48 #include "oops/instanceKlass.inline.hpp"
49 #include "oops/klass.inline.hpp"
50 #include "oops/oop.inline.hpp"
51 #include "oops/typeArrayOop.hpp"
52 #include "runtime/arguments.hpp"
53 #include "runtime/fieldDescriptor.hpp"
54 #include "runtime/handles.inline.hpp"
55 #include "runtime/interfaceSupport.inline.hpp"
56 #include "runtime/javaCalls.hpp"
57 #include "runtime/javaThread.hpp"
58 #include "runtime/jniHandles.inline.hpp"
59 #include "runtime/os.hpp"
60 #include "runtime/safepointVerifiers.hpp"
61 #include "services/threadService.hpp"
62 #include "utilities/align.hpp"
63 #include "utilities/bytes.hpp"
64
65 #define NOFAILOVER_MAJOR_VERSION 51
66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
68 #define MAX_ARRAY_DIMENSIONS 255
69
70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
71
72 extern "C" {
73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
74 }
75
76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
77
78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
79
80 if (_verify_byte_codes_fn != nullptr)
81 return _verify_byte_codes_fn;
82
83 MutexLocker locker(Verify_lock);
84
85 if (_verify_byte_codes_fn != nullptr)
86 return _verify_byte_codes_fn;
87
266 kls = kls->super();
267 }
268 if (message_buffer != nullptr) {
269 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
270 }
271 assert(exception_message != nullptr, "");
272 THROW_MSG_(exception_name, exception_message, false);
273 }
274 }
275
276 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
277 Symbol* name = klass->name();
278 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
279
280 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
281 klass->is_subtype_of(refl_serialization_ctor_klass);
282
283 return (should_verify_for(klass->class_loader(), should_verify_class) &&
284 // return if the class is a bootstrapping class
285 // or defineClass specified not to verify by default (flags override passed arg)
286 // We need to skip the following four for bootstraping
287 name != vmSymbols::java_lang_Object() &&
288 name != vmSymbols::java_lang_Class() &&
289 name != vmSymbols::java_lang_String() &&
290 name != vmSymbols::java_lang_Throwable() &&
291
292 // Can not verify the bytecodes for shared classes because they have
293 // already been rewritten to contain constant pool cache indices,
294 // which the verifier can't understand.
295 // Shared classes shouldn't have stackmaps either.
296 // However, bytecodes for shared old classes can be verified because
297 // they have not been rewritten.
298 !(klass->is_shared() && klass->is_rewritten()) &&
299
300 // As of the fix for 4486457 we disable verification for all of the
301 // dynamically-generated bytecodes associated with
302 // jdk/internal/reflect/SerializationConstructorAccessor.
303 (!is_reflect_accessor));
304 }
305
306 Symbol* Verifier::inference_verify(
485 ss->print("Local index %d is invalid", _type.index());
486 break;
487 case LOCALS_SIZE_MISMATCH:
488 ss->print("Current frame's local size doesn't match stackmap.");
489 break;
490 case STACK_SIZE_MISMATCH:
491 ss->print("Current frame's stack size doesn't match stackmap.");
492 break;
493 case STACK_OVERFLOW:
494 ss->print("Exceeded max stack size.");
495 break;
496 case STACK_UNDERFLOW:
497 ss->print("Attempt to pop empty stack.");
498 break;
499 case MISSING_STACKMAP:
500 ss->print("Expected stackmap frame at this location.");
501 break;
502 case BAD_STACKMAP:
503 ss->print("Invalid stackmap specification.");
504 break;
505 case UNKNOWN:
506 default:
507 ShouldNotReachHere();
508 ss->print_cr("Unknown");
509 }
510 ss->cr();
511 }
512
513 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
514 if (_bci != -1 && method != nullptr) {
515 streamIndentor si(ss);
516 const char* bytecode_name = "<invalid>";
517 if (method->validate_bci(_bci) != -1) {
518 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
519 if (Bytecodes::is_defined(code)) {
520 bytecode_name = Bytecodes::name(code);
521 } else {
522 bytecode_name = "<illegal>";
523 }
524 }
605 ClassVerifier::~ClassVerifier() {
606 // Decrement the reference count for any symbols created.
607 if (_symbols != nullptr) {
608 for (int i = 0; i < _symbols->length(); i++) {
609 Symbol* s = _symbols->at(i);
610 s->decrement_refcount();
611 }
612 }
613 }
614
615 VerificationType ClassVerifier::object_type() const {
616 return VerificationType::reference_type(vmSymbols::java_lang_Object());
617 }
618
619 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
620 VerificationType vt = VerificationType::reference_type(
621 create_temporary_symbol(sig, (int)strlen(sig)));
622 return TypeOrigin::implicit(vt);
623 }
624
625
626 void ClassVerifier::verify_class(TRAPS) {
627 log_info(verification)("Verifying class %s with new format", _klass->external_name());
628
629 // Either verifying both local and remote classes or just remote classes.
630 assert(BytecodeVerificationRemote, "Should not be here");
631
632 Array<Method*>* methods = _klass->methods();
633 int num_methods = methods->length();
634
635 for (int index = 0; index < num_methods; index++) {
636 // Check for recursive re-verification before each method.
637 if (was_recursively_verified()) return;
638
639 Method* m = methods->at(index);
640 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
641 // If m is native or abstract, skip it. It is checked in class file
642 // parser that methods do not override a final method. Overpass methods
643 // are trusted since the VM generates them.
