47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63
64 #define NOFAILOVER_MAJOR_VERSION 51
65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
67 #define MAX_ARRAY_DIMENSIONS 255
68
69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
70
71 extern "C" {
72 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
73 }
74
75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
76
77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
78
79 if (_verify_byte_codes_fn != nullptr)
80 return _verify_byte_codes_fn;
81
82 MutexLocker locker(Verify_lock);
83
84 if (_verify_byte_codes_fn != nullptr)
85 return _verify_byte_codes_fn;
86
260 kls = kls->super();
261 }
262 if (message_buffer != nullptr) {
263 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
264 }
265 assert(exception_message != nullptr, "");
266 THROW_MSG_(exception_name, exception_message, false);
267 }
268 }
269
270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
271 Symbol* name = klass->name();
272 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
273
274 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
275 klass->is_subtype_of(refl_serialization_ctor_klass);
276
277 return (should_verify_for(klass->class_loader(), should_verify_class) &&
278 // return if the class is a bootstrapping class
279 // or defineClass specified not to verify by default (flags override passed arg)
280 // We need to skip the following four for bootstraping
281 name != vmSymbols::java_lang_Object() &&
282 name != vmSymbols::java_lang_Class() &&
283 name != vmSymbols::java_lang_String() &&
284 name != vmSymbols::java_lang_Throwable() &&
285
286 // Can not verify the bytecodes for shared classes because they have
287 // already been rewritten to contain constant pool cache indices,
288 // which the verifier can't understand.
289 // Shared classes shouldn't have stackmaps either.
290 // However, bytecodes for shared old classes can be verified because
291 // they have not been rewritten.
292 !(klass->is_shared() && klass->is_rewritten()) &&
293
294 // As of the fix for 4486457 we disable verification for all of the
295 // dynamically-generated bytecodes associated with
296 // jdk/internal/reflect/SerializationConstructorAccessor.
297 (!is_reflect_accessor));
298 }
299
300 Symbol* Verifier::inference_verify(
479 ss->print("Local index %d is invalid", _type.index());
480 break;
481 case LOCALS_SIZE_MISMATCH:
482 ss->print("Current frame's local size doesn't match stackmap.");
483 break;
484 case STACK_SIZE_MISMATCH:
485 ss->print("Current frame's stack size doesn't match stackmap.");
486 break;
487 case STACK_OVERFLOW:
488 ss->print("Exceeded max stack size.");
489 break;
490 case STACK_UNDERFLOW:
491 ss->print("Attempt to pop empty stack.");
492 break;
493 case MISSING_STACKMAP:
494 ss->print("Expected stackmap frame at this location.");
495 break;
496 case BAD_STACKMAP:
497 ss->print("Invalid stackmap specification.");
498 break;
499 case UNKNOWN:
500 default:
501 ShouldNotReachHere();
502 ss->print_cr("Unknown");
503 }
504 ss->cr();
505 }
506
507 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
508 if (_bci != -1 && method != nullptr) {
509 streamIndentor si(ss);
510 const char* bytecode_name = "<invalid>";
511 if (method->validate_bci(_bci) != -1) {
512 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
513 if (Bytecodes::is_defined(code)) {
514 bytecode_name = Bytecodes::name(code);
515 } else {
516 bytecode_name = "<illegal>";
517 }
518 }
573 stack_map_frame* sm_frame = sm_table->entries();
574 streamIndentor si2(ss);
575 int current_offset = -1;
576 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
577 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
578 ss->indent();
579 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
580 sm_frame->print_truncated(ss, current_offset);
581 return;
582 }
583 sm_frame->print_on(ss, current_offset);
584 ss->cr();
585 current_offset += sm_frame->offset_delta();
586 sm_frame = sm_frame->next();
587 }
588 }
589 }
590
591 // Methods in ClassVerifier
592
593 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
594 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
595 _message(nullptr), _klass(klass) {
596 _this_type = VerificationType::reference_type(klass->name());
597 }
598
599 ClassVerifier::~ClassVerifier() {
600 // Decrement the reference count for any symbols created.
