< prev index next >

src/hotspot/share/classfile/verifier.cpp

Print this page

  26 #include "classfile/classFileStream.hpp"
  27 #include "classfile/classLoader.hpp"
  28 #include "classfile/javaClasses.hpp"
  29 #include "classfile/stackMapTable.hpp"
  30 #include "classfile/stackMapFrame.hpp"
  31 #include "classfile/stackMapTableFormat.hpp"
  32 #include "classfile/symbolTable.hpp"
  33 #include "classfile/systemDictionary.hpp"
  34 #include "classfile/verifier.hpp"
  35 #include "classfile/vmClasses.hpp"
  36 #include "classfile/vmSymbols.hpp"
  37 #include "interpreter/bytecodes.hpp"
  38 #include "interpreter/bytecodeStream.hpp"
  39 #include "jvm.h"
  40 #include "logging/log.hpp"
  41 #include "logging/logStream.hpp"
  42 #include "memory/oopFactory.hpp"
  43 #include "memory/resourceArea.hpp"
  44 #include "memory/universe.hpp"
  45 #include "oops/constantPool.inline.hpp"

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/javaThread.hpp"
  56 #include "runtime/jniHandles.inline.hpp"
  57 #include "runtime/os.hpp"
  58 #include "runtime/safepointVerifiers.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 #if INCLUDE_CDS
  63 #include "classfile/systemDictionaryShared.hpp"
  64 #endif
  65 
  66 #define NOFAILOVER_MAJOR_VERSION                       51
  67 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  68 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52

  69 #define MAX_ARRAY_DIMENSIONS 255
  70 
  71 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  72 
  73 extern "C" {
  74   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  75 }
  76 
  77 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  78 
  79 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  80 
  81   if (_verify_byte_codes_fn != nullptr)
  82     return _verify_byte_codes_fn;
  83 
  84   MutexLocker locker(Verify_lock);
  85 
  86   if (_verify_byte_codes_fn != nullptr)
  87     return _verify_byte_codes_fn;
  88 

 462         _expected.details(ss);
 463       } else {
 464         ss->print("Invalid type: ");
 465         _type.details(ss);
 466       }
 467       break;
 468     case FLAGS_MISMATCH:
 469       if (_expected.is_valid()) {
 470         ss->print("Current frame's flags are not assignable "
 471                   "to stack map frame's.");
 472       } else {
 473         ss->print("Current frame's flags are invalid in this context.");
 474       }
 475       break;
 476     case BAD_CP_INDEX:
 477       ss->print("Constant pool index %d is invalid", _type.index());
 478       break;
 479     case BAD_LOCAL_INDEX:
 480       ss->print("Local index %d is invalid", _type.index());
 481       break;



 482     case LOCALS_SIZE_MISMATCH:
 483       ss->print("Current frame's local size doesn't match stackmap.");
 484       break;
 485     case STACK_SIZE_MISMATCH:
 486       ss->print("Current frame's stack size doesn't match stackmap.");
 487       break;



 488     case STACK_OVERFLOW:
 489       ss->print("Exceeded max stack size.");
 490       break;
 491     case STACK_UNDERFLOW:
 492       ss->print("Attempt to pop empty stack.");
 493       break;
 494     case MISSING_STACKMAP:
 495       ss->print("Expected stackmap frame at this location.");
 496       break;
 497     case BAD_STACKMAP:
 498       ss->print("Invalid stackmap specification.");
 499       break;







 500     case UNKNOWN:
 501     default:
 502       ShouldNotReachHere();
 503       ss->print_cr("Unknown");
 504   }
 505   ss->cr();
 506 }
 507 
 508 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 509   if (_bci != -1 && method != nullptr) {
 510     streamIndentor si(ss);
 511     const char* bytecode_name = "<invalid>";
 512     if (method->validate_bci(_bci) != -1) {
 513       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 514       if (Bytecodes::is_defined(code)) {
 515           bytecode_name = Bytecodes::name(code);
 516       } else {
 517           bytecode_name = "<illegal>";
 518       }
 519     }

 600 ClassVerifier::~ClassVerifier() {
 601   // Decrement the reference count for any symbols created.
 602   if (_symbols != nullptr) {
 603     for (int i = 0; i < _symbols->length(); i++) {
 604       Symbol* s = _symbols->at(i);
 605       s->decrement_refcount();
 606     }
 607   }
 608 }
 609 
 610 VerificationType ClassVerifier::object_type() const {
 611   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 612 }
 613 
 614 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 615   VerificationType vt = VerificationType::reference_type(
 616                          create_temporary_symbol(sig, (int)strlen(sig)));
 617   return TypeOrigin::implicit(vt);
 618 }
 619 





 620 
 621 void ClassVerifier::verify_class(TRAPS) {
 622   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 623 
 624   // Either verifying both local and remote classes or just remote classes.
 625   assert(BytecodeVerificationRemote, "Should not be here");
 626 
 627   Array<Method*>* methods = _klass->methods();
 628   int num_methods = methods->length();
 629 
 630   for (int index = 0; index < num_methods; index++) {
 631     // Check for recursive re-verification before each method.
 632     if (was_recursively_verified()) return;
 633 
 634     Method* m = methods->at(index);
 635     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 636       // If m is native or abstract, skip it.  It is checked in class file
 637       // parser that methods do not override a final method.  Overpass methods
 638       // are trusted since the VM generates them.
 639       continue;

 695   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 696   assert(is_unique, "Duplicate entries in method_signature_table");
 697 }
 698 
 699 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 700   HandleMark hm(THREAD);
 701   _method = m;   // initialize _method
 702   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 703 
 704 // For clang, the only good constant format string is a literal constant format string.
 705 #define bad_type_msg "Bad type on operand stack in %s"
 706 
 707   u2 max_stack = m->verifier_max_stack();
 708   u2 max_locals = m->max_locals();
 709   constantPoolHandle cp(THREAD, m->constants());
 710 
 711   // Method signature was checked in ClassFileParser.
 712   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 713          "Invalid method signature");
 714 















