26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
459 _expected.details(ss);
460 } else {
461 ss->print("Invalid type: ");
462 _type.details(ss);
463 }
464 break;
465 case FLAGS_MISMATCH:
466 if (_expected.is_valid()) {
467 ss->print("Current frame's flags are not assignable "
468 "to stack map frame's.");
469 } else {
470 ss->print("Current frame's flags are invalid in this context.");
471 }
472 break;
473 case BAD_CP_INDEX:
474 ss->print("Constant pool index %d is invalid", _type.index());
475 break;
476 case BAD_LOCAL_INDEX:
477 ss->print("Local index %d is invalid", _type.index());
478 break;
479 case LOCALS_SIZE_MISMATCH:
480 ss->print("Current frame's local size doesn't match stackmap.");
481 break;
482 case STACK_SIZE_MISMATCH:
483 ss->print("Current frame's stack size doesn't match stackmap.");
484 break;
485 case STACK_OVERFLOW:
486 ss->print("Exceeded max stack size.");
487 break;
488 case STACK_UNDERFLOW:
489 ss->print("Attempt to pop empty stack.");
490 break;
491 case MISSING_STACKMAP:
492 ss->print("Expected stackmap frame at this location.");
493 break;
494 case BAD_STACKMAP:
495 ss->print("Invalid stackmap specification.");
496 break;
497 case UNKNOWN:
498 default:
499 ShouldNotReachHere();
500 ss->print_cr("Unknown");
501 }
502 ss->cr();
503 }
504
505 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
506 if (_bci != -1 && method != nullptr) {
507 const char* bytecode_name = "<invalid>";
508 if (method->validate_bci(_bci) != -1) {
509 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
510 if (Bytecodes::is_defined(code)) {
511 bytecode_name = Bytecodes::name(code);
512 } else {
513 bytecode_name = "<illegal>";
514 }
515 }
516 InstanceKlass* ik = method->method_holder();
599 ClassVerifier::~ClassVerifier() {
600 // Decrement the reference count for any symbols created.
601 if (_symbols != nullptr) {
602 for (int i = 0; i < _symbols->length(); i++) {
603 Symbol* s = _symbols->at(i);
604 s->decrement_refcount();
605 }
606 }
607 }
608
609 VerificationType ClassVerifier::object_type() const {
610 return VerificationType::reference_type(vmSymbols::java_lang_Object());
611 }
612
613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
614 VerificationType vt = VerificationType::reference_type(
615 create_temporary_symbol(sig, (int)strlen(sig)));
616 return TypeOrigin::implicit(vt);
617 }
618
619
620 void ClassVerifier::verify_class(TRAPS) {
621 log_info(verification)("Verifying class %s with new format", _klass->external_name());
622
623 Array<Method*>* methods = _klass->methods();
624 int num_methods = methods->length();
625
626 for (int index = 0; index < num_methods; index++) {
627 // Check for recursive re-verification before each method.
628 if (was_recursively_verified()) return;
629
630 Method* m = methods->at(index);
631 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
632 // If m is native or abstract, skip it. It is checked in class file
633 // parser that methods do not override a final method. Overpass methods
634 // are trusted since the VM generates them.
635 continue;
636 }
637 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
638 }
691 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
692 assert(is_unique, "Duplicate entries in method_signature_table");
693 }
694
695 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
696 HandleMark hm(THREAD);
697 _method = m; // initialize _method
698 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
699
700 // For clang, the only good constant format string is a literal constant format string.
701 #define bad_type_msg "Bad type on operand stack in %s"
702
703 u2 max_stack = m->verifier_max_stack();
704 u2 max_locals = m->max_locals();
705 constantPoolHandle cp(THREAD, m->constants());
706
707 // Method signature was checked in ClassFileParser.
708 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
709 "Invalid method signature");
710
711 // Initial stack map frame: offset is 0, stack is initially empty.
712 StackMapFrame current_frame(max_locals, max_stack, this);
713 // Set initial locals
714 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
715
716 u2 stackmap_index = 0; // index to the stackmap array
717
718 u4 code_length = m->code_size();
719
720 // Scan the bytecode and map each instruction's start offset to a number.
721 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
722
723 int ex_min = code_length;
724 int ex_max = -1;
725 // Look through each item on the exception table. Each of the fields must refer
726 // to a legal instruction.
727 if (was_recursively_verified()) return;
728 verify_exception_handler_table(
729 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
730
731 // Look through each entry on the local variable table and make sure
732 // its range of code array offsets is valid. (4169817)
733 if (m->has_localvariable_table()) {
734 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
735 }
736
737 Array<u1>* stackmap_data = m->stackmap_data();
738 StackMapStream stream(stackmap_data);
739 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
740 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
741
742 LogTarget(Debug, verification) lt;
743 if (lt.is_enabled()) {
744 LogStream ls(lt);
745 stackmap_table.print_on(&ls);
746 }
747
748 RawBytecodeStream bcs(m);
749
750 // Scan the byte code linearly from the start to the end
751 bool no_control_flow = false; // Set to true when there is no direct control
752 // flow from current instruction to the next
753 // instruction in sequence
754
755 Bytecodes::Code opcode;
756 while (!bcs.is_last_bytecode()) {
757 // Check for recursive re-verification before each bytecode.
