26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
460 _expected.details(ss);
461 } else {
462 ss->print("Invalid type: ");
463 _type.details(ss);
464 }
465 break;
466 case FLAGS_MISMATCH:
467 if (_expected.is_valid()) {
468 ss->print("Current frame's flags are not assignable "
469 "to stack map frame's.");
470 } else {
471 ss->print("Current frame's flags are invalid in this context.");
472 }
473 break;
474 case BAD_CP_INDEX:
475 ss->print("Constant pool index %d is invalid", _type.index());
476 break;
477 case BAD_LOCAL_INDEX:
478 ss->print("Local index %d is invalid", _type.index());
479 break;
480 case LOCALS_SIZE_MISMATCH:
481 ss->print("Current frame's local size doesn't match stackmap.");
482 break;
483 case STACK_SIZE_MISMATCH:
484 ss->print("Current frame's stack size doesn't match stackmap.");
485 break;
486 case STACK_OVERFLOW:
487 ss->print("Exceeded max stack size.");
488 break;
489 case STACK_UNDERFLOW:
490 ss->print("Attempt to pop empty stack.");
491 break;
492 case MISSING_STACKMAP:
493 ss->print("Expected stackmap frame at this location.");
494 break;
495 case BAD_STACKMAP:
496 ss->print("Invalid stackmap specification.");
497 break;
498 case UNKNOWN:
499 default:
500 ShouldNotReachHere();
501 ss->print_cr("Unknown");
502 }
503 ss->cr();
504 }
505
506 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
507 if (_bci != -1 && method != nullptr) {
508 const char* bytecode_name = "<invalid>";
509 if (method->validate_bci(_bci) != -1) {
510 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
511 if (Bytecodes::is_defined(code)) {
512 bytecode_name = Bytecodes::name(code);
513 } else {
514 bytecode_name = "<illegal>";
515 }
516 }
517 InstanceKlass* ik = method->method_holder();
600 ClassVerifier::~ClassVerifier() {
601 // Decrement the reference count for any symbols created.
602 if (_symbols != nullptr) {
603 for (int i = 0; i < _symbols->length(); i++) {
604 Symbol* s = _symbols->at(i);
605 s->decrement_refcount();
606 }
607 }
608 }
609
610 VerificationType ClassVerifier::object_type() const {
611 return VerificationType::reference_type(vmSymbols::java_lang_Object());
612 }
613
614 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
615 VerificationType vt = VerificationType::reference_type(
616 create_temporary_symbol(sig, (int)strlen(sig)));
617 return TypeOrigin::implicit(vt);
618 }
619
620
621 void ClassVerifier::verify_class(TRAPS) {
622 log_info(verification)("Verifying class %s with new format", _klass->external_name());
623
624 // Either verifying both local and remote classes or just remote classes.
625 assert(BytecodeVerificationRemote, "Should not be here");
626
627 Array<Method*>* methods = _klass->methods();
628 int num_methods = methods->length();
629
630 for (int index = 0; index < num_methods; index++) {
631 // Check for recursive re-verification before each method.
632 if (was_recursively_verified()) return;
633
634 Method* m = methods->at(index);
635 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
636 // If m is native or abstract, skip it. It is checked in class file
637 // parser that methods do not override a final method. Overpass methods
638 // are trusted since the VM generates them.
639 continue;
695 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
696 assert(is_unique, "Duplicate entries in method_signature_table");
697 }
698
699 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
700 HandleMark hm(THREAD);
701 _method = m; // initialize _method
702 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
703
704 // For clang, the only good constant format string is a literal constant format string.
705 #define bad_type_msg "Bad type on operand stack in %s"
706
707 u2 max_stack = m->verifier_max_stack();
708 u2 max_locals = m->max_locals();
709 constantPoolHandle cp(THREAD, m->constants());
710
711 // Method signature was checked in ClassFileParser.
712 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
713 "Invalid method signature");
714
715 // Initial stack map frame: offset is 0, stack is initially empty.
716 StackMapFrame current_frame(max_locals, max_stack, this);
717 // Set initial locals
718 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
719
720 u2 stackmap_index = 0; // index to the stackmap array
721
722 u4 code_length = m->code_size();
723
724 // Scan the bytecode and map each instruction's start offset to a number.
725 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
726
727 int ex_min = code_length;
728 int ex_max = -1;
729 // Look through each item on the exception table. Each of the fields must refer
730 // to a legal instruction.
731 if (was_recursively_verified()) return;
732 verify_exception_handler_table(
733 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
734
735 // Look through each entry on the local variable table and make sure
736 // its range of code array offsets is valid. (4169817)
737 if (m->has_localvariable_table()) {
738 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
739 }
740
741 Array<u1>* stackmap_data = m->stackmap_data();
742 StackMapStream stream(stackmap_data);
743 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
744 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
745
746 LogTarget(Debug, verification) lt;
747 if (lt.is_enabled()) {
748 LogStream ls(lt);
749 stackmap_table.print_on(&ls);
750 }
751
752 RawBytecodeStream bcs(m);
753
754 // Scan the byte code linearly from the start to the end
755 bool no_control_flow = false; // Set to true when there is no direct control
756 // flow from current instruction to the next
757 // instruction in sequence
758
759 Bytecodes::Code opcode;
760 while (!bcs.is_last_bytecode()) {
761 // Check for recursive re-verification before each bytecode.