 715   // Initial stack map frame: offset is 0, stack is initially empty.
 716   StackMapFrame current_frame(max_locals, max_stack, this);
 717   // Set initial locals
 718   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 719 
 720   u2 stackmap_index = 0; // index to the stackmap array
 721 
 722   u4 code_length = m->code_size();
 723 
 724   // Scan the bytecode and map each instruction's start offset to a number.
 725   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 726 
 727   int ex_min = code_length;
 728   int ex_max = -1;
 729   // Look through each item on the exception table. Each of the fields must refer
 730   // to a legal instruction.
 731   if (was_recursively_verified()) return;
 732   verify_exception_handler_table(
 733     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 734 
 735   // Look through each entry on the local variable table and make sure
 736   // its range of code array offsets is valid. (4169817)
 737   if (m->has_localvariable_table()) {
 738     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 739   }
 740 
 741   Array<u1>* stackmap_data = m->stackmap_data();
 742   StackMapStream stream(stackmap_data);
 743   StackMapReader reader(this, &stream, code_data, code_length, &current_frame, max_locals, max_stack, THREAD);
 744   StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
 745 
 746   LogTarget(Debug, verification) lt;
 747   if (lt.is_enabled()) {
 748     LogStream ls(lt);
 749     stackmap_table.print_on(&ls);
 750   }
 751 
 752   RawBytecodeStream bcs(m);
 753 
 754   // Scan the byte code linearly from the start to the end
 755   bool no_control_flow = false; // Set to true when there is no direct control
 756                                 // flow from current instruction to the next
 757                                 // instruction in sequence
 758 
 759   Bytecodes::Code opcode;
 760   while (!bcs.is_last_bytecode()) {
 761     // Check for recursive re-verification before each bytecode.
 762     if (was_recursively_verified())  return;
 763 

1664             VerificationType::double2_type(),  CHECK_VERIFY(this));
1665           type = current_frame.pop_stack(
1666             VerificationType::double_type(), CHECK_VERIFY(this));
1667           verify_return_value(return_type, type, bci,
1668                               &current_frame, CHECK_VERIFY(this));
1669           no_control_flow = true; break;
1670         case Bytecodes::_areturn :
1671           type = current_frame.pop_stack(
1672             VerificationType::reference_check(), CHECK_VERIFY(this));
1673           verify_return_value(return_type, type, bci,
1674                               &current_frame, CHECK_VERIFY(this));
1675           no_control_flow = true; break;
1676         case Bytecodes::_return :
1677           if (return_type != VerificationType::bogus_type()) {
1678             verify_error(ErrorContext::bad_code(bci),
1679                          "Method expects a return value");
1680             return;
1681           }
1682           // Make sure "this" has been initialized if current method is an
1683           // <init>.
1684           if (_method->name() == vmSymbols::object_initializer_name() &&
1685               current_frame.flag_this_uninit()) {
1686             verify_error(ErrorContext::bad_code(bci),
1687                          "Constructor must call super() or this() "
1688                          "before return");
1689             return;
1690           }
1691           no_control_flow = true; break;
1692         case Bytecodes::_getstatic :
1693         case Bytecodes::_putstatic :
1694           // pass TRUE, operand can be an array type for getstatic/putstatic.
1695           verify_field_instructions(
1696             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1697           no_control_flow = false; break;
1698         case Bytecodes::_getfield :
1699         case Bytecodes::_putfield :
1700           // pass FALSE, operand can't be an array type for getfield/putfield.
1701           verify_field_instructions(
1702             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1703           no_control_flow = false; break;
1704         case Bytecodes::_invokevirtual :
1705         case Bytecodes::_invokespecial :
1706         case Bytecodes::_invokestatic :
1707           verify_invoke_instructions(
1708             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1709             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1710           no_control_flow = false; break;
1711         case Bytecodes::_invokeinterface :
1712         case Bytecodes::_invokedynamic :
1713           verify_invoke_instructions(
1714             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1715             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1716           no_control_flow = false; break;
1717         case Bytecodes::_new :
1718         {
1719           u2 index = bcs.get_index_u2();
1720           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1721           VerificationType new_class_type =
1722             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1723           if (!new_class_type.is_object()) {
1724             verify_error(ErrorContext::bad_type(bci,
1725                 TypeOrigin::cp(index, new_class_type)),
1726                 "Illegal new instruction");
1727             return;
1728           }
1729           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1730           current_frame.push_stack(type, CHECK_VERIFY(this));
1731           no_control_flow = false; break;
1732         }
1733         case Bytecodes::_newarray :
1734           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1735           current_frame.pop_stack(

1753           no_control_flow = false; break;
1754         case Bytecodes::_checkcast :
1755         {
1756           u2 index = bcs.get_index_u2();
1757           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1758           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1759           VerificationType klass_type = cp_index_to_type(
1760             index, cp, CHECK_VERIFY(this));
1761           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1762           no_control_flow = false; break;
1763         }
1764         case Bytecodes::_instanceof : {
1765           u2 index = bcs.get_index_u2();
1766           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1767           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1768           current_frame.push_stack(
1769             VerificationType::integer_type(), CHECK_VERIFY(this));
1770           no_control_flow = false; break;
1771         }
1772         case Bytecodes::_monitorenter :
1773         case Bytecodes::_monitorexit :
1774           current_frame.pop_stack(
1775             VerificationType::reference_check(), CHECK_VERIFY(this));
1776           no_control_flow = false; break;

1777         case Bytecodes::_multianewarray :
1778         {
1779           u2 index = bcs.get_index_u2();
1780           u2 dim = *(bcs.bcp()+3);
1781           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1782           VerificationType new_array_type =
1783             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1784           if (!new_array_type.is_array()) {
1785             verify_error(ErrorContext::bad_type(bci,
1786                 TypeOrigin::cp(index, new_array_type)),
1787                 "Illegal constant pool index in multianewarray instruction");
1788             return;
1789           }
1790           if (dim < 1 || new_array_type.dimensions() < dim) {
1791             verify_error(ErrorContext::bad_code(bci),
1792                 "Illegal dimension in multianewarray instruction: %d", dim);
1793             return;
1794           }
1795           for (int i = 0; i < dim; i++) {
1796             current_frame.pop_stack(

