1 /*
2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "cds/cdsConfig.hpp"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/systemDictionaryShared.hpp"
36 #include "classfile/verifier.hpp"
37 #include "classfile/vmClasses.hpp"
38 #include "classfile/vmSymbols.hpp"
39 #include "interpreter/bytecodes.hpp"
40 #include "interpreter/bytecodeStream.hpp"
41 #include "jvm.h"
42 #include "logging/log.hpp"
43 #include "logging/logStream.hpp"
44 #include "memory/oopFactory.hpp"
45 #include "memory/resourceArea.hpp"
46 #include "memory/universe.hpp"
47 #include "oops/constantPool.inline.hpp"
48 #include "oops/instanceKlass.inline.hpp"
49 #include "oops/klass.inline.hpp"
50 #include "oops/oop.inline.hpp"
51 #include "oops/typeArrayOop.hpp"
52 #include "runtime/arguments.hpp"
53 #include "runtime/fieldDescriptor.hpp"
54 #include "runtime/handles.inline.hpp"
55 #include "runtime/interfaceSupport.inline.hpp"
56 #include "runtime/javaCalls.hpp"
57 #include "runtime/javaThread.hpp"
58 #include "runtime/jniHandles.inline.hpp"
59 #include "runtime/os.hpp"
60 #include "runtime/safepointVerifiers.hpp"
61 #include "services/threadService.hpp"
62 #include "utilities/align.hpp"
63 #include "utilities/bytes.hpp"
64
65 #define NOFAILOVER_MAJOR_VERSION 51
66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
68 #define INLINE_TYPE_MAJOR_VERSION 56
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 // Load verify dll
90 char buffer[JVM_MAXPATHLEN];
91 char ebuf[1024];
92 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
93 return nullptr; // Caller will throw VerifyError
94
95 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
96 if (lib_handle == nullptr)
97 return nullptr; // Caller will throw VerifyError
98
99 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
100 if (fn == nullptr)
101 return nullptr; // Caller will throw VerifyError
102
103 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
104 }
105
106
107 // Methods in Verifier
108
109 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
110 return (class_loader == nullptr || !should_verify_class) ?
111 BytecodeVerificationLocal : BytecodeVerificationRemote;
112 }
113
114 bool Verifier::relax_access_for(oop loader) {
115 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
116 bool need_verify =
117 // verifyAll
118 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
119 // verifyRemote
120 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
121 return !need_verify;
122 }
123
124 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
125 assert(verify_class != nullptr, "Unexpected null verify_class");
126 ResourceMark rm;
127 Symbol* s = verify_class->source_file_name();
128 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
129 const char* verify = verify_class->external_name();
130 const char* resolve = resolve_class->external_name();
131 // print in a single call to reduce interleaving between threads
132 if (source_file != nullptr) {
133 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
134 } else {
135 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
136 }
137 }
138
139 // Prints the end-verification message to the appropriate output.
140 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
141 if (pending_exception != nullptr) {
142 st->print("Verification for %s has", klassName);
143 oop message = java_lang_Throwable::message(pending_exception);
144 if (message != nullptr) {
145 char* ex_msg = java_lang_String::as_utf8_string(message);
146 st->print_cr(" exception pending '%s %s'",
147 pending_exception->klass()->external_name(), ex_msg);
148 } else {
149 st->print_cr(" exception pending %s ",
150 pending_exception->klass()->external_name());
151 }
152 } else if (exception_name != nullptr) {
153 st->print_cr("Verification for %s failed", klassName);
154 }
155 st->print_cr("End class verification for: %s", klassName);
156 }
157
158 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
159 HandleMark hm(THREAD);
160 ResourceMark rm(THREAD);
161
162 // Eagerly allocate the identity hash code for a klass. This is a fallout
163 // from 6320749 and 8059924: hash code generator is not supposed to be called
164 // during the safepoint, but it allows to sneak the hashcode in during
165 // verification. Without this eager hashcode generation, we may end up
166 // installing the hashcode during some other operation, which may be at
167 // safepoint -- blowing up the checks. It was previously done as the side
168 // effect (sic!) for external_name(), but instead of doing that, we opt to
169 // explicitly push the hashcode in here. This is signify the following block
170 // is IMPORTANT:
171 if (klass->java_mirror() != nullptr) {
172 klass->java_mirror()->identity_hash();
173 }
174
175 if (!is_eligible_for_verification(klass, should_verify_class)) {
176 return true;
177 }
178
179 // Timer includes any side effects of class verification (resolution,
180 // etc), but not recursive calls to Verifier::verify().
181 JavaThread* jt = THREAD;
182 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
183 ClassLoader::perf_class_verify_selftime(),
184 ClassLoader::perf_classes_verified(),
185 jt->get_thread_stat()->perf_recursion_counts_addr(),
186 jt->get_thread_stat()->perf_timers_addr(),
187 PerfClassTraceTime::CLASS_VERIFY);
188
189 // If the class should be verified, first see if we can use the split
190 // verifier. If not, or if verification fails and can failover, then
191 // call the inference verifier.
192 Symbol* exception_name = nullptr;
193 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
194 char* message_buffer = nullptr;
195 char* exception_message = nullptr;
196
197 log_info(class, init)("Start class verification for: %s", klass->external_name());
198 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
199 ClassVerifier split_verifier(jt, klass);
200 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
201 split_verifier.verify_class(THREAD);
202 exception_name = split_verifier.result();
203
204 // If dumping static archive then don't fall back to the old verifier on
205 // verification failure. If a class fails verification with the split verifier,
206 // it might fail the CDS runtime verifier constraint check. In that case, we
207 // don't want to share the class. We only archive classes that pass the split
208 // verifier.
209 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
210 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
211
212 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
213 (exception_name == vmSymbols::java_lang_VerifyError() ||
214 exception_name == vmSymbols::java_lang_ClassFormatError())) {
215 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
216 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
217 // Exclude any classes that fail over during dynamic dumping
218 if (CDSConfig::is_dumping_dynamic_archive()) {
219 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
220 SystemDictionaryShared::set_excluded(klass);
221 }
222 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
223 exception_message = message_buffer;
224 exception_name = inference_verify(
225 klass, message_buffer, message_buffer_len, THREAD);
226 }
227 if (exception_name != nullptr) {
228 exception_message = split_verifier.exception_message();
229 }
230 } else {
231 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
232 exception_message = message_buffer;
233 exception_name = inference_verify(
234 klass, message_buffer, message_buffer_len, THREAD);
235 }
236
237 LogTarget(Info, class, init) lt1;
238 if (lt1.is_enabled()) {
239 LogStream ls(lt1);
240 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
241 }
242 LogTarget(Info, verification) lt2;
243 if (lt2.is_enabled()) {
244 LogStream ls(lt2);
245 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
246 }
247
248 if (HAS_PENDING_EXCEPTION) {
249 return false; // use the existing exception
250 } else if (exception_name == nullptr) {
251 return true; // verification succeeded
252 } else { // VerifyError or ClassFormatError to be created and thrown
253 Klass* kls =
254 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
255 if (log_is_enabled(Debug, class, resolve)) {
256 Verifier::trace_class_resolution(kls, klass);
257 }
258
259 while (kls != nullptr) {
260 if (kls == klass) {
261 // If the class being verified is the exception we're creating
262 // or one of it's superclasses, we're in trouble and are going
263 // to infinitely recurse when we try to initialize the exception.
264 // So bail out here by throwing the preallocated VM error.
265 THROW_OOP_(Universe::internal_error_instance(), false);
266 }
267 kls = kls->super();
268 }
269 if (message_buffer != nullptr) {
270 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
271 }
272 assert(exception_message != nullptr, "");
273 THROW_MSG_(exception_name, exception_message, false);
274 }
275 }
276
277 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
278 Symbol* name = klass->name();
279 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
280
281 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
282 klass->is_subtype_of(refl_serialization_ctor_klass);
283
284 return (should_verify_for(klass->class_loader(), should_verify_class) &&
285 // return if the class is a bootstrapping class
286 // or defineClass specified not to verify by default (flags override passed arg)
287 // We need to skip the following four for bootstrapping
288 name != vmSymbols::java_lang_Object() &&
289 name != vmSymbols::java_lang_Class() &&
290 name != vmSymbols::java_lang_String() &&
291 name != vmSymbols::java_lang_Throwable() &&
292
293 // Can not verify the bytecodes for shared classes because they have
294 // already been rewritten to contain constant pool cache indices,
295 // which the verifier can't understand.
296 // Shared classes shouldn't have stackmaps either.
297 // However, bytecodes for shared old classes can be verified because
298 // they have not been rewritten.
299 !(klass->is_shared() && klass->is_rewritten()) &&
300
301 // As of the fix for 4486457 we disable verification for all of the
302 // dynamically-generated bytecodes associated with
303 // jdk/internal/reflect/SerializationConstructorAccessor.
304 (!is_reflect_accessor));
305 }
306
307 Symbol* Verifier::inference_verify(
308 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
309 JavaThread* thread = THREAD;
310
311 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
312
313 if (verify_func == nullptr) {
314 jio_snprintf(message, message_len, "Could not link verifier");
315 return vmSymbols::java_lang_VerifyError();
316 }
317
318 ResourceMark rm(thread);
319 log_info(verification)("Verifying class %s with old format", klass->external_name());
320
321 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
322 jint result;
323
324 {
325 HandleMark hm(thread);
326 ThreadToNativeFromVM ttn(thread);
327 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
328 // code knows that we have left the VM
329 JNIEnv *env = thread->jni_environment();
330 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
331 }
332
333 JNIHandles::destroy_local(cls);
334
335 // These numbers are chosen so that VerifyClassCodes interface doesn't need
336 // to be changed (still return jboolean (unsigned char)), and result is
337 // 1 when verification is passed.
338 if (result == 0) {
339 return vmSymbols::java_lang_VerifyError();
340 } else if (result == 1) {
341 return nullptr; // verified.
342 } else if (result == 2) {
343 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
344 } else if (result == 3) {
345 return vmSymbols::java_lang_ClassFormatError();
346 } else {
347 ShouldNotReachHere();
348 return nullptr;
349 }
350 }
351
352 TypeOrigin TypeOrigin::null() {
353 return TypeOrigin();
354 }
355 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
356 assert(frame != nullptr, "Must have a frame");
357 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
358 frame->local_at(index));
359 }
360 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
361 assert(frame != nullptr, "Must have a frame");
362 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
363 frame->stack_at(index));
364 }
365 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
366 assert(frame != nullptr, "Must have a frame");
367 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
368 frame->local_at(index));
369 }
370 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
371 assert(frame != nullptr, "Must have a frame");
372 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
373 frame->stack_at(index));
374 }
375 TypeOrigin TypeOrigin::bad_index(int index) {
376 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
377 }
378 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
379 return TypeOrigin(CONST_POOL, index, nullptr, vt);
380 }
381 TypeOrigin TypeOrigin::signature(VerificationType vt) {
382 return TypeOrigin(SIG, 0, nullptr, vt);
383 }
384 TypeOrigin TypeOrigin::implicit(VerificationType t) {
385 return TypeOrigin(IMPLICIT, 0, nullptr, t);
386 }
387 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
388 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
389 VerificationType::bogus_type());
390 }
391
392 void TypeOrigin::reset_frame() {
393 if (_frame != nullptr) {
394 _frame->restore();
395 }
396 }
397
398 void TypeOrigin::details(outputStream* ss) const {
399 _type.print_on(ss);
400 switch (_origin) {
401 case CF_LOCALS:
402 ss->print(" (current frame, locals[%d])", _index);
403 break;
404 case CF_STACK:
405 ss->print(" (current frame, stack[%d])", _index);
406 break;
407 case SM_LOCALS:
408 ss->print(" (stack map, locals[%d])", _index);
409 break;
410 case SM_STACK:
411 ss->print(" (stack map, stack[%d])", _index);
412 break;
413 case CONST_POOL:
414 ss->print(" (constant pool %d)", _index);
415 break;
416 case SIG:
417 ss->print(" (from method signature)");
418 break;
419 case IMPLICIT:
420 case FRAME_ONLY:
421 case NONE:
422 default:
423 ;
424 }
425 }
426
427 #ifdef ASSERT
428 void TypeOrigin::print_on(outputStream* str) const {
429 str->print("{%d,%d,%p:", _origin, _index, _frame);
430 if (_frame != nullptr) {
431 _frame->print_on(str);
432 } else {
433 str->print("null");
434 }
435 str->print(",");
436 _type.print_on(str);
437 str->print("}");
438 }
439 #endif
440
441 void ErrorContext::details(outputStream* ss, const Method* method) const {
442 if (is_valid()) {
443 ss->cr();
444 ss->print_cr("Exception Details:");
445 location_details(ss, method);
446 reason_details(ss);
447 frame_details(ss);
448 bytecode_details(ss, method);
449 handler_details(ss, method);
450 stackmap_details(ss, method);
451 }
452 }
453
454 void ErrorContext::reason_details(outputStream* ss) const {
455 streamIndentor si(ss);
456 ss->indent().print_cr("Reason:");
457 streamIndentor si2(ss);
458 ss->indent().print("%s", "");
459 switch (_fault) {
460 case INVALID_BYTECODE:
461 ss->print("Error exists in the bytecode");
462 break;
463 case WRONG_TYPE:
464 if (_expected.is_valid()) {
465 ss->print("Type ");
466 _type.details(ss);
467 ss->print(" is not assignable to ");
468 _expected.details(ss);
469 } else {
470 ss->print("Invalid type: ");
471 _type.details(ss);
472 }
473 break;
474 case FLAGS_MISMATCH:
475 if (_expected.is_valid()) {
476 ss->print("Current frame's flags are not assignable "
477 "to stack map frame's.");
478 } else {
479 ss->print("Current frame's flags are invalid in this context.");
480 }
481 break;
482 case BAD_CP_INDEX:
483 ss->print("Constant pool index %d is invalid", _type.index());
484 break;
485 case BAD_LOCAL_INDEX:
486 ss->print("Local index %d is invalid", _type.index());
487 break;
488 case LOCALS_SIZE_MISMATCH:
489 ss->print("Current frame's local size doesn't match stackmap.");
490 break;
491 case STACK_SIZE_MISMATCH:
492 ss->print("Current frame's stack size doesn't match stackmap.");
493 break;
494 case STACK_OVERFLOW:
495 ss->print("Exceeded max stack size.");
496 break;
497 case STACK_UNDERFLOW:
498 ss->print("Attempt to pop empty stack.");
499 break;
500 case MISSING_STACKMAP:
501 ss->print("Expected stackmap frame at this location.");
502 break;
503 case BAD_STACKMAP:
504 ss->print("Invalid stackmap specification.");
505 break;
506 case WRONG_INLINE_TYPE:
507 ss->print("Type ");
508 _type.details(ss);
509 ss->print(" and type ");
510 _expected.details(ss);
511 ss->print(" must be identical inline types.");
512 break;
513 case UNKNOWN:
514 default:
515 ShouldNotReachHere();
516 ss->print_cr("Unknown");
517 }
518 ss->cr();
519 }
520
521 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
522 if (_bci != -1 && method != nullptr) {
523 streamIndentor si(ss);
524 const char* bytecode_name = "<invalid>";
525 if (method->validate_bci(_bci) != -1) {
526 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
527 if (Bytecodes::is_defined(code)) {
528 bytecode_name = Bytecodes::name(code);
529 } else {
530 bytecode_name = "<illegal>";
531 }
532 }
533 InstanceKlass* ik = method->method_holder();
534 ss->indent().print_cr("Location:");
535 streamIndentor si2(ss);
536 ss->indent().print_cr("%s.%s%s @%d: %s",
537 ik->name()->as_C_string(), method->name()->as_C_string(),
538 method->signature()->as_C_string(), _bci, bytecode_name);
539 }
540 }
541
542 void ErrorContext::frame_details(outputStream* ss) const {
543 streamIndentor si(ss);
544 if (_type.is_valid() && _type.frame() != nullptr) {
545 ss->indent().print_cr("Current Frame:");
546 streamIndentor si2(ss);
547 _type.frame()->print_on(ss);
548 }
549 if (_expected.is_valid() && _expected.frame() != nullptr) {
550 ss->indent().print_cr("Stackmap Frame:");
551 streamIndentor si2(ss);
552 _expected.frame()->print_on(ss);
553 }
554 }
555
556 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
557 if (method != nullptr) {
558 streamIndentor si(ss);
559 ss->indent().print_cr("Bytecode:");
560 streamIndentor si2(ss);
561 ss->print_data(method->code_base(), method->code_size(), false);
562 }
563 }
564
565 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
566 if (method != nullptr) {
567 streamIndentor si(ss);
568 ExceptionTable table(method);
569 if (table.length() > 0) {
570 ss->indent().print_cr("Exception Handler Table:");
571 streamIndentor si2(ss);
572 for (int i = 0; i < table.length(); ++i) {
573 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
574 table.end_pc(i), table.handler_pc(i));
575 }
576 }
577 }
578 }
579
580 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
581 if (method != nullptr && method->has_stackmap_table()) {
582 streamIndentor si(ss);
583 ss->indent().print_cr("Stackmap Table:");
584 Array<u1>* data = method->stackmap_data();
585 stack_map_table* sm_table =
586 stack_map_table::at((address)data->adr_at(0));
587 stack_map_frame* sm_frame = sm_table->entries();
588 streamIndentor si2(ss);
589 int current_offset = -1;
590 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
591 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
592 ss->indent();
593 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
594 sm_frame->print_truncated(ss, current_offset);
595 return;
596 }
597 sm_frame->print_on(ss, current_offset);
598 ss->cr();
599 current_offset += sm_frame->offset_delta();
600 sm_frame = sm_frame->next();
601 }
602 }
603 }
604
605 // Methods in ClassVerifier
606
607 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
608 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
609 _message(nullptr), _klass(klass) {
610 _this_type = VerificationType::reference_type(klass->name());
611 }
612
613 ClassVerifier::~ClassVerifier() {
614 // Decrement the reference count for any symbols created.