762 if (was_recursively_verified()) return;
763
1594 case Bytecodes::_if_icmpge:
1595 case Bytecodes::_if_icmpgt:
1596 case Bytecodes::_if_icmple:
1597 current_frame.pop_stack(
1598 VerificationType::integer_type(), CHECK_VERIFY(this));
1599 // fall through
1600 case Bytecodes::_ifeq:
1601 case Bytecodes::_ifne:
1602 case Bytecodes::_iflt:
1603 case Bytecodes::_ifge:
1604 case Bytecodes::_ifgt:
1605 case Bytecodes::_ifle:
1606 current_frame.pop_stack(
1607 VerificationType::integer_type(), CHECK_VERIFY(this));
1608 stackmap_table.check_jump_target(
1609 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1610 no_control_flow = false; break;
1611 case Bytecodes::_if_acmpeq :
1612 case Bytecodes::_if_acmpne :
1613 current_frame.pop_stack(
1614 VerificationType::reference_check(), CHECK_VERIFY(this));
1615 // fall through
1616 case Bytecodes::_ifnull :
1617 case Bytecodes::_ifnonnull :
1618 current_frame.pop_stack(
1619 VerificationType::reference_check(), CHECK_VERIFY(this));
1620 stackmap_table.check_jump_target
1621 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1622 no_control_flow = false; break;
1623 case Bytecodes::_goto :
1624 stackmap_table.check_jump_target(
1625 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1626 no_control_flow = true; break;
1627 case Bytecodes::_goto_w :
1628 stackmap_table.check_jump_target(
1629 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1630 no_control_flow = true; break;
1631 case Bytecodes::_tableswitch :
1632 case Bytecodes::_lookupswitch :
1633 verify_switch(
1634 &bcs, code_length, code_data, ¤t_frame,
1635 &stackmap_table, CHECK_VERIFY(this));
1636 no_control_flow = true; break;
1637 case Bytecodes::_ireturn :
1638 type = current_frame.pop_stack(
1639 VerificationType::integer_type(), CHECK_VERIFY(this));
1659 VerificationType::double2_type(), CHECK_VERIFY(this));
1660 type = current_frame.pop_stack(
1661 VerificationType::double_type(), CHECK_VERIFY(this));
1662 verify_return_value(return_type, type, bci,
1663 ¤t_frame, CHECK_VERIFY(this));
1664 no_control_flow = true; break;
1665 case Bytecodes::_areturn :
1666 type = current_frame.pop_stack(
1667 VerificationType::reference_check(), CHECK_VERIFY(this));
1668 verify_return_value(return_type, type, bci,
1669 ¤t_frame, CHECK_VERIFY(this));
1670 no_control_flow = true; break;
1671 case Bytecodes::_return :
1672 if (return_type != VerificationType::bogus_type()) {
1673 verify_error(ErrorContext::bad_code(bci),
1674 "Method expects a return value");
1675 return;
1676 }
1677 // Make sure "this" has been initialized if current method is an
1678 // <init>.
1679 if (_method->name() == vmSymbols::object_initializer_name() &&
1680 current_frame.flag_this_uninit()) {
1681 verify_error(ErrorContext::bad_code(bci),
1682 "Constructor must call super() or this() "
1683 "before return");
1684 return;
1685 }
1686 no_control_flow = true; break;
1687 case Bytecodes::_getstatic :
1688 case Bytecodes::_putstatic :
1689 // pass TRUE, operand can be an array type for getstatic/putstatic.
1690 verify_field_instructions(
1691 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1692 no_control_flow = false; break;
1693 case Bytecodes::_getfield :
1694 case Bytecodes::_putfield :
1695 // pass FALSE, operand can't be an array type for getfield/putfield.
1696 verify_field_instructions(
1697 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1698 no_control_flow = false; break;
1699 case Bytecodes::_invokevirtual :
1700 case Bytecodes::_invokespecial :
1701 case Bytecodes::_invokestatic :
1702 verify_invoke_instructions(
1703 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1704 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_invokeinterface :
1707 case Bytecodes::_invokedynamic :
1708 verify_invoke_instructions(
1709 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1710 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1711 no_control_flow = false; break;
1712 case Bytecodes::_new :
1713 {
1714 u2 index = bcs.get_index_u2();
1715 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1716 VerificationType new_class_type =
1717 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1718 if (!new_class_type.is_object()) {
1719 verify_error(ErrorContext::bad_type(bci,
1720 TypeOrigin::cp(index, new_class_type)),
1721 "Illegal new instruction");
1722 return;
1723 }
1724 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1725 current_frame.push_stack(type, CHECK_VERIFY(this));
1726 no_control_flow = false; break;
1727 }
1728 case Bytecodes::_newarray :
1729 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1730 current_frame.pop_stack(
1748 no_control_flow = false; break;
1749 case Bytecodes::_checkcast :
1750 {
1751 u2 index = bcs.get_index_u2();
1752 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1753 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1754 VerificationType klass_type = cp_index_to_type(
1755 index, cp, CHECK_VERIFY(this));
1756 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1757 no_control_flow = false; break;
1758 }
1759 case Bytecodes::_instanceof : {
1760 u2 index = bcs.get_index_u2();
1761 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1762 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1763 current_frame.push_stack(
1764 VerificationType::integer_type(), CHECK_VERIFY(this));
1765 no_control_flow = false; break;
1766 }
1767 case Bytecodes::_monitorenter :
1768 case Bytecodes::_monitorexit :
1769 current_frame.pop_stack(
1770 VerificationType::reference_check(), CHECK_VERIFY(this));
1771 no_control_flow = false; break;
1772 case Bytecodes::_multianewarray :
1773 {
1774 u2 index = bcs.get_index_u2();
1775 u2 dim = *(bcs.bcp()+3);
1776 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1777 VerificationType new_array_type =
1778 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1779 if (!new_array_type.is_array()) {
1780 verify_error(ErrorContext::bad_type(bci,
1781 TypeOrigin::cp(index, new_array_type)),
1782 "Illegal constant pool index in multianewarray instruction");
1783 return;
1784 }
1785 if (dim < 1 || new_array_type.dimensions() < dim) {
1786 verify_error(ErrorContext::bad_code(bci),
1787 "Illegal dimension in multianewarray instruction: %d", dim);
1788 return;
1789 }
1790 for (int i = 0; i < dim; i++) {
1791 current_frame.pop_stack(
2129 } else {
2130 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2131 if (member_klass != nullptr && fd.is_protected()) {
2132 if (!this_class->is_same_class_package(member_klass)) {
2133 return true;
2134 }
2135 }
2136 }
2137 return false;
2138 }
2139
2140 void ClassVerifier::verify_ldc(
2141 int opcode, u2 index, StackMapFrame* current_frame,
2142 const constantPoolHandle& cp, int bci, TRAPS) {
2143 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2144 constantTag tag = cp->tag_at(index);
2145 unsigned int types = 0;
2146 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2147 if (!tag.is_unresolved_klass()) {
2148 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2149 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2150 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2151 | (1 << JVM_CONSTANT_Dynamic);
2152 // Note: The class file parser already verified the legality of
2153 // MethodHandle and MethodType constants.
