< prev index next >

src/hotspot/share/classfile/verifier.cpp

Print this page

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52

  66 #define MAX_ARRAY_DIMENSIONS 255
  67 
  68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  69 
  70 extern "C" {
  71   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  75 
  76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  77 
  78   if (_verify_byte_codes_fn != NULL)
  79     return _verify_byte_codes_fn;
  80 
  81   MutexLocker locker(Verify_lock);
  82 
  83   if (_verify_byte_codes_fn != NULL)
  84     return _verify_byte_codes_fn;
  85 

 258       }
 259       kls = kls->super();
 260     }
 261     if (message_buffer != NULL) {
 262       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 263     }
 264     assert(exception_message != NULL, "");
 265     THROW_MSG_(exception_name, exception_message, false);
 266   }
 267 }
 268 
 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 270   Symbol* name = klass->name();
 271   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 272 
 273   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 274 
 275   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 276     // return if the class is a bootstrapping class
 277     // or defineClass specified not to verify by default (flags override passed arg)
 278     // We need to skip the following four for bootstraping
 279     name != vmSymbols::java_lang_Object() &&
 280     name != vmSymbols::java_lang_Class() &&
 281     name != vmSymbols::java_lang_String() &&
 282     name != vmSymbols::java_lang_Throwable() &&
 283 
 284     // Can not verify the bytecodes for shared classes because they have
 285     // already been rewritten to contain constant pool cache indices,
 286     // which the verifier can't understand.
 287     // Shared classes shouldn't have stackmaps either.
 288     // However, bytecodes for shared old classes can be verified because
 289     // they have not been rewritten.
 290     !(klass->is_shared() && klass->is_rewritten()) &&
 291 
 292     // As of the fix for 4486457 we disable verification for all of the
 293     // dynamically-generated bytecodes associated with the 1.4
 294     // reflection implementation, not just those associated with
 295     // jdk/internal/reflect/SerializationConstructorAccessor.
 296     // NOTE: this is called too early in the bootstrapping process to be
 297     // guarded by Universe::is_gte_jdk14x_version().
 298     // Also for lambda generated code, gte jdk8

 481       ss->print("Local index %d is invalid", _type.index());
 482       break;
 483     case LOCALS_SIZE_MISMATCH:
 484       ss->print("Current frame's local size doesn't match stackmap.");
 485       break;
 486     case STACK_SIZE_MISMATCH:
 487       ss->print("Current frame's stack size doesn't match stackmap.");
 488       break;
 489     case STACK_OVERFLOW:
 490       ss->print("Exceeded max stack size.");
 491       break;
 492     case STACK_UNDERFLOW:
 493       ss->print("Attempt to pop empty stack.");
 494       break;
 495     case MISSING_STACKMAP:
 496       ss->print("Expected stackmap frame at this location.");
 497       break;
 498     case BAD_STACKMAP:
 499       ss->print("Invalid stackmap specification.");
 500       break;







 501     case UNKNOWN:
 502     default:
 503       ShouldNotReachHere();
 504       ss->print_cr("Unknown");
 505   }
 506   ss->cr();
 507 }
 508 
 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 510   if (_bci != -1 && method != NULL) {
 511     streamIndentor si(ss);
 512     const char* bytecode_name = "<invalid>";
 513     if (method->validate_bci(_bci) != -1) {
 514       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 515       if (Bytecodes::is_defined(code)) {
 516           bytecode_name = Bytecodes::name(code);
 517       } else {
 518           bytecode_name = "<illegal>";
 519       }
 520     }

 575     stack_map_frame* sm_frame = sm_table->entries();
 576     streamIndentor si2(ss);
 577     int current_offset = -1;
 578     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 579     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 580       ss->indent();
 581       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 582         sm_frame->print_truncated(ss, current_offset);
 583         return;
 584       }
 585       sm_frame->print_on(ss, current_offset);
 586       ss->cr();
 587       current_offset += sm_frame->offset_delta();
 588       sm_frame = sm_frame->next();
 589     }
 590   }
 591 }
 592 
 593 // Methods in ClassVerifier
 594 








 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 596     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 597       _message(NULL), _klass(klass) {
 598   _this_type = VerificationType::reference_type(klass->name());
 599 }
 600 
 601 ClassVerifier::~ClassVerifier() {
 602   // Decrement the reference count for any symbols created.
 603   if (_symbols != NULL) {
 604     for (int i = 0; i < _symbols->length(); i++) {
 605       Symbol* s = _symbols->at(i);
 606       s->decrement_refcount();
 607     }
 608   }
 609 }
 610 
 611 VerificationType ClassVerifier::object_type() const {
 612   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 613 }
 614 
 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 616   VerificationType vt = VerificationType::reference_type(
 617                          create_temporary_symbol(sig, (int)strlen(sig)));
 618   return TypeOrigin::implicit(vt);

1018         case Bytecodes::_daload :
1019           type = current_frame.pop_stack(
1020             VerificationType::integer_type(), CHECK_VERIFY(this));
1021           atype = current_frame.pop_stack(
1022             VerificationType::reference_check(), CHECK_VERIFY(this));
1023           if (!atype.is_double_array()) {
1024             verify_error(ErrorContext::bad_type(bci,
1025                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1026                 bad_type_msg, "daload");
1027             return;
1028           }
1029           current_frame.push_stack_2(
1030             VerificationType::double_type(),
1031             VerificationType::double2_type(), CHECK_VERIFY(this));
1032           no_control_flow = false; break;
1033         case Bytecodes::_aaload : {
1034           type = current_frame.pop_stack(
1035             VerificationType::integer_type(), CHECK_VERIFY(this));
1036           atype = current_frame.pop_stack(
1037             VerificationType::reference_check(), CHECK_VERIFY(this));
1038           if (!atype.is_reference_array()) {
1039             verify_error(ErrorContext::bad_type(bci,
1040                 current_frame.stack_top_ctx(),
1041                 TypeOrigin::implicit(VerificationType::reference_check())),
1042                 bad_type_msg, "aaload");
1043             return;
1044           }
1045           if (atype.is_null()) {
1046             current_frame.push_stack(
1047               VerificationType::null_type(), CHECK_VERIFY(this));
1048           } else {
1049             VerificationType component = atype.get_component(this);
1050             current_frame.push_stack(component, CHECK_VERIFY(this));
1051           }
1052           no_control_flow = false; break;
1053         }
1054         case Bytecodes::_istore :
1055           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1056           no_control_flow = false; break;
1057         case Bytecodes::_istore_0 :
1058         case Bytecodes::_istore_1 :

1191             VerificationType::double2_type(),
1192             VerificationType::double_type(), CHECK_VERIFY(this));
1193           current_frame.pop_stack(
1194             VerificationType::integer_type(), CHECK_VERIFY(this));
1195           atype = current_frame.pop_stack(
1196             VerificationType::reference_check(), CHECK_VERIFY(this));
1197           if (!atype.is_double_array()) {
1198             verify_error(ErrorContext::bad_type(bci,
1199                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1200                 bad_type_msg, "dastore");
1201             return;
1202           }
1203           no_control_flow = false; break;
1204         case Bytecodes::_aastore :
1205           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1206           type2 = current_frame.pop_stack(
1207             VerificationType::integer_type(), CHECK_VERIFY(this));
1208           atype = current_frame.pop_stack(
1209             VerificationType::reference_check(), CHECK_VERIFY(this));
1210           // more type-checking is done at runtime
1211           if (!atype.is_reference_array()) {
1212             verify_error(ErrorContext::bad_type(bci,
1213                 current_frame.stack_top_ctx(),
1214                 TypeOrigin::implicit(VerificationType::reference_check())),
1215                 bad_type_msg, "aastore");
1216             return;
1217           }
1218           // 4938384: relaxed constraint in JVMS 3rd edition.
1219           no_control_flow = false; break;
1220         case Bytecodes::_pop :
1221           current_frame.pop_stack(
1222             VerificationType::category1_check(), CHECK_VERIFY(this));
1223           no_control_flow = false; break;
1224         case Bytecodes::_pop2 :
1225           type = current_frame.pop_stack(CHECK_VERIFY(this));
1226           if (type.is_category1()) {
1227             current_frame.pop_stack(
1228               VerificationType::category1_check(), CHECK_VERIFY(this));
1229           } else if (type.is_category2_2nd()) {
1230             current_frame.pop_stack(
1231               VerificationType::category2_check(), CHECK_VERIFY(this));