615 if (_symbols != nullptr) {
616 for (int i = 0; i < _symbols->length(); i++) {
617 Symbol* s = _symbols->at(i);
618 s->decrement_refcount();
619 }
620 }
621 }
622
623 VerificationType ClassVerifier::object_type() const {
624 return VerificationType::reference_type(vmSymbols::java_lang_Object());
625 }
626
627 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
628 VerificationType vt = VerificationType::reference_type(
629 create_temporary_symbol(sig, (int)strlen(sig)));
630 return TypeOrigin::implicit(vt);
631 }
632
633 static bool supports_strict_fields(InstanceKlass* klass) {
634 int ver = klass->major_version();
635 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
636 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
637 }
638
639 void ClassVerifier::verify_class(TRAPS) {
640 log_info(verification)("Verifying class %s with new format", _klass->external_name());
641
642 // Either verifying both local and remote classes or just remote classes.
643 assert(BytecodeVerificationRemote, "Should not be here");
644
645 Array<Method*>* methods = _klass->methods();
646 int num_methods = methods->length();
647
648 for (int index = 0; index < num_methods; index++) {
649 // Check for recursive re-verification before each method.
650 if (was_recursively_verified()) return;
651
652 Method* m = methods->at(index);
653 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
654 // If m is native or abstract, skip it. It is checked in class file
655 // parser that methods do not override a final method. Overpass methods
656 // are trusted since the VM generates them.
657 continue;
658 }
659 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
660 }
661
662 if (was_recursively_verified()){
663 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
664 log_info(class, init)("Recursive verification detected for: %s",
665 _klass->external_name());
666 }
667 }
668
669 // Translate the signature entries into verification types and save them in
670 // the growable array. Also, save the count of arguments.
671 void ClassVerifier::translate_signature(Symbol* const method_sig,
672 sig_as_verification_types* sig_verif_types) {
673 SignatureStream sig_stream(method_sig);
674 VerificationType sig_type[2];
675 int sig_i = 0;
676 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
677
678 // Translate the signature arguments into verification types.
679 while (!sig_stream.at_return_type()) {
680 int n = change_sig_to_verificationType(&sig_stream, sig_type);
681 assert(n <= 2, "Unexpected signature type");
682
683 // Store verification type(s). Longs and Doubles each have two verificationTypes.
684 for (int x = 0; x < n; x++) {
685 verif_types->push(sig_type[x]);
686 }
687 sig_i += n;
688 sig_stream.next();
689 }
690
691 // Set final arg count, not including the return type. The final arg count will
692 // be compared with sig_verify_types' length to see if there is a return type.
693 sig_verif_types->set_num_args(sig_i);
694
695 // Store verification type(s) for the return type, if there is one.
696 if (sig_stream.type() != T_VOID) {
697 int n = change_sig_to_verificationType(&sig_stream, sig_type);
698 assert(n <= 2, "Unexpected signature return type");
699 for (int y = 0; y < n; y++) {
700 verif_types->push(sig_type[y]);
701 }
702 }
703 }
704
705 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
706 int sig_index) {
707 // Translate the signature into verification types.
708 ConstantPool* cp = _klass->constants();
709 Symbol* const method_sig = cp->symbol_at(sig_index);
710 translate_signature(method_sig, sig_verif_types);
711
712 // Add the list of this signature's verification types to the table.
713 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
714 assert(is_unique, "Duplicate entries in method_signature_table");
715 }
716
717 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
718 HandleMark hm(THREAD);
719 _method = m; // initialize _method
720 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
721
722 // For clang, the only good constant format string is a literal constant format string.
723 #define bad_type_msg "Bad type on operand stack in %s"
724
725 u2 max_stack = m->verifier_max_stack();
726 u2 max_locals = m->max_locals();
727 constantPoolHandle cp(THREAD, m->constants());
728
729 // Method signature was checked in ClassFileParser.
730 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
731 "Invalid method signature");
732
733 // Initial stack map frame: offset is 0, stack is initially empty.
734 StackMapFrame current_frame(max_locals, max_stack, this);
735 // Set initial locals
736 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
737
738 u2 stackmap_index = 0; // index to the stackmap array
739
740 u4 code_length = m->code_size();
741
742 // Scan the bytecode and map each instruction's start offset to a number.
743 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
744
745 int ex_min = code_length;
746 int ex_max = -1;
747 // Look through each item on the exception table. Each of the fields must refer
748 // to a legal instruction.
749 if (was_recursively_verified()) return;
750 verify_exception_handler_table(
751 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
752
753 // Look through each entry on the local variable table and make sure
754 // its range of code array offsets is valid. (4169817)
755 if (m->has_localvariable_table()) {
756 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
757 }
758
759 Array<u1>* stackmap_data = m->stackmap_data();
760 StackMapStream stream(stackmap_data);
761 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
762 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
763 code_data, code_length, CHECK_VERIFY(this));
764
765 LogTarget(Debug, verification) lt;
766 if (lt.is_enabled()) {
767 ResourceMark rm(THREAD);
768 LogStream ls(lt);
769 stackmap_table.print_on(&ls);
770 }
771
772 RawBytecodeStream bcs(m);
773
774 // Scan the byte code linearly from the start to the end
775 bool no_control_flow = false; // Set to true when there is no direct control
776 // flow from current instruction to the next
777 // instruction in sequence
778
779 Bytecodes::Code opcode;
780 while (!bcs.is_last_bytecode()) {
781 // Check for recursive re-verification before each bytecode.
782 if (was_recursively_verified()) return;
783
784 opcode = bcs.raw_next();
785 int bci = bcs.bci();
786
787 // Set current frame's offset to bci
788 current_frame.set_offset(bci);
789 current_frame.set_mark();
790
791 // Make sure every offset in stackmap table point to the beginning to
792 // an instruction. Match current_frame to stackmap_table entry with
793 // the same offset if exists.
794 stackmap_index = verify_stackmap_table(
795 stackmap_index, bci, ¤t_frame, &stackmap_table,
796 no_control_flow, CHECK_VERIFY(this));
797
798
799 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
800 bool verified_exc_handlers = false;
801
802 // Merge with the next instruction
803 {
804 int target;
805 VerificationType type, type2;
806 VerificationType atype;
807
808 LogTarget(Debug, verification) lt;
809 if (lt.is_enabled()) {
810 ResourceMark rm(THREAD);
811 LogStream ls(lt);
812 current_frame.print_on(&ls);
813 lt.print("offset = %d, opcode = %s", bci,
814 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
815 }
816
817 // Make sure wide instruction is in correct format
818 if (bcs.is_wide()) {
819 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
820 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
821 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
822 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
823 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
824 opcode != Bytecodes::_dstore) {
825 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
826 * if we encounter a wide instruction that modifies an invalid
827 * opcode (not one of the ones listed above) */
828 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
829 return;
830 }
831 }
832
833 // Look for possible jump target in exception handlers and see if it
834 // matches current_frame. Do this check here for astore*, dstore*,
835 // fstore*, istore*, and lstore* opcodes because they can change the type
836 // state by adding a local. JVM Spec says that the incoming type state
837 // should be used for this check. So, do the check here before a possible
838 // local is added to the type state.