601 if (_symbols != nullptr) {
602 for (int i = 0; i < _symbols->length(); i++) {
603 Symbol* s = _symbols->at(i);
604 s->decrement_refcount();
605 }
606 }
607 }
608
609 VerificationType ClassVerifier::object_type() const {
610 return VerificationType::reference_type(vmSymbols::java_lang_Object());
611 }
612
613 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
614 VerificationType vt = VerificationType::reference_type(
615 create_temporary_symbol(sig, (int)strlen(sig)));
616 return TypeOrigin::implicit(vt);
1020 case Bytecodes::_daload :
1021 type = current_frame.pop_stack(
1022 VerificationType::integer_type(), CHECK_VERIFY(this));
1023 atype = current_frame.pop_stack(
1024 VerificationType::reference_check(), CHECK_VERIFY(this));
1025 if (!atype.is_double_array()) {
1026 verify_error(ErrorContext::bad_type(bci,
1027 current_frame.stack_top_ctx(), ref_ctx("[D")),
1028 bad_type_msg, "daload");
1029 return;
1030 }
1031 current_frame.push_stack_2(
1032 VerificationType::double_type(),
1033 VerificationType::double2_type(), CHECK_VERIFY(this));
1034 no_control_flow = false; break;
1035 case Bytecodes::_aaload : {
1036 type = current_frame.pop_stack(
1037 VerificationType::integer_type(), CHECK_VERIFY(this));
1038 atype = current_frame.pop_stack(
1039 VerificationType::reference_check(), CHECK_VERIFY(this));
1040 if (!atype.is_reference_array()) {
1041 verify_error(ErrorContext::bad_type(bci,
1042 current_frame.stack_top_ctx(),
1043 TypeOrigin::implicit(VerificationType::reference_check())),
1044 bad_type_msg, "aaload");
1045 return;
1046 }
1047 if (atype.is_null()) {
1048 current_frame.push_stack(
1049 VerificationType::null_type(), CHECK_VERIFY(this));
1050 } else {
1051 VerificationType component = atype.get_component(this);
1052 current_frame.push_stack(component, CHECK_VERIFY(this));
1053 }
1054 no_control_flow = false; break;
1055 }
1056 case Bytecodes::_istore :
1057 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1058 no_control_flow = false; break;
1059 case Bytecodes::_istore_0 :
1060 case Bytecodes::_istore_1 :
1198 VerificationType::double2_type(),
1199 VerificationType::double_type(), CHECK_VERIFY(this));
1200 current_frame.pop_stack(
1201 VerificationType::integer_type(), CHECK_VERIFY(this));
1202 atype = current_frame.pop_stack(
1203 VerificationType::reference_check(), CHECK_VERIFY(this));
1204 if (!atype.is_double_array()) {
1205 verify_error(ErrorContext::bad_type(bci,
1206 current_frame.stack_top_ctx(), ref_ctx("[D")),
1207 bad_type_msg, "dastore");
1208 return;
1209 }
1210 no_control_flow = false; break;
1211 case Bytecodes::_aastore :
1212 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1213 type2 = current_frame.pop_stack(
1214 VerificationType::integer_type(), CHECK_VERIFY(this));
1215 atype = current_frame.pop_stack(
1216 VerificationType::reference_check(), CHECK_VERIFY(this));
1217 // more type-checking is done at runtime
1218 if (!atype.is_reference_array()) {
1219 verify_error(ErrorContext::bad_type(bci,
1220 current_frame.stack_top_ctx(),
1221 TypeOrigin::implicit(VerificationType::reference_check())),
1222 bad_type_msg, "aastore");
1223 return;
1224 }
1225 // 4938384: relaxed constraint in JVMS 3rd edition.
