1 /* 2 * Copyright (c) 1998, 2021, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. 8 * 9 * This code is distributed in the hope that it will be useful, but WITHOUT 10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 12 * version 2 for more details (a copy is included in the LICENSE file that 13 * accompanied this code). 14 * 15 * You should have received a copy of the GNU General Public License version 16 * 2 along with this work; if not, write to the Free Software Foundation, 17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 18 * 19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 20 * or visit www.oracle.com if you need additional information or have any 21 * questions. 22 * 23 */ 24 25 #include "precompiled.hpp" 26 #include "jvm.h" 27 #include "classfile/classFileStream.hpp" 28 #include "classfile/classLoader.hpp" 29 #include "classfile/javaClasses.hpp" 30 #include "classfile/stackMapTable.hpp" 31 #include "classfile/stackMapFrame.hpp" 32 #include "classfile/stackMapTableFormat.hpp" 33 #include "classfile/symbolTable.hpp" 34 #include "classfile/systemDictionary.hpp" 35 #include "classfile/verifier.hpp" 36 #include "classfile/vmClasses.hpp" 37 #include "classfile/vmSymbols.hpp" 38 #include "interpreter/bytecodes.hpp" 39 #include "interpreter/bytecodeStream.hpp" 40 #include "logging/log.hpp" 41 #include "logging/logStream.hpp" 42 #include "memory/oopFactory.hpp" 43 #include "memory/resourceArea.hpp" 44 #include "memory/universe.hpp" 45 #include "oops/constantPool.inline.hpp" 46 #include "oops/instanceKlass.inline.hpp" 47 #include "oops/klass.inline.hpp" 48 #include "oops/oop.inline.hpp" 49 #include "oops/typeArrayOop.hpp" 50 #include "runtime/arguments.hpp" 51 #include "runtime/fieldDescriptor.hpp" 52 #include "runtime/handles.inline.hpp" 53 #include "runtime/interfaceSupport.inline.hpp" 54 #include "runtime/javaCalls.hpp" 55 #include "runtime/jniHandles.inline.hpp" 56 #include "runtime/os.hpp" 57 #include "runtime/safepointVerifiers.hpp" 58 #include "runtime/thread.hpp" 59 #include "services/threadService.hpp" 60 #include "utilities/align.hpp" 61 #include "utilities/bytes.hpp" 62 63 #define NOFAILOVER_MAJOR_VERSION 51 64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51 65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52 66 #define INLINE_TYPE_MAJOR_VERSION 56 67 #define MAX_ARRAY_DIMENSIONS 255 68 69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier 70 71 extern "C" { 72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint); 73 } 74 75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL; 76 77 static verify_byte_codes_fn_t verify_byte_codes_fn() { 78 79 if (_verify_byte_codes_fn != NULL) 80 return _verify_byte_codes_fn; 81 82 MutexLocker locker(Verify_lock); 83 84 if (_verify_byte_codes_fn != NULL) 85 return _verify_byte_codes_fn; 86 87 // Load verify dll 88 char buffer[JVM_MAXPATHLEN]; 89 char ebuf[1024]; 90 if (!os::dll_locate_lib(buffer, sizeof(buffer), Arguments::get_dll_dir(), "verify")) 91 return NULL; // Caller will throw VerifyError 92 93 void *lib_handle = os::dll_load(buffer, ebuf, sizeof(ebuf)); 94 if (lib_handle == NULL) 95 return NULL; // Caller will throw VerifyError 96 97 void *fn = os::dll_lookup(lib_handle, "VerifyClassForMajorVersion"); 98 if (fn == NULL) 99 return NULL; // Caller will throw VerifyError 100 101 return _verify_byte_codes_fn = CAST_TO_FN_PTR(verify_byte_codes_fn_t, fn); 102 } 103 104 105 // Methods in Verifier 106 107 bool Verifier::should_verify_for(oop class_loader, bool should_verify_class) { 108 return (class_loader == NULL || !should_verify_class) ? 109 BytecodeVerificationLocal : BytecodeVerificationRemote; 110 } 111 112 bool Verifier::relax_access_for(oop loader) { 113 bool trusted = java_lang_ClassLoader::is_trusted_loader(loader); 114 bool need_verify = 115 // verifyAll 116 (BytecodeVerificationLocal && BytecodeVerificationRemote) || 117 // verifyRemote 118 (!BytecodeVerificationLocal && BytecodeVerificationRemote && !trusted); 119 return !need_verify; 120 } 121 122 void Verifier::trace_class_resolution(Klass* resolve_class, InstanceKlass* verify_class) { 123 assert(verify_class != NULL, "Unexpected null verify_class"); 124 ResourceMark rm; 125 Symbol* s = verify_class->source_file_name(); 126 const char* source_file = (s != NULL ? s->as_C_string() : NULL); 127 const char* verify = verify_class->external_name(); 128 const char* resolve = resolve_class->external_name(); 129 // print in a single call to reduce interleaving between threads 130 if (source_file != NULL) { 131 log_debug(class, resolve)("%s %s %s (verification)", verify, resolve, source_file); 132 } else { 133 log_debug(class, resolve)("%s %s (verification)", verify, resolve); 134 } 135 } 136 137 // Prints the end-verification message to the appropriate output. 138 void Verifier::log_end_verification(outputStream* st, const char* klassName, Symbol* exception_name, oop pending_exception) { 139 if (pending_exception != NULL) { 140 st->print("Verification for %s has", klassName); 141 oop message = java_lang_Throwable::message(pending_exception); 142 if (message != NULL) { 143 char* ex_msg = java_lang_String::as_utf8_string(message); 144 st->print_cr(" exception pending '%s %s'", 145 pending_exception->klass()->external_name(), ex_msg); 146 } else { 147 st->print_cr(" exception pending %s ", 148 pending_exception->klass()->external_name()); 149 } 150 } else if (exception_name != NULL) { 151 st->print_cr("Verification for %s failed", klassName); 152 } 153 st->print_cr("End class verification for: %s", klassName); 154 } 155 156 bool Verifier::verify(InstanceKlass* klass, bool should_verify_class, TRAPS) { 157 HandleMark hm(THREAD); 158 ResourceMark rm(THREAD); 159 160 // Eagerly allocate the identity hash code for a klass. This is a fallout 161 // from 6320749 and 8059924: hash code generator is not supposed to be called 162 // during the safepoint, but it allows to sneak the hashcode in during 163 // verification. Without this eager hashcode generation, we may end up 164 // installing the hashcode during some other operation, which may be at 165 // safepoint -- blowing up the checks. It was previously done as the side 166 // effect (sic!) for external_name(), but instead of doing that, we opt to 167 // explicitly push the hashcode in here. This is signify the following block 168 // is IMPORTANT: 169 if (klass->java_mirror() != NULL) { 170 klass->java_mirror()->identity_hash(); 171 } 172 173 if (!is_eligible_for_verification(klass, should_verify_class)) { 174 return true; 175 } 176 177 // Timer includes any side effects of class verification (resolution, 178 // etc), but not recursive calls to Verifier::verify(). 179 JavaThread* jt = THREAD; 180 PerfClassTraceTime timer(ClassLoader::perf_class_verify_time(), 181 ClassLoader::perf_class_verify_selftime(), 182 ClassLoader::perf_classes_verified(), 183 jt->get_thread_stat()->perf_recursion_counts_addr(), 184 jt->get_thread_stat()->perf_timers_addr(), 185 PerfClassTraceTime::CLASS_VERIFY); 186 187 // If the class should be verified, first see if we can use the split 188 // verifier. If not, or if verification fails and can failover, then 189 // call the inference verifier. 190 Symbol* exception_name = NULL; 191 const size_t message_buffer_len = klass->name()->utf8_length() + 1024; 192 char* message_buffer = NULL; 193 char* exception_message = NULL; 194 195 log_info(class, init)("Start class verification for: %s", klass->external_name()); 196 if (klass->major_version() >= STACKMAP_ATTRIBUTE_MAJOR_VERSION) { 197 ClassVerifier split_verifier(jt, klass); 198 // We don't use CHECK here, or on inference_verify below, so that we can log any exception. 199 split_verifier.verify_class(THREAD); 200 exception_name = split_verifier.result(); 201 202 // If DumpSharedSpaces is set then don't fall back to the old verifier on 203 // verification failure. If a class fails verification with the split verifier, 204 // it might fail the CDS runtime verifier constraint check. In that case, we 205 // don't want to share the class. We only archive classes that pass the split 206 // verifier. 207 bool can_failover = !DumpSharedSpaces && 208 klass->major_version() < NOFAILOVER_MAJOR_VERSION; 209 210 if (can_failover && !HAS_PENDING_EXCEPTION && // Split verifier doesn't set PENDING_EXCEPTION for failure 211 (exception_name == vmSymbols::java_lang_VerifyError() || 212 exception_name == vmSymbols::java_lang_ClassFormatError())) { 213 log_info(verification)("Fail over class verification to old verifier for: %s", klass->external_name()); 214 log_info(class, init)("Fail over class verification to old verifier for: %s", klass->external_name()); 215 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 216 exception_message = message_buffer; 217 exception_name = inference_verify( 218 klass, message_buffer, message_buffer_len, THREAD); 219 } 220 if (exception_name != NULL) { 221 exception_message = split_verifier.exception_message(); 222 } 223 } else { 224 message_buffer = NEW_RESOURCE_ARRAY(char, message_buffer_len); 225 exception_message = message_buffer; 226 exception_name = inference_verify( 227 klass, message_buffer, message_buffer_len, THREAD); 228 } 229 230 LogTarget(Info, class, init) lt1; 231 if (lt1.is_enabled()) { 232 LogStream ls(lt1); 233 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 234 } 235 LogTarget(Info, verification) lt2; 236 if (lt2.is_enabled()) { 237 LogStream ls(lt2); 238 log_end_verification(&ls, klass->external_name(), exception_name, PENDING_EXCEPTION); 239 } 240 241 if (HAS_PENDING_EXCEPTION) { 242 return false; // use the existing exception 243 } else if (exception_name == NULL) { 244 return true; // verification succeeded 245 } else { // VerifyError or ClassFormatError to be created and thrown 246 Klass* kls = 247 SystemDictionary::resolve_or_fail(exception_name, true, CHECK_false); 248 if (log_is_enabled(Debug, class, resolve)) { 249 Verifier::trace_class_resolution(kls, klass); 250 } 251 252 while (kls != NULL) { 253 if (kls == klass) { 254 // If the class being verified is the exception we're creating 255 // or one of it's superclasses, we're in trouble and are going 256 // to infinitely recurse when we try to initialize the exception. 257 // So bail out here by throwing the preallocated VM error. 258 THROW_OOP_(Universe::virtual_machine_error_instance(), false); 259 } 260 kls = kls->super(); 261 } 262 if (message_buffer != NULL) { 263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure 264 } 265 assert(exception_message != NULL, ""); 266 THROW_MSG_(exception_name, exception_message, false); 267 } 268 } 269 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) { 271 Symbol* name = klass->name(); 272 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass(); 273 274 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass); 275 276 return (should_verify_for(klass->class_loader(), should_verify_class) && 277 // return if the class is a bootstrapping class 278 // or defineClass specified not to verify by default (flags override passed arg) 279 // We need to skip the following four for bootstrapping 280 name != vmSymbols::java_lang_Object() && 281 name != vmSymbols::java_lang_Class() && 282 name != vmSymbols::java_lang_String() && 283 name != vmSymbols::java_lang_Throwable() && 284 285 // Can not verify the bytecodes for shared classes because they have 286 // already been rewritten to contain constant pool cache indices, 287 // which the verifier can't understand. 288 // Shared classes shouldn't have stackmaps either. 289 // However, bytecodes for shared old classes can be verified because 290 // they have not been rewritten. 291 !(klass->is_shared() && klass->is_rewritten()) && 292 293 // As of the fix for 4486457 we disable verification for all of the 294 // dynamically-generated bytecodes associated with the 1.4 295 // reflection implementation, not just those associated with 296 // jdk/internal/reflect/SerializationConstructorAccessor. 297 // NOTE: this is called too early in the bootstrapping process to be 298 // guarded by Universe::is_gte_jdk14x_version(). 299 // Also for lambda generated code, gte jdk8 300 (!is_reflect)); 301 } 302 303 Symbol* Verifier::inference_verify( 304 InstanceKlass* klass, char* message, size_t message_len, TRAPS) { 305 JavaThread* thread = THREAD; 306 307 verify_byte_codes_fn_t verify_func = verify_byte_codes_fn(); 308 309 if (verify_func == NULL) { 310 jio_snprintf(message, message_len, "Could not link verifier"); 311 return vmSymbols::java_lang_VerifyError(); 312 } 313 314 ResourceMark rm(thread); 315 log_info(verification)("Verifying class %s with old format", klass->external_name()); 316 317 jclass cls = (jclass) JNIHandles::make_local(thread, klass->java_mirror()); 318 jint result; 319 320 { 321 HandleMark hm(thread); 322 ThreadToNativeFromVM ttn(thread); 323 // ThreadToNativeFromVM takes care of changing thread_state, so safepoint 324 // code knows that we have left the VM 325 JNIEnv *env = thread->jni_environment(); 326 result = (*verify_func)(env, cls, message, (int)message_len, klass->major_version()); 327 } 328 329 JNIHandles::destroy_local(cls); 330 331 // These numbers are chosen so that VerifyClassCodes interface doesn't need 332 // to be changed (still return jboolean (unsigned char)), and result is 333 // 1 when verification is passed. 334 if (result == 0) { 335 return vmSymbols::java_lang_VerifyError(); 336 } else if (result == 1) { 337 return NULL; // verified. 