46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define MAX_ARRAY_DIMENSIONS 255
67
68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
69
70 extern "C" {
71 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
72 }
73
74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
75
76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
77
78 if (_verify_byte_codes_fn != NULL)
79 return _verify_byte_codes_fn;
80
81 MutexLocker locker(Verify_lock);
82
83 if (_verify_byte_codes_fn != NULL)
84 return _verify_byte_codes_fn;
85
258 }
259 kls = kls->super();
260 }
261 if (message_buffer != NULL) {
262 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
263 }
264 assert(exception_message != NULL, "");
265 THROW_MSG_(exception_name, exception_message, false);
266 }
267 }
268
269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
270 Symbol* name = klass->name();
271 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
272
273 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
274
275 return (should_verify_for(klass->class_loader(), should_verify_class) &&
276 // return if the class is a bootstrapping class
277 // or defineClass specified not to verify by default (flags override passed arg)
278 // We need to skip the following four for bootstraping
279 name != vmSymbols::java_lang_Object() &&
280 name != vmSymbols::java_lang_Class() &&
281 name != vmSymbols::java_lang_String() &&
282 name != vmSymbols::java_lang_Throwable() &&
283
284 // Can not verify the bytecodes for shared classes because they have
285 // already been rewritten to contain constant pool cache indices,
286 // which the verifier can't understand.
287 // Shared classes shouldn't have stackmaps either.
288 // However, bytecodes for shared old classes can be verified because
289 // they have not been rewritten.
290 !(klass->is_shared() && klass->is_rewritten()) &&
291
292 // As of the fix for 4486457 we disable verification for all of the
293 // dynamically-generated bytecodes associated with the 1.4
294 // reflection implementation, not just those associated with
295 // jdk/internal/reflect/SerializationConstructorAccessor.
296 // NOTE: this is called too early in the bootstrapping process to be
297 // guarded by Universe::is_gte_jdk14x_version().
298 // Also for lambda generated code, gte jdk8
481 ss->print("Local index %d is invalid", _type.index());
482 break;
483 case LOCALS_SIZE_MISMATCH:
484 ss->print("Current frame's local size doesn't match stackmap.");
485 break;
486 case STACK_SIZE_MISMATCH:
487 ss->print("Current frame's stack size doesn't match stackmap.");
488 break;
489 case STACK_OVERFLOW:
490 ss->print("Exceeded max stack size.");
491 break;
492 case STACK_UNDERFLOW:
493 ss->print("Attempt to pop empty stack.");
494 break;
495 case MISSING_STACKMAP:
496 ss->print("Expected stackmap frame at this location.");
497 break;
498 case BAD_STACKMAP:
499 ss->print("Invalid stackmap specification.");
500 break;
501 case UNKNOWN:
502 default:
503 ShouldNotReachHere();
504 ss->print_cr("Unknown");
505 }
506 ss->cr();
507 }
508
509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
510 if (_bci != -1 && method != NULL) {
511 streamIndentor si(ss);
512 const char* bytecode_name = "<invalid>";
513 if (method->validate_bci(_bci) != -1) {
514 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
515 if (Bytecodes::is_defined(code)) {
516 bytecode_name = Bytecodes::name(code);
517 } else {
518 bytecode_name = "<illegal>";
519 }
520 }
575 stack_map_frame* sm_frame = sm_table->entries();
576 streamIndentor si2(ss);
577 int current_offset = -1;
578 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
579 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
580 ss->indent();
581 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
582 sm_frame->print_truncated(ss, current_offset);
583 return;
584 }
585 sm_frame->print_on(ss, current_offset);
586 ss->cr();
587 current_offset += sm_frame->offset_delta();
588 sm_frame = sm_frame->next();
589 }
590 }
591 }
592
593 // Methods in ClassVerifier
594
595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
596 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
597 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
598 _this_type = VerificationType::reference_type(klass->name());
599 }
600
601 ClassVerifier::~ClassVerifier() {
602 // Decrement the reference count for any symbols created.
603 if (_symbols != NULL) {
604 for (int i = 0; i < _symbols->length(); i++) {
605 Symbol* s = _symbols->at(i);
606 s->decrement_refcount();
607 }
608 }
609 }
610
611 VerificationType ClassVerifier::object_type() const {
612 return VerificationType::reference_type(vmSymbols::java_lang_Object());
613 }
614
615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
616 VerificationType vt = VerificationType::reference_type(
617 create_temporary_symbol(sig, (int)strlen(sig)));
618 return TypeOrigin::implicit(vt);
1022 case Bytecodes::_daload :
1023 type = current_frame.pop_stack(
1024 VerificationType::integer_type(), CHECK_VERIFY(this));
1025 atype = current_frame.pop_stack(
1026 VerificationType::reference_check(), CHECK_VERIFY(this));
1027 if (!atype.is_double_array()) {
1028 verify_error(ErrorContext::bad_type(bci,
1029 current_frame.stack_top_ctx(), ref_ctx("[D")),
1030 bad_type_msg, "daload");
1031 return;
1032 }
1033 current_frame.push_stack_2(
1034 VerificationType::double_type(),
1035 VerificationType::double2_type(), CHECK_VERIFY(this));
1036 no_control_flow = false; break;
1037 case Bytecodes::_aaload : {
1038 type = current_frame.pop_stack(
1039 VerificationType::integer_type(), CHECK_VERIFY(this));
1040 atype = current_frame.pop_stack(
1041 VerificationType::reference_check(), CHECK_VERIFY(this));
1042 if (!atype.is_reference_array()) {
1043 verify_error(ErrorContext::bad_type(bci,
1044 current_frame.stack_top_ctx(),
1045 TypeOrigin::implicit(VerificationType::reference_check())),
1046 bad_type_msg, "aaload");
1047 return;
1048 }
1049 if (atype.is_null()) {
1050 current_frame.push_stack(
1051 VerificationType::null_type(), CHECK_VERIFY(this));
1052 } else {
1053 VerificationType component = atype.get_component(this);
1054 current_frame.push_stack(component, CHECK_VERIFY(this));
1055 }
1056 no_control_flow = false; break;
1057 }
1058 case Bytecodes::_istore :
1059 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1060 no_control_flow = false; break;
1061 case Bytecodes::_istore_0 :
1062 case Bytecodes::_istore_1 :
1195 VerificationType::double2_type(),
1196 VerificationType::double_type(), CHECK_VERIFY(this));
1197 current_frame.pop_stack(
1198 VerificationType::integer_type(), CHECK_VERIFY(this));
1199 atype = current_frame.pop_stack(
1200 VerificationType::reference_check(), CHECK_VERIFY(this));
1201 if (!atype.is_double_array()) {
1202 verify_error(ErrorContext::bad_type(bci,
1203 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204 bad_type_msg, "dastore");
1205 return;
1206 }
1207 no_control_flow = false; break;
1208 case Bytecodes::_aastore :
1209 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210 type2 = current_frame.pop_stack(
1211 VerificationType::integer_type(), CHECK_VERIFY(this));
1212 atype = current_frame.pop_stack(
1213 VerificationType::reference_check(), CHECK_VERIFY(this));
1214 // more type-checking is done at runtime
1215 if (!atype.is_reference_array()) {
1216 verify_error(ErrorContext::bad_type(bci,
1217 current_frame.stack_top_ctx(),
1218 TypeOrigin::implicit(VerificationType::reference_check())),
1219 bad_type_msg, "aastore");
1220 return;
1221 }
1222 // 4938384: relaxed constraint in JVMS 3nd edition.