644 continue;
1672 VerificationType::double2_type(), CHECK_VERIFY(this));
1673 type = current_frame.pop_stack(
1674 VerificationType::double_type(), CHECK_VERIFY(this));
1675 verify_return_value(return_type, type, bci,
1676 ¤t_frame, CHECK_VERIFY(this));
1677 no_control_flow = true; break;
1678 case Bytecodes::_areturn :
1679 type = current_frame.pop_stack(
1680 VerificationType::reference_check(), CHECK_VERIFY(this));
1681 verify_return_value(return_type, type, bci,
1682 ¤t_frame, CHECK_VERIFY(this));
1683 no_control_flow = true; break;
1684 case Bytecodes::_return :
1685 if (return_type != VerificationType::bogus_type()) {
1686 verify_error(ErrorContext::bad_code(bci),
1687 "Method expects a return value");
1688 return;
1689 }
1690 // Make sure "this" has been initialized if current method is an
1691 // <init>.
1692 if (_method->name() == vmSymbols::object_initializer_name() &&
1693 current_frame.flag_this_uninit()) {
1694 verify_error(ErrorContext::bad_code(bci),
1695 "Constructor must call super() or this() "
1696 "before return");
1697 return;
1698 }
1699 no_control_flow = true; break;
1700 case Bytecodes::_getstatic :
1701 case Bytecodes::_putstatic :
1702 // pass TRUE, operand can be an array type for getstatic/putstatic.
1703 verify_field_instructions(
1704 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_getfield :
1707 case Bytecodes::_putfield :
1708 // pass FALSE, operand can't be an array type for getfield/putfield.
1709 verify_field_instructions(
1710 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1711 no_control_flow = false; break;
1712 case Bytecodes::_invokevirtual :
1713 case Bytecodes::_invokespecial :
1714 case Bytecodes::_invokestatic :
1715 verify_invoke_instructions(
1716 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1717 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_invokeinterface :
1720 case Bytecodes::_invokedynamic :
1721 verify_invoke_instructions(
1722 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1723 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1724 no_control_flow = false; break;
1725 case Bytecodes::_new :
1726 {
1727 u2 index = bcs.get_index_u2();
1728 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1729 VerificationType new_class_type =
1730 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1731 if (!new_class_type.is_object()) {
1732 verify_error(ErrorContext::bad_type(bci,
1733 TypeOrigin::cp(index, new_class_type)),
1734 "Illegal new instruction");
1735 return;
1736 }
1737 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1738 current_frame.push_stack(type, CHECK_VERIFY(this));
1739 no_control_flow = false; break;
1740 }
1741 case Bytecodes::_newarray :
1742 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1743 current_frame.pop_stack(
1761 no_control_flow = false; break;
1762 case Bytecodes::_checkcast :
1763 {
1764 u2 index = bcs.get_index_u2();
1765 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767 VerificationType klass_type = cp_index_to_type(
1768 index, cp, CHECK_VERIFY(this));
1769 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 }
1772 case Bytecodes::_instanceof : {
1773 u2 index = bcs.get_index_u2();
1774 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1775 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1776 current_frame.push_stack(
1777 VerificationType::integer_type(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 }
1780 case Bytecodes::_monitorenter :
1781 case Bytecodes::_monitorexit :
1782 current_frame.pop_stack(
1783 VerificationType::reference_check(), CHECK_VERIFY(this));
1784 no_control_flow = false; break;
1785 case Bytecodes::_multianewarray :
1786 {
1787 u2 index = bcs.get_index_u2();
1788 u2 dim = *(bcs.bcp()+3);
1789 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1790 VerificationType new_array_type =
1791 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1792 if (!new_array_type.is_array()) {
1793 verify_error(ErrorContext::bad_type(bci,
1794 TypeOrigin::cp(index, new_array_type)),
1795 "Illegal constant pool index in multianewarray instruction");
1796 return;
1797 }
1798 if (dim < 1 || new_array_type.dimensions() < dim) {
1799 verify_error(ErrorContext::bad_code(bci),
1800 "Illegal dimension in multianewarray instruction: %d", dim);
1801 return;
1802 }
1803 for (int i = 0; i < dim; i++) {
1804 current_frame.pop_stack(
2029 int nconstants = cp->length();
2030 if ((index <= 0) || (index >= nconstants)) {
2031 verify_error(ErrorContext::bad_cp_index(bci, index),
2032 "Illegal constant pool index %d in class %s",
2033 index, cp->pool_holder()->external_name());
2034 return;
2035 }
2036 }
2037
2038 void ClassVerifier::verify_cp_type(
2039 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2040
2041 // In some situations, bytecode rewriting may occur while we're verifying.
2042 // In this case, a constant pool cache exists and some indices refer to that
2043 // instead. Be sure we don't pick up such indices by accident.
2044 // We must check was_recursively_verified() before we get here.
