26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/instanceKlass.inline.hpp"
47 #include "oops/klass.inline.hpp"
48 #include "oops/oop.inline.hpp"
49 #include "oops/typeArrayOop.hpp"
50 #include "runtime/arguments.hpp"
51 #include "runtime/fieldDescriptor.hpp"
52 #include "runtime/handles.inline.hpp"
53 #include "runtime/interfaceSupport.inline.hpp"
54 #include "runtime/javaCalls.hpp"
55 #include "runtime/javaThread.hpp"
56 #include "runtime/jniHandles.inline.hpp"
57 #include "runtime/os.hpp"
58 #include "runtime/safepointVerifiers.hpp"
59 #include "services/threadService.hpp"
60 #include "utilities/align.hpp"
61 #include "utilities/bytes.hpp"
62 #if INCLUDE_CDS
63 #include "classfile/systemDictionaryShared.hpp"
64 #endif
65
66 #define NOFAILOVER_MAJOR_VERSION 51
67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
69 #define MAX_ARRAY_DIMENSIONS 255
70
71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
72
73 extern "C" {
74 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
75 }
76
77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
78
79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
80
81 if (_verify_byte_codes_fn != nullptr)
82 return _verify_byte_codes_fn;
83
84 MutexLocker locker(Verify_lock);
85
86 if (_verify_byte_codes_fn != nullptr)
87 return _verify_byte_codes_fn;
88
462 _expected.details(ss);
463 } else {
464 ss->print("Invalid type: ");
465 _type.details(ss);
466 }
467 break;
468 case FLAGS_MISMATCH:
469 if (_expected.is_valid()) {
470 ss->print("Current frame's flags are not assignable "
471 "to stack map frame's.");
472 } else {
473 ss->print("Current frame's flags are invalid in this context.");
474 }
475 break;
476 case BAD_CP_INDEX:
477 ss->print("Constant pool index %d is invalid", _type.index());
478 break;
479 case BAD_LOCAL_INDEX:
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case LOCALS_SIZE_MISMATCH:
483 ss->print("Current frame's local size doesn't match stackmap.");
484 break;
485 case STACK_SIZE_MISMATCH:
486 ss->print("Current frame's stack size doesn't match stackmap.");
487 break;
488 case STACK_OVERFLOW:
489 ss->print("Exceeded max stack size.");
490 break;
491 case STACK_UNDERFLOW:
492 ss->print("Attempt to pop empty stack.");
493 break;
494 case MISSING_STACKMAP:
495 ss->print("Expected stackmap frame at this location.");
496 break;
497 case BAD_STACKMAP:
498 ss->print("Invalid stackmap specification.");
499 break;
500 case UNKNOWN:
501 default:
502 ShouldNotReachHere();
503 ss->print_cr("Unknown");
504 }
505 ss->cr();
506 }
507
508 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
509 if (_bci != -1 && method != nullptr) {
510 streamIndentor si(ss);
511 const char* bytecode_name = "<invalid>";
512 if (method->validate_bci(_bci) != -1) {
513 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
514 if (Bytecodes::is_defined(code)) {
515 bytecode_name = Bytecodes::name(code);
516 } else {
517 bytecode_name = "<illegal>";
518 }
519 }
600 ClassVerifier::~ClassVerifier() {
601 // Decrement the reference count for any symbols created.
602 if (_symbols != nullptr) {
603 for (int i = 0; i < _symbols->length(); i++) {
604 Symbol* s = _symbols->at(i);
605 s->decrement_refcount();
606 }
607 }
608 }
609
610 VerificationType ClassVerifier::object_type() const {
611 return VerificationType::reference_type(vmSymbols::java_lang_Object());
612 }
613
614 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
615 VerificationType vt = VerificationType::reference_type(
616 create_temporary_symbol(sig, (int)strlen(sig)));
617 return TypeOrigin::implicit(vt);
618 }
619
620
621 void ClassVerifier::verify_class(TRAPS) {
622 log_info(verification)("Verifying class %s with new format", _klass->external_name());
623
624 // Either verifying both local and remote classes or just remote classes.
625 assert(BytecodeVerificationRemote, "Should not be here");
626
627 Array<Method*>* methods = _klass->methods();
628 int num_methods = methods->length();
629
630 for (int index = 0; index < num_methods; index++) {
631 // Check for recursive re-verification before each method.
632 if (was_recursively_verified()) return;
633
634 Method* m = methods->at(index);
635 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
636 // If m is native or abstract, skip it. It is checked in class file
637 // parser that methods do not override a final method. Overpass methods
638 // are trusted since the VM generates them.
639 continue;
695 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
696 assert(is_unique, "Duplicate entries in method_signature_table");
697 }
698
699 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
700 HandleMark hm(THREAD);
701 _method = m; // initialize _method
702 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
703
704 // For clang, the only good constant format string is a literal constant format string.
705 #define bad_type_msg "Bad type on operand stack in %s"
706
707 u2 max_stack = m->verifier_max_stack();
708 u2 max_locals = m->max_locals();
709 constantPoolHandle cp(THREAD, m->constants());
710
711 // Method signature was checked in ClassFileParser.
712 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
713 "Invalid method signature");
714
715 // Initial stack map frame: offset is 0, stack is initially empty.
716 StackMapFrame current_frame(max_locals, max_stack, this);
717 // Set initial locals
718 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
719
720 u2 stackmap_index = 0; // index to the stackmap array
721
722 u4 code_length = m->code_size();
723
724 // Scan the bytecode and map each instruction's start offset to a number.
725 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
726
727 int ex_min = code_length;
728 int ex_max = -1;
729 // Look through each item on the exception table. Each of the fields must refer
730 // to a legal instruction.