839 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
840 if (was_recursively_verified()) return;
841 verify_exception_handler_targets(
842 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
843 verified_exc_handlers = true;
844 }
845
846 if (was_recursively_verified()) return;
847
848 switch (opcode) {
849 case Bytecodes::_nop :
850 no_control_flow = false; break;
851 case Bytecodes::_aconst_null :
852 current_frame.push_stack(
853 VerificationType::null_type(), CHECK_VERIFY(this));
854 no_control_flow = false; break;
855 case Bytecodes::_iconst_m1 :
856 case Bytecodes::_iconst_0 :
857 case Bytecodes::_iconst_1 :
858 case Bytecodes::_iconst_2 :
859 case Bytecodes::_iconst_3 :
860 case Bytecodes::_iconst_4 :
861 case Bytecodes::_iconst_5 :
862 current_frame.push_stack(
863 VerificationType::integer_type(), CHECK_VERIFY(this));
864 no_control_flow = false; break;
865 case Bytecodes::_lconst_0 :
866 case Bytecodes::_lconst_1 :
867 current_frame.push_stack_2(
868 VerificationType::long_type(),
869 VerificationType::long2_type(), CHECK_VERIFY(this));
870 no_control_flow = false; break;
871 case Bytecodes::_fconst_0 :
872 case Bytecodes::_fconst_1 :
873 case Bytecodes::_fconst_2 :
874 current_frame.push_stack(
875 VerificationType::float_type(), CHECK_VERIFY(this));
876 no_control_flow = false; break;
877 case Bytecodes::_dconst_0 :
878 case Bytecodes::_dconst_1 :
879 current_frame.push_stack_2(
880 VerificationType::double_type(),
881 VerificationType::double2_type(), CHECK_VERIFY(this));
882 no_control_flow = false; break;
883 case Bytecodes::_sipush :
884 case Bytecodes::_bipush :
885 current_frame.push_stack(
886 VerificationType::integer_type(), CHECK_VERIFY(this));
887 no_control_flow = false; break;
888 case Bytecodes::_ldc :
889 verify_ldc(
890 opcode, bcs.get_index_u1(), ¤t_frame,
891 cp, bci, CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_ldc_w :
894 case Bytecodes::_ldc2_w :
895 verify_ldc(
896 opcode, bcs.get_index_u2(), ¤t_frame,
897 cp, bci, CHECK_VERIFY(this));
898 no_control_flow = false; break;
899 case Bytecodes::_iload :
900 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
901 no_control_flow = false; break;
902 case Bytecodes::_iload_0 :
903 case Bytecodes::_iload_1 :
904 case Bytecodes::_iload_2 :
905 case Bytecodes::_iload_3 : {
906 int index = opcode - Bytecodes::_iload_0;
907 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
908 no_control_flow = false; break;
909 }
910 case Bytecodes::_lload :
911 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
912 no_control_flow = false; break;
913 case Bytecodes::_lload_0 :
914 case Bytecodes::_lload_1 :
915 case Bytecodes::_lload_2 :
916 case Bytecodes::_lload_3 : {
917 int index = opcode - Bytecodes::_lload_0;
918 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
919 no_control_flow = false; break;
920 }
921 case Bytecodes::_fload :
922 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
923 no_control_flow = false; break;
924 case Bytecodes::_fload_0 :
925 case Bytecodes::_fload_1 :
926 case Bytecodes::_fload_2 :
927 case Bytecodes::_fload_3 : {
928 int index = opcode - Bytecodes::_fload_0;
929 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
930 no_control_flow = false; break;
931 }
932 case Bytecodes::_dload :
933 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
934 no_control_flow = false; break;
935 case Bytecodes::_dload_0 :
936 case Bytecodes::_dload_1 :
937 case Bytecodes::_dload_2 :
938 case Bytecodes::_dload_3 : {
939 int index = opcode - Bytecodes::_dload_0;
940 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
941 no_control_flow = false; break;
942 }
943 case Bytecodes::_aload :
944 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
945 no_control_flow = false; break;
946 case Bytecodes::_aload_0 :
947 case Bytecodes::_aload_1 :
948 case Bytecodes::_aload_2 :
949 case Bytecodes::_aload_3 : {
950 int index = opcode - Bytecodes::_aload_0;
951 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
952 no_control_flow = false; break;
953 }
954 case Bytecodes::_iaload :
955 type = current_frame.pop_stack(
956 VerificationType::integer_type(), CHECK_VERIFY(this));
957 atype = current_frame.pop_stack(
958 VerificationType::reference_check(), CHECK_VERIFY(this));
959 if (!atype.is_int_array()) {
960 verify_error(ErrorContext::bad_type(bci,
961 current_frame.stack_top_ctx(), ref_ctx("[I")),
962 bad_type_msg, "iaload");
963 return;
964 }
965 current_frame.push_stack(
966 VerificationType::integer_type(), CHECK_VERIFY(this));
967 no_control_flow = false; break;
968 case Bytecodes::_baload :
969 type = current_frame.pop_stack(
970 VerificationType::integer_type(), CHECK_VERIFY(this));
971 atype = current_frame.pop_stack(
972 VerificationType::reference_check(), CHECK_VERIFY(this));
973 if (!atype.is_bool_array() && !atype.is_byte_array()) {
974 verify_error(
975 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
976 bad_type_msg, "baload");
977 return;
978 }
979 current_frame.push_stack(
980 VerificationType::integer_type(), CHECK_VERIFY(this));
981 no_control_flow = false; break;
982 case Bytecodes::_caload :
983 type = current_frame.pop_stack(
984 VerificationType::integer_type(), CHECK_VERIFY(this));
985 atype = current_frame.pop_stack(
986 VerificationType::reference_check(), CHECK_VERIFY(this));
987 if (!atype.is_char_array()) {
988 verify_error(ErrorContext::bad_type(bci,
989 current_frame.stack_top_ctx(), ref_ctx("[C")),
990 bad_type_msg, "caload");
991 return;
992 }
993 current_frame.push_stack(
994 VerificationType::integer_type(), CHECK_VERIFY(this));
995 no_control_flow = false; break;
996 case Bytecodes::_saload :
997 type = current_frame.pop_stack(
998 VerificationType::integer_type(), CHECK_VERIFY(this));
999 atype = current_frame.pop_stack(
1000 VerificationType::reference_check(), CHECK_VERIFY(this));
1001 if (!atype.is_short_array()) {
1002 verify_error(ErrorContext::bad_type(bci,
1003 current_frame.stack_top_ctx(), ref_ctx("[S")),
1004 bad_type_msg, "saload");
1005 return;
1006 }
1007 current_frame.push_stack(
1008 VerificationType::integer_type(), CHECK_VERIFY(this));
1009 no_control_flow = false; break;
1010 case Bytecodes::_laload :
1011 type = current_frame.pop_stack(
1012 VerificationType::integer_type(), CHECK_VERIFY(this));
1013 atype = current_frame.pop_stack(
1014 VerificationType::reference_check(), CHECK_VERIFY(this));
1015 if (!atype.is_long_array()) {
1016 verify_error(ErrorContext::bad_type(bci,
1017 current_frame.stack_top_ctx(), ref_ctx("[J")),
1018 bad_type_msg, "laload");
1019 return;
1020 }
1021 current_frame.push_stack_2(
1022 VerificationType::long_type(),
1023 VerificationType::long2_type(), CHECK_VERIFY(this));
1024 no_control_flow = false; break;
1025 case Bytecodes::_faload :
1026 type = current_frame.pop_stack(
1027 VerificationType::integer_type(), CHECK_VERIFY(this));
1028 atype = current_frame.pop_stack(
1029 VerificationType::reference_check(), CHECK_VERIFY(this));
1030 if (!atype.is_float_array()) {
1031 verify_error(ErrorContext::bad_type(bci,
1032 current_frame.stack_top_ctx(), ref_ctx("[F")),
1033 bad_type_msg, "faload");
1034 return;
1035 }
1036 current_frame.push_stack(
1037 VerificationType::float_type(), CHECK_VERIFY(this));
1038 no_control_flow = false; break;
1039 case Bytecodes::_daload :
1040 type = current_frame.pop_stack(
1041 VerificationType::integer_type(), CHECK_VERIFY(this));
1042 atype = current_frame.pop_stack(
1043 VerificationType::reference_check(), CHECK_VERIFY(this));
1044 if (!atype.is_double_array()) {
1045 verify_error(ErrorContext::bad_type(bci,
1046 current_frame.stack_top_ctx(), ref_ctx("[D")),
1047 bad_type_msg, "daload");
1048 return;
1049 }
1050 current_frame.push_stack_2(
1051 VerificationType::double_type(),
1052 VerificationType::double2_type(), CHECK_VERIFY(this));
1053 no_control_flow = false; break;
1054 case Bytecodes::_aaload : {
1055 type = current_frame.pop_stack(
1056 VerificationType::integer_type(), CHECK_VERIFY(this));
1057 atype = current_frame.pop_stack(
1058 VerificationType::reference_check(), CHECK_VERIFY(this));
1059 if (!atype.is_reference_array()) {
1060 verify_error(ErrorContext::bad_type(bci,
1061 current_frame.stack_top_ctx(),
1062 TypeOrigin::implicit(VerificationType::reference_check())),
1063 bad_type_msg, "aaload");
1064 return;
1065 }
1066 if (atype.is_null()) {
1067 current_frame.push_stack(
1068 VerificationType::null_type(), CHECK_VERIFY(this));
1069 } else {
1070 VerificationType component = atype.get_component(this);
1071 current_frame.push_stack(component, CHECK_VERIFY(this));
1072 }
1073 no_control_flow = false; break;
1074 }
1075 case Bytecodes::_istore :
1076 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1077 no_control_flow = false; break;
1078 case Bytecodes::_istore_0 :
1079 case Bytecodes::_istore_1 :
1080 case Bytecodes::_istore_2 :
1081 case Bytecodes::_istore_3 : {
1082 int index = opcode - Bytecodes::_istore_0;
1083 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1084 no_control_flow = false; break;
1085 }
1086 case Bytecodes::_lstore :
1087 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1088 no_control_flow = false; break;
1089 case Bytecodes::_lstore_0 :
1090 case Bytecodes::_lstore_1 :
1091 case Bytecodes::_lstore_2 :
1092 case Bytecodes::_lstore_3 : {
1093 int index = opcode - Bytecodes::_lstore_0;
1094 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1095 no_control_flow = false; break;
1096 }
1097 case Bytecodes::_fstore :
1098 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1099 no_control_flow = false; break;
1100 case Bytecodes::_fstore_0 :
1101 case Bytecodes::_fstore_1 :
1102 case Bytecodes::_fstore_2 :
1103 case Bytecodes::_fstore_3 : {
1104 int index = opcode - Bytecodes::_fstore_0;
1105 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1106 no_control_flow = false; break;
1107 }
1108 case Bytecodes::_dstore :
1109 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1110 no_control_flow = false; break;
1111 case Bytecodes::_dstore_0 :
1112 case Bytecodes::_dstore_1 :
1113 case Bytecodes::_dstore_2 :
1114 case Bytecodes::_dstore_3 : {
1115 int index = opcode - Bytecodes::_dstore_0;
1116 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1117 no_control_flow = false; break;
1118 }
1119 case Bytecodes::_astore :
1120 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1121 no_control_flow = false; break;
1122 case Bytecodes::_astore_0 :
1123 case Bytecodes::_astore_1 :
1124 case Bytecodes::_astore_2 :
1125 case Bytecodes::_astore_3 : {
1126 int index = opcode - Bytecodes::_astore_0;
1127 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1128 no_control_flow = false; break;
1129 }
1130 case Bytecodes::_iastore :
1131 type = current_frame.pop_stack(
1132 VerificationType::integer_type(), CHECK_VERIFY(this));
1133 type2 = current_frame.pop_stack(
1134 VerificationType::integer_type(), CHECK_VERIFY(this));
1135 atype = current_frame.pop_stack(
1136 VerificationType::reference_check(), CHECK_VERIFY(this));
1137 if (!atype.is_int_array()) {
1138 verify_error(ErrorContext::bad_type(bci,
1139 current_frame.stack_top_ctx(), ref_ctx("[I")),
1140 bad_type_msg, "iastore");
1141 return;
1142 }
1143 no_control_flow = false; break;
1144 case Bytecodes::_bastore :
1145 type = current_frame.pop_stack(
1146 VerificationType::integer_type(), CHECK_VERIFY(this));
1147 type2 = current_frame.pop_stack(
1148 VerificationType::integer_type(), CHECK_VERIFY(this));
1149 atype = current_frame.pop_stack(
1150 VerificationType::reference_check(), CHECK_VERIFY(this));
1151 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1152 verify_error(
1153 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1154 bad_type_msg, "bastore");
1155 return;
1156 }
1157 no_control_flow = false; break;
1158 case Bytecodes::_castore :
1159 current_frame.pop_stack(
1160 VerificationType::integer_type(), CHECK_VERIFY(this));
1161 current_frame.pop_stack(
1162 VerificationType::integer_type(), CHECK_VERIFY(this));
1163 atype = current_frame.pop_stack(
1164 VerificationType::reference_check(), CHECK_VERIFY(this));
1165 if (!atype.is_char_array()) {
1166 verify_error(ErrorContext::bad_type(bci,
1167 current_frame.stack_top_ctx(), ref_ctx("[C")),
1168 bad_type_msg, "castore");
1169 return;
1170 }
1171 no_control_flow = false; break;
1172 case Bytecodes::_sastore :
1173 current_frame.pop_stack(
1174 VerificationType::integer_type(), CHECK_VERIFY(this));
1175 current_frame.pop_stack(
1176 VerificationType::integer_type(), CHECK_VERIFY(this));
1177 atype = current_frame.pop_stack(
1178 VerificationType::reference_check(), CHECK_VERIFY(this));
1179 if (!atype.is_short_array()) {
1180 verify_error(ErrorContext::bad_type(bci,
1181 current_frame.stack_top_ctx(), ref_ctx("[S")),
1182 bad_type_msg, "sastore");
1183 return;
1184 }
1185 no_control_flow = false; break;
1186 case Bytecodes::_lastore :
1187 current_frame.pop_stack_2(
1188 VerificationType::long2_type(),
1189 VerificationType::long_type(), CHECK_VERIFY(this));
1190 current_frame.pop_stack(
1191 VerificationType::integer_type(), CHECK_VERIFY(this));
1192 atype = current_frame.pop_stack(
1193 VerificationType::reference_check(), CHECK_VERIFY(this));
1194 if (!atype.is_long_array()) {
1195 verify_error(ErrorContext::bad_type(bci,
1196 current_frame.stack_top_ctx(), ref_ctx("[J")),
1197 bad_type_msg, "lastore");
1198 return;
1199 }
1200 no_control_flow = false; break;
1201 case Bytecodes::_fastore :
1202 current_frame.pop_stack(
1203 VerificationType::float_type(), CHECK_VERIFY(this));
1204 current_frame.pop_stack
1205 (VerificationType::integer_type(), CHECK_VERIFY(this));
1206 atype = current_frame.pop_stack(
1207 VerificationType::reference_check(), CHECK_VERIFY(this));
1208 if (!atype.is_float_array()) {
1209 verify_error(ErrorContext::bad_type(bci,
1210 current_frame.stack_top_ctx(), ref_ctx("[F")),
1211 bad_type_msg, "fastore");
1212 return;
1213 }
1214 no_control_flow = false; break;
1215 case Bytecodes::_dastore :
1216 current_frame.pop_stack_2(
1217 VerificationType::double2_type(),
1218 VerificationType::double_type(), CHECK_VERIFY(this));
1219 current_frame.pop_stack(
1220 VerificationType::integer_type(), CHECK_VERIFY(this));
1221 atype = current_frame.pop_stack(
1222 VerificationType::reference_check(), CHECK_VERIFY(this));
1223 if (!atype.is_double_array()) {
1224 verify_error(ErrorContext::bad_type(bci,
1225 current_frame.stack_top_ctx(), ref_ctx("[D")),
1226 bad_type_msg, "dastore");
1227 return;
1228 }
1229 no_control_flow = false; break;
1230 case Bytecodes::_aastore :
1231 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1232 type2 = current_frame.pop_stack(
1233 VerificationType::integer_type(), CHECK_VERIFY(this));
1234 atype = current_frame.pop_stack(
1235 VerificationType::reference_check(), CHECK_VERIFY(this));
1236 // more type-checking is done at runtime
1237 if (!atype.is_reference_array()) {
1238 verify_error(ErrorContext::bad_type(bci,
1239 current_frame.stack_top_ctx(),
1240 TypeOrigin::implicit(VerificationType::reference_check())),
1241 bad_type_msg, "aastore");
1242 return;
1243 }
1244 // 4938384: relaxed constraint in JVMS 3rd edition.