2134   } else {
2135     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136     if (member_klass != nullptr && fd.is_protected()) {
2137       if (!this_class->is_same_class_package(member_klass)) {
2138         return true;
2139       }
2140     }
2141   }
2142   return false;
2143 }
2144 
2145 void ClassVerifier::verify_ldc(
2146     int opcode, u2 index, StackMapFrame* current_frame,
2147     const constantPoolHandle& cp, int bci, TRAPS) {
2148   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149   constantTag tag = cp->tag_at(index);
2150   unsigned int types = 0;
2151   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152     if (!tag.is_unresolved_klass()) {
2153       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2155             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156             | (1 << JVM_CONSTANT_Dynamic);
2157       // Note:  The class file parser already verified the legality of
2158       // MethodHandle and MethodType constants.
2159       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160     }
2161   } else {
2162     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164           | (1 << JVM_CONSTANT_Dynamic);
2165     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166   }
2167   if (tag.is_string()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172     current_frame->push_stack(
2173       VerificationType::reference_type(
2174         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2310                                               const constantPoolHandle& cp,
2311                                               bool allow_arrays,
2312                                               TRAPS) {
2313   u2 index = bcs->get_index_u2();
2314   verify_cp_type(bcs->bci(), index, cp,
2315       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2316 
2317   // Get field name and signature
2318   Symbol* field_name = cp->uncached_name_ref_at(index);
2319   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2320   bool is_getfield = false;
2321 
2322   // Field signature was checked in ClassFileParser.
2323   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2324          "Invalid field signature");
2325 
2326   // Get referenced class type
2327   VerificationType ref_class_type = cp_ref_index_to_type(
2328     index, cp, CHECK_VERIFY(this));
2329   if (!ref_class_type.is_object() &&
2330     (!allow_arrays || !ref_class_type.is_array())) {
2331     verify_error(ErrorContext::bad_type(bcs->bci(),
2332         TypeOrigin::cp(index, ref_class_type)),
2333         "Expecting reference to class in class %s at constant pool index %d",
2334         _klass->external_name(), index);
2335     return;
2336   }

2337   VerificationType target_class_type = ref_class_type;
2338 
2339   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2340         "buffer type must match VerificationType size");
2341   uintptr_t field_type_buffer[2];
2342   VerificationType* field_type = (VerificationType*)field_type_buffer;
2343   // If we make a VerificationType[2] array directly, the compiler calls
2344   // to the c-runtime library to do the allocation instead of just
2345   // stack allocating it.  Plus it would run constructors.  This shows up
2346   // in performance profiles.
2347 
2348   SignatureStream sig_stream(field_sig, false);
2349   VerificationType stack_object_type;
2350   int n = change_sig_to_verificationType(&sig_stream, field_type);
2351   int bci = bcs->bci();
2352   bool is_assignable;
2353   switch (bcs->raw_code()) {
2354     case Bytecodes::_getstatic: {
2355       for (int i = 0; i < n; i++) {
2356         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));

2358       break;
2359     }
2360     case Bytecodes::_putstatic: {
2361       for (int i = n - 1; i >= 0; i--) {
2362         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2363       }
2364       break;
2365     }
2366     case Bytecodes::_getfield: {
2367       is_getfield = true;
2368       stack_object_type = current_frame->pop_stack(
2369         target_class_type, CHECK_VERIFY(this));
2370       goto check_protected;
2371     }
2372     case Bytecodes::_putfield: {
2373       for (int i = n - 1; i >= 0; i--) {
2374         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375       }
2376       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377 
2378       // The JVMS 2nd edition allows field initialization before the superclass
2379       // initializer, if the field is defined within the current class.
2380       fieldDescriptor fd;
2381       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382           target_class_type.equals(current_type()) &&
2383           _klass->find_local_field(field_name, field_sig, &fd)) {
2384         stack_object_type = current_type();




















2385       }
2386       is_assignable = target_class_type.is_assignable_from(
2387         stack_object_type, this, false, CHECK_VERIFY(this));
2388       if (!is_assignable) {
2389         verify_error(ErrorContext::bad_type(bci,
2390             current_frame->stack_top_ctx(),
2391             TypeOrigin::cp(index, target_class_type)),
2392             "Bad type on operand stack in putfield");
2393         return;
2394       }
2395     }
2396     check_protected: {
2397       if (_this_type == stack_object_type)
2398         break; // stack_object_type must be assignable to _current_class_type
2399       if (was_recursively_verified()) {
2400         if (is_getfield) {
2401           // Push field type for getfield.
2402           for (int i = 0; i < n; i++) {
2403             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2404           }

2646 }
2647 
2648 void ClassVerifier::verify_invoke_init(
2649     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2650     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2651     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2652     TRAPS) {
2653   int bci = bcs->bci();
2654   VerificationType type = current_frame->pop_stack(
2655     VerificationType::reference_check(), CHECK_VERIFY(this));
2656   if (type == VerificationType::uninitialized_this_type()) {
2657     // The method must be an <init> method of this class or its superclass
2658     Klass* superk = current_class()->super();
2659     if (ref_class_type.name() != current_class()->name() &&
2660         ref_class_type.name() != superk->name()) {
2661       verify_error(ErrorContext::bad_type(bci,
2662           TypeOrigin::implicit(ref_class_type),
2663           TypeOrigin::implicit(current_type())),
2664           "Bad <init> method call");
2665       return;







2666     }
2667 
2668     // If this invokespecial call is done from inside of a TRY block then make
2669     // sure that all catch clause paths end in a throw.  Otherwise, this can
2670     // result in returning an incomplete object.
2671     if (in_try_block) {
2672       ExceptionTable exhandlers(_method());
2673       int exlength = exhandlers.length();
2674       for(int i = 0; i < exlength; i++) {
2675         u2 start_pc = exhandlers.start_pc(i);
2676         u2 end_pc = exhandlers.end_pc(i);
2677 
2678         if (bci >= start_pc && bci < end_pc) {
2679           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2680             verify_error(ErrorContext::bad_code(bci),
2681               "Bad <init> method call from after the start of a try block");
2682             return;
2683           } else if (log_is_enabled(Debug, verification)) {
2684             ResourceMark rm(THREAD);
2685             log_debug(verification)("Survived call to ends_in_athrow(): %s",

2769 bool ClassVerifier::is_same_or_direct_interface(
2770     InstanceKlass* klass,
2771     VerificationType klass_type,
2772     VerificationType ref_class_type) {
2773   if (ref_class_type.equals(klass_type)) return true;
2774   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2775   if (local_interfaces != nullptr) {
2776     for (int x = 0; x < local_interfaces->length(); x++) {
2777       InstanceKlass* k = local_interfaces->at(x);
2778       assert (k != nullptr && k->is_interface(), "invalid interface");
2779       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2780         return true;
2781       }
2782     }
2783   }
2784   return false;
2785 }
2786 
2787 void ClassVerifier::verify_invoke_instructions(
2788     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2789     bool in_try_block, bool *this_uninit, VerificationType return_type,
2790     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2791   // Make sure the constant pool item is the right type
2792   u2 index = bcs->get_index_u2();
2793   Bytecodes::Code opcode = bcs->raw_code();
2794   unsigned int types = 0;
2795   switch (opcode) {
2796     case Bytecodes::_invokeinterface:
2797       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2798       break;
2799     case Bytecodes::_invokedynamic:
2800       types = 1 << JVM_CONSTANT_InvokeDynamic;
2801       break;
2802     case Bytecodes::_invokespecial:
2803     case Bytecodes::_invokestatic:
2804       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2805         (1 << JVM_CONSTANT_Methodref) :
2806         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2807       break;
2808     default:
2809       types = 1 << JVM_CONSTANT_Methodref;
2810   }
2811   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2812 
2813   // Get method name and signature
2814   Symbol* method_name = cp->uncached_name_ref_at(index);
2815   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2816 
2817   // Method signature was checked in ClassFileParser.
2818   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2819          "Invalid method signature");
2820 
2821   // Get referenced class type
2822   VerificationType ref_class_type;
2823   if (opcode == Bytecodes::_invokedynamic) {
2824     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2825       class_format_error(
2826         "invokedynamic instructions not supported by this class file version (%d), class %s",
2827         _klass->major_version(), _klass->external_name());
2828       return;
2829     }
2830   } else {
2831     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2832   }
2833 
2834   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2835         "buffer type must match VerificationType size");
2836 
2837   // Get the UTF8 index for this signature.
2838   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2839 
2840   // Get the signature's verification types.
2841   sig_as_verification_types* mth_sig_verif_types;

