1 /*
2 * Copyright (c) 1998, 2023, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define INLINE_TYPE_MAJOR_VERSION 56
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != nullptr)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != nullptr)
85 return _verify_byte_codes_fn;
86
87 // Load verify dll
88 char buffer[JVM_MAXPATHLEN];
89 char ebuf[1024];
90 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
91 return nullptr; // Caller will throw VerifyError
92
93 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
94 if (lib_handle == nullptr)
95 return nullptr; // Caller will throw VerifyError
96
97 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
98 if (fn == nullptr)
99 return nullptr; // Caller will throw VerifyError
100
101 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
102 }
103
104
105 // Methods in Verifier
106
107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
108 return (class_loader == nullptr || !should_verify_class) ?
109 BytecodeVerificationLocal : BytecodeVerificationRemote;
110 }
111
112 bool Verifier::relax_access_for(oop loader) {
113 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
114 bool need_verify =
115 // verifyAll
116 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
117 // verifyRemote
118 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
119 return !need_verify;
120 }
121
122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
123 assert(verify_class != nullptr, "Unexpected null verify_class");
124 ResourceMark rm;
125 Symbol* s = verify_class->source_file_name();
126 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
127 const char* verify = verify_class->external_name();
128 const char* resolve = resolve_class->external_name();
129 // print in a single call to reduce interleaving between threads
130 if (source_file != nullptr) {
131 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
132 } else {
133 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
134 }
135 }
136
137 // Prints the end-verification message to the appropriate output.
138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
139 if (pending_exception != nullptr) {
140 st->print("Verification for %s has", klassName);
141 oop message = java_lang_Throwable::message(pending_exception);
142 if (message != nullptr) {
143 char* ex_msg = java_lang_String::as_utf8_string(message);
144 st->print_cr(" exception pending '%s %s'",
145 pending_exception->klass()->external_name(), ex_msg);
146 } else {
147 st->print_cr(" exception pending %s ",
148 pending_exception->klass()->external_name());
149 }
150 } else if (exception_name != nullptr) {
151 st->print_cr("Verification for %s failed", klassName);
152 }
153 st->print_cr("End class verification for: %s", klassName);
154 }
155
156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
157 HandleMark hm(THREAD);
158 ResourceMark rm(THREAD);
159
160 // Eagerly allocate the identity hash code for a klass. This is a fallout
161 // from 6320749 and 8059924: hash code generator is not supposed to be called
162 // during the safepoint, but it allows to sneak the hashcode in during
163 // verification. Without this eager hashcode generation, we may end up
164 // installing the hashcode during some other operation, which may be at
165 // safepoint -- blowing up the checks. It was previously done as the side
166 // effect (sic!) for external_name(), but instead of doing that, we opt to
167 // explicitly push the hashcode in here. This is signify the following block
168 // is IMPORTANT:
169 if (klass->java_mirror() != nullptr) {
170 klass->java_mirror()->identity_hash();
171 }
172
173 if (!is_eligible_for_verification(klass, should_verify_class)) {
174 return true;
175 }
176
177 // Timer includes any side effects of class verification (resolution,
178 // etc), but not recursive calls to Verifier::verify().
179 JavaThread* jt = THREAD;
180 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
181 ClassLoader::perf_class_verify_selftime(),
182 ClassLoader::perf_classes_verified(),
183 jt->get_thread_stat()->perf_recursion_counts_addr(),
184 jt->get_thread_stat()->perf_timers_addr(),
185 PerfClassTraceTime::CLASS_VERIFY);
186
187 // If the class should be verified, first see if we can use the split
188 // verifier. If not, or if verification fails and can failover, then
189 // call the inference verifier.
190 Symbol* exception_name = nullptr;
191 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
192 char* message_buffer = nullptr;
193 char* exception_message = nullptr;
194
195 log_info(class, init)("Start class verification for: %s", klass->external_name());
196 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
197 ClassVerifier split_verifier(jt, klass);
198 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
199 split_verifier.verify_class(THREAD);
200 exception_name = split_verifier.result();
201
202 // If DumpSharedSpaces is set then don't fall back to the old verifier on
203 // verification failure. If a class fails verification with the split verifier,
204 // it might fail the CDS runtime verifier constraint check. In that case, we
205 // don't want to share the class. We only archive classes that pass the split
206 // verifier.
207 bool can_failover = !DumpSharedSpaces &&
208 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
209
210 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
211 (exception_name == vmSymbols::java_lang_VerifyError() ||
212 exception_name == vmSymbols::java_lang_ClassFormatError())) {
213 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
214 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
215 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
216 exception_message = message_buffer;
217 exception_name = inference_verify(
218 klass, message_buffer, message_buffer_len, THREAD);
219 }
220 if (exception_name != nullptr) {
221 exception_message = split_verifier.exception_message();
222 }
223 } else {
224 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
225 exception_message = message_buffer;
226 exception_name = inference_verify(
227 klass, message_buffer, message_buffer_len, THREAD);
228 }
229
230 LogTarget(Info, class, init) lt1;
231 if (lt1.is_enabled()) {
232 LogStream ls(lt1);
233 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
234 }
235 LogTarget(Info, verification) lt2;
236 if (lt2.is_enabled()) {
237 LogStream ls(lt2);
238 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
239 }
240
241 if (HAS_PENDING_EXCEPTION) {
242 return false; // use the existing exception
243 } else if (exception_name == nullptr) {
244 return true; // verification succeeded
245 } else { // VerifyError or ClassFormatError to be created and thrown
246 Klass* kls =
247 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
248 if (log_is_enabled(Debug, class, resolve)) {
249 Verifier::trace_class_resolution(kls, klass);
250 }
251
252 while (kls != nullptr) {
253 if (kls == klass) {
254 // If the class being verified is the exception we're creating
255 // or one of it's superclasses, we're in trouble and are going
256 // to infinitely recurse when we try to initialize the exception.
257 // So bail out here by throwing the preallocated VM error.
258 THROW_OOP_(Universe::virtual_machine_error_instance(), false);
259 }
260 kls = kls->super();
261 }
262 if (message_buffer != nullptr) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != nullptr, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
273
274 bool is_reflect = refl_magic_klass != nullptr && klass->is_subtype_of(refl_magic_klass);
275
276 return (should_verify_for(klass->class_loader(), should_verify_class) &&
277 // return if the class is a bootstrapping class
278 // or defineClass specified not to verify by default (flags override passed arg)
279 // We need to skip the following four for bootstrapping
280 name != vmSymbols::java_lang_Object() &&
281 name != vmSymbols::java_lang_Class() &&
282 name != vmSymbols::java_lang_String() &&
283 name != vmSymbols::java_lang_Throwable() &&
284
285 // Can not verify the bytecodes for shared classes because they have
286 // already been rewritten to contain constant pool cache indices,
287 // which the verifier can't understand.
288 // Shared classes shouldn't have stackmaps either.
289 // However, bytecodes for shared old classes can be verified because
290 // they have not been rewritten.
291 !(klass->is_shared() && klass->is_rewritten()) &&
292
293 // As of the fix for 4486457 we disable verification for all of the
294 // dynamically-generated bytecodes associated with the 1.4
295 // reflection implementation, not just those associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 // NOTE: this is called too early in the bootstrapping process to be
298 // guarded by Universe::is_gte_jdk14x_version().
299 // Also for lambda generated code, gte jdk8
300 (!is_reflect));
301 }
302
303 Symbol* Verifier::inference_verify(
304 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
305 JavaThread* thread = THREAD;
306
307 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
308
309 if (verify_func == nullptr) {
310 jio_snprintf(message, message_len, "Could not link verifier");
311 return vmSymbols::java_lang_VerifyError();
312 }
313
314 ResourceMark rm(thread);
315 log_info(verification)("Verifying class %s with old format", klass->external_name());
316
317 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
318 jint result;
319
320 {
321 HandleMark hm(thread);
322 ThreadToNativeFromVM ttn(thread);
323 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
324 // code knows that we have left the VM
325 JNIEnv *env = thread->jni_environment();
326 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
327 }
328
329 JNIHandles::destroy_local(cls);
330
331 // These numbers are chosen so that VerifyClassCodes interface doesn't need
332 // to be changed (still return jboolean (unsigned char)), and result is
333 // 1 when verification is passed.
334 if (result == 0) {
335 return vmSymbols::java_lang_VerifyError();
336 } else if (result == 1) {
337 return nullptr; // verified.
338 } else if (result == 2) {
339 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
340 } else if (result == 3) {
341 return vmSymbols::java_lang_ClassFormatError();
342 } else {
343 ShouldNotReachHere();
344 return nullptr;
345 }
346 }
347
348 TypeOrigin TypeOrigin::null() {
349 return TypeOrigin();
350 }
351 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) {
352 assert(frame != nullptr, "Must have a frame");
353 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
354 frame->local_at(index));
355 }
356 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) {
357 assert(frame != nullptr, "Must have a frame");
358 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
359 frame->stack_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) {
362 assert(frame != nullptr, "Must have a frame");
363 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
364 frame->local_at(index));
365 }
366 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) {
367 assert(frame != nullptr, "Must have a frame");
368 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
369 frame->stack_at(index));
370 }
371 TypeOrigin TypeOrigin::bad_index(u2 index) {
372 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
373 }
374 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) {
375 return TypeOrigin(CONST_POOL, index, nullptr, vt);
376 }
377 TypeOrigin TypeOrigin::signature(VerificationType vt) {
378 return TypeOrigin(SIG, 0, nullptr, vt);
379 }
380 TypeOrigin TypeOrigin::implicit(VerificationType t) {
381 return TypeOrigin(IMPLICIT, 0, nullptr, t);
382 }
383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
384 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
385 VerificationType::bogus_type());
386 }
387
388 void TypeOrigin::reset_frame() {
389 if (_frame != nullptr) {
390 _frame->restore();
391 }
392 }
393
394 void TypeOrigin::details(outputStream* ss) const {
395 _type.print_on(ss);
396 switch (_origin) {
397 case CF_LOCALS:
398 ss->print(" (current frame, locals[%d])", _index);
399 break;
400 case CF_STACK:
401 ss->print(" (current frame, stack[%d])", _index);
402 break;
403 case SM_LOCALS:
404 ss->print(" (stack map, locals[%d])", _index);
405 break;
406 case SM_STACK:
407 ss->print(" (stack map, stack[%d])", _index);
408 break;
409 case CONST_POOL:
410 ss->print(" (constant pool %d)", _index);
411 break;
412 case SIG:
413 ss->print(" (from method signature)");
414 break;
415 case IMPLICIT:
416 case FRAME_ONLY:
417 case NONE:
418 default:
419 ;
420 }
421 }
422
423 #ifdef ASSERT
424 void TypeOrigin::print_on(outputStream* str) const {
425 str->print("{%d,%d,%p:", _origin, _index, _frame);
426 if (_frame != nullptr) {
427 _frame->print_on(str);
428 } else {
429 str->print("null");
430 }
431 str->print(",");
432 _type.print_on(str);
433 str->print("}");
434 }
435 #endif
436
437 void ErrorContext::details(outputStream* ss, const Method* method) const {
438 if (is_valid()) {
439 ss->cr();
440 ss->print_cr("Exception Details:");
441 location_details(ss, method);
442 reason_details(ss);
443 frame_details(ss);
444 bytecode_details(ss, method);
445 handler_details(ss, method);
446 stackmap_details(ss, method);
447 }
448 }
449
450 void ErrorContext::reason_details(outputStream* ss) const {
451 streamIndentor si(ss);
452 ss->indent().print_cr("Reason:");
453 streamIndentor si2(ss);
454 ss->indent().print("%s", "");
455 switch (_fault) {
456 case INVALID_BYTECODE:
457 ss->print("Error exists in the bytecode");
458 break;
459 case WRONG_TYPE:
460 if (_expected.is_valid()) {
461 ss->print("Type ");
462 _type.details(ss);
463 ss->print(" is not assignable to ");
464 _expected.details(ss);
465 } else {
466 ss->print("Invalid type: ");
467 _type.details(ss);
468 }
469 break;
470 case FLAGS_MISMATCH:
471 if (_expected.is_valid()) {
472 ss->print("Current frame's flags are not assignable "
473 "to stack map frame's.");
474 } else {
475 ss->print("Current frame's flags are invalid in this context.");
476 }
477 break;
478 case BAD_CP_INDEX:
479 ss->print("Constant pool index %d is invalid", _type.index());
480 break;
481 case BAD_LOCAL_INDEX:
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STACK_OVERFLOW:
491 ss->print("Exceeded max stack size.");
492 break;
493 case STACK_UNDERFLOW:
494 ss->print("Attempt to pop empty stack.");
495 break;
496 case MISSING_STACKMAP:
497 ss->print("Expected stackmap frame at this location.");
498 break;
499 case BAD_STACKMAP:
500 ss->print("Invalid stackmap specification.");
501 break;
502 case WRONG_INLINE_TYPE:
503 ss->print("Type ");
504 _type.details(ss);
505 ss->print(" and type ");
506 _expected.details(ss);
507 ss->print(" must be identical inline types.");
508 break;
509 case UNKNOWN:
510 default:
511 ShouldNotReachHere();
512 ss->print_cr("Unknown");
513 }
514 ss->cr();
515 }
516
517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
518 if (_bci != -1 && method != nullptr) {
519 streamIndentor si(ss);
520 const char* bytecode_name = "<invalid>";
521 if (method->validate_bci(_bci) != -1) {
522 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
523 if (Bytecodes::is_defined(code)) {
524 bytecode_name = Bytecodes::name(code);
525 } else {
526 bytecode_name = "<illegal>";
527 }
528 }
529 InstanceKlass* ik = method->method_holder();
530 ss->indent().print_cr("Location:");
531 streamIndentor si2(ss);
532 ss->indent().print_cr("%s.%s%s @%d: %s",
533 ik->name()->as_C_string(), method->name()->as_C_string(),
534 method->signature()->as_C_string(), _bci, bytecode_name);
535 }
536 }
537
538 void ErrorContext::frame_details(outputStream* ss) const {
539 streamIndentor si(ss);
540 if (_type.is_valid() && _type.frame() != nullptr) {
541 ss->indent().print_cr("Current Frame:");
542 streamIndentor si2(ss);
543 _type.frame()->print_on(ss);
544 }
545 if (_expected.is_valid() && _expected.frame() != nullptr) {
546 ss->indent().print_cr("Stackmap Frame:");
547 streamIndentor si2(ss);
548 _expected.frame()->print_on(ss);
549 }
550 }
551
552 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
553 if (method != nullptr) {
554 streamIndentor si(ss);
555 ss->indent().print_cr("Bytecode:");
556 streamIndentor si2(ss);
557 ss->print_data(method->code_base(), method->code_size(), false);
558 }
559 }
560
561 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
562 if (method != nullptr) {
563 streamIndentor si(ss);
564 ExceptionTable table(method);
565 if (table.length() > 0) {
566 ss->indent().print_cr("Exception Handler Table:");
567 streamIndentor si2(ss);
568 for (int i = 0; i < table.length(); ++i) {
569 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
570 table.end_pc(i), table.handler_pc(i));
571 }
572 }
573 }
574 }
575
576 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
577 if (method != nullptr && method->has_stackmap_table()) {
578 streamIndentor si(ss);
579 ss->indent().print_cr("Stackmap Table:");
580 Array<u1>* data = method->stackmap_data();
581 stack_map_table* sm_table =
582 stack_map_table::at((address)data->adr_at(0));
583 stack_map_frame* sm_frame = sm_table->entries();
584 streamIndentor si2(ss);
585 int current_offset = -1;
586 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
587 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
588 ss->indent();
589 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
590 sm_frame->print_truncated(ss, current_offset);
591 return;
592 }
593 sm_frame->print_on(ss, current_offset);
594 ss->cr();
595 current_offset += sm_frame->offset_delta();
596 sm_frame = sm_frame->next();
597 }
598 }
599 }
600
601 // Methods in ClassVerifier
602
603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
604 if (klass->is_inline_klass()) {
605 return VerificationType::inline_type(klass->name());
606 } else {
607 return VerificationType::reference_type(klass->name());
608 }
609 }
610
611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
612 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
613 _message(nullptr), _klass(klass) {
614 _this_type = reference_or_inline_type(klass);
615 }
616
617 ClassVerifier::~ClassVerifier() {
618 // Decrement the reference count for any symbols created.
