< prev index next >

src/hotspot/share/classfile/verifier.cpp

Print this page

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/jniHandles.inline.hpp"
  56 #include "runtime/os.hpp"
  57 #include "runtime/safepointVerifiers.hpp"
  58 #include "runtime/thread.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52

  66 #define MAX_ARRAY_DIMENSIONS 255
  67 
  68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  69 
  70 extern "C" {
  71   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  75 
  76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  77 
  78   if (_verify_byte_codes_fn != NULL)
  79     return _verify_byte_codes_fn;
  80 
  81   MutexLocker locker(Verify_lock);
  82 
  83   if (_verify_byte_codes_fn != NULL)
  84     return _verify_byte_codes_fn;
  85 

 258       }
 259       kls = kls->super();
 260     }
 261     if (message_buffer != NULL) {
 262       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 263     }
 264     assert(exception_message != NULL, "");
 265     THROW_MSG_(exception_name, exception_message, false);
 266   }
 267 }
 268 
 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 270   Symbol* name = klass->name();
 271   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 272 
 273   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 274 
 275   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 276     // return if the class is a bootstrapping class
 277     // or defineClass specified not to verify by default (flags override passed arg)
 278     // We need to skip the following four for bootstraping
 279     name != vmSymbols::java_lang_Object() &&
 280     name != vmSymbols::java_lang_Class() &&
 281     name != vmSymbols::java_lang_String() &&
 282     name != vmSymbols::java_lang_Throwable() &&
 283 
 284     // Can not verify the bytecodes for shared classes because they have
 285     // already been rewritten to contain constant pool cache indices,
 286     // which the verifier can't understand.
 287     // Shared classes shouldn't have stackmaps either.
 288     // However, bytecodes for shared old classes can be verified because
 289     // they have not been rewritten.
 290     !(klass->is_shared() && klass->is_rewritten()) &&
 291 
 292     // As of the fix for 4486457 we disable verification for all of the
 293     // dynamically-generated bytecodes associated with the 1.4
 294     // reflection implementation, not just those associated with
 295     // jdk/internal/reflect/SerializationConstructorAccessor.
 296     // NOTE: this is called too early in the bootstrapping process to be
 297     // guarded by Universe::is_gte_jdk14x_version().
 298     // Also for lambda generated code, gte jdk8

 481       ss->print("Local index %d is invalid", _type.index());
 482       break;
 483     case LOCALS_SIZE_MISMATCH:
 484       ss->print("Current frame's local size doesn't match stackmap.");
 485       break;
 486     case STACK_SIZE_MISMATCH:
 487       ss->print("Current frame's stack size doesn't match stackmap.");
 488       break;
 489     case STACK_OVERFLOW:
 490       ss->print("Exceeded max stack size.");
 491       break;
 492     case STACK_UNDERFLOW:
 493       ss->print("Attempt to pop empty stack.");
 494       break;
 495     case MISSING_STACKMAP:
 496       ss->print("Expected stackmap frame at this location.");
 497       break;
 498     case BAD_STACKMAP:
 499       ss->print("Invalid stackmap specification.");
 500       break;







 501     case UNKNOWN:
 502     default:
 503       ShouldNotReachHere();
 504       ss->print_cr("Unknown");
 505   }
 506   ss->cr();
 507 }
 508 
 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 510   if (_bci != -1 && method != NULL) {
 511     streamIndentor si(ss);
 512     const char* bytecode_name = "<invalid>";
 513     if (method->validate_bci(_bci) != -1) {
 514       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 515       if (Bytecodes::is_defined(code)) {
 516           bytecode_name = Bytecodes::name(code);
 517       } else {
 518           bytecode_name = "<illegal>";
 519       }
 520     }

 575     stack_map_frame* sm_frame = sm_table->entries();
 576     streamIndentor si2(ss);
 577     int current_offset = -1;
 578     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 579     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 580       ss->indent();
 581       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 582         sm_frame->print_truncated(ss, current_offset);
 583         return;
 584       }
 585       sm_frame->print_on(ss, current_offset);
 586       ss->cr();
 587       current_offset += sm_frame->offset_delta();
 588       sm_frame = sm_frame->next();
 589     }
 590   }
 591 }
 592 
 593 // Methods in ClassVerifier
 594 








 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 596     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 597       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 598   _this_type = VerificationType::reference_type(klass->name());
 599 }
 600 
 601 ClassVerifier::~ClassVerifier() {
 602   // Decrement the reference count for any symbols created.
 603   if (_symbols != NULL) {
 604     for (int i = 0; i < _symbols->length(); i++) {
 605       Symbol* s = _symbols->at(i);
 606       s->decrement_refcount();
 607     }
 608   }
 609 }
 610 
 611 VerificationType ClassVerifier::object_type() const {
 612   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 613 }
 614 
 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 616   VerificationType vt = VerificationType::reference_type(
 617                          create_temporary_symbol(sig, (int)strlen(sig)));
 618   return TypeOrigin::implicit(vt);

1022         case Bytecodes::_daload :
1023           type = current_frame.pop_stack(
1024             VerificationType::integer_type(), CHECK_VERIFY(this));
1025           atype = current_frame.pop_stack(
1026             VerificationType::reference_check(), CHECK_VERIFY(this));
1027           if (!atype.is_double_array()) {
1028             verify_error(ErrorContext::bad_type(bci,
1029                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1030                 bad_type_msg, "daload");
1031             return;
1032           }
1033           current_frame.push_stack_2(
1034             VerificationType::double_type(),
1035             VerificationType::double2_type(), CHECK_VERIFY(this));
1036           no_control_flow = false; break;
1037         case Bytecodes::_aaload : {
1038           type = current_frame.pop_stack(
1039             VerificationType::integer_type(), CHECK_VERIFY(this));
1040           atype = current_frame.pop_stack(
1041             VerificationType::reference_check(), CHECK_VERIFY(this));
1042           if (!atype.is_reference_array()) {
1043             verify_error(ErrorContext::bad_type(bci,
1044                 current_frame.stack_top_ctx(),
1045                 TypeOrigin::implicit(VerificationType::reference_check())),
1046                 bad_type_msg, "aaload");
1047             return;
1048           }
1049           if (atype.is_null()) {
1050             current_frame.push_stack(
1051               VerificationType::null_type(), CHECK_VERIFY(this));
1052           } else {
1053             VerificationType component = atype.get_component(this);
1054             current_frame.push_stack(component, CHECK_VERIFY(this));
1055           }
1056           no_control_flow = false; break;
1057         }
1058         case Bytecodes::_istore :
1059           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1060           no_control_flow = false; break;
1061         case Bytecodes::_istore_0 :
1062         case Bytecodes::_istore_1 :

1195             VerificationType::double2_type(),
1196             VerificationType::double_type(), CHECK_VERIFY(this));
1197           current_frame.pop_stack(
1198             VerificationType::integer_type(), CHECK_VERIFY(this));
1199           atype = current_frame.pop_stack(
1200             VerificationType::reference_check(), CHECK_VERIFY(this));
1201           if (!atype.is_double_array()) {
1202             verify_error(ErrorContext::bad_type(bci,
1203                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204                 bad_type_msg, "dastore");
1205             return;
1206           }
1207           no_control_flow = false; break;
1208         case Bytecodes::_aastore :
1209           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210           type2 = current_frame.pop_stack(
1211             VerificationType::integer_type(), CHECK_VERIFY(this));
1212           atype = current_frame.pop_stack(
1213             VerificationType::reference_check(), CHECK_VERIFY(this));
1214           // more type-checking is done at runtime
1215           if (!atype.is_reference_array()) {
1216             verify_error(ErrorContext::bad_type(bci,
1217                 current_frame.stack_top_ctx(),
1218                 TypeOrigin::implicit(VerificationType::reference_check())),
1219                 bad_type_msg, "aastore");
1220             return;
1221           }
1222           // 4938384: relaxed constraint in JVMS 3nd edition.
1223           no_control_flow = false; break;
1224         case Bytecodes::_pop :
1225           current_frame.pop_stack(
1226             VerificationType::category1_check(), CHECK_VERIFY(this));
1227           no_control_flow = false; break;
1228         case Bytecodes::_pop2 :
1229           type = current_frame.pop_stack(CHECK_VERIFY(this));
1230           if (type.is_category1()) {
1231             current_frame.pop_stack(
1232               VerificationType::category1_check(), CHECK_VERIFY(this));
1233           } else if (type.is_category2_2nd()) {
1234             current_frame.pop_stack(
1235               VerificationType::category2_check(), CHECK_VERIFY(this));