2867           "Inconsistent args count operand in invokeinterface");
2868       return;
2869     }
2870     if (*(bcp+4) != 0) {
2871       verify_error(ErrorContext::bad_code(bci),
2872           "Fourth operand byte of invokeinterface must be zero");
2873       return;
2874     }
2875   }
2876 
2877   if (opcode == Bytecodes::_invokedynamic) {
2878     address bcp = bcs->bcp();
2879     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2880       verify_error(ErrorContext::bad_code(bci),
2881           "Third and fourth operand bytes of invokedynamic must be zero");
2882       return;
2883     }
2884   }
2885 
2886   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2887     // Make sure <init> can only be invoked by invokespecial

2888     if (opcode != Bytecodes::_invokespecial ||
2889         method_name != vmSymbols::object_initializer_name()) {
2890       verify_error(ErrorContext::bad_code(bci),
2891           "Illegal call to internal method");
2892       return;
2893     }
2894   } else if (opcode == Bytecodes::_invokespecial
2895              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2896              && !ref_class_type.equals(VerificationType::reference_type(
2897                   current_class()->super()->name()))) {
2898     bool subtype = false;
2899     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2900     subtype = ref_class_type.is_assignable_from(
2901                current_type(), this, false, CHECK_VERIFY(this));
2902     if (!subtype) {
2903       verify_error(ErrorContext::bad_code(bci),
2904           "Bad invokespecial instruction: "
2905           "current class isn't assignable to reference class.");
2906        return;
2907     } else if (have_imr_indirect) {
2908       verify_error(ErrorContext::bad_code(bci),
2909           "Bad invokespecial instruction: "
2910           "interface method reference is in an indirect superinterface.");
2911       return;
2912     }
2913 
2914   }
2915 
2916   // Get the verification types for the method's arguments.
2917   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();

2962                   verify_error(ErrorContext::bad_type(bci,
2963                       current_frame->stack_top_ctx(),
2964                       TypeOrigin::implicit(current_type())),
2965                       "Bad access to protected data in invokevirtual");
2966                   return;
2967                 }
2968               }
2969             }
2970           }
2971         }
2972       } else {
2973         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2974         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2975       }
2976     }
2977   }
2978   // Push the result type.
2979   int sig_verif_types_len = sig_verif_types->length();
2980   if (sig_verif_types_len > nargs) {  // There's a return type
2981     if (method_name == vmSymbols::object_initializer_name()) {
2982       // <init> method must have a void return type
2983       /* Unreachable?  Class file parser verifies that methods with '<' have
2984        * void return */
2985       verify_error(ErrorContext::bad_code(bci),
2986           "Return type must be void in <init> method");
2987       return;
2988     }
2989 
2990     assert(sig_verif_types_len <= nargs + 2,
2991            "Signature verification types array return type is bogus");
2992     for (int i = nargs; i < sig_verif_types_len; i++) {
2993       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2994              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2995       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2996     }
2997   }
2998 }
2999 
3000 VerificationType ClassVerifier::get_newarray_type(
3001     u2 index, int bci, TRAPS) {
3002   const char* from_bt[] = {
3003     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3004   };

  26 #include "classfile/classFileStream.hpp"
  27 #include "classfile/classLoader.hpp"
  28 #include "classfile/javaClasses.hpp"
  29 #include "classfile/stackMapTable.hpp"
  30 #include "classfile/stackMapFrame.hpp"
  31 #include "classfile/stackMapTableFormat.hpp"
  32 #include "classfile/symbolTable.hpp"
  33 #include "classfile/systemDictionary.hpp"
  34 #include "classfile/verifier.hpp"
  35 #include "classfile/vmClasses.hpp"
  36 #include "classfile/vmSymbols.hpp"
  37 #include "interpreter/bytecodes.hpp"
  38 #include "interpreter/bytecodeStream.hpp"
  39 #include "jvm.h"
  40 #include "logging/log.hpp"
  41 #include "logging/logStream.hpp"
  42 #include "memory/oopFactory.hpp"
  43 #include "memory/resourceArea.hpp"
  44 #include "memory/universe.hpp"
  45 #include "oops/constantPool.inline.hpp"
  46 #include "oops/fieldStreams.inline.hpp"
  47 #include "oops/instanceKlass.inline.hpp"
  48 #include "oops/klass.inline.hpp"
  49 #include "oops/oop.inline.hpp"
  50 #include "oops/typeArrayOop.hpp"
  51 #include "runtime/arguments.hpp"
  52 #include "runtime/fieldDescriptor.inline.hpp"
  53 #include "runtime/handles.inline.hpp"
  54 #include "runtime/interfaceSupport.inline.hpp"
  55 #include "runtime/javaCalls.hpp"
  56 #include "runtime/javaThread.hpp"
  57 #include "runtime/jniHandles.inline.hpp"
  58 #include "runtime/os.hpp"
  59 #include "runtime/safepointVerifiers.hpp"
  60 #include "services/threadService.hpp"
  61 #include "utilities/align.hpp"
  62 #include "utilities/bytes.hpp"
  63 #if INCLUDE_CDS
  64 #include "classfile/systemDictionaryShared.hpp"
  65 #endif
  66 
  67 #define NOFAILOVER_MAJOR_VERSION                       51
  68 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  69 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  70 #define INLINE_TYPE_MAJOR_VERSION                       56
  71 #define MAX_ARRAY_DIMENSIONS 255
  72 
  73 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  74 
  75 extern "C" {
  76   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  77 }
  78 
  79 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
  80 
  81 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  82 
  83   if (_verify_byte_codes_fn != nullptr)
  84     return _verify_byte_codes_fn;
  85 
  86   MutexLocker locker(Verify_lock);
  87 
  88   if (_verify_byte_codes_fn != nullptr)
  89     return _verify_byte_codes_fn;
  90 