2154 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2155 }
2156 } else {
2157 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2158 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2159 | (1 << JVM_CONSTANT_Dynamic);
2160 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2161 }
2162 if (tag.is_string()) {
2163 current_frame->push_stack(
2164 VerificationType::reference_type(
2165 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2166 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2167 current_frame->push_stack(
2168 VerificationType::reference_type(
2169 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2304 const constantPoolHandle& cp,
2305 bool allow_arrays,
2306 TRAPS) {
2307 u2 index = bcs->get_index_u2();
2308 verify_cp_type(bcs->bci(), index, cp,
2309 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2310
2311 // Get field name and signature
2312 Symbol* field_name = cp->uncached_name_ref_at(index);
2313 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2314 bool is_getfield = false;
2315
2316 // Field signature was checked in ClassFileParser.
2317 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2318 "Invalid field signature");
2319
2320 // Get referenced class type
2321 VerificationType ref_class_type = cp_ref_index_to_type(
2322 index, cp, CHECK_VERIFY(this));
2323 if (!ref_class_type.is_object() &&
2324 (!allow_arrays || !ref_class_type.is_array())) {
2325 verify_error(ErrorContext::bad_type(bcs->bci(),
2326 TypeOrigin::cp(index, ref_class_type)),
2327 "Expecting reference to class in class %s at constant pool index %d",
2328 _klass->external_name(), index);
2329 return;
2330 }
2331 VerificationType target_class_type = ref_class_type;
2332
2333 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2334 "buffer type must match VerificationType size");
2335 uintptr_t field_type_buffer[2];
2336 VerificationType* field_type = (VerificationType*)field_type_buffer;
2337 // If we make a VerificationType[2] array directly, the compiler calls
2338 // to the c-runtime library to do the allocation instead of just
2339 // stack allocating it. Plus it would run constructors. This shows up
2340 // in performance profiles.
2341
2342 SignatureStream sig_stream(field_sig, false);
2343 VerificationType stack_object_type;
2344 int n = change_sig_to_verificationType(&sig_stream, field_type);
2345 int bci = bcs->bci();
2346 bool is_assignable;
2347 switch (bcs->raw_code()) {
2348 case Bytecodes::_getstatic: {
2349 for (int i = 0; i < n; i++) {
2350 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2352 break;
2353 }
2354 case Bytecodes::_putstatic: {
2355 for (int i = n - 1; i >= 0; i--) {
2356 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2357 }
2358 break;
2359 }
2360 case Bytecodes::_getfield: {
2361 is_getfield = true;
2362 stack_object_type = current_frame->pop_stack(
2363 target_class_type, CHECK_VERIFY(this));
2364 goto check_protected;
2365 }
2366 case Bytecodes::_putfield: {
2367 for (int i = n - 1; i >= 0; i--) {
2368 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2369 }
2370 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2371
2372 // The JVMS 2nd edition allows field initialization before the superclass
2373 // initializer, if the field is defined within the current class.
2374 fieldDescriptor fd;
2375 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2376 target_class_type.equals(current_type()) &&
2377 _klass->find_local_field(field_name, field_sig, &fd)) {
2378 stack_object_type = current_type();
2379 }
2380 is_assignable = target_class_type.is_assignable_from(
2381 stack_object_type, this, false, CHECK_VERIFY(this));
2382 if (!is_assignable) {
2383 verify_error(ErrorContext::bad_type(bci,
2384 current_frame->stack_top_ctx(),
2385 TypeOrigin::cp(index, target_class_type)),
2386 "Bad type on operand stack in putfield");
2387 return;
2388 }
2389 }
2390 check_protected: {
2391 if (_this_type == stack_object_type)
2392 break; // stack_object_type must be assignable to _current_class_type
2393 if (was_recursively_verified()) {
2394 if (is_getfield) {
2395 // Push field type for getfield.
2396 for (int i = 0; i < n; i++) {
2397 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2398 }
2437 }
2438
2439 void ClassVerifier::verify_invoke_init(
2440 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2441 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2442 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2443 TRAPS) {
2444 int bci = bcs->bci();
2445 VerificationType type = current_frame->pop_stack(
2446 VerificationType::reference_check(), CHECK_VERIFY(this));
2447 if (type == VerificationType::uninitialized_this_type()) {
2448 // The method must be an <init> method of this class or its superclass
2449 Klass* superk = current_class()->super();
2450 if (ref_class_type.name() != current_class()->name() &&
2451 ref_class_type.name() != superk->name()) {
2452 verify_error(ErrorContext::bad_type(bci,
2453 TypeOrigin::implicit(ref_class_type),
2454 TypeOrigin::implicit(current_type())),
2455 "Bad <init> method call");
2456 return;
2457 }
2458
2459 // If this invokespecial call is done from inside of a TRY block then make
2460 // sure that all catch clause paths end in a throw. Otherwise, this can
2461 // result in returning an incomplete object.
2462 if (in_try_block) {
2463 // Check the exception handler target stackmaps with the locals from the
2464 // incoming stackmap (before initialize_object() changes them to outgoing
2465 // state).
