1 /*
2 * Copyright (c) 1998, 2024, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 *
23 */
24
25 #include "precompiled.hpp"
26 #include "cds/cdsConfig.hpp"
27 #include "classfile/classFileStream.hpp"
28 #include "classfile/classLoader.hpp"
29 #include "classfile/javaClasses.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapFrame.hpp"
32 #include "classfile/stackMapTableFormat.hpp"
33 #include "classfile/symbolTable.hpp"
34 #include "classfile/systemDictionary.hpp"
35 #include "classfile/systemDictionaryShared.hpp"
36 #include "classfile/verifier.hpp"
37 #include "classfile/vmClasses.hpp"
38 #include "classfile/vmSymbols.hpp"
39 #include "interpreter/bytecodes.hpp"
40 #include "interpreter/bytecodeStream.hpp"
41 #include "jvm.h"
42 #include "logging/log.hpp"
43 #include "logging/logStream.hpp"
44 #include "memory/oopFactory.hpp"
45 #include "memory/resourceArea.hpp"
46 #include "memory/universe.hpp"
47 #include "oops/constantPool.inline.hpp"
48 #include "oops/instanceKlass.inline.hpp"
49 #include "oops/klass.inline.hpp"
50 #include "oops/oop.inline.hpp"
51 #include "oops/typeArrayOop.hpp"
52 #include "runtime/arguments.hpp"
53 #include "runtime/fieldDescriptor.hpp"
54 #include "runtime/handles.inline.hpp"
55 #include "runtime/interfaceSupport.inline.hpp"
56 #include "runtime/javaCalls.hpp"
57 #include "runtime/javaThread.hpp"
58 #include "runtime/jniHandles.inline.hpp"
59 #include "runtime/os.hpp"
60 #include "runtime/safepointVerifiers.hpp"
61 #include "services/threadService.hpp"
62 #include "utilities/align.hpp"
63 #include "utilities/bytes.hpp"
64
65 #define NOFAILOVER_MAJOR_VERSION 51
66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
68 #define INLINE_TYPE_MAJOR_VERSION 56
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
89 // Load verify dll
90 char buffer[JVM_MAXPATHLEN];
91 char ebuf[1024];
92 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify"))
93 return nullptr; // Caller will throw VerifyError
94
95 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf));
96 if (lib_handle == nullptr)
97 return nullptr; // Caller will throw VerifyError
98
99 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion");
100 if (fn == nullptr)
101 return nullptr; // Caller will throw VerifyError
102
103 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn);
104 }
105
106
107 // Methods in Verifier
108
109 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) {
110 return (class_loader == nullptr || !should_verify_class) ?
111 BytecodeVerificationLocal : BytecodeVerificationRemote;
112 }
113
114 bool Verifier::relax_access_for(oop loader) {
115 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader);
116 bool need_verify =
117 // verifyAll
118 (BytecodeVerificationLocal && BytecodeVerificationRemote) ||
119 // verifyRemote
120 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted);
121 return !need_verify;
122 }
123
124 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) {
125 assert(verify_class != nullptr, "Unexpected null verify_class");
126 ResourceMark rm;
127 Symbol* s = verify_class->source_file_name();
128 const char* source_file = (s != nullptr ? s->as_C_string() : nullptr);
129 const char* verify = verify_class->external_name();
130 const char* resolve = resolve_class->external_name();
131 // print in a single call to reduce interleaving between threads
132 if (source_file != nullptr) {
133 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file);
134 } else {
135 log_debug(class, resolve)("%s %s (verification)", verify, resolve);
136 }
137 }
138
139 // Prints the end-verification message to the appropriate output.
140 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) {
141 if (pending_exception != nullptr) {
142 st->print("Verification for %s has", klassName);
143 oop message = java_lang_Throwable::message(pending_exception);
144 if (message != nullptr) {
145 char* ex_msg = java_lang_String::as_utf8_string(message);
146 st->print_cr(" exception pending '%s %s'",
147 pending_exception->klass()->external_name(), ex_msg);
148 } else {
149 st->print_cr(" exception pending %s ",
150 pending_exception->klass()->external_name());
151 }
152 } else if (exception_name != nullptr) {
153 st->print_cr("Verification for %s failed", klassName);
154 }
155 st->print_cr("End class verification for: %s", klassName);
156 }
157
158 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) {
159 HandleMark hm(THREAD);
160 ResourceMark rm(THREAD);
161
162 // Eagerly allocate the identity hash code for a klass. This is a fallout
163 // from 6320749 and 8059924: hash code generator is not supposed to be called
164 // during the safepoint, but it allows to sneak the hashcode in during
165 // verification. Without this eager hashcode generation, we may end up
166 // installing the hashcode during some other operation, which may be at
167 // safepoint -- blowing up the checks. It was previously done as the side
168 // effect (sic!) for external_name(), but instead of doing that, we opt to
169 // explicitly push the hashcode in here. This is signify the following block
170 // is IMPORTANT:
171 if (klass->java_mirror() != nullptr) {
172 klass->java_mirror()->identity_hash();
173 }
174
175 if (!is_eligible_for_verification(klass, should_verify_class)) {
176 return true;
177 }
178
179 // Timer includes any side effects of class verification (resolution,
180 // etc), but not recursive calls to Verifier::verify().
181 JavaThread* jt = THREAD;
182 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(),
183 ClassLoader::perf_class_verify_selftime(),
184 ClassLoader::perf_classes_verified(),
185 jt->get_thread_stat()->perf_recursion_counts_addr(),
186 jt->get_thread_stat()->perf_timers_addr(),
187 PerfClassTraceTime::CLASS_VERIFY);
188
189 // If the class should be verified, first see if we can use the split
190 // verifier. If not, or if verification fails and can failover, then
191 // call the inference verifier.
192 Symbol* exception_name = nullptr;
193 const size_t message_buffer_len = klass->name()->utf8_length() + 1024;
194 char* message_buffer = nullptr;
195 char* exception_message = nullptr;
196
197 log_info(class, init)("Start class verification for: %s", klass->external_name());
198 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) {
199 ClassVerifier split_verifier(jt, klass);
200 // We don't use CHECK here, or on inference_verify below, so that we can log any exception.
201 split_verifier.verify_class(THREAD);
202 exception_name = split_verifier.result();
203
204 // If dumping static archive then don't fall back to the old verifier on
205 // verification failure. If a class fails verification with the split verifier,
206 // it might fail the CDS runtime verifier constraint check. In that case, we
207 // don't want to share the class. We only archive classes that pass the split
208 // verifier.
209 bool can_failover = !CDSConfig::is_dumping_static_archive() &&
210 klass->major_version() < NOFAILOVER_MAJOR_VERSION;
211
212 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure
213 (exception_name == vmSymbols::java_lang_VerifyError() ||
214 exception_name == vmSymbols::java_lang_ClassFormatError())) {
215 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name());
216 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name());
217 // Exclude any classes that fail over during dynamic dumping
218 if (CDSConfig::is_dumping_dynamic_archive()) {
219 SystemDictionaryShared::warn_excluded(klass, "Failed over class verification while dynamic dumping");
220 SystemDictionaryShared::set_excluded(klass);
221 }
222 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
223 exception_message = message_buffer;
224 exception_name = inference_verify(
225 klass, message_buffer, message_buffer_len, THREAD);
226 }
227 if (exception_name != nullptr) {
228 exception_message = split_verifier.exception_message();
229 }
230 } else {
231 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len);
232 exception_message = message_buffer;
233 exception_name = inference_verify(
234 klass, message_buffer, message_buffer_len, THREAD);
235 }
236
237 LogTarget(Info, class, init) lt1;
238 if (lt1.is_enabled()) {
239 LogStream ls(lt1);
240 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
241 }
242 LogTarget(Info, verification) lt2;
243 if (lt2.is_enabled()) {
244 LogStream ls(lt2);
245 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION);
246 }
247
248 if (HAS_PENDING_EXCEPTION) {
249 return false; // use the existing exception
250 } else if (exception_name == nullptr) {
251 return true; // verification succeeded
252 } else { // VerifyError or ClassFormatError to be created and thrown
253 Klass* kls =
254 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false);
255 if (log_is_enabled(Debug, class, resolve)) {
256 Verifier::trace_class_resolution(kls, klass);
257 }
258
259 while (kls != nullptr) {
260 if (kls == klass) {
261 // If the class being verified is the exception we're creating
262 // or one of it's superclasses, we're in trouble and are going
263 // to infinitely recurse when we try to initialize the exception.
264 // So bail out here by throwing the preallocated VM error.
265 THROW_OOP_(Universe::internal_error_instance(), false);
266 }
267 kls = kls->super();
268 }
269 if (message_buffer != nullptr) {
270 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
271 }
272 assert(exception_message != nullptr, "");
273 THROW_MSG_(exception_name, exception_message, false);
274 }
275 }
276
277 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
278 Symbol* name = klass->name();
279
280 return (should_verify_for(klass->class_loader(), should_verify_class) &&
281 // return if the class is a bootstrapping class
282 // or defineClass specified not to verify by default (flags override passed arg)
283 // We need to skip the following four for bootstrapping
284 name != vmSymbols::java_lang_Object() &&
285 name != vmSymbols::java_lang_Class() &&
286 name != vmSymbols::java_lang_String() &&
287 name != vmSymbols::java_lang_Throwable() &&
288
289 // Can not verify the bytecodes for shared classes because they have
290 // already been rewritten to contain constant pool cache indices,
291 // which the verifier can't understand.
292 // Shared classes shouldn't have stackmaps either.
293 // However, bytecodes for shared old classes can be verified because
294 // they have not been rewritten.
295 !(klass->is_shared() && klass->is_rewritten()));
296 }
297
298 Symbol* Verifier::inference_verify(
299 InstanceKlass* klass, char* message, size_t message_len, TRAPS) {
300 JavaThread* thread = THREAD;
301
302 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn();
303
304 if (verify_func == nullptr) {
305 jio_snprintf(message, message_len, "Could not link verifier");
306 return vmSymbols::java_lang_VerifyError();
307 }
308
309 ResourceMark rm(thread);
310 log_info(verification)("Verifying class %s with old format", klass->external_name());
311
312 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror());
313 jint result;
314
315 {
316 HandleMark hm(thread);
317 ThreadToNativeFromVM ttn(thread);
318 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint
319 // code knows that we have left the VM
320 JNIEnv *env = thread->jni_environment();
321 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version());
322 }
323
324 JNIHandles::destroy_local(cls);
325
326 // These numbers are chosen so that VerifyClassCodes interface doesn't need
327 // to be changed (still return jboolean (unsigned char)), and result is
328 // 1 when verification is passed.
329 if (result == 0) {
330 return vmSymbols::java_lang_VerifyError();
331 } else if (result == 1) {
332 return nullptr; // verified.