 464         _expected.details(ss);
 465       } else {
 466         ss->print("Invalid type: ");
 467         _type.details(ss);
 468       }
 469       break;
 470     case FLAGS_MISMATCH:
 471       if (_expected.is_valid()) {
 472         ss->print("Current frame's flags are not assignable "
 473                   "to stack map frame's.");
 474       } else {
 475         ss->print("Current frame's flags are invalid in this context.");
 476       }
 477       break;
 478     case BAD_CP_INDEX:
 479       ss->print("Constant pool index %d is invalid", _type.index());
 480       break;
 481     case BAD_LOCAL_INDEX:
 482       ss->print("Local index %d is invalid", _type.index());
 483       break;
 484     case BAD_STRICT_FIELDS:
 485       ss->print("Invalid use of strict instance fields");
 486       break;
 487     case LOCALS_SIZE_MISMATCH:
 488       ss->print("Current frame's local size doesn't match stackmap.");
 489       break;
 490     case STACK_SIZE_MISMATCH:
 491       ss->print("Current frame's stack size doesn't match stackmap.");
 492       break;
 493     case STRICT_FIELDS_MISMATCH:
 494       ss->print("Current frame's strict instance fields not compatible with stackmap.");
 495       break;
 496     case STACK_OVERFLOW:
 497       ss->print("Exceeded max stack size.");
 498       break;
 499     case STACK_UNDERFLOW:
 500       ss->print("Attempt to pop empty stack.");
 501       break;
 502     case MISSING_STACKMAP:
 503       ss->print("Expected stackmap frame at this location.");
 504       break;
 505     case BAD_STACKMAP:
 506       ss->print("Invalid stackmap specification.");
 507       break;
 508     case WRONG_INLINE_TYPE:
 509       ss->print("Type ");
 510       _type.details(ss);
 511       ss->print(" and type ");
 512       _expected.details(ss);
 513       ss->print(" must be identical inline types.");
 514       break;
 515     case UNKNOWN:
 516     default:
 517       ShouldNotReachHere();
 518       ss->print_cr("Unknown");
 519   }
 520   ss->cr();
 521 }
 522 
 523 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 524   if (_bci != -1 && method != nullptr) {
 525     streamIndentor si(ss);
 526     const char* bytecode_name = "<invalid>";
 527     if (method->validate_bci(_bci) != -1) {
 528       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 529       if (Bytecodes::is_defined(code)) {
 530           bytecode_name = Bytecodes::name(code);
 531       } else {
 532           bytecode_name = "<illegal>";
 533       }
 534     }

 615 ClassVerifier::~ClassVerifier() {
 616   // Decrement the reference count for any symbols created.
 617   if (_symbols != nullptr) {
 618     for (int i = 0; i < _symbols->length(); i++) {
 619       Symbol* s = _symbols->at(i);
 620       s->decrement_refcount();
 621     }
 622   }
 623 }
 624 
 625 VerificationType ClassVerifier::object_type() const {
 626   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 627 }
 628 
 629 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 630   VerificationType vt = VerificationType::reference_type(
 631                          create_temporary_symbol(sig, (int)strlen(sig)));
 632   return TypeOrigin::implicit(vt);
 633 }
 634 
 635 static bool supports_strict_fields(InstanceKlass* klass) {
 636   int ver = klass->major_version();
 637   return ver > Verifier::VALUE_TYPES_MAJOR_VERSION ||
 638          (ver == Verifier::VALUE_TYPES_MAJOR_VERSION && klass->minor_version() == Verifier::JAVA_PREVIEW_MINOR_VERSION);
 639 }
 640 
 641 void ClassVerifier::verify_class(TRAPS) {
 642   log_info(verification)("Verifying class %s with new format", _klass->external_name());
 643 
 644   // Either verifying both local and remote classes or just remote classes.
 645   assert(BytecodeVerificationRemote, "Should not be here");
 646 
 647   Array<Method*>* methods = _klass->methods();
 648   int num_methods = methods->length();
 649 
 650   for (int index = 0; index < num_methods; index++) {
 651     // Check for recursive re-verification before each method.
 652     if (was_recursively_verified()) return;
 653 
 654     Method* m = methods->at(index);
 655     if (m->is_native() || m->is_abstract() || m->is_overpass()) {
 656       // If m is native or abstract, skip it.  It is checked in class file
 657       // parser that methods do not override a final method.  Overpass methods
 658       // are trusted since the VM generates them.
 659       continue;

 715   bool is_unique = method_signatures_table()->put(sig_index, sig_verif_types);
 716   assert(is_unique, "Duplicate entries in method_signature_table");
 717 }
 718 
 719 void ClassVerifier::verify_method(const methodHandle& m, TRAPS) {
 720   HandleMark hm(THREAD);
 721   _method = m;   // initialize _method
 722   log_info(verification)("Verifying method %s", m->name_and_sig_as_C_string());
 723 
 724 // For clang, the only good constant format string is a literal constant format string.
 725 #define bad_type_msg "Bad type on operand stack in %s"
 726 
 727   u2 max_stack = m->verifier_max_stack();
 728   u2 max_locals = m->max_locals();
 729   constantPoolHandle cp(THREAD, m->constants());
 730 
 731   // Method signature was checked in ClassFileParser.
 732   assert(SignatureVerifier::is_valid_method_signature(m->signature()),
 733          "Invalid method signature");
 734 
 735   // Collect the initial strict instance fields
 736   StackMapFrame::AssertUnsetFieldTable* strict_fields = new StackMapFrame::AssertUnsetFieldTable();
 737   if (m->is_object_constructor()) {
 738     for (AllFieldStream fs(m->method_holder()); !fs.done(); fs.next()) {
 739       if (fs.access_flags().is_strict() && !fs.access_flags().is_static()) {
 740         NameAndSig new_field(fs.name(), fs.signature());
 741         if (IgnoreAssertUnsetFields) {
 742           strict_fields->put(new_field, true);
 743         } else {
 744           strict_fields->put(new_field, false);
 745         }
 746       }
 747     }
 748   }
 749 
 750   // Initial stack map frame: offset is 0, stack is initially empty.
 751   StackMapFrame current_frame(max_locals, max_stack, strict_fields, this);
 752   // Set initial locals
 753   VerificationType return_type = current_frame.set_locals_from_arg( m, current_type());
 754 
 755   u2 stackmap_index = 0; // index to the stackmap array
 756 
 757   u4 code_length = m->code_size();
 758 
 759   // Scan the bytecode and map each instruction's start offset to a number.
 760   char* code_data = generate_code_data(m, code_length, CHECK_VERIFY(this));
 761 
 762   int ex_min = code_length;
 763   int ex_max = -1;
 764   // Look through each item on the exception table. Each of the fields must refer
 765   // to a legal instruction.
 766   if (was_recursively_verified()) return;
 767   verify_exception_handler_table(
 768     code_length, code_data, ex_min, ex_max, CHECK_VERIFY(this));
 769 
 770   // Look through each entry on the local variable table and make sure
 771   // its range of code array offsets is valid. (4169817)
 772   if (m->has_localvariable_table()) {
 773     verify_local_variable_table(code_length, code_data, CHECK_VERIFY(this));
 774   }
 775 
 776   Array<u1>* stackmap_data = m->stackmap_data();
 777   StackMapStream stream(stackmap_data);
 778   StackMapReader reader(this, &stream, code_data, code_length, &current_frame, max_locals, max_stack, strict_fields, THREAD);
 779   StackMapTable stackmap_table(&reader, CHECK_VERIFY(this));
 780 
 781   LogTarget(Debug, verification) lt;
 782   if (lt.is_enabled()) {
 783     LogStream ls(lt);
 784     stackmap_table.print_on(&ls);
 785   }
 786 
 787   RawBytecodeStream bcs(m);
 788 
 789   // Scan the byte code linearly from the start to the end
 790   bool no_control_flow = false; // Set to true when there is no direct control
 791                                 // flow from current instruction to the next
 792                                 // instruction in sequence
 793 
 794   Bytecodes::Code opcode;
 795   while (!bcs.is_last_bytecode()) {
 796     // Check for recursive re-verification before each bytecode.
 797     if (was_recursively_verified())  return;
 798 