1223 no_control_flow = false; break;
1224 case Bytecodes::_pop :
1225 current_frame.pop_stack(
1226 VerificationType::category1_check(), CHECK_VERIFY(this));
1227 no_control_flow = false; break;
1228 case Bytecodes::_pop2 :
1229 type = current_frame.pop_stack(CHECK_VERIFY(this));
1230 if (type.is_category1()) {
1231 current_frame.pop_stack(
1232 VerificationType::category1_check(), CHECK_VERIFY(this));
1233 } else if (type.is_category2_2nd()) {
1234 current_frame.pop_stack(
1235 VerificationType::category2_check(), CHECK_VERIFY(this));
1595 case Bytecodes::_if_icmpgt:
1596 case Bytecodes::_if_icmple:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 // fall through
1600 case Bytecodes::_ifeq:
1601 case Bytecodes::_ifne:
1602 case Bytecodes::_iflt:
1603 case Bytecodes::_ifge:
1604 case Bytecodes::_ifgt:
1605 case Bytecodes::_ifle:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 target = bcs.dest();
1609 stackmap_table.check_jump_target(
1610 ¤t_frame, target, CHECK_VERIFY(this));
1611 no_control_flow = false; break;
1612 case Bytecodes::_if_acmpeq :
1613 case Bytecodes::_if_acmpne :
1614 current_frame.pop_stack(
1615 VerificationType::reference_check(), CHECK_VERIFY(this));
1616 // fall through
1617 case Bytecodes::_ifnull :
1618 case Bytecodes::_ifnonnull :
1619 current_frame.pop_stack(
1620 VerificationType::reference_check(), CHECK_VERIFY(this));
1621 target = bcs.dest();
1622 stackmap_table.check_jump_target
1623 (¤t_frame, target, CHECK_VERIFY(this));
1624 no_control_flow = false; break;
1625 case Bytecodes::_goto :
1626 target = bcs.dest();
1627 stackmap_table.check_jump_target(
1628 ¤t_frame, target, CHECK_VERIFY(this));
1629 no_control_flow = true; break;
1630 case Bytecodes::_goto_w :
1631 target = bcs.dest_w();
1632 stackmap_table.check_jump_target(
1633 ¤t_frame, target, CHECK_VERIFY(this));
1634 no_control_flow = true; break;
1635 case Bytecodes::_tableswitch :
1636 case Bytecodes::_lookupswitch :
1637 verify_switch(
1638 &bcs, code_length, code_data, ¤t_frame,
1639 &stackmap_table, CHECK_VERIFY(this));
1640 no_control_flow = true; break;
1651 VerificationType::long_type(), CHECK_VERIFY(this));
1652 verify_return_value(return_type, type, bci,
1653 ¤t_frame, CHECK_VERIFY(this));
1654 no_control_flow = true; break;
1655 case Bytecodes::_freturn :
1656 type = current_frame.pop_stack(
1657 VerificationType::float_type(), CHECK_VERIFY(this));
1658 verify_return_value(return_type, type, bci,
1659 ¤t_frame, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1661 case Bytecodes::_dreturn :
1662 type2 = current_frame.pop_stack(
1663 VerificationType::double2_type(), CHECK_VERIFY(this));
1664 type = current_frame.pop_stack(
1665 VerificationType::double_type(), CHECK_VERIFY(this));
1666 verify_return_value(return_type, type, bci,
1667 ¤t_frame, CHECK_VERIFY(this));
1668 no_control_flow = true; break;
1669 case Bytecodes::_areturn :
1670 type = current_frame.pop_stack(
1671 VerificationType::reference_check(), CHECK_VERIFY(this));
1672 verify_return_value(return_type, type, bci,
1673 ¤t_frame, CHECK_VERIFY(this));
1674 no_control_flow = true; break;
1675 case Bytecodes::_return :
1676 if (return_type != VerificationType::bogus_type()) {
1677 verify_error(ErrorContext::bad_code(bci),
1678 "Method expects a return value");
1679 return;
1680 }
1681 // Make sure "this" has been initialized if current method is an
1682 // <init>.
1683 if (_method->name() == vmSymbols::object_initializer_name() &&
1684 current_frame.flag_this_uninit()) {
1685 verify_error(ErrorContext::bad_code(bci),
1686 "Constructor must call super() or this() "
1687 "before return");
1688 return;
1689 }
1690 no_control_flow = true; break;
1691 case Bytecodes::_getstatic :
1692 case Bytecodes::_putstatic :
1693 // pass TRUE, operand can be an array type for getstatic/putstatic.
1694 verify_field_instructions(
1695 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1696 no_control_flow = false; break;
1697 case Bytecodes::_getfield :
1698 case Bytecodes::_putfield :
1699 // pass FALSE, operand can't be an array type for getfield/putfield.
1700 verify_field_instructions(
1701 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1702 no_control_flow = false; break;
1703 case Bytecodes::_invokevirtual :
1704 case Bytecodes::_invokespecial :
1705 case Bytecodes::_invokestatic :
1706 verify_invoke_instructions(
1707 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1708 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709 no_control_flow = false; break;
1710 case Bytecodes::_invokeinterface :
1711 case Bytecodes::_invokedynamic :
1712 verify_invoke_instructions(
1713 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1714 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715 no_control_flow = false; break;
1716 case Bytecodes::_new :
1717 {
1718 index = bcs.get_index_u2();
1719 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720 VerificationType new_class_type =
1721 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722 if (!new_class_type.is_object()) {
1723 verify_error(ErrorContext::bad_type(bci,
1724 TypeOrigin::cp(index, new_class_type)),
1725 "Illegal new instruction");
1726 return;
1727 }
1728 type = VerificationType::uninitialized_type(bci);
1729 current_frame.push_stack(type, CHECK_VERIFY(this));
1730 no_control_flow = false; break;
1731 }
1732 case Bytecodes::_newarray :
1733 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734 current_frame.pop_stack(
1735 VerificationType::integer_type(), CHECK_VERIFY(this));
1736 current_frame.push_stack(type, CHECK_VERIFY(this));
1737 no_control_flow = false; break;
1738 case Bytecodes::_anewarray :
1739 verify_anewarray(
1740 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1741 no_control_flow = false; break;
1742 case Bytecodes::_arraylength :
1743 type = current_frame.pop_stack(
1744 VerificationType::reference_check(), CHECK_VERIFY(this));
1745 if (!(type.is_null() || type.is_array())) {
1746 verify_error(ErrorContext::bad_type(
1747 bci, current_frame.stack_top_ctx()),
1748 bad_type_msg, "arraylength");
1749 }
1750 current_frame.push_stack(
1751 VerificationType::integer_type(), CHECK_VERIFY(this));
1752 no_control_flow = false; break;
1753 case Bytecodes::_checkcast :
1754 {
1755 index = bcs.get_index_u2();
1756 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758 VerificationType klass_type = cp_index_to_type(
1759 index, cp, CHECK_VERIFY(this));
1760 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761 no_control_flow = false; break;
1762 }
1763 case Bytecodes::_instanceof : {
1764 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 current_frame.push_stack(
1768 VerificationType::integer_type(), CHECK_VERIFY(this));
1769 no_control_flow = false; break;
1770 }
1771 case Bytecodes::_monitorenter :
1772 case Bytecodes::_monitorexit :
1773 current_frame.pop_stack(
1774 VerificationType::reference_check(), CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 case Bytecodes::_multianewarray :
1777 {
1778 index = bcs.get_index_u2();
1779 u2 dim = *(bcs.bcp()+3);
1780 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781 VerificationType new_array_type =
1782 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783 if (!new_array_type.is_array()) {
1784 verify_error(ErrorContext::bad_type(bci,
1785 TypeOrigin::cp(index, new_array_type)),
1786 "Illegal constant pool index in multianewarray instruction");
1787 return;
1788 }
1789 if (dim < 1 || new_array_type.dimensions() < dim) {
1790 verify_error(ErrorContext::bad_code(bci),
1791 "Illegal dimension in multianewarray instruction: %d", dim);
1792 return;
1793 }
1794 for (int i = 0; i < dim; i++) {
1795 current_frame.pop_stack(
2020 int nconstants = cp->length();
2021 if ((index <= 0) || (index >= nconstants)) {
2022 verify_error(ErrorContext::bad_cp_index(bci, index),
2023 "Illegal constant pool index %d in class %s",
2024 index, cp->pool_holder()->external_name());
2025 return;
2026 }
2027 }
2028
2029 void ClassVerifier::verify_cp_type(
2030 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031
2032 // In some situations, bytecode rewriting may occur while we're verifying.
2033 // In this case, a constant pool cache exists and some indices refer to that
2034 // instead. Be sure we don't pick up such indices by accident.
2035 // We must check was_recursively_verified() before we get here.