333 } else if (result == 2) {
334 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, nullptr);
335 } else if (result == 3) {
336 return vmSymbols::java_lang_ClassFormatError();
337 } else {
338 ShouldNotReachHere();
339 return nullptr;
340 }
341 }
342
343 TypeOrigin TypeOrigin::null() {
344 return TypeOrigin();
345 }
346 TypeOrigin TypeOrigin::local(int index, StackMapFrame* frame) {
347 assert(frame != nullptr, "Must have a frame");
348 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame),
349 frame->local_at(index));
350 }
351 TypeOrigin TypeOrigin::stack(int index, StackMapFrame* frame) {
352 assert(frame != nullptr, "Must have a frame");
353 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame),
354 frame->stack_at(index));
355 }
356 TypeOrigin TypeOrigin::sm_local(int index, StackMapFrame* frame) {
357 assert(frame != nullptr, "Must have a frame");
358 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame),
359 frame->local_at(index));
360 }
361 TypeOrigin TypeOrigin::sm_stack(int index, StackMapFrame* frame) {
362 assert(frame != nullptr, "Must have a frame");
363 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame),
364 frame->stack_at(index));
365 }
366 TypeOrigin TypeOrigin::bad_index(int index) {
367 return TypeOrigin(BAD_INDEX, index, nullptr, VerificationType::bogus_type());
368 }
369 TypeOrigin TypeOrigin::cp(int index, VerificationType vt) {
370 return TypeOrigin(CONST_POOL, index, nullptr, vt);
371 }
372 TypeOrigin TypeOrigin::signature(VerificationType vt) {
373 return TypeOrigin(SIG, 0, nullptr, vt);
374 }
375 TypeOrigin TypeOrigin::implicit(VerificationType t) {
376 return TypeOrigin(IMPLICIT, 0, nullptr, t);
377 }
378 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) {
379 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame),
380 VerificationType::bogus_type());
381 }
382
383 void TypeOrigin::reset_frame() {
384 if (_frame != nullptr) {
385 _frame->restore();
386 }
387 }
388
389 void TypeOrigin::details(outputStream* ss) const {
390 _type.print_on(ss);
391 switch (_origin) {
392 case CF_LOCALS:
393 ss->print(" (current frame, locals[%d])", _index);
394 break;
395 case CF_STACK:
396 ss->print(" (current frame, stack[%d])", _index);
397 break;
398 case SM_LOCALS:
399 ss->print(" (stack map, locals[%d])", _index);
400 break;
401 case SM_STACK:
402 ss->print(" (stack map, stack[%d])", _index);
403 break;
404 case CONST_POOL:
405 ss->print(" (constant pool %d)", _index);
406 break;
407 case SIG:
408 ss->print(" (from method signature)");
409 break;
410 case IMPLICIT:
411 case FRAME_ONLY:
412 case NONE:
413 default:
414 ;
415 }
416 }
417
418 #ifdef ASSERT
419 void TypeOrigin::print_on(outputStream* str) const {
420 str->print("{%d,%d,%p:", _origin, _index, _frame);
421 if (_frame != nullptr) {
422 _frame->print_on(str);
423 } else {
424 str->print("null");
425 }
426 str->print(",");
427 _type.print_on(str);
428 str->print("}");
429 }
430 #endif
431
432 void ErrorContext::details(outputStream* ss, const Method* method) const {
433 if (is_valid()) {
434 ss->cr();
435 ss->print_cr("Exception Details:");
436 location_details(ss, method);
437 reason_details(ss);
438 frame_details(ss);
439 bytecode_details(ss, method);
440 handler_details(ss, method);
441 stackmap_details(ss, method);
442 }
443 }
444
445 void ErrorContext::reason_details(outputStream* ss) const {
446 streamIndentor si(ss);
447 ss->indent().print_cr("Reason:");
448 streamIndentor si2(ss);
449 ss->indent().print("%s", "");
450 switch (_fault) {
451 case INVALID_BYTECODE:
452 ss->print("Error exists in the bytecode");
453 break;
454 case WRONG_TYPE:
455 if (_expected.is_valid()) {
456 ss->print("Type ");
457 _type.details(ss);
458 ss->print(" is not assignable to ");
459 _expected.details(ss);
460 } else {
461 ss->print("Invalid type: ");
462 _type.details(ss);
463 }
464 break;
465 case FLAGS_MISMATCH:
466 if (_expected.is_valid()) {
467 ss->print("Current frame's flags are not assignable "
468 "to stack map frame's.");
469 } else {
470 ss->print("Current frame's flags are invalid in this context.");
471 }
472 break;
473 case BAD_CP_INDEX:
474 ss->print("Constant pool index %d is invalid", _type.index());
475 break;
476 case BAD_LOCAL_INDEX:
477 ss->print("Local index %d is invalid", _type.index());
478 break;
479 case LOCALS_SIZE_MISMATCH:
480 ss->print("Current frame's local size doesn't match stackmap.");
481 break;
482 case STACK_SIZE_MISMATCH:
483 ss->print("Current frame's stack size doesn't match stackmap.");
484 break;
485 case STACK_OVERFLOW:
486 ss->print("Exceeded max stack size.");
487 break;
488 case STACK_UNDERFLOW:
489 ss->print("Attempt to pop empty stack.");
490 break;
491 case MISSING_STACKMAP:
492 ss->print("Expected stackmap frame at this location.");
493 break;
494 case BAD_STACKMAP:
495 ss->print("Invalid stackmap specification.");
496 break;
497 case WRONG_INLINE_TYPE:
498 ss->print("Type ");
499 _type.details(ss);
500 ss->print(" and type ");
501 _expected.details(ss);
502 ss->print(" must be identical inline types.");
503 break;
504 case UNKNOWN:
505 default:
506 ShouldNotReachHere();
507 ss->print_cr("Unknown");
508 }
509 ss->cr();
510 }
511
512 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
513 if (_bci != -1 && method != nullptr) {
514 streamIndentor si(ss);
515 const char* bytecode_name = "<invalid>";
516 if (method->validate_bci(_bci) != -1) {
517 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
518 if (Bytecodes::is_defined(code)) {
519 bytecode_name = Bytecodes::name(code);
520 } else {
521 bytecode_name = "<illegal>";
522 }
523 }
524 InstanceKlass* ik = method->method_holder();
525 ss->indent().print_cr("Location:");
526 streamIndentor si2(ss);
527 ss->indent().print_cr("%s.%s%s @%d: %s",
528 ik->name()->as_C_string(), method->name()->as_C_string(),
529 method->signature()->as_C_string(), _bci, bytecode_name);
530 }
531 }
532
533 void ErrorContext::frame_details(outputStream* ss) const {
534 streamIndentor si(ss);
535 if (_type.is_valid() && _type.frame() != nullptr) {
536 ss->indent().print_cr("Current Frame:");
537 streamIndentor si2(ss);
538 _type.frame()->print_on(ss);
539 }
540 if (_expected.is_valid() && _expected.frame() != nullptr) {
541 ss->indent().print_cr("Stackmap Frame:");
542 streamIndentor si2(ss);
543 _expected.frame()->print_on(ss);
544 }
545 }
546
547 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const {
548 if (method != nullptr) {
549 streamIndentor si(ss);
550 ss->indent().print_cr("Bytecode:");
551 streamIndentor si2(ss);
552 ss->print_data(method->code_base(), method->code_size(), false);
553 }
554 }
555
556 void ErrorContext::handler_details(outputStream* ss, const Method* method) const {
557 if (method != nullptr) {
558 streamIndentor si(ss);
559 ExceptionTable table(method);
560 if (table.length() > 0) {
561 ss->indent().print_cr("Exception Handler Table:");
562 streamIndentor si2(ss);
563 for (int i = 0; i < table.length(); ++i) {
564 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i),
565 table.end_pc(i), table.handler_pc(i));
566 }
567 }
568 }
569 }
570
571 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const {
572 if (method != nullptr && method->has_stackmap_table()) {
573 streamIndentor si(ss);
574 ss->indent().print_cr("Stackmap Table:");
575 Array<u1>* data = method->stackmap_data();
576 stack_map_table* sm_table =
577 stack_map_table::at((address)data->adr_at(0));
578 stack_map_frame* sm_frame = sm_table->entries();
579 streamIndentor si2(ss);
580 int current_offset = -1;
581 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
582 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
583 ss->indent();
584 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
585 sm_frame->print_truncated(ss, current_offset);
586 return;
587 }
588 sm_frame->print_on(ss, current_offset);
589 ss->cr();
590 current_offset += sm_frame->offset_delta();
591 sm_frame = sm_frame->next();
592 }
593 }
594 }
595
596 // Methods in ClassVerifier
597
598 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
599 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
600 _message(nullptr), _klass(klass) {
601 _this_type = VerificationType::reference_type(klass->name());
602 }
603
604 ClassVerifier::~ClassVerifier() {
605 // Decrement the reference count for any symbols created.
606 if (_symbols != nullptr) {
607 for (int i = 0; i < _symbols->length(); i++) {
608 Symbol* s = _symbols->at(i);
609 s->decrement_refcount();
610 }
611 }
612 }
613
614 VerificationType ClassVerifier::object_type() const {
615 return VerificationType::reference_type(vmSymbols::java_lang_Object());
616 }
617
618 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
619 VerificationType vt = VerificationType::reference_type(
620 create_temporary_symbol(sig, (int)strlen(sig)));
621 return TypeOrigin::implicit(vt);
622 }
623
624 static bool supports_strict_fields(InstanceKlass* klass) {
625 int ver = klass->major_version();
626 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
627 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
628 }
629
630 void ClassVerifier::verify_class(TRAPS) {
631 log_info(verification)("Verifying class %s with new format", _klass->external_name());
632
633 // Either verifying both local and remote classes or just remote classes.
634 assert(BytecodeVerificationRemote, "Should not be here");
635
636 Array<Method*>* methods = _klass->methods();
637 int num_methods = methods->length();
638
639 for (int index = 0; index < num_methods; index++) {
640 // Check for recursive re-verification before each method.
641 if (was_recursively_verified()) return;
642
643 Method* m = methods->at(index);
644 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
645 // If m is native or abstract, skip it. It is checked in class file
646 // parser that methods do not override a final method. Overpass methods
647 // are trusted since the VM generates them.
648 continue;
649 }
650 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
651 }
652
653 if (was_recursively_verified()){
654 log_info(verification)("Recursive verification detected for: %s", _klass->external_name());
655 log_info(class, init)("Recursive verification detected for: %s",
656 _klass->external_name());
657 }
658 }
659
660 // Translate the signature entries into verification types and save them in
661 // the growable array. Also, save the count of arguments.
662 void ClassVerifier::translate_signature(Symbol* const method_sig,
663 sig_as_verification_types* sig_verif_types) {
664 SignatureStream sig_stream(method_sig);
665 VerificationType sig_type[2];
666 int sig_i = 0;
667 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types();
668
669 // Translate the signature arguments into verification types.
670 while (!sig_stream.at_return_type()) {
671 int n = change_sig_to_verificationType(&sig_stream, sig_type);
672 assert(n <= 2, "Unexpected signature type");
673
674 // Store verification type(s). Longs and Doubles each have two verificationTypes.
675 for (int x = 0; x < n; x++) {
676 verif_types->push(sig_type[x]);
677 }
678 sig_i += n;
679 sig_stream.next();
680 }
681
682 // Set final arg count, not including the return type. The final arg count will
683 // be compared with sig_verify_types' length to see if there is a return type.
684 sig_verif_types->set_num_args(sig_i);
685
686 // Store verification type(s) for the return type, if there is one.
687 if (sig_stream.type() != T_VOID) {
688 int n = change_sig_to_verificationType(&sig_stream, sig_type);
689 assert(n <= 2, "Unexpected signature return type");
690 for (int y = 0; y < n; y++) {
691 verif_types->push(sig_type[y]);
692 }
693 }
694 }
695
696 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types,
697 int sig_index) {
698 // Translate the signature into verification types.
699 ConstantPool* cp = _klass->constants();
700 Symbol* const method_sig = cp->symbol_at(sig_index);
701 translate_signature(method_sig, sig_verif_types);
702
703 // Add the list of this signature's verification types to the table.
704 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
705 assert(is_unique, "Duplicate entries in method_signature_table");
706 }
707
708 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
709 HandleMark hm(THREAD);
710 _method = m; // initialize _method
711 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
712
713 // For clang, the only good constant format string is a literal constant format string.
714 #define bad_type_msg "Bad type on operand stack in %s"
715
716 u2 max_stack = m->verifier_max_stack();
717 u2 max_locals = m->max_locals();
718 constantPoolHandle cp(THREAD, m->constants());
719
720 // Method signature was checked in ClassFileParser.
721 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
722 "Invalid method signature");
723
724 // Initial stack map frame: offset is 0, stack is initially empty.
725 StackMapFrame current_frame(max_locals, max_stack, this);
726 // Set initial locals
727 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
728
729 u2 stackmap_index = 0; // index to the stackmap array
730
731 u4 code_length = m->code_size();
732
733 // Scan the bytecode and map each instruction's start offset to a number.
734 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
735
736 int ex_min = code_length;
737 int ex_max = -1;
738 // Look through each item on the exception table. Each of the fields must refer
739 // to a legal instruction.
740 if (was_recursively_verified()) return;
741 verify_exception_handler_table(
742 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
743
744 // Look through each entry on the local variable table and make sure
745 // its range of code array offsets is valid. (4169817)
746 if (m->has_localvariable_table()) {
747 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
748 }
749
750 Array<u1>* stackmap_data = m->stackmap_data();
751 StackMapStream stream(stackmap_data);
752 StackMapReader reader(this, &stream, code_data, code_length, THREAD);
753 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack,
754 code_data, code_length, CHECK_VERIFY(this));
755
756 LogTarget(Debug, verification) lt;
757 if (lt.is_enabled()) {
758 ResourceMark rm(THREAD);
759 LogStream ls(lt);
760 stackmap_table.print_on(&ls);
761 }
762
763 RawBytecodeStream bcs(m);
764
765 // Scan the byte code linearly from the start to the end
766 bool no_control_flow = false; // Set to true when there is no direct control
767 // flow from current instruction to the next
768 // instruction in sequence
769
770 Bytecodes::Code opcode;
771 while (!bcs.is_last_bytecode()) {
772 // Check for recursive re-verification before each bytecode.
773 if (was_recursively_verified()) return;
774
775 opcode = bcs.raw_next();
776 int bci = bcs.bci();
777
778 // Set current frame's offset to bci
779 current_frame.set_offset(bci);
780 current_frame.set_mark();
781
782 // Make sure every offset in stackmap table point to the beginning to
783 // an instruction. Match current_frame to stackmap_table entry with
784 // the same offset if exists.
785 stackmap_index = verify_stackmap_table(
786 stackmap_index, bci, ¤t_frame, &stackmap_table,
787 no_control_flow, CHECK_VERIFY(this));
788
789
790 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this'
791 bool verified_exc_handlers = false;
792
793 // Merge with the next instruction
794 {
795 int target;
796 VerificationType type, type2;
797 VerificationType atype;
798
799 LogTarget(Debug, verification) lt;
800 if (lt.is_enabled()) {
801 ResourceMark rm(THREAD);
802 LogStream ls(lt);
803 current_frame.print_on(&ls);
804 lt.print("offset = %d, opcode = %s", bci,
805 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode));
806 }
807
808 // Make sure wide instruction is in correct format
809 if (bcs.is_wide()) {
810 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload &&
811 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload &&
812 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore &&
813 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload &&
814 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore &&
815 opcode != Bytecodes::_dstore) {
816 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal'
817 * if we encounter a wide instruction that modifies an invalid
818 * opcode (not one of the ones listed above) */
819 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction");
820 return;
821 }
822 }
823
824 // Look for possible jump target in exception handlers and see if it
825 // matches current_frame. Do this check here for astore*, dstore*,
826 // fstore*, istore*, and lstore* opcodes because they can change the type
827 // state by adding a local. JVM Spec says that the incoming type state
828 // should be used for this check. So, do the check here before a possible
829 // local is added to the type state.