619 if (_symbols != nullptr) {
620 for (int i = 0; i < _symbols->length(); i++) {
621 Symbol* s = _symbols->at(i);
622 s->decrement_refcount();
623 }
624 }
625 }
626
627 VerificationType ClassVerifier::object_type() const {
628 return VerificationType::reference_type(vmSymbols::java_lang_Object());
629 }
630
631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
632 VerificationType vt = VerificationType::reference_type(
633 create_temporary_symbol(sig, (int)strlen(sig)));
634 return TypeOrigin::implicit(vt);
635 }
636
637
638 void ClassVerifier::verify_class(TRAPS) {
639 log_info(verification)("Verifying class %s with new format", _klass->external_name());
640
641 // Either verifying both local and remote classes or just remote classes.
642 assert(BytecodeVerificationRemote, "Should not be here");
643
644 Array<Method*>* methods = _klass->methods();
645 int num_methods = methods->length();
646
647 for (int index = 0; index < num_methods; index++) {
648 // Check for recursive re-verification before each method.
649 if (was_recursively_verified()) return;
650
651 Method* m = methods->at(index);
652 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
653 // If m is native or abstract, skip it. It is checked in class file
654 // parser that methods do not override a final method. Overpass methods
655 // are trusted since the VM generates them.
656 continue;
657 }
658 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
659 }
660
661 if (was_recursively_verified()){
662 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
663 log_info(class, init)("Recursive verification detected for: %s",
664 _klass->external_name());
665 }
666 }
667
668 // Translate the signature entries into verification types and save them in
669 // the growable array. Also, save the count of arguments.
670 void ClassVerifier::translate_signature(Symbol* const method_sig,
671 sig_as_verification_types* sig_verif_types) {
672 SignatureStream sig_stream(method_sig);
673 VerificationType sig_type[2];
674 int sig_i = 0;
675 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
676
677 // Translate the signature arguments into verification types.
678 while (!sig_stream.at_return_type()) {
679 int n = change_sig_to_verificationType(&sig_stream, sig_type);
680 assert(n <= 2, "Unexpected signature type");
681
682 // Store verification type(s). Longs and Doubles each have two verificationTypes.
683 for (int x = 0; x < n; x++) {
684 verif_types->push(sig_type[x]);
685 }
686 sig_i += n;
687 sig_stream.next();
688 }
689
690 // Set final arg count, not including the return type. The final arg count will
691 // be compared with sig_verify_types' length to see if there is a return type.
692 sig_verif_types->set_num_args(sig_i);
693
694 // Store verification type(s) for the return type, if there is one.
695 if (sig_stream.type() != T_VOID) {
696 int n = change_sig_to_verificationType(&sig_stream, sig_type);
697 assert(n <= 2, "Unexpected signature return type");
698 for (int y = 0; y < n; y++) {
699 verif_types->push(sig_type[y]);
700 }
701 }
702 }
703
704 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
705 int sig_index) {
706 // Translate the signature into verification types.
707 ConstantPool* cp = _klass->constants();
708 Symbol* const method_sig = cp->symbol_at(sig_index);
709 translate_signature(method_sig, sig_verif_types);
710
711 // Add the list of this signature's verification types to the table.
712 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
713 assert(is_unique, "Duplicate entries in method_signature_table");
714 }
715
716 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
717 HandleMark hm(THREAD);
718 _method = m; // initialize _method
719 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
720
721 // For clang, the only good constant format string is a literal constant format string.
722 #define bad_type_msg "Bad type on operand stack in %s"
723
724 int32_t max_stack = m->verifier_max_stack();
725 int32_t max_locals = m->max_locals();
726 constantPoolHandle cp(THREAD, m->constants());
727
728 // Method signature was checked in ClassFileParser.
729 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
730 "Invalid method signature");
731
732 // Initial stack map frame: offset is 0, stack is initially empty.
733 StackMapFrame current_frame(max_locals, max_stack, this);
734 // Set initial locals
735 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
736
737 int32_t stackmap_index = 0; // index to the stackmap array
738
739 u4 code_length = m->code_size();
740
741 // Scan the bytecode and map each instruction's start offset to a number.
742 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
743
744 int ex_min = code_length;
745 int ex_max = -1;
746 // Look through each item on the exception table. Each of the fields must refer
747 // to a legal instruction.
748 if (was_recursively_verified()) return;
749 verify_exception_handler_table(
750 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
751
752 // Look through each entry on the local variable table and make sure
753 // its range of code array offsets is valid. (4169817)
754 if (m->has_localvariable_table()) {
755 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
756 }
757
758 Array<u1>* stackmap_data = m->stackmap_data();
759 StackMapStream stream(stackmap_data);
760 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
761 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
762 code_data, code_length, CHECK_VERIFY(this));
763
764 LogTarget(Debug, verification) lt;
765 if (lt.is_enabled()) {
766 ResourceMark rm(THREAD);
767 LogStream ls(lt);
768 stackmap_table.print_on(&ls);
769 }
770
771 RawBytecodeStream bcs(m);
772
773 // Scan the byte code linearly from the start to the end
774 bool no_control_flow = false; // Set to true when there is no direct control
775 // flow from current instruction to the next
776 // instruction in sequence
777
778 Bytecodes::Code opcode;
779 while (!bcs.is_last_bytecode()) {
780 // Check for recursive re-verification before each bytecode.
781 if (was_recursively_verified()) return;
782
783 opcode = bcs.raw_next();
784 u2 bci = bcs.bci();
785
786 // Set current frame's offset to bci
787 current_frame.set_offset(bci);
788 current_frame.set_mark();
789
790 // Make sure every offset in stackmap table point to the beginning to
791 // an instruction. Match current_frame to stackmap_table entry with
792 // the same offset if exists.
793 stackmap_index = verify_stackmap_table(
794 stackmap_index, bci, ¤t_frame, &stackmap_table,
795 no_control_flow, CHECK_VERIFY(this));
796
797
798 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
799 bool verified_exc_handlers = false;
800
801 // Merge with the next instruction
802 {
803 u2 index;
804 int target;
805 VerificationType type, type2;
806 VerificationType atype;
807
808 LogTarget(Debug, verification) lt;
809 if (lt.is_enabled()) {
810 ResourceMark rm(THREAD);
811 LogStream ls(lt);
812 current_frame.print_on(&ls);
813 lt.print("offset = %d, opcode = %s", bci,
814 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
815 }
816
817 // Make sure wide instruction is in correct format
818 if (bcs.is_wide()) {
819 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
820 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
821 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
822 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
823 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
824 opcode != Bytecodes::_dstore) {
825 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
826 * if we encounter a wide instruction that modifies an invalid
827 * opcode (not one of the ones listed above) */
828 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
829 return;
830 }
831 }
832
833 // Look for possible jump target in exception handlers and see if it
834 // matches current_frame. Do this check here for astore*, dstore*,
835 // fstore*, istore*, and lstore* opcodes because they can change the type
836 // state by adding a local. JVM Spec says that the incoming type state
837 // should be used for this check. So, do the check here before a possible
838 // local is added to the type state.
839 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
840 if (was_recursively_verified()) return;
841 verify_exception_handler_targets(
842 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
843 verified_exc_handlers = true;
844 }
845
846 if (was_recursively_verified()) return;
847
848 switch (opcode) {
849 case Bytecodes::_nop :
850 no_control_flow = false; break;
851 case Bytecodes::_aconst_null :
852 current_frame.push_stack(
853 VerificationType::null_type(), CHECK_VERIFY(this));
854 no_control_flow = false; break;
855 case Bytecodes::_iconst_m1 :
856 case Bytecodes::_iconst_0 :
857 case Bytecodes::_iconst_1 :
858 case Bytecodes::_iconst_2 :
859 case Bytecodes::_iconst_3 :
860 case Bytecodes::_iconst_4 :
861 case Bytecodes::_iconst_5 :
862 current_frame.push_stack(
863 VerificationType::integer_type(), CHECK_VERIFY(this));
864 no_control_flow = false; break;
865 case Bytecodes::_lconst_0 :
866 case Bytecodes::_lconst_1 :
867 current_frame.push_stack_2(
868 VerificationType::long_type(),
869 VerificationType::long2_type(), CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 case Bytecodes::_fconst_0 :
872 case Bytecodes::_fconst_1 :
873 case Bytecodes::_fconst_2 :
874 current_frame.push_stack(
875 VerificationType::float_type(), CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_dconst_0 :
878 case Bytecodes::_dconst_1 :
879 current_frame.push_stack_2(
880 VerificationType::double_type(),
881 VerificationType::double2_type(), CHECK_VERIFY(this));
882 no_control_flow = false; break;
883 case Bytecodes::_sipush :
884 case Bytecodes::_bipush :
885 current_frame.push_stack(
886 VerificationType::integer_type(), CHECK_VERIFY(this));
887 no_control_flow = false; break;
888 case Bytecodes::_ldc :
889 verify_ldc(
890 opcode, bcs.get_index_u1(), ¤t_frame,
891 cp, bci, CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_ldc_w :
894 case Bytecodes::_ldc2_w :
895 verify_ldc(
896 opcode, bcs.get_index_u2(), ¤t_frame,
897 cp, bci, CHECK_VERIFY(this));
898 no_control_flow = false; break;
899 case Bytecodes::_iload :
900 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_iload_0 :
903 case Bytecodes::_iload_1 :
904 case Bytecodes::_iload_2 :
905 case Bytecodes::_iload_3 :
906 index = opcode - Bytecodes::_iload_0;
907 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
908 no_control_flow = false; break;
909 case Bytecodes::_lload :
910 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
911 no_control_flow = false; break;
912 case Bytecodes::_lload_0 :
913 case Bytecodes::_lload_1 :
914 case Bytecodes::_lload_2 :
915 case Bytecodes::_lload_3 :
916 index = opcode - Bytecodes::_lload_0;
917 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
918 no_control_flow = false; break;
919 case Bytecodes::_fload :
920 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 case Bytecodes::_fload_0 :
923 case Bytecodes::_fload_1 :
924 case Bytecodes::_fload_2 :
925 case Bytecodes::_fload_3 :
926 index = opcode - Bytecodes::_fload_0;
927 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
928 no_control_flow = false; break;
929 case Bytecodes::_dload :
930 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
931 no_control_flow = false; break;
932 case Bytecodes::_dload_0 :
933 case Bytecodes::_dload_1 :
934 case Bytecodes::_dload_2 :
935 case Bytecodes::_dload_3 :