1595         case Bytecodes::_if_icmpgt:
1596         case Bytecodes::_if_icmple:
1597           current_frame.pop_stack(
1598             VerificationType::integer_type(), CHECK_VERIFY(this));
1599           // fall through
1600         case Bytecodes::_ifeq:
1601         case Bytecodes::_ifne:
1602         case Bytecodes::_iflt:
1603         case Bytecodes::_ifge:
1604         case Bytecodes::_ifgt:
1605         case Bytecodes::_ifle:
1606           current_frame.pop_stack(
1607             VerificationType::integer_type(), CHECK_VERIFY(this));
1608           target = bcs.dest();
1609           stackmap_table.check_jump_target(
1610             &current_frame, target, CHECK_VERIFY(this));
1611           no_control_flow = false; break;
1612         case Bytecodes::_if_acmpeq :
1613         case Bytecodes::_if_acmpne :
1614           current_frame.pop_stack(
1615             VerificationType::reference_check(), CHECK_VERIFY(this));
1616           // fall through
1617         case Bytecodes::_ifnull :
1618         case Bytecodes::_ifnonnull :
1619           current_frame.pop_stack(
1620             VerificationType::reference_check(), CHECK_VERIFY(this));
1621           target = bcs.dest();
1622           stackmap_table.check_jump_target
1623             (&current_frame, target, CHECK_VERIFY(this));
1624           no_control_flow = false; break;
1625         case Bytecodes::_goto :
1626           target = bcs.dest();
1627           stackmap_table.check_jump_target(
1628             &current_frame, target, CHECK_VERIFY(this));
1629           no_control_flow = true; break;
1630         case Bytecodes::_goto_w :
1631           target = bcs.dest_w();
1632           stackmap_table.check_jump_target(
1633             &current_frame, target, CHECK_VERIFY(this));
1634           no_control_flow = true; break;
1635         case Bytecodes::_tableswitch :
1636         case Bytecodes::_lookupswitch :
1637           verify_switch(
1638             &bcs, code_length, code_data, &current_frame,
1639             &stackmap_table, CHECK_VERIFY(this));
1640           no_control_flow = true; break;

1651             VerificationType::long_type(), CHECK_VERIFY(this));
1652           verify_return_value(return_type, type, bci,
1653                               &current_frame, CHECK_VERIFY(this));
1654           no_control_flow = true; break;
1655         case Bytecodes::_freturn :
1656           type = current_frame.pop_stack(
1657             VerificationType::float_type(), CHECK_VERIFY(this));
1658           verify_return_value(return_type, type, bci,
1659                               &current_frame, CHECK_VERIFY(this));
1660           no_control_flow = true; break;
1661         case Bytecodes::_dreturn :
1662           type2 = current_frame.pop_stack(
1663             VerificationType::double2_type(),  CHECK_VERIFY(this));
1664           type = current_frame.pop_stack(
1665             VerificationType::double_type(), CHECK_VERIFY(this));
1666           verify_return_value(return_type, type, bci,
1667                               &current_frame, CHECK_VERIFY(this));
1668           no_control_flow = true; break;
1669         case Bytecodes::_areturn :
1670           type = current_frame.pop_stack(
1671             VerificationType::reference_check(), CHECK_VERIFY(this));
1672           verify_return_value(return_type, type, bci,
1673                               &current_frame, CHECK_VERIFY(this));
1674           no_control_flow = true; break;
1675         case Bytecodes::_return :
1676           if (return_type != VerificationType::bogus_type()) {
1677             verify_error(ErrorContext::bad_code(bci),
1678                          "Method expects a return value");
1679             return;
1680           }
1681           // Make sure "this" has been initialized if current method is an
1682           // <init>.
1683           if (_method->name() == vmSymbols::object_initializer_name() &&
1684               current_frame.flag_this_uninit()) {
1685             verify_error(ErrorContext::bad_code(bci),
1686                          "Constructor must call super() or this() "
1687                          "before return");
1688             return;
1689           }
1690           no_control_flow = true; break;
1691         case Bytecodes::_getstatic :
1692         case Bytecodes::_putstatic :
1693           // pass TRUE, operand can be an array type for getstatic/putstatic.
1694           verify_field_instructions(
1695             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1696           no_control_flow = false; break;
1697         case Bytecodes::_getfield :
1698         case Bytecodes::_putfield :
1699           // pass FALSE, operand can't be an array type for getfield/putfield.
1700           verify_field_instructions(
1701             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1702           no_control_flow = false; break;











1703         case Bytecodes::_invokevirtual :
1704         case Bytecodes::_invokespecial :
1705         case Bytecodes::_invokestatic :
1706           verify_invoke_instructions(
1707             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1708             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709           no_control_flow = false; break;
1710         case Bytecodes::_invokeinterface :
1711         case Bytecodes::_invokedynamic :
1712           verify_invoke_instructions(
1713             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1714             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715           no_control_flow = false; break;
1716         case Bytecodes::_new :
1717         {
1718           index = bcs.get_index_u2();
1719           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720           VerificationType new_class_type =
1721             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722           if (!new_class_type.is_object()) {
1723             verify_error(ErrorContext::bad_type(bci,
1724                 TypeOrigin::cp(index, new_class_type)),
1725                 "Illegal new instruction");
1726             return;
1727           }
1728           type = VerificationType::uninitialized_type(bci);
1729           current_frame.push_stack(type, CHECK_VERIFY(this));
1730           no_control_flow = false; break;
1731         }






















1732         case Bytecodes::_newarray :
1733           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734           current_frame.pop_stack(
1735             VerificationType::integer_type(),  CHECK_VERIFY(this));
1736           current_frame.push_stack(type, CHECK_VERIFY(this));
1737           no_control_flow = false; break;
1738         case Bytecodes::_anewarray :
1739           verify_anewarray(
1740             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1741           no_control_flow = false; break;
1742         case Bytecodes::_arraylength :
1743           type = current_frame.pop_stack(
1744             VerificationType::reference_check(), CHECK_VERIFY(this));
1745           if (!(type.is_null() || type.is_array())) {
1746             verify_error(ErrorContext::bad_type(
1747                 bci, current_frame.stack_top_ctx()),
1748                 bad_type_msg, "arraylength");
1749           }
1750           current_frame.push_stack(
1751             VerificationType::integer_type(), CHECK_VERIFY(this));
1752           no_control_flow = false; break;
1753         case Bytecodes::_checkcast :
1754         {
1755           index = bcs.get_index_u2();
1756           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758           VerificationType klass_type = cp_index_to_type(
1759             index, cp, CHECK_VERIFY(this));
1760           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761           no_control_flow = false; break;
1762         }
1763         case Bytecodes::_instanceof : {
1764           index = bcs.get_index_u2();
1765           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767           current_frame.push_stack(
1768             VerificationType::integer_type(), CHECK_VERIFY(this));
1769           no_control_flow = false; break;
1770         }
1771         case Bytecodes::_monitorenter :
1772         case Bytecodes::_monitorexit :
1773           current_frame.pop_stack(
1774             VerificationType::reference_check(), CHECK_VERIFY(this));
1775           no_control_flow = false; break;

1776         case Bytecodes::_multianewarray :
1777         {
1778           index = bcs.get_index_u2();
1779           u2 dim = *(bcs.bcp()+3);
1780           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781           VerificationType new_array_type =
1782             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783           if (!new_array_type.is_array()) {
1784             verify_error(ErrorContext::bad_type(bci,
1785                 TypeOrigin::cp(index, new_array_type)),
1786                 "Illegal constant pool index in multianewarray instruction");
1787             return;
1788           }
1789           if (dim < 1 || new_array_type.dimensions() < dim) {
1790             verify_error(ErrorContext::bad_code(bci),
1791                 "Illegal dimension in multianewarray instruction: %d", dim);
1792             return;
1793           }
1794           for (int i = 0; i < dim; i++) {
1795             current_frame.pop_stack(

2020   int nconstants = cp->length();
2021   if ((index <= 0) || (index >= nconstants)) {
2022     verify_error(ErrorContext::bad_cp_index(bci, index),
2023         "Illegal constant pool index %d in class %s",
2024         index, cp->pool_holder()->external_name());
2025     return;
2026   }
2027 }
2028 
2029 void ClassVerifier::verify_cp_type(
2030     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031 
2032   // In some situations, bytecode rewriting may occur while we're verifying.
2033   // In this case, a constant pool cache exists and some indices refer to that
2034   // instead.  Be sure we don't pick up such indices by accident.
2035   // We must check was_recursively_verified() before we get here.
2036   guarantee(cp->cache() == NULL, "not rewritten yet");
2037 
2038   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039   unsigned int tag = cp->tag_at(index).value();