2045 guarantee(cp->cache() == nullptr, "not rewritten yet");
2046
2047 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2048 unsigned int tag = cp->tag_at(index).value();
2049 if ((types & (1 << tag)) == 0) {
2050 verify_error(ErrorContext::bad_cp_index(bci, index),
2051 "Illegal type at constant pool entry %d in class %s",
2052 index, cp->pool_holder()->external_name());
2053 return;
2054 }
2055 }
2056
2057 void ClassVerifier::verify_cp_class_type(
2058 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2059 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2060 constantTag tag = cp->tag_at(index);
2061 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2062 verify_error(ErrorContext::bad_cp_index(bci, index),
2063 "Illegal type at constant pool entry %d in class %s",
2064 index, cp->pool_holder()->external_name());
2065 return;
2066 }
2067 }
2068
2143 } else {
2144 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2145 if (member_klass != nullptr && fd.is_protected()) {
2146 if (!this_class->is_same_class_package(member_klass)) {
2147 return true;
2148 }
2149 }
2150 }
2151 return false;
2152 }
2153
2154 void ClassVerifier::verify_ldc(
2155 int opcode, u2 index, StackMapFrame* current_frame,
2156 const constantPoolHandle& cp, int bci, TRAPS) {
2157 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2158 constantTag tag = cp->tag_at(index);
2159 unsigned int types = 0;
2160 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2161 if (!tag.is_unresolved_klass()) {
2162 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2163 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2164 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2165 | (1 << JVM_CONSTANT_Dynamic);
2166 // Note: The class file parser already verified the legality of
2167 // MethodHandle and MethodType constants.
2168 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2169 }
2170 } else {
2171 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2172 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2173 | (1 << JVM_CONSTANT_Dynamic);
2174 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2175 }
2176 if (tag.is_string()) {
2177 current_frame->push_stack(
2178 VerificationType::reference_type(
2179 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2180 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2181 current_frame->push_stack(
2182 VerificationType::reference_type(
2183 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2319 const constantPoolHandle& cp,
2320 bool allow_arrays,
2321 TRAPS) {
2322 u2 index = bcs->get_index_u2();
2323 verify_cp_type(bcs->bci(), index, cp,
2324 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2325
2326 // Get field name and signature
2327 Symbol* field_name = cp->uncached_name_ref_at(index);
2328 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2329 bool is_getfield = false;
2330
2331 // Field signature was checked in ClassFileParser.
2332 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2333 "Invalid field signature");
2334
2335 // Get referenced class type
2336 VerificationType ref_class_type = cp_ref_index_to_type(
2337 index, cp, CHECK_VERIFY(this));
2338 if (!ref_class_type.is_object() &&
2339 (!allow_arrays || !ref_class_type.is_array())) {
2340 verify_error(ErrorContext::bad_type(bcs->bci(),
2341 TypeOrigin::cp(index, ref_class_type)),
2342 "Expecting reference to class in class %s at constant pool index %d",
2343 _klass->external_name(), index);
2344 return;
2345 }
2346 VerificationType target_class_type = ref_class_type;
2347
2348 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2349 "buffer type must match VerificationType size");
2350 uintptr_t field_type_buffer[2];
2351 VerificationType* field_type = (VerificationType*)field_type_buffer;
2352 // If we make a VerificationType[2] array directly, the compiler calls
2353 // to the c-runtime library to do the allocation instead of just
2354 // stack allocating it. Plus it would run constructors. This shows up
2355 // in performance profiles.
2356
2357 SignatureStream sig_stream(field_sig, false);
2358 VerificationType stack_object_type;
2359 int n = change_sig_to_verificationType(&sig_stream, field_type);
2360 int bci = bcs->bci();
2361 bool is_assignable;
2362 switch (bcs->raw_code()) {
2363 case Bytecodes::_getstatic: {
2364 for (int i = 0; i < n; i++) {
2365 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2367 break;
2368 }
2369 case Bytecodes::_putstatic: {
2370 for (int i = n - 1; i >= 0; i--) {
2371 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2372 }
2373 break;
2374 }
2375 case Bytecodes::_getfield: {
2376 is_getfield = true;
2377 stack_object_type = current_frame->pop_stack(
2378 target_class_type, CHECK_VERIFY(this));
2379 goto check_protected;
2380 }
2381 case Bytecodes::_putfield: {
2382 for (int i = n - 1; i >= 0; i--) {
2383 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2384 }
2385 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2386
2387 // The JVMS 2nd edition allows field initialization before the superclass
2388 // initializer, if the field is defined within the current class.
2389 fieldDescriptor fd;
2390 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2391 target_class_type.equals(current_type()) &&
2392 _klass->find_local_field(field_name, field_sig, &fd)) {
2393 stack_object_type = current_type();
2394 }
2395 is_assignable = target_class_type.is_assignable_from(
2396 stack_object_type, this, false, CHECK_VERIFY(this));
2397 if (!is_assignable) {
2398 verify_error(ErrorContext::bad_type(bci,
2399 current_frame->stack_top_ctx(),
2400 TypeOrigin::cp(index, target_class_type)),
2401 "Bad type on operand stack in putfield");
2402 return;
2403 }
2404 }
2405 check_protected: {
2406 if (_this_type == stack_object_type)
2407 break; // stack_object_type must be assignable to _current_class_type
2408 if (was_recursively_verified()) {
2409 if (is_getfield) {
2410 // Push field type for getfield.