1226 no_control_flow = false; break;
1227 case Bytecodes::_pop :
1228 current_frame.pop_stack(
1229 VerificationType::category1_check(), CHECK_VERIFY(this));
1230 no_control_flow = false; break;
1231 case Bytecodes::_pop2 :
1232 type = current_frame.pop_stack(CHECK_VERIFY(this));
1233 if (type.is_category1()) {
1234 current_frame.pop_stack(
1235 VerificationType::category1_check(), CHECK_VERIFY(this));
1236 } else if (type.is_category2_2nd()) {
1237 current_frame.pop_stack(
1238 VerificationType::category2_check(), CHECK_VERIFY(this));
1598 case Bytecodes::_if_icmpgt:
1599 case Bytecodes::_if_icmple:
1600 current_frame.pop_stack(
1601 VerificationType::integer_type(), CHECK_VERIFY(this));
1602 // fall through
1603 case Bytecodes::_ifeq:
1604 case Bytecodes::_ifne:
1605 case Bytecodes::_iflt:
1606 case Bytecodes::_ifge:
1607 case Bytecodes::_ifgt:
1608 case Bytecodes::_ifle:
1609 current_frame.pop_stack(
1610 VerificationType::integer_type(), CHECK_VERIFY(this));
1611 target = bcs.dest();
1612 stackmap_table.check_jump_target(
1613 ¤t_frame, target, CHECK_VERIFY(this));
1614 no_control_flow = false; break;
1615 case Bytecodes::_if_acmpeq :
1616 case Bytecodes::_if_acmpne :
1617 current_frame.pop_stack(
1618 VerificationType::reference_check(), CHECK_VERIFY(this));
1619 // fall through
1620 case Bytecodes::_ifnull :
1621 case Bytecodes::_ifnonnull :
1622 current_frame.pop_stack(
1623 VerificationType::reference_check(), CHECK_VERIFY(this));
1624 target = bcs.dest();
1625 stackmap_table.check_jump_target
1626 (¤t_frame, target, CHECK_VERIFY(this));
1627 no_control_flow = false; break;
1628 case Bytecodes::_goto :
1629 target = bcs.dest();
1630 stackmap_table.check_jump_target(
1631 ¤t_frame, target, CHECK_VERIFY(this));
1632 no_control_flow = true; break;
1633 case Bytecodes::_goto_w :
1634 target = bcs.dest_w();
1635 stackmap_table.check_jump_target(
1636 ¤t_frame, target, CHECK_VERIFY(this));
1637 no_control_flow = true; break;
1638 case Bytecodes::_tableswitch :
1639 case Bytecodes::_lookupswitch :
1640 verify_switch(
1641 &bcs, code_length, code_data, ¤t_frame,
1642 &stackmap_table, CHECK_VERIFY(this));
1643 no_control_flow = true; break;
1654 VerificationType::long_type(), CHECK_VERIFY(this));
1655 verify_return_value(return_type, type, bci,
1656 ¤t_frame, CHECK_VERIFY(this));
1657 no_control_flow = true; break;
1658 case Bytecodes::_freturn :
1659 type = current_frame.pop_stack(
1660 VerificationType::float_type(), CHECK_VERIFY(this));
1661 verify_return_value(return_type, type, bci,
1662 ¤t_frame, CHECK_VERIFY(this));
1663 no_control_flow = true; break;
1664 case Bytecodes::_dreturn :
1665 type2 = current_frame.pop_stack(
1666 VerificationType::double2_type(), CHECK_VERIFY(this));
1667 type = current_frame.pop_stack(
1668 VerificationType::double_type(), CHECK_VERIFY(this));
1669 verify_return_value(return_type, type, bci,
1670 ¤t_frame, CHECK_VERIFY(this));
1671 no_control_flow = true; break;
1672 case Bytecodes::_areturn :
1673 type = current_frame.pop_stack(
1674 VerificationType::reference_check(), CHECK_VERIFY(this));
1675 verify_return_value(return_type, type, bci,
1676 ¤t_frame, CHECK_VERIFY(this));
1677 no_control_flow = true; break;
1678 case Bytecodes::_return :
1679 if (return_type != VerificationType::bogus_type()) {
1680 verify_error(ErrorContext::bad_code(bci),
1681 "Method expects a return value");
1682 return;
1683 }
1684 // Make sure "this" has been initialized if current method is an
1685 // <init>.
1686 if (_method->name() == vmSymbols::object_initializer_name() &&
1687 current_frame.flag_this_uninit()) {
1688 verify_error(ErrorContext::bad_code(bci),
1689 "Constructor must call super() or this() "
1690 "before return");
1691 return;
1692 }
1693 no_control_flow = true; break;
1694 case Bytecodes::_getstatic :
1695 case Bytecodes::_putstatic :
1696 // pass TRUE, operand can be an array type for getstatic/putstatic.
1697 verify_field_instructions(
1698 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1699 no_control_flow = false; break;
1700 case Bytecodes::_getfield :
1701 case Bytecodes::_putfield :
1702 // pass FALSE, operand can't be an array type for getfield/putfield.