2040   if ((types & (1 << tag)) == 0) {
2041     verify_error(ErrorContext::bad_cp_index(bci, index),
2042       "Illegal type at constant pool entry %d in class %s",
2043       index, cp->pool_holder()->external_name());
2044     return;
2045   }
2046 }
2047 
2048 void ClassVerifier::verify_cp_class_type(
2049     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2050   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051   constantTag tag = cp->tag_at(index);
2052   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053     verify_error(ErrorContext::bad_cp_index(bci, index),
2054         "Illegal type at constant pool entry %d in class %s",
2055         index, cp->pool_holder()->external_name());
2056     return;
2057   }
2058 }
2059 

2134   } else {
2135     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136     if (member_klass != NULL && fd.is_protected()) {
2137       if (!this_class->is_same_class_package(member_klass)) {
2138         return true;
2139       }
2140     }
2141   }
2142   return false;
2143 }
2144 
2145 void ClassVerifier::verify_ldc(
2146     int opcode, u2 index, StackMapFrame* current_frame,
2147     const constantPoolHandle& cp, u2 bci, TRAPS) {
2148   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149   constantTag tag = cp->tag_at(index);
2150   unsigned int types = 0;
2151   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152     if (!tag.is_unresolved_klass()) {
2153       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2155             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156             | (1 << JVM_CONSTANT_Dynamic);
2157       // Note:  The class file parser already verified the legality of
2158       // MethodHandle and MethodType constants.
2159       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160     }
2161   } else {
2162     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164           | (1 << JVM_CONSTANT_Dynamic);
2165     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166   }
2167   if (tag.is_string()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172     current_frame->push_stack(
2173       VerificationType::reference_type(
2174         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2309                                               const constantPoolHandle& cp,
2310                                               bool allow_arrays,
2311                                               TRAPS) {
2312   u2 index = bcs->get_index_u2();
2313   verify_cp_type(bcs->bci(), index, cp,
2314       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2315 
2316   // Get field name and signature
2317   Symbol* field_name = cp->name_ref_at(index);
2318   Symbol* field_sig = cp->signature_ref_at(index);
2319   bool is_getfield = false;
2320 
2321   // Field signature was checked in ClassFileParser.
2322   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2323          "Invalid field signature");
2324 
2325   // Get referenced class type
2326   VerificationType ref_class_type = cp_ref_index_to_type(
2327     index, cp, CHECK_VERIFY(this));
2328   if (!ref_class_type.is_object() &&
2329     (!allow_arrays || !ref_class_type.is_array())) {
2330     verify_error(ErrorContext::bad_type(bcs->bci(),
2331         TypeOrigin::cp(index, ref_class_type)),
2332         "Expecting reference to class in class %s at constant pool index %d",
2333         _klass->external_name(), index);
2334     return;
2335   }

2336   VerificationType target_class_type = ref_class_type;
2337 
2338   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2339         "buffer type must match VerificationType size");
2340   uintptr_t field_type_buffer[2];
2341   VerificationType* field_type = (VerificationType*)field_type_buffer;
2342   // If we make a VerificationType[2] array directly, the compiler calls
2343   // to the c-runtime library to do the allocation instead of just
2344   // stack allocating it.  Plus it would run constructors.  This shows up
2345   // in performance profiles.
2346 
2347   SignatureStream sig_stream(field_sig, false);
2348   VerificationType stack_object_type;
2349   int n = change_sig_to_verificationType(&sig_stream, field_type);
2350   u2 bci = bcs->bci();
2351   bool is_assignable;
2352   switch (bcs->raw_code()) {
2353     case Bytecodes::_getstatic: {
2354       for (int i = 0; i < n; i++) {
2355         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2356       }
2357       break;
2358     }
2359     case Bytecodes::_putstatic: {
2360       for (int i = n - 1; i >= 0; i--) {
2361         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2362       }
2363       break;
2364     }











2365     case Bytecodes::_getfield: {
2366       is_getfield = true;
2367       stack_object_type = current_frame->pop_stack(
2368         target_class_type, CHECK_VERIFY(this));
2369       goto check_protected;
2370     }
2371     case Bytecodes::_putfield: {
2372       for (int i = n - 1; i >= 0; i--) {
2373         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2374       }
2375       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2376 
2377       // The JVMS 2nd edition allows field initialization before the superclass
2378       // initializer, if the field is defined within the current class.
2379       fieldDescriptor fd;
2380       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2381           target_class_type.equals(current_type()) &&
2382           _klass->find_local_field(field_name, field_sig, &fd)) {
2383         stack_object_type = current_type();
2384       }

2766 bool ClassVerifier::is_same_or_direct_interface(
2767     InstanceKlass* klass,
2768     VerificationType klass_type,
2769     VerificationType ref_class_type) {
2770   if (ref_class_type.equals(klass_type)) return true;
2771   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2772   if (local_interfaces != NULL) {
2773     for (int x = 0; x < local_interfaces->length(); x++) {
2774       InstanceKlass* k = local_interfaces->at(x);
2775       assert (k != NULL && k->is_interface(), "invalid interface");
2776       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2777         return true;
2778       }
2779     }
2780   }
2781   return false;
2782 }
2783 
2784 void ClassVerifier::verify_invoke_instructions(
2785     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2786     bool in_try_block, bool *this_uninit, VerificationType return_type,
2787     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2788   // Make sure the constant pool item is the right type
2789   u2 index = bcs->get_index_u2();
2790   Bytecodes::Code opcode = bcs->raw_code();
2791   unsigned int types = 0;
2792   switch (opcode) {
2793     case Bytecodes::_invokeinterface:
2794       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2795       break;
2796     case Bytecodes::_invokedynamic:
2797       types = 1 << JVM_CONSTANT_InvokeDynamic;
2798       break;
2799     case Bytecodes::_invokespecial:
2800     case Bytecodes::_invokestatic:
2801       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2802         (1 << JVM_CONSTANT_Methodref) :
2803         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2804       break;
2805     default:
2806       types = 1 << JVM_CONSTANT_Methodref;
2807   }
2808   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2809 
2810   // Get method name and signature
2811   Symbol* method_name = cp->name_ref_at(index);
2812   Symbol* method_sig = cp->signature_ref_at(index);
2813 
2814   // Method signature was checked in ClassFileParser.
2815   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2816          "Invalid method signature");
2817 
2818   // Get referenced class type
2819   VerificationType ref_class_type;
2820   if (opcode == Bytecodes::_invokedynamic) {
2821     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2822       class_format_error(
2823         "invokedynamic instructions not supported by this class file version (%d), class %s",
2824         _klass->major_version(), _klass->external_name());
2825       return;
2826     }
2827   } else {
2828     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2829   }
2830 
2831   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2832         "buffer type must match VerificationType size");
2833 
2834   // Get the UTF8 index for this signature.
2835   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2836 
2837   // Get the signature's verification types.
2838   sig_as_verification_types* mth_sig_verif_types;

2864           "Inconsistent args count operand in invokeinterface");
2865       return;
2866     }
2867     if (*(bcp+4) != 0) {
2868       verify_error(ErrorContext::bad_code(bci),
2869           "Fourth operand byte of invokeinterface must be zero");
2870       return;
2871     }
2872   }
2873 
2874   if (opcode == Bytecodes::_invokedynamic) {
2875     address bcp = bcs->bcp();
2876     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2877       verify_error(ErrorContext::bad_code(bci),
2878           "Third and fourth operand bytes of invokedynamic must be zero");
2879       return;
2880     }
2881   }
2882 
2883   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2884     // Make sure <init> can only be invoked by invokespecial
2885     if (opcode != Bytecodes::_invokespecial ||