1591         case Bytecodes::_if_icmpgt:
1592         case Bytecodes::_if_icmple:
1593           current_frame.pop_stack(
1594             VerificationType::integer_type(), CHECK_VERIFY(this));
1595           // fall through
1596         case Bytecodes::_ifeq:
1597         case Bytecodes::_ifne:
1598         case Bytecodes::_iflt:
1599         case Bytecodes::_ifge:
1600         case Bytecodes::_ifgt:
1601         case Bytecodes::_ifle:
1602           current_frame.pop_stack(
1603             VerificationType::integer_type(), CHECK_VERIFY(this));
1604           target = bcs.dest();
1605           stackmap_table.check_jump_target(
1606             &current_frame, target, CHECK_VERIFY(this));
1607           no_control_flow = false; break;
1608         case Bytecodes::_if_acmpeq :
1609         case Bytecodes::_if_acmpne :
1610           current_frame.pop_stack(
1611             VerificationType::reference_check(), CHECK_VERIFY(this));
1612           // fall through
1613         case Bytecodes::_ifnull :
1614         case Bytecodes::_ifnonnull :
1615           current_frame.pop_stack(
1616             VerificationType::reference_check(), CHECK_VERIFY(this));
1617           target = bcs.dest();
1618           stackmap_table.check_jump_target
1619             (&current_frame, target, CHECK_VERIFY(this));
1620           no_control_flow = false; break;
1621         case Bytecodes::_goto :
1622           target = bcs.dest();
1623           stackmap_table.check_jump_target(
1624             &current_frame, target, CHECK_VERIFY(this));
1625           no_control_flow = true; break;
1626         case Bytecodes::_goto_w :
1627           target = bcs.dest_w();
1628           stackmap_table.check_jump_target(
1629             &current_frame, target, CHECK_VERIFY(this));
1630           no_control_flow = true; break;
1631         case Bytecodes::_tableswitch :
1632         case Bytecodes::_lookupswitch :
1633           verify_switch(
1634             &bcs, code_length, code_data, &current_frame,
1635             &stackmap_table, CHECK_VERIFY(this));
1636           no_control_flow = true; break;

1647             VerificationType::long_type(), CHECK_VERIFY(this));
1648           verify_return_value(return_type, type, bci,
1649                               &current_frame, CHECK_VERIFY(this));
1650           no_control_flow = true; break;
1651         case Bytecodes::_freturn :
1652           type = current_frame.pop_stack(
1653             VerificationType::float_type(), CHECK_VERIFY(this));
1654           verify_return_value(return_type, type, bci,
1655                               &current_frame, CHECK_VERIFY(this));
1656           no_control_flow = true; break;
1657         case Bytecodes::_dreturn :
1658           type2 = current_frame.pop_stack(
1659             VerificationType::double2_type(),  CHECK_VERIFY(this));
1660           type = current_frame.pop_stack(
1661             VerificationType::double_type(), CHECK_VERIFY(this));
1662           verify_return_value(return_type, type, bci,
1663                               &current_frame, CHECK_VERIFY(this));
1664           no_control_flow = true; break;
1665         case Bytecodes::_areturn :
1666           type = current_frame.pop_stack(
1667             VerificationType::reference_check(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_return :
1672           if (return_type != VerificationType::bogus_type()) {
1673             verify_error(ErrorContext::bad_code(bci),
1674                          "Method expects a return value");
1675             return;
1676           }
1677           // Make sure "this" has been initialized if current method is an
1678           // <init>.
1679           if (_method->name() == vmSymbols::object_initializer_name() &&
1680               current_frame.flag_this_uninit()) {
1681             verify_error(ErrorContext::bad_code(bci),
1682                          "Constructor must call super() or this() "
1683                          "before return");
1684             return;
1685           }
1686           no_control_flow = true; break;
1687         case Bytecodes::_getstatic :
1688         case Bytecodes::_putstatic :
1689           // pass TRUE, operand can be an array type for getstatic/putstatic.
1690           verify_field_instructions(
1691             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1692           no_control_flow = false; break;
1693         case Bytecodes::_getfield :
1694         case Bytecodes::_putfield :
1695           // pass FALSE, operand can't be an array type for getfield/putfield.
1696           verify_field_instructions(
1697             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1698           no_control_flow = false; break;











1699         case Bytecodes::_invokevirtual :
1700         case Bytecodes::_invokespecial :
1701         case Bytecodes::_invokestatic :
1702           verify_invoke_instructions(
1703             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1704             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1705           no_control_flow = false; break;
1706         case Bytecodes::_invokeinterface :
1707         case Bytecodes::_invokedynamic :
1708           verify_invoke_instructions(
1709             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1710             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711           no_control_flow = false; break;
1712         case Bytecodes::_new :
1713         {
1714           index = bcs.get_index_u2();
1715           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1716           VerificationType new_class_type =
1717             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1718           if (!new_class_type.is_object()) {
1719             verify_error(ErrorContext::bad_type(bci,
1720                 TypeOrigin::cp(index, new_class_type)),
1721                 "Illegal new instruction");
1722             return;
1723           }
1724           type = VerificationType::uninitialized_type(bci);
1725           current_frame.push_stack(type, CHECK_VERIFY(this));
1726           no_control_flow = false; break;
1727         }






















1728         case Bytecodes::_newarray :
1729           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1730           current_frame.pop_stack(
1731             VerificationType::integer_type(),  CHECK_VERIFY(this));
1732           current_frame.push_stack(type, CHECK_VERIFY(this));
1733           no_control_flow = false; break;
1734         case Bytecodes::_anewarray :
1735           verify_anewarray(
1736             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1737           no_control_flow = false; break;
1738         case Bytecodes::_arraylength :
1739           type = current_frame.pop_stack(
1740             VerificationType::reference_check(), CHECK_VERIFY(this));
1741           if (!(type.is_null() || type.is_array())) {
1742             verify_error(ErrorContext::bad_type(
1743                 bci, current_frame.stack_top_ctx()),
1744                 bad_type_msg, "arraylength");
1745           }
1746           current_frame.push_stack(
1747             VerificationType::integer_type(), CHECK_VERIFY(this));
1748           no_control_flow = false; break;
1749         case Bytecodes::_checkcast :
1750         {
1751           index = bcs.get_index_u2();
1752           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1753           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1754           VerificationType klass_type = cp_index_to_type(
1755             index, cp, CHECK_VERIFY(this));
1756           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1757           no_control_flow = false; break;
1758         }
1759         case Bytecodes::_instanceof : {
1760           index = bcs.get_index_u2();
1761           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1762           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1763           current_frame.push_stack(
1764             VerificationType::integer_type(), CHECK_VERIFY(this));
1765           no_control_flow = false; break;
1766         }
1767         case Bytecodes::_monitorenter :
1768         case Bytecodes::_monitorexit :
1769           current_frame.pop_stack(
1770             VerificationType::reference_check(), CHECK_VERIFY(this));
1771           no_control_flow = false; break;

1772         case Bytecodes::_multianewarray :
1773         {
1774           index = bcs.get_index_u2();
1775           u2 dim = *(bcs.bcp()+3);
1776           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1777           VerificationType new_array_type =
1778             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1779           if (!new_array_type.is_array()) {
1780             verify_error(ErrorContext::bad_type(bci,
1781                 TypeOrigin::cp(index, new_array_type)),
1782                 "Illegal constant pool index in multianewarray instruction");
1783             return;
1784           }
1785           if (dim < 1 || new_array_type.dimensions() < dim) {
1786             verify_error(ErrorContext::bad_code(bci),
1787                 "Illegal dimension in multianewarray instruction: %d", dim);
1788             return;
1789           }
1790           for (int i = 0; i < dim; i++) {
1791             current_frame.pop_stack(