338 } else if (result == 2) { 339 THROW_MSG_(vmSymbols::java_lang_OutOfMemoryError(), message, NULL); 340 } else if (result == 3) { 341 return vmSymbols::java_lang_ClassFormatError(); 342 } else { 343 ShouldNotReachHere(); 344 return NULL; 345 } 346 } 347 348 TypeOrigin TypeOrigin::null() { 349 return TypeOrigin(); 350 } 351 TypeOrigin TypeOrigin::local(u2 index, StackMapFrame* frame) { 352 assert(frame != NULL, "Must have a frame"); 353 return TypeOrigin(CF_LOCALS, index, StackMapFrame::copy(frame), 354 frame->local_at(index)); 355 } 356 TypeOrigin TypeOrigin::stack(u2 index, StackMapFrame* frame) { 357 assert(frame != NULL, "Must have a frame"); 358 return TypeOrigin(CF_STACK, index, StackMapFrame::copy(frame), 359 frame->stack_at(index)); 360 } 361 TypeOrigin TypeOrigin::sm_local(u2 index, StackMapFrame* frame) { 362 assert(frame != NULL, "Must have a frame"); 363 return TypeOrigin(SM_LOCALS, index, StackMapFrame::copy(frame), 364 frame->local_at(index)); 365 } 366 TypeOrigin TypeOrigin::sm_stack(u2 index, StackMapFrame* frame) { 367 assert(frame != NULL, "Must have a frame"); 368 return TypeOrigin(SM_STACK, index, StackMapFrame::copy(frame), 369 frame->stack_at(index)); 370 } 371 TypeOrigin TypeOrigin::bad_index(u2 index) { 372 return TypeOrigin(BAD_INDEX, index, NULL, VerificationType::bogus_type()); 373 } 374 TypeOrigin TypeOrigin::cp(u2 index, VerificationType vt) { 375 return TypeOrigin(CONST_POOL, index, NULL, vt); 376 } 377 TypeOrigin TypeOrigin::signature(VerificationType vt) { 378 return TypeOrigin(SIG, 0, NULL, vt); 379 } 380 TypeOrigin TypeOrigin::implicit(VerificationType t) { 381 return TypeOrigin(IMPLICIT, 0, NULL, t); 382 } 383 TypeOrigin TypeOrigin::frame(StackMapFrame* frame) { 384 return TypeOrigin(FRAME_ONLY, 0, StackMapFrame::copy(frame), 385 VerificationType::bogus_type()); 386 } 387 388 void TypeOrigin::reset_frame() { 389 if (_frame != NULL) { 390 _frame->restore(); 391 } 392 } 393 394 void TypeOrigin::details(outputStream* ss) const { 395 _type.print_on(ss); 396 switch (_origin) { 397 case CF_LOCALS: 398 ss->print(" (current frame, locals[%d])", _index); 399 break; 400 case CF_STACK: 401 ss->print(" (current frame, stack[%d])", _index); 402 break; 403 case SM_LOCALS: 404 ss->print(" (stack map, locals[%d])", _index); 405 break; 406 case SM_STACK: 407 ss->print(" (stack map, stack[%d])", _index); 408 break; 409 case CONST_POOL: 410 ss->print(" (constant pool %d)", _index); 411 break; 412 case SIG: 413 ss->print(" (from method signature)"); 414 break; 415 case IMPLICIT: 416 case FRAME_ONLY: 417 case NONE: 418 default: 419 ; 420 } 421 } 422 423 #ifdef ASSERT 424 void TypeOrigin::print_on(outputStream* str) const { 425 str->print("{%d,%d,%p:", _origin, _index, _frame); 426 if (_frame != NULL) { 427 _frame->print_on(str); 428 } else { 429 str->print("null"); 430 } 431 str->print(","); 432 _type.print_on(str); 433 str->print("}"); 434 } 435 #endif 436 437 void ErrorContext::details(outputStream* ss, const Method* method) const { 438 if (is_valid()) { 439 ss->cr(); 440 ss->print_cr("Exception Details:"); 441 location_details(ss, method); 442 reason_details(ss); 443 frame_details(ss); 444 bytecode_details(ss, method); 445 handler_details(ss, method); 446 stackmap_details(ss, method); 447 } 448 } 449 450 void ErrorContext::reason_details(outputStream* ss) const { 451 streamIndentor si(ss); 452 ss->indent().print_cr("Reason:"); 453 streamIndentor si2(ss); 454 ss->indent().print("%s", ""); 455 switch (_fault) { 456 case INVALID_BYTECODE: 457 ss->print("Error exists in the bytecode"); 458 break; 459 case WRONG_TYPE: 460 if (_expected.is_valid()) { 461 ss->print("Type "); 462 _type.details(ss); 463 ss->print(" is not assignable to "); 464 _expected.details(ss); 465 } else { 466 ss->print("Invalid type: "); 467 _type.details(ss); 468 } 469 break; 470 case FLAGS_MISMATCH: 471 if (_expected.is_valid()) { 472 ss->print("Current frame's flags are not assignable " 473 "to stack map frame's."); 474 } else { 475 ss->print("Current frame's flags are invalid in this context."); 476 } 477 break; 478 case BAD_CP_INDEX: 479 ss->print("Constant pool index %d is invalid", _type.index()); 480 break; 481 case BAD_LOCAL_INDEX: 482 ss->print("Local index %d is invalid", _type.index()); 483 break; 484 case LOCALS_SIZE_MISMATCH: 485 ss->print("Current frame's local size doesn't match stackmap."); 486 break; 487 case STACK_SIZE_MISMATCH: 488 ss->print("Current frame's stack size doesn't match stackmap."); 489 break; 490 case STACK_OVERFLOW: 491 ss->print("Exceeded max stack size."); 492 break; 493 case STACK_UNDERFLOW: 494 ss->print("Attempt to pop empty stack."); 495 break; 496 case MISSING_STACKMAP: 497 ss->print("Expected stackmap frame at this location."); 498 break; 499 case BAD_STACKMAP: 500 ss->print("Invalid stackmap specification."); 501 break; 502 case WRONG_INLINE_TYPE: 503 ss->print("Type "); 504 _type.details(ss); 505 ss->print(" and type "); 506 _expected.details(ss); 507 ss->print(" must be identical inline types."); 508 break; 509 case UNKNOWN: 510 default: 511 ShouldNotReachHere(); 512 ss->print_cr("Unknown"); 513 } 514 ss->cr(); 515 } 516 517 void ErrorContext::location_details(outputStream* ss, const Method* method) const { 518 if (_bci != -1 && method != NULL) { 519 streamIndentor si(ss); 520 const char* bytecode_name = "<invalid>"; 521 if (method->validate_bci(_bci) != -1) { 522 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci)); 523 if (Bytecodes::is_defined(code)) { 524 bytecode_name = Bytecodes::name(code); 525 } else { 526 bytecode_name = "<illegal>"; 527 } 528 } 529 InstanceKlass* ik = method->method_holder(); 530 ss->indent().print_cr("Location:"); 531 streamIndentor si2(ss); 532 ss->indent().print_cr("%s.%s%s @%d: %s", 533 ik->name()->as_C_string(), method->name()->as_C_string(), 534 method->signature()->as_C_string(), _bci, bytecode_name); 535 } 536 } 537 538 void ErrorContext::frame_details(outputStream* ss) const { 539 streamIndentor si(ss); 540 if (_type.is_valid() && _type.frame() != NULL) { 541 ss->indent().print_cr("Current Frame:"); 542 streamIndentor si2(ss); 543 _type.frame()->print_on(ss); 544 } 545 if (_expected.is_valid() && _expected.frame() != NULL) { 546 ss->indent().print_cr("Stackmap Frame:"); 547 streamIndentor si2(ss); 548 _expected.frame()->print_on(ss); 549 } 550 } 551 552 void ErrorContext::bytecode_details(outputStream* ss, const Method* method) const { 553 if (method != NULL) { 554 streamIndentor si(ss); 555 ss->indent().print_cr("Bytecode:"); 556 streamIndentor si2(ss); 557 ss->print_data(method->code_base(), method->code_size(), false); 558 } 559 } 560 561 void ErrorContext::handler_details(outputStream* ss, const Method* method) const { 562 if (method != NULL) { 563 streamIndentor si(ss); 564 ExceptionTable table(method); 565 if (table.length() > 0) { 566 ss->indent().print_cr("Exception Handler Table:"); 567 streamIndentor si2(ss); 568 for (int i = 0; i < table.length(); ++i) { 569 ss->indent().print_cr("bci [%d, %d] => handler: %d", table.start_pc(i), 570 table.end_pc(i), table.handler_pc(i)); 571 } 572 } 573 } 574 } 575 576 void ErrorContext::stackmap_details(outputStream* ss, const Method* method) const { 577 if (method != NULL && method->has_stackmap_table()) { 578 streamIndentor si(ss); 579 ss->indent().print_cr("Stackmap Table:"); 580 Array<u1>* data = method->stackmap_data(); 581 stack_map_table* sm_table = 582 stack_map_table::at((address)data->adr_at(0)); 583 stack_map_frame* sm_frame = sm_table->entries(); 584 streamIndentor si2(ss); 585 int current_offset = -1; 586 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length(); 587 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) { 588 ss->indent(); 589 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) { 590 sm_frame->print_truncated(ss, current_offset); 591 return; 592 } 593 sm_frame->print_on(ss, current_offset); 594 ss->cr(); 595 current_offset += sm_frame->offset_delta(); 596 sm_frame = sm_frame->next(); 597 } 598 } 599 } 600 601 // Methods in ClassVerifier 602 603 VerificationType reference_or_inline_type(InstanceKlass* klass) { 604 if (klass->is_inline_klass()) { 605 return VerificationType::inline_type(klass->name()); 606 } else { 607 return VerificationType::reference_type(klass->name()); 608 } 609 } 610 611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass) 612 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL), 613 _message(NULL), _method_signatures_table(NULL), _klass(klass) { 614 _this_type = reference_or_inline_type(klass); 615 } 616 617 ClassVerifier::~ClassVerifier() { 618 // Decrement the reference count for any symbols created. 619 if (_symbols != NULL) { 620 for (int i = 0; i < _symbols->length(); i++) { 621 Symbol* s = _symbols->at(i); 622 s->decrement_refcount(); 623 } 624 } 625 } 626 627 VerificationType ClassVerifier::object_type() const { 628 return VerificationType::reference_type(vmSymbols::java_lang_Object()); 629 } 630 631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) { 632 VerificationType vt = VerificationType::reference_type( 633 create_temporary_symbol(sig, (int)strlen(sig))); 634 return TypeOrigin::implicit(vt); 635 } 636 637 638 void ClassVerifier::verify_class(TRAPS) { 639 log_info(verification)("Verifying class %s with new format", _klass->external_name()); 640 641 // Either verifying both local and remote classes or just remote classes. 642 assert(BytecodeVerificationRemote, "Should not be here"); 643 644 // Create hash table containing method signatures. 645 method_signatures_table_type method_signatures_table; 646 set_method_signatures_table(&method_signatures_table); 647 648 Array<Method*>* methods = _klass->methods(); 649 int num_methods = methods->length(); 650 651 for (int index = 0; index < num_methods; index++) { 652 // Check for recursive re-verification before each method. 653 if (was_recursively_verified()) return; 654 655 Method* m = methods->at(index); 656 if (m->is_native() || m->is_abstract() || m->is_overpass()) { 657 // If m is native or abstract, skip it. It is checked in class file 658 // parser that methods do not override a final method. Overpass methods 659 // are trusted since the VM generates them. 660 continue; 661 } 662 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this)); 663 } 664 665 if (was_recursively_verified()){ 666 log_info(verification)("Recursive verification detected for: %s", _klass->external_name()); 667 log_info(class, init)("Recursive verification detected for: %s", 668 _klass->external_name()); 669 } 670 } 671 672 // Translate the signature entries into verification types and save them in 673 // the growable array. Also, save the count of arguments. 674 void ClassVerifier::translate_signature(Symbol* const method_sig, 675 sig_as_verification_types* sig_verif_types) { 676 SignatureStream sig_stream(method_sig); 677 VerificationType sig_type[2]; 678 int sig_i = 0; 679 GrowableArray<VerificationType>* verif_types = sig_verif_types->sig_verif_types(); 680 681 // Translate the signature arguments into verification types. 682 while (!sig_stream.at_return_type()) { 683 int n = change_sig_to_verificationType(&sig_stream, sig_type); 684 assert(n <= 2, "Unexpected signature type"); 685 686 // Store verification type(s). Longs and Doubles each have two verificationTypes. 687 for (int x = 0; x < n; x++) { 688 verif_types->push(sig_type[x]); 689 } 690 sig_i += n; 691 sig_stream.next(); 692 } 693 694 // Set final arg count, not including the return type. The final arg count will 695 // be compared with sig_verify_types' length to see if there is a return type. 696 sig_verif_types->set_num_args(sig_i); 697 698 // Store verification type(s) for the return type, if there is one. 699 if (sig_stream.type() != T_VOID) { 700 int n = change_sig_to_verificationType(&sig_stream, sig_type); 701 assert(n <= 2, "Unexpected signature return type"); 702 for (int y = 0; y < n; y++) { 703 verif_types->push(sig_type[y]); 704 } 705 } 706 } 707 708 void ClassVerifier::create_method_sig_entry(sig_as_verification_types* sig_verif_types, 709 int sig_index) { 710 // Translate the signature into verification types. 711 ConstantPool* cp = _klass->constants(); 712 Symbol* const method_sig = cp->symbol_at(sig_index); 713 translate_signature(method_sig, sig_verif_types); 714 715 // Add the list of this signature's verification types to the table. 716 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types); 717 assert(is_unique, "Duplicate entries in method_signature_table"); 718 } 719 720 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) { 721 HandleMark hm(THREAD); 722 _method = m; // initialize _method 723 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string()); 724 725 // For clang, the only good constant format string is a literal constant format string. 726 #define bad_type_msg "Bad type on operand stack in %s" 727 728 int32_t max_stack = m->verifier_max_stack(); 729 int32_t max_locals = m->max_locals(); 730 constantPoolHandle cp(THREAD, m->constants()); 731 732 // Method signature was checked in ClassFileParser. 733 assert(SignatureVerifier::is_valid_method_signature(m->signature()), 734 "Invalid method signature"); 735 736 // Initial stack map frame: offset is 0, stack is initially empty. 737 StackMapFrame current_frame(max_locals, max_stack, this); 738 // Set initial locals 739 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type()); 740 741 int32_t stackmap_index = 0; // index to the stackmap array 742 743 u4 code_length = m->code_size(); 744 745 // Scan the bytecode and map each instruction's start offset to a number. 746 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this)); 747 748 int ex_min = code_length; 749 int ex_max = -1; 750 // Look through each item on the exception table. Each of the fields must refer 751 // to a legal instruction. 752 if (was_recursively_verified()) return; 753 verify_exception_handler_table( 754 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this)); 755 756 // Look through each entry on the local variable table and make sure 757 // its range of code array offsets is valid. (4169817) 758 if (m->has_localvariable_table()) { 759 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this)); 760 } 761 762 Array<u1>* stackmap_data = m->stackmap_data(); 763 StackMapStream stream(stackmap_data); 764 StackMapReader reader(this, &stream, code_data, code_length, THREAD); 765 StackMapTable stackmap_table(&reader, ¤t_frame, max_locals, max_stack, 766 code_data, code_length, CHECK_VERIFY(this)); 767 768 LogTarget(Debug, verification) lt; 769 if (lt.is_enabled()) { 770 ResourceMark rm(THREAD); 771 LogStream ls(lt); 772 stackmap_table.print_on(&ls); 773 } 774 775 RawBytecodeStream bcs(m); 776 777 // Scan the byte code linearly from the start to the end 778 bool no_control_flow = false; // Set to true when there is no direct control 779 // flow from current instruction to the next 780 // instruction in sequence 781 782 Bytecodes::Code opcode; 783 while (!bcs.is_last_bytecode()) { 784 // Check for recursive re-verification before each bytecode. 785 if (was_recursively_verified()) return; 786 787 opcode = bcs.raw_next(); 788 u2 bci = bcs.bci(); 789 790 // Set current frame's offset to bci 791 current_frame.set_offset(bci); 792 current_frame.set_mark(); 793 794 // Make sure every offset in stackmap table point to the beginning to 795 // an instruction. Match current_frame to stackmap_table entry with 796 // the same offset if exists. 797 stackmap_index = verify_stackmap_table( 798 stackmap_index, bci, ¤t_frame, &stackmap_table, 799 no_control_flow, CHECK_VERIFY(this)); 800 801 802 bool this_uninit = false; // Set to true when invokespecial <init> initialized 'this' 803 bool verified_exc_handlers = false; 804 805 // Merge with the next instruction 806 { 807 u2 index; 808 int target; 809 VerificationType type, type2; 810 VerificationType atype; 811 812 LogTarget(Debug, verification) lt; 813 if (lt.is_enabled()) { 814 ResourceMark rm(THREAD); 815 LogStream ls(lt); 816 current_frame.print_on(&ls); 817 lt.print("offset = %d, opcode = %s", bci, 818 opcode == Bytecodes::_illegal ? "illegal" : Bytecodes::name(opcode)); 819 } 820 821 // Make sure wide instruction is in correct format 822 if (bcs.is_wide()) { 823 if (opcode != Bytecodes::_iinc && opcode != Bytecodes::_iload && 824 opcode != Bytecodes::_aload && opcode != Bytecodes::_lload && 825 opcode != Bytecodes::_istore && opcode != Bytecodes::_astore && 826 opcode != Bytecodes::_lstore && opcode != Bytecodes::_fload && 827 opcode != Bytecodes::_dload && opcode != Bytecodes::_fstore && 828 opcode != Bytecodes::_dstore) { 829 /* Unreachable? RawBytecodeStream's raw_next() returns 'illegal' 830 * if we encounter a wide instruction that modifies an invalid 831 * opcode (not one of the ones listed above) */ 832 verify_error(ErrorContext::bad_code(bci), "Bad wide instruction"); 833 return; 834 } 835 } 836 837 // Look for possible jump target in exception handlers and see if it 838 // matches current_frame. Do this check here for astore*, dstore*, 839 // fstore*, istore*, and lstore* opcodes because they can change the type 840 // state by adding a local. JVM Spec says that the incoming type state 841 // should be used for this check. So, do the check here before a possible 842 // local is added to the type state. 