936 index = opcode - Bytecodes::_dload_0;
937 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
938 no_control_flow = false; break;
939 case Bytecodes::_aload :
940 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
941 no_control_flow = false; break;
942 case Bytecodes::_aload_0 :
943 case Bytecodes::_aload_1 :
944 case Bytecodes::_aload_2 :
945 case Bytecodes::_aload_3 :
946 index = opcode - Bytecodes::_aload_0;
947 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
948 no_control_flow = false; break;
949 case Bytecodes::_iaload :
950 type = current_frame.pop_stack(
951 VerificationType::integer_type(), CHECK_VERIFY(this));
952 atype = current_frame.pop_stack(
953 VerificationType::reference_check(), CHECK_VERIFY(this));
954 if (!atype.is_int_array()) {
955 verify_error(ErrorContext::bad_type(bci,
956 current_frame.stack_top_ctx(), ref_ctx("[I")),
957 bad_type_msg, "iaload");
958 return;
959 }
960 current_frame.push_stack(
961 VerificationType::integer_type(), CHECK_VERIFY(this));
962 no_control_flow = false; break;
963 case Bytecodes::_baload :
964 type = current_frame.pop_stack(
965 VerificationType::integer_type(), CHECK_VERIFY(this));
966 atype = current_frame.pop_stack(
967 VerificationType::reference_check(), CHECK_VERIFY(this));
968 if (!atype.is_bool_array() && !atype.is_byte_array()) {
969 verify_error(
970 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
971 bad_type_msg, "baload");
972 return;
973 }
974 current_frame.push_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 no_control_flow = false; break;
977 case Bytecodes::_caload :
978 type = current_frame.pop_stack(
979 VerificationType::integer_type(), CHECK_VERIFY(this));
980 atype = current_frame.pop_stack(
981 VerificationType::reference_check(), CHECK_VERIFY(this));
982 if (!atype.is_char_array()) {
983 verify_error(ErrorContext::bad_type(bci,
984 current_frame.stack_top_ctx(), ref_ctx("[C")),
985 bad_type_msg, "caload");
986 return;
987 }
988 current_frame.push_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 no_control_flow = false; break;
991 case Bytecodes::_saload :
992 type = current_frame.pop_stack(
993 VerificationType::integer_type(), CHECK_VERIFY(this));
994 atype = current_frame.pop_stack(
995 VerificationType::reference_check(), CHECK_VERIFY(this));
996 if (!atype.is_short_array()) {
997 verify_error(ErrorContext::bad_type(bci,
998 current_frame.stack_top_ctx(), ref_ctx("[S")),
999 bad_type_msg, "saload");
1000 return;
1001 }
1002 current_frame.push_stack(
1003 VerificationType::integer_type(), CHECK_VERIFY(this));
1004 no_control_flow = false; break;
1005 case Bytecodes::_laload :
1006 type = current_frame.pop_stack(
1007 VerificationType::integer_type(), CHECK_VERIFY(this));
1008 atype = current_frame.pop_stack(
1009 VerificationType::reference_check(), CHECK_VERIFY(this));
1010 if (!atype.is_long_array()) {
1011 verify_error(ErrorContext::bad_type(bci,
1012 current_frame.stack_top_ctx(), ref_ctx("[J")),
1013 bad_type_msg, "laload");
1014 return;
1015 }
1016 current_frame.push_stack_2(
1017 VerificationType::long_type(),
1018 VerificationType::long2_type(), CHECK_VERIFY(this));
1019 no_control_flow = false; break;
1020 case Bytecodes::_faload :
1021 type = current_frame.pop_stack(
1022 VerificationType::integer_type(), CHECK_VERIFY(this));
1023 atype = current_frame.pop_stack(
1024 VerificationType::reference_check(), CHECK_VERIFY(this));
1025 if (!atype.is_float_array()) {
1026 verify_error(ErrorContext::bad_type(bci,
1027 current_frame.stack_top_ctx(), ref_ctx("[F")),
1028 bad_type_msg, "faload");
1029 return;
1030 }
1031 current_frame.push_stack(
1032 VerificationType::float_type(), CHECK_VERIFY(this));
1033 no_control_flow = false; break;
1034 case Bytecodes::_daload :
1035 type = current_frame.pop_stack(
1036 VerificationType::integer_type(), CHECK_VERIFY(this));
1037 atype = current_frame.pop_stack(
1038 VerificationType::reference_check(), CHECK_VERIFY(this));
1039 if (!atype.is_double_array()) {
1040 verify_error(ErrorContext::bad_type(bci,
1041 current_frame.stack_top_ctx(), ref_ctx("[D")),
1042 bad_type_msg, "daload");
1043 return;
1044 }
1045 current_frame.push_stack_2(
1046 VerificationType::double_type(),
1047 VerificationType::double2_type(), CHECK_VERIFY(this));
1048 no_control_flow = false; break;
1049 case Bytecodes::_aaload : {
1050 type = current_frame.pop_stack(
1051 VerificationType::integer_type(), CHECK_VERIFY(this));
1052 atype = current_frame.pop_stack(
1053 VerificationType::reference_check(), CHECK_VERIFY(this));
1054 if (!atype.is_nonscalar_array()) {
1055 verify_error(ErrorContext::bad_type(bci,
1056 current_frame.stack_top_ctx(),
1057 TypeOrigin::implicit(VerificationType::reference_check())),
1058 bad_type_msg, "aaload");
1059 return;
1060 }
1061 if (atype.is_null()) {
1062 current_frame.push_stack(
1063 VerificationType::null_type(), CHECK_VERIFY(this));
1064 } else {
1065 VerificationType component = atype.get_component(this);
1066 current_frame.push_stack(component, CHECK_VERIFY(this));
1067 }
1068 no_control_flow = false; break;
1069 }
1070 case Bytecodes::_istore :
1071 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1072 no_control_flow = false; break;
1073 case Bytecodes::_istore_0 :
1074 case Bytecodes::_istore_1 :
1075 case Bytecodes::_istore_2 :
1076 case Bytecodes::_istore_3 :
1077 index = opcode - Bytecodes::_istore_0;
1078 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1079 no_control_flow = false; break;
1080 case Bytecodes::_lstore :
1081 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1082 no_control_flow = false; break;
1083 case Bytecodes::_lstore_0 :
1084 case Bytecodes::_lstore_1 :
1085 case Bytecodes::_lstore_2 :
1086 case Bytecodes::_lstore_3 :
1087 index = opcode - Bytecodes::_lstore_0;
1088 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1089 no_control_flow = false; break;
1090 case Bytecodes::_fstore :
1091 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1092 no_control_flow = false; break;
1093 case Bytecodes::_fstore_0 :
1094 case Bytecodes::_fstore_1 :
1095 case Bytecodes::_fstore_2 :
1096 case Bytecodes::_fstore_3 :
1097 index = opcode - Bytecodes::_fstore_0;
1098 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1099 no_control_flow = false; break;
1100 case Bytecodes::_dstore :
1101 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1102 no_control_flow = false; break;
1103 case Bytecodes::_dstore_0 :
1104 case Bytecodes::_dstore_1 :
1105 case Bytecodes::_dstore_2 :
1106 case Bytecodes::_dstore_3 :
1107 index = opcode - Bytecodes::_dstore_0;
1108 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1109 no_control_flow = false; break;
1110 case Bytecodes::_astore :
1111 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1112 no_control_flow = false; break;
1113 case Bytecodes::_astore_0 :
1114 case Bytecodes::_astore_1 :
1115 case Bytecodes::_astore_2 :
1116 case Bytecodes::_astore_3 :
1117 index = opcode - Bytecodes::_astore_0;
1118 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1119 no_control_flow = false; break;
1120 case Bytecodes::_iastore :
1121 type = current_frame.pop_stack(
1122 VerificationType::integer_type(), CHECK_VERIFY(this));
1123 type2 = current_frame.pop_stack(
1124 VerificationType::integer_type(), CHECK_VERIFY(this));
1125 atype = current_frame.pop_stack(
1126 VerificationType::reference_check(), CHECK_VERIFY(this));
1127 if (!atype.is_int_array()) {
1128 verify_error(ErrorContext::bad_type(bci,
1129 current_frame.stack_top_ctx(), ref_ctx("[I")),
1130 bad_type_msg, "iastore");
1131 return;
1132 }
1133 no_control_flow = false; break;
1134 case Bytecodes::_bastore :
1135 type = current_frame.pop_stack(
1136 VerificationType::integer_type(), CHECK_VERIFY(this));
1137 type2 = current_frame.pop_stack(
1138 VerificationType::integer_type(), CHECK_VERIFY(this));
1139 atype = current_frame.pop_stack(
1140 VerificationType::reference_check(), CHECK_VERIFY(this));
1141 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1142 verify_error(
1143 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1144 bad_type_msg, "bastore");
1145 return;
1146 }
1147 no_control_flow = false; break;
1148 case Bytecodes::_castore :
1149 current_frame.pop_stack(
1150 VerificationType::integer_type(), CHECK_VERIFY(this));
1151 current_frame.pop_stack(
1152 VerificationType::integer_type(), CHECK_VERIFY(this));
1153 atype = current_frame.pop_stack(
1154 VerificationType::reference_check(), CHECK_VERIFY(this));
1155 if (!atype.is_char_array()) {
1156 verify_error(ErrorContext::bad_type(bci,
1157 current_frame.stack_top_ctx(), ref_ctx("[C")),
1158 bad_type_msg, "castore");
1159 return;
1160 }
1161 no_control_flow = false; break;
1162 case Bytecodes::_sastore :
1163 current_frame.pop_stack(
1164 VerificationType::integer_type(), CHECK_VERIFY(this));
1165 current_frame.pop_stack(
1166 VerificationType::integer_type(), CHECK_VERIFY(this));
1167 atype = current_frame.pop_stack(
1168 VerificationType::reference_check(), CHECK_VERIFY(this));
1169 if (!atype.is_short_array()) {
1170 verify_error(ErrorContext::bad_type(bci,
1171 current_frame.stack_top_ctx(), ref_ctx("[S")),
1172 bad_type_msg, "sastore");
1173 return;
1174 }
1175 no_control_flow = false; break;
1176 case Bytecodes::_lastore :
1177 current_frame.pop_stack_2(
1178 VerificationType::long2_type(),
1179 VerificationType::long_type(), CHECK_VERIFY(this));
1180 current_frame.pop_stack(
1181 VerificationType::integer_type(), CHECK_VERIFY(this));
1182 atype = current_frame.pop_stack(
1183 VerificationType::reference_check(), CHECK_VERIFY(this));
1184 if (!atype.is_long_array()) {
1185 verify_error(ErrorContext::bad_type(bci,
1186 current_frame.stack_top_ctx(), ref_ctx("[J")),
1187 bad_type_msg, "lastore");
1188 return;
1189 }
1190 no_control_flow = false; break;
1191 case Bytecodes::_fastore :
1192 current_frame.pop_stack(
1193 VerificationType::float_type(), CHECK_VERIFY(this));
1194 current_frame.pop_stack
1195 (VerificationType::integer_type(), CHECK_VERIFY(this));
1196 atype = current_frame.pop_stack(
1197 VerificationType::reference_check(), CHECK_VERIFY(this));
1198 if (!atype.is_float_array()) {
1199 verify_error(ErrorContext::bad_type(bci,
1200 current_frame.stack_top_ctx(), ref_ctx("[F")),
1201 bad_type_msg, "fastore");
1202 return;
1203 }
1204 no_control_flow = false; break;
1205 case Bytecodes::_dastore :
1206 current_frame.pop_stack_2(
1207 VerificationType::double2_type(),
1208 VerificationType::double_type(), CHECK_VERIFY(this));
1209 current_frame.pop_stack(
1210 VerificationType::integer_type(), CHECK_VERIFY(this));
1211 atype = current_frame.pop_stack(
1212 VerificationType::reference_check(), CHECK_VERIFY(this));
1213 if (!atype.is_double_array()) {
1214 verify_error(ErrorContext::bad_type(bci,
1215 current_frame.stack_top_ctx(), ref_ctx("[D")),
1216 bad_type_msg, "dastore");
1217 return;
1218 }
1219 no_control_flow = false; break;
1220 case Bytecodes::_aastore :
1221 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1222 type2 = current_frame.pop_stack(
1223 VerificationType::integer_type(), CHECK_VERIFY(this));
1224 atype = current_frame.pop_stack(
1225 VerificationType::reference_check(), CHECK_VERIFY(this));
1226 // more type-checking is done at runtime
1227 if (!atype.is_nonscalar_array()) {
1228 verify_error(ErrorContext::bad_type(bci,
1229 current_frame.stack_top_ctx(),
1230 TypeOrigin::implicit(VerificationType::reference_check())),
1231 bad_type_msg, "aastore");
1232 return;
1233 }
1234 // 4938384: relaxed constraint in JVMS 3rd edition.