2016   int nconstants = cp->length();
2017   if ((index <= 0) || (index >= nconstants)) {
2018     verify_error(ErrorContext::bad_cp_index(bci, index),
2019         "Illegal constant pool index %d in class %s",
2020         index, cp->pool_holder()->external_name());
2021     return;
2022   }
2023 }
2024 
2025 void ClassVerifier::verify_cp_type(
2026     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2027 
2028   // In some situations, bytecode rewriting may occur while we're verifying.
2029   // In this case, a constant pool cache exists and some indices refer to that
2030   // instead.  Be sure we don't pick up such indices by accident.
2031   // We must check was_recursively_verified() before we get here.
2032   guarantee(cp->cache() == NULL, "not rewritten yet");
2033 
2034   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2035   unsigned int tag = cp->tag_at(index).value();

2036   if ((types & (1 << tag)) == 0) {
2037     verify_error(ErrorContext::bad_cp_index(bci, index),
2038       "Illegal type at constant pool entry %d in class %s",
2039       index, cp->pool_holder()->external_name());
2040     return;
2041   }
2042 }
2043 
2044 void ClassVerifier::verify_cp_class_type(
2045     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2046   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2047   constantTag tag = cp->tag_at(index);
2048   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2049     verify_error(ErrorContext::bad_cp_index(bci, index),
2050         "Illegal type at constant pool entry %d in class %s",
2051         index, cp->pool_holder()->external_name());
2052     return;
2053   }
2054 }
2055 

2130   } else {
2131     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2132     if (member_klass != NULL && fd.is_protected()) {
2133       if (!this_class->is_same_class_package(member_klass)) {
2134         return true;
2135       }
2136     }
2137   }
2138   return false;
2139 }
2140 
2141 void ClassVerifier::verify_ldc(
2142     int opcode, u2 index, StackMapFrame* current_frame,
2143     const constantPoolHandle& cp, u2 bci, TRAPS) {
2144   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2145   constantTag tag = cp->tag_at(index);
2146   unsigned int types = 0;
2147   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2148     if (!tag.is_unresolved_klass()) {
2149       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2150             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2151             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2152             | (1 << JVM_CONSTANT_Dynamic);
2153       // Note:  The class file parser already verified the legality of
2154       // MethodHandle and MethodType constants.
2155       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2156     }
2157   } else {
2158     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2159     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2160           | (1 << JVM_CONSTANT_Dynamic);
2161     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2162   }
2163   if (tag.is_string()) {
2164     current_frame->push_stack(
2165       VerificationType::reference_type(
2166         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2167   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2305                                               const constantPoolHandle& cp,
2306                                               bool allow_arrays,
2307                                               TRAPS) {
2308   u2 index = bcs->get_index_u2();
2309   verify_cp_type(bcs->bci(), index, cp,
2310       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2311 
2312   // Get field name and signature
2313   Symbol* field_name = cp->name_ref_at(index);
2314   Symbol* field_sig = cp->signature_ref_at(index);
2315   bool is_getfield = false;
2316 
2317   // Field signature was checked in ClassFileParser.
2318   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2319          "Invalid field signature");
2320 
2321   // Get referenced class type
2322   VerificationType ref_class_type = cp_ref_index_to_type(
2323     index, cp, CHECK_VERIFY(this));
2324   if (!ref_class_type.is_object() &&
2325     (!allow_arrays || !ref_class_type.is_array())) {
2326     verify_error(ErrorContext::bad_type(bcs->bci(),
2327         TypeOrigin::cp(index, ref_class_type)),
2328         "Expecting reference to class in class %s at constant pool index %d",
2329         _klass->external_name(), index);
2330     return;
2331   }

2332   VerificationType target_class_type = ref_class_type;
2333 
2334   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2335         "buffer type must match VerificationType size");
2336   uintptr_t field_type_buffer[2];
2337   VerificationType* field_type = (VerificationType*)field_type_buffer;
2338   // If we make a VerificationType[2] array directly, the compiler calls
2339   // to the c-runtime library to do the allocation instead of just
2340   // stack allocating it.  Plus it would run constructors.  This shows up
2341   // in performance profiles.
2342 
2343   SignatureStream sig_stream(field_sig, false);
2344   VerificationType stack_object_type;
2345   int n = change_sig_to_verificationType(&sig_stream, field_type);
2346   u2 bci = bcs->bci();
2347   bool is_assignable;
2348   switch (bcs->raw_code()) {
2349     case Bytecodes::_getstatic: {
2350       for (int i = 0; i < n; i++) {
2351         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2352       }
2353       break;
2354     }
2355     case Bytecodes::_putstatic: {
2356       for (int i = n - 1; i >= 0; i--) {
2357         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2358       }
2359       break;
2360     }











2361     case Bytecodes::_getfield: {
2362       is_getfield = true;
2363       stack_object_type = current_frame->pop_stack(
2364         target_class_type, CHECK_VERIFY(this));
2365       goto check_protected;
2366     }
2367     case Bytecodes::_putfield: {
2368       for (int i = n - 1; i >= 0; i--) {
2369         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2370       }
2371       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2372 
2373       // The JVMS 2nd edition allows field initialization before the superclass
2374       // initializer, if the field is defined within the current class.
2375       fieldDescriptor fd;
2376       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2377           target_class_type.equals(current_type()) &&
2378           _klass->find_local_field(field_name, field_sig, &fd)) {
2379         stack_object_type = current_type();
2380       }

2762 bool ClassVerifier::is_same_or_direct_interface(
2763     InstanceKlass* klass,
2764     VerificationType klass_type,
2765     VerificationType ref_class_type) {
2766   if (ref_class_type.equals(klass_type)) return true;
2767   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2768   if (local_interfaces != NULL) {
2769     for (int x = 0; x < local_interfaces->length(); x++) {
2770       InstanceKlass* k = local_interfaces->at(x);
2771       assert (k != NULL && k->is_interface(), "invalid interface");
2772       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2773         return true;
2774       }
2775     }
2776   }
2777   return false;
2778 }
2779 
2780 void ClassVerifier::verify_invoke_instructions(
2781     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2782     bool in_try_block, bool *this_uninit, VerificationType return_type,
2783     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2784   // Make sure the constant pool item is the right type
2785   u2 index = bcs->get_index_u2();
2786   Bytecodes::Code opcode = bcs->raw_code();
2787   unsigned int types = 0;
2788   switch (opcode) {
2789     case Bytecodes::_invokeinterface:
2790       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2791       break;
2792     case Bytecodes::_invokedynamic:
2793       types = 1 << JVM_CONSTANT_InvokeDynamic;
2794       break;
2795     case Bytecodes::_invokespecial:
2796     case Bytecodes::_invokestatic:
2797       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2798         (1 << JVM_CONSTANT_Methodref) :
2799         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2800       break;
2801     default:
2802       types = 1 << JVM_CONSTANT_Methodref;
2803   }
2804   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2805 
2806   // Get method name and signature
2807   Symbol* method_name = cp->name_ref_at(index);
2808   Symbol* method_sig = cp->signature_ref_at(index);
2809 
2810   // Method signature was checked in ClassFileParser.
2811   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2812          "Invalid method signature");
2813 
2814   // Get referenced class type
2815   VerificationType ref_class_type;
2816   if (opcode == Bytecodes::_invokedynamic) {
2817     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2818       class_format_error(
2819         "invokedynamic instructions not supported by this class file version (%d), class %s",
2820         _klass->major_version(), _klass->external_name());
2821       return;
2822     }
2823   } else {
2824     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2825   }
2826 
2827   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2828         "buffer type must match VerificationType size");
2829 
2830   // Get the UTF8 index for this signature.
2831   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2832 
2833   // Get the signature's verification types.
2834   sig_as_verification_types* mth_sig_verif_types;

2860           "Inconsistent args count operand in invokeinterface");
2861       return;
2862     }
2863     if (*(bcp+4) != 0) {
2864       verify_error(ErrorContext::bad_code(bci),
2865           "Fourth operand byte of invokeinterface must be zero");
2866       return;
2867     }
2868   }
2869 
2870   if (opcode == Bytecodes::_invokedynamic) {
2871     address bcp = bcs->bcp();
2872     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2873       verify_error(ErrorContext::bad_code(bci),
2874           "Third and fourth operand bytes of invokedynamic must be zero");
2875       return;
2876     }
2877   }
2878 
2879   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2880     // Make sure <init> can only be invoked by invokespecial
2881     if (opcode != Bytecodes::_invokespecial ||
2882         method_name != vmSymbols::object_initializer_name()) {