843 if (Bytecodes::is_store_into_local(opcode) && bci >= ex_min && bci < ex_max) { 844 if (was_recursively_verified()) return; 845 verify_exception_handler_targets( 846 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 847 verified_exc_handlers = true; 848 } 849 850 if (was_recursively_verified()) return; 851 852 switch (opcode) { 853 case Bytecodes::_nop : 854 no_control_flow = false; break; 855 case Bytecodes::_aconst_null : 856 current_frame.push_stack( 857 VerificationType::null_type(), CHECK_VERIFY(this)); 858 no_control_flow = false; break; 859 case Bytecodes::_iconst_m1 : 860 case Bytecodes::_iconst_0 : 861 case Bytecodes::_iconst_1 : 862 case Bytecodes::_iconst_2 : 863 case Bytecodes::_iconst_3 : 864 case Bytecodes::_iconst_4 : 865 case Bytecodes::_iconst_5 : 866 current_frame.push_stack( 867 VerificationType::integer_type(), CHECK_VERIFY(this)); 868 no_control_flow = false; break; 869 case Bytecodes::_lconst_0 : 870 case Bytecodes::_lconst_1 : 871 current_frame.push_stack_2( 872 VerificationType::long_type(), 873 VerificationType::long2_type(), CHECK_VERIFY(this)); 874 no_control_flow = false; break; 875 case Bytecodes::_fconst_0 : 876 case Bytecodes::_fconst_1 : 877 case Bytecodes::_fconst_2 : 878 current_frame.push_stack( 879 VerificationType::float_type(), CHECK_VERIFY(this)); 880 no_control_flow = false; break; 881 case Bytecodes::_dconst_0 : 882 case Bytecodes::_dconst_1 : 883 current_frame.push_stack_2( 884 VerificationType::double_type(), 885 VerificationType::double2_type(), CHECK_VERIFY(this)); 886 no_control_flow = false; break; 887 case Bytecodes::_sipush : 888 case Bytecodes::_bipush : 889 current_frame.push_stack( 890 VerificationType::integer_type(), CHECK_VERIFY(this)); 891 no_control_flow = false; break; 892 case Bytecodes::_ldc : 893 verify_ldc( 894 opcode, bcs.get_index_u1(), ¤t_frame, 895 cp, bci, CHECK_VERIFY(this)); 896 no_control_flow = false; break; 897 case Bytecodes::_ldc_w : 898 case Bytecodes::_ldc2_w : 899 verify_ldc( 900 opcode, bcs.get_index_u2(), ¤t_frame, 901 cp, bci, CHECK_VERIFY(this)); 902 no_control_flow = false; break; 903 case Bytecodes::_iload : 904 verify_iload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 905 no_control_flow = false; break; 906 case Bytecodes::_iload_0 : 907 case Bytecodes::_iload_1 : 908 case Bytecodes::_iload_2 : 909 case Bytecodes::_iload_3 : 910 index = opcode - Bytecodes::_iload_0; 911 verify_iload(index, ¤t_frame, CHECK_VERIFY(this)); 912 no_control_flow = false; break; 913 case Bytecodes::_lload : 914 verify_lload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 915 no_control_flow = false; break; 916 case Bytecodes::_lload_0 : 917 case Bytecodes::_lload_1 : 918 case Bytecodes::_lload_2 : 919 case Bytecodes::_lload_3 : 920 index = opcode - Bytecodes::_lload_0; 921 verify_lload(index, ¤t_frame, CHECK_VERIFY(this)); 922 no_control_flow = false; break; 923 case Bytecodes::_fload : 924 verify_fload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 925 no_control_flow = false; break; 926 case Bytecodes::_fload_0 : 927 case Bytecodes::_fload_1 : 928 case Bytecodes::_fload_2 : 929 case Bytecodes::_fload_3 : 930 index = opcode - Bytecodes::_fload_0; 931 verify_fload(index, ¤t_frame, CHECK_VERIFY(this)); 932 no_control_flow = false; break; 933 case Bytecodes::_dload : 934 verify_dload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 935 no_control_flow = false; break; 936 case Bytecodes::_dload_0 : 937 case Bytecodes::_dload_1 : 938 case Bytecodes::_dload_2 : 939 case Bytecodes::_dload_3 : 940 index = opcode - Bytecodes::_dload_0; 941 verify_dload(index, ¤t_frame, CHECK_VERIFY(this)); 942 no_control_flow = false; break; 943 case Bytecodes::_aload : 944 verify_aload(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 945 no_control_flow = false; break; 946 case Bytecodes::_aload_0 : 947 case Bytecodes::_aload_1 : 948 case Bytecodes::_aload_2 : 949 case Bytecodes::_aload_3 : 950 index = opcode - Bytecodes::_aload_0; 951 verify_aload(index, ¤t_frame, CHECK_VERIFY(this)); 952 no_control_flow = false; break; 953 case Bytecodes::_iaload : 954 type = current_frame.pop_stack( 955 VerificationType::integer_type(), CHECK_VERIFY(this)); 956 atype = current_frame.pop_stack( 957 VerificationType::reference_check(), CHECK_VERIFY(this)); 958 if (!atype.is_int_array()) { 959 verify_error(ErrorContext::bad_type(bci, 960 current_frame.stack_top_ctx(), ref_ctx("[I")), 961 bad_type_msg, "iaload"); 962 return; 963 } 964 current_frame.push_stack( 965 VerificationType::integer_type(), CHECK_VERIFY(this)); 966 no_control_flow = false; break; 967 case Bytecodes::_baload : 968 type = current_frame.pop_stack( 969 VerificationType::integer_type(), CHECK_VERIFY(this)); 970 atype = current_frame.pop_stack( 971 VerificationType::reference_check(), CHECK_VERIFY(this)); 972 if (!atype.is_bool_array() && !atype.is_byte_array()) { 973 verify_error( 974 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 975 bad_type_msg, "baload"); 976 return; 977 } 978 current_frame.push_stack( 979 VerificationType::integer_type(), CHECK_VERIFY(this)); 980 no_control_flow = false; break; 981 case Bytecodes::_caload : 982 type = current_frame.pop_stack( 983 VerificationType::integer_type(), CHECK_VERIFY(this)); 984 atype = current_frame.pop_stack( 985 VerificationType::reference_check(), CHECK_VERIFY(this)); 986 if (!atype.is_char_array()) { 987 verify_error(ErrorContext::bad_type(bci, 988 current_frame.stack_top_ctx(), ref_ctx("[C")), 989 bad_type_msg, "caload"); 990 return; 991 } 992 current_frame.push_stack( 993 VerificationType::integer_type(), CHECK_VERIFY(this)); 994 no_control_flow = false; break; 995 case Bytecodes::_saload : 996 type = current_frame.pop_stack( 997 VerificationType::integer_type(), CHECK_VERIFY(this)); 998 atype = current_frame.pop_stack( 999 VerificationType::reference_check(), CHECK_VERIFY(this)); 1000 if (!atype.is_short_array()) { 1001 verify_error(ErrorContext::bad_type(bci, 1002 current_frame.stack_top_ctx(), ref_ctx("[S")), 1003 bad_type_msg, "saload"); 1004 return; 1005 } 1006 current_frame.push_stack( 1007 VerificationType::integer_type(), CHECK_VERIFY(this)); 1008 no_control_flow = false; break; 1009 case Bytecodes::_laload : 1010 type = current_frame.pop_stack( 1011 VerificationType::integer_type(), CHECK_VERIFY(this)); 1012 atype = current_frame.pop_stack( 1013 VerificationType::reference_check(), CHECK_VERIFY(this)); 1014 if (!atype.is_long_array()) { 1015 verify_error(ErrorContext::bad_type(bci, 1016 current_frame.stack_top_ctx(), ref_ctx("[J")), 1017 bad_type_msg, "laload"); 1018 return; 1019 } 1020 current_frame.push_stack_2( 1021 VerificationType::long_type(), 1022 VerificationType::long2_type(), CHECK_VERIFY(this)); 1023 no_control_flow = false; break; 1024 case Bytecodes::_faload : 1025 type = current_frame.pop_stack( 1026 VerificationType::integer_type(), CHECK_VERIFY(this)); 1027 atype = current_frame.pop_stack( 1028 VerificationType::reference_check(), CHECK_VERIFY(this)); 1029 if (!atype.is_float_array()) { 1030 verify_error(ErrorContext::bad_type(bci, 1031 current_frame.stack_top_ctx(), ref_ctx("[F")), 1032 bad_type_msg, "faload"); 1033 return; 1034 } 1035 current_frame.push_stack( 1036 VerificationType::float_type(), CHECK_VERIFY(this)); 1037 no_control_flow = false; break; 1038 case Bytecodes::_daload : 1039 type = current_frame.pop_stack( 1040 VerificationType::integer_type(), CHECK_VERIFY(this)); 1041 atype = current_frame.pop_stack( 1042 VerificationType::reference_check(), CHECK_VERIFY(this)); 1043 if (!atype.is_double_array()) { 1044 verify_error(ErrorContext::bad_type(bci, 1045 current_frame.stack_top_ctx(), ref_ctx("[D")), 1046 bad_type_msg, "daload"); 1047 return; 1048 } 1049 current_frame.push_stack_2( 1050 VerificationType::double_type(), 1051 VerificationType::double2_type(), CHECK_VERIFY(this)); 1052 no_control_flow = false; break; 1053 case Bytecodes::_aaload : { 1054 type = current_frame.pop_stack( 1055 VerificationType::integer_type(), CHECK_VERIFY(this)); 1056 atype = current_frame.pop_stack( 1057 VerificationType::reference_check(), CHECK_VERIFY(this)); 1058 if (!atype.is_nonscalar_array()) { 1059 verify_error(ErrorContext::bad_type(bci, 1060 current_frame.stack_top_ctx(), 1061 TypeOrigin::implicit(VerificationType::reference_check())), 1062 bad_type_msg, "aaload"); 1063 return; 1064 } 1065 if (atype.is_null()) { 1066 current_frame.push_stack( 1067 VerificationType::null_type(), CHECK_VERIFY(this)); 1068 } else { 1069 VerificationType component = atype.get_component(this); 1070 current_frame.push_stack(component, CHECK_VERIFY(this)); 1071 } 1072 no_control_flow = false; break; 1073 } 1074 case Bytecodes::_istore : 1075 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1076 no_control_flow = false; break; 1077 case Bytecodes::_istore_0 : 1078 case Bytecodes::_istore_1 : 1079 case Bytecodes::_istore_2 : 1080 case Bytecodes::_istore_3 : 1081 index = opcode - Bytecodes::_istore_0; 1082 verify_istore(index, ¤t_frame, CHECK_VERIFY(this)); 1083 no_control_flow = false; break; 1084 case Bytecodes::_lstore : 1085 verify_lstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1086 no_control_flow = false; break; 1087 case Bytecodes::_lstore_0 : 1088 case Bytecodes::_lstore_1 : 1089 case Bytecodes::_lstore_2 : 1090 case Bytecodes::_lstore_3 : 1091 index = opcode - Bytecodes::_lstore_0; 1092 verify_lstore(index, ¤t_frame, CHECK_VERIFY(this)); 1093 no_control_flow = false; break; 1094 case Bytecodes::_fstore : 1095 verify_fstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1096 no_control_flow = false; break; 1097 case Bytecodes::_fstore_0 : 1098 case Bytecodes::_fstore_1 : 1099 case Bytecodes::_fstore_2 : 1100 case Bytecodes::_fstore_3 : 1101 index = opcode - Bytecodes::_fstore_0; 1102 verify_fstore(index, ¤t_frame, CHECK_VERIFY(this)); 1103 no_control_flow = false; break; 1104 case Bytecodes::_dstore : 1105 verify_dstore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1106 no_control_flow = false; break; 1107 case Bytecodes::_dstore_0 : 1108 case Bytecodes::_dstore_1 : 1109 case Bytecodes::_dstore_2 : 1110 case Bytecodes::_dstore_3 : 1111 index = opcode - Bytecodes::_dstore_0; 1112 verify_dstore(index, ¤t_frame, CHECK_VERIFY(this)); 1113 no_control_flow = false; break; 1114 case Bytecodes::_astore : 1115 verify_astore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1116 no_control_flow = false; break; 1117 case Bytecodes::_astore_0 : 1118 case Bytecodes::_astore_1 : 1119 case Bytecodes::_astore_2 : 1120 case Bytecodes::_astore_3 : 1121 index = opcode - Bytecodes::_astore_0; 1122 verify_astore(index, ¤t_frame, CHECK_VERIFY(this)); 1123 no_control_flow = false; break; 1124 case Bytecodes::_iastore : 1125 type = current_frame.pop_stack( 1126 VerificationType::integer_type(), CHECK_VERIFY(this)); 1127 type2 = current_frame.pop_stack( 1128 VerificationType::integer_type(), CHECK_VERIFY(this)); 1129 atype = current_frame.pop_stack( 1130 VerificationType::reference_check(), CHECK_VERIFY(this)); 1131 if (!atype.is_int_array()) { 1132 verify_error(ErrorContext::bad_type(bci, 1133 current_frame.stack_top_ctx(), ref_ctx("[I")), 1134 bad_type_msg, "iastore"); 1135 return; 1136 } 1137 no_control_flow = false; break; 1138 case Bytecodes::_bastore : 1139 type = current_frame.pop_stack( 1140 VerificationType::integer_type(), CHECK_VERIFY(this)); 1141 type2 = current_frame.pop_stack( 1142 VerificationType::integer_type(), CHECK_VERIFY(this)); 1143 atype = current_frame.pop_stack( 1144 VerificationType::reference_check(), CHECK_VERIFY(this)); 1145 if (!atype.is_bool_array() && !atype.is_byte_array()) { 1146 verify_error( 1147 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1148 bad_type_msg, "bastore"); 1149 return; 1150 } 1151 no_control_flow = false; break; 1152 case Bytecodes::_castore : 1153 current_frame.pop_stack( 1154 VerificationType::integer_type(), CHECK_VERIFY(this)); 1155 current_frame.pop_stack( 1156 VerificationType::integer_type(), CHECK_VERIFY(this)); 1157 atype = current_frame.pop_stack( 1158 VerificationType::reference_check(), CHECK_VERIFY(this)); 1159 if (!atype.is_char_array()) { 1160 verify_error(ErrorContext::bad_type(bci, 1161 current_frame.stack_top_ctx(), ref_ctx("[C")), 1162 bad_type_msg, "castore"); 1163 return; 1164 } 1165 no_control_flow = false; break; 1166 case Bytecodes::_sastore : 1167 current_frame.pop_stack( 1168 VerificationType::integer_type(), CHECK_VERIFY(this)); 1169 current_frame.pop_stack( 1170 VerificationType::integer_type(), CHECK_VERIFY(this)); 1171 atype = current_frame.pop_stack( 1172 VerificationType::reference_check(), CHECK_VERIFY(this)); 1173 if (!atype.is_short_array()) { 1174 verify_error(ErrorContext::bad_type(bci, 1175 current_frame.stack_top_ctx(), ref_ctx("[S")), 1176 bad_type_msg, "sastore"); 1177 return; 1178 } 1179 no_control_flow = false; break; 1180 case Bytecodes::_lastore : 1181 current_frame.pop_stack_2( 1182 VerificationType::long2_type(), 1183 VerificationType::long_type(), CHECK_VERIFY(this)); 1184 current_frame.pop_stack( 1185 VerificationType::integer_type(), CHECK_VERIFY(this)); 1186 atype = current_frame.pop_stack( 1187 VerificationType::reference_check(), CHECK_VERIFY(this)); 1188 if (!atype.is_long_array()) { 1189 verify_error(ErrorContext::bad_type(bci, 1190 current_frame.stack_top_ctx(), ref_ctx("[J")), 1191 bad_type_msg, "lastore"); 1192 return; 1193 } 1194 no_control_flow = false; break; 1195 case Bytecodes::_fastore : 1196 current_frame.pop_stack( 1197 VerificationType::float_type(), CHECK_VERIFY(this)); 1198 current_frame.pop_stack 1199 (VerificationType::integer_type(), CHECK_VERIFY(this)); 1200 atype = current_frame.pop_stack( 1201 VerificationType::reference_check(), CHECK_VERIFY(this)); 1202 if (!atype.is_float_array()) { 1203 verify_error(ErrorContext::bad_type(bci, 1204 current_frame.stack_top_ctx(), ref_ctx("[F")), 1205 bad_type_msg, "fastore"); 1206 return; 1207 } 1208 no_control_flow = false; break; 1209 case Bytecodes::_dastore : 1210 current_frame.pop_stack_2( 1211 VerificationType::double2_type(), 1212 VerificationType::double_type(), CHECK_VERIFY(this)); 1213 current_frame.pop_stack( 1214 VerificationType::integer_type(), CHECK_VERIFY(this)); 1215 atype = current_frame.pop_stack( 1216 VerificationType::reference_check(), CHECK_VERIFY(this)); 1217 if (!atype.is_double_array()) { 1218 verify_error(ErrorContext::bad_type(bci, 1219 current_frame.stack_top_ctx(), ref_ctx("[D")), 1220 bad_type_msg, "dastore"); 1221 return; 1222 } 1223 no_control_flow = false; break; 1224 case Bytecodes::_aastore : 1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1226 type2 = current_frame.pop_stack( 1227 VerificationType::integer_type(), CHECK_VERIFY(this)); 1228 atype = current_frame.pop_stack( 1229 VerificationType::reference_check(), CHECK_VERIFY(this)); 1230 // more type-checking is done at runtime 1231 if (!atype.is_nonscalar_array()) { 1232 verify_error(ErrorContext::bad_type(bci, 1233 current_frame.stack_top_ctx(), 1234 TypeOrigin::implicit(VerificationType::reference_check())), 1235 bad_type_msg, "aastore"); 1236 return; 1237 } 1238 // 4938384: relaxed constraint in JVMS 3nd edition. 