2036 guarantee(cp->cache() == NULL, "not rewritten yet");
2037
2038 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039 unsigned int tag = cp->tag_at(index).value();
2040 if ((types & (1 << tag)) == 0) {
2041 verify_error(ErrorContext::bad_cp_index(bci, index),
2042 "Illegal type at constant pool entry %d in class %s",
2043 index, cp->pool_holder()->external_name());
2044 return;
2045 }
2046 }
2047
2048 void ClassVerifier::verify_cp_class_type(
2049 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2050 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051 constantTag tag = cp->tag_at(index);
2052 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053 verify_error(ErrorContext::bad_cp_index(bci, index),
2054 "Illegal type at constant pool entry %d in class %s",
2055 index, cp->pool_holder()->external_name());
2056 return;
2057 }
2058 }
2059
2134 } else {
2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136 if (member_klass != NULL && fd.is_protected()) {
2137 if (!this_class->is_same_class_package(member_klass)) {
2138 return true;
2139 }
2140 }
2141 }
2142 return false;
2143 }
2144
2145 void ClassVerifier::verify_ldc(
2146 int opcode, u2 index, StackMapFrame* current_frame,
2147 const constantPoolHandle& cp, u2 bci, TRAPS) {
2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149 constantTag tag = cp->tag_at(index);
2150 unsigned int types = 0;
2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152 if (!tag.is_unresolved_klass()) {
2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156 | (1 << JVM_CONSTANT_Dynamic);
2157 // Note: The class file parser already verified the legality of
2158 // MethodHandle and MethodType constants.
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 } else {
2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164 | (1 << JVM_CONSTANT_Dynamic);
2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166 }
2167 if (tag.is_string()) {
2168 current_frame->push_stack(
2169 VerificationType::reference_type(
2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172 current_frame->push_stack(
2173 VerificationType::reference_type(
2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2308 StackMapFrame* current_frame,
2309 const constantPoolHandle& cp,
2310 bool allow_arrays,
2311 TRAPS) {
2312 u2 index = bcs->get_index_u2();
2313 verify_cp_type(bcs->bci(), index, cp,
2314 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2315
2316 // Get field name and signature
2317 Symbol* field_name = cp->name_ref_at(index);
2318 Symbol* field_sig = cp->signature_ref_at(index);
2319
2320 // Field signature was checked in ClassFileParser.
2321 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2322 "Invalid field signature");
2323
2324 // Get referenced class type
2325 VerificationType ref_class_type = cp_ref_index_to_type(
2326 index, cp, CHECK_VERIFY(this));
2327 if (!ref_class_type.is_object() &&
2328 (!allow_arrays || !ref_class_type.is_array())) {
2329 verify_error(ErrorContext::bad_type(bcs->bci(),
2330 TypeOrigin::cp(index, ref_class_type)),
2331 "Expecting reference to class in class %s at constant pool index %d",
2332 _klass->external_name(), index);
2333 return;
2334 }
2335 VerificationType target_class_type = ref_class_type;
2336
2337 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2338 "buffer type must match VerificationType size");
2339 uintptr_t field_type_buffer[2];
2340 VerificationType* field_type = (VerificationType*)field_type_buffer;
2341 // If we make a VerificationType[2] array directly, the compiler calls
2342 // to the c-runtime library to do the allocation instead of just
2343 // stack allocating it. Plus it would run constructors. This shows up
2344 // in performance profiles.
2345
2346 SignatureStream sig_stream(field_sig, false);
2347 VerificationType stack_object_type;
2348 int n = change_sig_to_verificationType(&sig_stream, field_type);
2349 u2 bci = bcs->bci();
2350 bool is_assignable;
2351 switch (bcs->raw_code()) {
2352 case Bytecodes::_getstatic: {
2353 for (int i = 0; i < n; i++) {
2354 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2355 }
2356 break;
2357 }
2358 case Bytecodes::_putstatic: {
2359 for (int i = n - 1; i >= 0; i--) {
2360 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2361 }
2362 break;
2363 }
2364 case Bytecodes::_getfield: {
2365 stack_object_type = current_frame->pop_stack(
2366 target_class_type, CHECK_VERIFY(this));
2367 for (int i = 0; i < n; i++) {
2368 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2369 }
2370 goto check_protected;
2371 }
2372 case Bytecodes::_putfield: {
2373 for (int i = n - 1; i >= 0; i--) {
2374 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375 }
2376 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377
2378 // The JVMS 2nd edition allows field initialization before the superclass
2379 // initializer, if the field is defined within the current class.
2380 fieldDescriptor fd;
2381 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382 target_class_type.equals(current_type()) &&
2383 _klass->find_local_field(field_name, field_sig, &fd)) {
2752 bool ClassVerifier::is_same_or_direct_interface(
2753 InstanceKlass* klass,
2754 VerificationType klass_type,
2755 VerificationType ref_class_type) {
2756 if (ref_class_type.equals(klass_type)) return true;
2757 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2758 if (local_interfaces != NULL) {
2759 for (int x = 0; x < local_interfaces->length(); x++) {
2760 InstanceKlass* k = local_interfaces->at(x);
2761 assert (k != NULL && k->is_interface(), "invalid interface");
2762 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2763 return true;
2764 }
2765 }
2766 }
2767 return false;
2768 }
2769
2770 void ClassVerifier::verify_invoke_instructions(
2771 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2772 bool in_try_block, bool *this_uninit, VerificationType return_type,
2773 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2774 // Make sure the constant pool item is the right type
2775 u2 index = bcs->get_index_u2();
2776 Bytecodes::Code opcode = bcs->raw_code();
2777 unsigned int types = 0;
2778 switch (opcode) {
2779 case Bytecodes::_invokeinterface:
2780 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2781 break;
2782 case Bytecodes::_invokedynamic:
2783 types = 1 << JVM_CONSTANT_InvokeDynamic;
2784 break;
2785 case Bytecodes::_invokespecial:
2786 case Bytecodes::_invokestatic:
2787 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2788 (1 << JVM_CONSTANT_Methodref) :
2789 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2790 break;
2791 default:
2792 types = 1 << JVM_CONSTANT_Methodref;
2793 }
2794 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2795
2796 // Get method name and signature
2797 Symbol* method_name = cp->name_ref_at(index);
2798 Symbol* method_sig = cp->signature_ref_at(index);
2799
2800 // Method signature was checked in ClassFileParser.
2801 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2802 "Invalid method signature");
2803
2804 // Get referenced class type
2805 VerificationType ref_class_type;
2806 if (opcode == Bytecodes::_invokedynamic) {
2807 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2808 class_format_error(
2809 "invokedynamic instructions not supported by this class file version (%d), class %s",
2810 _klass->major_version(), _klass->external_name());
2811 return;
2812 }
2813 } else {
2814 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2815 }
2816
2817 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2818 "buffer type must match VerificationType size");
2819
2820 // Get the UTF8 index for this signature.
2821 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2822
2823 // Get the signature's verification types.
2824 sig_as_verification_types* mth_sig_verif_types;
2850 "Inconsistent args count operand in invokeinterface");
2851 return;
2852 }
2853 if (*(bcp+4) != 0) {
2854 verify_error(ErrorContext::bad_code(bci),
2855 "Fourth operand byte of invokeinterface must be zero");
2856 return;
2857 }
2858 }
2859
2860 if (opcode == Bytecodes::_invokedynamic) {
2861 address bcp = bcs->bcp();
2862 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2863 verify_error(ErrorContext::bad_code(bci),
2864 "Third and fourth operand bytes of invokedynamic must be zero");
2865 return;
2866 }
2867 }
2868
2869 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2870 // Make sure <init> can only be invoked by invokespecial
2871 if (opcode != Bytecodes::_invokespecial ||
2872 method_name != vmSymbols::object_initializer_name()) {
2873 verify_error(ErrorContext::bad_code(bci),
2874 "Illegal call to internal method");
2875 return;
2876 }
2877 } else if (opcode == Bytecodes::_invokespecial
2878 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2879 && !ref_class_type.equals(VerificationType::reference_type(
2880 current_class()->super()->name()))) {
2881 bool subtype = false;
2882 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2883 subtype = ref_class_type.is_assignable_from(
2884 current_type(), this, false, CHECK_VERIFY(this));
2885 if (!subtype) {
2886 verify_error(ErrorContext::bad_code(bci),
2887 "Bad invokespecial instruction: "
2888 "current class isn't assignable to reference class.");
2889 return;
2890 } else if (have_imr_indirect) {
2891 verify_error(ErrorContext::bad_code(bci),
2892 "Bad invokespecial instruction: "
2893 "interface method reference is in an indirect superinterface.");
2894 return;
2895 }
2896
2897 }
2898
2899 // Get the verification types for the method's arguments.