731 if (was_recursively_verified()) return;
732 verify_exception_handler_table(
733 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
734
735 // Look through each entry on the local variable table and make sure
736 // its range of code array offsets is valid. (4169817)
737 if (m->has_localvariable_table()) {
738 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
739 }
740
741 Array<u1>* stackmap_data = m->stackmap_data();
742 StackMapStream stream(stackmap_data);
743 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, THREAD);
744 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
745
746 LogTarget(Debug, verification) lt;
747 if (lt.is_enabled()) {
748 LogStream ls(lt);
749 stackmap_table.print_on(&ls);
750 }
751
752 RawBytecodeStream bcs(m);
753
754 // Scan the byte code linearly from the start to the end
755 bool no_control_flow = false; // Set to true when there is no direct control
756 // flow from current instruction to the next
757 // instruction in sequence
758
759 Bytecodes::Code opcode;
760 while (!bcs.is_last_bytecode()) {
761 // Check for recursive re-verification before each bytecode.
762 if (was_recursively_verified()) return;
763
1664 VerificationType::double2_type(), CHECK_VERIFY(this));
1665 type = current_frame.pop_stack(
1666 VerificationType::double_type(), CHECK_VERIFY(this));
1667 verify_return_value(return_type, type, bci,
1668 ¤t_frame, CHECK_VERIFY(this));
1669 no_control_flow = true; break;
1670 case Bytecodes::_areturn :
1671 type = current_frame.pop_stack(
1672 VerificationType::reference_check(), CHECK_VERIFY(this));
1673 verify_return_value(return_type, type, bci,
1674 ¤t_frame, CHECK_VERIFY(this));
1675 no_control_flow = true; break;
1676 case Bytecodes::_return :
1677 if (return_type != VerificationType::bogus_type()) {
1678 verify_error(ErrorContext::bad_code(bci),
1679 "Method expects a return value");
1680 return;
1681 }
1682 // Make sure "this" has been initialized if current method is an
1683 // <init>.
1684 if (_method->name() == vmSymbols::object_initializer_name() &&
1685 current_frame.flag_this_uninit()) {
1686 verify_error(ErrorContext::bad_code(bci),
1687 "Constructor must call super() or this() "
1688 "before return");
1689 return;
1690 }
1691 no_control_flow = true; break;
1692 case Bytecodes::_getstatic :
1693 case Bytecodes::_putstatic :
1694 // pass TRUE, operand can be an array type for getstatic/putstatic.
1695 verify_field_instructions(
1696 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1697 no_control_flow = false; break;
1698 case Bytecodes::_getfield :
1699 case Bytecodes::_putfield :
1700 // pass FALSE, operand can't be an array type for getfield/putfield.
1701 verify_field_instructions(
1702 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1703 no_control_flow = false; break;
1704 case Bytecodes::_invokevirtual :
1705 case Bytecodes::_invokespecial :
1706 case Bytecodes::_invokestatic :
1707 verify_invoke_instructions(
1708 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1709 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1710 no_control_flow = false; break;
1711 case Bytecodes::_invokeinterface :
1712 case Bytecodes::_invokedynamic :
1713 verify_invoke_instructions(
1714 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1715 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1716 no_control_flow = false; break;
1717 case Bytecodes::_new :
1718 {
1719 u2 index = bcs.get_index_u2();
1720 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1721 VerificationType new_class_type =
1722 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1723 if (!new_class_type.is_object()) {
1724 verify_error(ErrorContext::bad_type(bci,
1725 TypeOrigin::cp(index, new_class_type)),
1726 "Illegal new instruction");
1727 return;
1728 }
1729 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1730 current_frame.push_stack(type, CHECK_VERIFY(this));
1731 no_control_flow = false; break;
1732 }
1733 case Bytecodes::_newarray :
1734 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1735 current_frame.pop_stack(
1753 no_control_flow = false; break;
1754 case Bytecodes::_checkcast :
1755 {
1756 u2 index = bcs.get_index_u2();
1757 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1758 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1759 VerificationType klass_type = cp_index_to_type(
1760 index, cp, CHECK_VERIFY(this));
1761 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_instanceof : {
1765 u2 index = bcs.get_index_u2();
1766 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1767 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1768 current_frame.push_stack(
1769 VerificationType::integer_type(), CHECK_VERIFY(this));
1770 no_control_flow = false; break;
1771 }
1772 case Bytecodes::_monitorenter :
1773 case Bytecodes::_monitorexit :
1774 current_frame.pop_stack(
1775 VerificationType::reference_check(), CHECK_VERIFY(this));
1776 no_control_flow = false; break;
1777 case Bytecodes::_multianewarray :
1778 {
1779 u2 index = bcs.get_index_u2();
1780 u2 dim = *(bcs.bcp()+3);
1781 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1782 VerificationType new_array_type =
1783 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1784 if (!new_array_type.is_array()) {
1785 verify_error(ErrorContext::bad_type(bci,
1786 TypeOrigin::cp(index, new_array_type)),
1787 "Illegal constant pool index in multianewarray instruction");
1788 return;
1789 }
1790 if (dim < 1 || new_array_type.dimensions() < dim) {
1791 verify_error(ErrorContext::bad_code(bci),
1792 "Illegal dimension in multianewarray instruction: %d", dim);
1793 return;
1794 }
1795 for (int i = 0; i < dim; i++) {
1796 current_frame.pop_stack(
2134 } else {
2135 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136 if (member_klass != nullptr && fd.is_protected()) {
2137 if (!this_class->is_same_class_package(member_klass)) {
2138 return true;
2139 }
2140 }
2141 }
2142 return false;
2143 }
2144
2145 void ClassVerifier::verify_ldc(
2146 int opcode, u2 index, StackMapFrame* current_frame,
2147 const constantPoolHandle& cp, int bci, TRAPS) {
2148 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149 constantTag tag = cp->tag_at(index);
2150 unsigned int types = 0;
2151 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152 if (!tag.is_unresolved_klass()) {
2153 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2155 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156 | (1 << JVM_CONSTANT_Dynamic);
2157 // Note: The class file parser already verified the legality of
2158 // MethodHandle and MethodType constants.