1239 no_control_flow = false; break; 1240 case Bytecodes::_pop : 1241 current_frame.pop_stack( 1242 VerificationType::category1_check(), CHECK_VERIFY(this)); 1243 no_control_flow = false; break; 1244 case Bytecodes::_pop2 : 1245 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1246 if (type.is_category1()) { 1247 current_frame.pop_stack( 1248 VerificationType::category1_check(), CHECK_VERIFY(this)); 1249 } else if (type.is_category2_2nd()) { 1250 current_frame.pop_stack( 1251 VerificationType::category2_check(), CHECK_VERIFY(this)); 1252 } else { 1253 /* Unreachable? Would need a category2_1st on TOS 1254 * which does not appear possible. */ 1255 verify_error( 1256 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1257 bad_type_msg, "pop2"); 1258 return; 1259 } 1260 no_control_flow = false; break; 1261 case Bytecodes::_dup : 1262 type = current_frame.pop_stack( 1263 VerificationType::category1_check(), CHECK_VERIFY(this)); 1264 current_frame.push_stack(type, CHECK_VERIFY(this)); 1265 current_frame.push_stack(type, CHECK_VERIFY(this)); 1266 no_control_flow = false; break; 1267 case Bytecodes::_dup_x1 : 1268 type = current_frame.pop_stack( 1269 VerificationType::category1_check(), CHECK_VERIFY(this)); 1270 type2 = current_frame.pop_stack( 1271 VerificationType::category1_check(), CHECK_VERIFY(this)); 1272 current_frame.push_stack(type, CHECK_VERIFY(this)); 1273 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1274 current_frame.push_stack(type, CHECK_VERIFY(this)); 1275 no_control_flow = false; break; 1276 case Bytecodes::_dup_x2 : 1277 { 1278 VerificationType type3; 1279 type = current_frame.pop_stack( 1280 VerificationType::category1_check(), CHECK_VERIFY(this)); 1281 type2 = current_frame.pop_stack(CHECK_VERIFY(this)); 1282 if (type2.is_category1()) { 1283 type3 = current_frame.pop_stack( 1284 VerificationType::category1_check(), CHECK_VERIFY(this)); 1285 } else if (type2.is_category2_2nd()) { 1286 type3 = current_frame.pop_stack( 1287 VerificationType::category2_check(), CHECK_VERIFY(this)); 1288 } else { 1289 /* Unreachable? Would need a category2_1st at stack depth 2 with 1290 * a category1 on TOS which does not appear possible. */ 1291 verify_error(ErrorContext::bad_type( 1292 bci, current_frame.stack_top_ctx()), bad_type_msg, "dup_x2"); 1293 return; 1294 } 1295 current_frame.push_stack(type, CHECK_VERIFY(this)); 1296 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1297 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1298 current_frame.push_stack(type, CHECK_VERIFY(this)); 1299 no_control_flow = false; break; 1300 } 1301 case Bytecodes::_dup2 : 1302 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1303 if (type.is_category1()) { 1304 type2 = current_frame.pop_stack( 1305 VerificationType::category1_check(), CHECK_VERIFY(this)); 1306 } else if (type.is_category2_2nd()) { 1307 type2 = current_frame.pop_stack( 1308 VerificationType::category2_check(), CHECK_VERIFY(this)); 1309 } else { 1310 /* Unreachable? Would need a category2_1st on TOS which does not 1311 * appear possible. */ 1312 verify_error( 1313 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1314 bad_type_msg, "dup2"); 1315 return; 1316 } 1317 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1318 current_frame.push_stack(type, CHECK_VERIFY(this)); 1319 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1320 current_frame.push_stack(type, CHECK_VERIFY(this)); 1321 no_control_flow = false; break; 1322 case Bytecodes::_dup2_x1 : 1323 { 1324 VerificationType type3; 1325 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1326 if (type.is_category1()) { 1327 type2 = current_frame.pop_stack( 1328 VerificationType::category1_check(), CHECK_VERIFY(this)); 1329 } else if (type.is_category2_2nd()) { 1330 type2 = current_frame.pop_stack( 1331 VerificationType::category2_check(), CHECK_VERIFY(this)); 1332 } else { 1333 /* Unreachable? Would need a category2_1st on TOS which does 1334 * not appear possible. */ 1335 verify_error( 1336 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1337 bad_type_msg, "dup2_x1"); 1338 return; 1339 } 1340 type3 = current_frame.pop_stack( 1341 VerificationType::category1_check(), CHECK_VERIFY(this)); 1342 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1343 current_frame.push_stack(type, CHECK_VERIFY(this)); 1344 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1345 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1346 current_frame.push_stack(type, CHECK_VERIFY(this)); 1347 no_control_flow = false; break; 1348 } 1349 case Bytecodes::_dup2_x2 : 1350 { 1351 VerificationType type3, type4; 1352 type = current_frame.pop_stack(CHECK_VERIFY(this)); 1353 if (type.is_category1()) { 1354 type2 = current_frame.pop_stack( 1355 VerificationType::category1_check(), CHECK_VERIFY(this)); 1356 } else if (type.is_category2_2nd()) { 1357 type2 = current_frame.pop_stack( 1358 VerificationType::category2_check(), CHECK_VERIFY(this)); 1359 } else { 1360 /* Unreachable? Would need a category2_1st on TOS which does 1361 * not appear possible. */ 1362 verify_error( 1363 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1364 bad_type_msg, "dup2_x2"); 1365 return; 1366 } 1367 type3 = current_frame.pop_stack(CHECK_VERIFY(this)); 1368 if (type3.is_category1()) { 1369 type4 = current_frame.pop_stack( 1370 VerificationType::category1_check(), CHECK_VERIFY(this)); 1371 } else if (type3.is_category2_2nd()) { 1372 type4 = current_frame.pop_stack( 1373 VerificationType::category2_check(), CHECK_VERIFY(this)); 1374 } else { 1375 /* Unreachable? Would need a category2_1st on TOS after popping 1376 * a long/double or two category 1's, which does not 1377 * appear possible. */ 1378 verify_error( 1379 ErrorContext::bad_type(bci, current_frame.stack_top_ctx()), 1380 bad_type_msg, "dup2_x2"); 1381 return; 1382 } 1383 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1384 current_frame.push_stack(type, CHECK_VERIFY(this)); 1385 current_frame.push_stack(type4, CHECK_VERIFY(this)); 1386 current_frame.push_stack(type3, CHECK_VERIFY(this)); 1387 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1388 current_frame.push_stack(type, CHECK_VERIFY(this)); 1389 no_control_flow = false; break; 1390 } 1391 case Bytecodes::_swap : 1392 type = current_frame.pop_stack( 1393 VerificationType::category1_check(), CHECK_VERIFY(this)); 1394 type2 = current_frame.pop_stack( 1395 VerificationType::category1_check(), CHECK_VERIFY(this)); 1396 current_frame.push_stack(type, CHECK_VERIFY(this)); 1397 current_frame.push_stack(type2, CHECK_VERIFY(this)); 1398 no_control_flow = false; break; 1399 case Bytecodes::_iadd : 1400 case Bytecodes::_isub : 1401 case Bytecodes::_imul : 1402 case Bytecodes::_idiv : 1403 case Bytecodes::_irem : 1404 case Bytecodes::_ishl : 1405 case Bytecodes::_ishr : 1406 case Bytecodes::_iushr : 1407 case Bytecodes::_ior : 1408 case Bytecodes::_ixor : 1409 case Bytecodes::_iand : 1410 current_frame.pop_stack( 1411 VerificationType::integer_type(), CHECK_VERIFY(this)); 1412 // fall through 1413 case Bytecodes::_ineg : 1414 current_frame.pop_stack( 1415 VerificationType::integer_type(), CHECK_VERIFY(this)); 1416 current_frame.push_stack( 1417 VerificationType::integer_type(), CHECK_VERIFY(this)); 1418 no_control_flow = false; break; 1419 case Bytecodes::_ladd : 1420 case Bytecodes::_lsub : 1421 case Bytecodes::_lmul : 1422 case Bytecodes::_ldiv : 1423 case Bytecodes::_lrem : 1424 case Bytecodes::_land : 1425 case Bytecodes::_lor : 1426 case Bytecodes::_lxor : 1427 current_frame.pop_stack_2( 1428 VerificationType::long2_type(), 1429 VerificationType::long_type(), CHECK_VERIFY(this)); 1430 // fall through 1431 case Bytecodes::_lneg : 1432 current_frame.pop_stack_2( 1433 VerificationType::long2_type(), 1434 VerificationType::long_type(), CHECK_VERIFY(this)); 1435 current_frame.push_stack_2( 1436 VerificationType::long_type(), 1437 VerificationType::long2_type(), CHECK_VERIFY(this)); 1438 no_control_flow = false; break; 1439 case Bytecodes::_lshl : 1440 case Bytecodes::_lshr : 1441 case Bytecodes::_lushr : 1442 current_frame.pop_stack( 1443 VerificationType::integer_type(), CHECK_VERIFY(this)); 1444 current_frame.pop_stack_2( 1445 VerificationType::long2_type(), 1446 VerificationType::long_type(), CHECK_VERIFY(this)); 1447 current_frame.push_stack_2( 1448 VerificationType::long_type(), 1449 VerificationType::long2_type(), CHECK_VERIFY(this)); 1450 no_control_flow = false; break; 1451 case Bytecodes::_fadd : 1452 case Bytecodes::_fsub : 1453 case Bytecodes::_fmul : 1454 case Bytecodes::_fdiv : 1455 case Bytecodes::_frem : 1456 current_frame.pop_stack( 1457 VerificationType::float_type(), CHECK_VERIFY(this)); 1458 // fall through 1459 case Bytecodes::_fneg : 1460 current_frame.pop_stack( 1461 VerificationType::float_type(), CHECK_VERIFY(this)); 1462 current_frame.push_stack( 1463 VerificationType::float_type(), CHECK_VERIFY(this)); 1464 no_control_flow = false; break; 1465 case Bytecodes::_dadd : 1466 case Bytecodes::_dsub : 1467 case Bytecodes::_dmul : 1468 case Bytecodes::_ddiv : 1469 case Bytecodes::_drem : 1470 current_frame.pop_stack_2( 1471 VerificationType::double2_type(), 1472 VerificationType::double_type(), CHECK_VERIFY(this)); 1473 // fall through 1474 case Bytecodes::_dneg : 1475 current_frame.pop_stack_2( 1476 VerificationType::double2_type(), 1477 VerificationType::double_type(), CHECK_VERIFY(this)); 1478 current_frame.push_stack_2( 1479 VerificationType::double_type(), 1480 VerificationType::double2_type(), CHECK_VERIFY(this)); 1481 no_control_flow = false; break; 1482 case Bytecodes::_iinc : 1483 verify_iinc(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this)); 1484 no_control_flow = false; break; 1485 case Bytecodes::_i2l : 1486 type = current_frame.pop_stack( 1487 VerificationType::integer_type(), CHECK_VERIFY(this)); 1488 current_frame.push_stack_2( 1489 VerificationType::long_type(), 1490 VerificationType::long2_type(), CHECK_VERIFY(this)); 1491 no_control_flow = false; break; 1492 case Bytecodes::_l2i : 1493 current_frame.pop_stack_2( 1494 VerificationType::long2_type(), 1495 VerificationType::long_type(), CHECK_VERIFY(this)); 1496 current_frame.push_stack( 1497 VerificationType::integer_type(), CHECK_VERIFY(this)); 1498 no_control_flow = false; break; 1499 case Bytecodes::_i2f : 1500 current_frame.pop_stack( 1501 VerificationType::integer_type(), CHECK_VERIFY(this)); 1502 current_frame.push_stack( 1503 VerificationType::float_type(), CHECK_VERIFY(this)); 1504 no_control_flow = false; break; 1505 case Bytecodes::_i2d : 1506 current_frame.pop_stack( 1507 VerificationType::integer_type(), CHECK_VERIFY(this)); 1508 current_frame.push_stack_2( 1509 VerificationType::double_type(), 1510 VerificationType::double2_type(), CHECK_VERIFY(this)); 1511 no_control_flow = false; break; 1512 case Bytecodes::_l2f : 1513 current_frame.pop_stack_2( 1514 VerificationType::long2_type(), 1515 VerificationType::long_type(), CHECK_VERIFY(this)); 1516 current_frame.push_stack( 1517 VerificationType::float_type(), CHECK_VERIFY(this)); 1518 no_control_flow = false; break; 1519 case Bytecodes::_l2d : 1520 current_frame.pop_stack_2( 1521 VerificationType::long2_type(), 1522 VerificationType::long_type(), CHECK_VERIFY(this)); 1523 current_frame.push_stack_2( 1524 VerificationType::double_type(), 1525 VerificationType::double2_type(), CHECK_VERIFY(this)); 1526 no_control_flow = false; break; 1527 case Bytecodes::_f2i : 1528 current_frame.pop_stack( 1529 VerificationType::float_type(), CHECK_VERIFY(this)); 1530 current_frame.push_stack( 1531 VerificationType::integer_type(), CHECK_VERIFY(this)); 1532 no_control_flow = false; break; 1533 case Bytecodes::_f2l : 1534 current_frame.pop_stack( 1535 VerificationType::float_type(), CHECK_VERIFY(this)); 1536 current_frame.push_stack_2( 1537 VerificationType::long_type(), 1538 VerificationType::long2_type(), CHECK_VERIFY(this)); 1539 no_control_flow = false; break; 1540 case Bytecodes::_f2d : 1541 current_frame.pop_stack( 1542 VerificationType::float_type(), CHECK_VERIFY(this)); 1543 current_frame.push_stack_2( 1544 VerificationType::double_type(), 1545 VerificationType::double2_type(), CHECK_VERIFY(this)); 1546 no_control_flow = false; break; 1547 case Bytecodes::_d2i : 1548 current_frame.pop_stack_2( 1549 VerificationType::double2_type(), 1550 VerificationType::double_type(), CHECK_VERIFY(this)); 1551 current_frame.push_stack( 1552 VerificationType::integer_type(), CHECK_VERIFY(this)); 1553 no_control_flow = false; break; 1554 case Bytecodes::_d2l : 1555 current_frame.pop_stack_2( 1556 VerificationType::double2_type(), 1557 VerificationType::double_type(), CHECK_VERIFY(this)); 1558 current_frame.push_stack_2( 1559 VerificationType::long_type(), 1560 VerificationType::long2_type(), CHECK_VERIFY(this)); 1561 no_control_flow = false; break; 1562 case Bytecodes::_d2f : 1563 current_frame.pop_stack_2( 1564 VerificationType::double2_type(), 1565 VerificationType::double_type(), CHECK_VERIFY(this)); 1566 current_frame.push_stack( 1567 VerificationType::float_type(), CHECK_VERIFY(this)); 1568 no_control_flow = false; break; 1569 case Bytecodes::_i2b : 1570 case Bytecodes::_i2c : 1571 case Bytecodes::_i2s : 1572 current_frame.pop_stack( 1573 VerificationType::integer_type(), CHECK_VERIFY(this)); 1574 current_frame.push_stack( 1575 VerificationType::integer_type(), CHECK_VERIFY(this)); 1576 no_control_flow = false; break; 1577 case Bytecodes::_lcmp : 1578 current_frame.pop_stack_2( 1579 VerificationType::long2_type(), 1580 VerificationType::long_type(), CHECK_VERIFY(this)); 1581 current_frame.pop_stack_2( 1582 VerificationType::long2_type(), 1583 VerificationType::long_type(), CHECK_VERIFY(this)); 1584 current_frame.push_stack( 1585 VerificationType::integer_type(), CHECK_VERIFY(this)); 1586 no_control_flow = false; break; 1587 case Bytecodes::_fcmpl : 1588 case Bytecodes::_fcmpg : 1589 current_frame.pop_stack( 1590 VerificationType::float_type(), CHECK_VERIFY(this)); 1591 current_frame.pop_stack( 1592 VerificationType::float_type(), CHECK_VERIFY(this)); 1593 current_frame.push_stack( 1594 VerificationType::integer_type(), CHECK_VERIFY(this)); 1595 no_control_flow = false; break; 1596 case Bytecodes::_dcmpl : 1597 case Bytecodes::_dcmpg : 1598 current_frame.pop_stack_2( 1599 VerificationType::double2_type(), 1600 VerificationType::double_type(), CHECK_VERIFY(this)); 1601 current_frame.pop_stack_2( 1602 VerificationType::double2_type(), 1603 VerificationType::double_type(), CHECK_VERIFY(this)); 1604 current_frame.push_stack( 1605 VerificationType::integer_type(), CHECK_VERIFY(this)); 1606 no_control_flow = false; break; 1607 case Bytecodes::_if_icmpeq: 1608 case Bytecodes::_if_icmpne: 1609 case Bytecodes::_if_icmplt: 1610 case Bytecodes::_if_icmpge: 1611 case Bytecodes::_if_icmpgt: 1612 case Bytecodes::_if_icmple: 1613 current_frame.pop_stack( 1614 VerificationType::integer_type(), CHECK_VERIFY(this)); 1615 // fall through 1616 case Bytecodes::_ifeq: 1617 case Bytecodes::_ifne: 1618 case Bytecodes::_iflt: 1619 case Bytecodes::_ifge: 1620 case Bytecodes::_ifgt: 1621 case Bytecodes::_ifle: 1622 current_frame.pop_stack( 1623 VerificationType::integer_type(), CHECK_VERIFY(this)); 1624 target = bcs.dest(); 1625 stackmap_table.check_jump_target( 1626 ¤t_frame, target, CHECK_VERIFY(this)); 1627 no_control_flow = false; break; 1628 case Bytecodes::_if_acmpeq : 1629 case Bytecodes::_if_acmpne : 1630 current_frame.pop_stack( 1631 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1632 // fall through 1633 case Bytecodes::_ifnull : 1634 case Bytecodes::_ifnonnull : 1635 current_frame.pop_stack( 1636 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1637 target = bcs.dest(); 1638 stackmap_table.check_jump_target 1639 (¤t_frame, target, CHECK_VERIFY(this)); 1640 no_control_flow = false; break; 1641 case Bytecodes::_goto : 1642 target = bcs.dest(); 1643 stackmap_table.check_jump_target( 1644 ¤t_frame, target, CHECK_VERIFY(this)); 1645 no_control_flow = true; break; 1646 case Bytecodes::_goto_w : 1647 target = bcs.dest_w(); 1648 stackmap_table.check_jump_target( 1649 ¤t_frame, target, CHECK_VERIFY(this)); 1650 no_control_flow = true; break; 1651 case Bytecodes::_tableswitch : 1652 case Bytecodes::_lookupswitch : 1653 verify_switch( 1654 &bcs, code_length, code_data, ¤t_frame, 1655 &stackmap_table, CHECK_VERIFY(this)); 1656 no_control_flow = true; break; 1657 case Bytecodes::_ireturn : 1658 type = current_frame.pop_stack( 1659 VerificationType::integer_type(), CHECK_VERIFY(this)); 1660 verify_return_value(return_type, type, bci, 1661 ¤t_frame, CHECK_VERIFY(this)); 1662 no_control_flow = true; break; 1663 case Bytecodes::_lreturn : 1664 type2 = current_frame.pop_stack( 1665 VerificationType::long2_type(), CHECK_VERIFY(this)); 1666 type = current_frame.pop_stack( 1667 VerificationType::long_type(), CHECK_VERIFY(this)); 1668 verify_return_value(return_type, type, bci, 1669 ¤t_frame, CHECK_VERIFY(this)); 1670 no_control_flow = true; break; 1671 case Bytecodes::_freturn : 1672 type = current_frame.pop_stack( 1673 VerificationType::float_type(), CHECK_VERIFY(this)); 1674 verify_return_value(return_type, type, bci, 1675 ¤t_frame, CHECK_VERIFY(this)); 1676 no_control_flow = true; break; 1677 case Bytecodes::_dreturn : 1678 type2 = current_frame.pop_stack( 1679 VerificationType::double2_type(), CHECK_VERIFY(this)); 1680 type = current_frame.pop_stack( 1681 VerificationType::double_type(), CHECK_VERIFY(this)); 1682 verify_return_value(return_type, type, bci, 1683 ¤t_frame, CHECK_VERIFY(this)); 1684 no_control_flow = true; break; 1685 case Bytecodes::_areturn : 1686 type = current_frame.pop_stack( 1687 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1688 verify_return_value(return_type, type, bci, 1689 ¤t_frame, CHECK_VERIFY(this)); 1690 no_control_flow = true; break; 1691 case Bytecodes::_return : 1692 if (return_type != VerificationType::bogus_type()) { 1693 verify_error(ErrorContext::bad_code(bci), 1694 "Method expects a return value"); 1695 return; 1696 } 1697 // Make sure "this" has been initialized if current method is an 1698 // <init>. 