2900 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2901 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2902 // Match method descriptor with operand stack
2903 // The arguments are on the stack in descending order.
2904 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2905 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2906 }
2907
2908 // Check objectref on operand stack
2909 if (opcode != Bytecodes::_invokestatic &&
2910 opcode != Bytecodes::_invokedynamic) {
2911 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2912 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2913 code_length, in_try_block, this_uninit, cp, stackmap_table,
2914 CHECK_VERIFY(this));
2915 if (was_recursively_verified()) return;
2916 } else { // other methods
2917 // Ensures that target class is assignable to method class.
2918 if (opcode == Bytecodes::_invokespecial) {
2919 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2920 } else if (opcode == Bytecodes::_invokevirtual) {
2921 VerificationType stack_object_type =
2922 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2923 if (current_type() != stack_object_type) {
2924 if (was_recursively_verified()) return;
2925 assert(cp->cache() == NULL, "not rewritten yet");
2926 Symbol* ref_class_name =
2927 cp->klass_name_at(cp->klass_ref_index_at(index));
2928 // See the comments in verify_field_instructions() for
2929 // the rationale behind this.
2930 if (name_in_supers(ref_class_name, current_class())) {
2931 Klass* ref_class = load_class(ref_class_name, CHECK);
2944 } else {
2945 verify_error(ErrorContext::bad_type(bci,
2946 current_frame->stack_top_ctx(),
2947 TypeOrigin::implicit(current_type())),
2948 "Bad access to protected data in invokevirtual");
2949 return;
2950 }
2951 }
2952 }
2953 }
2954 }
2955 } else {
2956 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2957 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2958 }
2959 }
2960 }
2961 // Push the result type.
2962 int sig_verif_types_len = sig_verif_types->length();
2963 if (sig_verif_types_len > nargs) { // There's a return type
2964 if (method_name == vmSymbols::object_initializer_name()) {
2965 // <init> method must have a void return type
2966 /* Unreachable? Class file parser verifies that methods with '<' have
2967 * void return */
2968 verify_error(ErrorContext::bad_code(bci),
2969 "Return type must be void in <init> method");
2970 return;
2971 }
2972
2973 assert(sig_verif_types_len <= nargs + 2,
2974 "Signature verification types array return type is bogus");
2975 for (int i = nargs; i < sig_verif_types_len; i++) {
2976 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2977 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2978 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2979 }
2980 }
2981 }
2982
2983 VerificationType ClassVerifier::get_newarray_type(
2984 u2 index, u2 bci, TRAPS) {
2985 const char* from_bt[] = {
2986 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2987 };
2988 if (index < T_BOOLEAN || index > T_LONG) {
2989 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2990 return VerificationType::bogus_type();
2991 }
2992
2993 // from_bt[index] contains the array signature which has a length of 2
2994 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2995 return VerificationType::reference_type(sig);
2996 }
2997
2998 void ClassVerifier::verify_anewarray(
2999 u2 bci, u2 index, const constantPoolHandle& cp,
3007 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3008 int length;
3009 char* arr_sig_str;
3010 if (component_type.is_array()) { // it's an array
3011 const char* component_name = component_type.name()->as_utf8();
3012 // Check for more than MAX_ARRAY_DIMENSIONS
3013 length = (int)strlen(component_name);
3014 if (length > MAX_ARRAY_DIMENSIONS &&
3015 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3016 verify_error(ErrorContext::bad_code(bci),
3017 "Illegal anewarray instruction, array has more than 255 dimensions");
3018 }
3019 // add one dimension to component
3020 length++;
3021 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3022 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3023 JVM_SIGNATURE_ARRAY, component_name);
3024 assert(n == length, "Unexpected number of characters in string");
3025 } else { // it's an object or interface
3026 const char* component_name = component_type.name()->as_utf8();
3027 // add one dimension to component with 'L' prepended and ';' postpended.
3028 length = (int)strlen(component_name) + 3;
3029 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3030 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3031 JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3032 assert(n == length, "Unexpected number of characters in string");
3033 }
3034 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3035 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3036 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3037 }
3038
3039 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3040 current_frame->get_local(
3041 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3042 current_frame->push_stack(
3043 VerificationType::integer_type(), CHECK_VERIFY(this));
3044 }
3045
3046 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3047 current_frame->get_local_2(
3048 index, VerificationType::long_type(),
3049 VerificationType::long2_type(), CHECK_VERIFY(this));
3050 current_frame->push_stack_2(
3051 VerificationType::long_type(),
3053 }
3054
3055 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3056 current_frame->get_local(
3057 index, VerificationType::float_type(), CHECK_VERIFY(this));
3058 current_frame->push_stack(
3059 VerificationType::float_type(), CHECK_VERIFY(this));
3060 }
3061
3062 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3063 current_frame->get_local_2(
3064 index, VerificationType::double_type(),
3065 VerificationType::double2_type(), CHECK_VERIFY(this));
3066 current_frame->push_stack_2(
3067 VerificationType::double_type(),
3068 VerificationType::double2_type(), CHECK_VERIFY(this));
3069 }
3070
3071 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3072 VerificationType type = current_frame->get_local(
3073 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3074 current_frame->push_stack(type, CHECK_VERIFY(this));
3075 }
3076
3077 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3078 current_frame->pop_stack(
3079 VerificationType::integer_type(), CHECK_VERIFY(this));
3080 current_frame->set_local(
3081 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3082 }
3083
3084 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3085 current_frame->pop_stack_2(
3086 VerificationType::long2_type(),
3087 VerificationType::long_type(), CHECK_VERIFY(this));
3088 current_frame->set_local_2(
3089 index, VerificationType::long_type(),
3090 VerificationType::long2_type(), CHECK_VERIFY(this));
3091 }
3092
3093 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3094 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3095 current_frame->set_local(
3096 index, VerificationType::float_type(), CHECK_VERIFY(this));
3097 }
3098
3099 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3100 current_frame->pop_stack_2(
3101 VerificationType::double2_type(),
3102 VerificationType::double_type(), CHECK_VERIFY(this));
3103 current_frame->set_local_2(
3104 index, VerificationType::double_type(),
3105 VerificationType::double2_type(), CHECK_VERIFY(this));
3106 }
3107
3108 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3109 VerificationType type = current_frame->pop_stack(
3110 VerificationType::reference_check(), CHECK_VERIFY(this));
3111 current_frame->set_local(index, type, CHECK_VERIFY(this));
3112 }
3113
3114 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3115 VerificationType type = current_frame->get_local(
3116 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3117 current_frame->set_local(index, type, CHECK_VERIFY(this));
3118 }
3119
3120 void ClassVerifier::verify_return_value(
3121 VerificationType return_type, VerificationType type, u2 bci,
3122 StackMapFrame* current_frame, TRAPS) {
3123 if (return_type == VerificationType::bogus_type()) {
3124 verify_error(ErrorContext::bad_type(bci,
3125 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3126 "Method does not expect a return value");
3127 return;
3128 }
3129 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3130 if (!match) {
|
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/jniHandles.inline.hpp"
56 #include "runtime/os.hpp"
57 #include "runtime/safepointVerifiers.hpp"
58 #include "runtime/thread.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62
63 #define NOFAILOVER_MAJOR_VERSION 51
64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
66 #define INLINE_TYPE_MAJOR_VERSION 56
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != NULL)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != NULL)
85 return _verify_byte_codes_fn;
86
259 }
260 kls = kls->super();
261 }
262 if (message_buffer != NULL) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != NULL, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
273
274 bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
275
276 return (should_verify_for(klass->class_loader(), should_verify_class) &&
277 // return if the class is a bootstrapping class
278 // or defineClass specified not to verify by default (flags override passed arg)
279 // We need to skip the following four for bootstrapping
280 name != vmSymbols::java_lang_Object() &&
281 name != vmSymbols::java_lang_Class() &&
282 name != vmSymbols::java_lang_String() &&
283 name != vmSymbols::java_lang_Throwable() &&
284
285 // Can not verify the bytecodes for shared classes because they have
286 // already been rewritten to contain constant pool cache indices,
287 // which the verifier can't understand.