2886         method_name != vmSymbols::object_initializer_name()) {
2887       verify_error(ErrorContext::bad_code(bci),
2888           "Illegal call to internal method");
2889       return;
2890     }
2891   } else if (opcode == Bytecodes::_invokespecial
2892              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2893              && !ref_class_type.equals(VerificationType::reference_type(
2894                   current_class()->super()->name()))) {
2895     bool subtype = false;
2896     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2897     subtype = ref_class_type.is_assignable_from(
2898                current_type(), this, false, CHECK_VERIFY(this));
2899     if (!subtype) {
2900       verify_error(ErrorContext::bad_code(bci),
2901           "Bad invokespecial instruction: "
2902           "current class isn't assignable to reference class.");
2903        return;
2904     } else if (have_imr_indirect) {
2905       verify_error(ErrorContext::bad_code(bci),
2906           "Bad invokespecial instruction: "
2907           "interface method reference is in an indirect superinterface.");
2908       return;
2909     }
2910 
2911   }
2912 
2913   // Get the verification types for the method's arguments.
2914   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2915   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2916   // Match method descriptor with operand stack
2917   // The arguments are on the stack in descending order.
2918   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2919     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2920   }
2921 
2922   // Check objectref on operand stack
2923   if (opcode != Bytecodes::_invokestatic &&
2924       opcode != Bytecodes::_invokedynamic) {
2925     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method

2926       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2927         code_length, in_try_block, this_uninit, cp, stackmap_table,
2928         CHECK_VERIFY(this));
2929       if (was_recursively_verified()) return;
2930     } else {   // other methods
2931       // Ensures that target class is assignable to method class.
2932       if (opcode == Bytecodes::_invokespecial) {
2933         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2934       } else if (opcode == Bytecodes::_invokevirtual) {
2935         VerificationType stack_object_type =
2936           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2937         if (current_type() != stack_object_type) {
2938           if (was_recursively_verified()) return;
2939           assert(cp->cache() == NULL, "not rewritten yet");
2940           Symbol* ref_class_name =
2941             cp->klass_name_at(cp->klass_ref_index_at(index));
2942           // See the comments in verify_field_instructions() for
2943           // the rationale behind this.
2944           if (name_in_supers(ref_class_name, current_class())) {
2945             Klass* ref_class = load_class(ref_class_name, CHECK);

2958                 } else {
2959                   verify_error(ErrorContext::bad_type(bci,
2960                       current_frame->stack_top_ctx(),
2961                       TypeOrigin::implicit(current_type())),
2962                       "Bad access to protected data in invokevirtual");
2963                   return;
2964                 }
2965               }
2966             }
2967           }
2968         }
2969       } else {
2970         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2971         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2972       }
2973     }
2974   }
2975   // Push the result type.
2976   int sig_verif_types_len = sig_verif_types->length();
2977   if (sig_verif_types_len > nargs) {  // There's a return type
2978     if (method_name == vmSymbols::object_initializer_name()) {
2979       // <init> method must have a void return type
2980       /* Unreachable?  Class file parser verifies that methods with '<' have
2981        * void return */
2982       verify_error(ErrorContext::bad_code(bci),
2983           "Return type must be void in <init> method");
2984       return;
2985     }
2986 
2987     assert(sig_verif_types_len <= nargs + 2,
2988            "Signature verification types array return type is bogus");
2989     for (int i = nargs; i < sig_verif_types_len; i++) {
2990       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2991              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2992       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2993     }








2994   }
2995 }
2996 
2997 VerificationType ClassVerifier::get_newarray_type(
2998     u2 index, u2 bci, TRAPS) {
2999   const char* from_bt[] = {
3000     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3001   };
3002   if (index < T_BOOLEAN || index > T_LONG) {
3003     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3004     return VerificationType::bogus_type();
3005   }
3006 
3007   // from_bt[index] contains the array signature which has a length of 2
3008   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3009   return VerificationType::reference_type(sig);
3010 }
3011 
3012 void ClassVerifier::verify_anewarray(
3013     u2 bci, u2 index, const constantPoolHandle& cp,

3021     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3022   int length;
3023   char* arr_sig_str;
3024   if (component_type.is_array()) {     // it's an array
3025     const char* component_name = component_type.name()->as_utf8();
3026     // Check for more than MAX_ARRAY_DIMENSIONS
3027     length = (int)strlen(component_name);
3028     if (length > MAX_ARRAY_DIMENSIONS &&
3029         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3030       verify_error(ErrorContext::bad_code(bci),
3031         "Illegal anewarray instruction, array has more than 255 dimensions");
3032     }
3033     // add one dimension to component
3034     length++;
3035     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3036     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3037                          JVM_SIGNATURE_ARRAY, component_name);
3038     assert(n == length, "Unexpected number of characters in string");
3039   } else {         // it's an object or interface
3040     const char* component_name = component_type.name()->as_utf8();
3041     // add one dimension to component with 'L' prepended and ';' postpended.

3042     length = (int)strlen(component_name) + 3;
3043     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3044     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3045                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3046     assert(n == length, "Unexpected number of characters in string");
3047   }
3048   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3049   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3050   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3051 }
3052 
3053 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3054   current_frame->get_local(
3055     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3056   current_frame->push_stack(
3057     VerificationType::integer_type(), CHECK_VERIFY(this));
3058 }
3059 
3060 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3061   current_frame->get_local_2(
3062     index, VerificationType::long_type(),
3063     VerificationType::long2_type(), CHECK_VERIFY(this));
3064   current_frame->push_stack_2(
3065     VerificationType::long_type(),

3067 }
3068 
3069 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3070   current_frame->get_local(
3071     index, VerificationType::float_type(), CHECK_VERIFY(this));
3072   current_frame->push_stack(
3073     VerificationType::float_type(), CHECK_VERIFY(this));
3074 }
3075 
3076 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3077   current_frame->get_local_2(
3078     index, VerificationType::double_type(),
3079     VerificationType::double2_type(), CHECK_VERIFY(this));
3080   current_frame->push_stack_2(
3081     VerificationType::double_type(),
3082     VerificationType::double2_type(), CHECK_VERIFY(this));
3083 }
3084 
3085 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3086   VerificationType type = current_frame->get_local(
3087     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3088   current_frame->push_stack(type, CHECK_VERIFY(this));
3089 }
3090 
3091 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3092   current_frame->pop_stack(
3093     VerificationType::integer_type(), CHECK_VERIFY(this));
3094   current_frame->set_local(
3095     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3096 }
3097 
3098 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3099   current_frame->pop_stack_2(
3100     VerificationType::long2_type(),
3101     VerificationType::long_type(), CHECK_VERIFY(this));
3102   current_frame->set_local_2(
3103     index, VerificationType::long_type(),
3104     VerificationType::long2_type(), CHECK_VERIFY(this));
3105 }
3106 
3107 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3108   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3109   current_frame->set_local(
3110     index, VerificationType::float_type(), CHECK_VERIFY(this));
3111 }
3112 
3113 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3114   current_frame->pop_stack_2(
3115     VerificationType::double2_type(),
3116     VerificationType::double_type(), CHECK_VERIFY(this));
3117   current_frame->set_local_2(
3118     index, VerificationType::double_type(),
3119     VerificationType::double2_type(), CHECK_VERIFY(this));
3120 }
3121 
3122 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3123   VerificationType type = current_frame->pop_stack(
3124     VerificationType::reference_check(), CHECK_VERIFY(this));
3125   current_frame->set_local(index, type, CHECK_VERIFY(this));
3126 }
3127 
3128 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3129   VerificationType type = current_frame->get_local(
3130     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3131   current_frame->set_local(index, type, CHECK_VERIFY(this));
3132 }
3133 
3134 void ClassVerifier::verify_return_value(
3135     VerificationType return_type, VerificationType type, u2 bci,
3136     StackMapFrame* current_frame, TRAPS) {
3137   if (return_type == VerificationType::bogus_type()) {
3138     verify_error(ErrorContext::bad_type(bci,
3139         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3140         "Method does not expect a return value");
3141     return;
3142   }
3143   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3144   if (!match) {

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/jniHandles.inline.hpp"
  56 #include "runtime/os.hpp"
  57 #include "runtime/safepointVerifiers.hpp"
  58 #include "runtime/thread.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define INLINE_TYPE_MAJOR_VERSION                       56
  67 #define MAX_ARRAY_DIMENSIONS 255
  68 
  69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  70 
  71 extern "C" {
  72   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  73 }
  74 
  75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  76 
  77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  78 
  79   if (_verify_byte_codes_fn != NULL)
  80     return _verify_byte_codes_fn;
  81 
  82   MutexLocker locker(Verify_lock);
  83 
  84   if (_verify_byte_codes_fn != NULL)
  85     return _verify_byte_codes_fn;
  86 