1245 no_control_flow = false; break;
1246 case Bytecodes::_pop :
1247 current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 no_control_flow = false; break;
1250 case Bytecodes::_pop2 :
1251 type = current_frame.pop_stack(CHECK_VERIFY(this));
1252 if (type.is_category1()) {
1253 current_frame.pop_stack(
1254 VerificationType::category1_check(), CHECK_VERIFY(this));
1255 } else if (type.is_category2_2nd()) {
1256 current_frame.pop_stack(
1257 VerificationType::category2_check(), CHECK_VERIFY(this));
1258 } else {
1259 /* Unreachable? Would need a category2_1st on TOS
1260 * which does not appear possible. */
1261 verify_error(
1262 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1263 bad_type_msg, "pop2");
1264 return;
1265 }
1266 no_control_flow = false; break;
1267 case Bytecodes::_dup :
1268 type = current_frame.pop_stack(
1269 VerificationType::category1_check(), CHECK_VERIFY(this));
1270 current_frame.push_stack(type, CHECK_VERIFY(this));
1271 current_frame.push_stack(type, CHECK_VERIFY(this));
1272 no_control_flow = false; break;
1273 case Bytecodes::_dup_x1 :
1274 type = current_frame.pop_stack(
1275 VerificationType::category1_check(), CHECK_VERIFY(this));
1276 type2 = current_frame.pop_stack(
1277 VerificationType::category1_check(), CHECK_VERIFY(this));
1278 current_frame.push_stack(type, CHECK_VERIFY(this));
1279 current_frame.push_stack(type2, CHECK_VERIFY(this));
1280 current_frame.push_stack(type, CHECK_VERIFY(this));
1281 no_control_flow = false; break;
1282 case Bytecodes::_dup_x2 :
1283 {
1284 VerificationType type3;
1285 type = current_frame.pop_stack(
1286 VerificationType::category1_check(), CHECK_VERIFY(this));
1287 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1288 if (type2.is_category1()) {
1289 type3 = current_frame.pop_stack(
1290 VerificationType::category1_check(), CHECK_VERIFY(this));
1291 } else if (type2.is_category2_2nd()) {
1292 type3 = current_frame.pop_stack(
1293 VerificationType::category2_check(), CHECK_VERIFY(this));
1294 } else {
1295 /* Unreachable? Would need a category2_1st at stack depth 2 with
1296 * a category1 on TOS which does not appear possible. */
1297 verify_error(ErrorContext::bad_type(
1298 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1299 return;
1300 }
1301 current_frame.push_stack(type, CHECK_VERIFY(this));
1302 current_frame.push_stack(type3, CHECK_VERIFY(this));
1303 current_frame.push_stack(type2, CHECK_VERIFY(this));
1304 current_frame.push_stack(type, CHECK_VERIFY(this));
1305 no_control_flow = false; break;
1306 }
1307 case Bytecodes::_dup2 :
1308 type = current_frame.pop_stack(CHECK_VERIFY(this));
1309 if (type.is_category1()) {
1310 type2 = current_frame.pop_stack(
1311 VerificationType::category1_check(), CHECK_VERIFY(this));
1312 } else if (type.is_category2_2nd()) {
1313 type2 = current_frame.pop_stack(
1314 VerificationType::category2_check(), CHECK_VERIFY(this));
1315 } else {
1316 /* Unreachable? Would need a category2_1st on TOS which does not
1317 * appear possible. */
1318 verify_error(
1319 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1320 bad_type_msg, "dup2");
1321 return;
1322 }
1323 current_frame.push_stack(type2, CHECK_VERIFY(this));
1324 current_frame.push_stack(type, CHECK_VERIFY(this));
1325 current_frame.push_stack(type2, CHECK_VERIFY(this));
1326 current_frame.push_stack(type, CHECK_VERIFY(this));
1327 no_control_flow = false; break;
1328 case Bytecodes::_dup2_x1 :
1329 {
1330 VerificationType type3;
1331 type = current_frame.pop_stack(CHECK_VERIFY(this));
1332 if (type.is_category1()) {
1333 type2 = current_frame.pop_stack(
1334 VerificationType::category1_check(), CHECK_VERIFY(this));
1335 } else if (type.is_category2_2nd()) {
1336 type2 = current_frame.pop_stack(
1337 VerificationType::category2_check(), CHECK_VERIFY(this));
1338 } else {
1339 /* Unreachable? Would need a category2_1st on TOS which does
1340 * not appear possible. */
1341 verify_error(
1342 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1343 bad_type_msg, "dup2_x1");
1344 return;
1345 }
1346 type3 = current_frame.pop_stack(
1347 VerificationType::category1_check(), CHECK_VERIFY(this));
1348 current_frame.push_stack(type2, CHECK_VERIFY(this));
1349 current_frame.push_stack(type, CHECK_VERIFY(this));
1350 current_frame.push_stack(type3, CHECK_VERIFY(this));
1351 current_frame.push_stack(type2, CHECK_VERIFY(this));
1352 current_frame.push_stack(type, CHECK_VERIFY(this));
1353 no_control_flow = false; break;
1354 }
1355 case Bytecodes::_dup2_x2 :
1356 {
1357 VerificationType type3, type4;
1358 type = current_frame.pop_stack(CHECK_VERIFY(this));
1359 if (type.is_category1()) {
1360 type2 = current_frame.pop_stack(
1361 VerificationType::category1_check(), CHECK_VERIFY(this));
1362 } else if (type.is_category2_2nd()) {
1363 type2 = current_frame.pop_stack(
1364 VerificationType::category2_check(), CHECK_VERIFY(this));
1365 } else {
1366 /* Unreachable? Would need a category2_1st on TOS which does
1367 * not appear possible. */
1368 verify_error(
1369 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1370 bad_type_msg, "dup2_x2");
1371 return;
1372 }
1373 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1374 if (type3.is_category1()) {
1375 type4 = current_frame.pop_stack(
1376 VerificationType::category1_check(), CHECK_VERIFY(this));
1377 } else if (type3.is_category2_2nd()) {
1378 type4 = current_frame.pop_stack(
1379 VerificationType::category2_check(), CHECK_VERIFY(this));
1380 } else {
1381 /* Unreachable? Would need a category2_1st on TOS after popping
1382 * a long/double or two category 1's, which does not
1383 * appear possible. */
1384 verify_error(
1385 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1386 bad_type_msg, "dup2_x2");
1387 return;
1388 }
1389 current_frame.push_stack(type2, CHECK_VERIFY(this));
1390 current_frame.push_stack(type, CHECK_VERIFY(this));
1391 current_frame.push_stack(type4, CHECK_VERIFY(this));
1392 current_frame.push_stack(type3, CHECK_VERIFY(this));
1393 current_frame.push_stack(type2, CHECK_VERIFY(this));
1394 current_frame.push_stack(type, CHECK_VERIFY(this));
1395 no_control_flow = false; break;
1396 }
1397 case Bytecodes::_swap :
1398 type = current_frame.pop_stack(
1399 VerificationType::category1_check(), CHECK_VERIFY(this));
1400 type2 = current_frame.pop_stack(
1401 VerificationType::category1_check(), CHECK_VERIFY(this));
1402 current_frame.push_stack(type, CHECK_VERIFY(this));
1403 current_frame.push_stack(type2, CHECK_VERIFY(this));
1404 no_control_flow = false; break;
1405 case Bytecodes::_iadd :
1406 case Bytecodes::_isub :
1407 case Bytecodes::_imul :
1408 case Bytecodes::_idiv :
1409 case Bytecodes::_irem :
1410 case Bytecodes::_ishl :
1411 case Bytecodes::_ishr :
1412 case Bytecodes::_iushr :
1413 case Bytecodes::_ior :
1414 case Bytecodes::_ixor :
1415 case Bytecodes::_iand :
1416 current_frame.pop_stack(
1417 VerificationType::integer_type(), CHECK_VERIFY(this));
1418 // fall through
1419 case Bytecodes::_ineg :
1420 current_frame.pop_stack(
1421 VerificationType::integer_type(), CHECK_VERIFY(this));
1422 current_frame.push_stack(
1423 VerificationType::integer_type(), CHECK_VERIFY(this));
1424 no_control_flow = false; break;
1425 case Bytecodes::_ladd :
1426 case Bytecodes::_lsub :
1427 case Bytecodes::_lmul :
1428 case Bytecodes::_ldiv :
1429 case Bytecodes::_lrem :
1430 case Bytecodes::_land :
1431 case Bytecodes::_lor :
1432 case Bytecodes::_lxor :
1433 current_frame.pop_stack_2(
1434 VerificationType::long2_type(),
1435 VerificationType::long_type(), CHECK_VERIFY(this));
1436 // fall through
1437 case Bytecodes::_lneg :
1438 current_frame.pop_stack_2(
1439 VerificationType::long2_type(),
1440 VerificationType::long_type(), CHECK_VERIFY(this));
1441 current_frame.push_stack_2(
1442 VerificationType::long_type(),
1443 VerificationType::long2_type(), CHECK_VERIFY(this));
1444 no_control_flow = false; break;
1445 case Bytecodes::_lshl :
1446 case Bytecodes::_lshr :
1447 case Bytecodes::_lushr :
1448 current_frame.pop_stack(
1449 VerificationType::integer_type(), CHECK_VERIFY(this));
1450 current_frame.pop_stack_2(
1451 VerificationType::long2_type(),
1452 VerificationType::long_type(), CHECK_VERIFY(this));
1453 current_frame.push_stack_2(
1454 VerificationType::long_type(),
1455 VerificationType::long2_type(), CHECK_VERIFY(this));
1456 no_control_flow = false; break;
1457 case Bytecodes::_fadd :
1458 case Bytecodes::_fsub :
1459 case Bytecodes::_fmul :
1460 case Bytecodes::_fdiv :
1461 case Bytecodes::_frem :
1462 current_frame.pop_stack(
1463 VerificationType::float_type(), CHECK_VERIFY(this));
1464 // fall through
1465 case Bytecodes::_fneg :
1466 current_frame.pop_stack(
1467 VerificationType::float_type(), CHECK_VERIFY(this));
1468 current_frame.push_stack(
1469 VerificationType::float_type(), CHECK_VERIFY(this));
1470 no_control_flow = false; break;
1471 case Bytecodes::_dadd :
1472 case Bytecodes::_dsub :
1473 case Bytecodes::_dmul :
1474 case Bytecodes::_ddiv :
1475 case Bytecodes::_drem :
1476 current_frame.pop_stack_2(
1477 VerificationType::double2_type(),
1478 VerificationType::double_type(), CHECK_VERIFY(this));
1479 // fall through
1480 case Bytecodes::_dneg :
1481 current_frame.pop_stack_2(
1482 VerificationType::double2_type(),
1483 VerificationType::double_type(), CHECK_VERIFY(this));
1484 current_frame.push_stack_2(
1485 VerificationType::double_type(),
1486 VerificationType::double2_type(), CHECK_VERIFY(this));
1487 no_control_flow = false; break;
1488 case Bytecodes::_iinc :
1489 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1490 no_control_flow = false; break;
1491 case Bytecodes::_i2l :
1492 type = current_frame.pop_stack(
1493 VerificationType::integer_type(), CHECK_VERIFY(this));
1494 current_frame.push_stack_2(
1495 VerificationType::long_type(),
1496 VerificationType::long2_type(), CHECK_VERIFY(this));
1497 no_control_flow = false; break;
1498 case Bytecodes::_l2i :
1499 current_frame.pop_stack_2(
1500 VerificationType::long2_type(),
1501 VerificationType::long_type(), CHECK_VERIFY(this));
1502 current_frame.push_stack(
1503 VerificationType::integer_type(), CHECK_VERIFY(this));
1504 no_control_flow = false; break;
1505 case Bytecodes::_i2f :
1506 current_frame.pop_stack(
1507 VerificationType::integer_type(), CHECK_VERIFY(this));
1508 current_frame.push_stack(
1509 VerificationType::float_type(), CHECK_VERIFY(this));
1510 no_control_flow = false; break;
1511 case Bytecodes::_i2d :
1512 current_frame.pop_stack(
1513 VerificationType::integer_type(), CHECK_VERIFY(this));
1514 current_frame.push_stack_2(
1515 VerificationType::double_type(),
1516 VerificationType::double2_type(), CHECK_VERIFY(this));
1517 no_control_flow = false; break;
1518 case Bytecodes::_l2f :
1519 current_frame.pop_stack_2(
1520 VerificationType::long2_type(),
1521 VerificationType::long_type(), CHECK_VERIFY(this));
1522 current_frame.push_stack(
1523 VerificationType::float_type(), CHECK_VERIFY(this));
1524 no_control_flow = false; break;
1525 case Bytecodes::_l2d :
1526 current_frame.pop_stack_2(
1527 VerificationType::long2_type(),
1528 VerificationType::long_type(), CHECK_VERIFY(this));
1529 current_frame.push_stack_2(
1530 VerificationType::double_type(),
1531 VerificationType::double2_type(), CHECK_VERIFY(this));
1532 no_control_flow = false; break;
1533 case Bytecodes::_f2i :
1534 current_frame.pop_stack(
1535 VerificationType::float_type(), CHECK_VERIFY(this));
1536 current_frame.push_stack(
1537 VerificationType::integer_type(), CHECK_VERIFY(this));
1538 no_control_flow = false; break;
1539 case Bytecodes::_f2l :
1540 current_frame.pop_stack(
1541 VerificationType::float_type(), CHECK_VERIFY(this));
1542 current_frame.push_stack_2(
1543 VerificationType::long_type(),
1544 VerificationType::long2_type(), CHECK_VERIFY(this));
1545 no_control_flow = false; break;
1546 case Bytecodes::_f2d :
1547 current_frame.pop_stack(
1548 VerificationType::float_type(), CHECK_VERIFY(this));
1549 current_frame.push_stack_2(
1550 VerificationType::double_type(),
1551 VerificationType::double2_type(), CHECK_VERIFY(this));
1552 no_control_flow = false; break;
1553 case Bytecodes::_d2i :
1554 current_frame.pop_stack_2(
1555 VerificationType::double2_type(),
1556 VerificationType::double_type(), CHECK_VERIFY(this));
1557 current_frame.push_stack(
1558 VerificationType::integer_type(), CHECK_VERIFY(this));
1559 no_control_flow = false; break;
1560 case Bytecodes::_d2l :
1561 current_frame.pop_stack_2(
1562 VerificationType::double2_type(),
1563 VerificationType::double_type(), CHECK_VERIFY(this));
1564 current_frame.push_stack_2(
1565 VerificationType::long_type(),
1566 VerificationType::long2_type(), CHECK_VERIFY(this));
1567 no_control_flow = false; break;
1568 case Bytecodes::_d2f :
1569 current_frame.pop_stack_2(
1570 VerificationType::double2_type(),