1235 no_control_flow = false; break;
1236 case Bytecodes::_pop :
1237 current_frame.pop_stack(
1238 VerificationType::category1_check(), CHECK_VERIFY(this));
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop2 :
1241 type = current_frame.pop_stack(CHECK_VERIFY(this));
1242 if (type.is_category1()) {
1243 current_frame.pop_stack(
1244 VerificationType::category1_check(), CHECK_VERIFY(this));
1245 } else if (type.is_category2_2nd()) {
1246 current_frame.pop_stack(
1247 VerificationType::category2_check(), CHECK_VERIFY(this));
1248 } else {
1249 /* Unreachable? Would need a category2_1st on TOS
1250 * which does not appear possible. */
1251 verify_error(
1252 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1253 bad_type_msg, "pop2");
1254 return;
1255 }
1256 no_control_flow = false; break;
1257 case Bytecodes::_dup :
1258 type = current_frame.pop_stack(
1259 VerificationType::category1_check(), CHECK_VERIFY(this));
1260 current_frame.push_stack(type, CHECK_VERIFY(this));
1261 current_frame.push_stack(type, CHECK_VERIFY(this));
1262 no_control_flow = false; break;
1263 case Bytecodes::_dup_x1 :
1264 type = current_frame.pop_stack(
1265 VerificationType::category1_check(), CHECK_VERIFY(this));
1266 type2 = current_frame.pop_stack(
1267 VerificationType::category1_check(), CHECK_VERIFY(this));
1268 current_frame.push_stack(type, CHECK_VERIFY(this));
1269 current_frame.push_stack(type2, CHECK_VERIFY(this));
1270 current_frame.push_stack(type, CHECK_VERIFY(this));
1271 no_control_flow = false; break;
1272 case Bytecodes::_dup_x2 :
1273 {
1274 VerificationType type3;
1275 type = current_frame.pop_stack(
1276 VerificationType::category1_check(), CHECK_VERIFY(this));
1277 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1278 if (type2.is_category1()) {
1279 type3 = current_frame.pop_stack(
1280 VerificationType::category1_check(), CHECK_VERIFY(this));
1281 } else if (type2.is_category2_2nd()) {
1282 type3 = current_frame.pop_stack(
1283 VerificationType::category2_check(), CHECK_VERIFY(this));
1284 } else {
1285 /* Unreachable? Would need a category2_1st at stack depth 2 with
1286 * a category1 on TOS which does not appear possible. */
1287 verify_error(ErrorContext::bad_type(
1288 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1289 return;
1290 }
1291 current_frame.push_stack(type, CHECK_VERIFY(this));
1292 current_frame.push_stack(type3, CHECK_VERIFY(this));
1293 current_frame.push_stack(type2, CHECK_VERIFY(this));
1294 current_frame.push_stack(type, CHECK_VERIFY(this));
1295 no_control_flow = false; break;
1296 }
1297 case Bytecodes::_dup2 :
1298 type = current_frame.pop_stack(CHECK_VERIFY(this));
1299 if (type.is_category1()) {
1300 type2 = current_frame.pop_stack(
1301 VerificationType::category1_check(), CHECK_VERIFY(this));
1302 } else if (type.is_category2_2nd()) {
1303 type2 = current_frame.pop_stack(
1304 VerificationType::category2_check(), CHECK_VERIFY(this));
1305 } else {
1306 /* Unreachable? Would need a category2_1st on TOS which does not
1307 * appear possible. */
1308 verify_error(
1309 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1310 bad_type_msg, "dup2");
1311 return;
1312 }
1313 current_frame.push_stack(type2, CHECK_VERIFY(this));
1314 current_frame.push_stack(type, CHECK_VERIFY(this));
1315 current_frame.push_stack(type2, CHECK_VERIFY(this));
1316 current_frame.push_stack(type, CHECK_VERIFY(this));
1317 no_control_flow = false; break;
1318 case Bytecodes::_dup2_x1 :
1319 {
1320 VerificationType type3;
1321 type = current_frame.pop_stack(CHECK_VERIFY(this));
1322 if (type.is_category1()) {
1323 type2 = current_frame.pop_stack(
1324 VerificationType::category1_check(), CHECK_VERIFY(this));
1325 } else if (type.is_category2_2nd()) {
1326 type2 = current_frame.pop_stack(
1327 VerificationType::category2_check(), CHECK_VERIFY(this));
1328 } else {
1329 /* Unreachable? Would need a category2_1st on TOS which does
1330 * not appear possible. */
1331 verify_error(
1332 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1333 bad_type_msg, "dup2_x1");
1334 return;
1335 }
1336 type3 = current_frame.pop_stack(
1337 VerificationType::category1_check(), CHECK_VERIFY(this));
1338 current_frame.push_stack(type2, CHECK_VERIFY(this));
1339 current_frame.push_stack(type, CHECK_VERIFY(this));
1340 current_frame.push_stack(type3, CHECK_VERIFY(this));
1341 current_frame.push_stack(type2, CHECK_VERIFY(this));
1342 current_frame.push_stack(type, CHECK_VERIFY(this));
1343 no_control_flow = false; break;
1344 }
1345 case Bytecodes::_dup2_x2 :
1346 {
1347 VerificationType type3, type4;
1348 type = current_frame.pop_stack(CHECK_VERIFY(this));
1349 if (type.is_category1()) {
1350 type2 = current_frame.pop_stack(
1351 VerificationType::category1_check(), CHECK_VERIFY(this));
1352 } else if (type.is_category2_2nd()) {
1353 type2 = current_frame.pop_stack(
1354 VerificationType::category2_check(), CHECK_VERIFY(this));
1355 } else {
1356 /* Unreachable? Would need a category2_1st on TOS which does
1357 * not appear possible. */
1358 verify_error(
1359 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1360 bad_type_msg, "dup2_x2");
1361 return;
1362 }
1363 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1364 if (type3.is_category1()) {
1365 type4 = current_frame.pop_stack(
1366 VerificationType::category1_check(), CHECK_VERIFY(this));
1367 } else if (type3.is_category2_2nd()) {
1368 type4 = current_frame.pop_stack(
1369 VerificationType::category2_check(), CHECK_VERIFY(this));
1370 } else {
1371 /* Unreachable? Would need a category2_1st on TOS after popping
1372 * a long/double or two category 1's, which does not
1373 * appear possible. */
1374 verify_error(
1375 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1376 bad_type_msg, "dup2_x2");
1377 return;
1378 }
1379 current_frame.push_stack(type2, CHECK_VERIFY(this));
1380 current_frame.push_stack(type, CHECK_VERIFY(this));
1381 current_frame.push_stack(type4, CHECK_VERIFY(this));
1382 current_frame.push_stack(type3, CHECK_VERIFY(this));
1383 current_frame.push_stack(type2, CHECK_VERIFY(this));
1384 current_frame.push_stack(type, CHECK_VERIFY(this));
1385 no_control_flow = false; break;
1386 }
1387 case Bytecodes::_swap :
1388 type = current_frame.pop_stack(
1389 VerificationType::category1_check(), CHECK_VERIFY(this));
1390 type2 = current_frame.pop_stack(
1391 VerificationType::category1_check(), CHECK_VERIFY(this));
1392 current_frame.push_stack(type, CHECK_VERIFY(this));
1393 current_frame.push_stack(type2, CHECK_VERIFY(this));
1394 no_control_flow = false; break;
1395 case Bytecodes::_iadd :
1396 case Bytecodes::_isub :
1397 case Bytecodes::_imul :
1398 case Bytecodes::_idiv :
1399 case Bytecodes::_irem :
1400 case Bytecodes::_ishl :
1401 case Bytecodes::_ishr :
1402 case Bytecodes::_iushr :
1403 case Bytecodes::_ior :
1404 case Bytecodes::_ixor :
1405 case Bytecodes::_iand :
1406 current_frame.pop_stack(
1407 VerificationType::integer_type(), CHECK_VERIFY(this));
1408 // fall through
1409 case Bytecodes::_ineg :
1410 current_frame.pop_stack(
1411 VerificationType::integer_type(), CHECK_VERIFY(this));
1412 current_frame.push_stack(
1413 VerificationType::integer_type(), CHECK_VERIFY(this));
1414 no_control_flow = false; break;
1415 case Bytecodes::_ladd :
1416 case Bytecodes::_lsub :
1417 case Bytecodes::_lmul :
1418 case Bytecodes::_ldiv :
1419 case Bytecodes::_lrem :
1420 case Bytecodes::_land :
1421 case Bytecodes::_lor :
1422 case Bytecodes::_lxor :
1423 current_frame.pop_stack_2(
1424 VerificationType::long2_type(),
1425 VerificationType::long_type(), CHECK_VERIFY(this));
1426 // fall through
1427 case Bytecodes::_lneg :
1428 current_frame.pop_stack_2(
1429 VerificationType::long2_type(),
1430 VerificationType::long_type(), CHECK_VERIFY(this));
1431 current_frame.push_stack_2(
1432 VerificationType::long_type(),
1433 VerificationType::long2_type(), CHECK_VERIFY(this));
1434 no_control_flow = false; break;
1435 case Bytecodes::_lshl :
1436 case Bytecodes::_lshr :
1437 case Bytecodes::_lushr :
1438 current_frame.pop_stack(
1439 VerificationType::integer_type(), CHECK_VERIFY(this));
1440 current_frame.pop_stack_2(
1441 VerificationType::long2_type(),
1442 VerificationType::long_type(), CHECK_VERIFY(this));
1443 current_frame.push_stack_2(
1444 VerificationType::long_type(),
1445 VerificationType::long2_type(), CHECK_VERIFY(this));
1446 no_control_flow = false; break;
1447 case Bytecodes::_fadd :
1448 case Bytecodes::_fsub :
1449 case Bytecodes::_fmul :
1450 case Bytecodes::_fdiv :
1451 case Bytecodes::_frem :
1452 current_frame.pop_stack(
1453 VerificationType::float_type(), CHECK_VERIFY(this));
1454 // fall through
1455 case Bytecodes::_fneg :
1456 current_frame.pop_stack(
1457 VerificationType::float_type(), CHECK_VERIFY(this));
1458 current_frame.push_stack(
1459 VerificationType::float_type(), CHECK_VERIFY(this));
1460 no_control_flow = false; break;
1461 case Bytecodes::_dadd :
1462 case Bytecodes::_dsub :
1463 case Bytecodes::_dmul :
1464 case Bytecodes::_ddiv :
1465 case Bytecodes::_drem :
1466 current_frame.pop_stack_2(
1467 VerificationType::double2_type(),
1468 VerificationType::double_type(), CHECK_VERIFY(this));
1469 // fall through
1470 case Bytecodes::_dneg :
1471 current_frame.pop_stack_2(
1472 VerificationType::double2_type(),
1473 VerificationType::double_type(), CHECK_VERIFY(this));
1474 current_frame.push_stack_2(
1475 VerificationType::double_type(),
1476 VerificationType::double2_type(), CHECK_VERIFY(this));
1477 no_control_flow = false; break;
1478 case Bytecodes::_iinc :
1479 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1480 no_control_flow = false; break;
1481 case Bytecodes::_i2l :
1482 type = current_frame.pop_stack(
1483 VerificationType::integer_type(), CHECK_VERIFY(this));
1484 current_frame.push_stack_2(
1485 VerificationType::long_type(),
1486 VerificationType::long2_type(), CHECK_VERIFY(this));
1487 no_control_flow = false; break;
1488 case Bytecodes::_l2i :
1489 current_frame.pop_stack_2(
1490 VerificationType::long2_type(),
1491 VerificationType::long_type(), CHECK_VERIFY(this));
1492 current_frame.push_stack(
1493 VerificationType::integer_type(), CHECK_VERIFY(this));
1494 no_control_flow = false; break;
1495 case Bytecodes::_i2f :
1496 current_frame.pop_stack(
1497 VerificationType::integer_type(), CHECK_VERIFY(this));
1498 current_frame.push_stack(
1499 VerificationType::float_type(), CHECK_VERIFY(this));
1500 no_control_flow = false; break;
1501 case Bytecodes::_i2d :
1502 current_frame.pop_stack(
1503 VerificationType::integer_type(), CHECK_VERIFY(this));
1504 current_frame.push_stack_2(
1505 VerificationType::double_type(),
1506 VerificationType::double2_type(), CHECK_VERIFY(this));
1507 no_control_flow = false; break;
1508 case Bytecodes::_l2f :
1509 current_frame.pop_stack_2(
1510 VerificationType::long2_type(),
1511 VerificationType::long_type(), CHECK_VERIFY(this));
1512 current_frame.push_stack(
1513 VerificationType::float_type(), CHECK_VERIFY(this));
1514 no_control_flow = false; break;
1515 case Bytecodes::_l2d :
1516 current_frame.pop_stack_2(
1517 VerificationType::long2_type(),
1518 VerificationType::long_type(), CHECK_VERIFY(this));
1519 current_frame.push_stack_2(
1520 VerificationType::double_type(),
1521 VerificationType::double2_type(), CHECK_VERIFY(this));
1522 no_control_flow = false; break;
1523 case Bytecodes::_f2i :
1524 current_frame.pop_stack(
1525 VerificationType::float_type(), CHECK_VERIFY(this));
1526 current_frame.push_stack(
1527 VerificationType::integer_type(), CHECK_VERIFY(this));
1528 no_control_flow = false; break;
1529 case Bytecodes::_f2l :
1530 current_frame.pop_stack(
1531 VerificationType::float_type(), CHECK_VERIFY(this));
1532 current_frame.push_stack_2(
1533 VerificationType::long_type(),
1534 VerificationType::long2_type(), CHECK_VERIFY(this));
1535 no_control_flow = false; break;
1536 case Bytecodes::_f2d :
1537 current_frame.pop_stack(
1538 VerificationType::float_type(), CHECK_VERIFY(this));
1539 current_frame.push_stack_2(
1540 VerificationType::double_type(),
1541 VerificationType::double2_type(), CHECK_VERIFY(this));
1542 no_control_flow = false; break;
1543 case Bytecodes::_d2i :
1544 current_frame.pop_stack_2(
1545 VerificationType::double2_type(),
1546 VerificationType::double_type(), CHECK_VERIFY(this));
1547 current_frame.push_stack(
1548 VerificationType::integer_type(), CHECK_VERIFY(this));
1549 no_control_flow = false; break;
1550 case Bytecodes::_d2l :
1551 current_frame.pop_stack_2(
1552 VerificationType::double2_type(),
1553 VerificationType::double_type(), CHECK_VERIFY(this));
1554 current_frame.push_stack_2(
1555 VerificationType::long_type(),
1556 VerificationType::long2_type(), CHECK_VERIFY(this));
1557 no_control_flow = false; break;
1558 case Bytecodes::_d2f :
1559 current_frame.pop_stack_2(
1560 VerificationType::double2_type(),
1561 VerificationType::double_type(), CHECK_VERIFY(this));
1562 current_frame.push_stack(
1563 VerificationType::float_type(), CHECK_VERIFY(this));
1564 no_control_flow = false; break;
1565 case Bytecodes::_i2b :
1566 case Bytecodes::_i2c :
1567 case Bytecodes::_i2s :
1568 current_frame.pop_stack(
1569 VerificationType::integer_type(), CHECK_VERIFY(this));
1570 current_frame.push_stack(
1571 VerificationType::integer_type(), CHECK_VERIFY(this));
1572 no_control_flow = false; break;
1573 case Bytecodes::_lcmp :
1574 current_frame.pop_stack_2(
1575 VerificationType::long2_type(),
1576 VerificationType::long_type(), CHECK_VERIFY(this));
1577 current_frame.pop_stack_2(
1578 VerificationType::long2_type(),
1579 VerificationType::long_type(), CHECK_VERIFY(this));
1580 current_frame.push_stack(
1581 VerificationType::integer_type(), CHECK_VERIFY(this));
1582 no_control_flow = false; break;
1583 case Bytecodes::_fcmpl :
1584 case Bytecodes::_fcmpg :
1585 current_frame.pop_stack(
1586 VerificationType::float_type(), CHECK_VERIFY(this));
1587 current_frame.pop_stack(
1588 VerificationType::float_type(), CHECK_VERIFY(this));
1589 current_frame.push_stack(
1590 VerificationType::integer_type(), CHECK_VERIFY(this));
1591 no_control_flow = false; break;
1592 case Bytecodes::_dcmpl :
1593 case Bytecodes::_dcmpg :
1594 current_frame.pop_stack_2(
1595 VerificationType::double2_type(),
1596 VerificationType::double_type(), CHECK_VERIFY(this));
1597 current_frame.pop_stack_2(
1598 VerificationType::double2_type(),
1599 VerificationType::double_type(), CHECK_VERIFY(this));
1600 current_frame.push_stack(
1601 VerificationType::integer_type(), CHECK_VERIFY(this));
1602 no_control_flow = false; break;
1603 case Bytecodes::_if_icmpeq:
1604 case Bytecodes::_if_icmpne:
1605 case Bytecodes::_if_icmplt:
1606 case Bytecodes::_if_icmpge:
1607 case Bytecodes::_if_icmpgt:
1608 case Bytecodes::_if_icmple:
1609 current_frame.pop_stack(
1610 VerificationType::integer_type(), CHECK_VERIFY(this));
1611 // fall through
1612 case Bytecodes::_ifeq:
1613 case Bytecodes::_ifne:
1614 case Bytecodes::_iflt:
1615 case Bytecodes::_ifge:
1616 case Bytecodes::_ifgt:
1617 case Bytecodes::_ifle:
1618 current_frame.pop_stack(
1619 VerificationType::integer_type(), CHECK_VERIFY(this));
1620 target = bcs.dest();
1621 stackmap_table.check_jump_target(
1622 ¤t_frame, target, CHECK_VERIFY(this));
1623 no_control_flow = false; break;
1624 case Bytecodes::_if_acmpeq :
1625 case Bytecodes::_if_acmpne :
1626 current_frame.pop_stack(
1627 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1628 // fall through
1629 case Bytecodes::_ifnull :
1630 case Bytecodes::_ifnonnull :
1631 current_frame.pop_stack(
1632 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1633 target = bcs.dest();
1634 stackmap_table.check_jump_target
1635 (¤t_frame, target, CHECK_VERIFY(this));
1636 no_control_flow = false; break;
1637 case Bytecodes::_goto :
1638 target = bcs.dest();
1639 stackmap_table.check_jump_target(
1640 ¤t_frame, target, CHECK_VERIFY(this));
1641 no_control_flow = true; break;
1642 case Bytecodes::_goto_w :
1643 target = bcs.dest_w();
1644 stackmap_table.check_jump_target(
1645 ¤t_frame, target, CHECK_VERIFY(this));
1646 no_control_flow = true; break;
1647 case Bytecodes::_tableswitch :
1648 case Bytecodes::_lookupswitch :
1649 verify_switch(
1650 &bcs, code_length, code_data, ¤t_frame,
1651 &stackmap_table, CHECK_VERIFY(this));
1652 no_control_flow = true; break;
1653 case Bytecodes::_ireturn :
1654 type = current_frame.pop_stack(
1655 VerificationType::integer_type(), CHECK_VERIFY(this));
1656 verify_return_value(return_type, type, bci,
1657 ¤t_frame, CHECK_VERIFY(this));
1658 no_control_flow = true; break;
1659 case Bytecodes::_lreturn :
1660 type2 = current_frame.pop_stack(
1661 VerificationType::long2_type(), CHECK_VERIFY(this));
1662 type = current_frame.pop_stack(
1663 VerificationType::long_type(), CHECK_VERIFY(this));
1664 verify_return_value(return_type, type, bci,
1665 ¤t_frame, CHECK_VERIFY(this));
1666 no_control_flow = true; break;
1667 case Bytecodes::_freturn :
1668 type = current_frame.pop_stack(
1669 VerificationType::float_type(), CHECK_VERIFY(this));
1670 verify_return_value(return_type, type, bci,
1671 ¤t_frame, CHECK_VERIFY(this));
1672 no_control_flow = true; break;
1673 case Bytecodes::_dreturn :
1674 type2 = current_frame.pop_stack(
1675 VerificationType::double2_type(), CHECK_VERIFY(this));
1676 type = current_frame.pop_stack(
1677 VerificationType::double_type(), CHECK_VERIFY(this));
1678 verify_return_value(return_type, type, bci,
1679 ¤t_frame, CHECK_VERIFY(this));
1680 no_control_flow = true; break;
1681 case Bytecodes::_areturn :
1682 type = current_frame.pop_stack(
1683 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1684 verify_return_value(return_type, type, bci,
1685 ¤t_frame, CHECK_VERIFY(this));
1686 no_control_flow = true; break;
1687 case Bytecodes::_return :
1688 if (return_type != VerificationType::bogus_type()) {
1689 verify_error(ErrorContext::bad_code(bci),
1690 "Method expects a return value");
1691 return;
1692 }
1693 // Make sure "this" has been initialized if current method is an
1694 // <init>.