2411 for (int i = 0; i < n; i++) {
2412 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2413 }
2778 bool ClassVerifier::is_same_or_direct_interface(
2779 InstanceKlass* klass,
2780 VerificationType klass_type,
2781 VerificationType ref_class_type) {
2782 if (ref_class_type.equals(klass_type)) return true;
2783 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2784 if (local_interfaces != nullptr) {
2785 for (int x = 0; x < local_interfaces->length(); x++) {
2786 InstanceKlass* k = local_interfaces->at(x);
2787 assert (k != nullptr && k->is_interface(), "invalid interface");
2788 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2789 return true;
2790 }
2791 }
2792 }
2793 return false;
2794 }
2795
2796 void ClassVerifier::verify_invoke_instructions(
2797 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2798 bool in_try_block, bool *this_uninit, VerificationType return_type,
2799 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2800 // Make sure the constant pool item is the right type
2801 u2 index = bcs->get_index_u2();
2802 Bytecodes::Code opcode = bcs->raw_code();
2803 unsigned int types = 0;
2804 switch (opcode) {
2805 case Bytecodes::_invokeinterface:
2806 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2807 break;
2808 case Bytecodes::_invokedynamic:
2809 types = 1 << JVM_CONSTANT_InvokeDynamic;
2810 break;
2811 case Bytecodes::_invokespecial:
2812 case Bytecodes::_invokestatic:
2813 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2814 (1 << JVM_CONSTANT_Methodref) :
2815 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2816 break;
2817 default:
2818 types = 1 << JVM_CONSTANT_Methodref;
2819 }
2820 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2821
2822 // Get method name and signature
2823 Symbol* method_name = cp->uncached_name_ref_at(index);
2824 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2825
2826 // Method signature was checked in ClassFileParser.
2827 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2828 "Invalid method signature");
2829
2830 // Get referenced class type
2831 VerificationType ref_class_type;
2832 if (opcode == Bytecodes::_invokedynamic) {
2833 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2834 class_format_error(
2835 "invokedynamic instructions not supported by this class file version (%d), class %s",
2836 _klass->major_version(), _klass->external_name());
2837 return;
2838 }
2839 } else {
2840 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2841 }
2842
2843 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2844 "buffer type must match VerificationType size");
2845
2846 // Get the UTF8 index for this signature.
2847 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2848
2849 // Get the signature's verification types.
2850 sig_as_verification_types* mth_sig_verif_types;
2876 "Inconsistent args count operand in invokeinterface");
2877 return;
2878 }
2879 if (*(bcp+4) != 0) {
2880 verify_error(ErrorContext::bad_code(bci),
2881 "Fourth operand byte of invokeinterface must be zero");
2882 return;
2883 }
2884 }
2885
2886 if (opcode == Bytecodes::_invokedynamic) {
2887 address bcp = bcs->bcp();
2888 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2889 verify_error(ErrorContext::bad_code(bci),
2890 "Third and fourth operand bytes of invokedynamic must be zero");
2891 return;
2892 }
2893 }
2894
2895 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2896 // Make sure <init> can only be invoked by invokespecial
2897 if (opcode != Bytecodes::_invokespecial ||
2898 method_name != vmSymbols::object_initializer_name()) {
2899 verify_error(ErrorContext::bad_code(bci),
2900 "Illegal call to internal method");
2901 return;
2902 }
2903 } else if (opcode == Bytecodes::_invokespecial
2904 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2905 && !ref_class_type.equals(VerificationType::reference_type(
2906 current_class()->super()->name()))) {
2907 bool subtype = false;
2908 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2909 subtype = ref_class_type.is_assignable_from(
2910 current_type(), this, false, CHECK_VERIFY(this));
2911 if (!subtype) {
2912 verify_error(ErrorContext::bad_code(bci),
2913 "Bad invokespecial instruction: "
2914 "current class isn't assignable to reference class.");
2915 return;
2916 } else if (have_imr_indirect) {
2917 verify_error(ErrorContext::bad_code(bci),
2918 "Bad invokespecial instruction: "
2919 "interface method reference is in an indirect superinterface.");
2920 return;
2921 }
2922
2923 }
2924
2925 // Get the verification types for the method's arguments.
2926 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2971 verify_error(ErrorContext::bad_type(bci,
2972 current_frame->stack_top_ctx(),
2973 TypeOrigin::implicit(current_type())),
2974 "Bad access to protected data in invokevirtual");
2975 return;
2976 }
2977 }
2978 }
2979 }
2980 }
2981 } else {
2982 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2983 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2984 }
2985 }
2986 }
2987 // Push the result type.