 259       }
 260       kls = kls->super();
 261     }
 262     if (message_buffer != NULL) {
 263       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 264     }
 265     assert(exception_message != NULL, "");
 266     THROW_MSG_(exception_name, exception_message, false);
 267   }
 268 }
 269 
 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 271   Symbol* name = klass->name();
 272   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 273 
 274   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 275 
 276   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 277     // return if the class is a bootstrapping class
 278     // or defineClass specified not to verify by default (flags override passed arg)
 279     // We need to skip the following four for bootstrapping
 280     name != vmSymbols::java_lang_Object() &&
 281     name != vmSymbols::java_lang_Class() &&
 282     name != vmSymbols::java_lang_String() &&
 283     name != vmSymbols::java_lang_Throwable() &&
 284 
 285     // Can not verify the bytecodes for shared classes because they have
 286     // already been rewritten to contain constant pool cache indices,
 287     // which the verifier can't understand.
 288     // Shared classes shouldn't have stackmaps either.
 289     // However, bytecodes for shared old classes can be verified because
 290     // they have not been rewritten.
 291     !(klass->is_shared() && klass->is_rewritten()) &&
 292 
 293     // As of the fix for 4486457 we disable verification for all of the
 294     // dynamically-generated bytecodes associated with the 1.4
 295     // reflection implementation, not just those associated with
 296     // jdk/internal/reflect/SerializationConstructorAccessor.
 297     // NOTE: this is called too early in the bootstrapping process to be
 298     // guarded by Universe::is_gte_jdk14x_version().
 299     // Also for lambda generated code, gte jdk8

 482       ss->print("Local index %d is invalid", _type.index());
 483       break;
 484     case LOCALS_SIZE_MISMATCH:
 485       ss->print("Current frame's local size doesn't match stackmap.");
 486       break;
 487     case STACK_SIZE_MISMATCH:
 488       ss->print("Current frame's stack size doesn't match stackmap.");
 489       break;
 490     case STACK_OVERFLOW:
 491       ss->print("Exceeded max stack size.");
 492       break;
 493     case STACK_UNDERFLOW:
 494       ss->print("Attempt to pop empty stack.");
 495       break;
 496     case MISSING_STACKMAP:
 497       ss->print("Expected stackmap frame at this location.");
 498       break;
 499     case BAD_STACKMAP:
 500       ss->print("Invalid stackmap specification.");
 501       break;
 502     case WRONG_INLINE_TYPE:
 503       ss->print("Type ");
 504       _type.details(ss);
 505       ss->print(" and type ");
 506       _expected.details(ss);
 507       ss->print(" must be identical inline types.");
 508       break;
 509     case UNKNOWN:
 510     default:
 511       ShouldNotReachHere();
 512       ss->print_cr("Unknown");
 513   }
 514   ss->cr();
 515 }
 516 
 517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 518   if (_bci != -1 && method != NULL) {
 519     streamIndentor si(ss);
 520     const char* bytecode_name = "<invalid>";
 521     if (method->validate_bci(_bci) != -1) {
 522       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 523       if (Bytecodes::is_defined(code)) {
 524           bytecode_name = Bytecodes::name(code);
 525       } else {
 526           bytecode_name = "<illegal>";
 527       }
 528     }

 583     stack_map_frame* sm_frame = sm_table->entries();
 584     streamIndentor si2(ss);
 585     int current_offset = -1;
 586     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 587     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 588       ss->indent();
 589       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 590         sm_frame->print_truncated(ss, current_offset);
 591         return;
 592       }
 593       sm_frame->print_on(ss, current_offset);
 594       ss->cr();
 595       current_offset += sm_frame->offset_delta();
 596       sm_frame = sm_frame->next();
 597     }
 598   }
 599 }
 600 
 601 // Methods in ClassVerifier
 602 
 603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
 604   if (klass->is_inline_klass()) {
 605     return VerificationType::inline_type(klass->name());
 606   } else {
 607     return VerificationType::reference_type(klass->name());
 608   }
 609 }
 610 
 611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 612     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 613       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 614   _this_type = reference_or_inline_type(klass);
 615 }
 616 
 617 ClassVerifier::~ClassVerifier() {
 618   // Decrement the reference count for any symbols created.
 619   if (_symbols != NULL) {
 620     for (int i = 0; i < _symbols->length(); i++) {
 621       Symbol* s = _symbols->at(i);
 622       s->decrement_refcount();
 623     }
 624   }
 625 }
 626 
 627 VerificationType ClassVerifier::object_type() const {
 628   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 629 }
 630 
 631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 632   VerificationType vt = VerificationType::reference_type(
 633                          create_temporary_symbol(sig, (int)strlen(sig)));
 634   return TypeOrigin::implicit(vt);

1038         case Bytecodes::_daload :
1039           type = current_frame.pop_stack(
1040             VerificationType::integer_type(), CHECK_VERIFY(this));
1041           atype = current_frame.pop_stack(
1042             VerificationType::reference_check(), CHECK_VERIFY(this));
1043           if (!atype.is_double_array()) {
1044             verify_error(ErrorContext::bad_type(bci,
1045                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1046                 bad_type_msg, "daload");
1047             return;
1048           }
1049           current_frame.push_stack_2(
1050             VerificationType::double_type(),
1051             VerificationType::double2_type(), CHECK_VERIFY(this));
1052           no_control_flow = false; break;
1053         case Bytecodes::_aaload : {
1054           type = current_frame.pop_stack(
1055             VerificationType::integer_type(), CHECK_VERIFY(this));
1056           atype = current_frame.pop_stack(
1057             VerificationType::reference_check(), CHECK_VERIFY(this));
1058           if (!atype.is_nonscalar_array()) {
1059             verify_error(ErrorContext::bad_type(bci,
1060                 current_frame.stack_top_ctx(),
1061                 TypeOrigin::implicit(VerificationType::reference_check())),
1062                 bad_type_msg, "aaload");
1063             return;
1064           }
1065           if (atype.is_null()) {
1066             current_frame.push_stack(
1067               VerificationType::null_type(), CHECK_VERIFY(this));
1068           } else {
1069             VerificationType component = atype.get_component(this);
1070             current_frame.push_stack(component, CHECK_VERIFY(this));
1071           }
1072           no_control_flow = false; break;
1073         }
1074         case Bytecodes::_istore :
1075           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1076           no_control_flow = false; break;
1077         case Bytecodes::_istore_0 :
1078         case Bytecodes::_istore_1 :

1211             VerificationType::double2_type(),
1212             VerificationType::double_type(), CHECK_VERIFY(this));
1213           current_frame.pop_stack(
1214             VerificationType::integer_type(), CHECK_VERIFY(this));
1215           atype = current_frame.pop_stack(
1216             VerificationType::reference_check(), CHECK_VERIFY(this));
1217           if (!atype.is_double_array()) {
1218             verify_error(ErrorContext::bad_type(bci,
1219                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220                 bad_type_msg, "dastore");
1221             return;
1222           }
1223           no_control_flow = false; break;
1224         case Bytecodes::_aastore :
1225           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226           type2 = current_frame.pop_stack(
1227             VerificationType::integer_type(), CHECK_VERIFY(this));
1228           atype = current_frame.pop_stack(
1229             VerificationType::reference_check(), CHECK_VERIFY(this));
1230           // more type-checking is done at runtime
1231           if (!atype.is_nonscalar_array()) {
1232             verify_error(ErrorContext::bad_type(bci,
1233                 current_frame.stack_top_ctx(),
1234                 TypeOrigin::implicit(VerificationType::reference_check())),
1235                 bad_type_msg, "aastore");
1236             return;
1237           }
1238           // 4938384: relaxed constraint in JVMS 3nd edition.
1239           no_control_flow = false; break;
1240         case Bytecodes::_pop :
1241           current_frame.pop_stack(
1242             VerificationType::category1_check(), CHECK_VERIFY(this));
1243           no_control_flow = false; break;
1244         case Bytecodes::_pop2 :
1245           type = current_frame.pop_stack(CHECK_VERIFY(this));
1246           if (type.is_category1()) {
1247             current_frame.pop_stack(
1248               VerificationType::category1_check(), CHECK_VERIFY(this));
1249           } else if (type.is_category2_2nd()) {
1250             current_frame.pop_stack(
1251               VerificationType::category2_check(), CHECK_VERIFY(this));