2466 if (was_recursively_verified()) return;
2467 verify_exception_handler_targets(bci, true, current_frame,
2468 stackmap_table, CHECK_VERIFY(this));
2469 } // in_try_block
2470
2471 current_frame->initialize_object(type, current_type());
2472 *this_uninit = true;
2473 } else if (type.is_uninitialized()) {
2474 u2 new_offset = type.bci();
2475 address new_bcp = bcs->bcp() - bci + new_offset;
2476 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2541 bool ClassVerifier::is_same_or_direct_interface(
2542 InstanceKlass* klass,
2543 VerificationType klass_type,
2544 VerificationType ref_class_type) {
2545 if (ref_class_type.equals(klass_type)) return true;
2546 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2547 if (local_interfaces != nullptr) {
2548 for (int x = 0; x < local_interfaces->length(); x++) {
2549 InstanceKlass* k = local_interfaces->at(x);
2550 assert (k != nullptr && k->is_interface(), "invalid interface");
2551 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2552 return true;
2553 }
2554 }
2555 }
2556 return false;
2557 }
2558
2559 void ClassVerifier::verify_invoke_instructions(
2560 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2561 bool in_try_block, bool *this_uninit, VerificationType return_type,
2562 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2563 // Make sure the constant pool item is the right type
2564 u2 index = bcs->get_index_u2();
2565 Bytecodes::Code opcode = bcs->raw_code();
2566 unsigned int types = 0;
2567 switch (opcode) {
2568 case Bytecodes::_invokeinterface:
2569 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2570 break;
2571 case Bytecodes::_invokedynamic:
2572 types = 1 << JVM_CONSTANT_InvokeDynamic;
2573 break;
2574 case Bytecodes::_invokespecial:
2575 case Bytecodes::_invokestatic:
2576 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2577 (1 << JVM_CONSTANT_Methodref) :
2578 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2579 break;
2580 default:
2581 types = 1 << JVM_CONSTANT_Methodref;
2582 }
2583 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2584
2585 // Get method name and signature
2586 Symbol* method_name = cp->uncached_name_ref_at(index);
2587 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2588
2589 // Method signature was checked in ClassFileParser.
2590 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2591 "Invalid method signature");
2592
2593 // Get referenced class type
2594 VerificationType ref_class_type;
2595 if (opcode == Bytecodes::_invokedynamic) {
2596 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2597 class_format_error(
2598 "invokedynamic instructions not supported by this class file version (%d), class %s",
2599 _klass->major_version(), _klass->external_name());
2600 return;
2601 }
2602 } else {
2603 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2604 }
2605
2606 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2607 "buffer type must match VerificationType size");
2608
2609 // Get the UTF8 index for this signature.
2610 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2611
2612 // Get the signature's verification types.
2613 sig_as_verification_types* mth_sig_verif_types;
2639 "Inconsistent args count operand in invokeinterface");
2640 return;
2641 }
2642 if (*(bcp+4) != 0) {
2643 verify_error(ErrorContext::bad_code(bci),
2644 "Fourth operand byte of invokeinterface must be zero");
2645 return;
2646 }
2647 }
2648
2649 if (opcode == Bytecodes::_invokedynamic) {
2650 address bcp = bcs->bcp();
2651 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2652 verify_error(ErrorContext::bad_code(bci),
2653 "Third and fourth operand bytes of invokedynamic must be zero");
2654 return;
2655 }
2656 }
2657
2658 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2659 // Make sure <init> can only be invoked by invokespecial
2660 if (opcode != Bytecodes::_invokespecial ||
2661 method_name != vmSymbols::object_initializer_name()) {
2662 verify_error(ErrorContext::bad_code(bci),
2663 "Illegal call to internal method");
2664 return;
2665 }
2666 }
2667 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2668 // or any superclass (including Object).
2669 else if (opcode == Bytecodes::_invokespecial
2670 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2671 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) {
2672
2673 // We know it is not current class, direct superinterface or immediate superclass. That means it
2674 // could be:
2675 // - a totally unrelated class or interface
2676 // - an indirect superinterface
2677 // - an indirect superclass (including Object)
2678 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2679 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2680 // implemented as assignability treats all interfaces as Object.
2681
2682 bool is_interface = false; // This can only be set true if the assignability check will return true
2683 // and we loaded the class. For any other "true" returns (e.g. same class
2684 // or Object) we either can't get here (same class already excluded above)
2685 // or we know it is not an interface (i.e. Object).
2686 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2687 &is_interface, CHECK_VERIFY(this));
2688 if (!subtype) { // Totally unrelated class
2689 verify_error(ErrorContext::bad_code(bci),
2690 "Bad invokespecial instruction: "
2691 "current class isn't assignable to reference class.");
2751 verify_error(ErrorContext::bad_type(bci,
2752 current_frame->stack_top_ctx(),
2753 TypeOrigin::implicit(current_type())),
2754 "Bad access to protected data in invokevirtual");
2755 return;
2756 }
2757 }
2758 }
2759 }
2760 }
2761 } else {
2762 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2763 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2764 }
2765 }
2766 }
2767 // Push the result type.
2768 int sig_verif_types_len = sig_verif_types->length();
2769 if (sig_verif_types_len > nargs) { // There's a return type
2770 if (method_name == vmSymbols::object_initializer_name()) {
2771 // <init> method must have a void return type
2772 /* Unreachable? Class file parser verifies that methods with '<' have
2773 * void return */
2774 verify_error(ErrorContext::bad_code(bci),
2775 "Return type must be void in <init> method");
2776 return;
2777 }
2778
2779 assert(sig_verif_types_len <= nargs + 2,
2780 "Signature verification types array return type is bogus");
2781 for (int i = nargs; i < sig_verif_types_len; i++) {
2782 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2783 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2784 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2785 }
2786 }
2787 }
2788
2789 VerificationType ClassVerifier::get_newarray_type(
2790 u2 index, int bci, TRAPS) {
2791 const char* from_bt[] = {
2792 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2793 };
|
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapFrame.hpp"
30 #include "classfile/stackMapTable.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
462 _expected.details(ss);
463 } else {
464 ss->print("Invalid type: ");
465 _type.details(ss);
466 }
467 break;
468 case FLAGS_MISMATCH:
469 if (_expected.is_valid()) {
470 ss->print("Current frame's flags are not assignable "
471 "to stack map frame's.");
472 } else {
473 ss->print("Current frame's flags are invalid in this context.");
474 }
475 break;
476 case BAD_CP_INDEX:
477 ss->print("Constant pool index %d is invalid", _type.index());
478 break;
479 case BAD_LOCAL_INDEX:
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case BAD_STRICT_FIELDS:
483 ss->print("Invalid use of strict instance fields");
484 break;
485 case LOCALS_SIZE_MISMATCH:
486 ss->print("Current frame's local size doesn't match stackmap.");
487 break;
488 case STACK_SIZE_MISMATCH:
489 ss->print("Current frame's stack size doesn't match stackmap.");
490 break;
491 case STRICT_FIELDS_MISMATCH:
492 ss->print("Current frame's strict instance fields not compatible with stackmap.");
493 break;
494 case STACK_OVERFLOW:
495 ss->print("Exceeded max stack size.");
496 break;
497 case STACK_UNDERFLOW:
498 ss->print("Attempt to pop empty stack.");
499 break;
500 case MISSING_STACKMAP:
501 ss->print("Expected stackmap frame at this location.");
502 break;
503 case BAD_STACKMAP:
504 ss->print("Invalid stackmap specification.");
505 break;
506 case WRONG_INLINE_TYPE:
507 ss->print("Type ");
508 _type.details(ss);
509 ss->print(" and type ");
510 _expected.details(ss);
511 ss->print(" must be identical inline types.");
512 break;
513 case UNKNOWN:
514 default:
515 ShouldNotReachHere();
516 ss->print_cr("Unknown");
517 }
518 ss->cr();
519 }
520
521 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
522 if (_bci != -1 && method != nullptr) {
523 const char* bytecode_name = "<invalid>";
524 if (method->validate_bci(_bci) != -1) {
525 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
526 if (Bytecodes::is_defined(code)) {
527 bytecode_name = Bytecodes::name(code);
528 } else {
529 bytecode_name = "<illegal>";
530 }
531 }
532 InstanceKlass* ik = method->method_holder();
615 ClassVerifier::~ClassVerifier() {
616 // Decrement the reference count for any symbols created.