2883       verify_error(ErrorContext::bad_code(bci),
2884           "Illegal call to internal method");
2885       return;
2886     }
2887   } else if (opcode == Bytecodes::_invokespecial
2888              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2889              && !ref_class_type.equals(VerificationType::reference_type(
2890                   current_class()->super()->name()))) {
2891     bool subtype = false;
2892     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2893     subtype = ref_class_type.is_assignable_from(
2894                current_type(), this, false, CHECK_VERIFY(this));
2895     if (!subtype) {
2896       verify_error(ErrorContext::bad_code(bci),
2897           "Bad invokespecial instruction: "
2898           "current class isn't assignable to reference class.");
2899        return;
2900     } else if (have_imr_indirect) {
2901       verify_error(ErrorContext::bad_code(bci),
2902           "Bad invokespecial instruction: "
2903           "interface method reference is in an indirect superinterface.");
2904       return;
2905     }
2906 
2907   }
2908 
2909   // Get the verification types for the method's arguments.
2910   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();

2955                   verify_error(ErrorContext::bad_type(bci,
2956                       current_frame->stack_top_ctx(),
2957                       TypeOrigin::implicit(current_type())),
2958                       "Bad access to protected data in invokevirtual");
2959                   return;
2960                 }
2961               }
2962             }
2963           }
2964         }
2965       } else {
2966         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2967         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2968       }
2969     }
2970   }
2971   // Push the result type.
2972   int sig_verif_types_len = sig_verif_types->length();
2973   if (sig_verif_types_len > nargs) {  // There's a return type
2974     if (method_name == vmSymbols::object_initializer_name()) {
2975       // <init> method must have a void return type
2976       /* Unreachable?  Class file parser verifies that methods with '<' have
2977        * void return */
2978       verify_error(ErrorContext::bad_code(bci),
2979           "Return type must be void in <init> method");
2980       return;
2981     }
2982 
2983     assert(sig_verif_types_len <= nargs + 2,
2984            "Signature verification types array return type is bogus");
2985     for (int i = nargs; i < sig_verif_types_len; i++) {
2986       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2987              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2988       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2989     }







2990   }
2991 }
2992 
2993 VerificationType ClassVerifier::get_newarray_type(
2994     u2 index, u2 bci, TRAPS) {
2995   const char* from_bt[] = {
2996     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2997   };
2998   if (index < T_BOOLEAN || index > T_LONG) {
2999     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3000     return VerificationType::bogus_type();
3001   }
3002 
3003   // from_bt[index] contains the array signature which has a length of 2
3004   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3005   return VerificationType::reference_type(sig);
3006 }
3007 
3008 void ClassVerifier::verify_anewarray(
3009     u2 bci, u2 index, const constantPoolHandle& cp,

3017     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3018   int length;
3019   char* arr_sig_str;
3020   if (component_type.is_array()) {     // it's an array
3021     const char* component_name = component_type.name()->as_utf8();
3022     // Check for more than MAX_ARRAY_DIMENSIONS
3023     length = (int)strlen(component_name);
3024     if (length > MAX_ARRAY_DIMENSIONS &&
3025         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3026       verify_error(ErrorContext::bad_code(bci),
3027         "Illegal anewarray instruction, array has more than 255 dimensions");
3028     }
3029     // add one dimension to component
3030     length++;
3031     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3032     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3033                          JVM_SIGNATURE_ARRAY, component_name);
3034     assert(n == length, "Unexpected number of characters in string");
3035   } else {         // it's an object or interface
3036     const char* component_name = component_type.name()->as_utf8();
3037     // add one dimension to component with 'L' prepended and ';' postpended.

3038     length = (int)strlen(component_name) + 3;
3039     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3040     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3041                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3042     assert(n == length, "Unexpected number of characters in string");
3043   }
3044   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3045   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3046   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3047 }
3048 
3049 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3050   current_frame->get_local(
3051     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3052   current_frame->push_stack(
3053     VerificationType::integer_type(), CHECK_VERIFY(this));
3054 }
3055 
3056 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3057   current_frame->get_local_2(
3058     index, VerificationType::long_type(),
3059     VerificationType::long2_type(), CHECK_VERIFY(this));
3060   current_frame->push_stack_2(
3061     VerificationType::long_type(),

3063 }
3064 
3065 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3066   current_frame->get_local(
3067     index, VerificationType::float_type(), CHECK_VERIFY(this));
3068   current_frame->push_stack(
3069     VerificationType::float_type(), CHECK_VERIFY(this));
3070 }
3071 
3072 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3073   current_frame->get_local_2(
3074     index, VerificationType::double_type(),
3075     VerificationType::double2_type(), CHECK_VERIFY(this));
3076   current_frame->push_stack_2(
3077     VerificationType::double_type(),
3078     VerificationType::double2_type(), CHECK_VERIFY(this));
3079 }
3080 
3081 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3082   VerificationType type = current_frame->get_local(
3083     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3084   current_frame->push_stack(type, CHECK_VERIFY(this));
3085 }
3086 
3087 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3088   current_frame->pop_stack(
3089     VerificationType::integer_type(), CHECK_VERIFY(this));
3090   current_frame->set_local(
3091     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3092 }
3093 
3094 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3095   current_frame->pop_stack_2(
3096     VerificationType::long2_type(),
3097     VerificationType::long_type(), CHECK_VERIFY(this));
3098   current_frame->set_local_2(
3099     index, VerificationType::long_type(),
3100     VerificationType::long2_type(), CHECK_VERIFY(this));
3101 }
3102 
3103 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3104   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3105   current_frame->set_local(
3106     index, VerificationType::float_type(), CHECK_VERIFY(this));
3107 }
3108 
3109 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3110   current_frame->pop_stack_2(
3111     VerificationType::double2_type(),
3112     VerificationType::double_type(), CHECK_VERIFY(this));
3113   current_frame->set_local_2(
3114     index, VerificationType::double_type(),
3115     VerificationType::double2_type(), CHECK_VERIFY(this));
3116 }
3117 
3118 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3119   VerificationType type = current_frame->pop_stack(
3120     VerificationType::reference_check(), CHECK_VERIFY(this));
3121   current_frame->set_local(index, type, CHECK_VERIFY(this));
3122 }
3123 
3124 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3125   VerificationType type = current_frame->get_local(
3126     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3127   current_frame->set_local(index, type, CHECK_VERIFY(this));
3128 }
3129 
3130 void ClassVerifier::verify_return_value(
3131     VerificationType return_type, VerificationType type, u2 bci,
3132     StackMapFrame* current_frame, TRAPS) {
3133   if (return_type == VerificationType::bogus_type()) {
3134     verify_error(ErrorContext::bad_type(bci,
3135         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3136         "Method does not expect a return value");
3137     return;
3138   }
3139   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3140   if (!match) {

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define INLINE_TYPE_MAJOR_VERSION                       56
  67 #define MAX_ARRAY_DIMENSIONS 255
  68 
  69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  70 
  71 extern "C" {
  72   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  73 }
  74 
  75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  76 
  77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  78 
  79   if (_verify_byte_codes_fn != NULL)
  80     return _verify_byte_codes_fn;
  81 
  82   MutexLocker locker(Verify_lock);
  83 
  84   if (_verify_byte_codes_fn != NULL)
  85     return _verify_byte_codes_fn;
  86 