1699             VerificationType::double2_type(),  CHECK_VERIFY(this));
1700           type = current_frame.pop_stack(
1701             VerificationType::double_type(), CHECK_VERIFY(this));
1702           verify_return_value(return_type, type, bci,
1703                               &current_frame, CHECK_VERIFY(this));
1704           no_control_flow = true; break;
1705         case Bytecodes::_areturn :
1706           type = current_frame.pop_stack(
1707             VerificationType::reference_check(), CHECK_VERIFY(this));
1708           verify_return_value(return_type, type, bci,
1709                               &current_frame, CHECK_VERIFY(this));
1710           no_control_flow = true; break;
1711         case Bytecodes::_return :
1712           if (return_type != VerificationType::bogus_type()) {
1713             verify_error(ErrorContext::bad_code(bci),
1714                          "Method expects a return value");
1715             return;
1716           }
1717           // Make sure "this" has been initialized if current method is an
1718           // <init>.
1719           if (_method->is_object_constructor() &&
1720               current_frame.flag_this_uninit()) {
1721             verify_error(ErrorContext::bad_code(bci),
1722                          "Constructor must call super() or this() "
1723                          "before return");
1724             return;
1725           }
1726           no_control_flow = true; break;
1727         case Bytecodes::_getstatic :
1728         case Bytecodes::_putstatic :
1729           // pass TRUE, operand can be an array type for getstatic/putstatic.
1730           verify_field_instructions(
1731             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1732           no_control_flow = false; break;
1733         case Bytecodes::_getfield :
1734         case Bytecodes::_putfield :
1735           // pass FALSE, operand can't be an array type for getfield/putfield.
1736           verify_field_instructions(
1737             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1738           no_control_flow = false; break;
1739         case Bytecodes::_invokevirtual :
1740         case Bytecodes::_invokespecial :
1741         case Bytecodes::_invokestatic :




1742         case Bytecodes::_invokeinterface :
1743         case Bytecodes::_invokedynamic :
1744           verify_invoke_instructions(
1745             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1746             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1747           no_control_flow = false; break;
1748         case Bytecodes::_new :
1749         {
1750           u2 index = bcs.get_index_u2();
1751           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1752           VerificationType new_class_type =
1753             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1754           if (!new_class_type.is_object()) {
1755             verify_error(ErrorContext::bad_type(bci,
1756                 TypeOrigin::cp(index, new_class_type)),
1757                 "Illegal new instruction");
1758             return;
1759           }
1760           type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1761           current_frame.push_stack(type, CHECK_VERIFY(this));
1762           no_control_flow = false; break;
1763         }
1764         case Bytecodes::_newarray :
1765           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1766           current_frame.pop_stack(

1784           no_control_flow = false; break;
1785         case Bytecodes::_checkcast :
1786         {
1787           u2 index = bcs.get_index_u2();
1788           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1789           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1790           VerificationType klass_type = cp_index_to_type(
1791             index, cp, CHECK_VERIFY(this));
1792           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1793           no_control_flow = false; break;
1794         }
1795         case Bytecodes::_instanceof : {
1796           u2 index = bcs.get_index_u2();
1797           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1799           current_frame.push_stack(
1800             VerificationType::integer_type(), CHECK_VERIFY(this));
1801           no_control_flow = false; break;
1802         }
1803         case Bytecodes::_monitorenter :
1804         case Bytecodes::_monitorexit : {
1805           VerificationType ref = current_frame.pop_stack(
1806             VerificationType::reference_check(), CHECK_VERIFY(this));
1807           no_control_flow = false; break;
1808         }
1809         case Bytecodes::_multianewarray :
1810         {
1811           u2 index = bcs.get_index_u2();
1812           u2 dim = *(bcs.bcp()+3);
1813           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1814           VerificationType new_array_type =
1815             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1816           if (!new_array_type.is_array()) {
1817             verify_error(ErrorContext::bad_type(bci,
1818                 TypeOrigin::cp(index, new_array_type)),
1819                 "Illegal constant pool index in multianewarray instruction");
1820             return;
1821           }
1822           if (dim < 1 || new_array_type.dimensions() < dim) {
1823             verify_error(ErrorContext::bad_code(bci),
1824                 "Illegal dimension in multianewarray instruction: %d", dim);
1825             return;
1826           }
1827           for (int i = 0; i < dim; i++) {
1828             current_frame.pop_stack(