2159 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160 }
2161 } else {
2162 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164 | (1 << JVM_CONSTANT_Dynamic);
2165 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166 }
2167 if (tag.is_string()) {
2168 current_frame->push_stack(
2169 VerificationType::reference_type(
2170 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172 current_frame->push_stack(
2173 VerificationType::reference_type(
2174 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2310 const constantPoolHandle& cp,
2311 bool allow_arrays,
2312 TRAPS) {
2313 u2 index = bcs->get_index_u2();
2314 verify_cp_type(bcs->bci(), index, cp,
2315 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2316
2317 // Get field name and signature
2318 Symbol* field_name = cp->uncached_name_ref_at(index);
2319 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2320 bool is_getfield = false;
2321
2322 // Field signature was checked in ClassFileParser.
2323 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2324 "Invalid field signature");
2325
2326 // Get referenced class type
2327 VerificationType ref_class_type = cp_ref_index_to_type(
2328 index, cp, CHECK_VERIFY(this));
2329 if (!ref_class_type.is_object() &&
2330 (!allow_arrays || !ref_class_type.is_array())) {
2331 verify_error(ErrorContext::bad_type(bcs->bci(),
2332 TypeOrigin::cp(index, ref_class_type)),
2333 "Expecting reference to class in class %s at constant pool index %d",
2334 _klass->external_name(), index);
2335 return;
2336 }
2337 VerificationType target_class_type = ref_class_type;
2338
2339 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2340 "buffer type must match VerificationType size");
2341 uintptr_t field_type_buffer[2];
2342 VerificationType* field_type = (VerificationType*)field_type_buffer;
2343 // If we make a VerificationType[2] array directly, the compiler calls
2344 // to the c-runtime library to do the allocation instead of just
2345 // stack allocating it. Plus it would run constructors. This shows up
2346 // in performance profiles.
2347
2348 SignatureStream sig_stream(field_sig, false);
2349 VerificationType stack_object_type;
2350 int n = change_sig_to_verificationType(&sig_stream, field_type);
2351 int bci = bcs->bci();
2352 bool is_assignable;
2353 switch (bcs->raw_code()) {
2354 case Bytecodes::_getstatic: {
2355 for (int i = 0; i < n; i++) {
2356 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2358 break;
2359 }
2360 case Bytecodes::_putstatic: {
2361 for (int i = n - 1; i >= 0; i--) {
2362 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2363 }
2364 break;
2365 }
2366 case Bytecodes::_getfield: {
2367 is_getfield = true;
2368 stack_object_type = current_frame->pop_stack(
2369 target_class_type, CHECK_VERIFY(this));
2370 goto check_protected;
2371 }
2372 case Bytecodes::_putfield: {
2373 for (int i = n - 1; i >= 0; i--) {
2374 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375 }
2376 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377
2378 // The JVMS 2nd edition allows field initialization before the superclass
2379 // initializer, if the field is defined within the current class.
2380 fieldDescriptor fd;
2381 if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382 target_class_type.equals(current_type()) &&
2383 _klass->find_local_field(field_name, field_sig, &fd)) {
2384 stack_object_type = current_type();
2385 }
2386 is_assignable = target_class_type.is_assignable_from(
2387 stack_object_type, this, false, CHECK_VERIFY(this));
2388 if (!is_assignable) {
2389 verify_error(ErrorContext::bad_type(bci,
2390 current_frame->stack_top_ctx(),
2391 TypeOrigin::cp(index, target_class_type)),
2392 "Bad type on operand stack in putfield");
2393 return;
2394 }
2395 }
2396 check_protected: {
2397 if (_this_type == stack_object_type)
2398 break; // stack_object_type must be assignable to _current_class_type
2399 if (was_recursively_verified()) {
2400 if (is_getfield) {
2401 // Push field type for getfield.
2402 for (int i = 0; i < n; i++) {
2403 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404 }
2646 }
2647
2648 void ClassVerifier::verify_invoke_init(
2649 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2650 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2651 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2652 TRAPS) {
2653 int bci = bcs->bci();
2654 VerificationType type = current_frame->pop_stack(
2655 VerificationType::reference_check(), CHECK_VERIFY(this));
2656 if (type == VerificationType::uninitialized_this_type()) {
2657 // The method must be an <init> method of this class or its superclass
2658 Klass* superk = current_class()->super();
2659 if (ref_class_type.name() != current_class()->name() &&
2660 ref_class_type.name() != superk->name()) {
2661 verify_error(ErrorContext::bad_type(bci,
2662 TypeOrigin::implicit(ref_class_type),
2663 TypeOrigin::implicit(current_type())),
2664 "Bad <init> method call");
2665 return;
2666 }
2667
2668 // If this invokespecial call is done from inside of a TRY block then make
2669 // sure that all catch clause paths end in a throw. Otherwise, this can
2670 // result in returning an incomplete object.
2671 if (in_try_block) {
2672 ExceptionTable exhandlers(_method());
2673 int exlength = exhandlers.length();
2674 for(int i = 0; i < exlength; i++) {
2675 u2 start_pc = exhandlers.start_pc(i);
2676 u2 end_pc = exhandlers.end_pc(i);
2677
2678 if (bci >= start_pc && bci < end_pc) {
2679 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2680 verify_error(ErrorContext::bad_code(bci),
2681 "Bad <init> method call from after the start of a try block");
2682 return;
2683 } else if (log_is_enabled(Debug, verification)) {
2684 ResourceMark rm(THREAD);
2685 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2769 bool ClassVerifier::is_same_or_direct_interface(
2770 InstanceKlass* klass,
2771 VerificationType klass_type,
2772 VerificationType ref_class_type) {
2773 if (ref_class_type.equals(klass_type)) return true;
2774 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2775 if (local_interfaces != nullptr) {
2776 for (int x = 0; x < local_interfaces->length(); x++) {
2777 InstanceKlass* k = local_interfaces->at(x);
2778 assert (k != nullptr && k->is_interface(), "invalid interface");
2779 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2780 return true;
2781 }
2782 }
2783 }
2784 return false;
2785 }
2786
2787 void ClassVerifier::verify_invoke_instructions(
2788 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2789 bool in_try_block, bool *this_uninit, VerificationType return_type,
2790 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2791 // Make sure the constant pool item is the right type
2792 u2 index = bcs->get_index_u2();
2793 Bytecodes::Code opcode = bcs->raw_code();
2794 unsigned int types = 0;
2795 switch (opcode) {
2796 case Bytecodes::_invokeinterface:
2797 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2798 break;
2799 case Bytecodes::_invokedynamic:
2800 types = 1 << JVM_CONSTANT_InvokeDynamic;
2801 break;
2802 case Bytecodes::_invokespecial:
2803 case Bytecodes::_invokestatic:
2804 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2805 (1 << JVM_CONSTANT_Methodref) :
2806 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2807 break;
2808 default:
2809 types = 1 << JVM_CONSTANT_Methodref;
2810 }
2811 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2812
2813 // Get method name and signature
2814 Symbol* method_name = cp->uncached_name_ref_at(index);
2815 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2816
2817 // Method signature was checked in ClassFileParser.