758 if (was_recursively_verified()) return;
759
1590 case Bytecodes::_if_icmpge:
1591 case Bytecodes::_if_icmpgt:
1592 case Bytecodes::_if_icmple:
1593 current_frame.pop_stack(
1594 VerificationType::integer_type(), CHECK_VERIFY(this));
1595 // fall through
1596 case Bytecodes::_ifeq:
1597 case Bytecodes::_ifne:
1598 case Bytecodes::_iflt:
1599 case Bytecodes::_ifge:
1600 case Bytecodes::_ifgt:
1601 case Bytecodes::_ifle:
1602 current_frame.pop_stack(
1603 VerificationType::integer_type(), CHECK_VERIFY(this));
1604 stackmap_table.check_jump_target(
1605 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1606 no_control_flow = false; break;
1607 case Bytecodes::_if_acmpeq :
1608 case Bytecodes::_if_acmpne :
1609 current_frame.pop_stack(
1610 VerificationType::reference_check(), CHECK_VERIFY(this));
1611 // fall through
1612 case Bytecodes::_ifnull :
1613 case Bytecodes::_ifnonnull :
1614 current_frame.pop_stack(
1615 VerificationType::reference_check(), CHECK_VERIFY(this));
1616 stackmap_table.check_jump_target
1617 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1618 no_control_flow = false; break;
1619 case Bytecodes::_goto :
1620 stackmap_table.check_jump_target(
1621 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1622 no_control_flow = true; break;
1623 case Bytecodes::_goto_w :
1624 stackmap_table.check_jump_target(
1625 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1626 no_control_flow = true; break;
1627 case Bytecodes::_tableswitch :
1628 case Bytecodes::_lookupswitch :
1629 verify_switch(
1630 &bcs, code_length, code_data, ¤t_frame,
1631 &stackmap_table, CHECK_VERIFY(this));
1632 no_control_flow = true; break;
1633 case Bytecodes::_ireturn :
1634 type = current_frame.pop_stack(
1635 VerificationType::integer_type(), CHECK_VERIFY(this));
1655 VerificationType::double2_type(), CHECK_VERIFY(this));
1656 type = current_frame.pop_stack(
1657 VerificationType::double_type(), CHECK_VERIFY(this));
1658 verify_return_value(return_type, type, bci,
1659 ¤t_frame, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_areturn :
1662 type = current_frame.pop_stack(
1663 VerificationType::reference_check(), CHECK_VERIFY(this));
1664 verify_return_value(return_type, type, bci,
1665 ¤t_frame, CHECK_VERIFY(this));
1666 no_control_flow = true; break;
1667 case Bytecodes::_return :
1668 if (return_type != VerificationType::bogus_type()) {
1669 verify_error(ErrorContext::bad_code(bci),
1670 "Method expects a return value");
1671 return;
1672 }
1673 // Make sure "this" has been initialized if current method is an
1674 // <init>.
1675 if (_method->name() == vmSymbols::object_initializer_name() &&
1676 current_frame.flag_this_uninit()) {
1677 verify_error(ErrorContext::bad_code(bci),
1678 "Constructor must call super() or this() "
1679 "before return");
1680 return;
1681 }
1682 no_control_flow = true; break;
1683 case Bytecodes::_getstatic :
1684 case Bytecodes::_putstatic :
1685 // pass TRUE, operand can be an array type for getstatic/putstatic.
1686 verify_field_instructions(
1687 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1688 no_control_flow = false; break;
1689 case Bytecodes::_getfield :
1690 case Bytecodes::_putfield :
1691 // pass FALSE, operand can't be an array type for getfield/putfield.
1692 verify_field_instructions(
1693 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1694 no_control_flow = false; break;
1695 case Bytecodes::_invokevirtual :
1696 case Bytecodes::_invokespecial :
1697 case Bytecodes::_invokestatic :
1698 verify_invoke_instructions(
1699 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1700 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1701 no_control_flow = false; break;
1702 case Bytecodes::_invokeinterface :
1703 case Bytecodes::_invokedynamic :
1704 verify_invoke_instructions(
1705 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1706 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1707 no_control_flow = false; break;
1708 case Bytecodes::_new :
1709 {
1710 u2 index = bcs.get_index_u2();
1711 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1712 VerificationType new_class_type =
1713 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1714 if (!new_class_type.is_object()) {
1715 verify_error(ErrorContext::bad_type(bci,
1716 TypeOrigin::cp(index, new_class_type)),
1717 "Illegal new instruction");
1718 return;
1719 }
1720 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1721 current_frame.push_stack(type, CHECK_VERIFY(this));
1722 no_control_flow = false; break;
1723 }
1724 case Bytecodes::_newarray :
1725 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1726 current_frame.pop_stack(
1744 no_control_flow = false; break;
1745 case Bytecodes::_checkcast :
1746 {
1747 u2 index = bcs.get_index_u2();
1748 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1749 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1750 VerificationType klass_type = cp_index_to_type(
1751 index, cp, CHECK_VERIFY(this));
1752 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_instanceof : {
1756 u2 index = bcs.get_index_u2();
1757 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1758 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1759 current_frame.push_stack(
1760 VerificationType::integer_type(), CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 }
1763 case Bytecodes::_monitorenter :
1764 case Bytecodes::_monitorexit :
1765 current_frame.pop_stack(
1766 VerificationType::reference_check(), CHECK_VERIFY(this));
1767 no_control_flow = false; break;
1768 case Bytecodes::_multianewarray :
1769 {
1770 u2 index = bcs.get_index_u2();
1771 u2 dim = *(bcs.bcp()+3);
1772 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1773 VerificationType new_array_type =
1774 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1775 if (!new_array_type.is_array()) {
1776 verify_error(ErrorContext::bad_type(bci,
1777 TypeOrigin::cp(index, new_array_type)),
1778 "Illegal constant pool index in multianewarray instruction");
1779 return;
1780 }
1781 if (dim < 1 || new_array_type.dimensions() < dim) {
1782 verify_error(ErrorContext::bad_code(bci),
1783 "Illegal dimension in multianewarray instruction: %d", dim);
1784 return;
1785 }
1786 for (int i = 0; i < dim; i++) {
1787 current_frame.pop_stack(
2125 } else {
2126 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2127 if (member_klass != nullptr && fd.is_protected()) {
2128 if (!this_class->is_same_class_package(member_klass)) {
2129 return true;
2130 }
2131 }
2132 }
2133 return false;
2134 }
2135
2136 void ClassVerifier::verify_ldc(
2137 int opcode, u2 index, StackMapFrame* current_frame,
2138 const constantPoolHandle& cp, int bci, TRAPS) {
2139 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2140 constantTag tag = cp->tag_at(index);
2141 unsigned int types = 0;
2142 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2143 if (!tag.is_unresolved_klass()) {
2144 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2145 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2146 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2147 | (1 << JVM_CONSTANT_Dynamic);
2148 // Note: The class file parser already verified the legality of
2149 // MethodHandle and MethodType constants.
