_t constant_type_buffer[2];
2219     VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2220     SignatureStream sig_stream(constant_type, false);
2221     int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2222     int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2223     if (n != opcode_n) {
2224       // wrong kind of ldc; reverify against updated type mask
2225       types &= ~(1 << JVM_CONSTANT_Dynamic);
2226       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2227     }
2228     for (int i = 0; i < n; i++) {
2229       current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2230     }
2231   } else {
2232     /* Unreachable? verify_cp_type has already validated the cp type. */
2233     verify_error(
2234         ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2235     return;
2236   }
2237 }
2238 
2239 void ClassVerifier::verify_switch(
2240     RawBytecodeStream* bcs, u4 code_length, char* code_data,
2241     StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2242   int bci = bcs->bci();
2243   address bcp = bcs->bcp();
2244   address aligned_bcp = align_up(bcp + 1, jintSize);
2245 
2246   if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2247     // 4639449 & 4647081: padding bytes must be 0
2248     u2 padding_offset = 1;
2249     while ((bcp + padding_offset) < aligned_bcp) {
2250       if(*(bcp + padding_offset) != 0) {
2251         verify_error(ErrorContext::bad_code(bci),
2252                      "Nonzero padding byte in lookupswitch or tableswitch");
2253         return;
2254       }
2255       padding_offset++;
2256     }
2257   }
2258 
2259   int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2260   int keys, delta;
2261   current_frame->pop_stack(
2262     VerificationType::integer_type(), CHECK_VERIFY(this));
2263   if (bcs->raw_code() == Bytecodes::_tableswitch) {
2264     jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2265     jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2266     if (low > high) {
2267       verify_error(ErrorContext::bad_code(bci),
2268           "low must be less than or equal to high in tableswitch");
2269       return;
2270     }
2271     int64_t keys64 = ((int64_t)high - low) + 1;
2272     if (keys64 > 65535) {  // Max code length
2273       verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2274       return;
2275     }
2276     keys = (int)keys64;
2277     delta = 1;
2278   } else {
2279     keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2280     if (keys < 0) {
2281       verify_error(ErrorContext::bad_code(bci),
2282                    "number of keys in lookupswitch less than 0");
2283       return;
2284     }
2285     delta = 2;
2286     // Make sure that the lookupswitch items are sorted
2287     for (int i = 0; i < (keys - 1); i++) {
2288       jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2289       jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2290       if (this_key >= next_key) {
2291         verify_error(ErrorContext::bad_code(bci),
2292                      "Bad lookupswitch instruction");
2293         return;
2294       }
2295     }
2296   }
2297   int target = bci + default_offset;
2298   stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2299   for (int i = 0; i < keys; i++) {
2300     // Because check_jump_target() may safepoint, the bytecode could have
2301     // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2302     aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2303     target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2304     stackmap_table->check_jump_target(
2305       current_frame, target, CHECK_VERIFY(this));
2306   }
2307   NOT_PRODUCT(aligned_bcp = nullptr);  // no longer valid at this point
2308 }
2309 
2310 bool ClassVerifier::name_in_supers(
2311     Symbol* ref_name, InstanceKlass* current) {
2312   Klass* super = current->super();
2313   while (super != nullptr) {
2314     if (super->name() == ref_name) {
2315       return true;
2316     }
2317     super = super->super();
2318   }
2319   return false;
2320 }
2321 
2322 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2323                                               StackMapFrame* current_frame,
2324                                               const constantPoolHandle& cp,
2325                                               bool allow_arrays,
2326                                               TRAPS) {
2327   u2 index = bcs->get_index_u2();
2328   verify_cp_type(bcs->bci(), index, cp,
2329       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2330 
2331   // Get field name and signature
2332   Symbol* field_name = cp->uncached_name_ref_at(index);
2333   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2334   bool is_getfield = false;
2335 
2336   // Field signature was checked in ClassFileParser.