1699 if (_method->is_object_constructor() && 1700 current_frame.flag_this_uninit()) { 1701 verify_error(ErrorContext::bad_code(bci), 1702 "Constructor must call super() or this() " 1703 "before return"); 1704 return; 1705 } 1706 no_control_flow = true; break; 1707 case Bytecodes::_getstatic : 1708 case Bytecodes::_putstatic : 1709 // pass TRUE, operand can be an array type for getstatic/putstatic. 1710 verify_field_instructions( 1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this)); 1712 no_control_flow = false; break; 1713 case Bytecodes::_getfield : 1714 case Bytecodes::_putfield : 1715 // pass FALSE, operand can't be an array type for getfield/putfield. 1716 verify_field_instructions( 1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1718 no_control_flow = false; break; 1719 case Bytecodes::_withfield : 1720 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) { 1721 class_format_error( 1722 "withfield not supported by this class file version (%d.%d), class %s", 1723 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1724 return; 1725 } 1726 // pass FALSE, operand can't be an array type for withfield. 1727 verify_field_instructions( 1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this)); 1729 no_control_flow = false; break; 1730 case Bytecodes::_invokevirtual : 1731 case Bytecodes::_invokespecial : 1732 case Bytecodes::_invokestatic : 1733 case Bytecodes::_invokeinterface : 1734 case Bytecodes::_invokedynamic : 1735 verify_invoke_instructions( 1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max), 1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this)); 1738 no_control_flow = false; break; 1739 case Bytecodes::_new : 1740 { 1741 index = bcs.get_index_u2(); 1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1743 VerificationType new_class_type = 1744 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1745 if (!new_class_type.is_object()) { 1746 verify_error(ErrorContext::bad_type(bci, 1747 TypeOrigin::cp(index, new_class_type)), 1748 "Illegal new instruction"); 1749 return; 1750 } 1751 type = VerificationType::uninitialized_type(bci); 1752 current_frame.push_stack(type, CHECK_VERIFY(this)); 1753 no_control_flow = false; break; 1754 } 1755 case Bytecodes::_aconst_init : 1756 { 1757 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) { 1758 class_format_error( 1759 "aconst_init not supported by this class file version (%d.%d), class %s", 1760 _klass->major_version(), _klass->minor_version(), _klass->external_name()); 1761 return; 1762 } 1763 index = bcs.get_index_u2(); 1764 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1765 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1766 if (!ref_type.is_object()) { 1767 verify_error(ErrorContext::bad_type(bci, 1768 TypeOrigin::cp(index, ref_type)), 1769 "Illegal aconst_init instruction"); 1770 return; 1771 } 1772 VerificationType inline_type = 1773 VerificationType::change_ref_to_inline_type(ref_type); 1774 current_frame.push_stack(inline_type, CHECK_VERIFY(this)); 1775 no_control_flow = false; break; 1776 } 1777 case Bytecodes::_newarray : 1778 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this)); 1779 current_frame.pop_stack( 1780 VerificationType::integer_type(), CHECK_VERIFY(this)); 1781 current_frame.push_stack(type, CHECK_VERIFY(this)); 1782 no_control_flow = false; break; 1783 case Bytecodes::_anewarray : 1784 verify_anewarray( 1785 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this)); 1786 no_control_flow = false; break; 1787 case Bytecodes::_arraylength : 1788 type = current_frame.pop_stack( 1789 VerificationType::reference_check(), CHECK_VERIFY(this)); 1790 if (!(type.is_null() || type.is_array())) { 1791 verify_error(ErrorContext::bad_type( 1792 bci, current_frame.stack_top_ctx()), 1793 bad_type_msg, "arraylength"); 1794 } 1795 current_frame.push_stack( 1796 VerificationType::integer_type(), CHECK_VERIFY(this)); 1797 no_control_flow = false; break; 1798 case Bytecodes::_checkcast : 1799 { 1800 index = bcs.get_index_u2(); 1801 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1802 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1803 VerificationType klass_type = cp_index_to_type( 1804 index, cp, CHECK_VERIFY(this)); 1805 current_frame.push_stack(klass_type, CHECK_VERIFY(this)); 1806 no_control_flow = false; break; 1807 } 1808 case Bytecodes::_instanceof : { 1809 index = bcs.get_index_u2(); 1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this)); 1812 current_frame.push_stack( 1813 VerificationType::integer_type(), CHECK_VERIFY(this)); 1814 no_control_flow = false; break; 1815 } 1816 case Bytecodes::_monitorenter : 1817 case Bytecodes::_monitorexit : { 1818 VerificationType ref = current_frame.pop_stack( 1819 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 1820 no_control_flow = false; break; 1821 } 1822 case Bytecodes::_multianewarray : 1823 { 1824 index = bcs.get_index_u2(); 1825 u2 dim = *(bcs.bcp()+3); 1826 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 1827 VerificationType new_array_type = 1828 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 1829 if (!new_array_type.is_array()) { 1830 verify_error(ErrorContext::bad_type(bci, 1831 TypeOrigin::cp(index, new_array_type)), 1832 "Illegal constant pool index in multianewarray instruction"); 1833 return; 1834 } 1835 if (dim < 1 || new_array_type.dimensions() < dim) { 1836 verify_error(ErrorContext::bad_code(bci), 1837 "Illegal dimension in multianewarray instruction: %d", dim); 1838 return; 1839 } 1840 for (int i = 0; i < dim; i++) { 1841 current_frame.pop_stack( 1842 VerificationType::integer_type(), CHECK_VERIFY(this)); 1843 } 1844 current_frame.push_stack(new_array_type, CHECK_VERIFY(this)); 1845 no_control_flow = false; break; 1846 } 1847 case Bytecodes::_athrow : 1848 type = VerificationType::reference_type( 1849 vmSymbols::java_lang_Throwable()); 1850 current_frame.pop_stack(type, CHECK_VERIFY(this)); 1851 no_control_flow = true; break; 1852 default: 1853 // We only need to check the valid bytecodes in class file. 1854 // And jsr and ret are not in the new class file format in JDK1.6. 1855 verify_error(ErrorContext::bad_code(bci), 1856 "Bad instruction: %02x", opcode); 1857 no_control_flow = false; 1858 return; 1859 } // end switch 1860 } // end Merge with the next instruction 1861 1862 // Look for possible jump target in exception handlers and see if it matches 1863 // current_frame. Don't do this check if it has already been done (for 1864 // ([a,d,f,i,l]store* opcodes). This check cannot be done earlier because 1865 // opcodes, such as invokespecial, may set the this_uninit flag. 1866 assert(!(verified_exc_handlers && this_uninit), 1867 "Exception handler targets got verified before this_uninit got set"); 1868 if (!verified_exc_handlers && bci >= ex_min && bci < ex_max) { 1869 if (was_recursively_verified()) return; 1870 verify_exception_handler_targets( 1871 bci, this_uninit, ¤t_frame, &stackmap_table, CHECK_VERIFY(this)); 1872 } 1873 } // end while 1874 1875 // Make sure that control flow does not fall through end of the method 1876 if (!no_control_flow) { 1877 verify_error(ErrorContext::bad_code(code_length), 1878 "Control flow falls through code end"); 1879 return; 1880 } 1881 } 1882 1883 #undef bad_type_message 1884 1885 char* ClassVerifier::generate_code_data(const methodHandle& m, u4 code_length, TRAPS) { 1886 char* code_data = NEW_RESOURCE_ARRAY(char, code_length); 1887 memset(code_data, 0, sizeof(char) * code_length); 1888 RawBytecodeStream bcs(m); 1889 1890 while (!bcs.is_last_bytecode()) { 1891 if (bcs.raw_next() != Bytecodes::_illegal) { 1892 int bci = bcs.bci(); 1893 if (bcs.raw_code() == Bytecodes::_new) { 1894 code_data[bci] = NEW_OFFSET; 1895 } else { 1896 code_data[bci] = BYTECODE_OFFSET; 1897 } 1898 } else { 1899 verify_error(ErrorContext::bad_code(bcs.bci()), "Bad instruction"); 1900 return NULL; 1901 } 1902 } 1903 1904 return code_data; 1905 } 1906 1907 // Since this method references the constant pool, call was_recursively_verified() 1908 // before calling this method to make sure a prior class load did not cause the 1909 // current class to get verified. 1910 void ClassVerifier::verify_exception_handler_table(u4 code_length, char* code_data, int& min, int& max, TRAPS) { 1911 ExceptionTable exhandlers(_method()); 1912 int exlength = exhandlers.length(); 1913 constantPoolHandle cp (THREAD, _method->constants()); 1914 1915 for(int i = 0; i < exlength; i++) { 1916 u2 start_pc = exhandlers.start_pc(i); 1917 u2 end_pc = exhandlers.end_pc(i); 1918 u2 handler_pc = exhandlers.handler_pc(i); 1919 if (start_pc >= code_length || code_data[start_pc] == 0) { 1920 class_format_error("Illegal exception table start_pc %d", start_pc); 1921 return; 1922 } 1923 if (end_pc != code_length) { // special case: end_pc == code_length 1924 if (end_pc > code_length || code_data[end_pc] == 0) { 1925 class_format_error("Illegal exception table end_pc %d", end_pc); 1926 return; 1927 } 1928 } 1929 if (handler_pc >= code_length || code_data[handler_pc] == 0) { 1930 class_format_error("Illegal exception table handler_pc %d", handler_pc); 1931 return; 1932 } 1933 int catch_type_index = exhandlers.catch_type_index(i); 1934 if (catch_type_index != 0) { 1935 VerificationType catch_type = cp_index_to_type( 1936 catch_type_index, cp, CHECK_VERIFY(this)); 1937 VerificationType throwable = 1938 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 1939 // If the catch type is Throwable pre-resolve it now as the assignable check won't 1940 // do that, and we need to avoid a runtime resolution in case we are trying to 1941 // catch OutOfMemoryError. 1942 if (cp->klass_name_at(catch_type_index) == vmSymbols::java_lang_Throwable()) { 1943 cp->klass_at(catch_type_index, CHECK); 1944 } 1945 bool is_subclass = throwable.is_assignable_from( 1946 catch_type, this, false, CHECK_VERIFY(this)); 1947 if (!is_subclass) { 1948 // 4286534: should throw VerifyError according to recent spec change 1949 verify_error(ErrorContext::bad_type(handler_pc, 1950 TypeOrigin::cp(catch_type_index, catch_type), 1951 TypeOrigin::implicit(throwable)), 1952 "Catch type is not a subclass " 1953 "of Throwable in exception handler %d", handler_pc); 1954 return; 1955 } 1956 } 1957 if (start_pc < min) min = start_pc; 1958 if (end_pc > max) max = end_pc; 1959 } 1960 } 1961 1962 void ClassVerifier::verify_local_variable_table(u4 code_length, char* code_data, TRAPS) { 1963 int localvariable_table_length = _method->localvariable_table_length(); 1964 if (localvariable_table_length > 0) { 1965 LocalVariableTableElement* table = _method->localvariable_table_start(); 1966 for (int i = 0; i < localvariable_table_length; i++) { 1967 u2 start_bci = table[i].start_bci; 1968 u2 length = table[i].length; 1969 1970 if (start_bci >= code_length || code_data[start_bci] == 0) { 1971 class_format_error( 1972 "Illegal local variable table start_pc %d", start_bci); 1973 return; 1974 } 1975 u4 end_bci = (u4)(start_bci + length); 1976 if (end_bci != code_length) { 1977 if (end_bci >= code_length || code_data[end_bci] == 0) { 1978 class_format_error( "Illegal local variable table length %d", length); 1979 return; 1980 } 1981 } 1982 } 1983 } 1984 } 1985 1986 u2 ClassVerifier::verify_stackmap_table(u2 stackmap_index, u2 bci, 1987 StackMapFrame* current_frame, 1988 StackMapTable* stackmap_table, 1989 bool no_control_flow, TRAPS) { 1990 if (stackmap_index < stackmap_table->get_frame_count()) { 1991 u2 this_offset = stackmap_table->get_offset(stackmap_index); 1992 if (no_control_flow && this_offset > bci) { 1993 verify_error(ErrorContext::missing_stackmap(bci), 1994 "Expecting a stack map frame"); 1995 return 0; 1996 } 1997 if (this_offset == bci) { 1998 ErrorContext ctx; 1999 // See if current stack map can be assigned to the frame in table. 2000 // current_frame is the stackmap frame got from the last instruction. 2001 // If matched, current_frame will be updated by this method. 2002 bool matches = stackmap_table->match_stackmap( 2003 current_frame, this_offset, stackmap_index, 2004 !no_control_flow, true, &ctx, CHECK_VERIFY_(this, 0)); 2005 if (!matches) { 2006 // report type error 2007 verify_error(ctx, "Instruction type does not match stack map"); 2008 return 0; 2009 } 2010 stackmap_index++; 2011 } else if (this_offset < bci) { 2012 // current_offset should have met this_offset. 2013 class_format_error("Bad stack map offset %d", this_offset); 2014 return 0; 2015 } 2016 } else if (no_control_flow) { 2017 verify_error(ErrorContext::bad_code(bci), "Expecting a stack map frame"); 2018 return 0; 2019 } 2020 return stackmap_index; 2021 } 2022 2023 // Since this method references the constant pool, call was_recursively_verified() 2024 // before calling this method to make sure a prior class load did not cause the 2025 // current class to get verified. 