1695 if (_method->is_object_constructor() &&
1696 current_frame.flag_this_uninit()) {
1697 verify_error(ErrorContext::bad_code(bci),
1698 "Constructor must call super() or this() "
1699 "before return");
1700 return;
1701 }
1702 no_control_flow = true; break;
1703 case Bytecodes::_getstatic :
1704 case Bytecodes::_putstatic :
1705 // pass TRUE, operand can be an array type for getstatic/putstatic.
1706 verify_field_instructions(
1707 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1708 no_control_flow = false; break;
1709 case Bytecodes::_getfield :
1710 case Bytecodes::_putfield :
1711 // pass FALSE, operand can't be an array type for getfield/putfield.
1712 verify_field_instructions(
1713 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1714 no_control_flow = false; break;
1715 case Bytecodes::_withfield :
1716 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1717 class_format_error(
1718 "withfield not supported by this class file version (%d.%d), class %s",
1719 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1720 return;
1721 }
1722 // pass FALSE, operand can't be an array type for withfield.
1723 verify_field_instructions(
1724 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1725 no_control_flow = false; break;
1726 case Bytecodes::_invokevirtual :
1727 case Bytecodes::_invokespecial :
1728 case Bytecodes::_invokestatic :
1729 case Bytecodes::_invokeinterface :
1730 case Bytecodes::_invokedynamic :
1731 verify_invoke_instructions(
1732 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1733 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1734 no_control_flow = false; break;
1735 case Bytecodes::_new :
1736 {
1737 index = bcs.get_index_u2();
1738 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1739 VerificationType new_class_type =
1740 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1741 if (!new_class_type.is_object()) {
1742 verify_error(ErrorContext::bad_type(bci,
1743 TypeOrigin::cp(index, new_class_type)),
1744 "Illegal new instruction");
1745 return;
1746 }
1747 type = VerificationType::uninitialized_type(bci);
1748 current_frame.push_stack(type, CHECK_VERIFY(this));
1749 no_control_flow = false; break;
1750 }
1751 case Bytecodes::_aconst_init :
1752 {
1753 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1754 class_format_error(
1755 "aconst_init not supported by this class file version (%d.%d), class %s",
1756 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1757 return;
1758 }
1759 index = bcs.get_index_u2();
1760 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1761 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1762 if (!ref_type.is_object()) {
1763 verify_error(ErrorContext::bad_type(bci,
1764 TypeOrigin::cp(index, ref_type)),
1765 "Illegal aconst_init instruction");
1766 return;
1767 }
1768 VerificationType inline_type =
1769 VerificationType::change_ref_to_inline_type(ref_type);
1770 current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1771 no_control_flow = false; break;
1772 }
1773 case Bytecodes::_newarray :
1774 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1775 current_frame.pop_stack(
1776 VerificationType::integer_type(), CHECK_VERIFY(this));
1777 current_frame.push_stack(type, CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 case Bytecodes::_anewarray :
1780 verify_anewarray(
1781 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1782 no_control_flow = false; break;
1783 case Bytecodes::_arraylength :
1784 type = current_frame.pop_stack(
1785 VerificationType::reference_check(), CHECK_VERIFY(this));
1786 if (!(type.is_null() || type.is_array())) {
1787 verify_error(ErrorContext::bad_type(
1788 bci, current_frame.stack_top_ctx()),
1789 bad_type_msg, "arraylength");
1790 }
1791 current_frame.push_stack(
1792 VerificationType::integer_type(), CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 case Bytecodes::_checkcast :
1795 {
1796 index = bcs.get_index_u2();
1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799 VerificationType klass_type = cp_index_to_type(
1800 index, cp, CHECK_VERIFY(this));
1801 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1802 no_control_flow = false; break;
1803 }
1804 case Bytecodes::_instanceof : {
1805 index = bcs.get_index_u2();
1806 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1807 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1808 current_frame.push_stack(
1809 VerificationType::integer_type(), CHECK_VERIFY(this));
1810 no_control_flow = false; break;
1811 }
1812 case Bytecodes::_monitorenter :
1813 case Bytecodes::_monitorexit : {
1814 VerificationType ref = current_frame.pop_stack(
1815 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1816 no_control_flow = false; break;
1817 }
1818 case Bytecodes::_multianewarray :
1819 {
1820 index = bcs.get_index_u2();
1821 u2 dim = *(bcs.bcp()+3);
1822 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1823 VerificationType new_array_type =
1824 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1825 if (!new_array_type.is_array()) {
1826 verify_error(ErrorContext::bad_type(bci,
1827 TypeOrigin::cp(index, new_array_type)),
1828 "Illegal constant pool index in multianewarray instruction");
1829 return;
1830 }
1831 if (dim < 1 || new_array_type.dimensions() < dim) {
1832 verify_error(ErrorContext::bad_code(bci),
1833 "Illegal dimension in multianewarray instruction: %d", dim);
1834 return;
1835 }
1836 for (int i = 0; i < dim; i++) {
1837 current_frame.pop_stack(
1838 VerificationType::integer_type(), CHECK_VERIFY(this));
1839 }
1840 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1841 no_control_flow = false; break;
1842 }
1843 case Bytecodes::_athrow :
1844 type = VerificationType::reference_type(
1845 vmSymbols::java_lang_Throwable());
1846 current_frame.pop_stack(type, CHECK_VERIFY(this));
1847 no_control_flow = true; break;
1848 default:
1849 // We only need to check the valid bytecodes in class file.
1850 // And jsr and ret are not in the new class file format in JDK1.6.
1851 verify_error(ErrorContext::bad_code(bci),
1852 "Bad instruction: %02x", opcode);
1853 no_control_flow = false;
1854 return;
1855 } // end switch
1856 } // end Merge with the next instruction
1857
1858 // Look for possible jump target in exception handlers and see if it matches
1859 // current_frame. Don't do this check if it has already been done (for
1860 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1861 // opcodes, such as invokespecial, may set the this_uninit flag.
1862 assert(!(verified_exc_handlers && this_uninit),
1863 "Exception handler targets got verified before this_uninit got set");
1864 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1865 if (was_recursively_verified()) return;
1866 verify_exception_handler_targets(
1867 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1868 }
1869 } // end while
1870
1871 // Make sure that control flow does not fall through end of the method
1872 if (!no_control_flow) {
1873 verify_error(ErrorContext::bad_code(code_length),
1874 "Control flow falls through code end");
1875 return;
1876 }
1877 }
1878
1879 #undef bad_type_message
1880
1881 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1882 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1883 memset(code_data, 0, sizeof(char) * code_length);
1884 RawBytecodeStream bcs(m);
1885
1886 while (!bcs.is_last_bytecode()) {
1887 if (bcs.raw_next() != Bytecodes::_illegal) {
1888 int bci = bcs.bci();
1889 if (bcs.raw_code() == Bytecodes::_new) {
1890 code_data[bci] = NEW_OFFSET;
1891 } else {
1892 code_data[bci] = BYTECODE_OFFSET;
1893 }
1894 } else {
1895 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1896 return nullptr;
1897 }
1898 }
1899
1900 return code_data;
1901 }
1902
1903 // Since this method references the constant pool, call was_recursively_verified()
1904 // before calling this method to make sure a prior class load did not cause the
1905 // current class to get verified.
1906 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1907 ExceptionTable exhandlers(_method());
1908 int exlength = exhandlers.length();
1909 constantPoolHandle cp (THREAD, _method->constants());
1910
1911 for(int i = 0; i < exlength; i++) {
1912 u2 start_pc = exhandlers.start_pc(i);
1913 u2 end_pc = exhandlers.end_pc(i);
1914 u2 handler_pc = exhandlers.handler_pc(i);
1915 if (start_pc >= code_length || code_data[start_pc] == 0) {
1916 class_format_error("Illegal exception table start_pc %d", start_pc);
1917 return;
1918 }
1919 if (end_pc != code_length) { // special case: end_pc == code_length
1920 if (end_pc > code_length || code_data[end_pc] == 0) {
1921 class_format_error("Illegal exception table end_pc %d", end_pc);
1922 return;
1923 }
1924 }
1925 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1926 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1927 return;
1928 }
1929 int catch_type_index = exhandlers.catch_type_index(i);
1930 if (catch_type_index != 0) {
1931 VerificationType catch_type = cp_index_to_type(
1932 catch_type_index, cp, CHECK_VERIFY(this));
1933 VerificationType throwable =
1934 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1935 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1936 // do that, and we need to avoid a runtime resolution in case we are trying to
1937 // catch OutOfMemoryError.
1938 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1939 cp->klass_at(catch_type_index, CHECK);
1940 }
1941 bool is_subclass = throwable.is_assignable_from(
1942 catch_type, this, false, CHECK_VERIFY(this));
1943 if (!is_subclass) {
1944 // 4286534: should throw VerifyError according to recent spec change
1945 verify_error(ErrorContext::bad_type(handler_pc,
1946 TypeOrigin::cp(catch_type_index, catch_type),
1947 TypeOrigin::implicit(throwable)),
1948 "Catch type is not a subclass "
1949 "of Throwable in exception handler %d", handler_pc);
1950 return;
1951 }
1952 }
1953 if (start_pc < min) min = start_pc;
1954 if (end_pc > max) max = end_pc;
1955 }
1956 }
1957
1958 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1959 int localvariable_table_length = _method->localvariable_table_length();
1960 if (localvariable_table_length > 0) {
1961 LocalVariableTableElement* table = _method->localvariable_table_start();
1962 for (int i = 0; i < localvariable_table_length; i++) {
1963 u2 start_bci = table[i].start_bci;
1964 u2 length = table[i].length;
1965
1966 if (start_bci >= code_length || code_data[start_bci] == 0) {
1967 class_format_error(
1968 "Illegal local variable table start_pc %d", start_bci);
1969 return;
1970 }
1971 u4 end_bci = (u4)(start_bci + length);
1972 if (end_bci != code_length) {
1973 if (end_bci >= code_length || code_data[end_bci] == 0) {
1974 class_format_error( "Illegal local variable table length %d", length);
1975 return;
1976 }
1977 }
1978 }
1979 }
1980 }
1981
1982 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci,
1983 StackMapFrame* current_frame,
1984 StackMapTable* stackmap_table,
1985 bool no_control_flow, TRAPS) {
1986 if (stackmap_index < stackmap_table->get_frame_count()) {
1987 u2 this_offset = stackmap_table->get_offset(stackmap_index);
1988 if (no_control_flow && this_offset > bci) {
1989 verify_error(ErrorContext::missing_stackmap(bci),
1990 "Expecting a stack map frame");
1991 return 0;
1992 }
1993 if (this_offset == bci) {
1994 ErrorContext ctx;
1995 // See if current stack map can be assigned to the frame in table.