2337   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2338          "Invalid field signature");
2339 
2340   // Get referenced class type
2341   VerificationType ref_class_type = cp_ref_index_to_type(
2342     index, cp, CHECK_VERIFY(this));
2343   if (!ref_class_type.is_object() &&
2344       (!allow_arrays || !ref_class_type.is_array())) {
2345     verify_error(ErrorContext::bad_type(bcs->bci(),
2346         TypeOrigin::cp(index, ref_class_type)),
2347         "Expecting reference to class in class %s at constant pool index %d",
2348         _klass->external_name(), index);
2349     return;
2350   }
2351 
2352   VerificationType target_class_type = ref_class_type;
2353 
2354   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2355         "buffer type must match VerificationType size");
2356   uintptr_t field_type_buffer[2];
2357   VerificationType* field_type = (VerificationType*)field_type_buffer;
2358   // If we make a VerificationType[2] array directly, the compiler calls
2359   // to the c-runtime library to do the allocation instead of just
2360   // stack allocating it.  Plus it would run constructors.  This shows up
2361   // in performance profiles.
2362 
2363   SignatureStream sig_stream(field_sig, false);
2364   VerificationType stack_object_type;
2365   int n = change_sig_to_verificationType(&sig_stream, field_type);
2366   int bci = bcs->bci();
2367   bool is_assignable;
2368   switch (bcs->raw_code()) {
2369     case Bytecodes::_getstatic: {
2370       for (int i = 0; i < n; i++) {
2371         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2372       }
2373       break;
2374     }
2375     case Bytecodes::_putstatic: {
2376       for (int i = n - 1; i >= 0; i--) {
2377         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2378       }
2379       break;
2380     }
2381     case Bytecodes::_getfield: {
2382       is_getfield = true;
2383       stack_object_type = current_frame->pop_stack(
2384         target_class_type, CHECK_VERIFY(this));
2385       goto check_protected;
2386     }
2387     case Bytecodes::_putfield: {
2388       for (int i = n - 1; i >= 0; i--) {
2389         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2390       }
2391       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2392 
2393       // Field initialization is allowed before the superclass
2394       // initializer, if the field is defined within the current class.
2395       fieldDescriptor fd;
2396       bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2397                             target_class_type.equals(current_type());
2398       if (stack_object_type == VerificationType::uninitialized_this_type()) {
2399         if (is_local_field) {
2400           // Set the type to the current type so the is_assignable check passes.
2401           stack_object_type = current_type();
2402         }
2403       } else if (supports_strict_fields(_klass)) {
2404         // `strict` fields are not writable, but only local fields produce verification errors
2405         if (is_local_field && fd.access_flags().is_strict()) {
2406           verify_error(ErrorContext::bad_code(bci),
2407                        "Illegal use of putfield on a strict field");
2408           return;
2409         }
2410       }
2411       is_assignable = target_class_type.is_assignable_from(
2412         stack_object_type, this, false, CHECK_VERIFY(this));
2413       if (!is_assignable) {
2414         verify_error(ErrorContext::bad_type(bci,
2415             current_frame->stack_top_ctx(),
2416             TypeOrigin::cp(index, target_class_type)),
2417             "Bad type on operand stack in putfield");
2418         return;
2419       }
2420     }
2421     check_protected: {
2422       if (_this_type == stack_object_type)
2423         break; // stack_object_type must be assignable to _current_class_type
2424       if (was_recursively_verified()) {
2425         if (is_getfield) {
2426           // Push field type for getfield.
2427           for (int i = 0; i < n; i++) {
2428             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2429           }
2430         }
2431         return;
2432       }
2433       Symbol* ref_class_name =
2434         cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2435       if (!name_in_supers(ref_class_name, current_class()))
2436         // stack_object_type must be assignable to _current_class_type since:
2437         // 1. stack_object_type must be assignable to ref_class.
2438         // 2. ref_class must be _current_class or a subclass of it. It can't
2439         //    be a superclass of it. See revised JVMS 5.4.4.
2440         break;
2441 
2442       Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2443       if (is_protected_access(current_class(), ref_class_oop, field_name,
2444                               field_sig, false)) {
2445         // It's protected access, check if stack object is assignable to
2446         // current class.
2447         is_assignable = current_type().is_assignable_from(
2448           stack_object_type, this, true, CHECK_VERIFY(this));
2449         if (!is_assignable) {
2450           verify_error(ErrorContext::bad_type(bci,
2451               current_frame->stack_top_ctx(),
2452               TypeOrigin::implicit(current_type())),
2453               "Bad access to protected data in %s",
2454               is_getfield ? "getfield" : "putfield");
2455           return;
2456         }
2457       }
2458       break;
2459     }
2460     default: ShouldNotReachHere();
2461   }
2462   if (is_getfield) {
2463     // Push field type for getfield after doing protection check.