2988 int sig_verif_types_len = sig_verif_types->length();
2989 if (sig_verif_types_len > nargs) { // There's a return type
2990 if (method_name == vmSymbols::object_initializer_name()) {
2991 // <init> method must have a void return type
2992 /* Unreachable? Class file parser verifies that methods with '<' have
2993 * void return */
2994 verify_error(ErrorContext::bad_code(bci),
2995 "Return type must be void in <init> method");
2996 return;
2997 }
2998
2999 assert(sig_verif_types_len <= nargs + 2,
3000 "Signature verification types array return type is bogus");
3001 for (int i = nargs; i < sig_verif_types_len; i++) {
3002 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3003 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3004 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3005 }
3006 }
3007 }
3008
3009 VerificationType ClassVerifier::get_newarray_type(
3010 u2 index, int bci, TRAPS) {
3011 const char* from_bt[] = {
3012 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3013 };
|
48 #include "oops/instanceKlass.inline.hpp"
49 #include "oops/klass.inline.hpp"
50 #include "oops/oop.inline.hpp"
51 #include "oops/typeArrayOop.hpp"
52 #include "runtime/arguments.hpp"
53 #include "runtime/fieldDescriptor.hpp"
54 #include "runtime/handles.inline.hpp"
55 #include "runtime/interfaceSupport.inline.hpp"
56 #include "runtime/javaCalls.hpp"
57 #include "runtime/javaThread.hpp"
58 #include "runtime/jniHandles.inline.hpp"
59 #include "runtime/os.hpp"
60 #include "runtime/safepointVerifiers.hpp"
61 #include "services/threadService.hpp"
62 #include "utilities/align.hpp"
63 #include "utilities/bytes.hpp"
64
65 #define NOFAILOVER_MAJOR_VERSION 51
66 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
67 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
68 #define INLINE_TYPE_MAJOR_VERSION 56
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
267 kls = kls->super();
268 }
269 if (message_buffer != nullptr) {
270 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
271 }
272 assert(exception_message != nullptr, "");
273 THROW_MSG_(exception_name, exception_message, false);
274 }
275 }
276
277 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
278 Symbol* name = klass->name();
279 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
280
281 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
282 klass->is_subtype_of(refl_serialization_ctor_klass);
283
284 return (should_verify_for(klass->class_loader(), should_verify_class) &&
285 // return if the class is a bootstrapping class
286 // or defineClass specified not to verify by default (flags override passed arg)
287 // We need to skip the following four for bootstrapping
288 name != vmSymbols::java_lang_Object() &&
289 name != vmSymbols::java_lang_Class() &&
290 name != vmSymbols::java_lang_String() &&
291 name != vmSymbols::java_lang_Throwable() &&
292
293 // Can not verify the bytecodes for shared classes because they have
294 // already been rewritten to contain constant pool cache indices,
295 // which the verifier can't understand.
296 // Shared classes shouldn't have stackmaps either.
297 // However, bytecodes for shared old classes can be verified because
298 // they have not been rewritten.
299 !(klass->is_shared() && klass->is_rewritten()) &&
300
301 // As of the fix for 4486457 we disable verification for all of the
302 // dynamically-generated bytecodes associated with
303 // jdk/internal/reflect/SerializationConstructorAccessor.
304 (!is_reflect_accessor));
305 }
306
307 Symbol* Verifier::inference_verify(
486 ss->print("Local index %d is invalid", _type.index());
487 break;
488 case LOCALS_SIZE_MISMATCH:
489 ss->print("Current frame's local size doesn't match stackmap.");
490 break;
491 case STACK_SIZE_MISMATCH:
492 ss->print("Current frame's stack size doesn't match stackmap.");
493 break;
494 case STACK_OVERFLOW:
495 ss->print("Exceeded max stack size.");
496 break;
497 case STACK_UNDERFLOW:
498 ss->print("Attempt to pop empty stack.");
499 break;
500 case MISSING_STACKMAP:
501 ss->print("Expected stackmap frame at this location.");
502 break;
503 case BAD_STACKMAP:
504 ss->print("Invalid stackmap specification.");
505 break;
506 case WRONG_INLINE_TYPE:
507 ss->print("Type ");
508 _type.details(ss);
509 ss->print(" and type ");
510 _expected.details(ss);
511 ss->print(" must be identical inline types.");
512 break;
513 case UNKNOWN:
514 default:
515 ShouldNotReachHere();
516 ss->print_cr("Unknown");
517 }
518 ss->cr();
519 }
520
521 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
522 if (_bci != -1 && method != nullptr) {
523 streamIndentor si(ss);
524 const char* bytecode_name = "<invalid>";
525 if (method->validate_bci(_bci) != -1) {
526 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
527 if (Bytecodes::is_defined(code)) {
528 bytecode_name = Bytecodes::name(code);
529 } else {
530 bytecode_name = "<illegal>";
531 }
532 }
613 ClassVerifier::~ClassVerifier() {
614 // Decrement the reference count for any symbols created.
615 if (_symbols != nullptr) {
616 for (int i = 0; i < _symbols->length(); i++) {
617 Symbol* s = _symbols->at(i);
618 s->decrement_refcount();
619 }
620 }
621 }
622
623 VerificationType ClassVerifier::object_type() const {
624 return VerificationType::reference_type(vmSymbols::java_lang_Object());
625 }
626
627 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
628 VerificationType vt = VerificationType::reference_type(
629 create_temporary_symbol(sig, (int)strlen(sig)));
630 return TypeOrigin::implicit(vt);
631 }
632
633 static bool supports_strict_fields(InstanceKlass* klass) {
634 int ver = klass->major_version();
635 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
636 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
637 }
638
639 void ClassVerifier::verify_class(TRAPS) {
640 log_info(verification)("Verifying class %s with new format", _klass->external_name());
641
642 // Either verifying both local and remote classes or just remote classes.
643 assert(BytecodeVerificationRemote, "Should not be here");
644
645 Array<Method*>* methods = _klass->methods();
646 int num_methods = methods->length();
647
648 for (int index = 0; index < num_methods; index++) {
649 // Check for recursive re-verification before each method.
650 if (was_recursively_verified()) return;
651
652 Method* m = methods->at(index);
653 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
654 // If m is native or abstract, skip it. It is checked in class file
655 // parser that methods do not override a final method. Overpass methods
656 // are trusted since the VM generates them.