617 if (_symbols != nullptr) {
618 for (int i = 0; i < _symbols->length(); i++) {
619 Symbol* s = _symbols->at(i);
620 s->decrement_refcount();
621 }
622 }
623 }
624
625 VerificationType ClassVerifier::object_type() const {
626 return VerificationType::reference_type(vmSymbols::java_lang_Object());
627 }
628
629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
630 VerificationType vt = VerificationType::reference_type(
631 create_temporary_symbol(sig, (int)strlen(sig)));
632 return TypeOrigin::implicit(vt);
633 }
634
635 static bool supports_strict_fields(InstanceKlass* klass) {
636 int ver = klass->major_version();
637 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
638 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
639 }
640
641 void ClassVerifier::verify_class(TRAPS) {
642 log_info(verification)("Verifying class %s with new format", _klass->external_name());
643
644 // Either verifying both local and remote classes or just remote classes.
645 assert(BytecodeVerificationRemote, "Should not be here");
646
647 Array<Method*>* methods = _klass->methods();
648 int num_methods = methods->length();
649
650 for (int index = 0; index < num_methods; index++) {
651 // Check for recursive re-verification before each method.
652 if (was_recursively_verified()) return;
653
654 Method* m = methods->at(index);
655 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
656 // If m is native or abstract, skip it. It is checked in class file
657 // parser that methods do not override a final method. Overpass methods
658 // are trusted since the VM generates them.
659 continue;
715 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
716 assert(is_unique, "Duplicate entries in method_signature_table");
717 }
718
719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
720 HandleMark hm(THREAD);
721 _method = m; // initialize _method
722 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
723
724 // For clang, the only good constant format string is a literal constant format string.
725 #define bad_type_msg "Bad type on operand stack in %s"
726
727 u2 max_stack = m->verifier_max_stack();
728 u2 max_locals = m->max_locals();
729 constantPoolHandle cp(THREAD, m->constants());
730
731 // Method signature was checked in ClassFileParser.
732 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
733 "Invalid method signature");
734
735 // Collect the initial strict instance fields
736 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
737 if (m->is_object_constructor()) {
738 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
739 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
740 NameAndSig new_field(fs.name(), fs.signature());
741 if (IgnoreAssertUnsetFields) {
742 strict_fields->put(new_field, true);
743 } else {
744 strict_fields->put(new_field, false);
745 }
746 }
747 }
748 }
749
750 // Initial stack map frame: offset is 0, stack is initially empty.
751 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
752 // Set initial locals
753 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
754
755 u2 stackmap_index = 0; // index to the stackmap array
756
757 u4 code_length = m->code_size();
758
759 // Scan the bytecode and map each instruction's start offset to a number.
760 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
761
762 int ex_min = code_length;
763 int ex_max = -1;
764 // Look through each item on the exception table. Each of the fields must refer
765 // to a legal instruction.
766 if (was_recursively_verified()) return;
767 verify_exception_handler_table(
768 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
769
770 // Look through each entry on the local variable table and make sure
771 // its range of code array offsets is valid. (4169817)
772 if (m->has_localvariable_table()) {
773 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
774 }
775
776 Array<u1>* stackmap_data = m->stackmap_data();
777 StackMapStream stream(stackmap_data);
778 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
779 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
780
781 LogTarget(Debug, verification) lt;
782 if (lt.is_enabled()) {
783 LogStream ls(lt);
784 stackmap_table.print_on(&ls);
785 }
786
787 RawBytecodeStream bcs(m);
788
789 // Scan the byte code linearly from the start to the end
790 bool no_control_flow = false; // Set to true when there is no direct control
791 // flow from current instruction to the next
792 // instruction in sequence
793
794 Bytecodes::Code opcode;
795 while (!bcs.is_last_bytecode()) {
796 // Check for recursive re-verification before each bytecode.