2464     for (int i = 0; i < n; i++) {
2465       current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2466     }
2467   }
2468 }
2469 
2470 // Look at the method's handlers.  If the bci is in the handler's try block
2471 // then check if the handler_pc is already on the stack.  If not, push it
2472 // unless the handler has already been scanned.
2473 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2474                                   GrowableArray<u4>* handler_list,
2475                                   GrowableArray<u4>* handler_stack,
2476                                   u4 bci) {
2477   int exlength = exhandlers->length();
2478   for(int x = 0; x < exlength; x++) {
2479     if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2480       u4 exhandler_pc = exhandlers->handler_pc(x);
2481       if (!handler_list->contains(exhandler_pc)) {
2482         handler_stack->append_if_missing(exhandler_pc);
2483         handler_list->append(exhandler_pc);
2484       }
2485     }
2486   }
2487 }
2488 
2489 // Return TRUE if all code paths starting with start_bc_offset end in
2490 // bytecode athrow or loop.
2491 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2492   ResourceMark rm;
2493   // Create bytecode stream.
2494   RawBytecodeStream bcs(method());
2495   int code_length = method()->code_size();
2496   bcs.set_start(start_bc_offset);
2497 
2498   // Create stack for storing bytecode start offsets for if* and *switch.
2499   GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2500   // Create stack for handlers for try blocks containing this handler.
2501   GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2502   // Create list of handlers that have been pushed onto the handler_stack
2503   // so that handlers embedded inside of their own TRY blocks only get
2504   // scanned once.
2505   GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2506   // Create list of visited branch opcodes (goto* and if*).
2507   GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2508   ExceptionTable exhandlers(_method());
2509 
2510   while (true) {
2511     if (bcs.is_last_bytecode()) {
2512       // if no more starting offsets to parse or if at the end of the
2513       // method then return false.
2514       if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2515         return false;
2516       // Pop a bytecode starting offset and scan from there.
2517       bcs.set_start(bci_stack->pop());
2518     }
2519     Bytecodes::Code opcode = bcs.raw_next();
2520     int bci = bcs.bci();
2521 
2522     // If the bytecode is in a TRY block, push its handlers so they
2523     // will get parsed.
2524     push_handlers(&exhandlers, handler_list, handler_stack, bci);
2525 
2526     switch (opcode) {
2527       case Bytecodes::_if_icmpeq:
2528       case Bytecodes::_if_icmpne:
2529       case Bytecodes::_if_icmplt:
2530       case Bytecodes::_if_icmpge:
2531       case Bytecodes::_if_icmpgt:
2532       case Bytecodes::_if_icmple:
2533       case Bytecodes::_ifeq:
2534       case Bytecodes::_ifne:
2535       case Bytecodes::_iflt:
2536       case Bytecodes::_ifge:
2537       case Bytecodes::_ifgt:
2538       case Bytecodes::_ifle:
2539       case Bytecodes::_if_acmpeq:
2540       case Bytecodes::_if_acmpne:
2541       case Bytecodes::_ifnull:
2542       case Bytecodes::_ifnonnull: {
2543         int target = bcs.dest();
2544         if (visited_branches->contains(bci)) {
2545           if (bci_stack->is_empty()) {
2546             if (handler_stack->is_empty()) {
2547               return true;
2548             } else {
2549               // Parse the catch handlers for try blocks containing athrow.
2550               bcs.set_start(handler_stack->pop());
2551             }
2552           } else {
2553             // Pop a bytecode starting offset and scan from there.
2554             bcs.set_start(bci_stack->pop());
2555           }
2556         } else {
2557           if (target > bci) { // forward branch
2558             if (target >= code_length) return false;
2559             // Push the branch target onto the stack.
2560             bci_stack->push(target);
2561             // then, scan bytecodes starting with next.
2562             bcs.set_start(bcs.next_bci());
2563           } else { // backward branch
2564             // Push bytecode offset following backward branch onto the stack.
2565             bci_stack->push(bcs.next_bci());
2566             // Check bytecodes starting with branch target.
2567             bcs.set_start(target);
2568           }
2569           // Record target so we don't branch here again.
2570           visited_branches->append(bci);
2571         }
2572         break;
2573         }
2574 
2575       case Bytecodes::_goto:
2576       case Bytecodes::_goto_w: {
2577         int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2578         if (visited_branches->contains(bci)) {
2579           if (bci_stack->is_empty()) {
2580             if (handler_stack->is_empty()) {
2581               return true;
2582             } else {
2583               // Parse the catch handlers for try blocks containing athrow.