2818 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2819 "Invalid method signature");
2820
2821 // Get referenced class type
2822 VerificationType ref_class_type;
2823 if (opcode == Bytecodes::_invokedynamic) {
2824 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2825 class_format_error(
2826 "invokedynamic instructions not supported by this class file version (%d), class %s",
2827 _klass->major_version(), _klass->external_name());
2828 return;
2829 }
2830 } else {
2831 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2832 }
2833
2834 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2835 "buffer type must match VerificationType size");
2836
2837 // Get the UTF8 index for this signature.
2838 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2839
2840 // Get the signature's verification types.
2841 sig_as_verification_types* mth_sig_verif_types;
2867 "Inconsistent args count operand in invokeinterface");
2868 return;
2869 }
2870 if (*(bcp+4) != 0) {
2871 verify_error(ErrorContext::bad_code(bci),
2872 "Fourth operand byte of invokeinterface must be zero");
2873 return;
2874 }
2875 }
2876
2877 if (opcode == Bytecodes::_invokedynamic) {
2878 address bcp = bcs->bcp();
2879 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2880 verify_error(ErrorContext::bad_code(bci),
2881 "Third and fourth operand bytes of invokedynamic must be zero");
2882 return;
2883 }
2884 }
2885
2886 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2887 // Make sure <init> can only be invoked by invokespecial
2888 if (opcode != Bytecodes::_invokespecial ||
2889 method_name != vmSymbols::object_initializer_name()) {
2890 verify_error(ErrorContext::bad_code(bci),
2891 "Illegal call to internal method");
2892 return;
2893 }
2894 } else if (opcode == Bytecodes::_invokespecial
2895 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2896 && !ref_class_type.equals(VerificationType::reference_type(
2897 current_class()->super()->name()))) {
2898 bool subtype = false;
2899 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2900 subtype = ref_class_type.is_assignable_from(
2901 current_type(), this, false, CHECK_VERIFY(this));
2902 if (!subtype) {
2903 verify_error(ErrorContext::bad_code(bci),
2904 "Bad invokespecial instruction: "
2905 "current class isn't assignable to reference class.");
2906 return;
2907 } else if (have_imr_indirect) {
2908 verify_error(ErrorContext::bad_code(bci),
2909 "Bad invokespecial instruction: "
2910 "interface method reference is in an indirect superinterface.");
2911 return;
2912 }
2913
2914 }
2915
2916 // Get the verification types for the method's arguments.
2917 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2962 verify_error(ErrorContext::bad_type(bci,
2963 current_frame->stack_top_ctx(),
2964 TypeOrigin::implicit(current_type())),
2965 "Bad access to protected data in invokevirtual");
2966 return;
2967 }
2968 }
2969 }
2970 }
2971 }
2972 } else {
2973 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2974 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2975 }
2976 }
2977 }
2978 // Push the result type.
2979 int sig_verif_types_len = sig_verif_types->length();
2980 if (sig_verif_types_len > nargs) { // There's a return type
2981 if (method_name == vmSymbols::object_initializer_name()) {
2982 // <init> method must have a void return type
2983 /* Unreachable? Class file parser verifies that methods with '<' have
2984 * void return */
2985 verify_error(ErrorContext::bad_code(bci),
2986 "Return type must be void in <init> method");
2987 return;
2988 }
2989
2990 assert(sig_verif_types_len <= nargs + 2,
2991 "Signature verification types array return type is bogus");
2992 for (int i = nargs; i < sig_verif_types_len; i++) {
2993 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2994 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2995 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2996 }
2997 }
2998 }
2999
3000 VerificationType ClassVerifier::get_newarray_type(
3001 u2 index, int bci, TRAPS) {
3002 const char* from_bt[] = {
3003 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3004 };
|
26 #include "classfile/classFileStream.hpp"
27 #include "classfile/classLoader.hpp"
28 #include "classfile/javaClasses.hpp"
29 #include "classfile/stackMapTable.hpp"
30 #include "classfile/stackMapFrame.hpp"
31 #include "classfile/stackMapTableFormat.hpp"
32 #include "classfile/symbolTable.hpp"
33 #include "classfile/systemDictionary.hpp"
34 #include "classfile/verifier.hpp"
35 #include "classfile/vmClasses.hpp"
36 #include "classfile/vmSymbols.hpp"
37 #include "interpreter/bytecodes.hpp"
38 #include "interpreter/bytecodeStream.hpp"
39 #include "jvm.h"
40 #include "logging/log.hpp"
41 #include "logging/logStream.hpp"
42 #include "memory/oopFactory.hpp"
43 #include "memory/resourceArea.hpp"
44 #include "memory/universe.hpp"
45 #include "oops/constantPool.inline.hpp"
46 #include "oops/fieldStreams.inline.hpp"
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.inline.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63 #if INCLUDE_CDS
64 #include "classfile/systemDictionaryShared.hpp"
65 #endif
66
67 #define NOFAILOVER_MAJOR_VERSION 51
68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
70 #define INLINE_TYPE_MAJOR_VERSION 56
71 #define MAX_ARRAY_DIMENSIONS 255
72
73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
74
75 extern "C" {
76 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
77 }
78
79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
80
81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
82
83 if (_verify_byte_codes_fn != nullptr)
84 return _verify_byte_codes_fn;
85
86 MutexLocker locker(Verify_lock);
87
88 if (_verify_byte_codes_fn != nullptr)