2026 void ClassVerifier::verify_exception_handler_targets(u2 bci, bool this_uninit, 2027 StackMapFrame* current_frame, 2028 StackMapTable* stackmap_table, TRAPS) { 2029 constantPoolHandle cp (THREAD, _method->constants()); 2030 ExceptionTable exhandlers(_method()); 2031 int exlength = exhandlers.length(); 2032 for(int i = 0; i < exlength; i++) { 2033 u2 start_pc = exhandlers.start_pc(i); 2034 u2 end_pc = exhandlers.end_pc(i); 2035 u2 handler_pc = exhandlers.handler_pc(i); 2036 int catch_type_index = exhandlers.catch_type_index(i); 2037 if(bci >= start_pc && bci < end_pc) { 2038 u1 flags = current_frame->flags(); 2039 if (this_uninit) { flags |= FLAG_THIS_UNINIT; } 2040 StackMapFrame* new_frame = current_frame->frame_in_exception_handler(flags); 2041 if (catch_type_index != 0) { 2042 if (was_recursively_verified()) return; 2043 // We know that this index refers to a subclass of Throwable 2044 VerificationType catch_type = cp_index_to_type( 2045 catch_type_index, cp, CHECK_VERIFY(this)); 2046 new_frame->push_stack(catch_type, CHECK_VERIFY(this)); 2047 } else { 2048 VerificationType throwable = 2049 VerificationType::reference_type(vmSymbols::java_lang_Throwable()); 2050 new_frame->push_stack(throwable, CHECK_VERIFY(this)); 2051 } 2052 ErrorContext ctx; 2053 bool matches = stackmap_table->match_stackmap( 2054 new_frame, handler_pc, true, false, &ctx, CHECK_VERIFY(this)); 2055 if (!matches) { 2056 verify_error(ctx, "Stack map does not match the one at " 2057 "exception handler %d", handler_pc); 2058 return; 2059 } 2060 } 2061 } 2062 } 2063 2064 void ClassVerifier::verify_cp_index( 2065 u2 bci, const constantPoolHandle& cp, int index, TRAPS) { 2066 int nconstants = cp->length(); 2067 if ((index <= 0) || (index >= nconstants)) { 2068 verify_error(ErrorContext::bad_cp_index(bci, index), 2069 "Illegal constant pool index %d in class %s", 2070 index, cp->pool_holder()->external_name()); 2071 return; 2072 } 2073 } 2074 2075 void ClassVerifier::verify_cp_type( 2076 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) { 2077 2078 // In some situations, bytecode rewriting may occur while we're verifying. 2079 // In this case, a constant pool cache exists and some indices refer to that 2080 // instead. Be sure we don't pick up such indices by accident. 2081 // We must check was_recursively_verified() before we get here. 2082 guarantee(cp->cache() == NULL, "not rewritten yet"); 2083 2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2085 unsigned int tag = cp->tag_at(index).value(); 2086 2087 if ((types & (1 << tag)) == 0) { 2088 verify_error(ErrorContext::bad_cp_index(bci, index), 2089 "Illegal type at constant pool entry %d in class %s", 2090 index, cp->pool_holder()->external_name()); 2091 return; 2092 } 2093 } 2094 2095 void ClassVerifier::verify_cp_class_type( 2096 u2 bci, int index, const constantPoolHandle& cp, TRAPS) { 2097 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2098 constantTag tag = cp->tag_at(index); 2099 if (!tag.is_klass() && !tag.is_unresolved_klass()) { 2100 verify_error(ErrorContext::bad_cp_index(bci, index), 2101 "Illegal type at constant pool entry %d in class %s", 2102 index, cp->pool_holder()->external_name()); 2103 return; 2104 } 2105 } 2106 2107 void ClassVerifier::verify_error(ErrorContext ctx, const char* msg, ...) { 2108 stringStream ss; 2109 2110 ctx.reset_frames(); 2111 _exception_type = vmSymbols::java_lang_VerifyError(); 2112 _error_context = ctx; 2113 va_list va; 2114 va_start(va, msg); 2115 ss.vprint(msg, va); 2116 va_end(va); 2117 _message = ss.as_string(); 2118 #ifdef ASSERT 2119 ResourceMark rm; 2120 const char* exception_name = _exception_type->as_C_string(); 2121 Exceptions::debug_check_abort(exception_name, NULL); 2122 #endif // ndef ASSERT 2123 } 2124 2125 void ClassVerifier::class_format_error(const char* msg, ...) { 2126 stringStream ss; 2127 _exception_type = vmSymbols::java_lang_ClassFormatError(); 2128 va_list va; 2129 va_start(va, msg); 2130 ss.vprint(msg, va); 2131 va_end(va); 2132 if (!_method.is_null()) { 2133 ss.print(" in method '"); 2134 _method->print_external_name(&ss); 2135 ss.print("'"); 2136 } 2137 _message = ss.as_string(); 2138 } 2139 2140 Klass* ClassVerifier::load_class(Symbol* name, TRAPS) { 2141 HandleMark hm(THREAD); 2142 // Get current loader and protection domain first. 2143 oop loader = current_class()->class_loader(); 2144 oop protection_domain = current_class()->protection_domain(); 2145 2146 assert(name_in_supers(name, current_class()), "name should be a super class"); 2147 2148 Klass* kls = SystemDictionary::resolve_or_fail( 2149 name, Handle(THREAD, loader), Handle(THREAD, protection_domain), 2150 true, THREAD); 2151 2152 if (kls != NULL) { 2153 if (log_is_enabled(Debug, class, resolve)) { 2154 Verifier::trace_class_resolution(kls, current_class()); 2155 } 2156 } 2157 return kls; 2158 } 2159 2160 bool ClassVerifier::is_protected_access(InstanceKlass* this_class, 2161 Klass* target_class, 2162 Symbol* field_name, 2163 Symbol* field_sig, 2164 bool is_method) { 2165 NoSafepointVerifier nosafepoint; 2166 2167 // If target class isn't a super class of this class, we don't worry about this case 2168 if (!this_class->is_subclass_of(target_class)) { 2169 return false; 2170 } 2171 // Check if the specified method or field is protected 2172 InstanceKlass* target_instance = InstanceKlass::cast(target_class); 2173 fieldDescriptor fd; 2174 if (is_method) { 2175 Method* m = target_instance->uncached_lookup_method(field_name, field_sig, Klass::OverpassLookupMode::find); 2176 if (m != NULL && m->is_protected()) { 2177 if (!this_class->is_same_class_package(m->method_holder())) { 2178 return true; 2179 } 2180 } 2181 } else { 2182 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd); 2183 if (member_klass != NULL && fd.is_protected()) { 2184 if (!this_class->is_same_class_package(member_klass)) { 2185 return true; 2186 } 2187 } 2188 } 2189 return false; 2190 } 2191 2192 void ClassVerifier::verify_ldc( 2193 int opcode, u2 index, StackMapFrame* current_frame, 2194 const constantPoolHandle& cp, u2 bci, TRAPS) { 2195 verify_cp_index(bci, cp, index, CHECK_VERIFY(this)); 2196 constantTag tag = cp->tag_at(index); 2197 unsigned int types = 0; 2198 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) { 2199 if (!tag.is_unresolved_klass()) { 2200 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float) 2201 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class) 2202 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType) 2203 | (1 << JVM_CONSTANT_Dynamic); 2204 // Note: The class file parser already verified the legality of 2205 // MethodHandle and MethodType constants. 2206 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2207 } 2208 } else { 2209 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w"); 2210 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long) 2211 | (1 << JVM_CONSTANT_Dynamic); 2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2213 } 2214 if (tag.is_string()) { 2215 current_frame->push_stack( 2216 VerificationType::reference_type( 2217 vmSymbols::java_lang_String()), CHECK_VERIFY(this)); 2218 } else if (tag.is_klass() || tag.is_unresolved_klass()) { 2219 current_frame->push_stack( 2220 VerificationType::reference_type( 2221 vmSymbols::java_lang_Class()), CHECK_VERIFY(this)); 2222 } else if (tag.is_int()) { 2223 current_frame->push_stack( 2224 VerificationType::integer_type(), CHECK_VERIFY(this)); 2225 } else if (tag.is_float()) { 2226 current_frame->push_stack( 2227 VerificationType::float_type(), CHECK_VERIFY(this)); 2228 } else if (tag.is_double()) { 2229 current_frame->push_stack_2( 2230 VerificationType::double_type(), 2231 VerificationType::double2_type(), CHECK_VERIFY(this)); 2232 } else if (tag.is_long()) { 2233 current_frame->push_stack_2( 2234 VerificationType::long_type(), 2235 VerificationType::long2_type(), CHECK_VERIFY(this)); 2236 } else if (tag.is_method_handle()) { 2237 current_frame->push_stack( 2238 VerificationType::reference_type( 2239 vmSymbols::java_lang_invoke_MethodHandle()), CHECK_VERIFY(this)); 2240 } else if (tag.is_method_type()) { 2241 current_frame->push_stack( 2242 VerificationType::reference_type( 2243 vmSymbols::java_lang_invoke_MethodType()), CHECK_VERIFY(this)); 2244 } else if (tag.is_dynamic_constant()) { 2245 Symbol* constant_type = cp->uncached_signature_ref_at(index); 2246 // Field signature was checked in ClassFileParser. 2247 assert(SignatureVerifier::is_valid_type_signature(constant_type), 2248 "Invalid type for dynamic constant"); 2249 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2250 "buffer type must match VerificationType size"); 2251 uintptr_t constant_type_buffer[2]; 2252 VerificationType* v_constant_type = (VerificationType*)constant_type_buffer; 2253 SignatureStream sig_stream(constant_type, false); 2254 int n = change_sig_to_verificationType(&sig_stream, v_constant_type); 2255 int opcode_n = (opcode == Bytecodes::_ldc2_w ? 2 : 1); 2256 if (n != opcode_n) { 2257 // wrong kind of ldc; reverify against updated type mask 2258 types &= ~(1 << JVM_CONSTANT_Dynamic); 2259 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this)); 2260 } 2261 for (int i = 0; i < n; i++) { 2262 current_frame->push_stack(v_constant_type[i], CHECK_VERIFY(this)); 2263 } 2264 } else { 2265 /* Unreachable? verify_cp_type has already validated the cp type. */ 2266 verify_error( 2267 ErrorContext::bad_cp_index(bci, index), "Invalid index in ldc"); 2268 return; 2269 } 2270 } 2271 2272 void ClassVerifier::verify_switch( 2273 RawBytecodeStream* bcs, u4 code_length, char* code_data, 2274 StackMapFrame* current_frame, StackMapTable* stackmap_table, TRAPS) { 2275 int bci = bcs->bci(); 2276 address bcp = bcs->bcp(); 2277 address aligned_bcp = align_up(bcp + 1, jintSize); 2278 2279 if (_klass->major_version() < NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION) { 2280 // 4639449 & 4647081: padding bytes must be 0 2281 u2 padding_offset = 1; 2282 while ((bcp + padding_offset) < aligned_bcp) { 2283 if(*(bcp + padding_offset) != 0) { 2284 verify_error(ErrorContext::bad_code(bci), 2285 "Nonzero padding byte in lookupswitch or tableswitch"); 2286 return; 2287 } 2288 padding_offset++; 2289 } 2290 } 2291 2292 int default_offset = (int) Bytes::get_Java_u4(aligned_bcp); 2293 int keys, delta; 2294 current_frame->pop_stack( 2295 VerificationType::integer_type(), CHECK_VERIFY(this)); 2296 if (bcs->raw_code() == Bytecodes::_tableswitch) { 2297 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2298 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2299 if (low > high) { 2300 verify_error(ErrorContext::bad_code(bci), 2301 "low must be less than or equal to high in tableswitch"); 2302 return; 2303 } 2304 keys = high - low + 1; 2305 if (keys < 0) { 2306 verify_error(ErrorContext::bad_code(bci), "too many keys in tableswitch"); 2307 return; 2308 } 2309 delta = 1; 2310 } else { 2311 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2312 if (keys < 0) { 2313 verify_error(ErrorContext::bad_code(bci), 2314 "number of keys in lookupswitch less than 0"); 2315 return; 2316 } 2317 delta = 2; 2318 // Make sure that the lookupswitch items are sorted 2319 for (int i = 0; i < (keys - 1); i++) { 2320 jint this_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i)*jintSize); 2321 jint next_key = Bytes::get_Java_u4(aligned_bcp + (2+2*i+2)*jintSize); 2322 if (this_key >= next_key) { 2323 verify_error(ErrorContext::bad_code(bci), 2324 "Bad lookupswitch instruction"); 2325 return; 2326 } 2327 } 2328 } 2329 int target = bci + default_offset; 2330 stackmap_table->check_jump_target(current_frame, target, CHECK_VERIFY(this)); 2331 for (int i = 0; i < keys; i++) { 2332 // Because check_jump_target() may safepoint, the bytecode could have 2333 // moved, which means 'aligned_bcp' is no good and needs to be recalculated. 2334 aligned_bcp = align_up(bcs->bcp() + 1, jintSize); 2335 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2336 stackmap_table->check_jump_target( 2337 current_frame, target, CHECK_VERIFY(this)); 2338 } 2339 NOT_PRODUCT(aligned_bcp = NULL); // no longer valid at this point 2340 } 2341 2342 bool ClassVerifier::name_in_supers( 2343 Symbol* ref_name, InstanceKlass* current) { 2344 Klass* super = current->super(); 2345 while (super != NULL) { 2346 if (super->name() == ref_name) { 2347 return true; 2348 } 2349 super = super->super(); 2350 } 2351 return false; 2352 } 2353 2354 void ClassVerifier::verify_field_instructions(RawBytecodeStream* bcs, 2355 StackMapFrame* current_frame, 2356 const constantPoolHandle& cp, 2357 bool allow_arrays, 2358 TRAPS) { 2359 u2 index = bcs->get_index_u2(); 2360 verify_cp_type(bcs->bci(), index, cp, 2361 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this)); 2362 2363 // Get field name and signature 2364 Symbol* field_name = cp->name_ref_at(index); 2365 Symbol* field_sig = cp->signature_ref_at(index); 2366 bool is_getfield = false; 2367 2368 // Field signature was checked in ClassFileParser. 2369 assert(SignatureVerifier::is_valid_type_signature(field_sig), 2370 "Invalid field signature"); 2371 2372 // Get referenced class type 2373 VerificationType ref_class_type = cp_ref_index_to_type( 2374 index, cp, CHECK_VERIFY(this)); 2375 if (!ref_class_type.is_object() && 2376 (!allow_arrays || !ref_class_type.is_array())) { 2377 verify_error(ErrorContext::bad_type(bcs->bci(), 2378 TypeOrigin::cp(index, ref_class_type)), 2379 "Expecting reference to class in class %s at constant pool index %d", 2380 _klass->external_name(), index); 2381 return; 2382 } 2383 2384 VerificationType target_class_type = ref_class_type; 2385 2386 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2387 "buffer type must match VerificationType size"); 2388 uintptr_t field_type_buffer[2]; 2389 VerificationType* field_type = (VerificationType*)field_type_buffer; 2390 // If we make a VerificationType[2] array directly, the compiler calls 2391 // to the c-runtime library to do the allocation instead of just 2392 // stack allocating it. Plus it would run constructors. This shows up 2393 // in performance profiles. 2394 2395 SignatureStream sig_stream(field_sig, false); 2396 VerificationType stack_object_type; 2397 int n = change_sig_to_verificationType(&sig_stream, field_type); 2398 u2 bci = bcs->bci(); 2399 bool is_assignable; 2400 switch (bcs->raw_code()) { 2401 case Bytecodes::_getstatic: { 2402 for (int i = 0; i < n; i++) { 2403 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2404 } 2405 break; 2406 } 2407 case Bytecodes::_putstatic: { 2408 for (int i = n - 1; i >= 0; i--) { 2409 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2410 } 2411 break; 2412 } 2413 case Bytecodes::_withfield: { 2414 for (int i = n - 1; i >= 0; i--) { 2415 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2416 } 2417 // Check that the receiver is a subtype of the referenced class. 2418 current_frame->pop_stack(target_class_type, CHECK_VERIFY(this)); 2419 VerificationType target_inline_type = 2420 VerificationType::change_ref_to_inline_type(target_class_type); 2421 current_frame->push_stack(target_inline_type, CHECK_VERIFY(this)); 2422 break; 2423 } 2424 case Bytecodes::_getfield: { 2425 is_getfield = true; 2426 stack_object_type = current_frame->pop_stack( 2427 target_class_type, CHECK_VERIFY(this)); 2428 goto check_protected; 2429 } 2430 case Bytecodes::_putfield: { 2431 for (int i = n - 1; i >= 0; i--) { 2432 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this)); 2433 } 2434 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this)); 2435 2436 // The JVMS 2nd edition allows field initialization before the superclass 2437 // initializer, if the field is defined within the current class. 2438 fieldDescriptor fd; 2439 if (stack_object_type == VerificationType::uninitialized_this_type() && 2440 target_class_type.equals(current_type()) && 2441 _klass->find_local_field(field_name, field_sig, &fd)) { 2442 stack_object_type = current_type(); 2443 } 2444 is_assignable = target_class_type.is_assignable_from( 2445 stack_object_type, this, false, CHECK_VERIFY(this)); 2446 if (!is_assignable) { 2447 verify_error(ErrorContext::bad_type(bci, 2448 current_frame->stack_top_ctx(), 2449 TypeOrigin::cp(index, target_class_type)), 2450 "Bad type on operand stack in putfield"); 2451 return; 2452 } 2453 } 2454 check_protected: { 2455 if (_this_type == stack_object_type) 2456 break; // stack_object_type must be assignable to _current_class_type 2457 if (was_recursively_verified()) { 2458 if (is_getfield) { 2459 // Push field type for getfield. 