1571 VerificationType::double_type(), CHECK_VERIFY(this));
1572 current_frame.push_stack(
1573 VerificationType::float_type(), CHECK_VERIFY(this));
1574 no_control_flow = false; break;
1575 case Bytecodes::_i2b :
1576 case Bytecodes::_i2c :
1577 case Bytecodes::_i2s :
1578 current_frame.pop_stack(
1579 VerificationType::integer_type(), CHECK_VERIFY(this));
1580 current_frame.push_stack(
1581 VerificationType::integer_type(), CHECK_VERIFY(this));
1582 no_control_flow = false; break;
1583 case Bytecodes::_lcmp :
1584 current_frame.pop_stack_2(
1585 VerificationType::long2_type(),
1586 VerificationType::long_type(), CHECK_VERIFY(this));
1587 current_frame.pop_stack_2(
1588 VerificationType::long2_type(),
1589 VerificationType::long_type(), CHECK_VERIFY(this));
1590 current_frame.push_stack(
1591 VerificationType::integer_type(), CHECK_VERIFY(this));
1592 no_control_flow = false; break;
1593 case Bytecodes::_fcmpl :
1594 case Bytecodes::_fcmpg :
1595 current_frame.pop_stack(
1596 VerificationType::float_type(), CHECK_VERIFY(this));
1597 current_frame.pop_stack(
1598 VerificationType::float_type(), CHECK_VERIFY(this));
1599 current_frame.push_stack(
1600 VerificationType::integer_type(), CHECK_VERIFY(this));
1601 no_control_flow = false; break;
1602 case Bytecodes::_dcmpl :
1603 case Bytecodes::_dcmpg :
1604 current_frame.pop_stack_2(
1605 VerificationType::double2_type(),
1606 VerificationType::double_type(), CHECK_VERIFY(this));
1607 current_frame.pop_stack_2(
1608 VerificationType::double2_type(),
1609 VerificationType::double_type(), CHECK_VERIFY(this));
1610 current_frame.push_stack(
1611 VerificationType::integer_type(), CHECK_VERIFY(this));
1612 no_control_flow = false; break;
1613 case Bytecodes::_if_icmpeq:
1614 case Bytecodes::_if_icmpne:
1615 case Bytecodes::_if_icmplt:
1616 case Bytecodes::_if_icmpge:
1617 case Bytecodes::_if_icmpgt:
1618 case Bytecodes::_if_icmple:
1619 current_frame.pop_stack(
1620 VerificationType::integer_type(), CHECK_VERIFY(this));
1621 // fall through
1622 case Bytecodes::_ifeq:
1623 case Bytecodes::_ifne:
1624 case Bytecodes::_iflt:
1625 case Bytecodes::_ifge:
1626 case Bytecodes::_ifgt:
1627 case Bytecodes::_ifle:
1628 current_frame.pop_stack(
1629 VerificationType::integer_type(), CHECK_VERIFY(this));
1630 target = bcs.dest();
1631 stackmap_table.check_jump_target(
1632 ¤t_frame, target, CHECK_VERIFY(this));
1633 no_control_flow = false; break;
1634 case Bytecodes::_if_acmpeq :
1635 case Bytecodes::_if_acmpne :
1636 current_frame.pop_stack(
1637 VerificationType::reference_check(), CHECK_VERIFY(this));
1638 // fall through
1639 case Bytecodes::_ifnull :
1640 case Bytecodes::_ifnonnull :
1641 current_frame.pop_stack(
1642 VerificationType::reference_check(), CHECK_VERIFY(this));
1643 target = bcs.dest();
1644 stackmap_table.check_jump_target
1645 (¤t_frame, target, CHECK_VERIFY(this));
1646 no_control_flow = false; break;
1647 case Bytecodes::_goto :
1648 target = bcs.dest();
1649 stackmap_table.check_jump_target(
1650 ¤t_frame, target, CHECK_VERIFY(this));
1651 no_control_flow = true; break;
1652 case Bytecodes::_goto_w :
1653 target = bcs.dest_w();
1654 stackmap_table.check_jump_target(
1655 ¤t_frame, target, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1657 case Bytecodes::_tableswitch :
1658 case Bytecodes::_lookupswitch :
1659 verify_switch(
1660 &bcs, code_length, code_data, ¤t_frame,
1661 &stackmap_table, CHECK_VERIFY(this));
1662 no_control_flow = true; break;
1663 case Bytecodes::_ireturn :
1664 type = current_frame.pop_stack(
1665 VerificationType::integer_type(), CHECK_VERIFY(this));
1666 verify_return_value(return_type, type, bci,
1667 ¤t_frame, CHECK_VERIFY(this));
1668 no_control_flow = true; break;
1669 case Bytecodes::_lreturn :
1670 type2 = current_frame.pop_stack(
1671 VerificationType::long2_type(), CHECK_VERIFY(this));
1672 type = current_frame.pop_stack(
1673 VerificationType::long_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_freturn :
1678 type = current_frame.pop_stack(
1679 VerificationType::float_type(), CHECK_VERIFY(this));
1680 verify_return_value(return_type, type, bci,
1681 ¤t_frame, CHECK_VERIFY(this));
1682 no_control_flow = true; break;
1683 case Bytecodes::_dreturn :
1684 type2 = current_frame.pop_stack(
1685 VerificationType::double2_type(), CHECK_VERIFY(this));
1686 type = current_frame.pop_stack(
1687 VerificationType::double_type(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_areturn :
1692 type = current_frame.pop_stack(
1693 VerificationType::reference_check(), CHECK_VERIFY(this));
1694 verify_return_value(return_type, type, bci,
1695 ¤t_frame, CHECK_VERIFY(this));
1696 no_control_flow = true; break;
1697 case Bytecodes::_return :
1698 if (return_type != VerificationType::bogus_type()) {
1699 verify_error(ErrorContext::bad_code(bci),
1700 "Method expects a return value");
1701 return;
1702 }
1703 // Make sure "this" has been initialized if current method is an
1704 // <init>.
1705 if (_method->is_object_constructor() &&
1706 current_frame.flag_this_uninit()) {
1707 verify_error(ErrorContext::bad_code(bci),
1708 "Constructor must call super() or this() "
1709 "before return");
1710 return;
1711 }
1712 no_control_flow = true; break;
1713 case Bytecodes::_getstatic :
1714 case Bytecodes::_putstatic :
1715 // pass TRUE, operand can be an array type for getstatic/putstatic.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_getfield :
1720 case Bytecodes::_putfield :
1721 // pass FALSE, operand can't be an array type for getfield/putfield.
1722 verify_field_instructions(
1723 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1724 no_control_flow = false; break;
1725 case Bytecodes::_invokevirtual :
1726 case Bytecodes::_invokespecial :
1727 case Bytecodes::_invokestatic :
1728 case Bytecodes::_invokeinterface :
1729 case Bytecodes::_invokedynamic :
1730 verify_invoke_instructions(
1731 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1732 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_new :
1735 {
1736 u2 index = bcs.get_index_u2();
1737 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1738 VerificationType new_class_type =
1739 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1740 if (!new_class_type.is_object()) {
1741 verify_error(ErrorContext::bad_type(bci,
1742 TypeOrigin::cp(index, new_class_type)),
1743 "Illegal new instruction");
1744 return;
1745 }
1746 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1747 current_frame.push_stack(type, CHECK_VERIFY(this));
1748 no_control_flow = false; break;
1749 }
1750 case Bytecodes::_newarray :
1751 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1752 current_frame.pop_stack(
1753 VerificationType::integer_type(), CHECK_VERIFY(this));
1754 current_frame.push_stack(type, CHECK_VERIFY(this));
1755 no_control_flow = false; break;
1756 case Bytecodes::_anewarray :
1757 verify_anewarray(
1758 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1759 no_control_flow = false; break;
1760 case Bytecodes::_arraylength :
1761 type = current_frame.pop_stack(
1762 VerificationType::reference_check(), CHECK_VERIFY(this));
1763 if (!(type.is_null() || type.is_array())) {
1764 verify_error(ErrorContext::bad_type(
1765 bci, current_frame.stack_top_ctx()),
1766 bad_type_msg, "arraylength");
1767 }
1768 current_frame.push_stack(
1769 VerificationType::integer_type(), CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 case Bytecodes::_checkcast :
1772 {
1773 u2 index = bcs.get_index_u2();
1774 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1775 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1776 VerificationType klass_type = cp_index_to_type(
1777 index, cp, CHECK_VERIFY(this));
1778 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1779 no_control_flow = false; break;
1780 }
1781 case Bytecodes::_instanceof : {
1782 u2 index = bcs.get_index_u2();
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1785 current_frame.push_stack(
1786 VerificationType::integer_type(), CHECK_VERIFY(this));
1787 no_control_flow = false; break;
1788 }
1789 case Bytecodes::_monitorenter :
1790 case Bytecodes::_monitorexit : {
1791 VerificationType ref = current_frame.pop_stack(
1792 VerificationType::reference_check(), CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 }
1795 case Bytecodes::_multianewarray :
1796 {
1797 u2 index = bcs.get_index_u2();
1798 u2 dim = *(bcs.bcp()+3);
1799 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1800 VerificationType new_array_type =
1801 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1802 if (!new_array_type.is_array()) {
1803 verify_error(ErrorContext::bad_type(bci,
1804 TypeOrigin::cp(index, new_array_type)),
1805 "Illegal constant pool index in multianewarray instruction");
1806 return;
1807 }
1808 if (dim < 1 || new_array_type.dimensions() < dim) {
1809 verify_error(ErrorContext::bad_code(bci),
1810 "Illegal dimension in multianewarray instruction: %d", dim);
1811 return;
1812 }
1813 for (int i = 0; i < dim; i++) {
1814 current_frame.pop_stack(
1815 VerificationType::integer_type(), CHECK_VERIFY(this));
1816 }
1817 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1818 no_control_flow = false; break;
1819 }
1820 case Bytecodes::_athrow :
1821 type = VerificationType::reference_type(
1822 vmSymbols::java_lang_Throwable());
1823 current_frame.pop_stack(type, CHECK_VERIFY(this));
1824 no_control_flow = true; break;
1825 default:
1826 // We only need to check the valid bytecodes in class file.
1827 // And jsr and ret are not in the new class file format in JDK1.6.
1828 verify_error(ErrorContext::bad_code(bci),
1829 "Bad instruction: %02x", opcode);
1830 no_control_flow = false;
1831 return;
1832 } // end switch
1833 } // end Merge with the next instruction
1834
1835 // Look for possible jump target in exception handlers and see if it matches
1836 // current_frame. Don't do this check if it has already been done (for
1837 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1838 // opcodes, such as invokespecial, may set the this_uninit flag.
1839 assert(!(verified_exc_handlers && this_uninit),
1840 "Exception handler targets got verified before this_uninit got set");
1841 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1842 if (was_recursively_verified()) return;
1843 verify_exception_handler_targets(
1844 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1845 }
1846 } // end while
1847
1848 // Make sure that control flow does not fall through end of the method
1849 if (!no_control_flow) {
1850 verify_error(ErrorContext::bad_code(code_length),
1851 "Control flow falls through code end");
1852 return;
1853 }
1854 }
1855
1856 #undef bad_type_message
1857
1858 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1859 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1860 memset(code_data, 0, sizeof(char) * code_length);
1861 RawBytecodeStream bcs(m);
1862
1863 while (!bcs.is_last_bytecode()) {
1864 if (bcs.raw_next() != Bytecodes::_illegal) {
1865 int bci = bcs.bci();
1866 if (bcs.raw_code() == Bytecodes::_new) {
1867 code_data[bci] = NEW_OFFSET;
1868 } else {
1869 code_data[bci] = BYTECODE_OFFSET;
1870 }
1871 } else {
1872 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1873 return nullptr;
1874 }
1875 }
1876
1877 return code_data;
1878 }
1879
1880 // Since this method references the constant pool, call was_recursively_verified()
1881 // before calling this method to make sure a prior class load did not cause the
1882 // current class to get verified.
1883 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1884 ExceptionTable exhandlers(_method());
1885 int exlength = exhandlers.length();
1886 constantPoolHandle cp (THREAD, _method->constants());
1887
1888 for(int i = 0; i < exlength; i++) {
1889 u2 start_pc = exhandlers.start_pc(i);
1890 u2 end_pc = exhandlers.end_pc(i);
1891 u2 handler_pc = exhandlers.handler_pc(i);
1892 if (start_pc >= code_length || code_data[start_pc] == 0) {
1893 class_format_error("Illegal exception table start_pc %d", start_pc);
1894 return;
1895 }
1896 if (end_pc != code_length) { // special case: end_pc == code_length
1897 if (end_pc > code_length || code_data[end_pc] == 0) {
1898 class_format_error("Illegal exception table end_pc %d", end_pc);
1899 return;
1900 }
1901 }
1902 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1903 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1904 return;
1905 }
1906 u2 catch_type_index = exhandlers.catch_type_index(i);
1907 if (catch_type_index != 0) {
1908 VerificationType catch_type = cp_index_to_type(
1909 catch_type_index, cp, CHECK_VERIFY(this));
1910 VerificationType throwable =
1911 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1912 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1913 // do that, and we need to avoid a runtime resolution in case we are trying to
1914 // catch OutOfMemoryError.