288 // Shared classes shouldn't have stackmaps either.
289 // However, bytecodes for shared old classes can be verified because
290 // they have not been rewritten.
291 !(klass->is_shared() && klass->is_rewritten()) &&
292
293 // As of the fix for 4486457 we disable verification for all of the
294 // dynamically-generated bytecodes associated with the 1.4
295 // reflection implementation, not just those associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 // NOTE: this is called too early in the bootstrapping process to be
298 // guarded by Universe::is_gte_jdk14x_version().
299 // Also for lambda generated code, gte jdk8
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case LOCALS_SIZE_MISMATCH:
485 ss->print("Current frame's local size doesn't match stackmap.");
486 break;
487 case STACK_SIZE_MISMATCH:
488 ss->print("Current frame's stack size doesn't match stackmap.");
489 break;
490 case STACK_OVERFLOW:
491 ss->print("Exceeded max stack size.");
492 break;
493 case STACK_UNDERFLOW:
494 ss->print("Attempt to pop empty stack.");
495 break;
496 case MISSING_STACKMAP:
497 ss->print("Expected stackmap frame at this location.");
498 break;
499 case BAD_STACKMAP:
500 ss->print("Invalid stackmap specification.");
501 break;
502 case WRONG_INLINE_TYPE:
503 ss->print("Type ");
504 _type.details(ss);
505 ss->print(" and type ");
506 _expected.details(ss);
507 ss->print(" must be identical inline types.");
508 break;
509 case UNKNOWN:
510 default:
511 ShouldNotReachHere();
512 ss->print_cr("Unknown");
513 }
514 ss->cr();
515 }
516
517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
518 if (_bci != -1 && method != NULL) {
519 streamIndentor si(ss);
520 const char* bytecode_name = "<invalid>";
521 if (method->validate_bci(_bci) != -1) {
522 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
523 if (Bytecodes::is_defined(code)) {
524 bytecode_name = Bytecodes::name(code);
525 } else {
526 bytecode_name = "<illegal>";
527 }
528 }
583 stack_map_frame* sm_frame = sm_table->entries();
584 streamIndentor si2(ss);
585 int current_offset = -1;
586 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
587 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
588 ss->indent();
589 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
590 sm_frame->print_truncated(ss, current_offset);
591 return;
592 }
593 sm_frame->print_on(ss, current_offset);
594 ss->cr();
595 current_offset += sm_frame->offset_delta();
596 sm_frame = sm_frame->next();
597 }
598 }
599 }
600
601 // Methods in ClassVerifier
602
603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
604 if (klass->is_inline_klass()) {
605 return VerificationType::inline_type(klass->name());
606 } else {
607 return VerificationType::reference_type(klass->name());
608 }
609 }
610
611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
612 : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
613 _message(NULL), _method_signatures_table(NULL), _klass(klass) {
614 _this_type = reference_or_inline_type(klass);
615 }
616
617 ClassVerifier::~ClassVerifier() {
618 // Decrement the reference count for any symbols created.
619 if (_symbols != NULL) {
620 for (int i = 0; i < _symbols->length(); i++) {
621 Symbol* s = _symbols->at(i);
622 s->decrement_refcount();
623 }
624 }
625 }
626
627 VerificationType ClassVerifier::object_type() const {
628 return VerificationType::reference_type(vmSymbols::java_lang_Object());
629 }
630
631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
632 VerificationType vt = VerificationType::reference_type(
633 create_temporary_symbol(sig, (int)strlen(sig)));
634 return TypeOrigin::implicit(vt);
1038 case Bytecodes::_daload :
1039 type = current_frame.pop_stack(
1040 VerificationType::integer_type(), CHECK_VERIFY(this));
1041 atype = current_frame.pop_stack(
1042 VerificationType::reference_check(), CHECK_VERIFY(this));
1043 if (!atype.is_double_array()) {
1044 verify_error(ErrorContext::bad_type(bci,
1045 current_frame.stack_top_ctx(), ref_ctx("[D")),
1046 bad_type_msg, "daload");
1047 return;
1048 }
1049 current_frame.push_stack_2(
1050 VerificationType::double_type(),
1051 VerificationType::double2_type(), CHECK_VERIFY(this));
1052 no_control_flow = false; break;
1053 case Bytecodes::_aaload : {
1054 type = current_frame.pop_stack(
1055 VerificationType::integer_type(), CHECK_VERIFY(this));
1056 atype = current_frame.pop_stack(
1057 VerificationType::reference_check(), CHECK_VERIFY(this));
1058 if (!atype.is_nonscalar_array()) {
1059 verify_error(ErrorContext::bad_type(bci,
1060 current_frame.stack_top_ctx(),
1061 TypeOrigin::implicit(VerificationType::reference_check())),
1062 bad_type_msg, "aaload");
1063 return;
1064 }
1065 if (atype.is_null()) {
1066 current_frame.push_stack(
1067 VerificationType::null_type(), CHECK_VERIFY(this));
1068 } else {
1069 VerificationType component = atype.get_component(this);
1070 current_frame.push_stack(component, CHECK_VERIFY(this));
1071 }
1072 no_control_flow = false; break;
1073 }
1074 case Bytecodes::_istore :
1075 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1076 no_control_flow = false; break;
1077 case Bytecodes::_istore_0 :
1078 case Bytecodes::_istore_1 :
1211 VerificationType::double2_type(),
1212 VerificationType::double_type(), CHECK_VERIFY(this));
1213 current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 if (!atype.is_double_array()) {
1218 verify_error(ErrorContext::bad_type(bci,
1219 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220 bad_type_msg, "dastore");
1221 return;
1222 }
1223 no_control_flow = false; break;
1224 case Bytecodes::_aastore :
1225 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226 type2 = current_frame.pop_stack(
1227 VerificationType::integer_type(), CHECK_VERIFY(this));
1228 atype = current_frame.pop_stack(
1229 VerificationType::reference_check(), CHECK_VERIFY(this));
1230 // more type-checking is done at runtime
1231 if (!atype.is_nonscalar_array()) {
1232 verify_error(ErrorContext::bad_type(bci,
1233 current_frame.stack_top_ctx(),
1234 TypeOrigin::implicit(VerificationType::reference_check())),
1235 bad_type_msg, "aastore");
1236 return;
1237 }
1238 // 4938384: relaxed constraint in JVMS 3nd edition.