89 return _verify_byte_codes_fn;
90
464 _expected.details(ss);
465 } else {
466 ss->print("Invalid type: ");
467 _type.details(ss);
468 }
469 break;
470 case FLAGS_MISMATCH:
471 if (_expected.is_valid()) {
472 ss->print("Current frame's flags are not assignable "
473 "to stack map frame's.");
474 } else {
475 ss->print("Current frame's flags are invalid in this context.");
476 }
477 break;
478 case BAD_CP_INDEX:
479 ss->print("Constant pool index %d is invalid", _type.index());
480 break;
481 case BAD_LOCAL_INDEX:
482 ss->print("Local index %d is invalid", _type.index());
483 break;
484 case BAD_STRICT_FIELDS:
485 ss->print("Invalid use of strict instance fields");
486 break;
487 case LOCALS_SIZE_MISMATCH:
488 ss->print("Current frame's local size doesn't match stackmap.");
489 break;
490 case STACK_SIZE_MISMATCH:
491 ss->print("Current frame's stack size doesn't match stackmap.");
492 break;
493 case STRICT_FIELDS_MISMATCH:
494 ss->print("Current frame's strict instance fields not compatible with stackmap.");
495 break;
496 case STACK_OVERFLOW:
497 ss->print("Exceeded max stack size.");
498 break;
499 case STACK_UNDERFLOW:
500 ss->print("Attempt to pop empty stack.");
501 break;
502 case MISSING_STACKMAP:
503 ss->print("Expected stackmap frame at this location.");
504 break;
505 case BAD_STACKMAP:
506 ss->print("Invalid stackmap specification.");
507 break;
508 case WRONG_INLINE_TYPE:
509 ss->print("Type ");
510 _type.details(ss);
511 ss->print(" and type ");
512 _expected.details(ss);
513 ss->print(" must be identical inline types.");
514 break;
515 case UNKNOWN:
516 default:
517 ShouldNotReachHere();
518 ss->print_cr("Unknown");
519 }
520 ss->cr();
521 }
522
523 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
524 if (_bci != -1 && method != nullptr) {
525 streamIndentor si(ss);
526 const char* bytecode_name = "<invalid>";
527 if (method->validate_bci(_bci) != -1) {
528 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
529 if (Bytecodes::is_defined(code)) {
530 bytecode_name = Bytecodes::name(code);
531 } else {
532 bytecode_name = "<illegal>";
533 }
534 }
615 ClassVerifier::~ClassVerifier() {
616 // Decrement the reference count for any symbols created.
617 if (_symbols != nullptr) {
618 for (int i = 0; i < _symbols->length(); i++) {
619 Symbol* s = _symbols->at(i);
620 s->decrement_refcount();
621 }
622 }
623 }
624
625 VerificationType ClassVerifier::object_type() const {
626 return VerificationType::reference_type(vmSymbols::java_lang_Object());
627 }
628
629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
630 VerificationType vt = VerificationType::reference_type(
631 create_temporary_symbol(sig, (int)strlen(sig)));
632 return TypeOrigin::implicit(vt);
633 }
634
635 static bool supports_strict_fields(InstanceKlass* klass) {
636 int ver = klass->major_version();
637 return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
638 (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
639 }
640
641 void ClassVerifier::verify_class(TRAPS) {
642 log_info(verification)("Verifying class %s with new format", _klass->external_name());
643
644 // Either verifying both local and remote classes or just remote classes.
645 assert(BytecodeVerificationRemote, "Should not be here");
646
647 Array<Method*>* methods = _klass->methods();
648 int num_methods = methods->length();
649
650 for (int index = 0; index < num_methods; index++) {
651 // Check for recursive re-verification before each method.
652 if (was_recursively_verified()) return;
653
654 Method* m = methods->at(index);
655 if (m->is_native() || m->is_abstract() || m->is_overpass()) {
656 // If m is native or abstract, skip it. It is checked in class file
657 // parser that methods do not override a final method. Overpass methods
658 // are trusted since the VM generates them.
659 continue;
715 bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
716 assert(is_unique, "Duplicate entries in method_signature_table");
717 }
718
719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
720 HandleMark hm(THREAD);
721 _method = m; // initialize _method
722 log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
723
724 // For clang, the only good constant format string is a literal constant format string.
725 #define bad_type_msg "Bad type on operand stack in %s"
726
727 u2 max_stack = m->verifier_max_stack();
728 u2 max_locals = m->max_locals();
729 constantPoolHandle cp(THREAD, m->constants());
730
731 // Method signature was checked in ClassFileParser.
732 assert(SignatureVerifier::is_valid_method_signature(m->signature()),
733 "Invalid method signature");
734
735 // Collect the initial strict instance fields
736 StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
737 if (m->is_object_constructor()) {
738 for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
739 if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
740 NameAndSig new_field(fs.name(), fs.signature());
741 if (IgnoreAssertUnsetFields) {
742 strict_fields->put(new_field, true);
743 } else {
744 strict_fields->put(new_field, false);
745 }
746 }
747 }
748 }
749
750 // Initial stack map frame: offset is 0, stack is initially empty.
751 StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
752 // Set initial locals
753 VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
754
755 u2 stackmap_index = 0; // index to the stackmap array
756
757 u4 code_length = m->code_size();
758
759 // Scan the bytecode and map each instruction's start offset to a number.
760 char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
761
762 int ex_min = code_length;
763 int ex_max = -1;
764 // Look through each item on the exception table. Each of the fields must refer
765 // to a legal instruction.