 259       }
 260       kls = kls->super();
 261     }
 262     if (message_buffer != NULL) {
 263       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 264     }
 265     assert(exception_message != NULL, "");
 266     THROW_MSG_(exception_name, exception_message, false);
 267   }
 268 }
 269 
 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 271   Symbol* name = klass->name();
 272   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 273 
 274   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 275 
 276   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 277     // return if the class is a bootstrapping class
 278     // or defineClass specified not to verify by default (flags override passed arg)
 279     // We need to skip the following four for bootstrapping
 280     name != vmSymbols::java_lang_Object() &&
 281     name != vmSymbols::java_lang_Class() &&
 282     name != vmSymbols::java_lang_String() &&
 283     name != vmSymbols::java_lang_Throwable() &&
 284 
 285     // Can not verify the bytecodes for shared classes because they have
 286     // already been rewritten to contain constant pool cache indices,
 287     // which the verifier can't understand.
 288     // Shared classes shouldn't have stackmaps either.
 289     // However, bytecodes for shared old classes can be verified because
 290     // they have not been rewritten.
 291     !(klass->is_shared() && klass->is_rewritten()) &&
 292 
 293     // As of the fix for 4486457 we disable verification for all of the
 294     // dynamically-generated bytecodes associated with the 1.4
 295     // reflection implementation, not just those associated with
 296     // jdk/internal/reflect/SerializationConstructorAccessor.
 297     // NOTE: this is called too early in the bootstrapping process to be
 298     // guarded by Universe::is_gte_jdk14x_version().
 299     // Also for lambda generated code, gte jdk8

 482       ss->print("Local index %d is invalid", _type.index());
 483       break;
 484     case LOCALS_SIZE_MISMATCH:
 485       ss->print("Current frame's local size doesn't match stackmap.");
 486       break;
 487     case STACK_SIZE_MISMATCH:
 488       ss->print("Current frame's stack size doesn't match stackmap.");
 489       break;
 490     case STACK_OVERFLOW:
 491       ss->print("Exceeded max stack size.");
 492       break;
 493     case STACK_UNDERFLOW:
 494       ss->print("Attempt to pop empty stack.");
 495       break;
 496     case MISSING_STACKMAP:
 497       ss->print("Expected stackmap frame at this location.");
 498       break;
 499     case BAD_STACKMAP:
 500       ss->print("Invalid stackmap specification.");
 501       break;
 502     case WRONG_INLINE_TYPE:
 503       ss->print("Type ");
 504       _type.details(ss);
 505       ss->print(" and type ");
 506       _expected.details(ss);
 507       ss->print(" must be identical inline types.");
 508       break;
 509     case UNKNOWN:
 510     default:
 511       ShouldNotReachHere();
 512       ss->print_cr("Unknown");
 513   }
 514   ss->cr();
 515 }
 516 
 517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 518   if (_bci != -1 && method != NULL) {
 519     streamIndentor si(ss);
 520     const char* bytecode_name = "<invalid>";
 521     if (method->validate_bci(_bci) != -1) {
 522       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 523       if (Bytecodes::is_defined(code)) {
 524           bytecode_name = Bytecodes::name(code);
 525       } else {
 526           bytecode_name = "<illegal>";
 527       }
 528     }

 583     stack_map_frame* sm_frame = sm_table->entries();
 584     streamIndentor si2(ss);
 585     int current_offset = -1;
 586     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 587     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 588       ss->indent();
 589       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 590         sm_frame->print_truncated(ss, current_offset);
 591         return;
 592       }
 593       sm_frame->print_on(ss, current_offset);
 594       ss->cr();
 595       current_offset += sm_frame->offset_delta();
 596       sm_frame = sm_frame->next();
 597     }
 598   }
 599 }
 600 
 601 // Methods in ClassVerifier
 602 
 603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
 604   if (klass->is_inline_klass()) {
 605     return VerificationType::inline_type(klass->name());
 606   } else {
 607     return VerificationType::reference_type(klass->name());
 608   }
 609 }
 610 
 611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 612     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 613       _message(NULL), _klass(klass) {
 614   _this_type = reference_or_inline_type(klass);
 615 }
 616 
 617 ClassVerifier::~ClassVerifier() {
 618   // Decrement the reference count for any symbols created.
 619   if (_symbols != NULL) {
 620     for (int i = 0; i < _symbols->length(); i++) {
 621       Symbol* s = _symbols->at(i);
 622       s->decrement_refcount();
 623     }
 624   }
 625 }
 626 
 627 VerificationType ClassVerifier::object_type() const {
 628   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 629 }
 630 
 631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 632   VerificationType vt = VerificationType::reference_type(
 633                          create_temporary_symbol(sig, (int)strlen(sig)));
 634   return TypeOrigin::implicit(vt);

1034         case Bytecodes::_daload :
1035           type = current_frame.pop_stack(
1036             VerificationType::integer_type(), CHECK_VERIFY(this));
1037           atype = current_frame.pop_stack(
1038             VerificationType::reference_check(), CHECK_VERIFY(this));
1039           if (!atype.is_double_array()) {
1040             verify_error(ErrorContext::bad_type(bci,
1041                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1042                 bad_type_msg, "daload");
1043             return;
1044           }
1045           current_frame.push_stack_2(
1046             VerificationType::double_type(),
1047             VerificationType::double2_type(), CHECK_VERIFY(this));
1048           no_control_flow = false; break;
1049         case Bytecodes::_aaload : {
1050           type = current_frame.pop_stack(
1051             VerificationType::integer_type(), CHECK_VERIFY(this));
1052           atype = current_frame.pop_stack(
1053             VerificationType::reference_check(), CHECK_VERIFY(this));
1054           if (!atype.is_nonscalar_array()) {
1055             verify_error(ErrorContext::bad_type(bci,
1056                 current_frame.stack_top_ctx(),
1057                 TypeOrigin::implicit(VerificationType::reference_check())),
1058                 bad_type_msg, "aaload");
1059             return;
1060           }
1061           if (atype.is_null()) {
1062             current_frame.push_stack(
1063               VerificationType::null_type(), CHECK_VERIFY(this));
1064           } else {
1065             VerificationType component = atype.get_component(this);
1066             current_frame.push_stack(component, CHECK_VERIFY(this));
1067           }
1068           no_control_flow = false; break;
1069         }
1070         case Bytecodes::_istore :
1071           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1072           no_control_flow = false; break;
1073         case Bytecodes::_istore_0 :
1074         case Bytecodes::_istore_1 :

1207             VerificationType::double2_type(),
1208             VerificationType::double_type(), CHECK_VERIFY(this));
1209           current_frame.pop_stack(
1210             VerificationType::integer_type(), CHECK_VERIFY(this));
1211           atype = current_frame.pop_stack(
1212             VerificationType::reference_check(), CHECK_VERIFY(this));
1213           if (!atype.is_double_array()) {
1214             verify_error(ErrorContext::bad_type(bci,
1215                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1216                 bad_type_msg, "dastore");
1217             return;
1218           }
1219           no_control_flow = false; break;
1220         case Bytecodes::_aastore :
1221           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1222           type2 = current_frame.pop_stack(
1223             VerificationType::integer_type(), CHECK_VERIFY(this));
1224           atype = current_frame.pop_stack(
1225             VerificationType::reference_check(), CHECK_VERIFY(this));
1226           // more type-checking is done at runtime
1227           if (!atype.is_nonscalar_array()) {
1228             verify_error(ErrorContext::bad_type(bci,
1229                 current_frame.stack_top_ctx(),
1230                 TypeOrigin::implicit(VerificationType::reference_check())),
1231                 bad_type_msg, "aastore");
1232             return;
1233           }
1234           // 4938384: relaxed constraint in JVMS 3rd edition.
1235           no_control_flow = false; break;
1236         case Bytecodes::_pop :
1237           current_frame.pop_stack(
1238             VerificationType::category1_check(), CHECK_VERIFY(this));
1239           no_control_flow = false; break;
1240         case Bytecodes::_pop2 :
1241           type = current_frame.pop_stack(CHECK_VERIFY(this));
1242           if (type.is_category1()) {
1243             current_frame.pop_stack(
1244               VerificationType::category1_check(), CHECK_VERIFY(this));
1245           } else if (type.is_category2_2nd()) {
1246             current_frame.pop_stack(
1247               VerificationType::category2_check(), CHECK_VERIFY(this));