1915 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1916 cp->klass_at(catch_type_index, CHECK);
1917 }
1918 bool is_subclass = throwable.is_assignable_from(
1919 catch_type, this, false, CHECK_VERIFY(this));
1920 if (!is_subclass) {
1921 // 4286534: should throw VerifyError according to recent spec change
1922 verify_error(ErrorContext::bad_type(handler_pc,
1923 TypeOrigin::cp(catch_type_index, catch_type),
1924 TypeOrigin::implicit(throwable)),
1925 "Catch type is not a subclass "
1926 "of Throwable in exception handler %d", handler_pc);
1927 return;
1928 }
1929 }
1930 if (start_pc < min) min = start_pc;
1931 if (end_pc > max) max = end_pc;
1932 }
1933 }
1934
1935 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1936 int localvariable_table_length = _method->localvariable_table_length();
1937 if (localvariable_table_length > 0) {
1938 LocalVariableTableElement* table = _method->localvariable_table_start();
1939 for (int i = 0; i < localvariable_table_length; i++) {
1940 u2 start_bci = table[i].start_bci;
1941 u2 length = table[i].length;
1942
1943 if (start_bci >= code_length || code_data[start_bci] == 0) {
1944 class_format_error(
1945 "Illegal local variable table start_pc %d", start_bci);
1946 return;
1947 }
1948 u4 end_bci = (u4)(start_bci + length);
1949 if (end_bci != code_length) {
1950 if (end_bci >= code_length || code_data[end_bci] == 0) {
1951 class_format_error( "Illegal local variable table length %d", length);
1952 return;
1953 }
1954 }
1955 }
1956 }
1957 }
1958
1959 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1960 StackMapFrame* current_frame,
1961 StackMapTable* stackmap_table,
1962 bool no_control_flow, TRAPS) {
1963 if (stackmap_index < stackmap_table->get_frame_count()) {
1964 int this_offset = stackmap_table->get_offset(stackmap_index);
1965 if (no_control_flow && this_offset > bci) {
1966 verify_error(ErrorContext::missing_stackmap(bci),
1967 "Expecting a stack map frame");
1968 return 0;
1969 }
1970 if (this_offset == bci) {
1971 ErrorContext ctx;
1972 // See if current stack map can be assigned to the frame in table.
1973 // current_frame is the stackmap frame got from the last instruction.
1974 // If matched, current_frame will be updated by this method.
1975 bool matches = stackmap_table->match_stackmap(
1976 current_frame, this_offset, stackmap_index,
1977 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1978 if (!matches) {
1979 // report type error
1980 verify_error(ctx, "Instruction type does not match stack map");
1981 return 0;
1982 }
1983 stackmap_index++;
1984 } else if (this_offset < bci) {
1985 // current_offset should have met this_offset.
1986 class_format_error("Bad stack map offset %d", this_offset);
1987 return 0;
1988 }
1989 } else if (no_control_flow) {
1990 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1991 return 0;
1992 }
1993 return stackmap_index;
1994 }
1995
1996 // Since this method references the constant pool, call was_recursively_verified()
1997 // before calling this method to make sure a prior class load did not cause the
1998 // current class to get verified.
1999 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
2000 StackMapFrame* current_frame,
2001 StackMapTable* stackmap_table, TRAPS) {
2002 constantPoolHandle cp (THREAD, _method->constants());
2003 ExceptionTable exhandlers(_method());
2004 int exlength = exhandlers.length();
2005 for(int i = 0; i < exlength; i++) {
2006 u2 start_pc = exhandlers.start_pc(i);
2007 u2 end_pc = exhandlers.end_pc(i);
2008 u2 handler_pc = exhandlers.handler_pc(i);
2009 int catch_type_index = exhandlers.catch_type_index(i);
2010 if(bci >= start_pc && bci < end_pc) {
2011 u1 flags = current_frame->flags();
2012 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2013 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2014 if (catch_type_index != 0) {
2015 if (was_recursively_verified()) return;
2016 // We know that this index refers to a subclass of Throwable
2017 VerificationType catch_type = cp_index_to_type(
2018 catch_type_index, cp, CHECK_VERIFY(this));
2019 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2020 } else {
2021 VerificationType throwable =
2022 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2023 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2024 }
2025 ErrorContext ctx;
2026 bool matches = stackmap_table->match_stackmap(
2027 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2028 if (!matches) {
2029 verify_error(ctx, "Stack map does not match the one at "
2030 "exception handler %d", handler_pc);
2031 return;
2032 }
2033 }
2034 }
2035 }
2036
2037 void ClassVerifier::verify_cp_index(
2038 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2039 int nconstants = cp->length();
2040 if ((index <= 0) || (index >= nconstants)) {
2041 verify_error(ErrorContext::bad_cp_index(bci, index),
2042 "Illegal constant pool index %d in class %s",
2043 index, cp->pool_holder()->external_name());
2044 return;
2045 }
2046 }
2047
2048 void ClassVerifier::verify_cp_type(
2049 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2050
2051 // In some situations, bytecode rewriting may occur while we're verifying.
2052 // In this case, a constant pool cache exists and some indices refer to that
2053 // instead. Be sure we don't pick up such indices by accident.
2054 // We must check was_recursively_verified() before we get here.
2055 guarantee(cp->cache() == nullptr, "not rewritten yet");
2056
2057 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2058 unsigned int tag = cp->tag_at(index).value();
2059
2060 if ((types & (1 << tag)) == 0) {
2061 verify_error(ErrorContext::bad_cp_index(bci, index),
2062 "Illegal type at constant pool entry %d in class %s",
2063 index, cp->pool_holder()->external_name());
2064 return;
2065 }
2066 }
2067
2068 void ClassVerifier::verify_cp_class_type(
2069 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2070 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2071 constantTag tag = cp->tag_at(index);
2072 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2073 verify_error(ErrorContext::bad_cp_index(bci, index),
2074 "Illegal type at constant pool entry %d in class %s",
2075 index, cp->pool_holder()->external_name());
2076 return;
2077 }
2078 }
2079
2080 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2081 stringStream ss;
2082
2083 ctx.reset_frames();
2084 _exception_type = vmSymbols::java_lang_VerifyError();
2085 _error_context = ctx;
2086 va_list va;
2087 va_start(va, msg);
2088 ss.vprint(msg, va);
2089 va_end(va);
2090 _message = ss.as_string();
2091 #ifdef ASSERT
2092 ResourceMark rm;
2093 const char* exception_name = _exception_type->as_C_string();
2094 Exceptions::debug_check_abort(exception_name, nullptr);
2095 #endif // ndef ASSERT
2096 }
2097
2098 void ClassVerifier::class_format_error(const char* msg, ...) {
2099 stringStream ss;
2100 _exception_type = vmSymbols::java_lang_ClassFormatError();
2101 va_list va;
2102 va_start(va, msg);
2103 ss.vprint(msg, va);
2104 va_end(va);
2105 if (!_method.is_null()) {
2106 ss.print(" in method '");
2107 _method->print_external_name(&ss);
2108 ss.print("'");
2109 }
2110 _message = ss.as_string();
2111 }
2112
2113 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2114 HandleMark hm(THREAD);
2115 // Get current loader and protection domain first.
2116 oop loader = current_class()->class_loader();
2117 oop protection_domain = current_class()->protection_domain();
2118
2119 assert(name_in_supers(name, current_class()), "name should be a super class");
2120
2121 Klass* kls = SystemDictionary::resolve_or_fail(
2122 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2123 true, THREAD);
2124
2125 if (kls != nullptr) {
2126 if (log_is_enabled(Debug, class, resolve)) {
2127 Verifier::trace_class_resolution(kls, current_class());
2128 }
2129 }
2130 return kls;
2131 }
2132
2133 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2134 Klass* target_class,
2135 Symbol* field_name,
2136 Symbol* field_sig,
2137 bool is_method) {
2138 NoSafepointVerifier nosafepoint;
2139
2140 // If target class isn't a super class of this class, we don't worry about this case
2141 if (!this_class->is_subclass_of(target_class)) {
2142 return false;
2143 }
2144 // Check if the specified method or field is protected
2145 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2146 fieldDescriptor fd;
2147 if (is_method) {
2148 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2149 if (m != nullptr && m->is_protected()) {
2150 if (!this_class->is_same_class_package(m->method_holder())) {
2151 return true;
2152 }
2153 }
2154 } else {
2155 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2156 if (member_klass != nullptr && fd.is_protected()) {
2157 if (!this_class->is_same_class_package(member_klass)) {
2158 return true;
2159 }
2160 }
2161 }
2162 return false;
2163 }
2164
2165 void ClassVerifier::verify_ldc(
2166 int opcode, u2 index, StackMapFrame* current_frame,
2167 const constantPoolHandle& cp, int bci, TRAPS) {
2168 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2169 constantTag tag = cp->tag_at(index);
2170 unsigned int types = 0;
2171 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2172 if (!tag.is_unresolved_klass()) {
2173 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2174 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2175 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2176 | (1 << JVM_CONSTANT_Dynamic);
2177 // Note: The class file parser already verified the legality of
2178 // MethodHandle and MethodType constants.
2179 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2180 }
2181 } else {
2182 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2183 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2184 | (1 << JVM_CONSTANT_Dynamic);
2185 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2186 }
2187 if (tag.is_string()) {
2188 current_frame->push_stack(
2189 VerificationType::reference_type(
2190 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2191 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2192 current_frame->push_stack(
2193 VerificationType::reference_type(
2194 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2195 } else if (tag.is_int()) {
2196 current_frame->push_stack(
2197 VerificationType::integer_type(), CHECK_VERIFY(this));
2198 } else if (tag.is_float()) {
2199 current_frame->push_stack(
2200 VerificationType::float_type(), CHECK_VERIFY(this));
2201 } else if (tag.is_double()) {
2202 current_frame->push_stack_2(
2203 VerificationType::double_type(),
2204 VerificationType::double2_type(), CHECK_VERIFY(this));
2205 } else if (tag.is_long()) {
2206 current_frame->push_stack_2(
2207 VerificationType::long_type(),
2208 VerificationType::long2_type(), CHECK_VERIFY(this));
2209 } else if (tag.is_method_handle()) {
2210 current_frame->push_stack(
2211 VerificationType::reference_type(
2212 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2213 } else if (tag.is_method_type()) {
2214 current_frame->push_stack(
2215 VerificationType::reference_type(
2216 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2217 } else if (tag.is_dynamic_constant()) {
2218 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2219 // Field signature was checked in ClassFileParser.
2220 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2221 "Invalid type for dynamic constant");
2222 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2223 "buffer type must match VerificationType size");
2224 uintptr_t constant_type_buffer[2];
2225 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2226 SignatureStream sig_stream(constant_type, false);
2227 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2228 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2229 if (n != opcode_n) {
2230 // wrong kind of ldc; reverify against updated type mask
2231 types &= ~(1 << JVM_CONSTANT_Dynamic);
2232 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2233 }
2234 for (int i = 0; i < n; i++) {
2235 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2236 }
2237 } else {
2238 /* Unreachable? verify_cp_type has already validated the cp type. */
2239 verify_error(
2240 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2241 return;
2242 }
2243 }
2244
2245 void ClassVerifier::verify_switch(
2246 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2247 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2248 int bci = bcs->bci();
2249 address bcp = bcs->bcp();
2250 address aligned_bcp = align_up(bcp + 1, jintSize);
2251
2252 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2253 // 4639449 & 4647081: padding bytes must be 0
2254 u2 padding_offset = 1;
2255 while ((bcp + padding_offset) < aligned_bcp) {
2256 if(*(bcp + padding_offset) != 0) {
2257 verify_error(ErrorContext::bad_code(bci),
2258 "Nonzero padding byte in lookupswitch or tableswitch");
2259 return;
2260 }
2261 padding_offset++;
2262 }
2263 }
2264
2265 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2266 int keys, delta;
2267 current_frame->pop_stack(
2268 VerificationType::integer_type(), CHECK_VERIFY(this));
2269 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2270 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2271 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2272 if (low > high) {
2273 verify_error(ErrorContext::bad_code(bci),
2274 "low must be less than or equal to high in tableswitch");
2275 return;
2276 }
2277 int64_t keys64 = ((int64_t)high - low) + 1;
2278 if (keys64 > 65535) { // Max code length
2279 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2280 return;
2281 }
2282 keys = (int)keys64;
2283 delta = 1;
2284 } else {
2285 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2286 if (keys < 0) {
2287 verify_error(ErrorContext::bad_code(bci),
2288 "number of keys in lookupswitch less than 0");
2289 return;
2290 }
2291 delta = 2;
2292 // Make sure that the lookupswitch items are sorted
2293 for (int i = 0; i < (keys - 1); i++) {
2294 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2295 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2296 if (this_key >= next_key) {
2297 verify_error(ErrorContext::bad_code(bci),
2298 "Bad lookupswitch instruction");
2299 return;
2300 }
2301 }
2302 }
2303 int target = bci + default_offset;
2304 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2305 for (int i = 0; i < keys; i++) {
2306 // Because check_jump_target() may safepoint, the bytecode could have
2307 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2308 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2309 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2310 stackmap_table->check_jump_target(
2311 current_frame, target, CHECK_VERIFY(this));
2312 }
2313 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2314 }
2315
2316 bool ClassVerifier::name_in_supers(
2317 Symbol* ref_name, InstanceKlass* current) {
2318 Klass* super = current->super();
2319 while (super != nullptr) {
2320 if (super->name() == ref_name) {
2321 return true;
2322 }
2323 super = super->super();
2324 }
2325 return false;
2326 }
2327
2328 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2329 StackMapFrame* current_frame,
2330 const constantPoolHandle& cp,
2331 bool allow_arrays,
2332 TRAPS) {
2333 u2 index = bcs->get_index_u2();
2334 verify_cp_type(bcs->bci(), index, cp,
2335 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2336
2337 // Get field name and signature
2338 Symbol* field_name = cp->uncached_name_ref_at(index);
2339 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2340 bool is_getfield = false;
2341
2342 // Field signature was checked in ClassFileParser.
2343 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2344 "Invalid field signature");
2345
2346 // Get referenced class type
2347 VerificationType ref_class_type = cp_ref_index_to_type(
2348 index, cp, CHECK_VERIFY(this));
2349 if (!ref_class_type.is_object() &&
2350 (!allow_arrays || !ref_class_type.is_array())) {
2351 verify_error(ErrorContext::bad_type(bcs->bci(),
2352 TypeOrigin::cp(index, ref_class_type)),
2353 "Expecting reference to class in class %s at constant pool index %d",
2354 _klass->external_name(), index);
2355 return;
2356 }
2357
2358 VerificationType target_class_type = ref_class_type;
2359
2360 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2361 "buffer type must match VerificationType size");
2362 uintptr_t field_type_buffer[2];
2363 VerificationType* field_type = (VerificationType*)field_type_buffer;
2364 // If we make a VerificationType[2] array directly, the compiler calls
2365 // to the c-runtime library to do the allocation instead of just
2366 // stack allocating it. Plus it would run constructors. This shows up
2367 // in performance profiles.