2584               bcs.set_start(handler_stack->pop());
2585             }
2586           } else {
2587             // Been here before, pop new starting offset from stack.
2588             bcs.set_start(bci_stack->pop());
2589           }
2590         } else {
2591           if (target >= code_length) return false;
2592           // Continue scanning from the target onward.
2593           bcs.set_start(target);
2594           // Record target so we don't branch here again.
2595           visited_branches->append(bci);
2596         }
2597         break;
2598         }
2599 
2600       // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2601       // is  difficult to determine where each switch alternative ends, parse
2602       // each switch alternative until either hit a 'return', 'athrow', or reach
2603       // the end of the method's bytecodes.  This is gross but should be okay
2604       // because:
2605       // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2606       //    constructor invocations should be rare.
2607       // 2. if each switch alternative ends in an athrow then the parsing should be
2608       //    short.  If there is no athrow then it is bogus code, anyway.
2609       case Bytecodes::_lookupswitch:
2610       case Bytecodes::_tableswitch:
2611         {
2612           address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2613           int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2614           int keys, delta;
2615           if (opcode == Bytecodes::_tableswitch) {
2616             jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2617             jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2618             // This is invalid, but let the regular bytecode verifier
2619             // report this because the user will get a better error message.
2620             if (low > high) return true;
2621             keys = high - low + 1;
2622             delta = 1;
2623           } else {
2624             keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2625             delta = 2;
2626           }
2627           // Invalid, let the regular bytecode verifier deal with it.
2628           if (keys < 0) return true;
2629 
2630           // Push the offset of the next bytecode onto the stack.
2631           bci_stack->push(bcs.next_bci());
2632 
2633           // Push the switch alternatives onto the stack.
2634           for (int i = 0; i < keys; i++) {
2635             int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2636             if (target > code_length) return false;
2637             bci_stack->push(target);
2638           }
2639 
2640           // Start bytecode parsing for the switch at the default alternative.
2641           if (default_offset > code_length) return false;
2642           bcs.set_start(default_offset);
2643           break;
2644         }
2645 
2646       case Bytecodes::_return:
2647         return false;
2648 
2649       case Bytecodes::_athrow:
2650         {
2651           if (bci_stack->is_empty()) {
2652             if (handler_stack->is_empty()) {
2653               return true;
2654             } else {
2655               // Parse the catch handlers for try blocks containing athrow.
2656               bcs.set_start(handler_stack->pop());
2657             }
2658           } else {
2659             // Pop a bytecode offset and starting scanning from there.
2660             bcs.set_start(bci_stack->pop());
2661           }
2662         }
2663         break;
2664 
2665       default:
2666         ;
2667     } // end switch
2668   } // end while loop
2669 
2670   return false;
2671 }
2672 
2673 void ClassVerifier::verify_invoke_init(
2674     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2675     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2676     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2677     TRAPS) {
2678   int bci = bcs->bci();
2679   VerificationType type = current_frame->pop_stack(
2680     VerificationType::reference_check(), CHECK_VERIFY(this));
2681   if (type == VerificationType::uninitialized_this_type()) {
2682     // The method must be an <init> method of this class or its superclass
2683     Klass* superk = current_class()->super();
2684     if (ref_class_type.name() != current_class()->name() &&
2685         ref_class_type.name() != superk->name()) {
2686       verify_error(ErrorContext::bad_type(bci,
2687           TypeOrigin::implicit(ref_class_type),
2688           TypeOrigin::implicit(current_type())),
2689           "Bad <init> method call");
2690       return;
2691     }
2692 
2693     // If this invokespecial call is done from inside of a TRY block then make
2694     // sure that all catch clause paths end in a throw.  Otherwise, this can
2695     // result in returning an incomplete object.