1607         case Bytecodes::_if_icmpgt:
1608         case Bytecodes::_if_icmple:
1609           current_frame.pop_stack(
1610             VerificationType::integer_type(), CHECK_VERIFY(this));
1611           // fall through
1612         case Bytecodes::_ifeq:
1613         case Bytecodes::_ifne:
1614         case Bytecodes::_iflt:
1615         case Bytecodes::_ifge:
1616         case Bytecodes::_ifgt:
1617         case Bytecodes::_ifle:
1618           current_frame.pop_stack(
1619             VerificationType::integer_type(), CHECK_VERIFY(this));
1620           target = bcs.dest();
1621           stackmap_table.check_jump_target(
1622             &current_frame, target, CHECK_VERIFY(this));
1623           no_control_flow = false; break;
1624         case Bytecodes::_if_acmpeq :
1625         case Bytecodes::_if_acmpne :
1626           current_frame.pop_stack(
1627             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1628           // fall through
1629         case Bytecodes::_ifnull :
1630         case Bytecodes::_ifnonnull :
1631           current_frame.pop_stack(
1632             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1633           target = bcs.dest();
1634           stackmap_table.check_jump_target
1635             (&current_frame, target, CHECK_VERIFY(this));
1636           no_control_flow = false; break;
1637         case Bytecodes::_goto :
1638           target = bcs.dest();
1639           stackmap_table.check_jump_target(
1640             &current_frame, target, CHECK_VERIFY(this));
1641           no_control_flow = true; break;
1642         case Bytecodes::_goto_w :
1643           target = bcs.dest_w();
1644           stackmap_table.check_jump_target(
1645             &current_frame, target, CHECK_VERIFY(this));
1646           no_control_flow = true; break;
1647         case Bytecodes::_tableswitch :
1648         case Bytecodes::_lookupswitch :
1649           verify_switch(
1650             &bcs, code_length, code_data, &current_frame,
1651             &stackmap_table, CHECK_VERIFY(this));
1652           no_control_flow = true; break;

1663             VerificationType::long_type(), CHECK_VERIFY(this));
1664           verify_return_value(return_type, type, bci,
1665                               &current_frame, CHECK_VERIFY(this));
1666           no_control_flow = true; break;
1667         case Bytecodes::_freturn :
1668           type = current_frame.pop_stack(
1669             VerificationType::float_type(), CHECK_VERIFY(this));
1670           verify_return_value(return_type, type, bci,
1671                               &current_frame, CHECK_VERIFY(this));
1672           no_control_flow = true; break;
1673         case Bytecodes::_dreturn :
1674           type2 = current_frame.pop_stack(
1675             VerificationType::double2_type(),  CHECK_VERIFY(this));
1676           type = current_frame.pop_stack(
1677             VerificationType::double_type(), CHECK_VERIFY(this));
1678           verify_return_value(return_type, type, bci,
1679                               &current_frame, CHECK_VERIFY(this));
1680           no_control_flow = true; break;
1681         case Bytecodes::_areturn :
1682           type = current_frame.pop_stack(
1683             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1684           verify_return_value(return_type, type, bci,
1685                               &current_frame, CHECK_VERIFY(this));
1686           no_control_flow = true; break;
1687         case Bytecodes::_return :
1688           if (return_type != VerificationType::bogus_type()) {
1689             verify_error(ErrorContext::bad_code(bci),
1690                          "Method expects a return value");
1691             return;
1692           }
1693           // Make sure "this" has been initialized if current method is an
1694           // <init>.
1695           if (_method->is_object_constructor() &&
1696               current_frame.flag_this_uninit()) {
1697             verify_error(ErrorContext::bad_code(bci),
1698                          "Constructor must call super() or this() "
1699                          "before return");
1700             return;
1701           }
1702           no_control_flow = true; break;
1703         case Bytecodes::_getstatic :
1704         case Bytecodes::_putstatic :
1705           // pass TRUE, operand can be an array type for getstatic/putstatic.
1706           verify_field_instructions(
1707             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1708           no_control_flow = false; break;
1709         case Bytecodes::_getfield :
1710         case Bytecodes::_putfield :
1711           // pass FALSE, operand can't be an array type for getfield/putfield.
1712           verify_field_instructions(
1713             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1714           no_control_flow = false; break;
1715         case Bytecodes::_withfield :
1716           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1717             class_format_error(
1718               "withfield not supported by this class file version (%d.%d), class %s",
1719               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1720             return;
1721           }
1722           // pass FALSE, operand can't be an array type for withfield.
1723           verify_field_instructions(
1724             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1725           no_control_flow = false; break;
1726         case Bytecodes::_invokevirtual :
1727         case Bytecodes::_invokespecial :
1728         case Bytecodes::_invokestatic :




1729         case Bytecodes::_invokeinterface :
1730         case Bytecodes::_invokedynamic :
1731           verify_invoke_instructions(
1732             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1733             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1734           no_control_flow = false; break;
1735         case Bytecodes::_new :
1736         {
1737           index = bcs.get_index_u2();
1738           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1739           VerificationType new_class_type =
1740             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1741           if (!new_class_type.is_object()) {
1742             verify_error(ErrorContext::bad_type(bci,
1743                 TypeOrigin::cp(index, new_class_type)),
1744                 "Illegal new instruction");
1745             return;
1746           }
1747           type = VerificationType::uninitialized_type(bci);
1748           current_frame.push_stack(type, CHECK_VERIFY(this));
1749           no_control_flow = false; break;
1750         }
1751         case Bytecodes::_aconst_init :
1752         {
1753           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1754             class_format_error(
1755               "aconst_init not supported by this class file version (%d.%d), class %s",
1756               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1757             return;
1758           }
1759           index = bcs.get_index_u2();
1760           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1761           VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1762           if (!ref_type.is_object()) {
1763             verify_error(ErrorContext::bad_type(bci,
1764                 TypeOrigin::cp(index, ref_type)),
1765                 "Illegal aconst_init instruction");
1766             return;
1767           }
1768           VerificationType inline_type =
1769             VerificationType::change_ref_to_inline_type(ref_type);
1770           current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1771           no_control_flow = false; break;
1772         }
1773         case Bytecodes::_newarray :
1774           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1775           current_frame.pop_stack(
1776             VerificationType::integer_type(),  CHECK_VERIFY(this));
1777           current_frame.push_stack(type, CHECK_VERIFY(this));
1778           no_control_flow = false; break;
1779         case Bytecodes::_anewarray :
1780           verify_anewarray(
1781             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1782           no_control_flow = false; break;
1783         case Bytecodes::_arraylength :
1784           type = current_frame.pop_stack(
1785             VerificationType::reference_check(), CHECK_VERIFY(this));
1786           if (!(type.is_null() || type.is_array())) {
1787             verify_error(ErrorContext::bad_type(
1788                 bci, current_frame.stack_top_ctx()),
1789                 bad_type_msg, "arraylength");
1790           }
1791           current_frame.push_stack(
1792             VerificationType::integer_type(), CHECK_VERIFY(this));
1793           no_control_flow = false; break;
1794         case Bytecodes::_checkcast :
1795         {
1796           index = bcs.get_index_u2();
1797           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799           VerificationType klass_type = cp_index_to_type(
1800             index, cp, CHECK_VERIFY(this));
1801           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1802           no_control_flow = false; break;
1803         }
1804         case Bytecodes::_instanceof : {
1805           index = bcs.get_index_u2();
1806           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1807           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1808           current_frame.push_stack(
1809             VerificationType::integer_type(), CHECK_VERIFY(this));
1810           no_control_flow = false; break;
1811         }
1812         case Bytecodes::_monitorenter :
1813         case Bytecodes::_monitorexit : {
1814           VerificationType ref = current_frame.pop_stack(
1815             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1816           no_control_flow = false; break;
1817         }
1818         case Bytecodes::_multianewarray :
1819         {
1820           index = bcs.get_index_u2();
1821           u2 dim = *(bcs.bcp()+3);
1822           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1823           VerificationType new_array_type =
1824             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1825           if (!new_array_type.is_array()) {
1826             verify_error(ErrorContext::bad_type(bci,
1827                 TypeOrigin::cp(index, new_array_type)),
1828                 "Illegal constant pool index in multianewarray instruction");
1829             return;
1830           }
1831           if (dim < 1 || new_array_type.dimensions() < dim) {
1832             verify_error(ErrorContext::bad_code(bci),
1833                 "Illegal dimension in multianewarray instruction: %d", dim);
1834             return;
1835           }
1836           for (int i = 0; i < dim; i++) {
1837             current_frame.pop_stack(