766 if (was_recursively_verified()) return;
767 verify_exception_handler_table(
768 code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
769
770 // Look through each entry on the local variable table and make sure
771 // its range of code array offsets is valid. (4169817)
772 if (m->has_localvariable_table()) {
773 verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
774 }
775
776 Array<u1>* stackmap_data = m->stackmap_data();
777 StackMapStream stream(stackmap_data);
778 StackMapReader reader(this, &stream, code_data, code_length, ¤t_frame, max_locals, max_stack, strict_fields, THREAD);
779 StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
780
781 LogTarget(Debug, verification) lt;
782 if (lt.is_enabled()) {
783 LogStream ls(lt);
784 stackmap_table.print_on(&ls);
785 }
786
787 RawBytecodeStream bcs(m);
788
789 // Scan the byte code linearly from the start to the end
790 bool no_control_flow = false; // Set to true when there is no direct control
791 // flow from current instruction to the next
792 // instruction in sequence
793
794 Bytecodes::Code opcode;
795 while (!bcs.is_last_bytecode()) {
796 // Check for recursive re-verification before each bytecode.
797 if (was_recursively_verified()) return;
798
1699 VerificationType::double2_type(), CHECK_VERIFY(this));
1700 type = current_frame.pop_stack(
1701 VerificationType::double_type(), CHECK_VERIFY(this));
1702 verify_return_value(return_type, type, bci,
1703 ¤t_frame, CHECK_VERIFY(this));
1704 no_control_flow = true; break;
1705 case Bytecodes::_areturn :
1706 type = current_frame.pop_stack(
1707 VerificationType::reference_check(), CHECK_VERIFY(this));
1708 verify_return_value(return_type, type, bci,
1709 ¤t_frame, CHECK_VERIFY(this));
1710 no_control_flow = true; break;
1711 case Bytecodes::_return :
1712 if (return_type != VerificationType::bogus_type()) {
1713 verify_error(ErrorContext::bad_code(bci),
1714 "Method expects a return value");
1715 return;
1716 }
1717 // Make sure "this" has been initialized if current method is an
1718 // <init>.
1719 if (_method->is_object_constructor() &&
1720 current_frame.flag_this_uninit()) {
1721 verify_error(ErrorContext::bad_code(bci),
1722 "Constructor must call super() or this() "
1723 "before return");
1724 return;
1725 }
1726 no_control_flow = true; break;
1727 case Bytecodes::_getstatic :
1728 case Bytecodes::_putstatic :
1729 // pass TRUE, operand can be an array type for getstatic/putstatic.
1730 verify_field_instructions(
1731 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1732 no_control_flow = false; break;
1733 case Bytecodes::_getfield :
1734 case Bytecodes::_putfield :
1735 // pass FALSE, operand can't be an array type for getfield/putfield.
1736 verify_field_instructions(
1737 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1738 no_control_flow = false; break;
1739 case Bytecodes::_invokevirtual :
1740 case Bytecodes::_invokespecial :
1741 case Bytecodes::_invokestatic :
1742 case Bytecodes::_invokeinterface :
1743 case Bytecodes::_invokedynamic :
1744 verify_invoke_instructions(
1745 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1746 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1747 no_control_flow = false; break;
1748 case Bytecodes::_new :
1749 {
1750 u2 index = bcs.get_index_u2();
1751 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752 VerificationType new_class_type =
1753 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1754 if (!new_class_type.is_object()) {
1755 verify_error(ErrorContext::bad_type(bci,
1756 TypeOrigin::cp(index, new_class_type)),
1757 "Illegal new instruction");
1758 return;
1759 }
1760 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1761 current_frame.push_stack(type, CHECK_VERIFY(this));
1762 no_control_flow = false; break;
1763 }
1764 case Bytecodes::_newarray :
1765 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1766 current_frame.pop_stack(
1784 no_control_flow = false; break;
1785 case Bytecodes::_checkcast :
1786 {
1787 u2 index = bcs.get_index_u2();
1788 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790 VerificationType klass_type = cp_index_to_type(
1791 index, cp, CHECK_VERIFY(this));
1792 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1793 no_control_flow = false; break;
1794 }
1795 case Bytecodes::_instanceof : {
1796 u2 index = bcs.get_index_u2();
1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799 current_frame.push_stack(
1800 VerificationType::integer_type(), CHECK_VERIFY(this));
1801 no_control_flow = false; break;
1802 }
1803 case Bytecodes::_monitorenter :
1804 case Bytecodes::_monitorexit : {
1805 VerificationType ref = current_frame.pop_stack(
1806 VerificationType::reference_check(), CHECK_VERIFY(this));
1807 no_control_flow = false; break;
1808 }
1809 case Bytecodes::_multianewarray :
1810 {
1811 u2 index = bcs.get_index_u2();
1812 u2 dim = *(bcs.bcp()+3);
1813 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1814 VerificationType new_array_type =
1815 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1816 if (!new_array_type.is_array()) {
1817 verify_error(ErrorContext::bad_type(bci,
1818 TypeOrigin::cp(index, new_array_type)),
1819 "Illegal constant pool index in multianewarray instruction");
1820 return;
1821 }
1822 if (dim < 1 || new_array_type.dimensions() < dim) {
1823 verify_error(ErrorContext::bad_code(bci),
1824 "Illegal dimension in multianewarray instruction: %d", dim);
1825 return;
1826 }
1827 for (int i = 0; i < dim; i++) {
1828 current_frame.pop_stack(
2166 } else {
2167 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2168 if (member_klass != nullptr && fd.is_protected()) {
2169 if (!this_class->is_same_class_package(member_klass)) {
2170 return true;
2171 }
2172 }
2173 }
2174 return false;
2175 }
2176
2177 void ClassVerifier::verify_ldc(
2178 int opcode, u2 index, StackMapFrame* current_frame,
2179 const constantPoolHandle& cp, int bci, TRAPS) {
2180 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2181 constantTag tag = cp->tag_at(index);
2182 unsigned int types = 0;
2183 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2184 if (!tag.is_unresolved_klass()) {
2185 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2186 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2187 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2188 | (1 << JVM_CONSTANT_Dynamic);
2189 // Note: The class file parser already verified the legality of
2190 // MethodHandle and MethodType constants.