2696     if (in_try_block) {
2697       ExceptionTable exhandlers(_method());
2698       int exlength = exhandlers.length();
2699       for(int i = 0; i < exlength; i++) {
2700         u2 start_pc = exhandlers.start_pc(i);
2701         u2 end_pc = exhandlers.end_pc(i);
2702 
2703         if (bci >= start_pc && bci < end_pc) {
2704           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2705             verify_error(ErrorContext::bad_code(bci),
2706               "Bad <init> method call from after the start of a try block");
2707             return;
2708           } else if (log_is_enabled(Debug, verification)) {
2709             ResourceMark rm(THREAD);
2710             log_debug(verification)("Survived call to ends_in_athrow(): %s",
2711                                           current_class()->name()->as_C_string());
2712           }
2713         }
2714       }
2715 
2716       // Check the exception handler target stackmaps with the locals from the
2717       // incoming stackmap (before initialize_object() changes them to outgoing
2718       // state).
2719       if (was_recursively_verified()) return;
2720       verify_exception_handler_targets(bci, true, current_frame,
2721                                        stackmap_table, CHECK_VERIFY(this));
2722     } // in_try_block
2723 
2724     current_frame->initialize_object(type, current_type());
2725     *this_uninit = true;
2726   } else if (type.is_uninitialized()) {
2727     u2 new_offset = type.bci();
2728     address new_bcp = bcs->bcp() - bci + new_offset;
2729     if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2730       /* Unreachable?  Stack map parsing ensures valid type and new
2731        * instructions have a valid BCI. */
2732       verify_error(ErrorContext::bad_code(new_offset),
2733                    "Expecting new instruction");
2734       return;
2735     }
2736     u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2737     if (was_recursively_verified()) return;
2738     verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2739 
2740     // The method must be an <init> method of the indicated class
2741     VerificationType new_class_type = cp_index_to_type(
2742       new_class_index, cp, CHECK_VERIFY(this));
2743     if (!new_class_type.equals(ref_class_type)) {
2744       verify_error(ErrorContext::bad_type(bci,
2745           TypeOrigin::cp(new_class_index, new_class_type),
2746           TypeOrigin::cp(ref_class_index, ref_class_type)),
2747           "Call to wrong <init> method");
2748       return;
2749     }
2750     // According to the VM spec, if the referent class is a superclass of the
2751     // current class, and is in a different runtime package, and the method is
2752     // protected, then the objectref must be the current class or a subclass
2753     // of the current class.
2754     VerificationType objectref_type = new_class_type;
2755     if (name_in_supers(ref_class_type.name(), current_class())) {
2756       Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2757       if (was_recursively_verified()) return;
2758       Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2759         vmSymbols::object_initializer_name(),
2760         cp->uncached_signature_ref_at(bcs->get_index_u2()),
2761         Klass::OverpassLookupMode::find);
2762       // Do nothing if method is not found.  Let resolution detect the error.
2763       if (m != nullptr) {
2764         InstanceKlass* mh = m->method_holder();
2765         if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2766           bool assignable = current_type().is_assignable_from(
2767             objectref_type, this, true, CHECK_VERIFY(this));
2768           if (!assignable) {
2769             verify_error(ErrorContext::bad_type(bci,
2770                 TypeOrigin::cp(new_class_index, objectref_type),
2771                 TypeOrigin::implicit(current_type())),
2772                 "Bad access to protected <init> method");
2773             return;
2774           }
2775         }
2776       }
2777     }
2778     // Check the exception handler target stackmaps with the locals from the
2779     // incoming stackmap (before initialize_object() changes them to outgoing
2780     // state).
2781     if (in_try_block) {
2782       if (was_recursively_verified()) return;
2783       verify_exception_handler_targets(bci, *this_uninit, current_frame,
2784                                        stackmap_table, CHECK_VERIFY(this));
2785     }
2786     current_frame->initialize_object(type, new_class_type);
2787   } else {
2788     verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2789         "Bad operand type when invoking <init>");
2790     return;
2791   }
2792 }
2793 
2794 bool ClassVerifier::is_same_or_direct_interface(
2795     InstanceKlass* klass,
2796     VerificationType klass_type,
2797     VerificationType ref_class_type) {
2798   if (ref_class_type.equals(klass_type)) return true;
2799   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2800   if (local_interfaces != nullptr) {
2801     for (int x = 0; x < local_interfaces->length(); x++) {
2802       InstanceKlass* k = local_interfaces->at(x);
2803       assert (k != nullptr && k->is_interface(), "invalid interface");
2804       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2805         return true;
2806       }
2807     }
2808   }
2809   return false;
2810 }
2811 
2812 void ClassVerifier::verify_invoke_instructions(
2813     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2814     bool in_try_block, bool *this_uninit,
2815     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2816   // Make sure the constant pool item is the right type
2817   u2 index = bcs->get_index_u2();
2818   Bytecodes::Code opcode = bcs->raw_code();
2819   unsigned int types = 0;
2820   switch (opcode) {
2821     case Bytecodes::_invokeinterface:
2822       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2823       break;
2824     case Bytecodes::_invokedynamic:
2825       types = 1 << JVM_CONSTANT_InvokeDynamic;
2826       break;
2827     case Bytecodes::_invokespecial:
2828     case Bytecodes::_invokestatic:
2829       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2830         (1 << JVM_CONSTANT_Methodref) :
2831         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2832       break;
2833     default:
2834       types = 1 << JVM_CONSTANT_Methodref;
2835   }
2836   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2837 
2838   // Get method name and signature
2839   Symbol* method_name = cp->uncached_name_ref_at(index);
2840   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2841 
2842   // Method signature was checked in ClassFileParser.