830 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) {
831 if (was_recursively_verified()) return;
832 verify_exception_handler_targets(
833 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
834 verified_exc_handlers = true;
835 }
836
837 if (was_recursively_verified()) return;
838
839 switch (opcode) {
840 case Bytecodes::_nop :
841 no_control_flow = false; break;
842 case Bytecodes::_aconst_null :
843 current_frame.push_stack(
844 VerificationType::null_type(), CHECK_VERIFY(this));
845 no_control_flow = false; break;
846 case Bytecodes::_iconst_m1 :
847 case Bytecodes::_iconst_0 :
848 case Bytecodes::_iconst_1 :
849 case Bytecodes::_iconst_2 :
850 case Bytecodes::_iconst_3 :
851 case Bytecodes::_iconst_4 :
852 case Bytecodes::_iconst_5 :
853 current_frame.push_stack(
854 VerificationType::integer_type(), CHECK_VERIFY(this));
855 no_control_flow = false; break;
856 case Bytecodes::_lconst_0 :
857 case Bytecodes::_lconst_1 :
858 current_frame.push_stack_2(
859 VerificationType::long_type(),
860 VerificationType::long2_type(), CHECK_VERIFY(this));
861 no_control_flow = false; break;
862 case Bytecodes::_fconst_0 :
863 case Bytecodes::_fconst_1 :
864 case Bytecodes::_fconst_2 :
865 current_frame.push_stack(
866 VerificationType::float_type(), CHECK_VERIFY(this));
867 no_control_flow = false; break;
868 case Bytecodes::_dconst_0 :
869 case Bytecodes::_dconst_1 :
870 current_frame.push_stack_2(
871 VerificationType::double_type(),
872 VerificationType::double2_type(), CHECK_VERIFY(this));
873 no_control_flow = false; break;
874 case Bytecodes::_sipush :
875 case Bytecodes::_bipush :
876 current_frame.push_stack(
877 VerificationType::integer_type(), CHECK_VERIFY(this));
878 no_control_flow = false; break;
879 case Bytecodes::_ldc :
880 verify_ldc(
881 opcode, bcs.get_index_u1(), ¤t_frame,
882 cp, bci, CHECK_VERIFY(this));
883 no_control_flow = false; break;
884 case Bytecodes::_ldc_w :
885 case Bytecodes::_ldc2_w :
886 verify_ldc(
887 opcode, bcs.get_index_u2(), ¤t_frame,
888 cp, bci, CHECK_VERIFY(this));
889 no_control_flow = false; break;
890 case Bytecodes::_iload :
891 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
892 no_control_flow = false; break;
893 case Bytecodes::_iload_0 :
894 case Bytecodes::_iload_1 :
895 case Bytecodes::_iload_2 :
896 case Bytecodes::_iload_3 : {
897 int index = opcode - Bytecodes::_iload_0;
898 verify_iload(index, ¤t_frame, CHECK_VERIFY(this));
899 no_control_flow = false; break;
900 }
901 case Bytecodes::_lload :
902 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
903 no_control_flow = false; break;
904 case Bytecodes::_lload_0 :
905 case Bytecodes::_lload_1 :
906 case Bytecodes::_lload_2 :
907 case Bytecodes::_lload_3 : {
908 int index = opcode - Bytecodes::_lload_0;
909 verify_lload(index, ¤t_frame, CHECK_VERIFY(this));
910 no_control_flow = false; break;
911 }
912 case Bytecodes::_fload :
913 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
914 no_control_flow = false; break;
915 case Bytecodes::_fload_0 :
916 case Bytecodes::_fload_1 :
917 case Bytecodes::_fload_2 :
918 case Bytecodes::_fload_3 : {
919 int index = opcode - Bytecodes::_fload_0;
920 verify_fload(index, ¤t_frame, CHECK_VERIFY(this));
921 no_control_flow = false; break;
922 }
923 case Bytecodes::_dload :
924 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
925 no_control_flow = false; break;
926 case Bytecodes::_dload_0 :
927 case Bytecodes::_dload_1 :
928 case Bytecodes::_dload_2 :
929 case Bytecodes::_dload_3 : {
930 int index = opcode - Bytecodes::_dload_0;
931 verify_dload(index, ¤t_frame, CHECK_VERIFY(this));
932 no_control_flow = false; break;
933 }
934 case Bytecodes::_aload :
935 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
936 no_control_flow = false; break;
937 case Bytecodes::_aload_0 :
938 case Bytecodes::_aload_1 :
939 case Bytecodes::_aload_2 :
940 case Bytecodes::_aload_3 : {
941 int index = opcode - Bytecodes::_aload_0;
942 verify_aload(index, ¤t_frame, CHECK_VERIFY(this));
943 no_control_flow = false; break;
944 }
945 case Bytecodes::_iaload :
946 type = current_frame.pop_stack(
947 VerificationType::integer_type(), CHECK_VERIFY(this));
948 atype = current_frame.pop_stack(
949 VerificationType::reference_check(), CHECK_VERIFY(this));
950 if (!atype.is_int_array()) {
951 verify_error(ErrorContext::bad_type(bci,
952 current_frame.stack_top_ctx(), ref_ctx("[I")),
953 bad_type_msg, "iaload");
954 return;
955 }
956 current_frame.push_stack(
957 VerificationType::integer_type(), CHECK_VERIFY(this));
958 no_control_flow = false; break;
959 case Bytecodes::_baload :
960 type = current_frame.pop_stack(
961 VerificationType::integer_type(), CHECK_VERIFY(this));
962 atype = current_frame.pop_stack(
963 VerificationType::reference_check(), CHECK_VERIFY(this));
964 if (!atype.is_bool_array() && !atype.is_byte_array()) {
965 verify_error(
966 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
967 bad_type_msg, "baload");
968 return;
969 }
970 current_frame.push_stack(
971 VerificationType::integer_type(), CHECK_VERIFY(this));
972 no_control_flow = false; break;
973 case Bytecodes::_caload :
974 type = current_frame.pop_stack(
975 VerificationType::integer_type(), CHECK_VERIFY(this));
976 atype = current_frame.pop_stack(
977 VerificationType::reference_check(), CHECK_VERIFY(this));
978 if (!atype.is_char_array()) {
979 verify_error(ErrorContext::bad_type(bci,
980 current_frame.stack_top_ctx(), ref_ctx("[C")),
981 bad_type_msg, "caload");
982 return;
983 }
984 current_frame.push_stack(
985 VerificationType::integer_type(), CHECK_VERIFY(this));
986 no_control_flow = false; break;
987 case Bytecodes::_saload :
988 type = current_frame.pop_stack(
989 VerificationType::integer_type(), CHECK_VERIFY(this));
990 atype = current_frame.pop_stack(
991 VerificationType::reference_check(), CHECK_VERIFY(this));
992 if (!atype.is_short_array()) {
993 verify_error(ErrorContext::bad_type(bci,
994 current_frame.stack_top_ctx(), ref_ctx("[S")),
995 bad_type_msg, "saload");
996 return;
997 }
998 current_frame.push_stack(
999 VerificationType::integer_type(), CHECK_VERIFY(this));
1000 no_control_flow = false; break;
1001 case Bytecodes::_laload :
1002 type = current_frame.pop_stack(
1003 VerificationType::integer_type(), CHECK_VERIFY(this));
1004 atype = current_frame.pop_stack(
1005 VerificationType::reference_check(), CHECK_VERIFY(this));
1006 if (!atype.is_long_array()) {
1007 verify_error(ErrorContext::bad_type(bci,
1008 current_frame.stack_top_ctx(), ref_ctx("[J")),
1009 bad_type_msg, "laload");
1010 return;
1011 }
1012 current_frame.push_stack_2(
1013 VerificationType::long_type(),
1014 VerificationType::long2_type(), CHECK_VERIFY(this));
1015 no_control_flow = false; break;
1016 case Bytecodes::_faload :
1017 type = current_frame.pop_stack(
1018 VerificationType::integer_type(), CHECK_VERIFY(this));
1019 atype = current_frame.pop_stack(
1020 VerificationType::reference_check(), CHECK_VERIFY(this));
1021 if (!atype.is_float_array()) {
1022 verify_error(ErrorContext::bad_type(bci,
1023 current_frame.stack_top_ctx(), ref_ctx("[F")),
1024 bad_type_msg, "faload");
1025 return;
1026 }
1027 current_frame.push_stack(
1028 VerificationType::float_type(), CHECK_VERIFY(this));
1029 no_control_flow = false; break;
1030 case Bytecodes::_daload :
1031 type = current_frame.pop_stack(
1032 VerificationType::integer_type(), CHECK_VERIFY(this));
1033 atype = current_frame.pop_stack(
1034 VerificationType::reference_check(), CHECK_VERIFY(this));
1035 if (!atype.is_double_array()) {
1036 verify_error(ErrorContext::bad_type(bci,
1037 current_frame.stack_top_ctx(), ref_ctx("[D")),
1038 bad_type_msg, "daload");
1039 return;
1040 }
1041 current_frame.push_stack_2(
1042 VerificationType::double_type(),
1043 VerificationType::double2_type(), CHECK_VERIFY(this));
1044 no_control_flow = false; break;
1045 case Bytecodes::_aaload : {
1046 type = current_frame.pop_stack(
1047 VerificationType::integer_type(), CHECK_VERIFY(this));
1048 atype = current_frame.pop_stack(
1049 VerificationType::reference_check(), CHECK_VERIFY(this));
1050 if (!atype.is_reference_array()) {
1051 verify_error(ErrorContext::bad_type(bci,
1052 current_frame.stack_top_ctx(),
1053 TypeOrigin::implicit(VerificationType::reference_check())),
1054 bad_type_msg, "aaload");
1055 return;
1056 }
1057 if (atype.is_null()) {
1058 current_frame.push_stack(
1059 VerificationType::null_type(), CHECK_VERIFY(this));
1060 } else {
1061 VerificationType component = atype.get_component(this);
1062 current_frame.push_stack(component, CHECK_VERIFY(this));
1063 }
1064 no_control_flow = false; break;
1065 }
1066 case Bytecodes::_istore :
1067 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1068 no_control_flow = false; break;
1069 case Bytecodes::_istore_0 :
1070 case Bytecodes::_istore_1 :
1071 case Bytecodes::_istore_2 :
1072 case Bytecodes::_istore_3 : {
1073 int index = opcode - Bytecodes::_istore_0;
1074 verify_istore(index, ¤t_frame, CHECK_VERIFY(this));
1075 no_control_flow = false; break;
1076 }
1077 case Bytecodes::_lstore :
1078 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1079 no_control_flow = false; break;
1080 case Bytecodes::_lstore_0 :
1081 case Bytecodes::_lstore_1 :
1082 case Bytecodes::_lstore_2 :
1083 case Bytecodes::_lstore_3 : {
1084 int index = opcode - Bytecodes::_lstore_0;
1085 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this));
1086 no_control_flow = false; break;
1087 }
1088 case Bytecodes::_fstore :
1089 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1090 no_control_flow = false; break;
1091 case Bytecodes::_fstore_0 :
1092 case Bytecodes::_fstore_1 :
1093 case Bytecodes::_fstore_2 :
1094 case Bytecodes::_fstore_3 : {
1095 int index = opcode - Bytecodes::_fstore_0;
1096 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this));
1097 no_control_flow = false; break;
1098 }
1099 case Bytecodes::_dstore :
1100 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1101 no_control_flow = false; break;
1102 case Bytecodes::_dstore_0 :
1103 case Bytecodes::_dstore_1 :
1104 case Bytecodes::_dstore_2 :
1105 case Bytecodes::_dstore_3 : {
1106 int index = opcode - Bytecodes::_dstore_0;
1107 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this));
1108 no_control_flow = false; break;
1109 }
1110 case Bytecodes::_astore :
1111 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1112 no_control_flow = false; break;
1113 case Bytecodes::_astore_0 :
1114 case Bytecodes::_astore_1 :
1115 case Bytecodes::_astore_2 :
1116 case Bytecodes::_astore_3 : {
1117 int index = opcode - Bytecodes::_astore_0;
1118 verify_astore(index, ¤t_frame, CHECK_VERIFY(this));
1119 no_control_flow = false; break;
1120 }
1121 case Bytecodes::_iastore :
1122 type = current_frame.pop_stack(
1123 VerificationType::integer_type(), CHECK_VERIFY(this));
1124 type2 = current_frame.pop_stack(
1125 VerificationType::integer_type(), CHECK_VERIFY(this));
1126 atype = current_frame.pop_stack(
1127 VerificationType::reference_check(), CHECK_VERIFY(this));
1128 if (!atype.is_int_array()) {
1129 verify_error(ErrorContext::bad_type(bci,
1130 current_frame.stack_top_ctx(), ref_ctx("[I")),
1131 bad_type_msg, "iastore");
1132 return;
1133 }
1134 no_control_flow = false; break;
1135 case Bytecodes::_bastore :
1136 type = current_frame.pop_stack(
1137 VerificationType::integer_type(), CHECK_VERIFY(this));
1138 type2 = current_frame.pop_stack(
1139 VerificationType::integer_type(), CHECK_VERIFY(this));
1140 atype = current_frame.pop_stack(
1141 VerificationType::reference_check(), CHECK_VERIFY(this));
1142 if (!atype.is_bool_array() && !atype.is_byte_array()) {
1143 verify_error(
1144 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1145 bad_type_msg, "bastore");
1146 return;
1147 }
1148 no_control_flow = false; break;
1149 case Bytecodes::_castore :
1150 current_frame.pop_stack(
1151 VerificationType::integer_type(), CHECK_VERIFY(this));
1152 current_frame.pop_stack(
1153 VerificationType::integer_type(), CHECK_VERIFY(this));
1154 atype = current_frame.pop_stack(
1155 VerificationType::reference_check(), CHECK_VERIFY(this));
1156 if (!atype.is_char_array()) {
1157 verify_error(ErrorContext::bad_type(bci,
1158 current_frame.stack_top_ctx(), ref_ctx("[C")),
1159 bad_type_msg, "castore");
1160 return;
1161 }
1162 no_control_flow = false; break;
1163 case Bytecodes::_sastore :
1164 current_frame.pop_stack(
1165 VerificationType::integer_type(), CHECK_VERIFY(this));
1166 current_frame.pop_stack(
1167 VerificationType::integer_type(), CHECK_VERIFY(this));
1168 atype = current_frame.pop_stack(
1169 VerificationType::reference_check(), CHECK_VERIFY(this));
1170 if (!atype.is_short_array()) {
1171 verify_error(ErrorContext::bad_type(bci,
1172 current_frame.stack_top_ctx(), ref_ctx("[S")),
1173 bad_type_msg, "sastore");
1174 return;
1175 }
1176 no_control_flow = false; break;
1177 case Bytecodes::_lastore :
1178 current_frame.pop_stack_2(
1179 VerificationType::long2_type(),
1180 VerificationType::long_type(), CHECK_VERIFY(this));
1181 current_frame.pop_stack(
1182 VerificationType::integer_type(), CHECK_VERIFY(this));
1183 atype = current_frame.pop_stack(
1184 VerificationType::reference_check(), CHECK_VERIFY(this));
1185 if (!atype.is_long_array()) {
1186 verify_error(ErrorContext::bad_type(bci,
1187 current_frame.stack_top_ctx(), ref_ctx("[J")),
1188 bad_type_msg, "lastore");
1189 return;
1190 }
1191 no_control_flow = false; break;
1192 case Bytecodes::_fastore :
1193 current_frame.pop_stack(
1194 VerificationType::float_type(), CHECK_VERIFY(this));
1195 current_frame.pop_stack
1196 (VerificationType::integer_type(), CHECK_VERIFY(this));
1197 atype = current_frame.pop_stack(
1198 VerificationType::reference_check(), CHECK_VERIFY(this));
1199 if (!atype.is_float_array()) {
1200 verify_error(ErrorContext::bad_type(bci,
1201 current_frame.stack_top_ctx(), ref_ctx("[F")),
1202 bad_type_msg, "fastore");
1203 return;
1204 }
1205 no_control_flow = false; break;
1206 case Bytecodes::_dastore :
1207 current_frame.pop_stack_2(
1208 VerificationType::double2_type(),
1209 VerificationType::double_type(), CHECK_VERIFY(this));
1210 current_frame.pop_stack(
1211 VerificationType::integer_type(), CHECK_VERIFY(this));
1212 atype = current_frame.pop_stack(
1213 VerificationType::reference_check(), CHECK_VERIFY(this));
1214 if (!atype.is_double_array()) {
1215 verify_error(ErrorContext::bad_type(bci,
1216 current_frame.stack_top_ctx(), ref_ctx("[D")),
1217 bad_type_msg, "dastore");
1218 return;
1219 }
1220 no_control_flow = false; break;
1221 case Bytecodes::_aastore :
1222 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1223 type2 = current_frame.pop_stack(
1224 VerificationType::integer_type(), CHECK_VERIFY(this));
1225 atype = current_frame.pop_stack(
1226 VerificationType::reference_check(), CHECK_VERIFY(this));
1227 // more type-checking is done at runtime
1228 if (!atype.is_reference_array()) {
1229 verify_error(ErrorContext::bad_type(bci,
1230 current_frame.stack_top_ctx(),
1231 TypeOrigin::implicit(VerificationType::reference_check())),
1232 bad_type_msg, "aastore");
1233 return;
1234 }
1235 // 4938384: relaxed constraint in JVMS 3rd edition.