657 continue;
1685 VerificationType::double2_type(), CHECK_VERIFY(this));
1686 type = current_frame.pop_stack(
1687 VerificationType::double_type(), CHECK_VERIFY(this));
1688 verify_return_value(return_type, type, bci,
1689 ¤t_frame, CHECK_VERIFY(this));
1690 no_control_flow = true; break;
1691 case Bytecodes::_areturn :
1692 type = current_frame.pop_stack(
1693 VerificationType::reference_check(), CHECK_VERIFY(this));
1694 verify_return_value(return_type, type, bci,
1695 ¤t_frame, CHECK_VERIFY(this));
1696 no_control_flow = true; break;
1697 case Bytecodes::_return :
1698 if (return_type != VerificationType::bogus_type()) {
1699 verify_error(ErrorContext::bad_code(bci),
1700 "Method expects a return value");
1701 return;
1702 }
1703 // Make sure "this" has been initialized if current method is an
1704 // <init>.
1705 if (_method->is_object_constructor() &&
1706 current_frame.flag_this_uninit()) {
1707 verify_error(ErrorContext::bad_code(bci),
1708 "Constructor must call super() or this() "
1709 "before return");
1710 return;
1711 }
1712 no_control_flow = true; break;
1713 case Bytecodes::_getstatic :
1714 case Bytecodes::_putstatic :
1715 // pass TRUE, operand can be an array type for getstatic/putstatic.
1716 verify_field_instructions(
1717 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_getfield :
1720 case Bytecodes::_putfield :
1721 // pass FALSE, operand can't be an array type for getfield/putfield.
1722 verify_field_instructions(
1723 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1724 no_control_flow = false; break;
1725 case Bytecodes::_invokevirtual :
1726 case Bytecodes::_invokespecial :
1727 case Bytecodes::_invokestatic :
1728 case Bytecodes::_invokeinterface :
1729 case Bytecodes::_invokedynamic :
1730 verify_invoke_instructions(
1731 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1732 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 case Bytecodes::_new :
1735 {
1736 u2 index = bcs.get_index_u2();
1737 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1738 VerificationType new_class_type =
1739 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1740 if (!new_class_type.is_object()) {
1741 verify_error(ErrorContext::bad_type(bci,
1742 TypeOrigin::cp(index, new_class_type)),
1743 "Illegal new instruction");
1744 return;
1745 }
1746 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1747 current_frame.push_stack(type, CHECK_VERIFY(this));
1748 no_control_flow = false; break;
1749 }
1750 case Bytecodes::_newarray :
1751 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1752 current_frame.pop_stack(
1770 no_control_flow = false; break;
1771 case Bytecodes::_checkcast :
1772 {
1773 u2 index = bcs.get_index_u2();
1774 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1775 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1776 VerificationType klass_type = cp_index_to_type(
1777 index, cp, CHECK_VERIFY(this));
1778 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1779 no_control_flow = false; break;
1780 }
1781 case Bytecodes::_instanceof : {
1782 u2 index = bcs.get_index_u2();
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1785 current_frame.push_stack(
1786 VerificationType::integer_type(), CHECK_VERIFY(this));
1787 no_control_flow = false; break;
1788 }
1789 case Bytecodes::_monitorenter :
1790 case Bytecodes::_monitorexit : {
1791 VerificationType ref = current_frame.pop_stack(
1792 VerificationType::reference_check(), CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 }
1795 case Bytecodes::_multianewarray :
1796 {
1797 u2 index = bcs.get_index_u2();
1798 u2 dim = *(bcs.bcp()+3);
1799 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1800 VerificationType new_array_type =
1801 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1802 if (!new_array_type.is_array()) {
1803 verify_error(ErrorContext::bad_type(bci,
1804 TypeOrigin::cp(index, new_array_type)),
1805 "Illegal constant pool index in multianewarray instruction");
1806 return;
1807 }
1808 if (dim < 1 || new_array_type.dimensions() < dim) {
1809 verify_error(ErrorContext::bad_code(bci),
1810 "Illegal dimension in multianewarray instruction: %d", dim);
1811 return;
1812 }
1813 for (int i = 0; i < dim; i++) {
1814 current_frame.pop_stack(
2039 int nconstants = cp->length();
2040 if ((index <= 0) || (index >= nconstants)) {
2041 verify_error(ErrorContext::bad_cp_index(bci, index),
2042 "Illegal constant pool index %d in class %s",
2043 index, cp->pool_holder()->external_name());
2044 return;
2045 }
2046 }
2047
2048 void ClassVerifier::verify_cp_type(
2049 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2050
2051 // In some situations, bytecode rewriting may occur while we're verifying.
2052 // In this case, a constant pool cache exists and some indices refer to that
2053 // instead. Be sure we don't pick up such indices by accident.
2054 // We must check was_recursively_verified() before we get here.