1611         case Bytecodes::_if_icmpgt:
1612         case Bytecodes::_if_icmple:
1613           current_frame.pop_stack(
1614             VerificationType::integer_type(), CHECK_VERIFY(this));
1615           // fall through
1616         case Bytecodes::_ifeq:
1617         case Bytecodes::_ifne:
1618         case Bytecodes::_iflt:
1619         case Bytecodes::_ifge:
1620         case Bytecodes::_ifgt:
1621         case Bytecodes::_ifle:
1622           current_frame.pop_stack(
1623             VerificationType::integer_type(), CHECK_VERIFY(this));
1624           target = bcs.dest();
1625           stackmap_table.check_jump_target(
1626             &current_frame, target, CHECK_VERIFY(this));
1627           no_control_flow = false; break;
1628         case Bytecodes::_if_acmpeq :
1629         case Bytecodes::_if_acmpne :
1630           current_frame.pop_stack(
1631             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1632           // fall through
1633         case Bytecodes::_ifnull :
1634         case Bytecodes::_ifnonnull :
1635           current_frame.pop_stack(
1636             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1637           target = bcs.dest();
1638           stackmap_table.check_jump_target
1639             (&current_frame, target, CHECK_VERIFY(this));
1640           no_control_flow = false; break;
1641         case Bytecodes::_goto :
1642           target = bcs.dest();
1643           stackmap_table.check_jump_target(
1644             &current_frame, target, CHECK_VERIFY(this));
1645           no_control_flow = true; break;
1646         case Bytecodes::_goto_w :
1647           target = bcs.dest_w();
1648           stackmap_table.check_jump_target(
1649             &current_frame, target, CHECK_VERIFY(this));
1650           no_control_flow = true; break;
1651         case Bytecodes::_tableswitch :
1652         case Bytecodes::_lookupswitch :
1653           verify_switch(
1654             &bcs, code_length, code_data, &current_frame,
1655             &stackmap_table, CHECK_VERIFY(this));
1656           no_control_flow = true; break;

1667             VerificationType::long_type(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_freturn :
1672           type = current_frame.pop_stack(
1673             VerificationType::float_type(), CHECK_VERIFY(this));
1674           verify_return_value(return_type, type, bci,
1675                               &current_frame, CHECK_VERIFY(this));
1676           no_control_flow = true; break;
1677         case Bytecodes::_dreturn :
1678           type2 = current_frame.pop_stack(
1679             VerificationType::double2_type(),  CHECK_VERIFY(this));
1680           type = current_frame.pop_stack(
1681             VerificationType::double_type(), CHECK_VERIFY(this));
1682           verify_return_value(return_type, type, bci,
1683                               &current_frame, CHECK_VERIFY(this));
1684           no_control_flow = true; break;
1685         case Bytecodes::_areturn :
1686           type = current_frame.pop_stack(
1687             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1688           verify_return_value(return_type, type, bci,
1689                               &current_frame, CHECK_VERIFY(this));
1690           no_control_flow = true; break;
1691         case Bytecodes::_return :
1692           if (return_type != VerificationType::bogus_type()) {
1693             verify_error(ErrorContext::bad_code(bci),
1694                          "Method expects a return value");
1695             return;
1696           }
1697           // Make sure "this" has been initialized if current method is an
1698           // <init>.
1699           if (_method->is_object_constructor() &&
1700               current_frame.flag_this_uninit()) {
1701             verify_error(ErrorContext::bad_code(bci),
1702                          "Constructor must call super() or this() "
1703                          "before return");
1704             return;
1705           }
1706           no_control_flow = true; break;
1707         case Bytecodes::_getstatic :
1708         case Bytecodes::_putstatic :
1709           // pass TRUE, operand can be an array type for getstatic/putstatic.
1710           verify_field_instructions(
1711             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1712           no_control_flow = false; break;
1713         case Bytecodes::_getfield :
1714         case Bytecodes::_putfield :
1715           // pass FALSE, operand can't be an array type for getfield/putfield.
1716           verify_field_instructions(
1717             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1718           no_control_flow = false; break;
1719         case Bytecodes::_withfield :
1720           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1721             class_format_error(
1722               "withfield not supported by this class file version (%d.%d), class %s",
1723               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1724             return;
1725           }
1726           // pass FALSE, operand can't be an array type for withfield.
1727           verify_field_instructions(
1728             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1729           no_control_flow = false; break;
1730         case Bytecodes::_invokevirtual :
1731         case Bytecodes::_invokespecial :
1732         case Bytecodes::_invokestatic :




1733         case Bytecodes::_invokeinterface :
1734         case Bytecodes::_invokedynamic :
1735           verify_invoke_instructions(
1736             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1737             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738           no_control_flow = false; break;
1739         case Bytecodes::_new :
1740         {
1741           index = bcs.get_index_u2();
1742           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743           VerificationType new_class_type =
1744             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745           if (!new_class_type.is_object()) {
1746             verify_error(ErrorContext::bad_type(bci,
1747                 TypeOrigin::cp(index, new_class_type)),
1748                 "Illegal new instruction");
1749             return;
1750           }
1751           type = VerificationType::uninitialized_type(bci);
1752           current_frame.push_stack(type, CHECK_VERIFY(this));
1753           no_control_flow = false; break;
1754         }
1755         case Bytecodes::_aconst_init :
1756         {
1757           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1758             class_format_error(
1759               "aconst_init not supported by this class file version (%d.%d), class %s",
1760               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1761             return;
1762           }
1763           index = bcs.get_index_u2();
1764           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1765           VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1766           if (!ref_type.is_object()) {
1767             verify_error(ErrorContext::bad_type(bci,
1768                 TypeOrigin::cp(index, ref_type)),
1769                 "Illegal aconst_init instruction");
1770             return;
1771           }
1772           VerificationType inline_type =
1773             VerificationType::change_ref_to_inline_type(ref_type);
1774           current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1775           no_control_flow = false; break;
1776         }
1777         case Bytecodes::_newarray :
1778           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1779           current_frame.pop_stack(
1780             VerificationType::integer_type(),  CHECK_VERIFY(this));
1781           current_frame.push_stack(type, CHECK_VERIFY(this));
1782           no_control_flow = false; break;
1783         case Bytecodes::_anewarray :
1784           verify_anewarray(
1785             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1786           no_control_flow = false; break;
1787         case Bytecodes::_arraylength :
1788           type = current_frame.pop_stack(
1789             VerificationType::reference_check(), CHECK_VERIFY(this));
1790           if (!(type.is_null() || type.is_array())) {
1791             verify_error(ErrorContext::bad_type(
1792                 bci, current_frame.stack_top_ctx()),
1793                 bad_type_msg, "arraylength");
1794           }
1795           current_frame.push_stack(
1796             VerificationType::integer_type(), CHECK_VERIFY(this));
1797           no_control_flow = false; break;
1798         case Bytecodes::_checkcast :
1799         {
1800           index = bcs.get_index_u2();
1801           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803           VerificationType klass_type = cp_index_to_type(
1804             index, cp, CHECK_VERIFY(this));
1805           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1806           no_control_flow = false; break;
1807         }
1808         case Bytecodes::_instanceof : {
1809           index = bcs.get_index_u2();
1810           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812           current_frame.push_stack(
1813             VerificationType::integer_type(), CHECK_VERIFY(this));
1814           no_control_flow = false; break;
1815         }
1816         case Bytecodes::_monitorenter :
1817         case Bytecodes::_monitorexit : {
1818           VerificationType ref = current_frame.pop_stack(
1819             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1820           no_control_flow = false; break;
1821         }
1822         case Bytecodes::_multianewarray :
1823         {
1824           index = bcs.get_index_u2();
1825           u2 dim = *(bcs.bcp()+3);
1826           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1827           VerificationType new_array_type =
1828             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1829           if (!new_array_type.is_array()) {
1830             verify_error(ErrorContext::bad_type(bci,
1831                 TypeOrigin::cp(index, new_array_type)),
1832                 "Illegal constant pool index in multianewarray instruction");
1833             return;
1834           }
1835           if (dim < 1 || new_array_type.dimensions() < dim) {
1836             verify_error(ErrorContext::bad_code(bci),
1837                 "Illegal dimension in multianewarray instruction: %d", dim);
1838             return;
1839           }
1840           for (int i = 0; i < dim; i++) {
1841             current_frame.pop_stack(