1239 no_control_flow = false; break;
1240 case Bytecodes::_pop :
1241 current_frame.pop_stack(
1242 VerificationType::category1_check(), CHECK_VERIFY(this));
1243 no_control_flow = false; break;
1244 case Bytecodes::_pop2 :
1245 type = current_frame.pop_stack(CHECK_VERIFY(this));
1246 if (type.is_category1()) {
1247 current_frame.pop_stack(
1248 VerificationType::category1_check(), CHECK_VERIFY(this));
1249 } else if (type.is_category2_2nd()) {
1250 current_frame.pop_stack(
1251 VerificationType::category2_check(), CHECK_VERIFY(this));
1611 case Bytecodes::_if_icmpgt:
1612 case Bytecodes::_if_icmple:
1613 current_frame.pop_stack(
1614 VerificationType::integer_type(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifeq:
1617 case Bytecodes::_ifne:
1618 case Bytecodes::_iflt:
1619 case Bytecodes::_ifge:
1620 case Bytecodes::_ifgt:
1621 case Bytecodes::_ifle:
1622 current_frame.pop_stack(
1623 VerificationType::integer_type(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target(
1626 ¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_if_acmpeq :
1629 case Bytecodes::_if_acmpne :
1630 current_frame.pop_stack(
1631 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1632 // fall through
1633 case Bytecodes::_ifnull :
1634 case Bytecodes::_ifnonnull :
1635 current_frame.pop_stack(
1636 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1637 target = bcs.dest();
1638 stackmap_table.check_jump_target
1639 (¤t_frame, target, CHECK_VERIFY(this));
1640 no_control_flow = false; break;
1641 case Bytecodes::_goto :
1642 target = bcs.dest();
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, target, CHECK_VERIFY(this));
1645 no_control_flow = true; break;
1646 case Bytecodes::_goto_w :
1647 target = bcs.dest_w();
1648 stackmap_table.check_jump_target(
1649 ¤t_frame, target, CHECK_VERIFY(this));
1650 no_control_flow = true; break;
1651 case Bytecodes::_tableswitch :
1652 case Bytecodes::_lookupswitch :
1653 verify_switch(
1654 &bcs, code_length, code_data, ¤t_frame,
1655 &stackmap_table, CHECK_VERIFY(this));
1656 no_control_flow = true; break;
1667 VerificationType::long_type(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_freturn :
1672 type = current_frame.pop_stack(
1673 VerificationType::float_type(), CHECK_VERIFY(this));
1674 verify_return_value(return_type, type, bci,
1675 ¤t_frame, CHECK_VERIFY(this));
1676 no_control_flow = true; break;
1677 case Bytecodes::_dreturn :
1678 type2 = current_frame.pop_stack(
1679 VerificationType::double2_type(), CHECK_VERIFY(this));
1680 type = current_frame.pop_stack(
1681 VerificationType::double_type(), CHECK_VERIFY(this));
1682 verify_return_value(return_type, type, bci,
1683 ¤t_frame, CHECK_VERIFY(this));
1684 no_control_flow = true; break;
1685 case Bytecodes::_areturn :
1686 type = current_frame.pop_stack(
1687 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_return :
1692 if (return_type != VerificationType::bogus_type()) {
1693 verify_error(ErrorContext::bad_code(bci),
1694 "Method expects a return value");
1695 return;
1696 }
1697 // Make sure "this" has been initialized if current method is an
1698 // <init>.
1699 if (_method->is_object_constructor() &&
1700 current_frame.flag_this_uninit()) {
1701 verify_error(ErrorContext::bad_code(bci),
1702 "Constructor must call super() or this() "
1703 "before return");
1704 return;
1705 }
1706 no_control_flow = true; break;
1707 case Bytecodes::_getstatic :
1708 case Bytecodes::_putstatic :
1709 // pass TRUE, operand can be an array type for getstatic/putstatic.
1710 verify_field_instructions(
1711 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_getfield :
1714 case Bytecodes::_putfield :
1715 // pass FALSE, operand can't be an array type for getfield/putfield.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_withfield :
1720 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1721 class_format_error(
1722 "withfield not supported by this class file version (%d.%d), class %s",
1723 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1724 return;
1725 }
1726 // pass FALSE, operand can't be an array type for withfield.
1727 verify_field_instructions(
1728 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1729 no_control_flow = false; break;
1730 case Bytecodes::_invokevirtual :
1731 case Bytecodes::_invokespecial :
1732 case Bytecodes::_invokestatic :
1733 case Bytecodes::_invokeinterface :
1734 case Bytecodes::_invokedynamic :
1735 verify_invoke_instructions(
1736 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1737 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_new :
1740 {
1741 index = bcs.get_index_u2();
1742 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743 VerificationType new_class_type =
1744 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745 if (!new_class_type.is_object()) {
1746 verify_error(ErrorContext::bad_type(bci,
1747 TypeOrigin::cp(index, new_class_type)),
1748 "Illegal new instruction");
1749 return;
1750 }
1751 type = VerificationType::uninitialized_type(bci);
1752 current_frame.push_stack(type, CHECK_VERIFY(this));
1753 no_control_flow = false; break;
1754 }
1755 case Bytecodes::_defaultvalue :
1756 {
1757 if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1758 class_format_error(
1759 "defaultvalue not supported by this class file version (%d.%d), class %s",
1760 _klass->major_version(), _klass->minor_version(), _klass->external_name());
1761 return;
1762 }
1763 index = bcs.get_index_u2();
1764 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1765 VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1766 if (!ref_type.is_object()) {
1767 verify_error(ErrorContext::bad_type(bci,
1768 TypeOrigin::cp(index, ref_type)),
1769 "Illegal defaultvalue instruction");
1770 return;
1771 }
1772 VerificationType inline_type =
1773 VerificationType::change_ref_to_inline_type(ref_type);
1774 current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1775 no_control_flow = false; break;
1776 }
1777 case Bytecodes::_newarray :
1778 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1779 current_frame.pop_stack(
1780 VerificationType::integer_type(), CHECK_VERIFY(this));
1781 current_frame.push_stack(type, CHECK_VERIFY(this));
1782 no_control_flow = false; break;
1783 case Bytecodes::_anewarray :
1784 verify_anewarray(
1785 bci, bcs.get_index_u2(), cp, ¤t_frame, CHECK_VERIFY(this));
1786 no_control_flow = false; break;
1787 case Bytecodes::_arraylength :
1788 type = current_frame.pop_stack(
1789 VerificationType::reference_check(), CHECK_VERIFY(this));
1790 if (!(type.is_null() || type.is_array())) {
1791 verify_error(ErrorContext::bad_type(
1792 bci, current_frame.stack_top_ctx()),
1793 bad_type_msg, "arraylength");
1794 }
1795 current_frame.push_stack(
1796 VerificationType::integer_type(), CHECK_VERIFY(this));
1797 no_control_flow = false; break;
1798 case Bytecodes::_checkcast :
1799 {
1800 index = bcs.get_index_u2();
1801 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803 VerificationType klass_type = cp_index_to_type(
1804 index, cp, CHECK_VERIFY(this));
1805 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1806 no_control_flow = false; break;
1807 }
1808 case Bytecodes::_instanceof : {
1809 index = bcs.get_index_u2();
1810 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812 current_frame.push_stack(
1813 VerificationType::integer_type(), CHECK_VERIFY(this));
1814 no_control_flow = false; break;
1815 }
1816 case Bytecodes::_monitorenter :
1817 case Bytecodes::_monitorexit : {
1818 VerificationType ref = current_frame.pop_stack(
1819 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1820 no_control_flow = false; break;
1821 }
1822 case Bytecodes::_multianewarray :
1823 {
1824 index = bcs.get_index_u2();
1825 u2 dim = *(bcs.bcp()+3);
1826 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1827 VerificationType new_array_type =
1828 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1829 if (!new_array_type.is_array()) {
1830 verify_error(ErrorContext::bad_type(bci,
1831 TypeOrigin::cp(index, new_array_type)),
1832 "Illegal constant pool index in multianewarray instruction");
1833 return;
1834 }
1835 if (dim < 1 || new_array_type.dimensions() < dim) {
1836 verify_error(ErrorContext::bad_code(bci),
1837 "Illegal dimension in multianewarray instruction: %d", dim);
1838 return;
1839 }
1840 for (int i = 0; i < dim; i++) {
1841 current_frame.pop_stack(
2066 int nconstants = cp->length();
2067 if ((index <= 0) || (index >= nconstants)) {
2068 verify_error(ErrorContext::bad_cp_index(bci, index),
2069 "Illegal constant pool index %d in class %s",
2070 index, cp->pool_holder()->external_name());
2071 return;
2072 }
2073 }
2074
2075 void ClassVerifier::verify_cp_type(
2076 u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2077
2078 // In some situations, bytecode rewriting may occur while we're verifying.
2079 // In this case, a constant pool cache exists and some indices refer to that
2080 // instead. Be sure we don't pick up such indices by accident.
2081 // We must check was_recursively_verified() before we get here.