1236 no_control_flow = false; break;
1237 case Bytecodes::_pop :
1238 current_frame.pop_stack(
1239 VerificationType::category1_check(), CHECK_VERIFY(this));
1240 no_control_flow = false; break;
1241 case Bytecodes::_pop2 :
1242 type = current_frame.pop_stack(CHECK_VERIFY(this));
1243 if (type.is_category1()) {
1244 current_frame.pop_stack(
1245 VerificationType::category1_check(), CHECK_VERIFY(this));
1246 } else if (type.is_category2_2nd()) {
1247 current_frame.pop_stack(
1248 VerificationType::category2_check(), CHECK_VERIFY(this));
1249 } else {
1250 /* Unreachable? Would need a category2_1st on TOS
1251 * which does not appear possible. */
1252 verify_error(
1253 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1254 bad_type_msg, "pop2");
1255 return;
1256 }
1257 no_control_flow = false; break;
1258 case Bytecodes::_dup :
1259 type = current_frame.pop_stack(
1260 VerificationType::category1_check(), CHECK_VERIFY(this));
1261 current_frame.push_stack(type, CHECK_VERIFY(this));
1262 current_frame.push_stack(type, CHECK_VERIFY(this));
1263 no_control_flow = false; break;
1264 case Bytecodes::_dup_x1 :
1265 type = current_frame.pop_stack(
1266 VerificationType::category1_check(), CHECK_VERIFY(this));
1267 type2 = current_frame.pop_stack(
1268 VerificationType::category1_check(), CHECK_VERIFY(this));
1269 current_frame.push_stack(type, CHECK_VERIFY(this));
1270 current_frame.push_stack(type2, CHECK_VERIFY(this));
1271 current_frame.push_stack(type, CHECK_VERIFY(this));
1272 no_control_flow = false; break;
1273 case Bytecodes::_dup_x2 :
1274 {
1275 VerificationType type3;
1276 type = current_frame.pop_stack(
1277 VerificationType::category1_check(), CHECK_VERIFY(this));
1278 type2 = current_frame.pop_stack(CHECK_VERIFY(this));
1279 if (type2.is_category1()) {
1280 type3 = current_frame.pop_stack(
1281 VerificationType::category1_check(), CHECK_VERIFY(this));
1282 } else if (type2.is_category2_2nd()) {
1283 type3 = current_frame.pop_stack(
1284 VerificationType::category2_check(), CHECK_VERIFY(this));
1285 } else {
1286 /* Unreachable? Would need a category2_1st at stack depth 2 with
1287 * a category1 on TOS which does not appear possible. */
1288 verify_error(ErrorContext::bad_type(
1289 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2");
1290 return;
1291 }
1292 current_frame.push_stack(type, CHECK_VERIFY(this));
1293 current_frame.push_stack(type3, CHECK_VERIFY(this));
1294 current_frame.push_stack(type2, CHECK_VERIFY(this));
1295 current_frame.push_stack(type, CHECK_VERIFY(this));
1296 no_control_flow = false; break;
1297 }
1298 case Bytecodes::_dup2 :
1299 type = current_frame.pop_stack(CHECK_VERIFY(this));
1300 if (type.is_category1()) {
1301 type2 = current_frame.pop_stack(
1302 VerificationType::category1_check(), CHECK_VERIFY(this));
1303 } else if (type.is_category2_2nd()) {
1304 type2 = current_frame.pop_stack(
1305 VerificationType::category2_check(), CHECK_VERIFY(this));
1306 } else {
1307 /* Unreachable? Would need a category2_1st on TOS which does not
1308 * appear possible. */
1309 verify_error(
1310 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1311 bad_type_msg, "dup2");
1312 return;
1313 }
1314 current_frame.push_stack(type2, CHECK_VERIFY(this));
1315 current_frame.push_stack(type, CHECK_VERIFY(this));
1316 current_frame.push_stack(type2, CHECK_VERIFY(this));
1317 current_frame.push_stack(type, CHECK_VERIFY(this));
1318 no_control_flow = false; break;
1319 case Bytecodes::_dup2_x1 :
1320 {
1321 VerificationType type3;
1322 type = current_frame.pop_stack(CHECK_VERIFY(this));
1323 if (type.is_category1()) {
1324 type2 = current_frame.pop_stack(
1325 VerificationType::category1_check(), CHECK_VERIFY(this));
1326 } else if (type.is_category2_2nd()) {
1327 type2 = current_frame.pop_stack(
1328 VerificationType::category2_check(), CHECK_VERIFY(this));
1329 } else {
1330 /* Unreachable? Would need a category2_1st on TOS which does
1331 * not appear possible. */
1332 verify_error(
1333 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1334 bad_type_msg, "dup2_x1");
1335 return;
1336 }
1337 type3 = current_frame.pop_stack(
1338 VerificationType::category1_check(), CHECK_VERIFY(this));
1339 current_frame.push_stack(type2, CHECK_VERIFY(this));
1340 current_frame.push_stack(type, CHECK_VERIFY(this));
1341 current_frame.push_stack(type3, CHECK_VERIFY(this));
1342 current_frame.push_stack(type2, CHECK_VERIFY(this));
1343 current_frame.push_stack(type, CHECK_VERIFY(this));
1344 no_control_flow = false; break;
1345 }
1346 case Bytecodes::_dup2_x2 :
1347 {
1348 VerificationType type3, type4;
1349 type = current_frame.pop_stack(CHECK_VERIFY(this));
1350 if (type.is_category1()) {
1351 type2 = current_frame.pop_stack(
1352 VerificationType::category1_check(), CHECK_VERIFY(this));
1353 } else if (type.is_category2_2nd()) {
1354 type2 = current_frame.pop_stack(
1355 VerificationType::category2_check(), CHECK_VERIFY(this));
1356 } else {
1357 /* Unreachable? Would need a category2_1st on TOS which does
1358 * not appear possible. */
1359 verify_error(
1360 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1361 bad_type_msg, "dup2_x2");
1362 return;
1363 }
1364 type3 = current_frame.pop_stack(CHECK_VERIFY(this));
1365 if (type3.is_category1()) {
1366 type4 = current_frame.pop_stack(
1367 VerificationType::category1_check(), CHECK_VERIFY(this));
1368 } else if (type3.is_category2_2nd()) {
1369 type4 = current_frame.pop_stack(
1370 VerificationType::category2_check(), CHECK_VERIFY(this));
1371 } else {
1372 /* Unreachable? Would need a category2_1st on TOS after popping
1373 * a long/double or two category 1's, which does not
1374 * appear possible. */
1375 verify_error(
1376 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()),
1377 bad_type_msg, "dup2_x2");
1378 return;
1379 }
1380 current_frame.push_stack(type2, CHECK_VERIFY(this));
1381 current_frame.push_stack(type, CHECK_VERIFY(this));
1382 current_frame.push_stack(type4, CHECK_VERIFY(this));
1383 current_frame.push_stack(type3, CHECK_VERIFY(this));
1384 current_frame.push_stack(type2, CHECK_VERIFY(this));
1385 current_frame.push_stack(type, CHECK_VERIFY(this));
1386 no_control_flow = false; break;
1387 }
1388 case Bytecodes::_swap :
1389 type = current_frame.pop_stack(
1390 VerificationType::category1_check(), CHECK_VERIFY(this));
1391 type2 = current_frame.pop_stack(
1392 VerificationType::category1_check(), CHECK_VERIFY(this));
1393 current_frame.push_stack(type, CHECK_VERIFY(this));
1394 current_frame.push_stack(type2, CHECK_VERIFY(this));
1395 no_control_flow = false; break;
1396 case Bytecodes::_iadd :
1397 case Bytecodes::_isub :
1398 case Bytecodes::_imul :
1399 case Bytecodes::_idiv :
1400 case Bytecodes::_irem :
1401 case Bytecodes::_ishl :
1402 case Bytecodes::_ishr :
1403 case Bytecodes::_iushr :
1404 case Bytecodes::_ior :
1405 case Bytecodes::_ixor :
1406 case Bytecodes::_iand :
1407 current_frame.pop_stack(
1408 VerificationType::integer_type(), CHECK_VERIFY(this));
1409 // fall through
1410 case Bytecodes::_ineg :
1411 current_frame.pop_stack(
1412 VerificationType::integer_type(), CHECK_VERIFY(this));
1413 current_frame.push_stack(
1414 VerificationType::integer_type(), CHECK_VERIFY(this));
1415 no_control_flow = false; break;
1416 case Bytecodes::_ladd :
1417 case Bytecodes::_lsub :
1418 case Bytecodes::_lmul :
1419 case Bytecodes::_ldiv :
1420 case Bytecodes::_lrem :
1421 case Bytecodes::_land :
1422 case Bytecodes::_lor :
1423 case Bytecodes::_lxor :
1424 current_frame.pop_stack_2(
1425 VerificationType::long2_type(),
1426 VerificationType::long_type(), CHECK_VERIFY(this));
1427 // fall through
1428 case Bytecodes::_lneg :
1429 current_frame.pop_stack_2(
1430 VerificationType::long2_type(),
1431 VerificationType::long_type(), CHECK_VERIFY(this));
1432 current_frame.push_stack_2(
1433 VerificationType::long_type(),
1434 VerificationType::long2_type(), CHECK_VERIFY(this));
1435 no_control_flow = false; break;
1436 case Bytecodes::_lshl :
1437 case Bytecodes::_lshr :
1438 case Bytecodes::_lushr :
1439 current_frame.pop_stack(
1440 VerificationType::integer_type(), CHECK_VERIFY(this));
1441 current_frame.pop_stack_2(
1442 VerificationType::long2_type(),
1443 VerificationType::long_type(), CHECK_VERIFY(this));
1444 current_frame.push_stack_2(
1445 VerificationType::long_type(),
1446 VerificationType::long2_type(), CHECK_VERIFY(this));
1447 no_control_flow = false; break;
1448 case Bytecodes::_fadd :
1449 case Bytecodes::_fsub :
1450 case Bytecodes::_fmul :
1451 case Bytecodes::_fdiv :
1452 case Bytecodes::_frem :
1453 current_frame.pop_stack(
1454 VerificationType::float_type(), CHECK_VERIFY(this));
1455 // fall through
1456 case Bytecodes::_fneg :
1457 current_frame.pop_stack(
1458 VerificationType::float_type(), CHECK_VERIFY(this));
1459 current_frame.push_stack(
1460 VerificationType::float_type(), CHECK_VERIFY(this));
1461 no_control_flow = false; break;
1462 case Bytecodes::_dadd :
1463 case Bytecodes::_dsub :
1464 case Bytecodes::_dmul :
1465 case Bytecodes::_ddiv :
1466 case Bytecodes::_drem :
1467 current_frame.pop_stack_2(
1468 VerificationType::double2_type(),
1469 VerificationType::double_type(), CHECK_VERIFY(this));
1470 // fall through
1471 case Bytecodes::_dneg :
1472 current_frame.pop_stack_2(
1473 VerificationType::double2_type(),
1474 VerificationType::double_type(), CHECK_VERIFY(this));
1475 current_frame.push_stack_2(
1476 VerificationType::double_type(),
1477 VerificationType::double2_type(), CHECK_VERIFY(this));
1478 no_control_flow = false; break;
1479 case Bytecodes::_iinc :
1480 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1481 no_control_flow = false; break;
1482 case Bytecodes::_i2l :
1483 type = current_frame.pop_stack(
1484 VerificationType::integer_type(), CHECK_VERIFY(this));
1485 current_frame.push_stack_2(
1486 VerificationType::long_type(),
1487 VerificationType::long2_type(), CHECK_VERIFY(this));
1488 no_control_flow = false; break;
1489 case Bytecodes::_l2i :
1490 current_frame.pop_stack_2(
1491 VerificationType::long2_type(),
1492 VerificationType::long_type(), CHECK_VERIFY(this));
1493 current_frame.push_stack(
1494 VerificationType::integer_type(), CHECK_VERIFY(this));
1495 no_control_flow = false; break;
1496 case Bytecodes::_i2f :
1497 current_frame.pop_stack(
1498 VerificationType::integer_type(), CHECK_VERIFY(this));
1499 current_frame.push_stack(
1500 VerificationType::float_type(), CHECK_VERIFY(this));
1501 no_control_flow = false; break;
1502 case Bytecodes::_i2d :
1503 current_frame.pop_stack(
1504 VerificationType::integer_type(), CHECK_VERIFY(this));
1505 current_frame.push_stack_2(
1506 VerificationType::double_type(),
1507 VerificationType::double2_type(), CHECK_VERIFY(this));
1508 no_control_flow = false; break;
1509 case Bytecodes::_l2f :
1510 current_frame.pop_stack_2(
1511 VerificationType::long2_type(),
1512 VerificationType::long_type(), CHECK_VERIFY(this));
1513 current_frame.push_stack(
1514 VerificationType::float_type(), CHECK_VERIFY(this));
1515 no_control_flow = false; break;
1516 case Bytecodes::_l2d :
1517 current_frame.pop_stack_2(
1518 VerificationType::long2_type(),
1519 VerificationType::long_type(), CHECK_VERIFY(this));
1520 current_frame.push_stack_2(
1521 VerificationType::double_type(),
1522 VerificationType::double2_type(), CHECK_VERIFY(this));
1523 no_control_flow = false; break;
1524 case Bytecodes::_f2i :
1525 current_frame.pop_stack(
1526 VerificationType::float_type(), CHECK_VERIFY(this));
1527 current_frame.push_stack(
1528 VerificationType::integer_type(), CHECK_VERIFY(this));
1529 no_control_flow = false; break;
1530 case Bytecodes::_f2l :
1531 current_frame.pop_stack(
1532 VerificationType::float_type(), CHECK_VERIFY(this));
1533 current_frame.push_stack_2(
1534 VerificationType::long_type(),
1535 VerificationType::long2_type(), CHECK_VERIFY(this));
1536 no_control_flow = false; break;
1537 case Bytecodes::_f2d :
1538 current_frame.pop_stack(
1539 VerificationType::float_type(), CHECK_VERIFY(this));
1540 current_frame.push_stack_2(
1541 VerificationType::double_type(),
1542 VerificationType::double2_type(), CHECK_VERIFY(this));
1543 no_control_flow = false; break;
1544 case Bytecodes::_d2i :
1545 current_frame.pop_stack_2(
1546 VerificationType::double2_type(),
1547 VerificationType::double_type(), CHECK_VERIFY(this));
1548 current_frame.push_stack(
1549 VerificationType::integer_type(), CHECK_VERIFY(this));
1550 no_control_flow = false; break;
1551 case Bytecodes::_d2l :
1552 current_frame.pop_stack_2(
1553 VerificationType::double2_type(),
1554 VerificationType::double_type(), CHECK_VERIFY(this));
1555 current_frame.push_stack_2(
1556 VerificationType::long_type(),
1557 VerificationType::long2_type(), CHECK_VERIFY(this));
1558 no_control_flow = false; break;
1559 case Bytecodes::_d2f :
1560 current_frame.pop_stack_2(
1561 VerificationType::double2_type(),
1562 VerificationType::double_type(), CHECK_VERIFY(this));
1563 current_frame.push_stack(
1564 VerificationType::float_type(), CHECK_VERIFY(this));
1565 no_control_flow = false; break;
1566 case Bytecodes::_i2b :
1567 case Bytecodes::_i2c :
1568 case Bytecodes::_i2s :
1569 current_frame.pop_stack(
1570 VerificationType::integer_type(), CHECK_VERIFY(this));
1571 current_frame.push_stack(
1572 VerificationType::integer_type(), CHECK_VERIFY(this));
1573 no_control_flow = false; break;
1574 case Bytecodes::_lcmp :
1575 current_frame.pop_stack_2(
1576 VerificationType::long2_type(),
1577 VerificationType::long_type(), CHECK_VERIFY(this));
1578 current_frame.pop_stack_2(
1579 VerificationType::long2_type(),
1580 VerificationType::long_type(), CHECK_VERIFY(this));
1581 current_frame.push_stack(
1582 VerificationType::integer_type(), CHECK_VERIFY(this));
1583 no_control_flow = false; break;
1584 case Bytecodes::_fcmpl :
1585 case Bytecodes::_fcmpg :
1586 current_frame.pop_stack(
1587 VerificationType::float_type(), CHECK_VERIFY(this));
1588 current_frame.pop_stack(
1589 VerificationType::float_type(), CHECK_VERIFY(this));
1590 current_frame.push_stack(
1591 VerificationType::integer_type(), CHECK_VERIFY(this));