1996 // current_frame is the stackmap frame got from the last instruction.
1997 // If matched, current_frame will be updated by this method.
1998 bool matches = stackmap_table->match_stackmap(
1999 current_frame, this_offset, stackmap_index,
2000 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
2001 if (!matches) {
2002 // report type error
2003 verify_error(ctx, "Instruction type does not match stack map");
2004 return 0;
2005 }
2006 stackmap_index++;
2007 } else if (this_offset < bci) {
2008 // current_offset should have met this_offset.
2009 class_format_error("Bad stack map offset %d", this_offset);
2010 return 0;
2011 }
2012 } else if (no_control_flow) {
2013 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
2014 return 0;
2015 }
2016 return stackmap_index;
2017 }
2018
2019 // Since this method references the constant pool, call was_recursively_verified()
2020 // before calling this method to make sure a prior class load did not cause the
2021 // current class to get verified.
2022 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit,
2023 StackMapFrame* current_frame,
2024 StackMapTable* stackmap_table, TRAPS) {
2025 constantPoolHandle cp (THREAD, _method->constants());
2026 ExceptionTable exhandlers(_method());
2027 int exlength = exhandlers.length();
2028 for(int i = 0; i < exlength; i++) {
2029 u2 start_pc = exhandlers.start_pc(i);
2030 u2 end_pc = exhandlers.end_pc(i);
2031 u2 handler_pc = exhandlers.handler_pc(i);
2032 int catch_type_index = exhandlers.catch_type_index(i);
2033 if(bci >= start_pc && bci < end_pc) {
2034 u1 flags = current_frame->flags();
2035 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2036 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2037 if (catch_type_index != 0) {
2038 if (was_recursively_verified()) return;
2039 // We know that this index refers to a subclass of Throwable
2040 VerificationType catch_type = cp_index_to_type(
2041 catch_type_index, cp, CHECK_VERIFY(this));
2042 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2043 } else {
2044 VerificationType throwable =
2045 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2046 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2047 }
2048 ErrorContext ctx;
2049 bool matches = stackmap_table->match_stackmap(
2050 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2051 if (!matches) {
2052 verify_error(ctx, "Stack map does not match the one at "
2053 "exception handler %d", handler_pc);
2054 return;
2055 }
2056 }
2057 }
2058 }
2059
2060 void ClassVerifier::verify_cp_index(
2061 u2 bci, const constantPoolHandle& cp, int index, TRAPS) {
2062 int nconstants = cp->length();
2063 if ((index <= 0) || (index >= nconstants)) {
2064 verify_error(ErrorContext::bad_cp_index(bci, index),
2065 "Illegal constant pool index %d in class %s",
2066 index, cp->pool_holder()->external_name());
2067 return;
2068 }
2069 }
2070
2071 void ClassVerifier::verify_cp_type(
2072 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2073
2074 // In some situations, bytecode rewriting may occur while we're verifying.
2075 // In this case, a constant pool cache exists and some indices refer to that
2076 // instead. Be sure we don't pick up such indices by accident.
2077 // We must check was_recursively_verified() before we get here.
2078 guarantee(cp->cache() == nullptr, "not rewritten yet");
2079
2080 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2081 unsigned int tag = cp->tag_at(index).value();
2082
2083 if ((types & (1 << tag)) == 0) {
2084 verify_error(ErrorContext::bad_cp_index(bci, index),
2085 "Illegal type at constant pool entry %d in class %s",
2086 index, cp->pool_holder()->external_name());
2087 return;
2088 }
2089 }
2090
2091 void ClassVerifier::verify_cp_class_type(
2092 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2093 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2094 constantTag tag = cp->tag_at(index);
2095 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2096 verify_error(ErrorContext::bad_cp_index(bci, index),
2097 "Illegal type at constant pool entry %d in class %s",
2098 index, cp->pool_holder()->external_name());
2099 return;
2100 }
2101 }
2102
2103 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2104 stringStream ss;
2105
2106 ctx.reset_frames();
2107 _exception_type = vmSymbols::java_lang_VerifyError();
2108 _error_context = ctx;
2109 va_list va;
2110 va_start(va, msg);
2111 ss.vprint(msg, va);
2112 va_end(va);
2113 _message = ss.as_string();
2114 #ifdef ASSERT
2115 ResourceMark rm;
2116 const char* exception_name = _exception_type->as_C_string();
2117 Exceptions::debug_check_abort(exception_name, nullptr);
2118 #endif // ndef ASSERT
2119 }
2120
2121 void ClassVerifier::class_format_error(const char* msg, ...) {
2122 stringStream ss;
2123 _exception_type = vmSymbols::java_lang_ClassFormatError();
2124 va_list va;
2125 va_start(va, msg);
2126 ss.vprint(msg, va);
2127 va_end(va);
2128 if (!_method.is_null()) {
2129 ss.print(" in method '");
2130 _method->print_external_name(&ss);
2131 ss.print("'");
2132 }
2133 _message = ss.as_string();
2134 }
2135
2136 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2137 HandleMark hm(THREAD);
2138 // Get current loader and protection domain first.
2139 oop loader = current_class()->class_loader();
2140 oop protection_domain = current_class()->protection_domain();
2141
2142 assert(name_in_supers(name, current_class()), "name should be a super class");
2143
2144 Klass* kls = SystemDictionary::resolve_or_fail(
2145 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2146 true, THREAD);
2147
2148 if (kls != nullptr) {
2149 if (log_is_enabled(Debug, class, resolve)) {
2150 Verifier::trace_class_resolution(kls, current_class());
2151 }
2152 }
2153 return kls;
2154 }
2155
2156 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2157 Klass* target_class,
2158 Symbol* field_name,
2159 Symbol* field_sig,
2160 bool is_method) {
2161 NoSafepointVerifier nosafepoint;
2162
2163 // If target class isn't a super class of this class, we don't worry about this case
2164 if (!this_class->is_subclass_of(target_class)) {
2165 return false;
2166 }
2167 // Check if the specified method or field is protected
2168 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2169 fieldDescriptor fd;
2170 if (is_method) {
2171 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2172 if (m != nullptr && m->is_protected()) {
2173 if (!this_class->is_same_class_package(m->method_holder())) {
2174 return true;
2175 }
2176 }
2177 } else {
2178 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2179 if (member_klass != nullptr && fd.is_protected()) {
2180 if (!this_class->is_same_class_package(member_klass)) {
2181 return true;
2182 }
2183 }
2184 }
2185 return false;
2186 }
2187
2188 void ClassVerifier::verify_ldc(
2189 int opcode, u2 index, StackMapFrame* current_frame,
2190 const constantPoolHandle& cp, u2 bci, TRAPS) {
2191 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2192 constantTag tag = cp->tag_at(index);
2193 unsigned int types = 0;
2194 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2195 if (!tag.is_unresolved_klass()) {
2196 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2197 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2198 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2199 | (1 << JVM_CONSTANT_Dynamic);
2200 // Note: The class file parser already verified the legality of
2201 // MethodHandle and MethodType constants.
2202 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2203 }
2204 } else {
2205 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2206 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2207 | (1 << JVM_CONSTANT_Dynamic);
2208 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2209 }
2210 if (tag.is_string()) {
2211 current_frame->push_stack(
2212 VerificationType::reference_type(
2213 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2214 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2215 current_frame->push_stack(
2216 VerificationType::reference_type(
2217 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2218 } else if (tag.is_int()) {
2219 current_frame->push_stack(
2220 VerificationType::integer_type(), CHECK_VERIFY(this));
2221 } else if (tag.is_float()) {
2222 current_frame->push_stack(
2223 VerificationType::float_type(), CHECK_VERIFY(this));
2224 } else if (tag.is_double()) {
2225 current_frame->push_stack_2(
2226 VerificationType::double_type(),
2227 VerificationType::double2_type(), CHECK_VERIFY(this));
2228 } else if (tag.is_long()) {
2229 current_frame->push_stack_2(
2230 VerificationType::long_type(),
2231 VerificationType::long2_type(), CHECK_VERIFY(this));
2232 } else if (tag.is_method_handle()) {
2233 current_frame->push_stack(
2234 VerificationType::reference_type(
2235 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2236 } else if (tag.is_method_type()) {
2237 current_frame->push_stack(
2238 VerificationType::reference_type(
2239 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2240 } else if (tag.is_dynamic_constant()) {
2241 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2242 // Field signature was checked in ClassFileParser.
2243 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2244 "Invalid type for dynamic constant");
2245 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2246 "buffer type must match VerificationType size");
2247 uintptr_t constant_type_buffer[2];
2248 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2249 SignatureStream sig_stream(constant_type, false);
2250 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2251 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2252 if (n != opcode_n) {
2253 // wrong kind of ldc; reverify against updated type mask
2254 types &= ~(1 << JVM_CONSTANT_Dynamic);
2255 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2256 }
2257 for (int i = 0; i < n; i++) {
2258 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2259 }
2260 } else {
2261 /* Unreachable? verify_cp_type has already validated the cp type. */
2262 verify_error(
2263 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2264 return;
2265 }
2266 }
2267
2268 void ClassVerifier::verify_switch(
2269 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2270 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2271 int bci = bcs->bci();
2272 address bcp = bcs->bcp();
2273 address aligned_bcp = align_up(bcp + 1, jintSize);
2274
2275 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2276 // 4639449 & 4647081: padding bytes must be 0
2277 u2 padding_offset = 1;
2278 while ((bcp + padding_offset) < aligned_bcp) {
2279 if(*(bcp + padding_offset) != 0) {
2280 verify_error(ErrorContext::bad_code(bci),
2281 "Nonzero padding byte in lookupswitch or tableswitch");
2282 return;
2283 }
2284 padding_offset++;
2285 }
2286 }
2287
2288 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2289 int keys, delta;
2290 current_frame->pop_stack(
2291 VerificationType::integer_type(), CHECK_VERIFY(this));
2292 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2293 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2294 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2295 if (low > high) {
2296 verify_error(ErrorContext::bad_code(bci),
2297 "low must be less than or equal to high in tableswitch");
2298 return;
2299 }
2300 keys = high - low + 1;
2301 if (keys < 0) {
2302 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2303 return;
2304 }
2305 delta = 1;
2306 } else {
2307 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2308 if (keys < 0) {
2309 verify_error(ErrorContext::bad_code(bci),
2310 "number of keys in lookupswitch less than 0");
2311 return;
2312 }
2313 delta = 2;
2314 // Make sure that the lookupswitch items are sorted
2315 for (int i = 0; i < (keys - 1); i++) {
2316 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2317 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2318 if (this_key >= next_key) {
2319 verify_error(ErrorContext::bad_code(bci),
2320 "Bad lookupswitch instruction");
2321 return;
2322 }
2323 }
2324 }
2325 int target = bci + default_offset;
2326 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2327 for (int i = 0; i < keys; i++) {
2328 // Because check_jump_target() may safepoint, the bytecode could have
2329 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2330 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2331 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2332 stackmap_table->check_jump_target(
2333 current_frame, target, CHECK_VERIFY(this));
2334 }
2335 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2336 }
2337
2338 bool ClassVerifier::name_in_supers(
2339 Symbol* ref_name, InstanceKlass* current) {
2340 Klass* super = current->super();
2341 while (super != nullptr) {
2342 if (super->name() == ref_name) {
2343 return true;
2344 }
2345 super = super->super();
2346 }
2347 return false;
2348 }
2349
2350 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2351 StackMapFrame* current_frame,
2352 const constantPoolHandle& cp,
2353 bool allow_arrays,
2354 TRAPS) {
2355 u2 index = bcs->get_index_u2();
2356 verify_cp_type(bcs->bci(), index, cp,
2357 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2358
2359 // Get field name and signature
2360 Symbol* field_name = cp->name_ref_at(index);
2361 Symbol* field_sig = cp->signature_ref_at(index);
2362 bool is_getfield = false;
2363
2364 // Field signature was checked in ClassFileParser.
2365 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2366 "Invalid field signature");
2367
2368 // Get referenced class type
2369 VerificationType ref_class_type = cp_ref_index_to_type(
2370 index, cp, CHECK_VERIFY(this));
2371 if (!ref_class_type.is_object() &&
2372 (!allow_arrays || !ref_class_type.is_array())) {
2373 verify_error(ErrorContext::bad_type(bcs->bci(),
2374 TypeOrigin::cp(index, ref_class_type)),
2375 "Expecting reference to class in class %s at constant pool index %d",
2376 _klass->external_name(), index);
2377 return;
2378 }
2379
2380 VerificationType target_class_type = ref_class_type;
2381
2382 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2383 "buffer type must match VerificationType size");
2384 uintptr_t field_type_buffer[2];
2385 VerificationType* field_type = (VerificationType*)field_type_buffer;
2386 // If we make a VerificationType[2] array directly, the compiler calls
2387 // to the c-runtime library to do the allocation instead of just
2388 // stack allocating it. Plus it would run constructors. This shows up
2389 // in performance profiles.
2390
2391 SignatureStream sig_stream(field_sig, false);
2392 VerificationType stack_object_type;
2393 int n = change_sig_to_verificationType(&sig_stream, field_type);
2394 u2 bci = bcs->bci();
2395 bool is_assignable;
2396 switch (bcs->raw_code()) {
2397 case Bytecodes::_getstatic: {
2398 for (int i = 0; i < n; i++) {
2399 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2400 }
2401 break;
2402 }
2403 case Bytecodes::_putstatic: {
2404 for (int i = n - 1; i >= 0; i--) {
2405 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2406 }
2407 break;
2408 }
2409 case Bytecodes::_withfield: {
2410 for (int i = n - 1; i >= 0; i--) {
2411 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2412 }
2413 // Check that the receiver is a subtype of the referenced class.