2082 guarantee(cp->cache() == NULL, "not rewritten yet");
2083
2084 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085 unsigned int tag = cp->tag_at(index).value();
2086
2087 if ((types & (1 << tag)) == 0) {
2088 verify_error(ErrorContext::bad_cp_index(bci, index),
2089 "Illegal type at constant pool entry %d in class %s",
2090 index, cp->pool_holder()->external_name());
2091 return;
2092 }
2093 }
2094
2095 void ClassVerifier::verify_cp_class_type(
2096 u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2097 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2098 constantTag tag = cp->tag_at(index);
2099 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2100 verify_error(ErrorContext::bad_cp_index(bci, index),
2101 "Illegal type at constant pool entry %d in class %s",
2102 index, cp->pool_holder()->external_name());
2103 return;
2104 }
2105 }
2106
2181 } else {
2182 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2183 if (member_klass != NULL && fd.is_protected()) {
2184 if (!this_class->is_same_class_package(member_klass)) {
2185 return true;
2186 }
2187 }
2188 }
2189 return false;
2190 }
2191
2192 void ClassVerifier::verify_ldc(
2193 int opcode, u2 index, StackMapFrame* current_frame,
2194 const constantPoolHandle& cp, u2 bci, TRAPS) {
2195 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2196 constantTag tag = cp->tag_at(index);
2197 unsigned int types = 0;
2198 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2199 if (!tag.is_unresolved_klass()) {
2200 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2201 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2202 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2203 | (1 << JVM_CONSTANT_Dynamic);
2204 // Note: The class file parser already verified the legality of
2205 // MethodHandle and MethodType constants.
2206 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207 }
2208 } else {
2209 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2210 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2211 | (1 << JVM_CONSTANT_Dynamic);
2212 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213 }
2214 if (tag.is_string()) {
2215 current_frame->push_stack(
2216 VerificationType::reference_type(
2217 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2218 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2219 current_frame->push_stack(
2220 VerificationType::reference_type(
2221 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2355 StackMapFrame* current_frame,
2356 const constantPoolHandle& cp,
2357 bool allow_arrays,
2358 TRAPS) {
2359 u2 index = bcs->get_index_u2();
2360 verify_cp_type(bcs->bci(), index, cp,
2361 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2362
2363 // Get field name and signature
2364 Symbol* field_name = cp->name_ref_at(index);
2365 Symbol* field_sig = cp->signature_ref_at(index);
2366
2367 // Field signature was checked in ClassFileParser.
2368 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2369 "Invalid field signature");
2370
2371 // Get referenced class type
2372 VerificationType ref_class_type = cp_ref_index_to_type(
2373 index, cp, CHECK_VERIFY(this));
2374 if (!ref_class_type.is_object() &&
2375 (!allow_arrays || !ref_class_type.is_array())) {
2376 verify_error(ErrorContext::bad_type(bcs->bci(),
2377 TypeOrigin::cp(index, ref_class_type)),
2378 "Expecting reference to class in class %s at constant pool index %d",
2379 _klass->external_name(), index);
2380 return;
2381 }
2382
2383 VerificationType target_class_type = ref_class_type;
2384
2385 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2386 "buffer type must match VerificationType size");
2387 uintptr_t field_type_buffer[2];
2388 VerificationType* field_type = (VerificationType*)field_type_buffer;
2389 // If we make a VerificationType[2] array directly, the compiler calls
2390 // to the c-runtime library to do the allocation instead of just
2391 // stack allocating it. Plus it would run constructors. This shows up
2392 // in performance profiles.
2393
2394 SignatureStream sig_stream(field_sig, false);
2395 VerificationType stack_object_type;
2396 int n = change_sig_to_verificationType(&sig_stream, field_type);
2397 u2 bci = bcs->bci();
2398 bool is_assignable;
2399 switch (bcs->raw_code()) {
2400 case Bytecodes::_getstatic: {
2401 for (int i = 0; i < n; i++) {
2402 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2403 }
2404 break;
2405 }
2406 case Bytecodes::_putstatic: {
2407 for (int i = n - 1; i >= 0; i--) {
2408 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2409 }
2410 break;
2411 }
2412 case Bytecodes::_withfield: {
2413 for (int i = n - 1; i >= 0; i--) {
2414 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2415 }
2416 // Check that the receiver is a subtype of the referenced class.
2417 current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2418 VerificationType target_inline_type =
2419 VerificationType::change_ref_to_inline_type(target_class_type);
2420 current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2421 break;
2422 }
2423 case Bytecodes::_getfield: {
2424 stack_object_type = current_frame->pop_stack(
2425 target_class_type, CHECK_VERIFY(this));
2426 for (int i = 0; i < n; i++) {
2427 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2428 }
2429 goto check_protected;
2430 }
2431 case Bytecodes::_putfield: {
2432 for (int i = n - 1; i >= 0; i--) {
2433 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2434 }
2435 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2436
2437 // The JVMS 2nd edition allows field initialization before the superclass
2438 // initializer, if the field is defined within the current class.
2439 fieldDescriptor fd;
2440 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2441 target_class_type.equals(current_type()) &&
2442 _klass->find_local_field(field_name, field_sig, &fd)) {
2811 bool ClassVerifier::is_same_or_direct_interface(
2812 InstanceKlass* klass,
2813 VerificationType klass_type,
2814 VerificationType ref_class_type) {
2815 if (ref_class_type.equals(klass_type)) return true;
2816 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2817 if (local_interfaces != NULL) {
2818 for (int x = 0; x < local_interfaces->length(); x++) {
2819 InstanceKlass* k = local_interfaces->at(x);
2820 assert (k != NULL && k->is_interface(), "invalid interface");
2821 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2822 return true;
2823 }
2824 }
2825 }
2826 return false;
2827 }
2828
2829 void ClassVerifier::verify_invoke_instructions(
2830 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2831 bool in_try_block, bool *this_uninit,
2832 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2833 // Make sure the constant pool item is the right type
2834 u2 index = bcs->get_index_u2();
2835 Bytecodes::Code opcode = bcs->raw_code();
2836 unsigned int types = 0;
2837 switch (opcode) {
2838 case Bytecodes::_invokeinterface:
2839 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2840 break;
2841 case Bytecodes::_invokedynamic:
2842 types = 1 << JVM_CONSTANT_InvokeDynamic;
2843 break;
2844 case Bytecodes::_invokespecial:
2845 case Bytecodes::_invokestatic:
2846 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2847 (1 << JVM_CONSTANT_Methodref) :
2848 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2849 break;
2850 default:
2851 types = 1 << JVM_CONSTANT_Methodref;
2852 }
2853 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2854
2855 // Get method name and signature
2856 Symbol* method_name = cp->name_ref_at(index);
2857 Symbol* method_sig = cp->signature_ref_at(index);
2858
2859 // Method signature was checked in ClassFileParser.
2860 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2861 "Invalid method signature");
2862
2863 // Get referenced class
2864 VerificationType ref_class_type;
2865 if (opcode == Bytecodes::_invokedynamic) {
2866 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2867 class_format_error(
2868 "invokedynamic instructions not supported by this class file version (%d), class %s",
2869 _klass->major_version(), _klass->external_name());
2870 return;
2871 }
2872 } else {
2873 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2874 }
2875
2876 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2877 "buffer type must match VerificationType size");
2878
2879 // Get the UTF8 index for this signature.
2880 int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2881
2882 // Get the signature's verification types.
2883 sig_as_verification_types* mth_sig_verif_types;
2909 "Inconsistent args count operand in invokeinterface");
2910 return;
2911 }
2912 if (*(bcp+4) != 0) {
2913 verify_error(ErrorContext::bad_code(bci),
2914 "Fourth operand byte of invokeinterface must be zero");
2915 return;
2916 }
2917 }
2918
2919 if (opcode == Bytecodes::_invokedynamic) {
2920 address bcp = bcs->bcp();
2921 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2922 verify_error(ErrorContext::bad_code(bci),
2923 "Third and fourth operand bytes of invokedynamic must be zero");
2924 return;
2925 }
2926 }
2927
2928 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2929 // Make sure <init> can only be invoked by invokespecial or invokestatic.
2930 // The allowed invocation mode of <init> depends on its signature.
2931 if ((opcode != Bytecodes::_invokespecial &&
2932 opcode != Bytecodes::_invokestatic) ||
2933 method_name != vmSymbols::object_initializer_name()) {
2934 verify_error(ErrorContext::bad_code(bci),
2935 "Illegal call to internal method");
2936 return;
2937 }
2938 } else if (opcode == Bytecodes::_invokespecial
2939 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2940 && !ref_class_type.equals(VerificationType::reference_type(
2941 current_class()->super()->name()))) { // super() can never be an inline_type.