2062   int nconstants = cp->length();
2063   if ((index <= 0) || (index >= nconstants)) {
2064     verify_error(ErrorContext::bad_cp_index(bci, index),
2065         "Illegal constant pool index %d in class %s",
2066         index, cp->pool_holder()->external_name());
2067     return;
2068   }
2069 }
2070 
2071 void ClassVerifier::verify_cp_type(
2072     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2073 
2074   // In some situations, bytecode rewriting may occur while we're verifying.
2075   // In this case, a constant pool cache exists and some indices refer to that
2076   // instead.  Be sure we don't pick up such indices by accident.
2077   // We must check was_recursively_verified() before we get here.
2078   guarantee(cp->cache() == NULL, "not rewritten yet");
2079 
2080   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2081   unsigned int tag = cp->tag_at(index).value();
2082 
2083   if ((types & (1 << tag)) == 0) {
2084     verify_error(ErrorContext::bad_cp_index(bci, index),
2085       "Illegal type at constant pool entry %d in class %s",
2086       index, cp->pool_holder()->external_name());
2087     return;
2088   }
2089 }
2090 
2091 void ClassVerifier::verify_cp_class_type(
2092     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2093   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2094   constantTag tag = cp->tag_at(index);
2095   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2096     verify_error(ErrorContext::bad_cp_index(bci, index),
2097         "Illegal type at constant pool entry %d in class %s",
2098         index, cp->pool_holder()->external_name());
2099     return;
2100   }
2101 }
2102 

2177   } else {
2178     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2179     if (member_klass != NULL && fd.is_protected()) {
2180       if (!this_class->is_same_class_package(member_klass)) {
2181         return true;
2182       }
2183     }
2184   }
2185   return false;
2186 }
2187 
2188 void ClassVerifier::verify_ldc(
2189     int opcode, u2 index, StackMapFrame* current_frame,
2190     const constantPoolHandle& cp, u2 bci, TRAPS) {
2191   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2192   constantTag tag = cp->tag_at(index);
2193   unsigned int types = 0;
2194   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2195     if (!tag.is_unresolved_klass()) {
2196       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2197             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2198             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2199             | (1 << JVM_CONSTANT_Dynamic);
2200       // Note:  The class file parser already verified the legality of
2201       // MethodHandle and MethodType constants.
2202       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2203     }
2204   } else {
2205     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2206     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2207           | (1 << JVM_CONSTANT_Dynamic);
2208     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2209   }
2210   if (tag.is_string()) {
2211     current_frame->push_stack(
2212       VerificationType::reference_type(
2213         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2214   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2215     current_frame->push_stack(
2216       VerificationType::reference_type(
2217         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2352                                               const constantPoolHandle& cp,
2353                                               bool allow_arrays,
2354                                               TRAPS) {
2355   u2 index = bcs->get_index_u2();
2356   verify_cp_type(bcs->bci(), index, cp,
2357       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2358 
2359   // Get field name and signature
2360   Symbol* field_name = cp->name_ref_at(index);
2361   Symbol* field_sig = cp->signature_ref_at(index);
2362   bool is_getfield = false;
2363 
2364   // Field signature was checked in ClassFileParser.
2365   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2366          "Invalid field signature");
2367 
2368   // Get referenced class type
2369   VerificationType ref_class_type = cp_ref_index_to_type(
2370     index, cp, CHECK_VERIFY(this));
2371   if (!ref_class_type.is_object() &&
2372       (!allow_arrays || !ref_class_type.is_array())) {
2373     verify_error(ErrorContext::bad_type(bcs->bci(),
2374         TypeOrigin::cp(index, ref_class_type)),
2375         "Expecting reference to class in class %s at constant pool index %d",
2376         _klass->external_name(), index);
2377     return;
2378   }
2379 
2380   VerificationType target_class_type = ref_class_type;
2381 
2382   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2383         "buffer type must match VerificationType size");
2384   uintptr_t field_type_buffer[2];
2385   VerificationType* field_type = (VerificationType*)field_type_buffer;
2386   // If we make a VerificationType[2] array directly, the compiler calls
2387   // to the c-runtime library to do the allocation instead of just
2388   // stack allocating it.  Plus it would run constructors.  This shows up
2389   // in performance profiles.
2390 
2391   SignatureStream sig_stream(field_sig, false);
2392   VerificationType stack_object_type;
2393   int n = change_sig_to_verificationType(&sig_stream, field_type);
2394   u2 bci = bcs->bci();
2395   bool is_assignable;
2396   switch (bcs->raw_code()) {
2397     case Bytecodes::_getstatic: {
2398       for (int i = 0; i < n; i++) {
2399         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2400       }
2401       break;
2402     }
2403     case Bytecodes::_putstatic: {
2404       for (int i = n - 1; i >= 0; i--) {
2405         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2406       }
2407       break;
2408     }
2409     case Bytecodes::_withfield: {
2410       for (int i = n - 1; i >= 0; i--) {
2411         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2412       }
2413       // Check that the receiver is a subtype of the referenced class.
2414       current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2415       VerificationType target_inline_type =
2416         VerificationType::change_ref_to_inline_type(target_class_type);
2417       current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2418       break;
2419     }
2420     case Bytecodes::_getfield: {
2421       is_getfield = true;
2422       stack_object_type = current_frame->pop_stack(
2423         target_class_type, CHECK_VERIFY(this));
2424       goto check_protected;
2425     }
2426     case Bytecodes::_putfield: {
2427       for (int i = n - 1; i >= 0; i--) {
2428         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2429       }
2430       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2431 
2432       // The JVMS 2nd edition allows field initialization before the superclass
2433       // initializer, if the field is defined within the current class.
2434       fieldDescriptor fd;
2435       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2436           target_class_type.equals(current_type()) &&
2437           _klass->find_local_field(field_name, field_sig, &fd)) {
2438         stack_object_type = current_type();
2439       }

2821 bool ClassVerifier::is_same_or_direct_interface(
2822     InstanceKlass* klass,
2823     VerificationType klass_type,
2824     VerificationType ref_class_type) {
2825   if (ref_class_type.equals(klass_type)) return true;
2826   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2827   if (local_interfaces != NULL) {
2828     for (int x = 0; x < local_interfaces->length(); x++) {
2829       InstanceKlass* k = local_interfaces->at(x);
2830       assert (k != NULL && k->is_interface(), "invalid interface");
2831       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2832         return true;
2833       }
2834     }
2835   }
2836   return false;
2837 }
2838 
2839 void ClassVerifier::verify_invoke_instructions(
2840     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2841     bool in_try_block, bool *this_uninit,
2842     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2843   // Make sure the constant pool item is the right type
2844   u2 index = bcs->get_index_u2();
2845   Bytecodes::Code opcode = bcs->raw_code();
2846   unsigned int types = 0;
2847   switch (opcode) {
2848     case Bytecodes::_invokeinterface:
2849       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2850       break;
2851     case Bytecodes::_invokedynamic:
2852       types = 1 << JVM_CONSTANT_InvokeDynamic;
2853       break;
2854     case Bytecodes::_invokespecial:
2855     case Bytecodes::_invokestatic:
2856       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2857         (1 << JVM_CONSTANT_Methodref) :
2858         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2859       break;
2860     default:
2861       types = 1 << JVM_CONSTANT_Methodref;
2862   }
2863   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2864 
2865   // Get method name and signature
2866   Symbol* method_name = cp->name_ref_at(index);
2867   Symbol* method_sig = cp->signature_ref_at(index);
2868 
2869   // Method signature was checked in ClassFileParser.
2870   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2871          "Invalid method signature");
2872 
2873   // Get referenced class
2874   VerificationType ref_class_type;
2875   if (opcode == Bytecodes::_invokedynamic) {
2876     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2877       class_format_error(
2878         "invokedynamic instructions not supported by this class file version (%d), class %s",
2879         _klass->major_version(), _klass->external_name());
2880       return;
2881     }
2882   } else {
2883     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2884   }
2885 
2886   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2887         "buffer type must match VerificationType size");
2888 
2889   // Get the UTF8 index for this signature.
2890   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2891 
2892   // Get the signature's verification types.
2893   sig_as_verification_types* mth_sig_verif_types;