2843   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2844          "Invalid method signature");
2845 
2846   // Get referenced class
2847   VerificationType ref_class_type;
2848   if (opcode == Bytecodes::_invokedynamic) {
2849     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2850       class_format_error(
2851         "invokedynamic instructions not supported by this class file version (%d), class %s",
2852         _klass->major_version(), _klass->external_name());
2853       return;
2854     }
2855   } else {
2856     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2857   }
2858 
2859   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2860         "buffer type must match VerificationType size");
2861 
2862   // Get the UTF8 index for this signature.
2863   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2864 
2865   // Get the signature's verification types.
2866   sig_as_verification_types* mth_sig_verif_types;
2867   sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2868   if (mth_sig_verif_types_ptr != nullptr) {
2869     // Found the entry for the signature's verification types in the hash table.
2870     mth_sig_verif_types = *mth_sig_verif_types_ptr;
2871     assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2872   } else {
2873     // Not found, add the entry to the table.
2874     GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2875     mth_sig_verif_types = new sig_as_verification_types(verif_types);
2876     create_method_sig_entry(mth_sig_verif_types, sig_index);
2877   }
2878 
2879   // Get the number of arguments for this signature.
2880   int nargs = mth_sig_verif_types->num_args();
2881 
2882   // Check instruction operands
2883   int bci = bcs->bci();
2884   if (opcode == Bytecodes::_invokeinterface) {
2885     address bcp = bcs->bcp();
2886     // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2887     // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2888     // the difference between the size of the operand stack before and after the instruction
2889     // executes.
2890     if (*(bcp+3) != (nargs+1)) {
2891       verify_error(ErrorContext::bad_code(bci),
2892           "Inconsistent args count operand in invokeinterface");
2893       return;
2894     }
2895     if (*(bcp+4) != 0) {
2896       verify_error(ErrorContext::bad_code(bci),
2897           "Fourth operand byte of invokeinterface must be zero");
2898       return;
2899     }
2900   }
2901 
2902   if (opcode == Bytecodes::_invokedynamic) {
2903     address bcp = bcs->bcp();
2904     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2905       verify_error(ErrorContext::bad_code(bci),
2906           "Third and fourth operand bytes of invokedynamic must be zero");
2907       return;
2908     }
2909   }
2910 
2911   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2912     // Make sure:
2913     //   <init> can only be invoked by invokespecial.
2914     if (opcode != Bytecodes::_invokespecial ||
2915           method_name != vmSymbols::object_initializer_name()) {
2916       verify_error(ErrorContext::bad_code(bci),
2917           "Illegal call to internal method");
2918       return;
2919     }
2920   } else if (opcode == Bytecodes::_invokespecial
2921              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2922              && !ref_class_type.equals(VerificationType::reference_type(
2923                   current_class()->super()->name()))) { // super() can never be an inline_type.
2924     bool subtype = false;
2925     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2926     subtype = ref_class_type.is_assignable_from(
2927                current_type(), this, false, CHECK_VERIFY(this));
2928     if (!subtype) {
2929       verify_error(ErrorContext::bad_code(bci),
2930           "Bad invokespecial instruction: "
2931           "current class isn't assignable to reference class.");
2932        return;
2933     } else if (have_imr_indirect) {
2934       verify_error(ErrorContext::bad_code(bci),
2935           "Bad invokespecial instruction: "
2936           "interface method reference is in an indirect superinterface.");
2937       return;
2938     }
2939 
2940   }
2941 
2942   // Get the verification types for the method's arguments.