2460 for (int i = 0; i < n; i++) { 2461 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2462 } 2463 } 2464 return; 2465 } 2466 Symbol* ref_class_name = 2467 cp->klass_name_at(cp->klass_ref_index_at(index)); 2468 if (!name_in_supers(ref_class_name, current_class())) 2469 // stack_object_type must be assignable to _current_class_type since: 2470 // 1. stack_object_type must be assignable to ref_class. 2471 // 2. ref_class must be _current_class or a subclass of it. It can't 2472 // be a superclass of it. See revised JVMS 5.4.4. 2473 break; 2474 2475 Klass* ref_class_oop = load_class(ref_class_name, CHECK); 2476 if (is_protected_access(current_class(), ref_class_oop, field_name, 2477 field_sig, false)) { 2478 // It's protected access, check if stack object is assignable to 2479 // current class. 2480 is_assignable = current_type().is_assignable_from( 2481 stack_object_type, this, true, CHECK_VERIFY(this)); 2482 if (!is_assignable) { 2483 verify_error(ErrorContext::bad_type(bci, 2484 current_frame->stack_top_ctx(), 2485 TypeOrigin::implicit(current_type())), 2486 "Bad access to protected data in %s", 2487 is_getfield ? "getfield" : "putfield"); 2488 return; 2489 } 2490 } 2491 break; 2492 } 2493 default: ShouldNotReachHere(); 2494 } 2495 if (is_getfield) { 2496 // Push field type for getfield after doing protection check. 2497 for (int i = 0; i < n; i++) { 2498 current_frame->push_stack(field_type[i], CHECK_VERIFY(this)); 2499 } 2500 } 2501 } 2502 2503 // Look at the method's handlers. If the bci is in the handler's try block 2504 // then check if the handler_pc is already on the stack. If not, push it 2505 // unless the handler has already been scanned. 2506 void ClassVerifier::push_handlers(ExceptionTable* exhandlers, 2507 GrowableArray<u4>* handler_list, 2508 GrowableArray<u4>* handler_stack, 2509 u4 bci) { 2510 int exlength = exhandlers->length(); 2511 for(int x = 0; x < exlength; x++) { 2512 if (bci >= exhandlers->start_pc(x) && bci < exhandlers->end_pc(x)) { 2513 u4 exhandler_pc = exhandlers->handler_pc(x); 2514 if (!handler_list->contains(exhandler_pc)) { 2515 handler_stack->append_if_missing(exhandler_pc); 2516 handler_list->append(exhandler_pc); 2517 } 2518 } 2519 } 2520 } 2521 2522 // Return TRUE if all code paths starting with start_bc_offset end in 2523 // bytecode athrow or loop. 2524 bool ClassVerifier::ends_in_athrow(u4 start_bc_offset) { 2525 ResourceMark rm; 2526 // Create bytecode stream. 2527 RawBytecodeStream bcs(method()); 2528 u4 code_length = method()->code_size(); 2529 bcs.set_start(start_bc_offset); 2530 u4 target; 2531 // Create stack for storing bytecode start offsets for if* and *switch. 2532 GrowableArray<u4>* bci_stack = new GrowableArray<u4>(30); 2533 // Create stack for handlers for try blocks containing this handler. 2534 GrowableArray<u4>* handler_stack = new GrowableArray<u4>(30); 2535 // Create list of handlers that have been pushed onto the handler_stack 2536 // so that handlers embedded inside of their own TRY blocks only get 2537 // scanned once. 2538 GrowableArray<u4>* handler_list = new GrowableArray<u4>(30); 2539 // Create list of visited branch opcodes (goto* and if*). 2540 GrowableArray<u4>* visited_branches = new GrowableArray<u4>(30); 2541 ExceptionTable exhandlers(_method()); 2542 2543 while (true) { 2544 if (bcs.is_last_bytecode()) { 2545 // if no more starting offsets to parse or if at the end of the 2546 // method then return false. 2547 if ((bci_stack->is_empty()) || ((u4)bcs.end_bci() == code_length)) 2548 return false; 2549 // Pop a bytecode starting offset and scan from there. 2550 bcs.set_start(bci_stack->pop()); 2551 } 2552 Bytecodes::Code opcode = bcs.raw_next(); 2553 u4 bci = bcs.bci(); 2554 2555 // If the bytecode is in a TRY block, push its handlers so they 2556 // will get parsed. 2557 push_handlers(&exhandlers, handler_list, handler_stack, bci); 2558 2559 switch (opcode) { 2560 case Bytecodes::_if_icmpeq: 2561 case Bytecodes::_if_icmpne: 2562 case Bytecodes::_if_icmplt: 2563 case Bytecodes::_if_icmpge: 2564 case Bytecodes::_if_icmpgt: 2565 case Bytecodes::_if_icmple: 2566 case Bytecodes::_ifeq: 2567 case Bytecodes::_ifne: 2568 case Bytecodes::_iflt: 2569 case Bytecodes::_ifge: 2570 case Bytecodes::_ifgt: 2571 case Bytecodes::_ifle: 2572 case Bytecodes::_if_acmpeq: 2573 case Bytecodes::_if_acmpne: 2574 case Bytecodes::_ifnull: 2575 case Bytecodes::_ifnonnull: 2576 target = bcs.dest(); 2577 if (visited_branches->contains(bci)) { 2578 if (bci_stack->is_empty()) { 2579 if (handler_stack->is_empty()) { 2580 return true; 2581 } else { 2582 // Parse the catch handlers for try blocks containing athrow. 2583 bcs.set_start(handler_stack->pop()); 2584 } 2585 } else { 2586 // Pop a bytecode starting offset and scan from there. 2587 bcs.set_start(bci_stack->pop()); 2588 } 2589 } else { 2590 if (target > bci) { // forward branch 2591 if (target >= code_length) return false; 2592 // Push the branch target onto the stack. 2593 bci_stack->push(target); 2594 // then, scan bytecodes starting with next. 2595 bcs.set_start(bcs.next_bci()); 2596 } else { // backward branch 2597 // Push bytecode offset following backward branch onto the stack. 2598 bci_stack->push(bcs.next_bci()); 2599 // Check bytecodes starting with branch target. 2600 bcs.set_start(target); 2601 } 2602 // Record target so we don't branch here again. 2603 visited_branches->append(bci); 2604 } 2605 break; 2606 2607 case Bytecodes::_goto: 2608 case Bytecodes::_goto_w: 2609 target = (opcode == Bytecodes::_goto ? bcs.dest() : bcs.dest_w()); 2610 if (visited_branches->contains(bci)) { 2611 if (bci_stack->is_empty()) { 2612 if (handler_stack->is_empty()) { 2613 return true; 2614 } else { 2615 // Parse the catch handlers for try blocks containing athrow. 2616 bcs.set_start(handler_stack->pop()); 2617 } 2618 } else { 2619 // Been here before, pop new starting offset from stack. 2620 bcs.set_start(bci_stack->pop()); 2621 } 2622 } else { 2623 if (target >= code_length) return false; 2624 // Continue scanning from the target onward. 2625 bcs.set_start(target); 2626 // Record target so we don't branch here again. 2627 visited_branches->append(bci); 2628 } 2629 break; 2630 2631 // Check that all switch alternatives end in 'athrow' bytecodes. Since it 2632 // is difficult to determine where each switch alternative ends, parse 2633 // each switch alternative until either hit a 'return', 'athrow', or reach 2634 // the end of the method's bytecodes. This is gross but should be okay 2635 // because: 2636 // 1. tableswitch and lookupswitch byte codes in handlers for ctor explicit 2637 // constructor invocations should be rare. 2638 // 2. if each switch alternative ends in an athrow then the parsing should be 2639 // short. If there is no athrow then it is bogus code, anyway. 2640 case Bytecodes::_lookupswitch: 2641 case Bytecodes::_tableswitch: 2642 { 2643 address aligned_bcp = align_up(bcs.bcp() + 1, jintSize); 2644 u4 default_offset = Bytes::get_Java_u4(aligned_bcp) + bci; 2645 int keys, delta; 2646 if (opcode == Bytecodes::_tableswitch) { 2647 jint low = (jint)Bytes::get_Java_u4(aligned_bcp + jintSize); 2648 jint high = (jint)Bytes::get_Java_u4(aligned_bcp + 2*jintSize); 2649 // This is invalid, but let the regular bytecode verifier 2650 // report this because the user will get a better error message. 2651 if (low > high) return true; 2652 keys = high - low + 1; 2653 delta = 1; 2654 } else { 2655 keys = (int)Bytes::get_Java_u4(aligned_bcp + jintSize); 2656 delta = 2; 2657 } 2658 // Invalid, let the regular bytecode verifier deal with it. 2659 if (keys < 0) return true; 2660 2661 // Push the offset of the next bytecode onto the stack. 2662 bci_stack->push(bcs.next_bci()); 2663 2664 // Push the switch alternatives onto the stack. 2665 for (int i = 0; i < keys; i++) { 2666 u4 target = bci + (jint)Bytes::get_Java_u4(aligned_bcp+(3+i*delta)*jintSize); 2667 if (target > code_length) return false; 2668 bci_stack->push(target); 2669 } 2670 2671 // Start bytecode parsing for the switch at the default alternative. 2672 if (default_offset > code_length) return false; 2673 bcs.set_start(default_offset); 2674 break; 2675 } 2676 2677 case Bytecodes::_return: 2678 return false; 2679 2680 case Bytecodes::_athrow: 2681 { 2682 if (bci_stack->is_empty()) { 2683 if (handler_stack->is_empty()) { 2684 return true; 2685 } else { 2686 // Parse the catch handlers for try blocks containing athrow. 2687 bcs.set_start(handler_stack->pop()); 2688 } 2689 } else { 2690 // Pop a bytecode offset and starting scanning from there. 2691 bcs.set_start(bci_stack->pop()); 2692 } 2693 } 2694 break; 2695 2696 default: 2697 ; 2698 } // end switch 2699 } // end while loop 2700 2701 return false; 2702 } 2703 2704 void ClassVerifier::verify_invoke_init( 2705 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type, 2706 StackMapFrame* current_frame, u4 code_length, bool in_try_block, 2707 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table, 2708 TRAPS) { 2709 u2 bci = bcs->bci(); 2710 VerificationType type = current_frame->pop_stack( 2711 VerificationType::reference_check(), CHECK_VERIFY(this)); 2712 if (type == VerificationType::uninitialized_this_type()) { 2713 // The method must be an <init> method of this class or its superclass 2714 Klass* superk = current_class()->super(); 2715 if (ref_class_type.name() != current_class()->name() && 2716 ref_class_type.name() != superk->name()) { 2717 verify_error(ErrorContext::bad_type(bci, 2718 TypeOrigin::implicit(ref_class_type), 2719 TypeOrigin::implicit(current_type())), 2720 "Bad <init> method call"); 2721 return; 2722 } 2723 2724 // If this invokespecial call is done from inside of a TRY block then make 2725 // sure that all catch clause paths end in a throw. Otherwise, this can 2726 // result in returning an incomplete object. 2727 if (in_try_block) { 2728 ExceptionTable exhandlers(_method()); 2729 int exlength = exhandlers.length(); 2730 for(int i = 0; i < exlength; i++) { 2731 u2 start_pc = exhandlers.start_pc(i); 2732 u2 end_pc = exhandlers.end_pc(i); 2733 2734 if (bci >= start_pc && bci < end_pc) { 2735 if (!ends_in_athrow(exhandlers.handler_pc(i))) { 2736 verify_error(ErrorContext::bad_code(bci), 2737 "Bad <init> method call from after the start of a try block"); 2738 return; 2739 } else if (log_is_enabled(Debug, verification)) { 2740 ResourceMark rm(THREAD); 2741 log_debug(verification)("Survived call to ends_in_athrow(): %s", 2742 current_class()->name()->as_C_string()); 2743 } 2744 } 2745 } 2746 2747 // Check the exception handler target stackmaps with the locals from the 2748 // incoming stackmap (before initialize_object() changes them to outgoing 2749 // state). 2750 if (was_recursively_verified()) return; 2751 verify_exception_handler_targets(bci, true, current_frame, 2752 stackmap_table, CHECK_VERIFY(this)); 2753 } // in_try_block 2754 2755 current_frame->initialize_object(type, current_type()); 2756 *this_uninit = true; 2757 } else if (type.is_uninitialized()) { 2758 u2 new_offset = type.bci(); 2759 address new_bcp = bcs->bcp() - bci + new_offset; 2760 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) { 2761 /* Unreachable? Stack map parsing ensures valid type and new 2762 * instructions have a valid BCI. */ 2763 verify_error(ErrorContext::bad_code(new_offset), 2764 "Expecting new instruction"); 2765 return; 2766 } 2767 u2 new_class_index = Bytes::get_Java_u2(new_bcp + 1); 2768 if (was_recursively_verified()) return; 2769 verify_cp_class_type(bci, new_class_index, cp, CHECK_VERIFY(this)); 2770 2771 // The method must be an <init> method of the indicated class 2772 VerificationType new_class_type = cp_index_to_type( 2773 new_class_index, cp, CHECK_VERIFY(this)); 2774 if (!new_class_type.equals(ref_class_type)) { 2775 verify_error(ErrorContext::bad_type(bci, 2776 TypeOrigin::cp(new_class_index, new_class_type), 2777 TypeOrigin::cp(ref_class_index, ref_class_type)), 2778 "Call to wrong <init> method"); 2779 return; 2780 } 2781 // According to the VM spec, if the referent class is a superclass of the 2782 // current class, and is in a different runtime package, and the method is 2783 // protected, then the objectref must be the current class or a subclass 2784 // of the current class. 2785 VerificationType objectref_type = new_class_type; 2786 if (name_in_supers(ref_class_type.name(), current_class())) { 2787 Klass* ref_klass = load_class(ref_class_type.name(), CHECK); 2788 if (was_recursively_verified()) return; 2789 Method* m = InstanceKlass::cast(ref_klass)->uncached_lookup_method( 2790 vmSymbols::object_initializer_name(), 2791 cp->signature_ref_at(bcs->get_index_u2()), 2792 Klass::OverpassLookupMode::find); 2793 // Do nothing if method is not found. Let resolution detect the error. 2794 if (m != NULL) { 2795 InstanceKlass* mh = m->method_holder(); 2796 if (m->is_protected() && !mh->is_same_class_package(_klass)) { 2797 bool assignable = current_type().is_assignable_from( 2798 objectref_type, this, true, CHECK_VERIFY(this)); 2799 if (!assignable) { 2800 verify_error(ErrorContext::bad_type(bci, 2801 TypeOrigin::cp(new_class_index, objectref_type), 2802 TypeOrigin::implicit(current_type())), 2803 "Bad access to protected <init> method"); 2804 return; 2805 } 2806 } 2807 } 2808 } 2809 // Check the exception handler target stackmaps with the locals from the 2810 // incoming stackmap (before initialize_object() changes them to outgoing 2811 // state). 2812 if (in_try_block) { 2813 if (was_recursively_verified()) return; 2814 verify_exception_handler_targets(bci, *this_uninit, current_frame, 2815 stackmap_table, CHECK_VERIFY(this)); 2816 } 2817 current_frame->initialize_object(type, new_class_type); 2818 } else { 2819 verify_error(ErrorContext::bad_type(bci, current_frame->stack_top_ctx()), 2820 "Bad operand type when invoking <init>"); 2821 return; 2822 } 2823 } 2824 2825 bool ClassVerifier::is_same_or_direct_interface( 2826 InstanceKlass* klass, 2827 VerificationType klass_type, 2828 VerificationType ref_class_type) { 2829 if (ref_class_type.equals(klass_type)) return true; 2830 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces(); 2831 if (local_interfaces != NULL) { 2832 for (int x = 0; x < local_interfaces->length(); x++) { 2833 InstanceKlass* k = local_interfaces->at(x); 2834 assert (k != NULL && k->is_interface(), "invalid interface"); 2835 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) { 2836 return true; 2837 } 2838 } 2839 } 2840 return false; 2841 } 2842 2843 void ClassVerifier::verify_invoke_instructions( 2844 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame, 2845 bool in_try_block, bool *this_uninit, 2846 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) { 2847 // Make sure the constant pool item is the right type 2848 u2 index = bcs->get_index_u2(); 2849 Bytecodes::Code opcode = bcs->raw_code(); 2850 unsigned int types = 0; 2851 switch (opcode) { 2852 case Bytecodes::_invokeinterface: 2853 types = 1 << JVM_CONSTANT_InterfaceMethodref; 2854 break; 2855 case Bytecodes::_invokedynamic: 2856 types = 1 << JVM_CONSTANT_InvokeDynamic; 2857 break; 2858 case Bytecodes::_invokespecial: 2859 case Bytecodes::_invokestatic: 2860 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ? 