2191 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2192 }
2193 } else {
2194 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2195 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2196 | (1 << JVM_CONSTANT_Dynamic);
2197 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2198 }
2199 if (tag.is_string()) {
2200 current_frame->push_stack(
2201 VerificationType::reference_type(
2202 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2203 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2204 current_frame->push_stack(
2205 VerificationType::reference_type(
2206 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2342 const constantPoolHandle& cp,
2343 bool allow_arrays,
2344 TRAPS) {
2345 u2 index = bcs->get_index_u2();
2346 verify_cp_type(bcs->bci(), index, cp,
2347 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2348
2349 // Get field name and signature
2350 Symbol* field_name = cp->uncached_name_ref_at(index);
2351 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2352 bool is_getfield = false;
2353
2354 // Field signature was checked in ClassFileParser.
2355 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2356 "Invalid field signature");
2357
2358 // Get referenced class type
2359 VerificationType ref_class_type = cp_ref_index_to_type(
2360 index, cp, CHECK_VERIFY(this));
2361 if (!ref_class_type.is_object() &&
2362 (!allow_arrays || !ref_class_type.is_array())) {
2363 verify_error(ErrorContext::bad_type(bcs->bci(),
2364 TypeOrigin::cp(index, ref_class_type)),
2365 "Expecting reference to class in class %s at constant pool index %d",
2366 _klass->external_name(), index);
2367 return;
2368 }
2369
2370 VerificationType target_class_type = ref_class_type;
2371
2372 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2373 "buffer type must match VerificationType size");
2374 uintptr_t field_type_buffer[2];
2375 VerificationType* field_type = (VerificationType*)field_type_buffer;
2376 // If we make a VerificationType[2] array directly, the compiler calls
2377 // to the c-runtime library to do the allocation instead of just
2378 // stack allocating it. Plus it would run constructors. This shows up
2379 // in performance profiles.
2380
2381 SignatureStream sig_stream(field_sig, false);
2382 VerificationType stack_object_type;
2383 int n = change_sig_to_verificationType(&sig_stream, field_type);
2384 int bci = bcs->bci();
2385 bool is_assignable;
2386 switch (bcs->raw_code()) {
2387 case Bytecodes::_getstatic: {
2388 for (int i = 0; i < n; i++) {
2389 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2391 break;
2392 }
2393 case Bytecodes::_putstatic: {
2394 for (int i = n - 1; i >= 0; i--) {
2395 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2396 }
2397 break;
2398 }
2399 case Bytecodes::_getfield: {
2400 is_getfield = true;
2401 stack_object_type = current_frame->pop_stack(
2402 target_class_type, CHECK_VERIFY(this));
2403 goto check_protected;
2404 }
2405 case Bytecodes::_putfield: {
2406 for (int i = n - 1; i >= 0; i--) {
2407 current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2408 }
2409 stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2410
2411 // Field initialization is allowed before the superclass
2412 // initializer, if the field is defined within the current class.
2413 fieldDescriptor fd;
2414 bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2415 target_class_type.equals(current_type());
2416 if (stack_object_type == VerificationType::uninitialized_this_type()) {
2417 if (is_local_field) {
2418 // Set the type to the current type so the is_assignable check passes.
2419 stack_object_type = current_type();
2420
2421 if (fd.access_flags().is_strict()) {
2422 ResourceMark rm(THREAD);
2423 if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2424 log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2425 fd.name()->as_C_string(), fd.signature()->as_C_string());
2426 verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2427 "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2428 }
2429 }
2430 }
2431 } else if (supports_strict_fields(_klass)) {
2432 // `strict` fields are not writable, but only local fields produce verification errors
2433 if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2434 verify_error(ErrorContext::bad_code(bci),
2435 "Illegal use of putfield on a strict field");
2436 return;
2437 }
2438 }
2439 is_assignable = target_class_type.is_assignable_from(
2440 stack_object_type, this, false, CHECK_VERIFY(this));
2441 if (!is_assignable) {
2442 verify_error(ErrorContext::bad_type(bci,
2443 current_frame->stack_top_ctx(),
2444 TypeOrigin::cp(index, target_class_type)),
2445 "Bad type on operand stack in putfield");
2446 return;
2447 }
2448 }
2449 check_protected: {
2450 if (_this_type == stack_object_type)
2451 break; // stack_object_type must be assignable to _current_class_type
2452 if (was_recursively_verified()) {
2453 if (is_getfield) {
2454 // Push field type for getfield.
2455 for (int i = 0; i < n; i++) {
2456 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2457 }
2699 }
2700
2701 void ClassVerifier::verify_invoke_init(
2702 RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2703 StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2704 bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2705 TRAPS) {
2706 int bci = bcs->bci();
2707 VerificationType type = current_frame->pop_stack(
2708 VerificationType::reference_check(), CHECK_VERIFY(this));
2709 if (type == VerificationType::uninitialized_this_type()) {
2710 // The method must be an <init> method of this class or its superclass
2711 Klass* superk = current_class()->super();
2712 if (ref_class_type.name() != current_class()->name() &&
2713 ref_class_type.name() != superk->name()) {
2714 verify_error(ErrorContext::bad_type(bci,
2715 TypeOrigin::implicit(ref_class_type),
2716 TypeOrigin::implicit(current_type())),
2717 "Bad <init> method call");
2718 return;
2719 } else if (ref_class_type.name() == superk->name()) {
2720 // Strict final fields must be satisfied by this point
2721 if (!current_frame->verify_unset_fields_satisfied()) {
2722 log_info(verification)("Strict instance fields not initialized");
2723 StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2724 current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2725 }
2726 }
2727
2728 // If this invokespecial call is done from inside of a TRY block then make
2729 // sure that all catch clause paths end in a throw. Otherwise, this can
2730 // result in returning an incomplete object.