2150 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2151 }
2152 } else {
2153 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2154 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2155 | (1 << JVM_CONSTANT_Dynamic);
2156 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2157 }
2158 if (tag.is_string()) {
2159 current_frame->push_stack(
2160 VerificationType::reference_type(
2161 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2162 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2163 current_frame->push_stack(
2164 VerificationType::reference_type(
2165 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2300 const constantPoolHandle& cp,
2301 bool allow_arrays,
2302 TRAPS) {
2303 u2 index = bcs->get_index_u2();
2304 verify_cp_type(bcs->bci(), index, cp,
2305 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2306
2307 // Get field name and signature
2308 Symbol* field_name = cp->uncached_name_ref_at(index);
2309 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2310 bool is_getfield = false;
2311
2312 // Field signature was checked in ClassFileParser.
2313 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2314 "Invalid field signature");
2315
2316 // Get referenced class type
2317 VerificationType ref_class_type = cp_ref_index_to_type(
2318 index, cp, CHECK_VERIFY(this));
2319 if (!ref_class_type.is_object() &&
2320 (!allow_arrays || !ref_class_type.is_array())) {
2321 verify_error(ErrorContext::bad_type(bcs->bci(),
2322 TypeOrigin::cp(index, ref_class_type)),
2323 "Expecting reference to class in class %s at constant pool index %d",
2324 _klass->external_name(), index);
2325 return;
2326 }
2327 VerificationType target_class_type = ref_class_type;
2328
2329 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2330 "buffer type must match VerificationType size");
2331 uintptr_t field_type_buffer[2];
2332 VerificationType* field_type = (VerificationType*)field_type_buffer;
2333 // If we make a VerificationType[2] array directly, the compiler calls
2334 // to the c-runtime library to do the allocation instead of just
2335 // stack allocating it. Plus it would run constructors. This shows up
2336 // in performance profiles.
2337
2338 SignatureStream sig_stream(field_sig, false);
2339 VerificationType stack_object_type;
2340 int n = change_sig_to_verificationType(&sig_stream, field_type);
2341 int bci = bcs->bci();
2342 bool is_assignable;
2343 switch (bcs->raw_code()) {
2344 case Bytecodes::_getstatic: {
2345 for (int i = 0; i < n; i++) {
2346 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2348 break;
2349 }
2350 case Bytecodes::_putstatic: {
2351 for (int i = n - 1; i >= 0; i--) {
2352 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2353 }
2354 break;
2355 }
2356 case Bytecodes::_getfield: {
2357 is_getfield = true;
2358 stack_object_type = current_frame->pop_stack(
2359 target_class_type, CHECK_VERIFY(this));
2360 goto check_protected;
2361 }
2362 case Bytecodes::_putfield: {
2363 for (int i = n - 1; i >= 0; i--) {
2364 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2365 }
2366 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2367
2368 // The JVMS 2nd edition allows field initialization before the superclass
2369 // initializer, if the field is defined within the current class.
2370 fieldDescriptor fd;
2371 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2372 target_class_type.equals(current_type()) &&
2373 _klass->find_local_field(field_name, field_sig, &fd)) {
2374 stack_object_type = current_type();
2375 }
2376 is_assignable = target_class_type.is_assignable_from(
2377 stack_object_type, this, false, CHECK_VERIFY(this));
2378 if (!is_assignable) {
2379 verify_error(ErrorContext::bad_type(bci,
2380 current_frame->stack_top_ctx(),
2381 TypeOrigin::cp(index, target_class_type)),
2382 "Bad type on operand stack in putfield");
2383 return;
2384 }
2385 }
2386 check_protected: {
2387 if (_this_type == stack_object_type)
2388 break; // stack_object_type must be assignable to _current_class_type
2389 if (was_recursively_verified()) {
2390 if (is_getfield) {
2391 // Push field type for getfield.
2392 for (int i = 0; i < n; i++) {
2393 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2394 }
2433 }
2434
2435 void ClassVerifier::verify_invoke_init(
2436 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2437 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2438 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2439 TRAPS) {
2440 int bci = bcs->bci();
2441 VerificationType type = current_frame->pop_stack(
2442 VerificationType::reference_check(), CHECK_VERIFY(this));
2443 if (type == VerificationType::uninitialized_this_type()) {
2444 // The method must be an <init> method of this class or its superclass
2445 Klass* superk = current_class()->super();
2446 if (ref_class_type.name() != current_class()->name() &&
2447 ref_class_type.name() != superk->name()) {
2448 verify_error(ErrorContext::bad_type(bci,
2449 TypeOrigin::implicit(ref_class_type),
2450 TypeOrigin::implicit(current_type())),
2451 "Bad <init> method call");
2452 return;
2453 }
2454
2455 // If this invokespecial call is done from inside of a TRY block then make
2456 // sure that all catch clause paths end in a throw. Otherwise, this can
2457 // result in returning an incomplete object.
2458 if (in_try_block) {
2459 // Check the exception handler target stackmaps with the locals from the
2460 // incoming stackmap (before initialize_object() changes them to outgoing
2461 // state).