2055 guarantee(cp->cache() == nullptr, "not rewritten yet");
2056
2057 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2058 unsigned int tag = cp->tag_at(index).value();
2059
2060 if ((types & (1 << tag)) == 0) {
2061 verify_error(ErrorContext::bad_cp_index(bci, index),
2062 "Illegal type at constant pool entry %d in class %s",
2063 index, cp->pool_holder()->external_name());
2064 return;
2065 }
2066 }
2067
2068 void ClassVerifier::verify_cp_class_type(
2069 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2070 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2071 constantTag tag = cp->tag_at(index);
2072 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2073 verify_error(ErrorContext::bad_cp_index(bci, index),
2074 "Illegal type at constant pool entry %d in class %s",
2075 index, cp->pool_holder()->external_name());
2076 return;
2077 }
2078 }
2079
2154 } else {
2155 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2156 if (member_klass != nullptr && fd.is_protected()) {
2157 if (!this_class->is_same_class_package(member_klass)) {
2158 return true;
2159 }
2160 }
2161 }
2162 return false;
2163 }
2164
2165 void ClassVerifier::verify_ldc(
2166 int opcode, u2 index, StackMapFrame* current_frame,
2167 const constantPoolHandle& cp, int bci, TRAPS) {
2168 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2169 constantTag tag = cp->tag_at(index);
2170 unsigned int types = 0;
2171 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2172 if (!tag.is_unresolved_klass()) {
2173 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2174 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2175 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2176 | (1 << JVM_CONSTANT_Dynamic);
2177 // Note: The class file parser already verified the legality of
2178 // MethodHandle and MethodType constants.
2179 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2180 }
2181 } else {
2182 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2183 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2184 | (1 << JVM_CONSTANT_Dynamic);
2185 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2186 }
2187 if (tag.is_string()) {
2188 current_frame->push_stack(
2189 VerificationType::reference_type(
2190 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2191 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2192 current_frame->push_stack(
2193 VerificationType::reference_type(
2194 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2330 const constantPoolHandle& cp,
2331 bool allow_arrays,
2332 TRAPS) {
2333 u2 index = bcs->get_index_u2();
2334 verify_cp_type(bcs->bci(), index, cp,
2335 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2336
2337 // Get field name and signature
2338 Symbol* field_name = cp->uncached_name_ref_at(index);
2339 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2340 bool is_getfield = false;
2341
2342 // Field signature was checked in ClassFileParser.
2343 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2344 "Invalid field signature");
2345
2346 // Get referenced class type
2347 VerificationType ref_class_type = cp_ref_index_to_type(
2348 index, cp, CHECK_VERIFY(this));
2349 if (!ref_class_type.is_object() &&
2350 (!allow_arrays || !ref_class_type.is_array())) {
2351 verify_error(ErrorContext::bad_type(bcs->bci(),
2352 TypeOrigin::cp(index, ref_class_type)),
2353 "Expecting reference to class in class %s at constant pool index %d",
2354 _klass->external_name(), index);
2355 return;
2356 }
2357
2358 VerificationType target_class_type = ref_class_type;
2359
2360 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2361 "buffer type must match VerificationType size");
2362 uintptr_t field_type_buffer[2];
2363 VerificationType* field_type = (VerificationType*)field_type_buffer;
2364 // If we make a VerificationType[2] array directly, the compiler calls
2365 // to the c-runtime library to do the allocation instead of just
2366 // stack allocating it. Plus it would run constructors. This shows up
2367 // in performance profiles.
2368
2369 SignatureStream sig_stream(field_sig, false);
2370 VerificationType stack_object_type;
2371 int n = change_sig_to_verificationType(&sig_stream, field_type);
2372 int bci = bcs->bci();
2373 bool is_assignable;
2374 switch (bcs->raw_code()) {
2375 case Bytecodes::_getstatic: {
2376 for (int i = 0; i < n; i++) {
2377 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2379 break;
2380 }
2381 case Bytecodes::_putstatic: {
2382 for (int i = n - 1; i >= 0; i--) {
2383 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2384 }
2385 break;
2386 }
2387 case Bytecodes::_getfield: {
2388 is_getfield = true;
2389 stack_object_type = current_frame->pop_stack(
2390 target_class_type, CHECK_VERIFY(this));
2391 goto check_protected;
2392 }
2393 case Bytecodes::_putfield: {
2394 for (int i = n - 1; i >= 0; i--) {
2395 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2396 }
2397 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2398
2399 // Field initialization is allowed before the superclass
2400 // initializer, if the field is defined within the current class.
2401 fieldDescriptor fd;
2402 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2403 target_class_type.equals(current_type());
2404 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2405 if (is_local_field) {
2406 // Set the type to the current type so the is_assignable check passes.
2407 stack_object_type = current_type();
2408 }
2409 } else if (supports_strict_fields(_klass)) {
2410 // `strict` fields are not writable, but only local fields produce verification errors
2411 if (is_local_field && fd.access_flags().is_strict()) {
2412 verify_error(ErrorContext::bad_code(bci),
2413 "Illegal use of putfield on a strict field");
2414 return;
2415 }
2416 }
2417 is_assignable = target_class_type.is_assignable_from(
2418 stack_object_type, this, false, CHECK_VERIFY(this));
2419 if (!is_assignable) {
2420 verify_error(ErrorContext::bad_type(bci,
2421 current_frame->stack_top_ctx(),
2422 TypeOrigin::cp(index, target_class_type)),
2423 "Bad type on operand stack in putfield");
2424 return;
2425 }
2426 }
2427 check_protected: {
2428 if (_this_type == stack_object_type)
2429 break; // stack_object_type must be assignable to _current_class_type
2430 if (was_recursively_verified()) {
2431 if (is_getfield) {
2432 // Push field type for getfield.