2731 if (in_try_block) {
2732 ExceptionTable exhandlers(_method());
2733 int exlength = exhandlers.length();
2734 for(int i = 0; i < exlength; i++) {
2735 u2 start_pc = exhandlers.start_pc(i);
2736 u2 end_pc = exhandlers.end_pc(i);
2737
2738 if (bci >= start_pc && bci < end_pc) {
2739 if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2740 verify_error(ErrorContext::bad_code(bci),
2741 "Bad <init> method call from after the start of a try block");
2742 return;
2743 } else if (log_is_enabled(Debug, verification)) {
2744 ResourceMark rm(THREAD);
2745 log_debug(verification)("Survived call to ends_in_athrow(): %s",
2829 bool ClassVerifier::is_same_or_direct_interface(
2830 InstanceKlass* klass,
2831 VerificationType klass_type,
2832 VerificationType ref_class_type) {
2833 if (ref_class_type.equals(klass_type)) return true;
2834 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2835 if (local_interfaces != nullptr) {
2836 for (int x = 0; x < local_interfaces->length(); x++) {
2837 InstanceKlass* k = local_interfaces->at(x);
2838 assert (k != nullptr && k->is_interface(), "invalid interface");
2839 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2840 return true;
2841 }
2842 }
2843 }
2844 return false;
2845 }
2846
2847 void ClassVerifier::verify_invoke_instructions(
2848 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2849 bool in_try_block, bool *this_uninit,
2850 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2851 // Make sure the constant pool item is the right type
2852 u2 index = bcs->get_index_u2();
2853 Bytecodes::Code opcode = bcs->raw_code();
2854 unsigned int types = 0;
2855 switch (opcode) {
2856 case Bytecodes::_invokeinterface:
2857 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2858 break;
2859 case Bytecodes::_invokedynamic:
2860 types = 1 << JVM_CONSTANT_InvokeDynamic;
2861 break;
2862 case Bytecodes::_invokespecial:
2863 case Bytecodes::_invokestatic:
2864 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2865 (1 << JVM_CONSTANT_Methodref) :
2866 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2867 break;
2868 default:
2869 types = 1 << JVM_CONSTANT_Methodref;
2870 }
2871 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2872
2873 // Get method name and signature
2874 Symbol* method_name = cp->uncached_name_ref_at(index);
2875 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2876
2877 // Method signature was checked in ClassFileParser.
2878 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2879 "Invalid method signature");
2880
2881 // Get referenced class
2882 VerificationType ref_class_type;
2883 if (opcode == Bytecodes::_invokedynamic) {
2884 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2885 class_format_error(
2886 "invokedynamic instructions not supported by this class file version (%d), class %s",
2887 _klass->major_version(), _klass->external_name());
2888 return;
2889 }
2890 } else {
2891 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2892 }
2893
2894 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2895 "buffer type must match VerificationType size");
2896
2897 // Get the UTF8 index for this signature.
2898 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2899
2900 // Get the signature's verification types.
2901 sig_as_verification_types* mth_sig_verif_types;
2927 "Inconsistent args count operand in invokeinterface");
2928 return;
2929 }
2930 if (*(bcp+4) != 0) {
2931 verify_error(ErrorContext::bad_code(bci),
2932 "Fourth operand byte of invokeinterface must be zero");
2933 return;
2934 }
2935 }
2936
2937 if (opcode == Bytecodes::_invokedynamic) {
2938 address bcp = bcs->bcp();
2939 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2940 verify_error(ErrorContext::bad_code(bci),
2941 "Third and fourth operand bytes of invokedynamic must be zero");
2942 return;
2943 }
2944 }
2945
2946 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2947 // Make sure:
2948 // <init> can only be invoked by invokespecial.
2949 if (opcode != Bytecodes::_invokespecial ||
2950 method_name != vmSymbols::object_initializer_name()) {
2951 verify_error(ErrorContext::bad_code(bci),
2952 "Illegal call to internal method");
2953 return;
2954 }
2955 } else if (opcode == Bytecodes::_invokespecial
2956 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2957 && !ref_class_type.equals(VerificationType::reference_type(
2958 current_class()->super()->name()))) { // super() can never be an inline_type.
2959 bool subtype = false;
2960 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2961 subtype = ref_class_type.is_assignable_from(
2962 current_type(), this, false, CHECK_VERIFY(this));
2963 if (!subtype) {
2964 verify_error(ErrorContext::bad_code(bci),
2965 "Bad invokespecial instruction: "
2966 "current class isn't assignable to reference class.");
2967 return;
2968 } else if (have_imr_indirect) {
2969 verify_error(ErrorContext::bad_code(bci),
2970 "Bad invokespecial instruction: "
2971 "interface method reference is in an indirect superinterface.");
2972 return;
2973 }
2974
2975 }
2976
2977 // Get the verification types for the method's arguments.
2978 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
3023 verify_error(ErrorContext::bad_type(bci,
3024 current_frame->stack_top_ctx(),
3025 TypeOrigin::implicit(current_type())),
3026 "Bad access to protected data in invokevirtual");
3027 return;
3028 }
3029 }
3030 }
3031 }
3032 }
3033 } else {
3034 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3035 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3036 }
3037 }
3038 }
3039 // Push the result type.
3040 int sig_verif_types_len = sig_verif_types->length();
3041 if (sig_verif_types_len > nargs) { // There's a return type
3042 if (method_name == vmSymbols::object_initializer_name()) {
3043 // an <init> method must have a void return type
3044 verify_error(ErrorContext::bad_code(bci),
3045 "Return type must be void in <init> method");
3046 return;
3047 }
3048
3049 assert(sig_verif_types_len <= nargs + 2,
3050 "Signature verification types array return type is bogus");
3051 for (int i = nargs; i < sig_verif_types_len; i++) {
3052 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3053 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3054 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3055 }
3056 }
3057 }
3058
3059 VerificationType ClassVerifier::get_newarray_type(
3060 u2 index, int bci, TRAPS) {
3061 const char* from_bt[] = {
3062 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3063 };
|