1592 no_control_flow = false; break;
1593 case Bytecodes::_dcmpl :
1594 case Bytecodes::_dcmpg :
1595 current_frame.pop_stack_2(
1596 VerificationType::double2_type(),
1597 VerificationType::double_type(), CHECK_VERIFY(this));
1598 current_frame.pop_stack_2(
1599 VerificationType::double2_type(),
1600 VerificationType::double_type(), CHECK_VERIFY(this));
1601 current_frame.push_stack(
1602 VerificationType::integer_type(), CHECK_VERIFY(this));
1603 no_control_flow = false; break;
1604 case Bytecodes::_if_icmpeq:
1605 case Bytecodes::_if_icmpne:
1606 case Bytecodes::_if_icmplt:
1607 case Bytecodes::_if_icmpge:
1608 case Bytecodes::_if_icmpgt:
1609 case Bytecodes::_if_icmple:
1610 current_frame.pop_stack(
1611 VerificationType::integer_type(), CHECK_VERIFY(this));
1612 // fall through
1613 case Bytecodes::_ifeq:
1614 case Bytecodes::_ifne:
1615 case Bytecodes::_iflt:
1616 case Bytecodes::_ifge:
1617 case Bytecodes::_ifgt:
1618 case Bytecodes::_ifle:
1619 current_frame.pop_stack(
1620 VerificationType::integer_type(), CHECK_VERIFY(this));
1621 target = bcs.dest();
1622 stackmap_table.check_jump_target(
1623 ¤t_frame, target, CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_if_acmpeq :
1626 case Bytecodes::_if_acmpne :
1627 current_frame.pop_stack(
1628 VerificationType::reference_check(), CHECK_VERIFY(this));
1629 // fall through
1630 case Bytecodes::_ifnull :
1631 case Bytecodes::_ifnonnull :
1632 current_frame.pop_stack(
1633 VerificationType::reference_check(), CHECK_VERIFY(this));
1634 target = bcs.dest();
1635 stackmap_table.check_jump_target
1636 (¤t_frame, target, CHECK_VERIFY(this));
1637 no_control_flow = false; break;
1638 case Bytecodes::_goto :
1639 target = bcs.dest();
1640 stackmap_table.check_jump_target(
1641 ¤t_frame, target, CHECK_VERIFY(this));
1642 no_control_flow = true; break;
1643 case Bytecodes::_goto_w :
1644 target = bcs.dest_w();
1645 stackmap_table.check_jump_target(
1646 ¤t_frame, target, CHECK_VERIFY(this));
1647 no_control_flow = true; break;
1648 case Bytecodes::_tableswitch :
1649 case Bytecodes::_lookupswitch :
1650 verify_switch(
1651 &bcs, code_length, code_data, ¤t_frame,
1652 &stackmap_table, CHECK_VERIFY(this));
1653 no_control_flow = true; break;
1654 case Bytecodes::_ireturn :
1655 type = current_frame.pop_stack(
1656 VerificationType::integer_type(), CHECK_VERIFY(this));
1657 verify_return_value(return_type, type, bci,
1658 ¤t_frame, CHECK_VERIFY(this));
1659 no_control_flow = true; break;
1660 case Bytecodes::_lreturn :
1661 type2 = current_frame.pop_stack(
1662 VerificationType::long2_type(), CHECK_VERIFY(this));
1663 type = current_frame.pop_stack(
1664 VerificationType::long_type(), CHECK_VERIFY(this));
1665 verify_return_value(return_type, type, bci,
1666 ¤t_frame, CHECK_VERIFY(this));
1667 no_control_flow = true; break;
1668 case Bytecodes::_freturn :
1669 type = current_frame.pop_stack(
1670 VerificationType::float_type(), CHECK_VERIFY(this));
1671 verify_return_value(return_type, type, bci,
1672 ¤t_frame, CHECK_VERIFY(this));
1673 no_control_flow = true; break;
1674 case Bytecodes::_dreturn :
1675 type2 = current_frame.pop_stack(
1676 VerificationType::double2_type(), CHECK_VERIFY(this));
1677 type = current_frame.pop_stack(
1678 VerificationType::double_type(), CHECK_VERIFY(this));
1679 verify_return_value(return_type, type, bci,
1680 ¤t_frame, CHECK_VERIFY(this));
1681 no_control_flow = true; break;
1682 case Bytecodes::_areturn :
1683 type = current_frame.pop_stack(
1684 VerificationType::reference_check(), CHECK_VERIFY(this));
1685 verify_return_value(return_type, type, bci,
1686 ¤t_frame, CHECK_VERIFY(this));
1687 no_control_flow = true; break;
1688 case Bytecodes::_return :
1689 if (return_type != VerificationType::bogus_type()) {
1690 verify_error(ErrorContext::bad_code(bci),
1691 "Method expects a return value");
1692 return;
1693 }
1694 // Make sure "this" has been initialized if current method is an
1695 // <init>.
1696 if (_method->is_object_constructor() &&
1697 current_frame.flag_this_uninit()) {
1698 verify_error(ErrorContext::bad_code(bci),
1699 "Constructor must call super() or this() "
1700 "before return");
1701 return;
1702 }
1703 no_control_flow = true; break;
1704 case Bytecodes::_getstatic :
1705 case Bytecodes::_putstatic :
1706 // pass TRUE, operand can be an array type for getstatic/putstatic.
1707 verify_field_instructions(
1708 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1709 no_control_flow = false; break;
1710 case Bytecodes::_getfield :
1711 case Bytecodes::_putfield :
1712 // pass FALSE, operand can't be an array type for getfield/putfield.
1713 verify_field_instructions(
1714 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1715 no_control_flow = false; break;
1716 case Bytecodes::_invokevirtual :
1717 case Bytecodes::_invokespecial :
1718 case Bytecodes::_invokestatic :
1719 case Bytecodes::_invokeinterface :
1720 case Bytecodes::_invokedynamic :
1721 verify_invoke_instructions(
1722 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1723 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1724 no_control_flow = false; break;
1725 case Bytecodes::_new :
1726 {
1727 u2 index = bcs.get_index_u2();
1728 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1729 VerificationType new_class_type =
1730 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1731 if (!new_class_type.is_object()) {
1732 verify_error(ErrorContext::bad_type(bci,
1733 TypeOrigin::cp(index, new_class_type)),
1734 "Illegal new instruction");
1735 return;
1736 }
1737 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1738 current_frame.push_stack(type, CHECK_VERIFY(this));
1739 no_control_flow = false; break;
1740 }
1741 case Bytecodes::_newarray :
1742 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1743 current_frame.pop_stack(
1744 VerificationType::integer_type(), CHECK_VERIFY(this));
1745 current_frame.push_stack(type, CHECK_VERIFY(this));
1746 no_control_flow = false; break;
1747 case Bytecodes::_anewarray :
1748 verify_anewarray(
1749 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1750 no_control_flow = false; break;
1751 case Bytecodes::_arraylength :
1752 type = current_frame.pop_stack(
1753 VerificationType::reference_check(), CHECK_VERIFY(this));
1754 if (!(type.is_null() || type.is_array())) {
1755 verify_error(ErrorContext::bad_type(
1756 bci, current_frame.stack_top_ctx()),
1757 bad_type_msg, "arraylength");
1758 }
1759 current_frame.push_stack(
1760 VerificationType::integer_type(), CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 case Bytecodes::_checkcast :
1763 {
1764 u2 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 VerificationType klass_type = cp_index_to_type(
1768 index, cp, CHECK_VERIFY(this));
1769 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 }
1772 case Bytecodes::_instanceof : {
1773 u2 index = bcs.get_index_u2();
1774 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1775 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1776 current_frame.push_stack(
1777 VerificationType::integer_type(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 }
1780 case Bytecodes::_monitorenter :
1781 case Bytecodes::_monitorexit : {
1782 VerificationType ref = current_frame.pop_stack(
1783 VerificationType::reference_check(), CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 }
1786 case Bytecodes::_multianewarray :
1787 {
1788 u2 index = bcs.get_index_u2();
1789 u2 dim = *(bcs.bcp()+3);
1790 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1791 VerificationType new_array_type =
1792 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1793 if (!new_array_type.is_array()) {
1794 verify_error(ErrorContext::bad_type(bci,
1795 TypeOrigin::cp(index, new_array_type)),
1796 "Illegal constant pool index in multianewarray instruction");
1797 return;
1798 }
1799 if (dim < 1 || new_array_type.dimensions() < dim) {
1800 verify_error(ErrorContext::bad_code(bci),
1801 "Illegal dimension in multianewarray instruction: %d", dim);
1802 return;
1803 }
1804 for (int i = 0; i < dim; i++) {
1805 current_frame.pop_stack(
1806 VerificationType::integer_type(), CHECK_VERIFY(this));
1807 }
1808 current_frame.push_stack(new_array_type, CHECK_VERIFY(this));
1809 no_control_flow = false; break;
1810 }
1811 case Bytecodes::_athrow :
1812 type = VerificationType::reference_type(
1813 vmSymbols::java_lang_Throwable());
1814 current_frame.pop_stack(type, CHECK_VERIFY(this));
1815 no_control_flow = true; break;
1816 default:
1817 // We only need to check the valid bytecodes in class file.
1818 // And jsr and ret are not in the new class file format in JDK1.6.
1819 verify_error(ErrorContext::bad_code(bci),
1820 "Bad instruction: %02x", opcode);
1821 no_control_flow = false;
1822 return;
1823 } // end switch
1824 } // end Merge with the next instruction
1825
1826 // Look for possible jump target in exception handlers and see if it matches
1827 // current_frame. Don't do this check if it has already been done (for
1828 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because
1829 // opcodes, such as invokespecial, may set the this_uninit flag.
1830 assert(!(verified_exc_handlers && this_uninit),
1831 "Exception handler targets got verified before this_uninit got set");
1832 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) {
1833 if (was_recursively_verified()) return;
1834 verify_exception_handler_targets(
1835 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this));
1836 }
1837 } // end while
1838
1839 // Make sure that control flow does not fall through end of the method
1840 if (!no_control_flow) {
1841 verify_error(ErrorContext::bad_code(code_length),
1842 "Control flow falls through code end");
1843 return;
1844 }
1845 }
1846
1847 #undef bad_type_message
1848
1849 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) {
1850 char* code_data = NEW_RESOURCE_ARRAY(char, code_length);
1851 memset(code_data, 0, sizeof(char) * code_length);
1852 RawBytecodeStream bcs(m);
1853
1854 while (!bcs.is_last_bytecode()) {
1855 if (bcs.raw_next() != Bytecodes::_illegal) {
1856 int bci = bcs.bci();
1857 if (bcs.raw_code() == Bytecodes::_new) {
1858 code_data[bci] = NEW_OFFSET;
1859 } else {
1860 code_data[bci] = BYTECODE_OFFSET;
1861 }
1862 } else {
1863 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction");
1864 return nullptr;
1865 }
1866 }
1867
1868 return code_data;
1869 }
1870
1871 // Since this method references the constant pool, call was_recursively_verified()
1872 // before calling this method to make sure a prior class load did not cause the
1873 // current class to get verified.
1874 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) {
1875 ExceptionTable exhandlers(_method());
1876 int exlength = exhandlers.length();
1877 constantPoolHandle cp (THREAD, _method->constants());
1878
1879 for(int i = 0; i < exlength; i++) {
1880 u2 start_pc = exhandlers.start_pc(i);
1881 u2 end_pc = exhandlers.end_pc(i);
1882 u2 handler_pc = exhandlers.handler_pc(i);
1883 if (start_pc >= code_length || code_data[start_pc] == 0) {
1884 class_format_error("Illegal exception table start_pc %d", start_pc);
1885 return;
1886 }
1887 if (end_pc != code_length) { // special case: end_pc == code_length
1888 if (end_pc > code_length || code_data[end_pc] == 0) {
1889 class_format_error("Illegal exception table end_pc %d", end_pc);
1890 return;
1891 }
1892 }
1893 if (handler_pc >= code_length || code_data[handler_pc] == 0) {
1894 class_format_error("Illegal exception table handler_pc %d", handler_pc);
1895 return;
1896 }
1897 u2 catch_type_index = exhandlers.catch_type_index(i);
1898 if (catch_type_index != 0) {
1899 VerificationType catch_type = cp_index_to_type(
1900 catch_type_index, cp, CHECK_VERIFY(this));
1901 VerificationType throwable =
1902 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
1903 // If the catch type is Throwable pre-resolve it now as the assignable check won't
1904 // do that, and we need to avoid a runtime resolution in case we are trying to
1905 // catch OutOfMemoryError.
1906 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) {
1907 cp->klass_at(catch_type_index, CHECK);
1908 }
1909 bool is_subclass = throwable.is_assignable_from(
1910 catch_type, this, false, CHECK_VERIFY(this));
1911 if (!is_subclass) {
1912 // 4286534: should throw VerifyError according to recent spec change
1913 verify_error(ErrorContext::bad_type(handler_pc,
1914 TypeOrigin::cp(catch_type_index, catch_type),
1915 TypeOrigin::implicit(throwable)),
1916 "Catch type is not a subclass "
1917 "of Throwable in exception handler %d", handler_pc);
1918 return;
1919 }
1920 }
1921 if (start_pc < min) min = start_pc;
1922 if (end_pc > max) max = end_pc;
1923 }
1924 }
1925
1926 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) {
1927 int localvariable_table_length = _method->localvariable_table_length();
1928 if (localvariable_table_length > 0) {
1929 LocalVariableTableElement* table = _method->localvariable_table_start();
1930 for (int i = 0; i < localvariable_table_length; i++) {
1931 u2 start_bci = table[i].start_bci;
1932 u2 length = table[i].length;
1933
1934 if (start_bci >= code_length || code_data[start_bci] == 0) {
1935 class_format_error(
1936 "Illegal local variable table start_pc %d", start_bci);
1937 return;
1938 }
1939 u4 end_bci = (u4)(start_bci + length);
1940 if (end_bci != code_length) {
1941 if (end_bci >= code_length || code_data[end_bci] == 0) {
1942 class_format_error( "Illegal local variable table length %d", length);
1943 return;
1944 }
1945 }
1946 }
1947 }
1948 }
1949
1950 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, int bci,
1951 StackMapFrame* current_frame,
1952 StackMapTable* stackmap_table,
1953 bool no_control_flow, TRAPS) {
1954 if (stackmap_index < stackmap_table->get_frame_count()) {
1955 int this_offset = stackmap_table->get_offset(stackmap_index);
1956 if (no_control_flow && this_offset > bci) {
1957 verify_error(ErrorContext::missing_stackmap(bci),
1958 "Expecting a stack map frame");
1959 return 0;
1960 }
1961 if (this_offset == bci) {
1962 ErrorContext ctx;
1963 // See if current stack map can be assigned to the frame in table.