2462 if (was_recursively_verified()) return;
2463 verify_exception_handler_targets(bci, true, current_frame,
2464 stackmap_table, CHECK_VERIFY(this));
2465 } // in_try_block
2466
2467 current_frame->initialize_object(type, current_type());
2468 *this_uninit = true;
2469 } else if (type.is_uninitialized()) {
2470 u2 new_offset = type.bci();
2471 address new_bcp = bcs->bcp() - bci + new_offset;
2472 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2537 bool ClassVerifier::is_same_or_direct_interface(
2538 InstanceKlass* klass,
2539 VerificationType klass_type,
2540 VerificationType ref_class_type) {
2541 if (ref_class_type.equals(klass_type)) return true;
2542 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2543 if (local_interfaces != nullptr) {
2544 for (int x = 0; x < local_interfaces->length(); x++) {
2545 InstanceKlass* k = local_interfaces->at(x);
2546 assert (k != nullptr && k->is_interface(), "invalid interface");
2547 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2548 return true;
2549 }
2550 }
2551 }
2552 return false;
2553 }
2554
2555 void ClassVerifier::verify_invoke_instructions(
2556 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2557 bool in_try_block, bool *this_uninit, VerificationType return_type,
2558 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2559 // Make sure the constant pool item is the right type
2560 u2 index = bcs->get_index_u2();
2561 Bytecodes::Code opcode = bcs->raw_code();
2562 unsigned int types = 0;
2563 switch (opcode) {
2564 case Bytecodes::_invokeinterface:
2565 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2566 break;
2567 case Bytecodes::_invokedynamic:
2568 types = 1 << JVM_CONSTANT_InvokeDynamic;
2569 break;
2570 case Bytecodes::_invokespecial:
2571 case Bytecodes::_invokestatic:
2572 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2573 (1 << JVM_CONSTANT_Methodref) :
2574 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2575 break;
2576 default:
2577 types = 1 << JVM_CONSTANT_Methodref;
2578 }
2579 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2580
2581 // Get method name and signature
2582 Symbol* method_name = cp->uncached_name_ref_at(index);
2583 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2584
2585 // Method signature was checked in ClassFileParser.
2586 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2587 "Invalid method signature");
2588
2589 // Get referenced class type
2590 VerificationType ref_class_type;
2591 if (opcode == Bytecodes::_invokedynamic) {
2592 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2593 class_format_error(
2594 "invokedynamic instructions not supported by this class file version (%d), class %s",
2595 _klass->major_version(), _klass->external_name());
2596 return;
2597 }
2598 } else {
2599 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2600 }
2601
2602 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2603 "buffer type must match VerificationType size");
2604
2605 // Get the UTF8 index for this signature.
2606 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2607
2608 // Get the signature's verification types.
2609 sig_as_verification_types* mth_sig_verif_types;
2635 "Inconsistent args count operand in invokeinterface");
2636 return;
2637 }
2638 if (*(bcp+4) != 0) {
2639 verify_error(ErrorContext::bad_code(bci),
2640 "Fourth operand byte of invokeinterface must be zero");
2641 return;
2642 }
2643 }
2644
2645 if (opcode == Bytecodes::_invokedynamic) {
2646 address bcp = bcs->bcp();
2647 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2648 verify_error(ErrorContext::bad_code(bci),
2649 "Third and fourth operand bytes of invokedynamic must be zero");
2650 return;
2651 }
2652 }
2653
2654 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2655 // Make sure <init> can only be invoked by invokespecial
2656 if (opcode != Bytecodes::_invokespecial ||
2657 method_name != vmSymbols::object_initializer_name()) {
2658 verify_error(ErrorContext::bad_code(bci),
2659 "Illegal call to internal method");
2660 return;
2661 }
2662 }
2663 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2664 // or any superclass (including Object).
2665 else if (opcode == Bytecodes::_invokespecial
2666 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2667 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) {
2668
2669 // We know it is not current class, direct superinterface or immediate superclass. That means it
2670 // could be:
2671 // - a totally unrelated class or interface
2672 // - an indirect superinterface
2673 // - an indirect superclass (including Object)
2674 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2675 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2676 // implemented as assignability treats all interfaces as Object.
2677
2678 bool is_interface = false; // This can only be set true if the assignability check will return true
2679 // and we loaded the class. For any other "true" returns (e.g. same class
2680 // or Object) we either can't get here (same class already excluded above)
2681 // or we know it is not an interface (i.e. Object).
2682 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2683 &is_interface, CHECK_VERIFY(this));
2684 if (!subtype) { // Totally unrelated class
2685 verify_error(ErrorContext::bad_code(bci),
2686 "Bad invokespecial instruction: "
2687 "current class isn't assignable to reference class.");
2747 verify_error(ErrorContext::bad_type(bci,
2748 current_frame->stack_top_ctx(),
2749 TypeOrigin::implicit(current_type())),
2750 "Bad access to protected data in invokevirtual");
2751 return;
2752 }
2753 }
2754 }
2755 }
2756 }
2757 } else {
2758 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2759 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2760 }
2761 }
2762 }
2763 // Push the result type.