2861 (1 << JVM_CONSTANT_Methodref) : 2862 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref)); 2863 break; 2864 default: 2865 types = 1 << JVM_CONSTANT_Methodref; 2866 } 2867 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this)); 2868 2869 // Get method name and signature 2870 Symbol* method_name = cp->name_ref_at(index); 2871 Symbol* method_sig = cp->signature_ref_at(index); 2872 2873 // Method signature was checked in ClassFileParser. 2874 assert(SignatureVerifier::is_valid_method_signature(method_sig), 2875 "Invalid method signature"); 2876 2877 // Get referenced class 2878 VerificationType ref_class_type; 2879 if (opcode == Bytecodes::_invokedynamic) { 2880 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) { 2881 class_format_error( 2882 "invokedynamic instructions not supported by this class file version (%d), class %s", 2883 _klass->major_version(), _klass->external_name()); 2884 return; 2885 } 2886 } else { 2887 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this)); 2888 } 2889 2890 assert(sizeof(VerificationType) == sizeof(uintptr_t), 2891 "buffer type must match VerificationType size"); 2892 2893 // Get the UTF8 index for this signature. 2894 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index)); 2895 2896 // Get the signature's verification types. 2897 sig_as_verification_types* mth_sig_verif_types; 2898 sig_as_verification_types** mth_sig_verif_types_ptr = method_signatures_table()->get(sig_index); 2899 if (mth_sig_verif_types_ptr != NULL) { 2900 // Found the entry for the signature's verification types in the hash table. 2901 mth_sig_verif_types = *mth_sig_verif_types_ptr; 2902 assert(mth_sig_verif_types != NULL, "Unexpected NULL sig_as_verification_types value"); 2903 } else { 2904 // Not found, add the entry to the table. 2905 GrowableArray<VerificationType>* verif_types = new GrowableArray<VerificationType>(10); 2906 mth_sig_verif_types = new sig_as_verification_types(verif_types); 2907 create_method_sig_entry(mth_sig_verif_types, sig_index); 2908 } 2909 2910 // Get the number of arguments for this signature. 2911 int nargs = mth_sig_verif_types->num_args(); 2912 2913 // Check instruction operands 2914 u2 bci = bcs->bci(); 2915 if (opcode == Bytecodes::_invokeinterface) { 2916 address bcp = bcs->bcp(); 2917 // 4905268: count operand in invokeinterface should be nargs+1, not nargs. 2918 // JSR202 spec: The count operand of an invokeinterface instruction is valid if it is 2919 // the difference between the size of the operand stack before and after the instruction 2920 // executes. 2921 if (*(bcp+3) != (nargs+1)) { 2922 verify_error(ErrorContext::bad_code(bci), 2923 "Inconsistent args count operand in invokeinterface"); 2924 return; 2925 } 2926 if (*(bcp+4) != 0) { 2927 verify_error(ErrorContext::bad_code(bci), 2928 "Fourth operand byte of invokeinterface must be zero"); 2929 return; 2930 } 2931 } 2932 2933 if (opcode == Bytecodes::_invokedynamic) { 2934 address bcp = bcs->bcp(); 2935 if (*(bcp+3) != 0 || *(bcp+4) != 0) { 2936 verify_error(ErrorContext::bad_code(bci), 2937 "Third and fourth operand bytes of invokedynamic must be zero"); 2938 return; 2939 } 2940 } 2941 2942 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) { 2943 // Make sure <init> can only be invoked by invokespecial or invokestatic. 2944 // The allowed invocation mode of <init> depends on its signature. 2945 if ((opcode != Bytecodes::_invokespecial && 2946 opcode != Bytecodes::_invokestatic) || 2947 method_name != vmSymbols::object_initializer_name()) { 2948 verify_error(ErrorContext::bad_code(bci), 2949 "Illegal call to internal method"); 2950 return; 2951 } 2952 } else if (opcode == Bytecodes::_invokespecial 2953 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type) 2954 && !ref_class_type.equals(VerificationType::reference_type( 2955 current_class()->super()->name()))) { // super() can never be an inline_type. 2956 bool subtype = false; 2957 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref; 2958 subtype = ref_class_type.is_assignable_from( 2959 current_type(), this, false, CHECK_VERIFY(this)); 2960 if (!subtype) { 2961 verify_error(ErrorContext::bad_code(bci), 2962 "Bad invokespecial instruction: " 2963 "current class isn't assignable to reference class."); 2964 return; 2965 } else if (have_imr_indirect) { 2966 verify_error(ErrorContext::bad_code(bci), 2967 "Bad invokespecial instruction: " 2968 "interface method reference is in an indirect superinterface."); 2969 return; 2970 } 2971 2972 } 2973 2974 // Get the verification types for the method's arguments. 2975 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types(); 2976 assert(sig_verif_types != NULL, "Missing signature's array of verification types"); 2977 // Match method descriptor with operand stack 2978 // The arguments are on the stack in descending order. 2979 for (int i = nargs - 1; i >= 0; i--) { // Run backwards 2980 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 2981 } 2982 2983 // Check objectref on operand stack 2984 if (opcode != Bytecodes::_invokestatic && 2985 opcode != Bytecodes::_invokedynamic) { 2986 if (method_name == vmSymbols::object_initializer_name()) { // <init> method 2987 // (use of <init> as a static factory is handled under invokestatic) 2988 verify_invoke_init(bcs, index, ref_class_type, current_frame, 2989 code_length, in_try_block, this_uninit, cp, stackmap_table, 2990 CHECK_VERIFY(this)); 2991 if (was_recursively_verified()) return; 2992 } else { // other methods 2993 // Ensures that target class is assignable to method class. 2994 if (opcode == Bytecodes::_invokespecial) { 2995 current_frame->pop_stack(current_type(), CHECK_VERIFY(this)); 2996 } else if (opcode == Bytecodes::_invokevirtual) { 2997 VerificationType stack_object_type = 2998 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 2999 if (current_type() != stack_object_type) { 3000 if (was_recursively_verified()) return; 3001 assert(cp->cache() == NULL, "not rewritten yet"); 3002 Symbol* ref_class_name = 3003 cp->klass_name_at(cp->klass_ref_index_at(index)); 3004 // See the comments in verify_field_instructions() for 3005 // the rationale behind this. 3006 if (name_in_supers(ref_class_name, current_class())) { 3007 Klass* ref_class = load_class(ref_class_name, CHECK); 3008 if (is_protected_access( 3009 _klass, ref_class, method_name, method_sig, true)) { 3010 // It's protected access, check if stack object is 3011 // assignable to current class. 3012 bool is_assignable = current_type().is_assignable_from( 3013 stack_object_type, this, true, CHECK_VERIFY(this)); 3014 if (!is_assignable) { 3015 if (ref_class_type.name() == vmSymbols::java_lang_Object() 3016 && stack_object_type.is_array() 3017 && method_name == vmSymbols::clone_name()) { 3018 // Special case: arrays pretend to implement public Object 3019 // clone(). 3020 } else { 3021 verify_error(ErrorContext::bad_type(bci, 3022 current_frame->stack_top_ctx(), 3023 TypeOrigin::implicit(current_type())), 3024 "Bad access to protected data in invokevirtual"); 3025 return; 3026 } 3027 } 3028 } 3029 } 3030 } 3031 } else { 3032 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered"); 3033 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this)); 3034 } 3035 } 3036 } 3037 // Push the result type. 3038 int sig_verif_types_len = sig_verif_types->length(); 3039 if (sig_verif_types_len > nargs) { // There's a return type 3040 if (method_name == vmSymbols::object_initializer_name() && 3041 opcode != Bytecodes::_invokestatic) { 3042 // an <init> method must have a void return type, unless it's a static factory 3043 verify_error(ErrorContext::bad_code(bci), 3044 "Return type must be void in <init> method"); 3045 return; 3046 } 3047 3048 assert(sig_verif_types_len <= nargs + 2, 3049 "Signature verification types array return type is bogus"); 3050 for (int i = nargs; i < sig_verif_types_len; i++) { 3051 assert(i == nargs || sig_verif_types->at(i).is_long2() || 3052 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType"); 3053 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this)); 3054 } 3055 } else { 3056 // an <init> method may not have a void return type, if it's a static factory 3057 if (method_name == vmSymbols::object_initializer_name() && 3058 opcode != Bytecodes::_invokespecial) { 3059 verify_error(ErrorContext::bad_code(bci), 3060 "Return type must be non-void in <init> static factory method"); 3061 return; 3062 } 3063 } 3064 } 3065 3066 VerificationType ClassVerifier::get_newarray_type( 3067 u2 index, u2 bci, TRAPS) { 3068 const char* from_bt[] = { 3069 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J", 3070 }; 3071 if (index < T_BOOLEAN || index > T_LONG) { 3072 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction"); 3073 return VerificationType::bogus_type(); 3074 } 3075 3076 // from_bt[index] contains the array signature which has a length of 2 3077 Symbol* sig = create_temporary_symbol(from_bt[index], 2); 3078 return VerificationType::reference_type(sig); 3079 } 3080 3081 void ClassVerifier::verify_anewarray( 3082 u2 bci, u2 index, const constantPoolHandle& cp, 3083 StackMapFrame* current_frame, TRAPS) { 3084 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this)); 3085 current_frame->pop_stack( 3086 VerificationType::integer_type(), CHECK_VERIFY(this)); 3087 3088 if (was_recursively_verified()) return; 3089 VerificationType component_type = 3090 cp_index_to_type(index, cp, CHECK_VERIFY(this)); 3091 int length; 3092 char* arr_sig_str; 3093 if (component_type.is_array()) { // it's an array 3094 const char* component_name = component_type.name()->as_utf8(); 3095 // Check for more than MAX_ARRAY_DIMENSIONS 3096 length = (int)strlen(component_name); 3097 if (length > MAX_ARRAY_DIMENSIONS && 3098 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) { 3099 verify_error(ErrorContext::bad_code(bci), 3100 "Illegal anewarray instruction, array has more than 255 dimensions"); 3101 } 3102 // add one dimension to component 3103 length++; 3104 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3105 int n = os::snprintf(arr_sig_str, length + 1, "%c%s", 3106 JVM_SIGNATURE_ARRAY, component_name); 3107 assert(n == length, "Unexpected number of characters in string"); 3108 } else { // it's an object or interface 3109 const char* component_name = component_type.name()->as_utf8(); 3110 char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS; 3111 // add one dimension to component with 'L' or 'Q' prepended and ';' appended. 3112 length = (int)strlen(component_name) + 3; 3113 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1); 3114 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;", 3115 JVM_SIGNATURE_ARRAY, Q_or_L, component_name); 3116 assert(n == length, "Unexpected number of characters in string"); 3117 } 3118 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length); 3119 VerificationType new_array_type = VerificationType::reference_type(arr_sig); 3120 current_frame->push_stack(new_array_type, CHECK_VERIFY(this)); 3121 } 3122 3123 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) { 3124 current_frame->get_local( 3125 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3126 current_frame->push_stack( 3127 VerificationType::integer_type(), CHECK_VERIFY(this)); 3128 } 3129 3130 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) { 3131 current_frame->get_local_2( 3132 index, VerificationType::long_type(), 3133 VerificationType::long2_type(), CHECK_VERIFY(this)); 3134 current_frame->push_stack_2( 3135 VerificationType::long_type(), 3136 VerificationType::long2_type(), CHECK_VERIFY(this)); 3137 } 3138 3139 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) { 3140 current_frame->get_local( 3141 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3142 current_frame->push_stack( 3143 VerificationType::float_type(), CHECK_VERIFY(this)); 3144 } 3145 3146 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) { 3147 current_frame->get_local_2( 3148 index, VerificationType::double_type(), 3149 VerificationType::double2_type(), CHECK_VERIFY(this)); 3150 current_frame->push_stack_2( 3151 VerificationType::double_type(), 3152 VerificationType::double2_type(), CHECK_VERIFY(this)); 3153 } 3154 3155 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) { 3156 VerificationType type = current_frame->get_local( 3157 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3158 current_frame->push_stack(type, CHECK_VERIFY(this)); 3159 } 3160 3161 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) { 3162 current_frame->pop_stack( 3163 VerificationType::integer_type(), CHECK_VERIFY(this)); 3164 current_frame->set_local( 3165 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3166 } 3167 3168 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3169 current_frame->pop_stack_2( 3170 VerificationType::long2_type(), 3171 VerificationType::long_type(), CHECK_VERIFY(this)); 3172 current_frame->set_local_2( 3173 index, VerificationType::long_type(), 3174 VerificationType::long2_type(), CHECK_VERIFY(this)); 3175 } 3176 3177 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3178 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this)); 3179 current_frame->set_local( 3180 index, VerificationType::float_type(), CHECK_VERIFY(this)); 3181 } 3182 3183 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) { 3184 current_frame->pop_stack_2( 3185 VerificationType::double2_type(), 3186 VerificationType::double_type(), CHECK_VERIFY(this)); 3187 current_frame->set_local_2( 3188 index, VerificationType::double_type(), 3189 VerificationType::double2_type(), CHECK_VERIFY(this)); 3190 } 3191 3192 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) { 3193 VerificationType type = current_frame->pop_stack( 3194 VerificationType::nonscalar_check(), CHECK_VERIFY(this)); 3195 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3196 } 3197 3198 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) { 3199 VerificationType type = current_frame->get_local( 3200 index, VerificationType::integer_type(), CHECK_VERIFY(this)); 3201 current_frame->set_local(index, type, CHECK_VERIFY(this)); 3202 } 3203 3204 void ClassVerifier::verify_return_value( 3205 VerificationType return_type, VerificationType type, u2 bci, 3206 StackMapFrame* current_frame, TRAPS) { 3207 if (return_type == VerificationType::bogus_type()) { 3208 verify_error(ErrorContext::bad_type(bci, 3209 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3210 "Method does not expect a return value"); 3211 return; 3212 } 3213 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this)); 3214 if (!match) { 3215 verify_error(ErrorContext::bad_type(bci, 3216 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)), 3217 "Bad return type"); 3218 return; 3219 } 3220 } 3221 3222 // The verifier creates symbols which are substrings of Symbols. 3223 // These are stored in the verifier until the end of verification so that 3224 // they can be reference counted. 3225 Symbol* ClassVerifier::create_temporary_symbol(const char *name, int length) { 3226 // Quick deduplication check 3227 if (_previous_symbol != NULL && _previous_symbol->equals(name, length)) { 3228 return _previous_symbol; 3229 } 3230 Symbol* sym = SymbolTable::new_symbol(name, length); 3231 if (!sym->is_permanent()) { 3232 if (_symbols == NULL) { 3233 _symbols = new GrowableArray<Symbol*>(50, 0, NULL); 3234 } 3235 _symbols->push(sym); 3236 } 3237 _previous_symbol = sym; 3238 return sym; 3239 }