1964 // current_frame is the stackmap frame got from the last instruction.
1965 // If matched, current_frame will be updated by this method.
1966 bool matches = stackmap_table->match_stackmap(
1967 current_frame, this_offset, stackmap_index,
1968 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0));
1969 if (!matches) {
1970 // report type error
1971 verify_error(ctx, "Instruction type does not match stack map");
1972 return 0;
1973 }
1974 stackmap_index++;
1975 } else if (this_offset < bci) {
1976 // current_offset should have met this_offset.
1977 class_format_error("Bad stack map offset %d", this_offset);
1978 return 0;
1979 }
1980 } else if (no_control_flow) {
1981 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame");
1982 return 0;
1983 }
1984 return stackmap_index;
1985 }
1986
1987 // Since this method references the constant pool, call was_recursively_verified()
1988 // before calling this method to make sure a prior class load did not cause the
1989 // current class to get verified.
1990 void ClassVerifier::verify_exception_handler_targets(int bci, bool this_uninit,
1991 StackMapFrame* current_frame,
1992 StackMapTable* stackmap_table, TRAPS) {
1993 constantPoolHandle cp (THREAD, _method->constants());
1994 ExceptionTable exhandlers(_method());
1995 int exlength = exhandlers.length();
1996 for(int i = 0; i < exlength; i++) {
1997 u2 start_pc = exhandlers.start_pc(i);
1998 u2 end_pc = exhandlers.end_pc(i);
1999 u2 handler_pc = exhandlers.handler_pc(i);
2000 int catch_type_index = exhandlers.catch_type_index(i);
2001 if(bci >= start_pc && bci < end_pc) {
2002 u1 flags = current_frame->flags();
2003 if (this_uninit) { flags |= FLAG_THIS_UNINIT; }
2004 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags);
2005 if (catch_type_index != 0) {
2006 if (was_recursively_verified()) return;
2007 // We know that this index refers to a subclass of Throwable
2008 VerificationType catch_type = cp_index_to_type(
2009 catch_type_index, cp, CHECK_VERIFY(this));
2010 new_frame->push_stack(catch_type, CHECK_VERIFY(this));
2011 } else {
2012 VerificationType throwable =
2013 VerificationType::reference_type(vmSymbols::java_lang_Throwable());
2014 new_frame->push_stack(throwable, CHECK_VERIFY(this));
2015 }
2016 ErrorContext ctx;
2017 bool matches = stackmap_table->match_stackmap(
2018 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this));
2019 if (!matches) {
2020 verify_error(ctx, "Stack map does not match the one at "
2021 "exception handler %d", handler_pc);
2022 return;
2023 }
2024 }
2025 }
2026 }
2027
2028 void ClassVerifier::verify_cp_index(
2029 int bci, const constantPoolHandle& cp, u2 index, TRAPS) {
2030 int nconstants = cp->length();
2031 if ((index <= 0) || (index >= nconstants)) {
2032 verify_error(ErrorContext::bad_cp_index(bci, index),
2033 "Illegal constant pool index %d in class %s",
2034 index, cp->pool_holder()->external_name());
2035 return;
2036 }
2037 }
2038
2039 void ClassVerifier::verify_cp_type(
2040 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2041
2042 // In some situations, bytecode rewriting may occur while we're verifying.
2043 // In this case, a constant pool cache exists and some indices refer to that
2044 // instead. Be sure we don't pick up such indices by accident.
2045 // We must check was_recursively_verified() before we get here.
2046 guarantee(cp->cache() == nullptr, "not rewritten yet");
2047
2048 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2049 unsigned int tag = cp->tag_at(index).value();
2050
2051 if ((types & (1 << tag)) == 0) {
2052 verify_error(ErrorContext::bad_cp_index(bci, index),
2053 "Illegal type at constant pool entry %d in class %s",
2054 index, cp->pool_holder()->external_name());
2055 return;
2056 }
2057 }
2058
2059 void ClassVerifier::verify_cp_class_type(
2060 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2061 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2062 constantTag tag = cp->tag_at(index);
2063 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2064 verify_error(ErrorContext::bad_cp_index(bci, index),
2065 "Illegal type at constant pool entry %d in class %s",
2066 index, cp->pool_holder()->external_name());
2067 return;
2068 }
2069 }
2070
2071 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) {
2072 stringStream ss;
2073
2074 ctx.reset_frames();
2075 _exception_type = vmSymbols::java_lang_VerifyError();
2076 _error_context = ctx;
2077 va_list va;
2078 va_start(va, msg);
2079 ss.vprint(msg, va);
2080 va_end(va);
2081 _message = ss.as_string();
2082 #ifdef ASSERT
2083 ResourceMark rm;
2084 const char* exception_name = _exception_type->as_C_string();
2085 Exceptions::debug_check_abort(exception_name, nullptr);
2086 #endif // ndef ASSERT
2087 }
2088
2089 void ClassVerifier::class_format_error(const char* msg, ...) {
2090 stringStream ss;
2091 _exception_type = vmSymbols::java_lang_ClassFormatError();
2092 va_list va;
2093 va_start(va, msg);
2094 ss.vprint(msg, va);
2095 va_end(va);
2096 if (!_method.is_null()) {
2097 ss.print(" in method '");
2098 _method->print_external_name(&ss);
2099 ss.print("'");
2100 }
2101 _message = ss.as_string();
2102 }
2103
2104 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) {
2105 HandleMark hm(THREAD);
2106 // Get current loader and protection domain first.
2107 oop loader = current_class()->class_loader();
2108 oop protection_domain = current_class()->protection_domain();
2109
2110 assert(name_in_supers(name, current_class()), "name should be a super class");
2111
2112 Klass* kls = SystemDictionary::resolve_or_fail(
2113 name, Handle(THREAD, loader), Handle(THREAD, protection_domain),
2114 true, THREAD);
2115
2116 if (kls != nullptr) {
2117 if (log_is_enabled(Debug, class, resolve)) {
2118 Verifier::trace_class_resolution(kls, current_class());
2119 }
2120 }
2121 return kls;
2122 }
2123
2124 bool ClassVerifier::is_protected_access(InstanceKlass* this_class,
2125 Klass* target_class,
2126 Symbol* field_name,
2127 Symbol* field_sig,
2128 bool is_method) {
2129 NoSafepointVerifier nosafepoint;
2130
2131 // If target class isn't a super class of this class, we don't worry about this case
2132 if (!this_class->is_subclass_of(target_class)) {
2133 return false;
2134 }
2135 // Check if the specified method or field is protected
2136 InstanceKlass* target_instance = InstanceKlass::cast(target_class);
2137 fieldDescriptor fd;
2138 if (is_method) {
2139 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find);
2140 if (m != nullptr && m->is_protected()) {
2141 if (!this_class->is_same_class_package(m->method_holder())) {
2142 return true;
2143 }
2144 }
2145 } else {
2146 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2147 if (member_klass != nullptr && fd.is_protected()) {
2148 if (!this_class->is_same_class_package(member_klass)) {
2149 return true;
2150 }
2151 }
2152 }
2153 return false;
2154 }
2155
2156 void ClassVerifier::verify_ldc(
2157 int opcode, u2 index, StackMapFrame* current_frame,
2158 const constantPoolHandle& cp, int bci, TRAPS) {
2159 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2160 constantTag tag = cp->tag_at(index);
2161 unsigned int types = 0;
2162 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2163 if (!tag.is_unresolved_klass()) {
2164 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2165 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2166 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2167 | (1 << JVM_CONSTANT_Dynamic);
2168 // Note: The class file parser already verified the legality of
2169 // MethodHandle and MethodType constants.
2170 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2171 }
2172 } else {
2173 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2174 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2175 | (1 << JVM_CONSTANT_Dynamic);
2176 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2177 }
2178 if (tag.is_string()) {
2179 current_frame->push_stack(
2180 VerificationType::reference_type(
2181 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2182 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2183 current_frame->push_stack(
2184 VerificationType::reference_type(
2185 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2186 } else if (tag.is_int()) {
2187 current_frame->push_stack(
2188 VerificationType::integer_type(), CHECK_VERIFY(this));
2189 } else if (tag.is_float()) {
2190 current_frame->push_stack(
2191 VerificationType::float_type(), CHECK_VERIFY(this));
2192 } else if (tag.is_double()) {
2193 current_frame->push_stack_2(
2194 VerificationType::double_type(),
2195 VerificationType::double2_type(), CHECK_VERIFY(this));
2196 } else if (tag.is_long()) {
2197 current_frame->push_stack_2(
2198 VerificationType::long_type(),
2199 VerificationType::long2_type(), CHECK_VERIFY(this));
2200 } else if (tag.is_method_handle()) {
2201 current_frame->push_stack(
2202 VerificationType::reference_type(
2203 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this));
2204 } else if (tag.is_method_type()) {
2205 current_frame->push_stack(
2206 VerificationType::reference_type(
2207 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this));
2208 } else if (tag.is_dynamic_constant()) {
2209 Symbol* constant_type = cp->uncached_signature_ref_at(index);
2210 // Field signature was checked in ClassFileParser.
2211 assert(SignatureVerifier::is_valid_type_signature(constant_type),
2212 "Invalid type for dynamic constant");
2213 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2214 "buffer type must match VerificationType size");
2215 uintptr_t constant_type_buffer[2];
2216 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer;
2217 SignatureStream sig_stream(constant_type, false);
2218 int n = change_sig_to_verificationType(&sig_stream, v_constant_type);
2219 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1);
2220 if (n != opcode_n) {
2221 // wrong kind of ldc; reverify against updated type mask
2222 types &= ~(1 << JVM_CONSTANT_Dynamic);
2223 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2224 }
2225 for (int i = 0; i < n; i++) {
2226 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this));
2227 }
2228 } else {
2229 /* Unreachable? verify_cp_type has already validated the cp type. */
2230 verify_error(
2231 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc");
2232 return;
2233 }
2234 }
2235
2236 void ClassVerifier::verify_switch(
2237 RawBytecodeStream* bcs, u4 code_length, char* code_data,
2238 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) {
2239 int bci = bcs->bci();
2240 address bcp = bcs->bcp();
2241 address aligned_bcp = align_up(bcp + 1, jintSize);
2242
2243 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) {
2244 // 4639449 & 4647081: padding bytes must be 0
2245 u2 padding_offset = 1;
2246 while ((bcp + padding_offset) < aligned_bcp) {
2247 if(*(bcp + padding_offset) != 0) {
2248 verify_error(ErrorContext::bad_code(bci),
2249 "Nonzero padding byte in lookupswitch or tableswitch");
2250 return;
2251 }
2252 padding_offset++;
2253 }
2254 }
2255
2256 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp);
2257 int keys, delta;
2258 current_frame->pop_stack(
2259 VerificationType::integer_type(), CHECK_VERIFY(this));
2260 if (bcs->raw_code() == Bytecodes::_tableswitch) {
2261 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2262 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2263 if (low > high) {
2264 verify_error(ErrorContext::bad_code(bci),
2265 "low must be less than or equal to high in tableswitch");
2266 return;
2267 }
2268 int64_t keys64 = ((int64_t)high - low) + 1;
2269 if (keys64 > 65535) { // Max code length
2270 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch");
2271 return;
2272 }
2273 keys = (int)keys64;
2274 delta = 1;
2275 } else {
2276 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2277 if (keys < 0) {
2278 verify_error(ErrorContext::bad_code(bci),
2279 "number of keys in lookupswitch less than 0");
2280 return;
2281 }
2282 delta = 2;
2283 // Make sure that the lookupswitch items are sorted
2284 for (int i = 0; i < (keys - 1); i++) {
2285 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize);
2286 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize);
2287 if (this_key >= next_key) {
2288 verify_error(ErrorContext::bad_code(bci),
2289 "Bad lookupswitch instruction");
2290 return;
2291 }
2292 }
2293 }
2294 int target = bci + default_offset;
2295 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this));
2296 for (int i = 0; i < keys; i++) {
2297 // Because check_jump_target() may safepoint, the bytecode could have
2298 // moved, which means 'aligned_bcp' is no good and needs to be recalculated.
2299 aligned_bcp = align_up(bcs->bcp() + 1, jintSize);
2300 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2301 stackmap_table->check_jump_target(
2302 current_frame, target, CHECK_VERIFY(this));
2303 }
2304 NOT_PRODUCT(aligned_bcp = nullptr); // no longer valid at this point
2305 }
2306
2307 bool ClassVerifier::name_in_supers(
2308 Symbol* ref_name, InstanceKlass* current) {
2309 Klass* super = current->super();
2310 while (super != nullptr) {
2311 if (super->name() == ref_name) {
2312 return true;
2313 }
2314 super = super->super();
2315 }
2316 return false;
2317 }
2318
2319 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs,
2320 StackMapFrame* current_frame,
2321 const constantPoolHandle& cp,
2322 bool allow_arrays,
2323 TRAPS) {
2324 u2 index = bcs->get_index_u2();
2325 verify_cp_type(bcs->bci(), index, cp,
2326 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2327
2328 // Get field name and signature
2329 Symbol* field_name = cp->uncached_name_ref_at(index);
2330 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2331 bool is_getfield = false;
2332
2333 // Field signature was checked in ClassFileParser.
2334 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2335 "Invalid field signature");
2336
2337 // Get referenced class type
2338 VerificationType ref_class_type = cp_ref_index_to_type(
2339 index, cp, CHECK_VERIFY(this));
2340 if (!ref_class_type.is_object() &&
2341 (!allow_arrays || !ref_class_type.is_array())) {
2342 verify_error(ErrorContext::bad_type(bcs->bci(),
2343 TypeOrigin::cp(index, ref_class_type)),
2344 "Expecting reference to class in class %s at constant pool index %d",
2345 _klass->external_name(), index);
2346 return;
2347 }
2348
2349 VerificationType target_class_type = ref_class_type;
2350
2351 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2352 "buffer type must match VerificationType size");
2353 uintptr_t field_type_buffer[2];
2354 VerificationType* field_type = (VerificationType*)field_type_buffer;
2355 // If we make a VerificationType[2] array directly, the compiler calls
2356 // to the c-runtime library to do the allocation instead of just
2357 // stack allocating it. Plus it would run constructors. This shows up
2358 // in performance profiles.