2066   int nconstants = cp->length();
2067   if ((index <= 0) || (index >= nconstants)) {
2068     verify_error(ErrorContext::bad_cp_index(bci, index),
2069         "Illegal constant pool index %d in class %s",
2070         index, cp->pool_holder()->external_name());
2071     return;
2072   }
2073 }
2074 
2075 void ClassVerifier::verify_cp_type(
2076     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2077 
2078   // In some situations, bytecode rewriting may occur while we're verifying.
2079   // In this case, a constant pool cache exists and some indices refer to that
2080   // instead.  Be sure we don't pick up such indices by accident.
2081   // We must check was_recursively_verified() before we get here.
2082   guarantee(cp->cache() == NULL, "not rewritten yet");
2083 
2084   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085   unsigned int tag = cp->tag_at(index).value();
2086 
2087   if ((types & (1 << tag)) == 0) {
2088     verify_error(ErrorContext::bad_cp_index(bci, index),
2089       "Illegal type at constant pool entry %d in class %s",
2090       index, cp->pool_holder()->external_name());
2091     return;
2092   }
2093 }
2094 
2095 void ClassVerifier::verify_cp_class_type(
2096     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2097   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2098   constantTag tag = cp->tag_at(index);
2099   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2100     verify_error(ErrorContext::bad_cp_index(bci, index),
2101         "Illegal type at constant pool entry %d in class %s",
2102         index, cp->pool_holder()->external_name());
2103     return;
2104   }
2105 }
2106 

2181   } else {
2182     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2183     if (member_klass != NULL && fd.is_protected()) {
2184       if (!this_class->is_same_class_package(member_klass)) {
2185         return true;
2186       }
2187     }
2188   }
2189   return false;
2190 }
2191 
2192 void ClassVerifier::verify_ldc(
2193     int opcode, u2 index, StackMapFrame* current_frame,
2194     const constantPoolHandle& cp, u2 bci, TRAPS) {
2195   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2196   constantTag tag = cp->tag_at(index);
2197   unsigned int types = 0;
2198   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2199     if (!tag.is_unresolved_klass()) {
2200       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2201             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2202             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2203             | (1 << JVM_CONSTANT_Dynamic);
2204       // Note:  The class file parser already verified the legality of
2205       // MethodHandle and MethodType constants.
2206       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207     }
2208   } else {
2209     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2210     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2211           | (1 << JVM_CONSTANT_Dynamic);
2212     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213   }
2214   if (tag.is_string()) {
2215     current_frame->push_stack(
2216       VerificationType::reference_type(
2217         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2218   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2219     current_frame->push_stack(
2220       VerificationType::reference_type(
2221         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2356                                               const constantPoolHandle& cp,
2357                                               bool allow_arrays,
2358                                               TRAPS) {
2359   u2 index = bcs->get_index_u2();
2360   verify_cp_type(bcs->bci(), index, cp,
2361       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2362 
2363   // Get field name and signature
2364   Symbol* field_name = cp->name_ref_at(index);
2365   Symbol* field_sig = cp->signature_ref_at(index);
2366   bool is_getfield = false;
2367 
2368   // Field signature was checked in ClassFileParser.
2369   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2370          "Invalid field signature");
2371 
2372   // Get referenced class type
2373   VerificationType ref_class_type = cp_ref_index_to_type(
2374     index, cp, CHECK_VERIFY(this));
2375   if (!ref_class_type.is_object() &&
2376       (!allow_arrays || !ref_class_type.is_array())) {
2377     verify_error(ErrorContext::bad_type(bcs->bci(),
2378         TypeOrigin::cp(index, ref_class_type)),
2379         "Expecting reference to class in class %s at constant pool index %d",
2380         _klass->external_name(), index);
2381     return;
2382   }
2383 
2384   VerificationType target_class_type = ref_class_type;
2385 
2386   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2387         "buffer type must match VerificationType size");
2388   uintptr_t field_type_buffer[2];
2389   VerificationType* field_type = (VerificationType*)field_type_buffer;
2390   // If we make a VerificationType[2] array directly, the compiler calls
2391   // to the c-runtime library to do the allocation instead of just
2392   // stack allocating it.  Plus it would run constructors.  This shows up
2393   // in performance profiles.
2394 
2395   SignatureStream sig_stream(field_sig, false);
2396   VerificationType stack_object_type;
2397   int n = change_sig_to_verificationType(&sig_stream, field_type);
2398   u2 bci = bcs->bci();
2399   bool is_assignable;
2400   switch (bcs->raw_code()) {
2401     case Bytecodes::_getstatic: {
2402       for (int i = 0; i < n; i++) {
2403         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404       }
2405       break;
2406     }
2407     case Bytecodes::_putstatic: {
2408       for (int i = n - 1; i >= 0; i--) {
2409         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2410       }
2411       break;
2412     }
2413     case Bytecodes::_withfield: {
2414       for (int i = n - 1; i >= 0; i--) {
2415         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2416       }
2417       // Check that the receiver is a subtype of the referenced class.
2418       current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2419       VerificationType target_inline_type =
2420         VerificationType::change_ref_to_inline_type(target_class_type);
2421       current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2422       break;
2423     }
2424     case Bytecodes::_getfield: {
2425       is_getfield = true;
2426       stack_object_type = current_frame->pop_stack(
2427         target_class_type, CHECK_VERIFY(this));
2428       goto check_protected;
2429     }
2430     case Bytecodes::_putfield: {
2431       for (int i = n - 1; i >= 0; i--) {
2432         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2433       }
2434       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2435 
2436       // The JVMS 2nd edition allows field initialization before the superclass
2437       // initializer, if the field is defined within the current class.
2438       fieldDescriptor fd;
2439       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2440           target_class_type.equals(current_type()) &&
2441           _klass->find_local_field(field_name, field_sig, &fd)) {
2442         stack_object_type = current_type();
2443       }

2825 bool ClassVerifier::is_same_or_direct_interface(
2826     InstanceKlass* klass,
2827     VerificationType klass_type,
2828     VerificationType ref_class_type) {
2829   if (ref_class_type.equals(klass_type)) return true;
2830   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2831   if (local_interfaces != NULL) {
2832     for (int x = 0; x < local_interfaces->length(); x++) {
2833       InstanceKlass* k = local_interfaces->at(x);
2834       assert (k != NULL && k->is_interface(), "invalid interface");
2835       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2836         return true;
2837       }
2838     }
2839   }
2840   return false;
2841 }
2842 
2843 void ClassVerifier::verify_invoke_instructions(
2844     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2845     bool in_try_block, bool *this_uninit,
2846     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2847   // Make sure the constant pool item is the right type
2848   u2 index = bcs->get_index_u2();
2849   Bytecodes::Code opcode = bcs->raw_code();
2850   unsigned int types = 0;
2851   switch (opcode) {
2852     case Bytecodes::_invokeinterface:
2853       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2854       break;
2855     case Bytecodes::_invokedynamic:
2856       types = 1 << JVM_CONSTANT_InvokeDynamic;
2857       break;
2858     case Bytecodes::_invokespecial:
2859     case Bytecodes::_invokestatic:
2860       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2861         (1 << JVM_CONSTANT_Methodref) :
2862         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2863       break;
2864     default:
2865       types = 1 << JVM_CONSTANT_Methodref;
2866   }
2867   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2868 
2869   // Get method name and signature
2870   Symbol* method_name = cp->name_ref_at(index);
2871   Symbol* method_sig = cp->signature_ref_at(index);
2872 
2873   // Method signature was checked in ClassFileParser.
2874   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2875          "Invalid method signature");
2876 
2877   // Get referenced class
2878   VerificationType ref_class_type;
2879   if (opcode == Bytecodes::_invokedynamic) {
2880     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2881       class_format_error(
2882         "invokedynamic instructions not supported by this class file version (%d), class %s",
2883         _klass->major_version(), _klass->external_name());
2884       return;
2885     }
2886   } else {
2887     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2888   }
2889 
2890   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2891         "buffer type must match VerificationType size");
2892 
2893   // Get the UTF8 index for this signature.
2894   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2895 
2896   // Get the signature's verification types.
2897   sig_as_verification_types* mth_sig_verif_types;