2943   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2944   assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2945   // Match method descriptor with operand stack
2946   // The arguments are on the stack in descending order.
2947   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2948     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2949   }
2950 
2951   // Check objectref on operand stack
2952   if (opcode != Bytecodes::_invokestatic &&
2953       opcode != Bytecodes::_invokedynamic) {
2954     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2955       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2956         code_length, in_try_block, this_uninit, cp, stackmap_table,
2957         CHECK_VERIFY(this));
2958       if (was_recursively_verified()) return;
2959     } else {   // other methods
2960       // Ensures that target class is assignable to method class.
2961       if (opcode == Bytecodes::_invokespecial) {
2962         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2963       } else if (opcode == Bytecodes::_invokevirtual) {
2964         VerificationType stack_object_type =
2965           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2966         if (current_type() != stack_object_type) {
2967           if (was_recursively_verified()) return;
2968           assert(cp->cache() == nullptr, "not rewritten yet");
2969           Symbol* ref_class_name =
2970             cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2971           // See the comments in verify_field_instructions() for
2972           // the rationale behind this.
2973           if (name_in_supers(ref_class_name, current_class())) {
2974             Klass* ref_class = load_class(ref_class_name, CHECK);
2975             if (is_protected_access(
2976                   _klass, ref_class, method_name, method_sig, true)) {
2977               // It's protected access, check if stack object is
2978               // assignable to current class.
2979               if (ref_class_type.name() == vmSymbols::java_lang_Object()
2980                   && stack_object_type.is_array()
2981                   && method_name == vmSymbols::clone_name()) {
2982                 // Special case: arrays pretend to implement public Object
2983                 // clone().
2984               } else {
2985                 bool is_assignable = current_type().is_assignable_from(
2986                   stack_object_type, this, true, CHECK_VERIFY(this));
2987                 if (!is_assignable) {
2988                   verify_error(ErrorContext::bad_type(bci,
2989                       current_frame->stack_top_ctx(),
2990                       TypeOrigin::implicit(current_type())),
2991                       "Bad access to protected data in invokevirtual");
2992                   return;
2993                 }
2994               }
2995             }
2996           }
2997         }
2998       } else {
2999         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3000         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3001       }
3002     }
3003   }
3004   // Push the result type.
3005   int sig_verif_types_len = sig_verif_types->length();
3006   if (sig_verif_types_len > nargs) {  // There's a return type
3007     if (method_name == vmSymbols::object_initializer_name()) {
3008       // an <init> method must have a void return type
3009       verify_error(ErrorContext::bad_code(bci),
3010           "Return type must be void in <init> method");
3011       return;
3012     }
3013 
3014     assert(sig_verif_types_len <= nargs + 2,
3015            "Signature verification types array return type is bogus");
3016     for (int i = nargs; i < sig_verif_types_len; i++) {
3017       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3018              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3019       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3020     }
3021   }
3022 }
3023 
3024 VerificationType ClassVerifier::get_newarray_type(
3025     u2 index, int bci, TRAPS) {
3026   const char* from_bt[] = {
3027     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3028   };
3029   if (index < T_BOOLEAN || index > T_LONG) {
3030     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3031     return VerificationType::bogus_type();
3032   }
3033 
3034   // from_bt[index] contains the array signature which has a length of 2
3035   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3036   return VerificationType::reference_type(sig);
3037 }
3038 
3039 void ClassVerifier::verify_anewarray(
3040     int bci, u2 index, const constantPoolHandle& cp,
3041     StackMapFrame* current_frame, TRAPS) {
3042   verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3043   current_frame->pop_stack(
3044     VerificationType::integer_type(), CHECK_VERIFY(this));
3045 
3046   if (was_recursively_verified()) return;
3047   VerificationType component_type =
3048     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3049   int length;
3050   char* arr_sig_str;
3051   if (component_type.is_array()) {     // it's an array
3052     const char* component_name = component_type.name()->as_utf8();
3053     // Check for more than MAX_ARRAY_DIMENSIONS
3054     length = (int)strlen(component_name);
3055     if (length > MAX_ARRAY_DIMENSIONS &&
3056         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3057       verify_error(ErrorContext::bad_code(bci),
3058         "Illegal anewarray instruction, array has more than 255 dimensions");
3059     }
3060     // add one dimension to component
3061     length++;
3062     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3063     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3064                          JVM_SIGNATURE_ARRAY, component_name);
3065     assert(n == length, "Unexpected number of characters in string");
3066   } else {         // it's an object or interface
3067     const char* component_name = component_type.name()->as_utf8();
3068     // add one dimension to component with 'L' prepended and ';' postpended.