2414 current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2415 VerificationType target_inline_type =
2416 VerificationType::change_ref_to_inline_type(target_class_type);
2417 current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2418 break;
2419 }
2420 case Bytecodes::_getfield: {
2421 is_getfield = true;
2422 stack_object_type = current_frame->pop_stack(
2423 target_class_type, CHECK_VERIFY(this));
2424 goto check_protected;
2425 }
2426 case Bytecodes::_putfield: {
2427 for (int i = n - 1; i >= 0; i--) {
2428 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2429 }
2430 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2431
2432 // The JVMS 2nd edition allows field initialization before the superclass
2433 // initializer, if the field is defined within the current class.
2434 fieldDescriptor fd;
2435 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2436 target_class_type.equals(current_type()) &&
2437 _klass->find_local_field(field_name, field_sig, &fd)) {
2438 stack_object_type = current_type();
2439 }
2440 is_assignable = target_class_type.is_assignable_from(
2441 stack_object_type, this, false, CHECK_VERIFY(this));
2442 if (!is_assignable) {
2443 verify_error(ErrorContext::bad_type(bci,
2444 current_frame->stack_top_ctx(),
2445 TypeOrigin::cp(index, target_class_type)),
2446 "Bad type on operand stack in putfield");
2447 return;
2448 }
2449 }
2450 check_protected: {
2451 if (_this_type == stack_object_type)
2452 break; // stack_object_type must be assignable to _current_class_type
2453 if (was_recursively_verified()) {
2454 if (is_getfield) {
2455 // Push field type for getfield.
2456 for (int i = 0; i < n; i++) {
2457 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2458 }
2459 }
2460 return;
2461 }
2462 Symbol* ref_class_name =
2463 cp->klass_name_at(cp->klass_ref_index_at(index));
2464 if (!name_in_supers(ref_class_name, current_class()))
2465 // stack_object_type must be assignable to _current_class_type since:
2466 // 1. stack_object_type must be assignable to ref_class.
2467 // 2. ref_class must be _current_class or a subclass of it. It can't
2468 // be a superclass of it. See revised JVMS 5.4.4.
2469 break;
2470
2471 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2472 if (is_protected_access(current_class(), ref_class_oop, field_name,
2473 field_sig, false)) {
2474 // It's protected access, check if stack object is assignable to
2475 // current class.
2476 is_assignable = current_type().is_assignable_from(
2477 stack_object_type, this, true, CHECK_VERIFY(this));
2478 if (!is_assignable) {
2479 verify_error(ErrorContext::bad_type(bci,
2480 current_frame->stack_top_ctx(),
2481 TypeOrigin::implicit(current_type())),
2482 "Bad access to protected data in %s",
2483 is_getfield ? "getfield" : "putfield");
2484 return;
2485 }
2486 }
2487 break;
2488 }
2489 default: ShouldNotReachHere();
2490 }
2491 if (is_getfield) {
2492 // Push field type for getfield after doing protection check.
2493 for (int i = 0; i < n; i++) {
2494 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2495 }
2496 }
2497 }
2498
2499 // Look at the method's handlers. If the bci is in the handler's try block
2500 // then check if the handler_pc is already on the stack. If not, push it
2501 // unless the handler has already been scanned.
2502 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2503 GrowableArray<u4>* handler_list,
2504 GrowableArray<u4>* handler_stack,
2505 u4 bci) {
2506 int exlength = exhandlers->length();
2507 for(int x = 0; x < exlength; x++) {
2508 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2509 u4 exhandler_pc = exhandlers->handler_pc(x);
2510 if (!handler_list->contains(exhandler_pc)) {
2511 handler_stack->append_if_missing(exhandler_pc);
2512 handler_list->append(exhandler_pc);
2513 }
2514 }
2515 }
2516 }
2517
2518 // Return TRUE if all code paths starting with start_bc_offset end in
2519 // bytecode athrow or loop.
2520 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2521 ResourceMark rm;
2522 // Create bytecode stream.
2523 RawBytecodeStream bcs(method());
2524 u4 code_length = method()->code_size();
2525 bcs.set_start(start_bc_offset);
2526 u4 target;
2527 // Create stack for storing bytecode start offsets for if* and *switch.
2528 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2529 // Create stack for handlers for try blocks containing this handler.
2530 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2531 // Create list of handlers that have been pushed onto the handler_stack
2532 // so that handlers embedded inside of their own TRY blocks only get
2533 // scanned once.
2534 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2535 // Create list of visited branch opcodes (goto* and if*).
2536 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2537 ExceptionTable exhandlers(_method());
2538
2539 while (true) {
2540 if (bcs.is_last_bytecode()) {
2541 // if no more starting offsets to parse or if at the end of the
2542 // method then return false.
2543 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length))
2544 return false;
2545 // Pop a bytecode starting offset and scan from there.
2546 bcs.set_start(bci_stack->pop());
2547 }
2548 Bytecodes::Code opcode = bcs.raw_next();
2549 u4 bci = bcs.bci();
2550
2551 // If the bytecode is in a TRY block, push its handlers so they
2552 // will get parsed.
2553 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2554
2555 switch (opcode) {
2556 case Bytecodes::_if_icmpeq:
2557 case Bytecodes::_if_icmpne:
2558 case Bytecodes::_if_icmplt:
2559 case Bytecodes::_if_icmpge:
2560 case Bytecodes::_if_icmpgt:
2561 case Bytecodes::_if_icmple:
2562 case Bytecodes::_ifeq:
2563 case Bytecodes::_ifne:
2564 case Bytecodes::_iflt:
2565 case Bytecodes::_ifge:
2566 case Bytecodes::_ifgt:
2567 case Bytecodes::_ifle:
2568 case Bytecodes::_if_acmpeq:
2569 case Bytecodes::_if_acmpne:
2570 case Bytecodes::_ifnull:
2571 case Bytecodes::_ifnonnull:
2572 target = bcs.dest();
2573 if (visited_branches->contains(bci)) {
2574 if (bci_stack->is_empty()) {
2575 if (handler_stack->is_empty()) {
2576 return true;
2577 } else {
2578 // Parse the catch handlers for try blocks containing athrow.
2579 bcs.set_start(handler_stack->pop());
2580 }
2581 } else {
2582 // Pop a bytecode starting offset and scan from there.
2583 bcs.set_start(bci_stack->pop());
2584 }
2585 } else {
2586 if (target > bci) { // forward branch
2587 if (target >= code_length) return false;
2588 // Push the branch target onto the stack.
2589 bci_stack->push(target);
2590 // then, scan bytecodes starting with next.
2591 bcs.set_start(bcs.next_bci());
2592 } else { // backward branch
2593 // Push bytecode offset following backward branch onto the stack.
2594 bci_stack->push(bcs.next_bci());
2595 // Check bytecodes starting with branch target.
2596 bcs.set_start(target);
2597 }
2598 // Record target so we don't branch here again.
2599 visited_branches->append(bci);
2600 }
2601 break;
2602
2603 case Bytecodes::_goto:
2604 case Bytecodes::_goto_w:
2605 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2606 if (visited_branches->contains(bci)) {
2607 if (bci_stack->is_empty()) {
2608 if (handler_stack->is_empty()) {
2609 return true;
2610 } else {
2611 // Parse the catch handlers for try blocks containing athrow.
2612 bcs.set_start(handler_stack->pop());
2613 }
2614 } else {
2615 // Been here before, pop new starting offset from stack.
2616 bcs.set_start(bci_stack->pop());
2617 }
2618 } else {
2619 if (target >= code_length) return false;
2620 // Continue scanning from the target onward.
2621 bcs.set_start(target);
2622 // Record target so we don't branch here again.
2623 visited_branches->append(bci);
2624 }
2625 break;
2626
2627 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2628 // is difficult to determine where each switch alternative ends, parse
2629 // each switch alternative until either hit a 'return', 'athrow', or reach
2630 // the end of the method's bytecodes. This is gross but should be okay
2631 // because:
2632 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2633 // constructor invocations should be rare.
2634 // 2. if each switch alternative ends in an athrow then the parsing should be
2635 // short. If there is no athrow then it is bogus code, anyway.
2636 case Bytecodes::_lookupswitch:
2637 case Bytecodes::_tableswitch:
2638 {
2639 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2640 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2641 int keys, delta;
2642 if (opcode == Bytecodes::_tableswitch) {
2643 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2644 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2645 // This is invalid, but let the regular bytecode verifier
2646 // report this because the user will get a better error message.
2647 if (low > high) return true;
2648 keys = high - low + 1;
2649 delta = 1;
2650 } else {
2651 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2652 delta = 2;
2653 }
2654 // Invalid, let the regular bytecode verifier deal with it.
2655 if (keys < 0) return true;
2656
2657 // Push the offset of the next bytecode onto the stack.
2658 bci_stack->push(bcs.next_bci());
2659
2660 // Push the switch alternatives onto the stack.
2661 for (int i = 0; i < keys; i++) {
2662 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2663 if (target > code_length) return false;
2664 bci_stack->push(target);
2665 }
2666
2667 // Start bytecode parsing for the switch at the default alternative.
2668 if (default_offset > code_length) return false;
2669 bcs.set_start(default_offset);
2670 break;
2671 }
2672
2673 case Bytecodes::_return:
2674 return false;
2675
2676 case Bytecodes::_athrow:
2677 {
2678 if (bci_stack->is_empty()) {
2679 if (handler_stack->is_empty()) {
2680 return true;
2681 } else {
2682 // Parse the catch handlers for try blocks containing athrow.
2683 bcs.set_start(handler_stack->pop());
2684 }
2685 } else {
2686 // Pop a bytecode offset and starting scanning from there.
2687 bcs.set_start(bci_stack->pop());
2688 }
2689 }
2690 break;
2691
2692 default:
2693 ;
2694 } // end switch
2695 } // end while loop
2696
2697 return false;
2698 }
2699
2700 void ClassVerifier::verify_invoke_init(
2701 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2702 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2703 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2704 TRAPS) {
2705 u2 bci = bcs->bci();
2706 VerificationType type = current_frame->pop_stack(
2707 VerificationType::reference_check(), CHECK_VERIFY(this));
2708 if (type == VerificationType::uninitialized_this_type()) {
2709 // The method must be an <init> method of this class or its superclass
2710 Klass* superk = current_class()->super();
2711 if (ref_class_type.name() != current_class()->name() &&
2712 ref_class_type.name() != superk->name()) {
2713 verify_error(ErrorContext::bad_type(bci,
2714 TypeOrigin::implicit(ref_class_type),
2715 TypeOrigin::implicit(current_type())),
2716 "Bad <init> method call");
2717 return;
2718 }
2719
2720 // If this invokespecial call is done from inside of a TRY block then make
2721 // sure that all catch clause paths end in a throw. Otherwise, this can
2722 // result in returning an incomplete object.
2723 if (in_try_block) {
2724 ExceptionTable exhandlers(_method());
2725 int exlength = exhandlers.length();
2726 for(int i = 0; i < exlength; i++) {
2727 u2 start_pc = exhandlers.start_pc(i);
2728 u2 end_pc = exhandlers.end_pc(i);
2729
2730 if (bci >= start_pc && bci < end_pc) {
2731 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2732 verify_error(ErrorContext::bad_code(bci),
2733 "Bad <init> method call from after the start of a try block");
2734 return;
2735 } else if (log_is_enabled(Debug, verification)) {
2736 ResourceMark rm(THREAD);
2737 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2738 current_class()->name()->as_C_string());
2739 }
2740 }
2741 }
2742
2743 // Check the exception handler target stackmaps with the locals from the
2744 // incoming stackmap (before initialize_object() changes them to outgoing
2745 // state).
2746 if (was_recursively_verified()) return;
2747 verify_exception_handler_targets(bci, true, current_frame,
2748 stackmap_table, CHECK_VERIFY(this));
2749 } // in_try_block
2750
2751 current_frame->initialize_object(type, current_type());
2752 *this_uninit = true;
2753 } else if (type.is_uninitialized()) {
2754 u2 new_offset = type.bci();
2755 address new_bcp = bcs->bcp() - bci + new_offset;
2756 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2757 /* Unreachable? Stack map parsing ensures valid type and new
2758 * instructions have a valid BCI. */
2759 verify_error(ErrorContext::bad_code(new_offset),
2760 "Expecting new instruction");
2761 return;
2762 }
2763 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2764 if (was_recursively_verified()) return;
2765 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2766
2767 // The method must be an <init> method of the indicated class
2768 VerificationType new_class_type = cp_index_to_type(
2769 new_class_index, cp, CHECK_VERIFY(this));
2770 if (!new_class_type.equals(ref_class_type)) {
2771 verify_error(ErrorContext::bad_type(bci,
2772 TypeOrigin::cp(new_class_index, new_class_type),
2773 TypeOrigin::cp(ref_class_index, ref_class_type)),
2774 "Call to wrong <init> method");
2775 return;
2776 }
2777 // According to the VM spec, if the referent class is a superclass of the
2778 // current class, and is in a different runtime package, and the method is
2779 // protected, then the objectref must be the current class or a subclass
2780 // of the current class.
2781 VerificationType objectref_type = new_class_type;
2782 if (name_in_supers(ref_class_type.name(), current_class())) {
2783 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2784 if (was_recursively_verified()) return;
2785 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2786 vmSymbols::object_initializer_name(),
2787 cp->signature_ref_at(bcs->get_index_u2()),
2788 Klass::OverpassLookupMode::find);
2789 // Do nothing if method is not found. Let resolution detect the error.
2790 if (m != nullptr) {
2791 InstanceKlass* mh = m->method_holder();
2792 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2793 bool assignable = current_type().is_assignable_from(
2794 objectref_type, this, true, CHECK_VERIFY(this));
2795 if (!assignable) {
2796 verify_error(ErrorContext::bad_type(bci,
2797 TypeOrigin::cp(new_class_index, objectref_type),
2798 TypeOrigin::implicit(current_type())),
2799 "Bad access to protected <init> method");
2800 return;
2801 }
2802 }
2803 }
2804 }
2805 // Check the exception handler target stackmaps with the locals from the
2806 // incoming stackmap (before initialize_object() changes them to outgoing
2807 // state).