2764 int sig_verif_types_len = sig_verif_types->length();
2765 if (sig_verif_types_len > nargs) { // There's a return type
2766 if (method_name == vmSymbols::object_initializer_name()) {
2767 // <init> method must have a void return type
2768 /* Unreachable? Class file parser verifies that methods with '<' have
2769 * void return */
2770 verify_error(ErrorContext::bad_code(bci),
2771 "Return type must be void in <init> method");
2772 return;
2773 }
2774
2775 assert(sig_verif_types_len <= nargs + 2,
2776 "Signature verification types array return type is bogus");
2777 for (int i = nargs; i < sig_verif_types_len; i++) {
2778 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2779 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2780 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2781 }
2782 }
2783 }
2784
2785 VerificationType ClassVerifier::get_newarray_type(
2786 u2 index, int bci, TRAPS) {
2787 const char* from_bt[] = {
2788 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2789 };
|
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
461 _expected.details(ss);
462 } else {
463 ss->print("Invalid type: ");
464 _type.details(ss);
465 }
466 break;
467 case FLAGS_MISMATCH:
468 if (_expected.is_valid()) {
469 ss->print("Current frame's flags are not assignable "
470 "to stack map frame's.");
471 } else {
472 ss->print("Current frame's flags are invalid in this context.");
473 }
474 break;
475 case BAD_CP_INDEX:
476 ss->print("Constant pool index %d is invalid", _type.index());
477 break;
478 case BAD_LOCAL_INDEX:
479 ss->print("Local index %d is invalid", _type.index());
480 break;
481 case BAD_STRICT_FIELDS:
482 ss->print("Invalid use of strict instance fields");
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STRICT_FIELDS_MISMATCH:
491 ss->print("Current frame's strict instance fields not compatible with stackmap.");
492 break;
493 case STACK_OVERFLOW:
494 ss->print("Exceeded max stack size.");
495 break;
496 case STACK_UNDERFLOW:
497 ss->print("Attempt to pop empty stack.");
498 break;
499 case MISSING_STACKMAP:
500 ss->print("Expected stackmap frame at this location.");
501 break;
502 case BAD_STACKMAP:
503 ss->print("Invalid stackmap specification.");
504 break;
505 case WRONG_INLINE_TYPE:
506 ss->print("Type ");
507 _type.details(ss);
508 ss->print(" and type ");
509 _expected.details(ss);
510 ss->print(" must be identical inline types.");
511 break;
512 case UNKNOWN:
513 default:
514 ShouldNotReachHere();
515 ss->print_cr("Unknown");
516 }
517 ss->cr();
518 }
519
520 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
521 if (_bci != -1 && method != nullptr) {
522 const char* bytecode_name = "<invalid>";
523 if (method->validate_bci(_bci) != -1) {
524 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
525 if (Bytecodes::is_defined(code)) {
526 bytecode_name = Bytecodes::name(code);
527 } else {
528 bytecode_name = "<illegal>";
529 }
530 }
531 InstanceKlass* ik = method->method_holder();
614 ClassVerifier::~ClassVerifier() {
615 // Decrement the reference count for any symbols created.
616 if (_symbols != nullptr) {
617 for (int i = 0; i < _symbols->length(); i++) {
618 Symbol* s = _symbols->at(i);
619 s->decrement_refcount();
620 }
621 }
622 }
623
624 VerificationType ClassVerifier::object_type() const {
625 return VerificationType::reference_type(vmSymbols::java_lang_Object());
626 }
627
628 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
629 VerificationType vt = VerificationType::reference_type(
630 create_temporary_symbol(sig, (int)strlen(sig)));
631 return TypeOrigin::implicit(vt);
632 }
633
634 static bool supports_strict_fields(InstanceKlass* klass) {
635 int ver = klass->major_version();
636 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
637 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
638 }
639
640 void ClassVerifier::verify_class(TRAPS) {
641 log_info(verification)("Verifying class %s with new format", _klass->external_name());
642
643 Array<Method*>* methods = _klass->methods();
644 int num_methods = methods->length();
645
646 for (int index = 0; index < num_methods; index++) {
647 // Check for recursive re-verification before each method.
648 if (was_recursively_verified()) return;
649
650 Method* m = methods->at(index);
651 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
652 // If m is native or abstract, skip it. It is checked in class file
653 // parser that methods do not override a final method. Overpass methods
654 // are trusted since the VM generates them.
655 continue;
656 }
657 verify_method(methodHandle(THREAD, m), CHECK_VERIFY(this));
658 }
711 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
712 assert(is_unique, "Duplicate entries in method_signature_table");
713 }
714
715 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
716 HandleMark hm(THREAD);
717 _method = m; // initialize _method
718 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
719
720 // For clang, the only good constant format string is a literal constant format string.
721 #define bad_type_msg "Bad type on operand stack in %s"
722
723 u2 max_stack = m->verifier_max_stack();
724 u2 max_locals = m->max_locals();
725 constantPoolHandle cp(THREAD, m->constants());
726
727 // Method signature was checked in ClassFileParser.
728 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
729 "Invalid method signature");
730
731 // Collect the initial strict instance fields
732 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
733 if (m->is_object_constructor()) {
734 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
735 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
736 NameAndSig new_field(fs.name(), fs.signature());
737 if (IgnoreAssertUnsetFields) {
738 strict_fields->put(new_field, true);
739 } else {
740 strict_fields->put(new_field, false);
741 }
742 }
743 }
744 }
745
746 // Initial stack map frame: offset is 0, stack is initially empty.
747 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
748 // Set initial locals
749 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
750
751 u2 stackmap_index = 0; // index to the stackmap array
752
753 u4 code_length = m->code_size();
754
755 // Scan the bytecode and map each instruction's start offset to a number.
756 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
757
758 int ex_min = code_length;
759 int ex_max = -1;
760 // Look through each item on the exception table. Each of the fields must refer
761 // to a legal instruction.
762 if (was_recursively_verified()) return;
763 verify_exception_handler_table(
764 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
765
766 // Look through each entry on the local variable table and make sure
767 // its range of code array offsets is valid. (4169817)
768 if (m->has_localvariable_table()) {
769 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
770 }
771
772 Array<u1>* stackmap_data = m->stackmap_data();
773 StackMapStream stream(stackmap_data);
774 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
775 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
776
777 LogTarget(Debug, verification) lt;
778 if (lt.is_enabled()) {
779 LogStream ls(lt);
780 stackmap_table.print_on(&ls);
781 }
782
783 RawBytecodeStream bcs(m);
784
785 // Scan the byte code linearly from the start to the end
786 bool no_control_flow = false; // Set to true when there is no direct control
787 // flow from current instruction to the next
788 // instruction in sequence
789
790 Bytecodes::Code opcode;
791 while (!bcs.is_last_bytecode()) {
792 // Check for recursive re-verification before each bytecode.