2166   } else {
2167     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2168     if (member_klass != nullptr && fd.is_protected()) {
2169       if (!this_class->is_same_class_package(member_klass)) {
2170         return true;
2171       }
2172     }
2173   }
2174   return false;
2175 }
2176 
2177 void ClassVerifier::verify_ldc(
2178     int opcode, u2 index, StackMapFrame* current_frame,
2179     const constantPoolHandle& cp, int bci, TRAPS) {
2180   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2181   constantTag tag = cp->tag_at(index);
2182   unsigned int types = 0;
2183   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2184     if (!tag.is_unresolved_klass()) {
2185       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2186             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2187             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2188             | (1 << JVM_CONSTANT_Dynamic);
2189       // Note:  The class file parser already verified the legality of
2190       // MethodHandle and MethodType constants.
2191       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2192     }
2193   } else {
2194     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2195     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2196           | (1 << JVM_CONSTANT_Dynamic);
2197     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2198   }
2199   if (tag.is_string()) {
2200     current_frame->push_stack(
2201       VerificationType::reference_type(
2202         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2203   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2204     current_frame->push_stack(
2205       VerificationType::reference_type(
2206         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2342                                               const constantPoolHandle& cp,
2343                                               bool allow_arrays,
2344                                               TRAPS) {
2345   u2 index = bcs->get_index_u2();
2346   verify_cp_type(bcs->bci(), index, cp,
2347       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2348 
2349   // Get field name and signature
2350   Symbol* field_name = cp->uncached_name_ref_at(index);
2351   Symbol* field_sig = cp->uncached_signature_ref_at(index);
2352   bool is_getfield = false;
2353 
2354   // Field signature was checked in ClassFileParser.
2355   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2356          "Invalid field signature");
2357 
2358   // Get referenced class type
2359   VerificationType ref_class_type = cp_ref_index_to_type(
2360     index, cp, CHECK_VERIFY(this));
2361   if (!ref_class_type.is_object() &&
2362       (!allow_arrays || !ref_class_type.is_array())) {
2363     verify_error(ErrorContext::bad_type(bcs->bci(),
2364         TypeOrigin::cp(index, ref_class_type)),
2365         "Expecting reference to class in class %s at constant pool index %d",
2366         _klass->external_name(), index);
2367     return;
2368   }
2369 
2370   VerificationType target_class_type = ref_class_type;
2371 
2372   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2373         "buffer type must match VerificationType size");
2374   uintptr_t field_type_buffer[2];
2375   VerificationType* field_type = (VerificationType*)field_type_buffer;
2376   // If we make a VerificationType[2] array directly, the compiler calls
2377   // to the c-runtime library to do the allocation instead of just
2378   // stack allocating it.  Plus it would run constructors.  This shows up
2379   // in performance profiles.
2380 
2381   SignatureStream sig_stream(field_sig, false);
2382   VerificationType stack_object_type;
2383   int n = change_sig_to_verificationType(&sig_stream, field_type);
2384   int bci = bcs->bci();
2385   bool is_assignable;
2386   switch (bcs->raw_code()) {
2387     case Bytecodes::_getstatic: {
2388       for (int i = 0; i < n; i++) {
2389         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));

2391       break;
2392     }
2393     case Bytecodes::_putstatic: {
2394       for (int i = n - 1; i >= 0; i--) {
2395         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2396       }
2397       break;
2398     }
2399     case Bytecodes::_getfield: {
2400       is_getfield = true;
2401       stack_object_type = current_frame->pop_stack(
2402         target_class_type, CHECK_VERIFY(this));
2403       goto check_protected;
2404     }
2405     case Bytecodes::_putfield: {
2406       for (int i = n - 1; i >= 0; i--) {
2407         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2408       }
2409       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2410 
2411       // Field initialization is allowed before the superclass
2412       // initializer, if the field is defined within the current class.
2413       fieldDescriptor fd;
2414       bool is_local_field = _klass->find_local_field(field_name, field_sig, &fd) &&
2415                             target_class_type.equals(current_type());
2416       if (stack_object_type == VerificationType::uninitialized_this_type()) {
2417         if (is_local_field) {
2418           // Set the type to the current type so the is_assignable check passes.
2419           stack_object_type = current_type();
2420 
2421           if (fd.access_flags().is_strict()) {
2422             ResourceMark rm(THREAD);
2423             if (!current_frame->satisfy_unset_field(fd.name(), fd.signature())) {
2424               log_info(verification)("Attempting to initialize field not found in initial strict instance fields: %s%s",
2425                                      fd.name()->as_C_string(), fd.signature()->as_C_string());
2426               verify_error(ErrorContext::bad_strict_fields(bci, current_frame),
2427                            "Initializing unknown strict field: %s:%s", fd.name()->as_C_string(), fd.signature()->as_C_string());
2428             }
2429           }
2430         }
2431       } else if (supports_strict_fields(_klass)) {
2432         // `strict` fields are not writable, but only local fields produce verification errors
2433         if (is_local_field && fd.access_flags().is_strict() && fd.access_flags().is_final()) {
2434           verify_error(ErrorContext::bad_code(bci),
2435                        "Illegal use of putfield on a strict field");
2436           return;
2437         }
2438       }
2439       is_assignable = target_class_type.is_assignable_from(
2440         stack_object_type, this, false, CHECK_VERIFY(this));
2441       if (!is_assignable) {
2442         verify_error(ErrorContext::bad_type(bci,
2443             current_frame->stack_top_ctx(),
2444             TypeOrigin::cp(index, target_class_type)),
2445             "Bad type on operand stack in putfield");
2446         return;
2447       }
2448     }
2449     check_protected: {
2450       if (_this_type == stack_object_type)
2451         break; // stack_object_type must be assignable to _current_class_type
2452       if (was_recursively_verified()) {
2453         if (is_getfield) {
2454           // Push field type for getfield.
2455           for (int i = 0; i < n; i++) {
2456             current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2457           }

2699 }
2700 
2701 void ClassVerifier::verify_invoke_init(
2702     RawBytecodeStream* bcs, u2 ref_class_index, VerificationType ref_class_type,
2703     StackMapFrame* current_frame, u4 code_length, bool in_try_block,
2704     bool *this_uninit, const constantPoolHandle& cp, StackMapTable* stackmap_table,
2705     TRAPS) {
2706   int bci = bcs->bci();
2707   VerificationType type = current_frame->pop_stack(
2708     VerificationType::reference_check(), CHECK_VERIFY(this));
2709   if (type == VerificationType::uninitialized_this_type()) {
2710     // The method must be an <init> method of this class or its superclass
2711     Klass* superk = current_class()->super();
2712     if (ref_class_type.name() != current_class()->name() &&
2713         ref_class_type.name() != superk->name()) {
2714       verify_error(ErrorContext::bad_type(bci,
2715           TypeOrigin::implicit(ref_class_type),
2716           TypeOrigin::implicit(current_type())),
2717           "Bad <init> method call");
2718       return;
2719     } else if (ref_class_type.name() == superk->name()) {
2720       // Strict final fields must be satisfied by this point
2721       if (!current_frame->verify_unset_fields_satisfied()) {
2722         log_info(verification)("Strict instance fields not initialized");
2723         StackMapFrame::print_strict_fields(current_frame->assert_unset_fields());
2724         current_frame->unsatisfied_strict_fields_error(current_class(), bci);
2725       }
2726     }
2727 
2728     // If this invokespecial call is done from inside of a TRY block then make
2729     // sure that all catch clause paths end in a throw.  Otherwise, this can
2730     // result in returning an incomplete object.
2731     if (in_try_block) {
2732       ExceptionTable exhandlers(_method());
2733       int exlength = exhandlers.length();
2734       for(int i = 0; i < exlength; i++) {
2735         u2 start_pc = exhandlers.start_pc(i);
2736         u2 end_pc = exhandlers.end_pc(i);
2737 
2738         if (bci >= start_pc && bci < end_pc) {
2739           if (!ends_in_athrow(exhandlers.handler_pc(i))) {
2740             verify_error(ErrorContext::bad_code(bci),
2741               "Bad <init> method call from after the start of a try block");
2742             return;
2743           } else if (log_is_enabled(Debug, verification)) {
2744             ResourceMark rm(THREAD);
2745             log_debug(verification)("Survived call to ends_in_athrow(): %s",