2808 if (in_try_block) {
2809 if (was_recursively_verified()) return;
2810 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2811 stackmap_table, CHECK_VERIFY(this));
2812 }
2813 current_frame->initialize_object(type, new_class_type);
2814 } else {
2815 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2816 "Bad operand type when invoking <init>");
2817 return;
2818 }
2819 }
2820
2821 bool ClassVerifier::is_same_or_direct_interface(
2822 InstanceKlass* klass,
2823 VerificationType klass_type,
2824 VerificationType ref_class_type) {
2825 if (ref_class_type.equals(klass_type)) return true;
2826 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2827 if (local_interfaces != nullptr) {
2828 for (int x = 0; x < local_interfaces->length(); x++) {
2829 InstanceKlass* k = local_interfaces->at(x);
2830 assert (k != nullptr && k->is_interface(), "invalid interface");
2831 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2832 return true;
2833 }
2834 }
2835 }
2836 return false;
2837 }
2838
2839 void ClassVerifier::verify_invoke_instructions(
2840 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2841 bool in_try_block, bool *this_uninit,
2842 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2843 // Make sure the constant pool item is the right type
2844 u2 index = bcs->get_index_u2();
2845 Bytecodes::Code opcode = bcs->raw_code();
2846 unsigned int types = 0;
2847 switch (opcode) {
2848 case Bytecodes::_invokeinterface:
2849 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2850 break;
2851 case Bytecodes::_invokedynamic:
2852 types = 1 << JVM_CONSTANT_InvokeDynamic;
2853 break;
2854 case Bytecodes::_invokespecial:
2855 case Bytecodes::_invokestatic:
2856 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2857 (1 << JVM_CONSTANT_Methodref) :
2858 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2859 break;
2860 default:
2861 types = 1 << JVM_CONSTANT_Methodref;
2862 }
2863 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2864
2865 // Get method name and signature
2866 Symbol* method_name = cp->name_ref_at(index);
2867 Symbol* method_sig = cp->signature_ref_at(index);
2868
2869 // Method signature was checked in ClassFileParser.
2870 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2871 "Invalid method signature");
2872
2873 // Get referenced class
2874 VerificationType ref_class_type;
2875 if (opcode == Bytecodes::_invokedynamic) {
2876 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2877 class_format_error(
2878 "invokedynamic instructions not supported by this class file version (%d), class %s",
2879 _klass->major_version(), _klass->external_name());
2880 return;
2881 }
2882 } else {
2883 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2884 }
2885
2886 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2887 "buffer type must match VerificationType size");
2888
2889 // Get the UTF8 index for this signature.
2890 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2891
2892 // Get the signature's verification types.
2893 sig_as_verification_types* mth_sig_verif_types;
2894 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2895 if (mth_sig_verif_types_ptr != nullptr) {
2896 // Found the entry for the signature's verification types in the hash table.
2897 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2898 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2899 } else {
2900 // Not found, add the entry to the table.
2901 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2902 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2903 create_method_sig_entry(mth_sig_verif_types, sig_index);
2904 }
2905
2906 // Get the number of arguments for this signature.
2907 int nargs = mth_sig_verif_types->num_args();
2908
2909 // Check instruction operands
2910 u2 bci = bcs->bci();
2911 if (opcode == Bytecodes::_invokeinterface) {
2912 address bcp = bcs->bcp();
2913 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2914 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2915 // the difference between the size of the operand stack before and after the instruction
2916 // executes.
2917 if (*(bcp+3) != (nargs+1)) {
2918 verify_error(ErrorContext::bad_code(bci),
2919 "Inconsistent args count operand in invokeinterface");
2920 return;
2921 }
2922 if (*(bcp+4) != 0) {
2923 verify_error(ErrorContext::bad_code(bci),
2924 "Fourth operand byte of invokeinterface must be zero");
2925 return;
2926 }
2927 }
2928
2929 if (opcode == Bytecodes::_invokedynamic) {
2930 address bcp = bcs->bcp();
2931 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2932 verify_error(ErrorContext::bad_code(bci),
2933 "Third and fourth operand bytes of invokedynamic must be zero");
2934 return;
2935 }
2936 }
2937
2938 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2939 // Make sure:
2940 // <init> can only be invoked by invokespecial.
2941 // <vnew> can only be invoked by invokestatic.
2942 if (!((opcode == Bytecodes::_invokestatic &&
2943 method_name == vmSymbols::inline_factory_name()) ||
2944 (opcode == Bytecodes::_invokespecial &&
2945 method_name == vmSymbols::object_initializer_name()))) {
2946 verify_error(ErrorContext::bad_code(bci),
2947 "Illegal call to internal method");
2948 return;
2949 }
2950 } else if (opcode == Bytecodes::_invokespecial
2951 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2952 && !ref_class_type.equals(VerificationType::reference_type(
2953 current_class()->super()->name()))) { // super() can never be an inline_type.
2954 bool subtype = false;
2955 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2956 subtype = ref_class_type.is_assignable_from(
2957 current_type(), this, false, CHECK_VERIFY(this));
2958 if (!subtype) {
2959 verify_error(ErrorContext::bad_code(bci),
2960 "Bad invokespecial instruction: "
2961 "current class isn't assignable to reference class.");
2962 return;
2963 } else if (have_imr_indirect) {
2964 verify_error(ErrorContext::bad_code(bci),
2965 "Bad invokespecial instruction: "
2966 "interface method reference is in an indirect superinterface.");
2967 return;
2968 }
2969
2970 }
2971
2972 // Get the verification types for the method's arguments.
2973 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2974 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2975 // Match method descriptor with operand stack
2976 // The arguments are on the stack in descending order.
2977 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2978 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2979 }
2980
2981 // Check objectref on operand stack
2982 if (opcode != Bytecodes::_invokestatic &&
2983 opcode != Bytecodes::_invokedynamic) {
2984 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2985 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2986 code_length, in_try_block, this_uninit, cp, stackmap_table,
2987 CHECK_VERIFY(this));
2988 if (was_recursively_verified()) return;
2989 } else { // other methods
2990 // Ensures that target class is assignable to method class.
2991 if (opcode == Bytecodes::_invokespecial) {
2992 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2993 } else if (opcode == Bytecodes::_invokevirtual) {
2994 VerificationType stack_object_type =
2995 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2996 if (current_type() != stack_object_type) {
2997 if (was_recursively_verified()) return;
2998 assert(cp->cache() == nullptr, "not rewritten yet");
2999 Symbol* ref_class_name =
3000 cp->klass_name_at(cp->klass_ref_index_at(index));
3001 // See the comments in verify_field_instructions() for
3002 // the rationale behind this.
3003 if (name_in_supers(ref_class_name, current_class())) {
3004 Klass* ref_class = load_class(ref_class_name, CHECK);
3005 if (is_protected_access(
3006 _klass, ref_class, method_name, method_sig, true)) {
3007 // It's protected access, check if stack object is
3008 // assignable to current class.
3009 if (ref_class_type.name() == vmSymbols::java_lang_Object()
3010 && stack_object_type.is_array()
3011 && method_name == vmSymbols::clone_name()) {
3012 // Special case: arrays pretend to implement public Object
3013 // clone().
3014 } else {
3015 bool is_assignable = current_type().is_assignable_from(
3016 stack_object_type, this, true, CHECK_VERIFY(this));
3017 if (!is_assignable) {
3018 verify_error(ErrorContext::bad_type(bci,
3019 current_frame->stack_top_ctx(),
3020 TypeOrigin::implicit(current_type())),
3021 "Bad access to protected data in invokevirtual");
3022 return;
3023 }
3024 }
3025 }
3026 }
3027 }
3028 } else {
3029 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3030 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3031 }
3032 }
3033 }
3034 // Push the result type.
3035 int sig_verif_types_len = sig_verif_types->length();
3036 if (sig_verif_types_len > nargs) { // There's a return type
3037 if (method_name == vmSymbols::object_initializer_name()) {
3038 // an <init> method must have a void return type
3039 verify_error(ErrorContext::bad_code(bci),
3040 "Return type must be void in <init> method");
3041 return;
3042 }
3043
3044 assert(sig_verif_types_len <= nargs + 2,
3045 "Signature verification types array return type is bogus");
3046 for (int i = nargs; i < sig_verif_types_len; i++) {
3047 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3048 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3049 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3050 }
3051 } else { // no return type
3052 // <vnew> method may not have a void return type
3053 if (method_name == vmSymbols::inline_factory_name()) {
3054 verify_error(ErrorContext::bad_code(bci),
3055 "Return type must be non-void in <vnew> static factory method");
3056 return;
3057 }
3058 }
3059 }
3060
3061 VerificationType ClassVerifier::get_newarray_type(
3062 u2 index, u2 bci, TRAPS) {
3063 const char* from_bt[] = {
3064 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3065 };
3066 if (index < T_BOOLEAN || index > T_LONG) {
3067 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3068 return VerificationType::bogus_type();
3069 }
3070
3071 // from_bt[index] contains the array signature which has a length of 2
3072 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3073 return VerificationType::reference_type(sig);
3074 }
3075
3076 void ClassVerifier::verify_anewarray(
3077 u2 bci, u2 index, const constantPoolHandle& cp,
3078 StackMapFrame* current_frame, TRAPS) {
3079 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3080 current_frame->pop_stack(
3081 VerificationType::integer_type(), CHECK_VERIFY(this));
3082
3083 if (was_recursively_verified()) return;
3084 VerificationType component_type =
3085 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3086 int length;
3087 char* arr_sig_str;
3088 if (component_type.is_array()) { // it's an array
3089 const char* component_name = component_type.name()->as_utf8();
3090 // Check for more than MAX_ARRAY_DIMENSIONS
3091 length = (int)strlen(component_name);
3092 if (length > MAX_ARRAY_DIMENSIONS &&
3093 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3094 verify_error(ErrorContext::bad_code(bci),
3095 "Illegal anewarray instruction, array has more than 255 dimensions");
3096 }
3097 // add one dimension to component
3098 length++;
3099 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3100 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3101 JVM_SIGNATURE_ARRAY, component_name);
3102 assert(n == length, "Unexpected number of characters in string");
3103 } else { // it's an object or interface
3104 const char* component_name = component_type.name()->as_utf8();
3105 char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3106 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3107 length = (int)strlen(component_name) + 3;
3108 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3109 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3110 JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3111 assert(n == length, "Unexpected number of characters in string");
3112 }
3113 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3114 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3115 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3119 current_frame->get_local(
3120 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3121 current_frame->push_stack(
3122 VerificationType::integer_type(), CHECK_VERIFY(this));
3123 }
3124
3125 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3126 current_frame->get_local_2(
3127 index, VerificationType::long_type(),
3128 VerificationType::long2_type(), CHECK_VERIFY(this));
3129 current_frame->push_stack_2(
3130 VerificationType::long_type(),
3131 VerificationType::long2_type(), CHECK_VERIFY(this));
3132 }
3133
3134 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3135 current_frame->get_local(
3136 index, VerificationType::float_type(), CHECK_VERIFY(this));
3137 current_frame->push_stack(
3138 VerificationType::float_type(), CHECK_VERIFY(this));
3139 }
3140
3141 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3142 current_frame->get_local_2(
3143 index, VerificationType::double_type(),
3144 VerificationType::double2_type(), CHECK_VERIFY(this));
3145 current_frame->push_stack_2(
3146 VerificationType::double_type(),
3147 VerificationType::double2_type(), CHECK_VERIFY(this));
3148 }
3149
3150 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3151 VerificationType type = current_frame->get_local(
3152 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3153 current_frame->push_stack(type, CHECK_VERIFY(this));
3154 }
3155
3156 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3157 current_frame->pop_stack(
3158 VerificationType::integer_type(), CHECK_VERIFY(this));
3159 current_frame->set_local(
3160 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3161 }
3162
3163 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3164 current_frame->pop_stack_2(
3165 VerificationType::long2_type(),
3166 VerificationType::long_type(), CHECK_VERIFY(this));
3167 current_frame->set_local_2(
3168 index, VerificationType::long_type(),
3169 VerificationType::long2_type(), CHECK_VERIFY(this));
3170 }
3171
3172 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3173 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3174 current_frame->set_local(
3175 index, VerificationType::float_type(), CHECK_VERIFY(this));
3176 }
3177
3178 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3179 current_frame->pop_stack_2(
3180 VerificationType::double2_type(),
3181 VerificationType::double_type(), CHECK_VERIFY(this));
3182 current_frame->set_local_2(
3183 index, VerificationType::double_type(),
3184 VerificationType::double2_type(), CHECK_VERIFY(this));
3185 }
3186
3187 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3188 VerificationType type = current_frame->pop_stack(
3189 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3190 current_frame->set_local(index, type, CHECK_VERIFY(this));
3191 }
3192
3193 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3194 VerificationType type = current_frame->get_local(
3195 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3196 current_frame->set_local(index, type, CHECK_VERIFY(this));
3197 }
3198
3199 void ClassVerifier::verify_return_value(
3200 VerificationType return_type, VerificationType type, u2 bci,
3201 StackMapFrame* current_frame, TRAPS) {
3202 if (return_type == VerificationType::bogus_type()) {
3203 verify_error(ErrorContext::bad_type(bci,
3204 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3205 "Method does not expect a return value");
3206 return;
3207 }
3208 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3209 if (!match) {
3210 verify_error(ErrorContext::bad_type(bci,
3211 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3212 "Bad return type");
3213 return;
3214 }
3215 }
3216
3217 // The verifier creates symbols which are substrings of Symbols.
3218 // These are stored in the verifier until the end of verification so that
3219 // they can be reference counted.
3220 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3221 // Quick deduplication check
3222 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3223 return _previous_symbol;
3224 }
3225 Symbol* sym = SymbolTable::new_symbol(name, length);
3226 if (!sym->is_permanent()) {
3227 if (_symbols == nullptr) {
3228 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3229 }
3230 _symbols->push(sym);
3231 }
3232 _previous_symbol = sym;
3233 return sym;
3234 }