2359
2360 SignatureStream sig_stream(field_sig, false);
2361 VerificationType stack_object_type;
2362 int n = change_sig_to_verificationType(&sig_stream, field_type);
2363 int bci = bcs->bci();
2364 bool is_assignable;
2365 switch (bcs->raw_code()) {
2366 case Bytecodes::_getstatic: {
2367 for (int i = 0; i < n; i++) {
2368 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2369 }
2370 break;
2371 }
2372 case Bytecodes::_putstatic: {
2373 for (int i = n - 1; i >= 0; i--) {
2374 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375 }
2376 break;
2377 }
2378 case Bytecodes::_getfield: {
2379 is_getfield = true;
2380 stack_object_type = current_frame->pop_stack(
2381 target_class_type, CHECK_VERIFY(this));
2382 goto check_protected;
2383 }
2384 case Bytecodes::_putfield: {
2385 for (int i = n - 1; i >= 0; i--) {
2386 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2387 }
2388 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2389
2390 // Field initialization is allowed before the superclass
2391 // initializer, if the field is defined within the current class.
2392 fieldDescriptor fd;
2393 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2394 target_class_type.equals(current_type());
2395 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2396 if (is_local_field) {
2397 // Set the type to the current type so the is_assignable check passes.
2398 stack_object_type = current_type();
2399 }
2400 } else if (supports_strict_fields(_klass)) {
2401 // `strict` fields are not writable, but only local fields produce verification errors
2402 if (is_local_field && fd.access_flags().is_strict()) {
2403 verify_error(ErrorContext::bad_code(bci),
2404 "Illegal use of putfield on a strict field");
2405 return;
2406 }
2407 }
2408 is_assignable = target_class_type.is_assignable_from(
2409 stack_object_type, this, false, CHECK_VERIFY(this));
2410 if (!is_assignable) {
2411 verify_error(ErrorContext::bad_type(bci,
2412 current_frame->stack_top_ctx(),
2413 TypeOrigin::cp(index, target_class_type)),
2414 "Bad type on operand stack in putfield");
2415 return;
2416 }
2417 }
2418 check_protected: {
2419 if (_this_type == stack_object_type)
2420 break; // stack_object_type must be assignable to _current_class_type
2421 if (was_recursively_verified()) {
2422 if (is_getfield) {
2423 // Push field type for getfield.
2424 for (int i = 0; i < n; i++) {
2425 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2426 }
2427 }
2428 return;
2429 }
2430 Symbol* ref_class_name =
2431 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2432 if (!name_in_supers(ref_class_name, current_class()))
2433 // stack_object_type must be assignable to _current_class_type since:
2434 // 1. stack_object_type must be assignable to ref_class.
2435 // 2. ref_class must be _current_class or a subclass of it. It can't
2436 // be a superclass of it. See revised JVMS 5.4.4.
2437 break;
2438
2439 Klass* ref_class_oop = load_class(ref_class_name, CHECK);
2440 if (is_protected_access(current_class(), ref_class_oop, field_name,
2441 field_sig, false)) {
2442 // It's protected access, check if stack object is assignable to
2443 // current class.
2444 is_assignable = current_type().is_assignable_from(
2445 stack_object_type, this, true, CHECK_VERIFY(this));
2446 if (!is_assignable) {
2447 verify_error(ErrorContext::bad_type(bci,
2448 current_frame->stack_top_ctx(),
2449 TypeOrigin::implicit(current_type())),
2450 "Bad access to protected data in %s",
2451 is_getfield ? "getfield" : "putfield");
2452 return;
2453 }
2454 }
2455 break;
2456 }
2457 default: ShouldNotReachHere();
2458 }
2459 if (is_getfield) {
2460 // Push field type for getfield after doing protection check.
2461 for (int i = 0; i < n; i++) {
2462 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2463 }
2464 }
2465 }
2466
2467 // Look at the method's handlers. If the bci is in the handler's try block
2468 // then check if the handler_pc is already on the stack. If not, push it
2469 // unless the handler has already been scanned.
2470 void ClassVerifier::push_handlers(ExceptionTable* exhandlers,
2471 GrowableArray<u4>* handler_list,
2472 GrowableArray<u4>* handler_stack,
2473 u4 bci) {
2474 int exlength = exhandlers->length();
2475 for(int x = 0; x < exlength; x++) {
2476 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) {
2477 u4 exhandler_pc = exhandlers->handler_pc(x);
2478 if (!handler_list->contains(exhandler_pc)) {
2479 handler_stack->append_if_missing(exhandler_pc);
2480 handler_list->append(exhandler_pc);
2481 }
2482 }
2483 }
2484 }
2485
2486 // Return TRUE if all code paths starting with start_bc_offset end in
2487 // bytecode athrow or loop.
2488 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) {
2489 ResourceMark rm;
2490 // Create bytecode stream.
2491 RawBytecodeStream bcs(method());
2492 int code_length = method()->code_size();
2493 bcs.set_start(start_bc_offset);
2494
2495 // Create stack for storing bytecode start offsets for if* and *switch.
2496 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30);
2497 // Create stack for handlers for try blocks containing this handler.
2498 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30);
2499 // Create list of handlers that have been pushed onto the handler_stack
2500 // so that handlers embedded inside of their own TRY blocks only get
2501 // scanned once.
2502 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30);
2503 // Create list of visited branch opcodes (goto* and if*).
2504 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30);
2505 ExceptionTable exhandlers(_method());
2506
2507 while (true) {
2508 if (bcs.is_last_bytecode()) {
2509 // if no more starting offsets to parse or if at the end of the
2510 // method then return false.
2511 if ((bci_stack->is_empty()) || (bcs.end_bci() == code_length))
2512 return false;
2513 // Pop a bytecode starting offset and scan from there.
2514 bcs.set_start(bci_stack->pop());
2515 }
2516 Bytecodes::Code opcode = bcs.raw_next();
2517 int bci = bcs.bci();
2518
2519 // If the bytecode is in a TRY block, push its handlers so they
2520 // will get parsed.
2521 push_handlers(&exhandlers, handler_list, handler_stack, bci);
2522
2523 switch (opcode) {
2524 case Bytecodes::_if_icmpeq:
2525 case Bytecodes::_if_icmpne:
2526 case Bytecodes::_if_icmplt:
2527 case Bytecodes::_if_icmpge:
2528 case Bytecodes::_if_icmpgt:
2529 case Bytecodes::_if_icmple:
2530 case Bytecodes::_ifeq:
2531 case Bytecodes::_ifne:
2532 case Bytecodes::_iflt:
2533 case Bytecodes::_ifge:
2534 case Bytecodes::_ifgt:
2535 case Bytecodes::_ifle:
2536 case Bytecodes::_if_acmpeq:
2537 case Bytecodes::_if_acmpne:
2538 case Bytecodes::_ifnull:
2539 case Bytecodes::_ifnonnull: {
2540 int target = bcs.dest();
2541 if (visited_branches->contains(bci)) {
2542 if (bci_stack->is_empty()) {
2543 if (handler_stack->is_empty()) {
2544 return true;
2545 } else {
2546 // Parse the catch handlers for try blocks containing athrow.
2547 bcs.set_start(handler_stack->pop());
2548 }
2549 } else {
2550 // Pop a bytecode starting offset and scan from there.
2551 bcs.set_start(bci_stack->pop());
2552 }
2553 } else {
2554 if (target > bci) { // forward branch
2555 if (target >= code_length) return false;
2556 // Push the branch target onto the stack.
2557 bci_stack->push(target);
2558 // then, scan bytecodes starting with next.
2559 bcs.set_start(bcs.next_bci());
2560 } else { // backward branch
2561 // Push bytecode offset following backward branch onto the stack.
2562 bci_stack->push(bcs.next_bci());
2563 // Check bytecodes starting with branch target.
2564 bcs.set_start(target);
2565 }
2566 // Record target so we don't branch here again.
2567 visited_branches->append(bci);
2568 }
2569 break;
2570 }
2571
2572 case Bytecodes::_goto:
2573 case Bytecodes::_goto_w: {
2574 int target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w());
2575 if (visited_branches->contains(bci)) {
2576 if (bci_stack->is_empty()) {
2577 if (handler_stack->is_empty()) {
2578 return true;
2579 } else {
2580 // Parse the catch handlers for try blocks containing athrow.
2581 bcs.set_start(handler_stack->pop());
2582 }
2583 } else {
2584 // Been here before, pop new starting offset from stack.
2585 bcs.set_start(bci_stack->pop());
2586 }
2587 } else {
2588 if (target >= code_length) return false;
2589 // Continue scanning from the target onward.
2590 bcs.set_start(target);
2591 // Record target so we don't branch here again.
2592 visited_branches->append(bci);
2593 }
2594 break;
2595 }
2596
2597 // Check that all switch alternatives end in 'athrow' bytecodes. Since it
2598 // is difficult to determine where each switch alternative ends, parse
2599 // each switch alternative until either hit a 'return', 'athrow', or reach
2600 // the end of the method's bytecodes. This is gross but should be okay
2601 // because:
2602 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit
2603 // constructor invocations should be rare.
2604 // 2. if each switch alternative ends in an athrow then the parsing should be
2605 // short. If there is no athrow then it is bogus code, anyway.
2606 case Bytecodes::_lookupswitch:
2607 case Bytecodes::_tableswitch:
2608 {
2609 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize);
2610 int default_offset = Bytes::get_Java_u4(aligned_bcp) + bci;
2611 int keys, delta;
2612 if (opcode == Bytecodes::_tableswitch) {
2613 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize);
2614 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize);
2615 // This is invalid, but let the regular bytecode verifier
2616 // report this because the user will get a better error message.
2617 if (low > high) return true;
2618 keys = high - low + 1;
2619 delta = 1;
2620 } else {
2621 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize);
2622 delta = 2;
2623 }
2624 // Invalid, let the regular bytecode verifier deal with it.
2625 if (keys < 0) return true;
2626
2627 // Push the offset of the next bytecode onto the stack.
2628 bci_stack->push(bcs.next_bci());
2629
2630 // Push the switch alternatives onto the stack.
2631 for (int i = 0; i < keys; i++) {
2632 int target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize);
2633 if (target > code_length) return false;
2634 bci_stack->push(target);
2635 }
2636
2637 // Start bytecode parsing for the switch at the default alternative.
2638 if (default_offset > code_length) return false;
2639 bcs.set_start(default_offset);
2640 break;
2641 }
2642
2643 case Bytecodes::_return:
2644 return false;
2645
2646 case Bytecodes::_athrow:
2647 {
2648 if (bci_stack->is_empty()) {
2649 if (handler_stack->is_empty()) {
2650 return true;
2651 } else {
2652 // Parse the catch handlers for try blocks containing athrow.
2653 bcs.set_start(handler_stack->pop());
2654 }
2655 } else {
2656 // Pop a bytecode offset and starting scanning from there.
2657 bcs.set_start(bci_stack->pop());
2658 }
2659 }
2660 break;
2661
2662 default:
2663 ;
2664 } // end switch
2665 } // end while loop
2666
2667 return false;
2668 }
2669
2670 void ClassVerifier::verify_invoke_init(
2671 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2672 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2673 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2674 TRAPS) {
2675 int bci = bcs->bci();
2676 VerificationType type = current_frame->pop_stack(
2677 VerificationType::reference_check(), CHECK_VERIFY(this));
2678 if (type == VerificationType::uninitialized_this_type()) {
2679 // The method must be an <init> method of this class or its superclass
2680 Klass* superk = current_class()->super();
2681 if (ref_class_type.name() != current_class()->name() &&
2682 ref_class_type.name() != superk->name()) {
2683 verify_error(ErrorContext::bad_type(bci,
2684 TypeOrigin::implicit(ref_class_type),
2685 TypeOrigin::implicit(current_type())),
2686 "Bad <init> method call");
2687 return;
2688 }
2689
2690 // If this invokespecial call is done from inside of a TRY block then make
2691 // sure that all catch clause paths end in a throw. Otherwise, this can
2692 // result in returning an incomplete object.
2693 if (in_try_block) {
2694 ExceptionTable exhandlers(_method());
2695 int exlength = exhandlers.length();
2696 for(int i = 0; i < exlength; i++) {
2697 u2 start_pc = exhandlers.start_pc(i);
2698 u2 end_pc = exhandlers.end_pc(i);
2699
2700 if (bci >= start_pc && bci < end_pc) {
2701 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2702 verify_error(ErrorContext::bad_code(bci),
2703 "Bad <init> method call from after the start of a try block");
2704 return;
2705 } else if (log_is_enabled(Debug, verification)) {
2706 ResourceMark rm(THREAD);
2707 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2708 current_class()->name()->as_C_string());
2709 }
2710 }
2711 }
2712
2713 // Check the exception handler target stackmaps with the locals from the
2714 // incoming stackmap (before initialize_object() changes them to outgoing
2715 // state).
2716 if (was_recursively_verified()) return;
2717 verify_exception_handler_targets(bci, true, current_frame,
2718 stackmap_table, CHECK_VERIFY(this));
2719 } // in_try_block
2720
2721 current_frame->initialize_object(type, current_type());
2722 *this_uninit = true;
2723 } else if (type.is_uninitialized()) {
2724 u2 new_offset = type.bci();
2725 address new_bcp = bcs->bcp() - bci + new_offset;
2726 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2727 /* Unreachable? Stack map parsing ensures valid type and new
2728 * instructions have a valid BCI. */
2729 verify_error(ErrorContext::bad_code(new_offset),
2730 "Expecting new instruction");
2731 return;
2732 }
2733 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1);
2734 if (was_recursively_verified()) return;
2735 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this));
2736
2737 // The method must be an <init> method of the indicated class
2738 VerificationType new_class_type = cp_index_to_type(
2739 new_class_index, cp, CHECK_VERIFY(this));
2740 if (!new_class_type.equals(ref_class_type)) {
2741 verify_error(ErrorContext::bad_type(bci,
2742 TypeOrigin::cp(new_class_index, new_class_type),
2743 TypeOrigin::cp(ref_class_index, ref_class_type)),
2744 "Call to wrong <init> method");
2745 return;
2746 }
2747 // According to the VM spec, if the referent class is a superclass of the
2748 // current class, and is in a different runtime package, and the method is
2749 // protected, then the objectref must be the current class or a subclass
2750 // of the current class.
2751 VerificationType objectref_type = new_class_type;
2752 if (name_in_supers(ref_class_type.name(), current_class())) {
2753 Klass* ref_klass = load_class(ref_class_type.name(), CHECK);
2754 if (was_recursively_verified()) return;
2755 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method(
2756 vmSymbols::object_initializer_name(),
2757 cp->uncached_signature_ref_at(bcs->get_index_u2()),
2758 Klass::OverpassLookupMode::find);
2759 // Do nothing if method is not found. Let resolution detect the error.