2368
2369 SignatureStream sig_stream(field_sig, false);
2370 VerificationType stack_object_type;
2371 int n = change_sig_to_verificationType(&sig_stream, field_type);
2372 int bci = bcs->bci();
2373 bool is_assignable;
2374 switch (bcs->raw_code()) {
2375 case Bytecodes::_getstatic: {
2376 for (int i = 0; i < n; i++) {
2377 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2378 }
2379 break;
2380 }
2381 case Bytecodes::_putstatic: {
2382 for (int i = n - 1; i >= 0; i--) {
2383 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2384 }
2385 break;
2386 }
2387 case Bytecodes::_getfield: {
2388 is_getfield = true;
2389 stack_object_type = current_frame->pop_stack(
2390 target_class_type, CHECK_VERIFY(this));
2391 goto check_protected;
2392 }
2393 case Bytecodes::_putfield: {
2394 for (int i = n - 1; i >= 0; i--) {
2395 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2396 }
2397 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2398
2399 // Field initialization is allowed before the superclass
2400 // initializer, if the field is defined within the current class.
2401 fieldDescriptor fd;
2402 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2403 target_class_type.equals(current_type());
2404 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2405 if (is_local_field) {
2406 // Set the type to the current type so the is_assignable check passes.
2407 stack_object_type = current_type();
2408 }
2409 } else if (supports_strict_fields(_klass)) {
2410 // `strict` fields are not writable, but only local fields produce verification errors
2411 if (is_local_field && fd.access_flags().is_strict()) {
2412 verify_error(ErrorContext::bad_code(bci),
2413 "Illegal use of putfield on a strict field");
2414 return;
2415 }
2416 }
2417 is_assignable = target_class_type.is_assignable_from(
2418 stack_object_type, this, false, CHECK_VERIFY(this));
2419 if (!is_assignable) {
2420 verify_error(ErrorContext::bad_type(bci,
2421 current_frame->stack_top_ctx(),
2422 TypeOrigin::cp(index, target_class_type)),
2423 "Bad type on operand stack in putfield");
2424 return;
2425 }
2426 }
2427 check_protected: {
2428 if (_this_type == stack_object_type)
2429 break; // stack_object_type must be assignable to _current_class_type
2430 if (was_recursively_verified()) {
2431 if (is_getfield) {
2432 // Push field type for getfield.
2433 for (int i = 0; i < n; i++) {
2434 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2435 }
2436 }
2437 return;
2438 }
2439 Symbol* ref_class_name =
2440 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2441 if (!name_in_supers(ref_class_name, current_class()))
2442 // stack_object_type must be assignable to _current_class_type since:
2443 // 1. stack_object_type must be assignable to ref_class.
2444 // 2. ref_class must be _current_class or a subclass of it. It can't
2445 // be a superclass of it. See revised JVMS 5.4.4.
2446 break;
2447
2448 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2449 if (is_protected_access(current_class(), ref_class_oop, field_name,
2450 field_sig, false)) {
2451 // It's protected access, check if stack object is assignable to
2452 // current class.
2453 is_assignable = current_type().is_assignable_from(
2454 stack_object_type, this, true, CHECK_VERIFY(this));
2455 if (!is_assignable) {
2456 verify_error(ErrorContext::bad_type(bci,
2457 current_frame->stack_top_ctx(),
2458 TypeOrigin::implicit(current_type())),
2459 "Bad access to protected data in %s",
2460 is_getfield ? "getfield" : "putfield");
2461 return;
2462 }
2463 }
2464 break;
2465 }
2466 default: ShouldNotReachHere();
2467 }
2468 if (is_getfield) {
2469 // Push field type for getfield after doing protection check.
2470 for (int i = 0; i < n; i++) {
2471 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2472 }
2473 }
2474 }
2475
2476 // Look at the method's handlers. If the bci is in the handler's try block
2477 // then check if the handler_pc is already on the stack. If not, push it
2478 // unless the handler has already been scanned.
2479 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2480 GrowableArray<u4>* handler_list,
2481 GrowableArray<u4>* handler_stack,
2482 u4 bci) {
2483 int exlength = exhandlers->length();
2484 for(int x = 0; x < exlength; x++) {
2485 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2486 u4 exhandler_pc = exhandlers->handler_pc(x);
2487 if (!handler_list->contains(exhandler_pc)) {
2488 handler_stack->append_if_missing(exhandler_pc);
2489 handler_list->append(exhandler_pc);
2490 }
2491 }
2492 }
2493 }
2494
2495 // Return TRUE if all code paths starting with start_bc_offset end in
2496 // bytecode athrow or loop.
2497 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2498 ResourceMark rm;
2499 // Create bytecode stream.
2500 RawBytecodeStream bcs(method());
2501 int code_length = method()->code_size();
2502 bcs.set_start(start_bc_offset);
2503
2504 // Create stack for storing bytecode start offsets for if* and *switch.
2505 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2506 // Create stack for handlers for try blocks containing this handler.
2507 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2508 // Create list of handlers that have been pushed onto the handler_stack
2509 // so that handlers embedded inside of their own TRY blocks only get
2510 // scanned once.
2511 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2512 // Create list of visited branch opcodes (goto* and if*).
2513 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2514 ExceptionTable exhandlers(_method());
2515
2516 while (true) {
2517 if (bcs.is_last_bytecode()) {
2518 // if no more starting offsets to parse or if at the end of the
2519 // method then return false.
2520 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2521 return false;
2522 // Pop a bytecode starting offset and scan from there.
2523 bcs.set_start(bci_stack->pop());
2524 }
2525 Bytecodes::Code opcode = bcs.raw_next();
2526 int bci = bcs.bci();
2527
2528 // If the bytecode is in a TRY block, push its handlers so they
2529 // will get parsed.
2530 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2531
2532 switch (opcode) {
2533 case Bytecodes::_if_icmpeq:
2534 case Bytecodes::_if_icmpne:
2535 case Bytecodes::_if_icmplt:
2536 case Bytecodes::_if_icmpge:
2537 case Bytecodes::_if_icmpgt:
2538 case Bytecodes::_if_icmple:
2539 case Bytecodes::_ifeq:
2540 case Bytecodes::_ifne:
2541 case Bytecodes::_iflt:
2542 case Bytecodes::_ifge:
2543 case Bytecodes::_ifgt:
2544 case Bytecodes::_ifle:
2545 case Bytecodes::_if_acmpeq:
2546 case Bytecodes::_if_acmpne:
2547 case Bytecodes::_ifnull:
2548 case Bytecodes::_ifnonnull: {
2549 int target = bcs.dest();
2550 if (visited_branches->contains(bci)) {
2551 if (bci_stack->is_empty()) {
2552 if (handler_stack->is_empty()) {
2553 return true;
2554 } else {
2555 // Parse the catch handlers for try blocks containing athrow.
2556 bcs.set_start(handler_stack->pop());
2557 }
2558 } else {
2559 // Pop a bytecode starting offset and scan from there.
2560 bcs.set_start(bci_stack->pop());
2561 }
2562 } else {
2563 if (target > bci) { // forward branch
2564 if (target >= code_length) return false;
2565 // Push the branch target onto the stack.
2566 bci_stack->push(target);
2567 // then, scan bytecodes starting with next.
2568 bcs.set_start(bcs.next_bci());
2569 } else { // backward branch
2570 // Push bytecode offset following backward branch onto the stack.
2571 bci_stack->push(bcs.next_bci());
2572 // Check bytecodes starting with branch target.
2573 bcs.set_start(target);
2574 }
2575 // Record target so we don't branch here again.
2576 visited_branches->append(bci);
2577 }
2578 break;
2579 }
2580
2581 case Bytecodes::_goto:
2582 case Bytecodes::_goto_w: {
2583 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2584 if (visited_branches->contains(bci)) {
2585 if (bci_stack->is_empty()) {
2586 if (handler_stack->is_empty()) {
2587 return true;
2588 } else {
2589 // Parse the catch handlers for try blocks containing athrow.
2590 bcs.set_start(handler_stack->pop());
2591 }
2592 } else {
2593 // Been here before, pop new starting offset from stack.
2594 bcs.set_start(bci_stack->pop());
2595 }
2596 } else {
2597 if (target >= code_length) return false;
2598 // Continue scanning from the target onward.
2599 bcs.set_start(target);
2600 // Record target so we don't branch here again.
2601 visited_branches->append(bci);
2602 }
2603 break;
2604 }
2605
2606 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2607 // is difficult to determine where each switch alternative ends, parse
2608 // each switch alternative until either hit a 'return', 'athrow', or reach
2609 // the end of the method's bytecodes. This is gross but should be okay
2610 // because:
2611 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2612 // constructor invocations should be rare.
2613 // 2. if each switch alternative ends in an athrow then the parsing should be
2614 // short. If there is no athrow then it is bogus code, anyway.
2615 case Bytecodes::_lookupswitch:
2616 case Bytecodes::_tableswitch:
2617 {
2618 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2619 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2620 int keys, delta;
2621 if (opcode == Bytecodes::_tableswitch) {
2622 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2623 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2624 // This is invalid, but let the regular bytecode verifier
2625 // report this because the user will get a better error message.
2626 if (low > high) return true;
2627 keys = high - low + 1;
2628 delta = 1;
2629 } else {
2630 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2631 delta = 2;
2632 }
2633 // Invalid, let the regular bytecode verifier deal with it.
2634 if (keys < 0) return true;
2635
2636 // Push the offset of the next bytecode onto the stack.
2637 bci_stack->push(bcs.next_bci());
2638
2639 // Push the switch alternatives onto the stack.
2640 for (int i = 0; i < keys; i++) {
2641 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2642 if (target > code_length) return false;
2643 bci_stack->push(target);
2644 }
2645
2646 // Start bytecode parsing for the switch at the default alternative.
2647 if (default_offset > code_length) return false;
2648 bcs.set_start(default_offset);
2649 break;
2650 }
2651
2652 case Bytecodes::_return:
2653 return false;
2654
2655 case Bytecodes::_athrow:
2656 {
2657 if (bci_stack->is_empty()) {
2658 if (handler_stack->is_empty()) {
2659 return true;
2660 } else {
2661 // Parse the catch handlers for try blocks containing athrow.
2662 bcs.set_start(handler_stack->pop());
2663 }
2664 } else {
2665 // Pop a bytecode offset and starting scanning from there.
2666 bcs.set_start(bci_stack->pop());
2667 }
2668 }
2669 break;
2670
2671 default:
2672 ;
2673 } // end switch
2674 } // end while loop
2675
2676 return false;
2677 }
2678
2679 void ClassVerifier::verify_invoke_init(
2680 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2681 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2682 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2683 TRAPS) {
2684 int bci = bcs->bci();
2685 VerificationType type = current_frame->pop_stack(
2686 VerificationType::reference_check(), CHECK_VERIFY(this));
2687 if (type == VerificationType::uninitialized_this_type()) {
2688 // The method must be an <init> method of this class or its superclass
2689 Klass* superk = current_class()->super();
2690 if (ref_class_type.name() != current_class()->name() &&
2691 ref_class_type.name() != superk->name()) {
2692 verify_error(ErrorContext::bad_type(bci,
2693 TypeOrigin::implicit(ref_class_type),
2694 TypeOrigin::implicit(current_type())),
2695 "Bad <init> method call");
2696 return;
2697 }
2698
2699 // If this invokespecial call is done from inside of a TRY block then make
2700 // sure that all catch clause paths end in a throw. Otherwise, this can
2701 // result in returning an incomplete object.
2702 if (in_try_block) {
2703 ExceptionTable exhandlers(_method());
2704 int exlength = exhandlers.length();
2705 for(int i = 0; i < exlength; i++) {
2706 u2 start_pc = exhandlers.start_pc(i);
2707 u2 end_pc = exhandlers.end_pc(i);
2708
2709 if (bci >= start_pc && bci < end_pc) {
2710 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2711 verify_error(ErrorContext::bad_code(bci),
2712 "Bad <init> method call from after the start of a try block");
2713 return;
2714 } else if (log_is_enabled(Debug, verification)) {
2715 ResourceMark rm(THREAD);
2716 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2717 current_class()->name()->as_C_string());
2718 }
2719 }
2720 }
2721
2722 // Check the exception handler target stackmaps with the locals from the
2723 // incoming stackmap (before initialize_object() changes them to outgoing
2724 // state).
2725 if (was_recursively_verified()) return;
2726 verify_exception_handler_targets(bci, true, current_frame,
2727 stackmap_table, CHECK_VERIFY(this));
2728 } // in_try_block
2729
2730 current_frame->initialize_object(type, current_type());
2731 *this_uninit = true;
2732 } else if (type.is_uninitialized()) {
2733 u2 new_offset = type.bci();
2734 address new_bcp = bcs->bcp() - bci + new_offset;
2735 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2736 /* Unreachable? Stack map parsing ensures valid type and new
2737 * instructions have a valid BCI. */
2738 verify_error(ErrorContext::bad_code(new_offset),
2739 "Expecting new instruction");
2740 return;
2741 }
2742 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2743 if (was_recursively_verified()) return;
2744 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2745
2746 // The method must be an <init> method of the indicated class
2747 VerificationType new_class_type = cp_index_to_type(
2748 new_class_index, cp, CHECK_VERIFY(this));
2749 if (!new_class_type.equals(ref_class_type)) {
2750 verify_error(ErrorContext::bad_type(bci,
2751 TypeOrigin::cp(new_class_index, new_class_type),
2752 TypeOrigin::cp(ref_class_index, ref_class_type)),
2753 "Call to wrong <init> method");
2754 return;
2755 }
2756 // According to the VM spec, if the referent class is a superclass of the
2757 // current class, and is in a different runtime package, and the method is
2758 // protected, then the objectref must be the current class or a subclass
2759 // of the current class.
2760 VerificationType objectref_type = new_class_type;
2761 if (name_in_supers(ref_class_type.name(), current_class())) {
2762 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2763 if (was_recursively_verified()) return;
2764 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2765 vmSymbols::object_initializer_name(),
2766 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2767 Klass::OverpassLookupMode::find);
2768 // Do nothing if method is not found. Let resolution detect the error.