2919           "Inconsistent args count operand in invokeinterface");
2920       return;
2921     }
2922     if (*(bcp+4) != 0) {
2923       verify_error(ErrorContext::bad_code(bci),
2924           "Fourth operand byte of invokeinterface must be zero");
2925       return;
2926     }
2927   }
2928 
2929   if (opcode == Bytecodes::_invokedynamic) {
2930     address bcp = bcs->bcp();
2931     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2932       verify_error(ErrorContext::bad_code(bci),
2933           "Third and fourth operand bytes of invokedynamic must be zero");
2934       return;
2935     }
2936   }
2937 
2938   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2939     // Make sure:
2940     //   <init> can only be invoked by invokespecial.
2941     //   <vnew> can only be invoked by invokestatic.
2942     if (!((opcode == Bytecodes::_invokestatic &&
2943            method_name == vmSymbols::inline_factory_name()) ||
2944          (opcode == Bytecodes::_invokespecial &&
2945           method_name == vmSymbols::object_initializer_name()))) {
2946       verify_error(ErrorContext::bad_code(bci),
2947           "Illegal call to internal method");
2948       return;
2949     }
2950   } else if (opcode == Bytecodes::_invokespecial
2951              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2952              && !ref_class_type.equals(VerificationType::reference_type(
2953                   current_class()->super()->name()))) { // super() can never be an inline_type.
2954     bool subtype = false;
2955     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2956     subtype = ref_class_type.is_assignable_from(
2957                current_type(), this, false, CHECK_VERIFY(this));
2958     if (!subtype) {
2959       verify_error(ErrorContext::bad_code(bci),
2960           "Bad invokespecial instruction: "
2961           "current class isn't assignable to reference class.");
2962        return;
2963     } else if (have_imr_indirect) {
2964       verify_error(ErrorContext::bad_code(bci),
2965           "Bad invokespecial instruction: "
2966           "interface method reference is in an indirect superinterface.");
2967       return;
2968     }
2969 
2970   }
2971 
2972   // Get the verification types for the method's arguments.
2973   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();

3018                   verify_error(ErrorContext::bad_type(bci,
3019                       current_frame->stack_top_ctx(),
3020                       TypeOrigin::implicit(current_type())),
3021                       "Bad access to protected data in invokevirtual");
3022                   return;
3023                 }
3024               }
3025             }
3026           }
3027         }
3028       } else {
3029         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3030         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3031       }
3032     }
3033   }
3034   // Push the result type.
3035   int sig_verif_types_len = sig_verif_types->length();
3036   if (sig_verif_types_len > nargs) {  // There's a return type
3037     if (method_name == vmSymbols::object_initializer_name()) {
3038       // an <init> method must have a void return type


3039       verify_error(ErrorContext::bad_code(bci),
3040           "Return type must be void in <init> method");
3041       return;
3042     }
3043 
3044     assert(sig_verif_types_len <= nargs + 2,
3045            "Signature verification types array return type is bogus");
3046     for (int i = nargs; i < sig_verif_types_len; i++) {
3047       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3048              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3049       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3050     }
3051   } else { // no return type
3052     // <vnew> method may not have a void return type
3053     if (method_name == vmSymbols::inline_factory_name()) {
3054       verify_error(ErrorContext::bad_code(bci),
3055           "Return type must be non-void in <vnew> static factory method");
3056       return;
3057     }
3058   }
3059 }
3060 
3061 VerificationType ClassVerifier::get_newarray_type(
3062     u2 index, u2 bci, TRAPS) {
3063   const char* from_bt[] = {
3064     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3065   };
3066   if (index < T_BOOLEAN || index > T_LONG) {
3067     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3068     return VerificationType::bogus_type();
3069   }
3070 
3071   // from_bt[index] contains the array signature which has a length of 2
3072   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3073   return VerificationType::reference_type(sig);
3074 }
3075 
3076 void ClassVerifier::verify_anewarray(
3077     u2 bci, u2 index, const constantPoolHandle& cp,

3085     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3086   int length;
3087   char* arr_sig_str;
3088   if (component_type.is_array()) {     // it's an array
3089     const char* component_name = component_type.name()->as_utf8();
3090     // Check for more than MAX_ARRAY_DIMENSIONS
3091     length = (int)strlen(component_name);
3092     if (length > MAX_ARRAY_DIMENSIONS &&
3093         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3094       verify_error(ErrorContext::bad_code(bci),
3095         "Illegal anewarray instruction, array has more than 255 dimensions");
3096     }
3097     // add one dimension to component
3098     length++;
3099     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3100     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3101                          JVM_SIGNATURE_ARRAY, component_name);
3102     assert(n == length, "Unexpected number of characters in string");
3103   } else {         // it's an object or interface
3104     const char* component_name = component_type.name()->as_utf8();
3105     char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3106     // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3107     length = (int)strlen(component_name) + 3;
3108     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3109     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3110                          JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3111     assert(n == length, "Unexpected number of characters in string");
3112   }
3113   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3114   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3115   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3116 }
3117 
3118 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3119   current_frame->get_local(
3120     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3121   current_frame->push_stack(
3122     VerificationType::integer_type(), CHECK_VERIFY(this));
3123 }
3124 
3125 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3126   current_frame->get_local_2(
3127     index, VerificationType::long_type(),
3128     VerificationType::long2_type(), CHECK_VERIFY(this));
3129   current_frame->push_stack_2(
3130     VerificationType::long_type(),

3132 }
3133 
3134 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3135   current_frame->get_local(
3136     index, VerificationType::float_type(), CHECK_VERIFY(this));
3137   current_frame->push_stack(
3138     VerificationType::float_type(), CHECK_VERIFY(this));
3139 }
3140 
3141 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3142   current_frame->get_local_2(
3143     index, VerificationType::double_type(),
3144     VerificationType::double2_type(), CHECK_VERIFY(this));
3145   current_frame->push_stack_2(
3146     VerificationType::double_type(),
3147     VerificationType::double2_type(), CHECK_VERIFY(this));
3148 }
3149 
3150 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3151   VerificationType type = current_frame->get_local(
3152     index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3153   current_frame->push_stack(type, CHECK_VERIFY(this));
3154 }
3155 
3156 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3157   current_frame->pop_stack(
3158     VerificationType::integer_type(), CHECK_VERIFY(this));
3159   current_frame->set_local(
3160     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3161 }
3162 
3163 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3164   current_frame->pop_stack_2(
3165     VerificationType::long2_type(),
3166     VerificationType::long_type(), CHECK_VERIFY(this));
3167   current_frame->set_local_2(
3168     index, VerificationType::long_type(),
3169     VerificationType::long2_type(), CHECK_VERIFY(this));
3170 }
3171 
3172 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3173   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3174   current_frame->set_local(
3175     index, VerificationType::float_type(), CHECK_VERIFY(this));
3176 }
3177 
3178 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3179   current_frame->pop_stack_2(
3180     VerificationType::double2_type(),
3181     VerificationType::double_type(), CHECK_VERIFY(this));
3182   current_frame->set_local_2(
3183     index, VerificationType::double_type(),
3184     VerificationType::double2_type(), CHECK_VERIFY(this));
3185 }
3186 
3187 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3188   VerificationType type = current_frame->pop_stack(
3189     VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3190   current_frame->set_local(index, type, CHECK_VERIFY(this));
3191 }
3192 
3193 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3194   VerificationType type = current_frame->get_local(
3195     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3196   current_frame->set_local(index, type, CHECK_VERIFY(this));
3197 }
3198 
3199 void ClassVerifier::verify_return_value(
3200     VerificationType return_type, VerificationType type, u2 bci,
3201     StackMapFrame* current_frame, TRAPS) {
3202   if (return_type == VerificationType::bogus_type()) {
3203     verify_error(ErrorContext::bad_type(bci,
3204         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3205         "Method does not expect a return value");
3206     return;
3207   }
3208   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3209   if (!match) {
< prev index next >