2923           "Inconsistent args count operand in invokeinterface");
2924       return;
2925     }
2926     if (*(bcp+4) != 0) {
2927       verify_error(ErrorContext::bad_code(bci),
2928           "Fourth operand byte of invokeinterface must be zero");
2929       return;
2930     }
2931   }
2932 
2933   if (opcode == Bytecodes::_invokedynamic) {
2934     address bcp = bcs->bcp();
2935     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2936       verify_error(ErrorContext::bad_code(bci),
2937           "Third and fourth operand bytes of invokedynamic must be zero");
2938       return;
2939     }
2940   }
2941 
2942   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2943     // Make sure <init> can only be invoked by invokespecial or invokestatic.
2944     // The allowed invocation mode of <init> depends on its signature.
2945     if ((opcode != Bytecodes::_invokespecial &&
2946          opcode != Bytecodes::_invokestatic) ||
2947         method_name != vmSymbols::object_initializer_name()) {
2948       verify_error(ErrorContext::bad_code(bci),
2949           "Illegal call to internal method");
2950       return;
2951     }
2952   } else if (opcode == Bytecodes::_invokespecial
2953              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2954              && !ref_class_type.equals(VerificationType::reference_type(
2955                   current_class()->super()->name()))) { // super() can never be an inline_type.
2956     bool subtype = false;
2957     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2958     subtype = ref_class_type.is_assignable_from(
2959                current_type(), this, false, CHECK_VERIFY(this));
2960     if (!subtype) {
2961       verify_error(ErrorContext::bad_code(bci),
2962           "Bad invokespecial instruction: "
2963           "current class isn't assignable to reference class.");
2964        return;
2965     } else if (have_imr_indirect) {
2966       verify_error(ErrorContext::bad_code(bci),
2967           "Bad invokespecial instruction: "
2968           "interface method reference is in an indirect superinterface.");
2969       return;
2970     }
2971 
2972   }
2973 
2974   // Get the verification types for the method's arguments.
2975   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2976   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2977   // Match method descriptor with operand stack
2978   // The arguments are on the stack in descending order.
2979   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2980     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2981   }
2982 
2983   // Check objectref on operand stack
2984   if (opcode != Bytecodes::_invokestatic &&
2985       opcode != Bytecodes::_invokedynamic) {
2986     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2987       // (use of <init> as a static factory is handled under invokestatic)
2988       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2989         code_length, in_try_block, this_uninit, cp, stackmap_table,
2990         CHECK_VERIFY(this));
2991       if (was_recursively_verified()) return;
2992     } else {   // other methods
2993       // Ensures that target class is assignable to method class.
2994       if (opcode == Bytecodes::_invokespecial) {
2995         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2996       } else if (opcode == Bytecodes::_invokevirtual) {
2997         VerificationType stack_object_type =
2998           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2999         if (current_type() != stack_object_type) {
3000           if (was_recursively_verified()) return;
3001           assert(cp->cache() == NULL, "not rewritten yet");
3002           Symbol* ref_class_name =
3003             cp->klass_name_at(cp->klass_ref_index_at(index));
3004           // See the comments in verify_field_instructions() for
3005           // the rationale behind this.
3006           if (name_in_supers(ref_class_name, current_class())) {
3007             Klass* ref_class = load_class(ref_class_name, CHECK);

3020                 } else {
3021                   verify_error(ErrorContext::bad_type(bci,
3022                       current_frame->stack_top_ctx(),
3023                       TypeOrigin::implicit(current_type())),
3024                       "Bad access to protected data in invokevirtual");
3025                   return;
3026                 }
3027               }
3028             }
3029           }
3030         }
3031       } else {
3032         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3033         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3034       }
3035     }
3036   }
3037   // Push the result type.
3038   int sig_verif_types_len = sig_verif_types->length();
3039   if (sig_verif_types_len > nargs) {  // There's a return type
3040     if (method_name == vmSymbols::object_initializer_name() &&
3041         opcode != Bytecodes::_invokestatic) {
3042       // an <init> method must have a void return type, unless it's a static factory

3043       verify_error(ErrorContext::bad_code(bci),
3044           "Return type must be void in <init> method");
3045       return;
3046     }
3047 
3048     assert(sig_verif_types_len <= nargs + 2,
3049            "Signature verification types array return type is bogus");
3050     for (int i = nargs; i < sig_verif_types_len; i++) {
3051       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3052              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3053       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3054     }
3055   } else {
3056     // an <init> method may not have a void return type, if it's a static factory
3057     if (method_name == vmSymbols::object_initializer_name() &&
3058         opcode != Bytecodes::_invokespecial) {
3059       verify_error(ErrorContext::bad_code(bci),
3060           "Return type must be non-void in <init> static factory method");
3061       return;
3062     }
3063   }
3064 }
3065 
3066 VerificationType ClassVerifier::get_newarray_type(
3067     u2 index, u2 bci, TRAPS) {
3068   const char* from_bt[] = {
3069     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3070   };
3071   if (index < T_BOOLEAN || index > T_LONG) {
3072     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3073     return VerificationType::bogus_type();
3074   }
3075 
3076   // from_bt[index] contains the array signature which has a length of 2
3077   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3078   return VerificationType::reference_type(sig);
3079 }
3080 
3081 void ClassVerifier::verify_anewarray(
3082     u2 bci, u2 index, const constantPoolHandle& cp,

3090     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3091   int length;
3092   char* arr_sig_str;
3093   if (component_type.is_array()) {     // it's an array
3094     const char* component_name = component_type.name()->as_utf8();
3095     // Check for more than MAX_ARRAY_DIMENSIONS
3096     length = (int)strlen(component_name);
3097     if (length > MAX_ARRAY_DIMENSIONS &&
3098         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3099       verify_error(ErrorContext::bad_code(bci),
3100         "Illegal anewarray instruction, array has more than 255 dimensions");
3101     }
3102     // add one dimension to component
3103     length++;
3104     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3105     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3106                          JVM_SIGNATURE_ARRAY, component_name);
3107     assert(n == length, "Unexpected number of characters in string");
3108   } else {         // it's an object or interface
3109     const char* component_name = component_type.name()->as_utf8();
3110     char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_PRIMITIVE_OBJECT : JVM_SIGNATURE_CLASS;
3111     // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3112     length = (int)strlen(component_name) + 3;
3113     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3114     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3115                          JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3116     assert(n == length, "Unexpected number of characters in string");
3117   }
3118   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3119   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3120   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3121 }
3122 
3123 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3124   current_frame->get_local(
3125     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3126   current_frame->push_stack(
3127     VerificationType::integer_type(), CHECK_VERIFY(this));
3128 }
3129 
3130 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3131   current_frame->get_local_2(
3132     index, VerificationType::long_type(),
3133     VerificationType::long2_type(), CHECK_VERIFY(this));
3134   current_frame->push_stack_2(
3135     VerificationType::long_type(),

3137 }
3138 
3139 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3140   current_frame->get_local(
3141     index, VerificationType::float_type(), CHECK_VERIFY(this));
3142   current_frame->push_stack(
3143     VerificationType::float_type(), CHECK_VERIFY(this));
3144 }
3145 
3146 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3147   current_frame->get_local_2(
3148     index, VerificationType::double_type(),
3149     VerificationType::double2_type(), CHECK_VERIFY(this));
3150   current_frame->push_stack_2(
3151     VerificationType::double_type(),
3152     VerificationType::double2_type(), CHECK_VERIFY(this));
3153 }
3154 
3155 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3156   VerificationType type = current_frame->get_local(
3157     index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3158   current_frame->push_stack(type, CHECK_VERIFY(this));
3159 }
3160 
3161 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3162   current_frame->pop_stack(
3163     VerificationType::integer_type(), CHECK_VERIFY(this));
3164   current_frame->set_local(
3165     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3166 }
3167 
3168 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3169   current_frame->pop_stack_2(
3170     VerificationType::long2_type(),
3171     VerificationType::long_type(), CHECK_VERIFY(this));
3172   current_frame->set_local_2(
3173     index, VerificationType::long_type(),
3174     VerificationType::long2_type(), CHECK_VERIFY(this));
3175 }
3176 
3177 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3178   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3179   current_frame->set_local(
3180     index, VerificationType::float_type(), CHECK_VERIFY(this));
3181 }
3182 
3183 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3184   current_frame->pop_stack_2(
3185     VerificationType::double2_type(),
3186     VerificationType::double_type(), CHECK_VERIFY(this));
3187   current_frame->set_local_2(
3188     index, VerificationType::double_type(),
3189     VerificationType::double2_type(), CHECK_VERIFY(this));
3190 }
3191 
3192 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3193   VerificationType type = current_frame->pop_stack(
3194     VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3195   current_frame->set_local(index, type, CHECK_VERIFY(this));
3196 }
3197 
3198 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3199   VerificationType type = current_frame->get_local(
3200     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3201   current_frame->set_local(index, type, CHECK_VERIFY(this));
3202 }
3203 
3204 void ClassVerifier::verify_return_value(
3205     VerificationType return_type, VerificationType type, u2 bci,
3206     StackMapFrame* current_frame, TRAPS) {
3207   if (return_type == VerificationType::bogus_type()) {
3208     verify_error(ErrorContext::bad_type(bci,
3209         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3210         "Method does not expect a return value");
3211     return;
3212   }
3213   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3214   if (!match) {
< prev index next >