793 if (was_recursively_verified()) return;
794
1625 case Bytecodes::_if_icmpge:
1626 case Bytecodes::_if_icmpgt:
1627 case Bytecodes::_if_icmple:
1628 current_frame.pop_stack(
1629 VerificationType::integer_type(), CHECK_VERIFY(this));
1630 // fall through
1631 case Bytecodes::_ifeq:
1632 case Bytecodes::_ifne:
1633 case Bytecodes::_iflt:
1634 case Bytecodes::_ifge:
1635 case Bytecodes::_ifgt:
1636 case Bytecodes::_ifle:
1637 current_frame.pop_stack(
1638 VerificationType::integer_type(), CHECK_VERIFY(this));
1639 stackmap_table.check_jump_target(
1640 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1641 no_control_flow = false; break;
1642 case Bytecodes::_if_acmpeq :
1643 case Bytecodes::_if_acmpne :
1644 current_frame.pop_stack(
1645 object_type(), CHECK_VERIFY(this));
1646 // fall through
1647 case Bytecodes::_ifnull :
1648 case Bytecodes::_ifnonnull :
1649 current_frame.pop_stack(
1650 object_type(), CHECK_VERIFY(this));
1651 stackmap_table.check_jump_target
1652 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1653 no_control_flow = false; break;
1654 case Bytecodes::_goto :
1655 stackmap_table.check_jump_target(
1656 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1657 no_control_flow = true; break;
1658 case Bytecodes::_goto_w :
1659 stackmap_table.check_jump_target(
1660 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_tableswitch :
1663 case Bytecodes::_lookupswitch :
1664 verify_switch(
1665 &bcs, code_length, code_data, ¤t_frame,
1666 &stackmap_table, CHECK_VERIFY(this));
1667 no_control_flow = true; break;
1668 case Bytecodes::_ireturn :
1669 type = current_frame.pop_stack(
1670 VerificationType::integer_type(), CHECK_VERIFY(this));
1690 VerificationType::double2_type(), CHECK_VERIFY(this));
1691 type = current_frame.pop_stack(
1692 VerificationType::double_type(), CHECK_VERIFY(this));
1693 verify_return_value(return_type, type, bci,
1694 ¤t_frame, CHECK_VERIFY(this));
1695 no_control_flow = true; break;
1696 case Bytecodes::_areturn :
1697 type = current_frame.pop_stack(
1698 VerificationType::reference_check(), CHECK_VERIFY(this));
1699 verify_return_value(return_type, type, bci,
1700 ¤t_frame, CHECK_VERIFY(this));
1701 no_control_flow = true; break;
1702 case Bytecodes::_return :
1703 if (return_type != VerificationType::bogus_type()) {
1704 verify_error(ErrorContext::bad_code(bci),
1705 "Method expects a return value");
1706 return;
1707 }
1708 // Make sure "this" has been initialized if current method is an
1709 // <init>.
1710 if (_method->is_object_constructor() &&
1711 current_frame.flag_this_uninit()) {
1712 verify_error(ErrorContext::bad_code(bci),
1713 "Constructor must call super() or this() "
1714 "before return");
1715 return;
1716 }
1717 no_control_flow = true; break;
1718 case Bytecodes::_getstatic :
1719 case Bytecodes::_putstatic :
1720 // pass TRUE, operand can be an array type for getstatic/putstatic.
1721 verify_field_instructions(
1722 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1723 no_control_flow = false; break;
1724 case Bytecodes::_getfield :
1725 case Bytecodes::_putfield :
1726 // pass FALSE, operand can't be an array type for getfield/putfield.
1727 verify_field_instructions(
1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_invokevirtual :
1731 case Bytecodes::_invokespecial :
1732 case Bytecodes::_invokestatic :
1733 case Bytecodes::_invokeinterface :
1734 case Bytecodes::_invokedynamic :
1735 verify_invoke_instructions(
1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_new :
1740 {
1741 u2 index = bcs.get_index_u2();
1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743 VerificationType new_class_type =
1744 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745 if (!new_class_type.is_object()) {
1746 verify_error(ErrorContext::bad_type(bci,
1747 TypeOrigin::cp(index, new_class_type)),
1748 "Illegal new instruction");
1749 return;
1750 }
1751 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1752 current_frame.push_stack(type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_newarray :
1756 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1757 current_frame.pop_stack(
1775 no_control_flow = false; break;
1776 case Bytecodes::_checkcast :
1777 {
1778 u2 index = bcs.get_index_u2();
1779 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1780 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1781 VerificationType klass_type = cp_index_to_type(
1782 index, cp, CHECK_VERIFY(this));
1783 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 }
1786 case Bytecodes::_instanceof : {
1787 u2 index = bcs.get_index_u2();
1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790 current_frame.push_stack(
1791 VerificationType::integer_type(), CHECK_VERIFY(this));
1792 no_control_flow = false; break;
1793 }
1794 case Bytecodes::_monitorenter :
1795 case Bytecodes::_monitorexit : {
1796 VerificationType ref = current_frame.pop_stack(
1797 VerificationType::reference_check(), CHECK_VERIFY(this));
1798 no_control_flow = false; break;
1799 }
1800 case Bytecodes::_multianewarray :
1801 {
1802 u2 index = bcs.get_index_u2();
1803 u2 dim = *(bcs.bcp()+3);
1804 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1805 VerificationType new_array_type =
1806 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1807 if (!new_array_type.is_array()) {
1808 verify_error(ErrorContext::bad_type(bci,
1809 TypeOrigin::cp(index, new_array_type)),
1810 "Illegal constant pool index in multianewarray instruction");
1811 return;
1812 }
1813 if (dim < 1 || new_array_type.dimensions() < dim) {
1814 verify_error(ErrorContext::bad_code(bci),
1815 "Illegal dimension in multianewarray instruction: %d", dim);
1816 return;
1817 }
1818 for (int i = 0; i < dim; i++) {
1819 current_frame.pop_stack(
2157 } else {
2158 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2159 if (member_klass != nullptr && fd.is_protected()) {
2160 if (!this_class->is_same_class_package(member_klass)) {
2161 return true;
2162 }
2163 }
2164 }
2165 return false;
2166 }
2167
2168 void ClassVerifier::verify_ldc(
2169 int opcode, u2 index, StackMapFrame* current_frame,
2170 const constantPoolHandle& cp, int bci, TRAPS) {
2171 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2172 constantTag tag = cp->tag_at(index);
2173 unsigned int types = 0;
2174 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2175 if (!tag.is_unresolved_klass()) {
2176 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2177 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2178 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2179 | (1 << JVM_CONSTANT_Dynamic);
2180 // Note: The class file parser already verified the legality of
2181 // MethodHandle and MethodType constants.