797 if (was_recursively_verified()) return;
798
1629 case Bytecodes::_if_icmpge:
1630 case Bytecodes::_if_icmpgt:
1631 case Bytecodes::_if_icmple:
1632 current_frame.pop_stack(
1633 VerificationType::integer_type(), CHECK_VERIFY(this));
1634 // fall through
1635 case Bytecodes::_ifeq:
1636 case Bytecodes::_ifne:
1637 case Bytecodes::_iflt:
1638 case Bytecodes::_ifge:
1639 case Bytecodes::_ifgt:
1640 case Bytecodes::_ifle:
1641 current_frame.pop_stack(
1642 VerificationType::integer_type(), CHECK_VERIFY(this));
1643 stackmap_table.check_jump_target(
1644 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1645 no_control_flow = false; break;
1646 case Bytecodes::_if_acmpeq :
1647 case Bytecodes::_if_acmpne :
1648 current_frame.pop_stack(
1649 object_type(), CHECK_VERIFY(this));
1650 // fall through
1651 case Bytecodes::_ifnull :
1652 case Bytecodes::_ifnonnull :
1653 current_frame.pop_stack(
1654 object_type(), CHECK_VERIFY(this));
1655 stackmap_table.check_jump_target
1656 (¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1657 no_control_flow = false; break;
1658 case Bytecodes::_goto :
1659 stackmap_table.check_jump_target(
1660 ¤t_frame, bcs.bci(), bcs.get_offset_s2(), CHECK_VERIFY(this));
1661 no_control_flow = true; break;
1662 case Bytecodes::_goto_w :
1663 stackmap_table.check_jump_target(
1664 ¤t_frame, bcs.bci(), bcs.get_offset_s4(), CHECK_VERIFY(this));
1665 no_control_flow = true; break;
1666 case Bytecodes::_tableswitch :
1667 case Bytecodes::_lookupswitch :
1668 verify_switch(
1669 &bcs, code_length, code_data, ¤t_frame,
1670 &stackmap_table, CHECK_VERIFY(this));
1671 no_control_flow = true; break;
1672 case Bytecodes::_ireturn :
1673 type = current_frame.pop_stack(
1674 VerificationType::integer_type(), CHECK_VERIFY(this));
1694 VerificationType::double2_type(), CHECK_VERIFY(this));
1695 type = current_frame.pop_stack(
1696 VerificationType::double_type(), CHECK_VERIFY(this));
1697 verify_return_value(return_type, type, bci,
1698 ¤t_frame, CHECK_VERIFY(this));
1699 no_control_flow = true; break;
1700 case Bytecodes::_areturn :
1701 type = current_frame.pop_stack(
1702 VerificationType::reference_check(), CHECK_VERIFY(this));
1703 verify_return_value(return_type, type, bci,
1704 ¤t_frame, CHECK_VERIFY(this));
1705 no_control_flow = true; break;
1706 case Bytecodes::_return :
1707 if (return_type != VerificationType::bogus_type()) {
1708 verify_error(ErrorContext::bad_code(bci),
1709 "Method expects a return value");
1710 return;
1711 }
1712 // Make sure "this" has been initialized if current method is an
1713 // <init>.
1714 if (_method->is_object_constructor() &&
1715 current_frame.flag_this_uninit()) {
1716 verify_error(ErrorContext::bad_code(bci),
1717 "Constructor must call super() or this() "
1718 "before return");
1719 return;
1720 }
1721 no_control_flow = true; break;
1722 case Bytecodes::_getstatic :
1723 case Bytecodes::_putstatic :
1724 // pass TRUE, operand can be an array type for getstatic/putstatic.
1725 verify_field_instructions(
1726 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1727 no_control_flow = false; break;
1728 case Bytecodes::_getfield :
1729 case Bytecodes::_putfield :
1730 // pass FALSE, operand can't be an array type for getfield/putfield.
1731 verify_field_instructions(
1732 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_invokevirtual :
1735 case Bytecodes::_invokespecial :
1736 case Bytecodes::_invokestatic :
1737 case Bytecodes::_invokeinterface :
1738 case Bytecodes::_invokedynamic :
1739 verify_invoke_instructions(
1740 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1741 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1742 no_control_flow = false; break;
1743 case Bytecodes::_new :
1744 {
1745 u2 index = bcs.get_index_u2();
1746 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1747 VerificationType new_class_type =
1748 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1749 if (!new_class_type.is_object()) {
1750 verify_error(ErrorContext::bad_type(bci,
1751 TypeOrigin::cp(index, new_class_type)),
1752 "Illegal new instruction");
1753 return;
1754 }
1755 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1756 current_frame.push_stack(type, CHECK_VERIFY(this));
1757 no_control_flow = false; break;
1758 }
1759 case Bytecodes::_newarray :
1760 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1761 current_frame.pop_stack(
1779 no_control_flow = false; break;
1780 case Bytecodes::_checkcast :
1781 {
1782 u2 index = bcs.get_index_u2();
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1785 VerificationType klass_type = cp_index_to_type(
1786 index, cp, CHECK_VERIFY(this));
1787 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1788 no_control_flow = false; break;
1789 }
1790 case Bytecodes::_instanceof : {
1791 u2 index = bcs.get_index_u2();
1792 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1793 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1794 current_frame.push_stack(
1795 VerificationType::integer_type(), CHECK_VERIFY(this));
1796 no_control_flow = false; break;
1797 }
1798 case Bytecodes::_monitorenter :
1799 case Bytecodes::_monitorexit : {
1800 VerificationType ref = current_frame.pop_stack(
1801 VerificationType::reference_check(), CHECK_VERIFY(this));
1802 no_control_flow = false; break;
1803 }
1804 case Bytecodes::_multianewarray :
1805 {
1806 u2 index = bcs.get_index_u2();
1807 u2 dim = *(bcs.bcp()+3);
1808 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1809 VerificationType new_array_type =
1810 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1811 if (!new_array_type.is_array()) {
1812 verify_error(ErrorContext::bad_type(bci,
1813 TypeOrigin::cp(index, new_array_type)),
1814 "Illegal constant pool index in multianewarray instruction");
1815 return;
1816 }
1817 if (dim < 1 || new_array_type.dimensions() < dim) {
1818 verify_error(ErrorContext::bad_code(bci),
1819 "Illegal dimension in multianewarray instruction: %d", dim);
1820 return;
1821 }
1822 for (int i = 0; i < dim; i++) {
1823 current_frame.pop_stack(
2161 } else {
2162 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2163 if (member_klass != nullptr && fd.is_protected()) {
2164 if (!this_class->is_same_class_package(member_klass)) {
2165 return true;
2166 }
2167 }
2168 }
2169 return false;
2170 }
2171
2172 void ClassVerifier::verify_ldc(
2173 int opcode, u2 index, StackMapFrame* current_frame,
2174 const constantPoolHandle& cp, int bci, TRAPS) {
2175 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2176 constantTag tag = cp->tag_at(index);
2177 unsigned int types = 0;
2178 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2179 if (!tag.is_unresolved_klass()) {
2180 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2181 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2182 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2183 | (1 << JVM_CONSTANT_Dynamic);
2184 // Note: The class file parser already verified the legality of
2185 // MethodHandle and MethodType constants.