2829 bool ClassVerifier::is_same_or_direct_interface(
2830     InstanceKlass* klass,
2831     VerificationType klass_type,
2832     VerificationType ref_class_type) {
2833   if (ref_class_type.equals(klass_type)) return true;
2834   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2835   if (local_interfaces != nullptr) {
2836     for (int x = 0; x < local_interfaces->length(); x++) {
2837       InstanceKlass* k = local_interfaces->at(x);
2838       assert (k != nullptr && k->is_interface(), "invalid interface");
2839       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2840         return true;
2841       }
2842     }
2843   }
2844   return false;
2845 }
2846 
2847 void ClassVerifier::verify_invoke_instructions(
2848     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2849     bool in_try_block, bool *this_uninit,
2850     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2851   // Make sure the constant pool item is the right type
2852   u2 index = bcs->get_index_u2();
2853   Bytecodes::Code opcode = bcs->raw_code();
2854   unsigned int types = 0;
2855   switch (opcode) {
2856     case Bytecodes::_invokeinterface:
2857       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2858       break;
2859     case Bytecodes::_invokedynamic:
2860       types = 1 << JVM_CONSTANT_InvokeDynamic;
2861       break;
2862     case Bytecodes::_invokespecial:
2863     case Bytecodes::_invokestatic:
2864       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2865         (1 << JVM_CONSTANT_Methodref) :
2866         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2867       break;
2868     default:
2869       types = 1 << JVM_CONSTANT_Methodref;
2870   }
2871   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2872 
2873   // Get method name and signature
2874   Symbol* method_name = cp->uncached_name_ref_at(index);
2875   Symbol* method_sig = cp->uncached_signature_ref_at(index);
2876 
2877   // Method signature was checked in ClassFileParser.
2878   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2879          "Invalid method signature");
2880 
2881   // Get referenced class
2882   VerificationType ref_class_type;
2883   if (opcode == Bytecodes::_invokedynamic) {
2884     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2885       class_format_error(
2886         "invokedynamic instructions not supported by this class file version (%d), class %s",
2887         _klass->major_version(), _klass->external_name());
2888       return;
2889     }
2890   } else {
2891     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2892   }
2893 
2894   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2895         "buffer type must match VerificationType size");
2896 
2897   // Get the UTF8 index for this signature.
2898   int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2899 
2900   // Get the signature's verification types.
2901   sig_as_verification_types* mth_sig_verif_types;

2927           "Inconsistent args count operand in invokeinterface");
2928       return;
2929     }
2930     if (*(bcp+4) != 0) {
2931       verify_error(ErrorContext::bad_code(bci),
2932           "Fourth operand byte of invokeinterface must be zero");
2933       return;
2934     }
2935   }
2936 
2937   if (opcode == Bytecodes::_invokedynamic) {
2938     address bcp = bcs->bcp();
2939     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2940       verify_error(ErrorContext::bad_code(bci),
2941           "Third and fourth operand bytes of invokedynamic must be zero");
2942       return;
2943     }
2944   }
2945 
2946   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2947     // Make sure:
2948     //   <init> can only be invoked by invokespecial.
2949     if (opcode != Bytecodes::_invokespecial ||
2950           method_name != vmSymbols::object_initializer_name()) {
2951       verify_error(ErrorContext::bad_code(bci),
2952           "Illegal call to internal method");
2953       return;
2954     }
2955   } else if (opcode == Bytecodes::_invokespecial
2956              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2957              && !ref_class_type.equals(VerificationType::reference_type(
2958                   current_class()->super()->name()))) { // super() can never be an inline_type.
2959     bool subtype = false;
2960     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2961     subtype = ref_class_type.is_assignable_from(
2962                current_type(), this, false, CHECK_VERIFY(this));
2963     if (!subtype) {
2964       verify_error(ErrorContext::bad_code(bci),
2965           "Bad invokespecial instruction: "
2966           "current class isn't assignable to reference class.");
2967        return;
2968     } else if (have_imr_indirect) {
2969       verify_error(ErrorContext::bad_code(bci),
2970           "Bad invokespecial instruction: "
2971           "interface method reference is in an indirect superinterface.");
2972       return;
2973     }
2974 
2975   }
2976 
2977   // Get the verification types for the method's arguments.
2978   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();

3023                   verify_error(ErrorContext::bad_type(bci,
3024                       current_frame->stack_top_ctx(),
3025                       TypeOrigin::implicit(current_type())),
3026                       "Bad access to protected data in invokevirtual");
3027                   return;
3028                 }
3029               }
3030             }
3031           }
3032         }
3033       } else {
3034         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3035         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3036       }
3037     }
3038   }
3039   // Push the result type.
3040   int sig_verif_types_len = sig_verif_types->length();
3041   if (sig_verif_types_len > nargs) {  // There's a return type
3042     if (method_name == vmSymbols::object_initializer_name()) {
3043       // an <init> method must have a void return type


3044       verify_error(ErrorContext::bad_code(bci),
3045           "Return type must be void in <init> method");
3046       return;
3047     }
3048 
3049     assert(sig_verif_types_len <= nargs + 2,
3050            "Signature verification types array return type is bogus");
3051     for (int i = nargs; i < sig_verif_types_len; i++) {
3052       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3053              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3054       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3055     }
3056   }
3057 }
3058 
3059 VerificationType ClassVerifier::get_newarray_type(
3060     u2 index, int bci, TRAPS) {
3061   const char* from_bt[] = {
3062     nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3063   };
< prev index next >