2942 bool subtype = false;
2943 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2944 subtype = ref_class_type.is_assignable_from(
2945 current_type(), this, false, CHECK_VERIFY(this));
2946 if (!subtype) {
2947 verify_error(ErrorContext::bad_code(bci),
2948 "Bad invokespecial instruction: "
2949 "current class isn't assignable to reference class.");
2950 return;
2951 } else if (have_imr_indirect) {
2952 verify_error(ErrorContext::bad_code(bci),
2953 "Bad invokespecial instruction: "
2954 "interface method reference is in an indirect superinterface.");
2955 return;
2956 }
2957
2958 }
2959
2960 // Get the verification types for the method's arguments.
2961 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2962 assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2963 // Match method descriptor with operand stack
2964 // The arguments are on the stack in descending order.
2965 for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2966 current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2967 }
2968
2969 // Check objectref on operand stack
2970 if (opcode != Bytecodes::_invokestatic &&
2971 opcode != Bytecodes::_invokedynamic) {
2972 if (method_name == vmSymbols::object_initializer_name()) { // <init> method
2973 // (use of <init> as a static factory is handled under invokestatic)
2974 verify_invoke_init(bcs, index, ref_class_type, current_frame,
2975 code_length, in_try_block, this_uninit, cp, stackmap_table,
2976 CHECK_VERIFY(this));
2977 if (was_recursively_verified()) return;
2978 } else { // other methods
2979 // Ensures that target class is assignable to method class.
2980 if (opcode == Bytecodes::_invokespecial) {
2981 current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2982 } else if (opcode == Bytecodes::_invokevirtual) {
2983 VerificationType stack_object_type =
2984 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2985 if (current_type() != stack_object_type) {
2986 if (was_recursively_verified()) return;
2987 assert(cp->cache() == NULL, "not rewritten yet");
2988 Symbol* ref_class_name =
2989 cp->klass_name_at(cp->klass_ref_index_at(index));
2990 // See the comments in verify_field_instructions() for
2991 // the rationale behind this.
2992 if (name_in_supers(ref_class_name, current_class())) {
2993 Klass* ref_class = load_class(ref_class_name, CHECK);
3006 } else {
3007 verify_error(ErrorContext::bad_type(bci,
3008 current_frame->stack_top_ctx(),
3009 TypeOrigin::implicit(current_type())),
3010 "Bad access to protected data in invokevirtual");
3011 return;
3012 }
3013 }
3014 }
3015 }
3016 }
3017 } else {
3018 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3019 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3020 }
3021 }
3022 }
3023 // Push the result type.
3024 int sig_verif_types_len = sig_verif_types->length();
3025 if (sig_verif_types_len > nargs) { // There's a return type
3026 if (method_name == vmSymbols::object_initializer_name() &&
3027 opcode != Bytecodes::_invokestatic) {
3028 // an <init> method must have a void return type, unless it's a static factory
3029 verify_error(ErrorContext::bad_code(bci),
3030 "Return type must be void in <init> method");
3031 return;
3032 }
3033
3034 assert(sig_verif_types_len <= nargs + 2,
3035 "Signature verification types array return type is bogus");
3036 for (int i = nargs; i < sig_verif_types_len; i++) {
3037 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3038 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3039 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3040 }
3041 } else {
3042 // an <init> method may not have a void return type, if it's a static factory
3043 if (method_name == vmSymbols::object_initializer_name() &&
3044 opcode != Bytecodes::_invokespecial) {
3045 verify_error(ErrorContext::bad_code(bci),
3046 "Return type must be non-void in <init> static factory method");
3047 return;
3048 }
3049 }
3050 }
3051
3052 VerificationType ClassVerifier::get_newarray_type(
3053 u2 index, u2 bci, TRAPS) {
3054 const char* from_bt[] = {
3055 NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3056 };
3057 if (index < T_BOOLEAN || index > T_LONG) {
3058 verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3059 return VerificationType::bogus_type();
3060 }
3061
3062 // from_bt[index] contains the array signature which has a length of 2
3063 Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3064 return VerificationType::reference_type(sig);
3065 }
3066
3067 void ClassVerifier::verify_anewarray(
3068 u2 bci, u2 index, const constantPoolHandle& cp,
3076 cp_index_to_type(index, cp, CHECK_VERIFY(this));
3077 int length;
3078 char* arr_sig_str;
3079 if (component_type.is_array()) { // it's an array
3080 const char* component_name = component_type.name()->as_utf8();
3081 // Check for more than MAX_ARRAY_DIMENSIONS
3082 length = (int)strlen(component_name);
3083 if (length > MAX_ARRAY_DIMENSIONS &&
3084 component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3085 verify_error(ErrorContext::bad_code(bci),
3086 "Illegal anewarray instruction, array has more than 255 dimensions");
3087 }
3088 // add one dimension to component
3089 length++;
3090 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3091 int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3092 JVM_SIGNATURE_ARRAY, component_name);
3093 assert(n == length, "Unexpected number of characters in string");
3094 } else { // it's an object or interface
3095 const char* component_name = component_type.name()->as_utf8();
3096 char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_INLINE_TYPE : JVM_SIGNATURE_CLASS;
3097 // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3098 length = (int)strlen(component_name) + 3;
3099 arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3100 int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3101 JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3102 assert(n == length, "Unexpected number of characters in string");
3103 }
3104 Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3105 VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3106 current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3107 }
3108
3109 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3110 current_frame->get_local(
3111 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3112 current_frame->push_stack(
3113 VerificationType::integer_type(), CHECK_VERIFY(this));
3114 }
3115
3116 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3117 current_frame->get_local_2(
3118 index, VerificationType::long_type(),
3119 VerificationType::long2_type(), CHECK_VERIFY(this));
3120 current_frame->push_stack_2(
3121 VerificationType::long_type(),
3123 }
3124
3125 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3126 current_frame->get_local(
3127 index, VerificationType::float_type(), CHECK_VERIFY(this));
3128 current_frame->push_stack(
3129 VerificationType::float_type(), CHECK_VERIFY(this));
3130 }
3131
3132 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3133 current_frame->get_local_2(
3134 index, VerificationType::double_type(),
3135 VerificationType::double2_type(), CHECK_VERIFY(this));
3136 current_frame->push_stack_2(
3137 VerificationType::double_type(),
3138 VerificationType::double2_type(), CHECK_VERIFY(this));
3139 }
3140
3141 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3142 VerificationType type = current_frame->get_local(
3143 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3144 current_frame->push_stack(type, CHECK_VERIFY(this));
3145 }
3146
3147 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3148 current_frame->pop_stack(
3149 VerificationType::integer_type(), CHECK_VERIFY(this));
3150 current_frame->set_local(
3151 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3152 }
3153
3154 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3155 current_frame->pop_stack_2(
3156 VerificationType::long2_type(),
3157 VerificationType::long_type(), CHECK_VERIFY(this));
3158 current_frame->set_local_2(
3159 index, VerificationType::long_type(),
3160 VerificationType::long2_type(), CHECK_VERIFY(this));
3161 }
3162
3163 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3164 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3165 current_frame->set_local(
3166 index, VerificationType::float_type(), CHECK_VERIFY(this));
3167 }
3168
3169 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3170 current_frame->pop_stack_2(
3171 VerificationType::double2_type(),
3172 VerificationType::double_type(), CHECK_VERIFY(this));
3173 current_frame->set_local_2(
3174 index, VerificationType::double_type(),
3175 VerificationType::double2_type(), CHECK_VERIFY(this));
3176 }
3177
3178 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3179 VerificationType type = current_frame->pop_stack(
3180 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3181 current_frame->set_local(index, type, CHECK_VERIFY(this));
3182 }
3183
3184 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3185 VerificationType type = current_frame->get_local(
3186 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3187 current_frame->set_local(index, type, CHECK_VERIFY(this));
3188 }
3189
3190 void ClassVerifier::verify_return_value(
3191 VerificationType return_type, VerificationType type, u2 bci,
3192 StackMapFrame* current_frame, TRAPS) {
3193 if (return_type == VerificationType::bogus_type()) {
3194 verify_error(ErrorContext::bad_type(bci,
3195 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3196 "Method does not expect a return value");
3197 return;
3198 }
3199 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3200 if (!match) {
|