2186 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2187 }
2188 } else {
2189 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2190 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2191 | (1 << JVM_CONSTANT_Dynamic);
2192 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2193 }
2194 if (tag.is_string()) {
2195 current_frame->push_stack(
2196 VerificationType::reference_type(
2197 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2198 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2199 current_frame->push_stack(
2200 VerificationType::reference_type(
2201 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2336 const constantPoolHandle& cp,
2337 bool allow_arrays,
2338 TRAPS) {
2339 u2 index = bcs->get_index_u2();
2340 verify_cp_type(bcs->bci(), index, cp,
2341 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2342
2343 // Get field name and signature
2344 Symbol* field_name = cp->uncached_name_ref_at(index);
2345 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2346 bool is_getfield = false;
2347
2348 // Field signature was checked in ClassFileParser.
2349 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2350 "Invalid field signature");
2351
2352 // Get referenced class type
2353 VerificationType ref_class_type = cp_ref_index_to_type(
2354 index, cp, CHECK_VERIFY(this));
2355 if (!ref_class_type.is_object() &&
2356 (!allow_arrays || !ref_class_type.is_array())) {
2357 verify_error(ErrorContext::bad_type(bcs->bci(),
2358 TypeOrigin::cp(index, ref_class_type)),
2359 "Expecting reference to class in class %s at constant pool index %d",
2360 _klass->external_name(), index);
2361 return;
2362 }
2363
2364 VerificationType target_class_type = ref_class_type;
2365
2366 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2367 "buffer type must match VerificationType size");
2368 uintptr_t field_type_buffer[2];
2369 VerificationType* field_type = (VerificationType*)field_type_buffer;
2370 // If we make a VerificationType[2] array directly, the compiler calls
2371 // to the c-runtime library to do the allocation instead of just
2372 // stack allocating it. Plus it would run constructors. This shows up
2373 // in performance profiles.
2374
2375 SignatureStream sig_stream(field_sig, false);
2376 VerificationType stack_object_type;
2377 int n = change_sig_to_verificationType(&sig_stream, field_type);
2378 int bci = bcs->bci();
2379 bool is_assignable;
2380 switch (bcs->raw_code()) {
2381 case Bytecodes::_getstatic: {
2382 for (int i = 0; i < n; i++) {
2383 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2385 break;
2386 }
2387 case Bytecodes::_putstatic: {
2388 for (int i = n - 1; i >= 0; i--) {
2389 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2390 }
2391 break;
2392 }
2393 case Bytecodes::_getfield: {
2394 is_getfield = true;
2395 stack_object_type = current_frame->pop_stack(
2396 target_class_type, CHECK_VERIFY(this));
2397 goto check_protected;
2398 }
2399 case Bytecodes::_putfield: {
2400 for (int i = n - 1; i >= 0; i--) {
2401 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2402 }
2403 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2404
2405 // Field initialization is allowed before the superclass
2406 // initializer, if the field is defined within the current class.
2407 fieldDescriptor fd;
2408 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2409 target_class_type.equals(current_type());
2410 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2411 if (is_local_field) {
2412 // Set the type to the current type so the is_assignable check passes.
2413 stack_object_type = current_type();
2414
2415 if (fd.access_flags().is_strict()) {
2416 ResourceMark rm(THREAD);
2417 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2418 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2419 fd.name()->as_C_string(), fd.signature()->as_C_string());
2420 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2421 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2422 }
2423 }
2424 }
2425 } else if (supports_strict_fields(_klass)) {
2426 // `strict` fields are not writable, but only local fields produce verification errors
2427 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2428 verify_error(ErrorContext::bad_code(bci),
2429 "Illegal use of putfield on a strict field");
2430 return;
2431 }
2432 }
2433 is_assignable = target_class_type.is_assignable_from(
2434 stack_object_type, this, false, CHECK_VERIFY(this));
2435 if (!is_assignable) {
2436 verify_error(ErrorContext::bad_type(bci,
2437 current_frame->stack_top_ctx(),
2438 TypeOrigin::cp(index, target_class_type)),
2439 "Bad type on operand stack in putfield");
2440 return;
2441 }
2442 }
2443 check_protected: {
2444 if (_this_type == stack_object_type)
2445 break; // stack_object_type must be assignable to _current_class_type
2446 if (was_recursively_verified()) {
2447 if (is_getfield) {
2448 // Push field type for getfield.
2449 for (int i = 0; i < n; i++) {
2450 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2451 }
2490 }
2491
2492 void ClassVerifier::verify_invoke_init(
2493 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2494 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2495 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2496 TRAPS) {
2497 int bci = bcs->bci();
2498 VerificationType type = current_frame->pop_stack(
2499 VerificationType::reference_check(), CHECK_VERIFY(this));
2500 if (type == VerificationType::uninitialized_this_type()) {
2501 // The method must be an <init> method of this class or its superclass
2502 Klass* superk = current_class()->super();
2503 if (ref_class_type.name() != current_class()->name() &&
2504 ref_class_type.name() != superk->name()) {
2505 verify_error(ErrorContext::bad_type(bci,
2506 TypeOrigin::implicit(ref_class_type),
2507 TypeOrigin::implicit(current_type())),
2508 "Bad <init> method call");
2509 return;
2510 } else if (ref_class_type.name() == superk->name()) {
2511 // Strict final fields must be satisfied by this point
2512 if (!current_frame->verify_unset_fields_satisfied()) {
2513 log_info(verification)("Strict instance fields not initialized");
2514 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2515 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2516 }
2517 }
2518
2519 // If this invokespecial call is done from inside of a TRY block then make
2520 // sure that all catch clause paths end in a throw. Otherwise, this can
2521 // result in returning an incomplete object.
2522 if (in_try_block) {
2523 // Check the exception handler target stackmaps with the locals from the
2524 // incoming stackmap (before initialize_object() changes them to outgoing
2525 // state).