3069     length = (int)strlen(component_name) + 3;
3070     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3071     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3072                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3073     assert(n == length, "Unexpected number of characters in string");
3074   }
3075   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3076   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3077   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3078 }
3079 
3080 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3081   current_frame->get_local(
3082     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3083   current_frame->push_stack(
3084     VerificationType::integer_type(), CHECK_VERIFY(this));
3085 }
3086 
3087 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3088   current_frame->get_local_2(
3089     index, VerificationType::long_type(),
3090     VerificationType::long2_type(), CHECK_VERIFY(this));
3091   current_frame->push_stack_2(
3092     VerificationType::long_type(),
3093     VerificationType::long2_type(), CHECK_VERIFY(this));
3094 }
3095 
3096 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3097   current_frame->get_local(
3098     index, VerificationType::float_type(), CHECK_VERIFY(this));
3099   current_frame->push_stack(
3100     VerificationType::float_type(), CHECK_VERIFY(this));
3101 }
3102 
3103 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3104   current_frame->get_local_2(
3105     index, VerificationType::double_type(),
3106     VerificationType::double2_type(), CHECK_VERIFY(this));
3107   current_frame->push_stack_2(
3108     VerificationType::double_type(),
3109     VerificationType::double2_type(), CHECK_VERIFY(this));
3110 }
3111 
3112 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3113   VerificationType type = current_frame->get_local(
3114     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3115   current_frame->push_stack(type, CHECK_VERIFY(this));
3116 }
3117 
3118 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3119   current_frame->pop_stack(
3120     VerificationType::integer_type(), CHECK_VERIFY(this));
3121   current_frame->set_local(
3122     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3123 }
3124 
3125 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3126   current_frame->pop_stack_2(
3127     VerificationType::long2_type(),
3128     VerificationType::long_type(), CHECK_VERIFY(this));
3129   current_frame->set_local_2(
3130     index, VerificationType::long_type(),
3131     VerificationType::long2_type(), CHECK_VERIFY(this));
3132 }
3133 
3134 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3135   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3136   current_frame->set_local(
3137     index, VerificationType::float_type(), CHECK_VERIFY(this));
3138 }
3139 
3140 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3141   current_frame->pop_stack_2(
3142     VerificationType::double2_type(),
3143     VerificationType::double_type(), CHECK_VERIFY(this));
3144   current_frame->set_local_2(
3145     index, VerificationType::double_type(),
3146     VerificationType::double2_type(), CHECK_VERIFY(this));
3147 }
3148 
3149 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3150   VerificationType type = current_frame->pop_stack(
3151     VerificationType::reference_check(), CHECK_VERIFY(this));
3152   current_frame->set_local(index, type, CHECK_VERIFY(this));
3153 }
3154 
3155 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3156   VerificationType type = current_frame->get_local(
3157     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3158   current_frame->set_local(index, type, CHECK_VERIFY(this));
3159 }
3160 
3161 void ClassVerifier::verify_return_value(
3162     VerificationType return_type, VerificationType type, int bci,
3163     StackMapFrame* current_frame, TRAPS) {
3164   if (return_type == VerificationType::bogus_type()) {
3165     verify_error(ErrorContext::bad_type(bci,
3166         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3167         "Method does not expect a return value");
3168     return;
3169   }
3170   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3171   if (!match) {
3172     verify_error(ErrorContext::bad_type(bci,
3173         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3174         "Bad return type");
3175     return;
3176   }
3177 }
3178 
3179 // The verifier creates symbols which are substrings of Symbols.
3180 // These are stored in the verifier until the end of verification so that
3181 // they can be reference counted.
3182 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3183   // Quick deduplication check
3184   if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3185     return _previous_symbol;
3186   }
3187   Symbol* sym = SymbolTable::new_symbol(name, length);
3188   if (!sym->is_permanent()) {
3189     if (_symbols == nullptr) {
3190       _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3191     }
3192     _symbols->push(sym);
3193   }
3194   _previous_symbol = sym;
3195   return sym;
3196 }