2433 for (int i = 0; i < n; i++) {
2434 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2435 }
2800 bool ClassVerifier::is_same_or_direct_interface(
2801 InstanceKlass* klass,
2802 VerificationType klass_type,
2803 VerificationType ref_class_type) {
2804 if (ref_class_type.equals(klass_type)) return true;
2805 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2806 if (local_interfaces != nullptr) {
2807 for (int x = 0; x < local_interfaces->length(); x++) {
2808 InstanceKlass* k = local_interfaces->at(x);
2809 assert (k != nullptr && k->is_interface(), "invalid interface");
2810 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2811 return true;
2812 }
2813 }
2814 }
2815 return false;
2816 }
2817
2818 void ClassVerifier::verify_invoke_instructions(
2819 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2820 bool in_try_block, bool *this_uninit,
2821 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2822 // Make sure the constant pool item is the right type
2823 u2 index = bcs->get_index_u2();
2824 Bytecodes::Code opcode = bcs->raw_code();
2825 unsigned int types = 0;
2826 switch (opcode) {
2827 case Bytecodes::_invokeinterface:
2828 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2829 break;
2830 case Bytecodes::_invokedynamic:
2831 types = 1 << JVM_CONSTANT_InvokeDynamic;
2832 break;
2833 case Bytecodes::_invokespecial:
2834 case Bytecodes::_invokestatic:
2835 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2836 (1 << JVM_CONSTANT_Methodref) :
2837 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2838 break;
2839 default:
2840 types = 1 << JVM_CONSTANT_Methodref;
2841 }
2842 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2843
2844 // Get method name and signature
2845 Symbol* method_name = cp->uncached_name_ref_at(index);
2846 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2847
2848 // Method signature was checked in ClassFileParser.
2849 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2850 "Invalid method signature");
2851
2852 // Get referenced class
2853 VerificationType ref_class_type;
2854 if (opcode == Bytecodes::_invokedynamic) {
2855 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2856 class_format_error(
2857 "invokedynamic instructions not supported by this class file version (%d), class %s",
2858 _klass->major_version(), _klass->external_name());
2859 return;
2860 }
2861 } else {
2862 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2863 }
2864
2865 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2866 "buffer type must match VerificationType size");
2867
2868 // Get the UTF8 index for this signature.
2869 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2870
2871 // Get the signature's verification types.
2872 sig_as_verification_types* mth_sig_verif_types;
2898 "Inconsistent args count operand in invokeinterface");
2899 return;
2900 }
2901 if (*(bcp+4) != 0) {
2902 verify_error(ErrorContext::bad_code(bci),
2903 "Fourth operand byte of invokeinterface must be zero");
2904 return;
2905 }
2906 }
2907
2908 if (opcode == Bytecodes::_invokedynamic) {
2909 address bcp = bcs->bcp();
2910 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2911 verify_error(ErrorContext::bad_code(bci),
2912 "Third and fourth operand bytes of invokedynamic must be zero");
2913 return;
2914 }
2915 }
2916
2917 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2918 // Make sure:
2919 // <init> can only be invoked by invokespecial.
2920 if (opcode != Bytecodes::_invokespecial ||
2921 method_name != vmSymbols::object_initializer_name()) {
2922 verify_error(ErrorContext::bad_code(bci),
2923 "Illegal call to internal method");
2924 return;
2925 }
2926 } else if (opcode == Bytecodes::_invokespecial
2927 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2928 && !ref_class_type.equals(VerificationType::reference_type(
2929 current_class()->super()->name()))) { // super() can never be an inline_type.
2930 bool subtype = false;
2931 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2932 subtype = ref_class_type.is_assignable_from(
2933 current_type(), this, false, CHECK_VERIFY(this));
2934 if (!subtype) {
2935 verify_error(ErrorContext::bad_code(bci),
2936 "Bad invokespecial instruction: "
2937 "current class isn't assignable to reference class.");
2938 return;
2939 } else if (have_imr_indirect) {
2940 verify_error(ErrorContext::bad_code(bci),
2941 "Bad invokespecial instruction: "
2942 "interface method reference is in an indirect superinterface.");
2943 return;
2944 }
2945
2946 }
2947
2948 // Get the verification types for the method's arguments.
2949 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2994 verify_error(ErrorContext::bad_type(bci,
2995 current_frame->stack_top_ctx(),
2996 TypeOrigin::implicit(current_type())),
2997 "Bad access to protected data in invokevirtual");
2998 return;
2999 }
3000 }
3001 }
3002 }
3003 }
3004 } else {
3005 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3006 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3007 }
3008 }
3009 }
3010 // Push the result type.
3011 int sig_verif_types_len = sig_verif_types->length();
3012 if (sig_verif_types_len > nargs) { // There's a return type
3013 if (method_name == vmSymbols::object_initializer_name()) {
3014 // an <init> method must have a void return type
3015 verify_error(ErrorContext::bad_code(bci),
3016 "Return type must be void in <init> method");
3017 return;
3018 }
3019
3020 assert(sig_verif_types_len <= nargs + 2,
3021 "Signature verification types array return type is bogus");
3022 for (int i = nargs; i < sig_verif_types_len; i++) {
3023 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3024 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3025 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3026 }
3027 }
3028 }
3029
3030 VerificationType ClassVerifier::get_newarray_type(
3031 u2 index, int bci, TRAPS) {
3032 const char* from_bt[] = {
3033 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3034 };
|