2769 if (m != nullptr) {
2770 InstanceKlass* mh = m->method_holder();
2771 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2772 bool assignable = current_type().is_assignable_from(
2773 objectref_type, this, true, CHECK_VERIFY(this));
2774 if (!assignable) {
2775 verify_error(ErrorContext::bad_type(bci,
2776 TypeOrigin::cp(new_class_index, objectref_type),
2777 TypeOrigin::implicit(current_type())),
2778 "Bad access to protected <init> method");
2779 return;
2780 }
2781 }
2782 }
2783 }
2784 // Check the exception handler target stackmaps with the locals from the
2785 // incoming stackmap (before initialize_object() changes them to outgoing
2786 // state).
2787 if (in_try_block) {
2788 if (was_recursively_verified()) return;
2789 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2790 stackmap_table, CHECK_VERIFY(this));
2791 }
2792 current_frame->initialize_object(type, new_class_type);
2793 } else {
2794 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2795 "Bad operand type when invoking <init>");
2796 return;
2797 }
2798 }
2799
2800 bool ClassVerifier::is_same_or_direct_interface(
2801 InstanceKlass* klass,
2802 VerificationType klass_type,
2803 VerificationType ref_class_type) {
2804 if (ref_class_type.equals(klass_type)) return true;
2805 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2806 if (local_interfaces != nullptr) {
2807 for (int x = 0; x < local_interfaces->length(); x++) {
2808 InstanceKlass* k = local_interfaces->at(x);
2809 assert (k != nullptr && k->is_interface(), "invalid interface");
2810 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2811 return true;
2812 }
2813 }
2814 }
2815 return false;
2816 }
2817
2818 void ClassVerifier::verify_invoke_instructions(
2819 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2820 bool in_try_block, bool *this_uninit,
2821 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2822 // Make sure the constant pool item is the right type
2823 u2 index = bcs->get_index_u2();
2824 Bytecodes::Code opcode = bcs->raw_code();
2825 unsigned int types = 0;
2826 switch (opcode) {
2827 case Bytecodes::_invokeinterface:
2828 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2829 break;
2830 case Bytecodes::_invokedynamic:
2831 types = 1 << JVM_CONSTANT_InvokeDynamic;
2832 break;
2833 case Bytecodes::_invokespecial:
2834 case Bytecodes::_invokestatic:
2835 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2836 (1 << JVM_CONSTANT_Methodref) :
2837 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2838 break;
2839 default:
2840 types = 1 << JVM_CONSTANT_Methodref;
2841 }
2842 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2843
2844 // Get method name and signature
2845 Symbol* method_name = cp->uncached_name_ref_at(index);
2846 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2847
2848 // Method signature was checked in ClassFileParser.
2849 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2850 "Invalid method signature");
2851
2852 // Get referenced class
2853 VerificationType ref_class_type;
2854 if (opcode == Bytecodes::_invokedynamic) {
2855 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2856 class_format_error(
2857 "invokedynamic instructions not supported by this class file version (%d), class %s",
2858 _klass->major_version(), _klass->external_name());
2859 return;
2860 }
2861 } else {
2862 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2863 }
2864
2865 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2866 "buffer type must match VerificationType size");
2867
2868 // Get the UTF8 index for this signature.
2869 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2870
2871 // Get the signature's verification types.
2872 sig_as_verification_types* mth_sig_verif_types;
2873 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2874 if (mth_sig_verif_types_ptr != nullptr) {
2875 // Found the entry for the signature's verification types in the hash table.
2876 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2877 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2878 } else {
2879 // Not found, add the entry to the table.
2880 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2881 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2882 create_method_sig_entry(mth_sig_verif_types, sig_index);
2883 }
2884
2885 // Get the number of arguments for this signature.
2886 int nargs = mth_sig_verif_types->num_args();
2887
2888 // Check instruction operands
2889 int bci = bcs->bci();
2890 if (opcode == Bytecodes::_invokeinterface) {
2891 address bcp = bcs->bcp();
2892 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2893 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2894 // the difference between the size of the operand stack before and after the instruction
2895 // executes.
2896 if (*(bcp+3) != (nargs+1)) {
2897 verify_error(ErrorContext::bad_code(bci),
2898 "Inconsistent args count operand in invokeinterface");
2899 return;
2900 }
2901 if (*(bcp+4) != 0) {
2902 verify_error(ErrorContext::bad_code(bci),
2903 "Fourth operand byte of invokeinterface must be zero");
2904 return;
2905 }
2906 }
2907
2908 if (opcode == Bytecodes::_invokedynamic) {
2909 address bcp = bcs->bcp();
2910 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2911 verify_error(ErrorContext::bad_code(bci),
2912 "Third and fourth operand bytes of invokedynamic must be zero");
2913 return;
2914 }
2915 }
2916
2917 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2918 // Make sure:
2919 // <init> can only be invoked by invokespecial.
2920 if (opcode != Bytecodes::_invokespecial ||
2921 method_name != vmSymbols::object_initializer_name()) {
2922 verify_error(ErrorContext::bad_code(bci),
2923 "Illegal call to internal method");
2924 return;
2925 }
2926 } else if (opcode == Bytecodes::_invokespecial
2927 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2928 && !ref_class_type.equals(VerificationType::reference_type(
2929 current_class()->super()->name()))) { // super() can never be an inline_type.
2930 bool subtype = false;
2931 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2932 subtype = ref_class_type.is_assignable_from(
2933 current_type(), this, false, CHECK_VERIFY(this));
2934 if (!subtype) {
2935 verify_error(ErrorContext::bad_code(bci),
2936 "Bad invokespecial instruction: "
2937 "current class isn't assignable to reference class.");
2938 return;
2939 } else if (have_imr_indirect) {
2940 verify_error(ErrorContext::bad_code(bci),
2941 "Bad invokespecial instruction: "
2942 "interface method reference is in an indirect superinterface.");
2943 return;
2944 }
2945
2946 }
2947
2948 // Get the verification types for the method's arguments.
2949 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2950 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2951 // Match method descriptor with operand stack
2952 // The arguments are on the stack in descending order.
2953 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2954 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2955 }
2956
2957 // Check objectref on operand stack
2958 if (opcode != Bytecodes::_invokestatic &&
2959 opcode != Bytecodes::_invokedynamic) {
2960 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2961 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2962 code_length, in_try_block, this_uninit, cp, stackmap_table,
2963 CHECK_VERIFY(this));
2964 if (was_recursively_verified()) return;
2965 } else { // other methods
2966 // Ensures that target class is assignable to method class.
2967 if (opcode == Bytecodes::_invokespecial) {
2968 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2969 } else if (opcode == Bytecodes::_invokevirtual) {
2970 VerificationType stack_object_type =
2971 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2972 if (current_type() != stack_object_type) {
2973 if (was_recursively_verified()) return;
2974 assert(cp->cache() == nullptr, "not rewritten yet");
2975 Symbol* ref_class_name =
2976 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2977 // See the comments in verify_field_instructions() for
2978 // the rationale behind this.
2979 if (name_in_supers(ref_class_name, current_class())) {
2980 Klass* ref_class = load_class(ref_class_name, CHECK);
2981 if (is_protected_access(
2982 _klass, ref_class, method_name, method_sig, true)) {
2983 // It's protected access, check if stack object is
2984 // assignable to current class.
2985 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2986 && stack_object_type.is_array()
2987 && method_name == vmSymbols::clone_name()) {
2988 // Special case: arrays pretend to implement public Object
2989 // clone().
2990 } else {
2991 bool is_assignable = current_type().is_assignable_from(
2992 stack_object_type, this, true, CHECK_VERIFY(this));
2993 if (!is_assignable) {
2994 verify_error(ErrorContext::bad_type(bci,
2995 current_frame->stack_top_ctx(),
2996 TypeOrigin::implicit(current_type())),
2997 "Bad access to protected data in invokevirtual");
2998 return;
2999 }
3000 }
3001 }
3002 }
3003 }
3004 } else {
3005 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3006 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3007 }
3008 }
3009 }
3010 // Push the result type.
3011 int sig_verif_types_len = sig_verif_types->length();
3012 if (sig_verif_types_len > nargs) { // There's a return type
3013 if (method_name == vmSymbols::object_initializer_name()) {
3014 // an <init> method must have a void return type
3015 verify_error(ErrorContext::bad_code(bci),
3016 "Return type must be void in <init> method");
3017 return;
3018 }
3019
3020 assert(sig_verif_types_len <= nargs + 2,
3021 "Signature verification types array return type is bogus");
3022 for (int i = nargs; i < sig_verif_types_len; i++) {
3023 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3024 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3025 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3026 }
3027 }
3028 }
3029
3030 VerificationType ClassVerifier::get_newarray_type(
3031 u2 index, int bci, TRAPS) {
3032 const char* from_bt[] = {
3033 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3034 };
3035 if (index < T_BOOLEAN || index > T_LONG) {
3036 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3037 return VerificationType::bogus_type();
3038 }
3039
3040 // from_bt[index] contains the array signature which has a length of 2
3041 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3042 return VerificationType::reference_type(sig);
3043 }
3044
3045 void ClassVerifier::verify_anewarray(
3046 int bci, u2 index, const constantPoolHandle& cp,
3047 StackMapFrame* current_frame, TRAPS) {
3048 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3049 current_frame->pop_stack(
3050 VerificationType::integer_type(), CHECK_VERIFY(this));
3051
3052 if (was_recursively_verified()) return;
3053 VerificationType component_type =
3054 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3055 int length;
3056 char* arr_sig_str;
3057 if (component_type.is_array()) { // it's an array
3058 const char* component_name = component_type.name()->as_utf8();
3059 // Check for more than MAX_ARRAY_DIMENSIONS
3060 length = (int)strlen(component_name);
3061 if (length > MAX_ARRAY_DIMENSIONS &&
3062 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3063 verify_error(ErrorContext::bad_code(bci),
3064 "Illegal anewarray instruction, array has more than 255 dimensions");
3065 }
3066 // add one dimension to component
3067 length++;
3068 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3069 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3070 JVM_SIGNATURE_ARRAY, component_name);
3071 assert(n == length, "Unexpected number of characters in string");
3072 } else { // it's an object or interface
3073 const char* component_name = component_type.name()->as_utf8();
3074 // add one dimension to component with 'L' prepended and ';' postpended.
3075 length = (int)strlen(component_name) + 3;
3076 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3077 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3078 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3079 assert(n == length, "Unexpected number of characters in string");
3080 }
3081 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3082 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3083 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3084 }
3085
3086 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3087 current_frame->get_local(
3088 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3089 current_frame->push_stack(
3090 VerificationType::integer_type(), CHECK_VERIFY(this));
3091 }
3092
3093 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3094 current_frame->get_local_2(
3095 index, VerificationType::long_type(),
3096 VerificationType::long2_type(), CHECK_VERIFY(this));
3097 current_frame->push_stack_2(
3098 VerificationType::long_type(),
3099 VerificationType::long2_type(), CHECK_VERIFY(this));
3100 }
3101
3102 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3103 current_frame->get_local(
3104 index, VerificationType::float_type(), CHECK_VERIFY(this));
3105 current_frame->push_stack(
3106 VerificationType::float_type(), CHECK_VERIFY(this));
3107 }
3108
3109 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3110 current_frame->get_local_2(
3111 index, VerificationType::double_type(),
3112 VerificationType::double2_type(), CHECK_VERIFY(this));
3113 current_frame->push_stack_2(
3114 VerificationType::double_type(),
3115 VerificationType::double2_type(), CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3119 VerificationType type = current_frame->get_local(
3120 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3121 current_frame->push_stack(type, CHECK_VERIFY(this));
3122 }
3123
3124 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3125 current_frame->pop_stack(
3126 VerificationType::integer_type(), CHECK_VERIFY(this));
3127 current_frame->set_local(
3128 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3129 }
3130
3131 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3132 current_frame->pop_stack_2(
3133 VerificationType::long2_type(),
3134 VerificationType::long_type(), CHECK_VERIFY(this));
3135 current_frame->set_local_2(
3136 index, VerificationType::long_type(),
3137 VerificationType::long2_type(), CHECK_VERIFY(this));
3138 }
3139
3140 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3141 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3142 current_frame->set_local(
3143 index, VerificationType::float_type(), CHECK_VERIFY(this));
3144 }
3145
3146 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3147 current_frame->pop_stack_2(
3148 VerificationType::double2_type(),
3149 VerificationType::double_type(), CHECK_VERIFY(this));
3150 current_frame->set_local_2(
3151 index, VerificationType::double_type(),
3152 VerificationType::double2_type(), CHECK_VERIFY(this));
3153 }
3154
3155 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3156 VerificationType type = current_frame->pop_stack(
3157 VerificationType::reference_check(), CHECK_VERIFY(this));
3158 current_frame->set_local(index, type, CHECK_VERIFY(this));
3159 }
3160
3161 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3162 VerificationType type = current_frame->get_local(
3163 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3164 current_frame->set_local(index, type, CHECK_VERIFY(this));
3165 }
3166
3167 void ClassVerifier::verify_return_value(
3168 VerificationType return_type, VerificationType type, int bci,
3169 StackMapFrame* current_frame, TRAPS) {
3170 if (return_type == VerificationType::bogus_type()) {
3171 verify_error(ErrorContext::bad_type(bci,
3172 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3173 "Method does not expect a return value");
3174 return;
3175 }
3176 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3177 if (!match) {
3178 verify_error(ErrorContext::bad_type(bci,
3179 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3180 "Bad return type");
3181 return;
3182 }
3183 }
3184
3185 // The verifier creates symbols which are substrings of Symbols.
3186 // These are stored in the verifier until the end of verification so that
3187 // they can be reference counted.
3188 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3189 // Quick deduplication check
3190 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3191 return _previous_symbol;
3192 }
3193 Symbol* sym = SymbolTable::new_symbol(name, length);
3194 if (!sym->is_permanent()) {
3195 if (_symbols == nullptr) {
3196 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3197 }
3198 _symbols->push(sym);
3199 }
3200 _previous_symbol = sym;
3201 return sym;
3202 }