2526 if (was_recursively_verified()) return;
2527 verify_exception_handler_targets(bci, true, current_frame,
2528 stackmap_table, CHECK_VERIFY(this));
2529 } // in_try_block
2530
2531 current_frame->initialize_object(type, current_type());
2532 *this_uninit = true;
2533 } else if (type.is_uninitialized()) {
2534 u2 new_offset = type.bci();
2535 address new_bcp = bcs->bcp() - bci + new_offset;
2536 if (new_offset > (code_length - 3) || (*new_bcp) != Bytecodes::_new) {
2601 bool ClassVerifier::is_same_or_direct_interface(
2602 InstanceKlass* klass,
2603 VerificationType klass_type,
2604 VerificationType ref_class_type) {
2605 if (ref_class_type.equals(klass_type)) return true;
2606 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2607 if (local_interfaces != nullptr) {
2608 for (int x = 0; x < local_interfaces->length(); x++) {
2609 InstanceKlass* k = local_interfaces->at(x);
2610 assert (k != nullptr && k->is_interface(), "invalid interface");
2611 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2612 return true;
2613 }
2614 }
2615 }
2616 return false;
2617 }
2618
2619 void ClassVerifier::verify_invoke_instructions(
2620 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2621 bool in_try_block, bool *this_uninit,
2622 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2623 // Make sure the constant pool item is the right type
2624 u2 index = bcs->get_index_u2();
2625 Bytecodes::Code opcode = bcs->raw_code();
2626 unsigned int types = 0;
2627 switch (opcode) {
2628 case Bytecodes::_invokeinterface:
2629 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2630 break;
2631 case Bytecodes::_invokedynamic:
2632 types = 1 << JVM_CONSTANT_InvokeDynamic;
2633 break;
2634 case Bytecodes::_invokespecial:
2635 case Bytecodes::_invokestatic:
2636 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2637 (1 << JVM_CONSTANT_Methodref) :
2638 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2639 break;
2640 default:
2641 types = 1 << JVM_CONSTANT_Methodref;
2642 }
2643 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2644
2645 // Get method name and signature
2646 Symbol* method_name = cp->uncached_name_ref_at(index);
2647 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2648
2649 // Method signature was checked in ClassFileParser.
2650 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2651 "Invalid method signature");
2652
2653 // Get referenced class
2654 VerificationType ref_class_type;
2655 if (opcode == Bytecodes::_invokedynamic) {
2656 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2657 class_format_error(
2658 "invokedynamic instructions not supported by this class file version (%d), class %s",
2659 _klass->major_version(), _klass->external_name());
2660 return;
2661 }
2662 } else {
2663 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2664 }
2665
2666 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2667 "buffer type must match VerificationType size");
2668
2669 // Get the UTF8 index for this signature.
2670 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2671
2672 // Get the signature's verification types.
2673 sig_as_verification_types* mth_sig_verif_types;
2699 "Inconsistent args count operand in invokeinterface");
2700 return;
2701 }
2702 if (*(bcp+4) != 0) {
2703 verify_error(ErrorContext::bad_code(bci),
2704 "Fourth operand byte of invokeinterface must be zero");
2705 return;
2706 }
2707 }
2708
2709 if (opcode == Bytecodes::_invokedynamic) {
2710 address bcp = bcs->bcp();
2711 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2712 verify_error(ErrorContext::bad_code(bci),
2713 "Third and fourth operand bytes of invokedynamic must be zero");
2714 return;
2715 }
2716 }
2717
2718 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2719 // Make sure:
2720 // <init> can only be invoked by invokespecial.
2721 if (opcode != Bytecodes::_invokespecial ||
2722 method_name != vmSymbols::object_initializer_name()) {
2723 verify_error(ErrorContext::bad_code(bci),
2724 "Illegal call to internal method");
2725 return;
2726 }
2727 }
2728 // invokespecial, when not <init>, must be to a method in the current class, a direct superinterface,
2729 // or any superclass (including Object).
2730 else if (opcode == Bytecodes::_invokespecial
2731 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2732 && !ref_class_type.equals(VerificationType::reference_type(current_class()->super()->name()))) { // super() can never be an inline_type.
2733
2734 // We know it is not current class, direct superinterface or immediate superclass. That means it
2735 // could be:
2736 // - a totally unrelated class or interface
2737 // - an indirect superinterface
2738 // - an indirect superclass (including Object)
2739 // We use the assignability test to see if it is a superclass, or else an interface, and keep track
2740 // of the latter. Note that subtype can be true if we are dealing with an interface that is not actually
2741 // implemented as assignability treats all interfaces as Object.
2742
2743 bool is_interface = false; // This can only be set true if the assignability check will return true
2744 // and we loaded the class. For any other "true" returns (e.g. same class
2745 // or Object) we either can't get here (same class already excluded above)
2746 // or we know it is not an interface (i.e. Object).
2747 bool subtype = ref_class_type.is_reference_assignable_from(current_type(), this, false,
2748 &is_interface, CHECK_VERIFY(this));
2749 if (!subtype) { // Totally unrelated class
2750 verify_error(ErrorContext::bad_code(bci),
2751 "Bad invokespecial instruction: "
2752 "current class isn't assignable to reference class.");
2812 verify_error(ErrorContext::bad_type(bci,
2813 current_frame->stack_top_ctx(),
2814 TypeOrigin::implicit(current_type())),
2815 "Bad access to protected data in invokevirtual");
2816 return;
2817 }
2818 }
2819 }
2820 }
2821 }
2822 } else {
2823 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2824 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2825 }
2826 }
2827 }
2828 // Push the result type.
2829 int sig_verif_types_len = sig_verif_types->length();
2830 if (sig_verif_types_len > nargs) { // There's a return type
2831 if (method_name == vmSymbols::object_initializer_name()) {
2832 // an <init> method must have a void return type
2833 verify_error(ErrorContext::bad_code(bci),
2834 "Return type must be void in <init> method");
2835 return;
2836 }
2837
2838 assert(sig_verif_types_len <= nargs + 2,
2839 "Signature verification types array return type is bogus");
2840 for (int i = nargs; i < sig_verif_types_len; i++) {
2841 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2842 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2843 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2844 }
2845 }
2846 }
2847
2848 VerificationType ClassVerifier::get_newarray_type(
2849 u2 index, int bci, TRAPS) {
2850 const char* from_bt[] = {
2851 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2852 };
|