2182 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2183 }
2184 } else {
2185 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2186 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2187 | (1 << JVM_CONSTANT_Dynamic);
2188 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2189 }
2190 if (tag.is_string()) {
2191 current_frame->push_stack(
2192 VerificationType::reference_type(
2193 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2194 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2195 current_frame->push_stack(
2196 VerificationType::reference_type(
2197 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2332 const constantPoolHandle& cp,
2333 bool allow_arrays,
2334 TRAPS) {
2335 u2 index = bcs->get_index_u2();
2336 verify_cp_type(bcs->bci(), index, cp,
2337 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2338
2339 // Get field name and signature
2340 Symbol* field_name = cp->uncached_name_ref_at(index);
2341 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2342 bool is_getfield = false;
2343
2344 // Field signature was checked in ClassFileParser.
2345 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2346 "Invalid field signature");
2347
2348 // Get referenced class type
2349 VerificationType ref_class_type = cp_ref_index_to_type(
2350 index, cp, CHECK_VERIFY(this));
2351 if (!ref_class_type.is_object() &&
2352 (!allow_arrays || !ref_class_type.is_array())) {
2353 verify_error(ErrorContext::bad_type(bcs->bci(),
2354 TypeOrigin::cp(index, ref_class_type)),
2355 "Expecting reference to class in class %s at constant pool index %d",
2356 _klass->external_name(), index);
2357 return;
2358 }
2359
2360 VerificationType target_class_type = ref_class_type;
2361
2362 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2363 "buffer type must match VerificationType size");
2364 uintptr_t field_type_buffer[2];
2365 VerificationType* field_type = (VerificationType*)field_type_buffer;
2366 // If we make a VerificationType[2] array directly, the compiler calls
2367 // to the c-runtime library to do the allocation instead of just
2368 // stack allocating it. Plus it would run constructors. This shows up
2369 // in performance profiles.
2370
2371 SignatureStream sig_stream(field_sig, false);
2372 VerificationType stack_object_type;
2373 int n = change_sig_to_verificationType(&sig_stream, field_type);
2374 int bci = bcs->bci();
2375 bool is_assignable;
2376 switch (bcs->raw_code()) {
2377 case Bytecodes::_getstatic: {
2378 for (int i = 0; i < n; i++) {
2379 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2381 break;
2382 }
2383 case Bytecodes::_putstatic: {
2384 for (int i = n - 1; i >= 0; i--) {
2385 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2386 }
2387 break;
2388 }
2389 case Bytecodes::_getfield: {
2390 is_getfield = true;
2391 stack_object_type = current_frame->pop_stack(
2392 target_class_type, CHECK_VERIFY(this));
2393 goto check_protected;
2394 }
2395 case Bytecodes::_putfield: {
2396 for (int i = n - 1; i >= 0; i--) {
2397 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2398 }
2399 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2400
2401 // Field initialization is allowed before the superclass
2402 // initializer, if the field is defined within the current class.
2403 fieldDescriptor fd;
2404 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2405 target_class_type.equals(current_type());
2406 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2407 if (is_local_field) {
2408 // Set the type to the current type so the is_assignable check passes.
2409 stack_object_type = current_type();
2410
2411 if (fd.access_flags().is_strict()) {
2412 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2413 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2414 fd.name()->as_C_string(), fd.signature()->as_C_string());
2415 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2416 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2417 }
2418 }
2419 }
2420 } else if (supports_strict_fields(_klass)) {
2421 // `strict` fields are not writable, but only local fields produce verification errors
2422 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2423 verify_error(ErrorContext::bad_code(bci),
2424 "Illegal use of putfield on a strict field");
2425 return;
2426 }
2427 }
2428 is_assignable = target_class_type.is_assignable_from(
2429 stack_object_type, this, false, CHECK_VERIFY(this));
2430 if (!is_assignable) {
2431 verify_error(ErrorContext::bad_type(bci,
2432 current_frame->stack_top_ctx(),
2433 TypeOrigin::cp(index, target_class_type)),
2434 "Bad type on operand stack in putfield");
2435 return;
2436 }
2437 }
2438 check_protected: {
2439 if (_this_type == stack_object_type)
2440 break; // stack_object_type must be assignable to _current_class_type
2441 if (was_recursively_verified()) {
2442 if (is_getfield) {
2443 // Push field type for getfield.
2444 for (int i = 0; i < n; i++) {
2445 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2446 }
2485 }
2486
2487 void ClassVerifier::verify_invoke_init(
2488 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2489 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2490 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2491 TRAPS) {
2492 int bci = bcs->bci();
2493 VerificationType type = current_frame->pop_stack(
2494 VerificationType::reference_check(), CHECK_VERIFY(this));
2495 if (type == VerificationType::uninitialized_this_type()) {
2496 // The method must be an <init> method of this class or its superclass
2497 Klass* superk = current_class()->super();
2498 if (ref_class_type.name() != current_class()->name() &&
2499 ref_class_type.name() != superk->name()) {
2500 verify_error(ErrorContext::bad_type(bci,
2501 TypeOrigin::implicit(ref_class_type),
2502 TypeOrigin::implicit(current_type())),
2503 "Bad <init> method call");
2504 return;
2505 } else if (ref_class_type.name() == superk->name()) {
2506 // Strict final fields must be satisfied by this point
2507 if (!current_frame->verify_unset_fields_satisfied()) {
2508 log_info(verification)("Strict instance fields not initialized");
2509 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2510 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2511 }
2512 }
2513
2514 // If this invokespecial call is done from inside of a TRY block then make
2515 // sure that all catch clause paths end in a throw. Otherwise, this can
2516 // result in returning an incomplete object.
2517 if (in_try_block) {
2518 // Check the exception handler target stackmaps with the locals from the
2519 // incoming stackmap (before initialize_object() changes them to outgoing
2520 // state).