2760 if (m != nullptr) {
2761 InstanceKlass* mh = m->method_holder();
2762 if (m->is_protected() && !mh->is_same_class_package(_klass)) {
2763 bool assignable = current_type().is_assignable_from(
2764 objectref_type, this, true, CHECK_VERIFY(this));
2765 if (!assignable) {
2766 verify_error(ErrorContext::bad_type(bci,
2767 TypeOrigin::cp(new_class_index, objectref_type),
2768 TypeOrigin::implicit(current_type())),
2769 "Bad access to protected <init> method");
2770 return;
2771 }
2772 }
2773 }
2774 }
2775 // Check the exception handler target stackmaps with the locals from the
2776 // incoming stackmap (before initialize_object() changes them to outgoing
2777 // state).
2778 if (in_try_block) {
2779 if (was_recursively_verified()) return;
2780 verify_exception_handler_targets(bci, *this_uninit, current_frame,
2781 stackmap_table, CHECK_VERIFY(this));
2782 }
2783 current_frame->initialize_object(type, new_class_type);
2784 } else {
2785 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()),
2786 "Bad operand type when invoking <init>");
2787 return;
2788 }
2789 }
2790
2791 bool ClassVerifier::is_same_or_direct_interface(
2792 InstanceKlass* klass,
2793 VerificationType klass_type,
2794 VerificationType ref_class_type) {
2795 if (ref_class_type.equals(klass_type)) return true;
2796 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2797 if (local_interfaces != nullptr) {
2798 for (int x = 0; x < local_interfaces->length(); x++) {
2799 InstanceKlass* k = local_interfaces->at(x);
2800 assert (k != nullptr && k->is_interface(), "invalid interface");
2801 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2802 return true;
2803 }
2804 }
2805 }
2806 return false;
2807 }
2808
2809 void ClassVerifier::verify_invoke_instructions(
2810 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2811 bool in_try_block, bool *this_uninit,
2812 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2813 // Make sure the constant pool item is the right type
2814 u2 index = bcs->get_index_u2();
2815 Bytecodes::Code opcode = bcs->raw_code();
2816 unsigned int types = 0;
2817 switch (opcode) {
2818 case Bytecodes::_invokeinterface:
2819 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2820 break;
2821 case Bytecodes::_invokedynamic:
2822 types = 1 << JVM_CONSTANT_InvokeDynamic;
2823 break;
2824 case Bytecodes::_invokespecial:
2825 case Bytecodes::_invokestatic:
2826 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2827 (1 << JVM_CONSTANT_Methodref) :
2828 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2829 break;
2830 default:
2831 types = 1 << JVM_CONSTANT_Methodref;
2832 }
2833 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2834
2835 // Get method name and signature
2836 Symbol* method_name = cp->uncached_name_ref_at(index);
2837 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2838
2839 // Method signature was checked in ClassFileParser.
2840 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2841 "Invalid method signature");
2842
2843 // Get referenced class
2844 VerificationType ref_class_type;
2845 if (opcode == Bytecodes::_invokedynamic) {
2846 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2847 class_format_error(
2848 "invokedynamic instructions not supported by this class file version (%d), class %s",
2849 _klass->major_version(), _klass->external_name());
2850 return;
2851 }
2852 } else {
2853 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2854 }
2855
2856 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2857 "buffer type must match VerificationType size");
2858
2859 // Get the UTF8 index for this signature.
2860 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2861
2862 // Get the signature's verification types.
2863 sig_as_verification_types* mth_sig_verif_types;
2864 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index);
2865 if (mth_sig_verif_types_ptr != nullptr) {
2866 // Found the entry for the signature's verification types in the hash table.
2867 mth_sig_verif_types = *mth_sig_verif_types_ptr;
2868 assert(mth_sig_verif_types != nullptr, "Unexpected null sig_as_verification_types value");
2869 } else {
2870 // Not found, add the entry to the table.
2871 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10);
2872 mth_sig_verif_types = new sig_as_verification_types(verif_types);
2873 create_method_sig_entry(mth_sig_verif_types, sig_index);
2874 }
2875
2876 // Get the number of arguments for this signature.
2877 int nargs = mth_sig_verif_types->num_args();
2878
2879 // Check instruction operands
2880 int bci = bcs->bci();
2881 if (opcode == Bytecodes::_invokeinterface) {
2882 address bcp = bcs->bcp();
2883 // 4905268: count operand in invokeinterface should be nargs+1, not nargs.
2884 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is
2885 // the difference between the size of the operand stack before and after the instruction
2886 // executes.
2887 if (*(bcp+3) != (nargs+1)) {
2888 verify_error(ErrorContext::bad_code(bci),
2889 "Inconsistent args count operand in invokeinterface");
2890 return;
2891 }
2892 if (*(bcp+4) != 0) {
2893 verify_error(ErrorContext::bad_code(bci),
2894 "Fourth operand byte of invokeinterface must be zero");
2895 return;
2896 }
2897 }
2898
2899 if (opcode == Bytecodes::_invokedynamic) {
2900 address bcp = bcs->bcp();
2901 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2902 verify_error(ErrorContext::bad_code(bci),
2903 "Third and fourth operand bytes of invokedynamic must be zero");
2904 return;
2905 }
2906 }
2907
2908 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2909 // Make sure:
2910 // <init> can only be invoked by invokespecial.
2911 if (opcode != Bytecodes::_invokespecial ||
2912 method_name != vmSymbols::object_initializer_name()) {
2913 verify_error(ErrorContext::bad_code(bci),
2914 "Illegal call to internal method");
2915 return;
2916 }
2917 } else if (opcode == Bytecodes::_invokespecial
2918 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2919 && !ref_class_type.equals(VerificationType::reference_type(
2920 current_class()->super()->name()))) { // super() can never be an inline_type.
2921 bool subtype = false;
2922 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2923 subtype = ref_class_type.is_assignable_from(
2924 current_type(), this, false, CHECK_VERIFY(this));
2925 if (!subtype) {
2926 verify_error(ErrorContext::bad_code(bci),
2927 "Bad invokespecial instruction: "
2928 "current class isn't assignable to reference class.");
2929 return;
2930 } else if (have_imr_indirect) {
2931 verify_error(ErrorContext::bad_code(bci),
2932 "Bad invokespecial instruction: "
2933 "interface method reference is in an indirect superinterface.");
2934 return;
2935 }
2936
2937 }
2938
2939 // Get the verification types for the method's arguments.
2940 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2941 assert(sig_verif_types != nullptr, "Missing signature's array of verification types");
2942 // Match method descriptor with operand stack
2943 // The arguments are on the stack in descending order.
2944 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2945 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2946 }
2947
2948 // Check objectref on operand stack
2949 if (opcode != Bytecodes::_invokestatic &&
2950 opcode != Bytecodes::_invokedynamic) {
2951 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2952 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2953 code_length, in_try_block, this_uninit, cp, stackmap_table,
2954 CHECK_VERIFY(this));
2955 if (was_recursively_verified()) return;
2956 } else { // other methods
2957 // Ensures that target class is assignable to method class.
2958 if (opcode == Bytecodes::_invokespecial) {
2959 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2960 } else if (opcode == Bytecodes::_invokevirtual) {
2961 VerificationType stack_object_type =
2962 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2963 if (current_type() != stack_object_type) {
2964 if (was_recursively_verified()) return;
2965 assert(cp->cache() == nullptr, "not rewritten yet");
2966 Symbol* ref_class_name =
2967 cp->klass_name_at(cp->uncached_klass_ref_index_at(index));
2968 // See the comments in verify_field_instructions() for
2969 // the rationale behind this.
2970 if (name_in_supers(ref_class_name, current_class())) {
2971 Klass* ref_class = load_class(ref_class_name, CHECK);
2972 if (is_protected_access(
2973 _klass, ref_class, method_name, method_sig, true)) {
2974 // It's protected access, check if stack object is
2975 // assignable to current class.
2976 if (ref_class_type.name() == vmSymbols::java_lang_Object()
2977 && stack_object_type.is_array()
2978 && method_name == vmSymbols::clone_name()) {
2979 // Special case: arrays pretend to implement public Object
2980 // clone().
2981 } else {
2982 bool is_assignable = current_type().is_assignable_from(
2983 stack_object_type, this, true, CHECK_VERIFY(this));
2984 if (!is_assignable) {
2985 verify_error(ErrorContext::bad_type(bci,
2986 current_frame->stack_top_ctx(),
2987 TypeOrigin::implicit(current_type())),
2988 "Bad access to protected data in invokevirtual");
2989 return;
2990 }
2991 }
2992 }
2993 }
2994 }
2995 } else {
2996 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2997 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2998 }
2999 }
3000 }
3001 // Push the result type.
3002 int sig_verif_types_len = sig_verif_types->length();
3003 if (sig_verif_types_len > nargs) { // There's a return type
3004 if (method_name == vmSymbols::object_initializer_name()) {
3005 // an <init> method must have a void return type
3006 verify_error(ErrorContext::bad_code(bci),
3007 "Return type must be void in <init> method");
3008 return;
3009 }
3010
3011 assert(sig_verif_types_len <= nargs + 2,
3012 "Signature verification types array return type is bogus");
3013 for (int i = nargs; i < sig_verif_types_len; i++) {
3014 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3015 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3016 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3017 }
3018 }
3019 }
3020
3021 VerificationType ClassVerifier::get_newarray_type(
3022 u2 index, int bci, TRAPS) {
3023 const char* from_bt[] = {
3024 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3025 };
3026 if (index < T_BOOLEAN || index > T_LONG) {
3027 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3028 return VerificationType::bogus_type();
3029 }
3030
3031 // from_bt[index] contains the array signature which has a length of 2
3032 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3033 return VerificationType::reference_type(sig);
3034 }
3035
3036 void ClassVerifier::verify_anewarray(
3037 int bci, u2 index, const constantPoolHandle& cp,
3038 StackMapFrame* current_frame, TRAPS) {
3039 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
3040 current_frame->pop_stack(
3041 VerificationType::integer_type(), CHECK_VERIFY(this));
3042
3043 if (was_recursively_verified()) return;
3044 VerificationType component_type =
3045 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3046 int length;
3047 char* arr_sig_str;
3048 if (component_type.is_array()) { // it's an array
3049 const char* component_name = component_type.name()->as_utf8();
3050 // Check for more than MAX_ARRAY_DIMENSIONS
3051 length = (int)strlen(component_name);
3052 if (length > MAX_ARRAY_DIMENSIONS &&
3053 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3054 verify_error(ErrorContext::bad_code(bci),
3055 "Illegal anewarray instruction, array has more than 255 dimensions");
3056 }
3057 // add one dimension to component
3058 length++;
3059 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3060 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3061 JVM_SIGNATURE_ARRAY, component_name);
3062 assert(n == length, "Unexpected number of characters in string");
3063 } else { // it's an object or interface
3064 const char* component_name = component_type.name()->as_utf8();
3065 // add one dimension to component with 'L' prepended and ';' postpended.
3066 length = (int)strlen(component_name) + 3;
3067 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3068 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3069 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3070 assert(n == length, "Unexpected number of characters in string");
3071 }
3072 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3073 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3074 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3075 }
3076
3077 void ClassVerifier::verify_iload(int index, StackMapFrame* current_frame, TRAPS) {
3078 current_frame->get_local(
3079 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3080 current_frame->push_stack(
3081 VerificationType::integer_type(), CHECK_VERIFY(this));
3082 }
3083
3084 void ClassVerifier::verify_lload(int index, StackMapFrame* current_frame, TRAPS) {
3085 current_frame->get_local_2(
3086 index, VerificationType::long_type(),
3087 VerificationType::long2_type(), CHECK_VERIFY(this));
3088 current_frame->push_stack_2(
3089 VerificationType::long_type(),
3090 VerificationType::long2_type(), CHECK_VERIFY(this));
3091 }
3092
3093 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3094 current_frame->get_local(
3095 index, VerificationType::float_type(), CHECK_VERIFY(this));
3096 current_frame->push_stack(
3097 VerificationType::float_type(), CHECK_VERIFY(this));
3098 }
3099
3100 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3101 current_frame->get_local_2(
3102 index, VerificationType::double_type(),
3103 VerificationType::double2_type(), CHECK_VERIFY(this));
3104 current_frame->push_stack_2(
3105 VerificationType::double_type(),
3106 VerificationType::double2_type(), CHECK_VERIFY(this));
3107 }
3108
3109 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3110 VerificationType type = current_frame->get_local(
3111 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3112 current_frame->push_stack(type, CHECK_VERIFY(this));
3113 }
3114
3115 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3116 current_frame->pop_stack(
3117 VerificationType::integer_type(), CHECK_VERIFY(this));
3118 current_frame->set_local(
3119 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3120 }
3121
3122 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3123 current_frame->pop_stack_2(
3124 VerificationType::long2_type(),
3125 VerificationType::long_type(), CHECK_VERIFY(this));
3126 current_frame->set_local_2(
3127 index, VerificationType::long_type(),
3128 VerificationType::long2_type(), CHECK_VERIFY(this));
3129 }
3130
3131 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3132 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3133 current_frame->set_local(
3134 index, VerificationType::float_type(), CHECK_VERIFY(this));
3135 }
3136
3137 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3138 current_frame->pop_stack_2(
3139 VerificationType::double2_type(),
3140 VerificationType::double_type(), CHECK_VERIFY(this));
3141 current_frame->set_local_2(
3142 index, VerificationType::double_type(),
3143 VerificationType::double2_type(), CHECK_VERIFY(this));
3144 }
3145
3146 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3147 VerificationType type = current_frame->pop_stack(
3148 VerificationType::reference_check(), CHECK_VERIFY(this));
3149 current_frame->set_local(index, type, CHECK_VERIFY(this));
3150 }
3151
3152 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3153 VerificationType type = current_frame->get_local(
3154 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3155 current_frame->set_local(index, type, CHECK_VERIFY(this));
3156 }
3157
3158 void ClassVerifier::verify_return_value(
3159 VerificationType return_type, VerificationType type, int bci,
3160 StackMapFrame* current_frame, TRAPS) {
3161 if (return_type == VerificationType::bogus_type()) {
3162 verify_error(ErrorContext::bad_type(bci,
3163 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3164 "Method does not expect a return value");
3165 return;
3166 }
3167 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3168 if (!match) {
3169 verify_error(ErrorContext::bad_type(bci,
3170 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3171 "Bad return type");
3172 return;
3173 }
3174 }
3175
3176 // The verifier creates symbols which are substrings of Symbols.
3177 // These are stored in the verifier until the end of verification so that
3178 // they can be reference counted.
3179 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) {
3180 // Quick deduplication check
3181 if (_previous_symbol != nullptr && _previous_symbol->equals(name, length)) {
3182 return _previous_symbol;
3183 }
3184 Symbol* sym = SymbolTable::new_symbol(name, length);
3185 if (!sym->is_permanent()) {
3186 if (_symbols == nullptr) {
3187 _symbols = new GrowableArray<Symbol*>(50, 0, nullptr);
3188 }
3189 _symbols->push(sym);
3190 }
3191 _previous_symbol = sym;
3192 return sym;
3193 }