2521 if (was_recursively_verified()) return;
2522 verify_exception_handler_targets(bci, true, current_frame,
2523 stackmap_table, CHECK_VERIFY(this));
2524 } // in_try_block
2525
2526 current_frame->initialize_object(type, current_type());
2527 *this_uninit = true;
2528 } else if (type.is_uninitialized()) {
2529 u2 new_offset = type.bci();
2530 address new_bcp = bcs->bcp() - bci + new_offset;
2531 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2596 bool ClassVerifier::is_same_or_direct_interface(
2597 InstanceKlass* klass,
2598 VerificationType klass_type,
2599 VerificationType ref_class_type) {
2600 if (ref_class_type.equals(klass_type)) return true;
2601 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2602 if (local_interfaces != nullptr) {
2603 for (int x = 0; x < local_interfaces->length(); x++) {
2604 InstanceKlass* k = local_interfaces->at(x);
2605 assert (k != nullptr && k->is_interface(), "invalid interface");
2606 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2607 return true;
2608 }
2609 }
2610 }
2611 return false;
2612 }
2613
2614 void ClassVerifier::verify_invoke_instructions(
2615 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2616 bool in_try_block, bool *this_uninit,
2617 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2618 // Make sure the constant pool item is the right type
2619 u2 index = bcs->get_index_u2();
2620 Bytecodes::Code opcode = bcs->raw_code();
2621 unsigned int types = 0;
2622 switch (opcode) {
2623 case Bytecodes::_invokeinterface:
2624 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2625 break;
2626 case Bytecodes::_invokedynamic:
2627 types = 1 << JVM_CONSTANT_InvokeDynamic;
2628 break;
2629 case Bytecodes::_invokespecial:
2630 case Bytecodes::_invokestatic:
2631 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2632 (1 << JVM_CONSTANT_Methodref) :
2633 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2634 break;
2635 default:
2636 types = 1 << JVM_CONSTANT_Methodref;
2637 }
2638 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2639
2640 // Get method name and signature
2641 Symbol* method_name = cp->uncached_name_ref_at(index);
2642 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2643
2644 // Method signature was checked in ClassFileParser.
2645 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2646 "Invalid method signature");
2647
2648 // Get referenced class
2649 VerificationType ref_class_type;
2650 if (opcode == Bytecodes::_invokedynamic) {
2651 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2652 class_format_error(
2653 "invokedynamic instructions not supported by this class file version (%d), class %s",
2654 _klass->major_version(), _klass->external_name());
2655 return;
2656 }
2657 } else {
2658 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2659 }
2660
2661 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2662 "buffer type must match VerificationType size");
2663
2664 // Get the UTF8 index for this signature.
2665 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2666
2667 // Get the signature's verification types.
2668 sig_as_verification_types* mth_sig_verif_types;
2694 "Inconsistent args count operand in invokeinterface");
2695 return;
2696 }
2697 if (*(bcp+4) != 0) {
2698 verify_error(ErrorContext::bad_code(bci),
2699 "Fourth operand byte of invokeinterface must be zero");
2700 return;
2701 }
2702 }
2703
2704 if (opcode == Bytecodes::_invokedynamic) {
2705 address bcp = bcs->bcp();
2706 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2707 verify_error(ErrorContext::bad_code(bci),
2708 "Third and fourth operand bytes of invokedynamic must be zero");
2709 return;
2710 }
2711 }
2712
2713 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2714 // Make sure:
2715 // <init> can only be invoked by invokespecial.
2716 if (opcode != Bytecodes::_invokespecial ||
2717 method_name != vmSymbols::object_initializer_name()) {
2718 verify_error(ErrorContext::bad_code(bci),
2719 "Illegal call to internal method");
2720 return;
2721 }
2722 }
2723 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2724 // or any superclass (including Object).
2725 else if (opcode == Bytecodes::_invokespecial
2726 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2727 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { // super() can never be an inline_type.
2728
2729 // We know it is not current class, direct superinterface or immediate superclass. That means it
2730 // could be:
2731 // - a totally unrelated class or interface
2732 // - an indirect superinterface
2733 // - an indirect superclass (including Object)
2734 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2735 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2736 // implemented as assignability treats all interfaces as Object.
2737
2738 bool is_interface = false; // This can only be set true if the assignability check will return true
2739 // and we loaded the class. For any other "true" returns (e.g. same class
2740 // or Object) we either can't get here (same class already excluded above)
2741 // or we know it is not an interface (i.e. Object).
2742 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2743 &is_interface, CHECK_VERIFY(this));
2744 if (!subtype) { // Totally unrelated class
2745 verify_error(ErrorContext::bad_code(bci),
2746 "Bad invokespecial instruction: "
2747 "current class isn't assignable to reference class.");
2807 verify_error(ErrorContext::bad_type(bci,
2808 current_frame->stack_top_ctx(),
2809 TypeOrigin::implicit(current_type())),
2810 "Bad access to protected data in invokevirtual");
2811 return;
2812 }
2813 }
2814 }
2815 }
2816 }
2817 } else {
2818 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2819 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2820 }
2821 }
2822 }
2823 // Push the result type.
2824 int sig_verif_types_len = sig_verif_types->length();
2825 if (sig_verif_types_len > nargs) { // There's a return type
2826 if (method_name == vmSymbols::object_initializer_name()) {
2827 // an <init> method must have a void return type
2828 verify_error(ErrorContext::bad_code(bci),
2829 "Return type must be void in <init> method");
2830 return;
2831 }
2832
2833 assert(sig_verif_types_len <= nargs + 2,
2834 "Signature verification types array return type is bogus");
2835 for (int i = nargs; i < sig_verif_types_len; i++) {
2836 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2837 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2838 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2839 }
2840 }
2841 }
2842
2843 VerificationType ClassVerifier::get_newarray_type(
2844 u2 index, int bci, TRAPS) {
2845 const char* from_bt[] = {
2846 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2847 };
|