1703 verify_field_instructions(
1704 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1705 no_control_flow = false; break;
1706 case Bytecodes::_invokevirtual :
1707 case Bytecodes::_invokespecial :
1708 case Bytecodes::_invokestatic :
1709 verify_invoke_instructions(
1710 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1711 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1712 no_control_flow = false; break;
1713 case Bytecodes::_invokeinterface :
1714 case Bytecodes::_invokedynamic :
1715 verify_invoke_instructions(
1716 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1717 &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1718 no_control_flow = false; break;
1719 case Bytecodes::_new :
1720 {
1721 u2 index = bcs.get_index_u2();
1722 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1723 VerificationType new_class_type =
1724 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1725 if (!new_class_type.is_object()) {
1726 verify_error(ErrorContext::bad_type(bci,
1727 TypeOrigin::cp(index, new_class_type)),
1728 "Illegal new instruction");
1729 return;
1730 }
1731 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1732 current_frame.push_stack(type, CHECK_VERIFY(this));
1733 no_control_flow = false; break;
1734 }
1735 case Bytecodes::_newarray :
1736 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1737 current_frame.pop_stack(
1755 no_control_flow = false; break;
1756 case Bytecodes::_checkcast :
1757 {
1758 u2 index = bcs.get_index_u2();
1759 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1760 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1761 VerificationType klass_type = cp_index_to_type(
1762 index, cp, CHECK_VERIFY(this));
1763 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1764 no_control_flow = false; break;
1765 }
1766 case Bytecodes::_instanceof : {
1767 u2 index = bcs.get_index_u2();
1768 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1769 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1770 current_frame.push_stack(
1771 VerificationType::integer_type(), CHECK_VERIFY(this));
1772 no_control_flow = false; break;
1773 }
1774 case Bytecodes::_monitorenter :
1775 case Bytecodes::_monitorexit :
1776 current_frame.pop_stack(
1777 VerificationType::reference_check(), CHECK_VERIFY(this));
1778 no_control_flow = false; break;
1779 case Bytecodes::_multianewarray :
1780 {
1781 u2 index = bcs.get_index_u2();
1782 u2 dim = *(bcs.bcp()+3);
1783 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1784 VerificationType new_array_type =
1785 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1786 if (!new_array_type.is_array()) {
1787 verify_error(ErrorContext::bad_type(bci,
1788 TypeOrigin::cp(index, new_array_type)),
1789 "Illegal constant pool index in multianewarray instruction");
1790 return;
1791 }
1792 if (dim < 1 || new_array_type.dimensions() < dim) {
1793 verify_error(ErrorContext::bad_code(bci),
1794 "Illegal dimension in multianewarray instruction: %d", dim);
1795 return;
1796 }
1797 for (int i = 0; i < dim; i++) {
1798 current_frame.pop_stack(
2023 int nconstants = cp->length();
2024 if ((index <= 0) || (index >= nconstants)) {
2025 verify_error(ErrorContext::bad_cp_index(bci, index),
2026 "Illegal constant pool index %d in class %s",
2027 index, cp->pool_holder()->external_name());
2028 return;
2029 }
2030 }
2031
2032 void ClassVerifier::verify_cp_type(
2033 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2034
2035 // In some situations, bytecode rewriting may occur while we're verifying.
2036 // In this case, a constant pool cache exists and some indices refer to that
2037 // instead. Be sure we don't pick up such indices by accident.
2038 // We must check was_recursively_verified() before we get here.
2039 guarantee(cp->cache() == nullptr, "not rewritten yet");
2040
2041 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2042 unsigned int tag = cp->tag_at(index).value();
2043 if ((types & (1 << tag)) == 0) {
2044 verify_error(ErrorContext::bad_cp_index(bci, index),
2045 "Illegal type at constant pool entry %d in class %s",
2046 index, cp->pool_holder()->external_name());
2047 return;
2048 }
2049 }
2050
2051 void ClassVerifier::verify_cp_class_type(
2052 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2053 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2054 constantTag tag = cp->tag_at(index);
2055 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2056 verify_error(ErrorContext::bad_cp_index(bci, index),
2057 "Illegal type at constant pool entry %d in class %s",
2058 index, cp->pool_holder()->external_name());
2059 return;
2060 }
2061 }
2062
2137 } else {
2138 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2139 if (member_klass != nullptr && fd.is_protected()) {
2140 if (!this_class->is_same_class_package(member_klass)) {
2141 return true;
2142 }
2143 }
2144 }
2145 return false;
2146 }
2147
2148 void ClassVerifier::verify_ldc(
2149 int opcode, u2 index, StackMapFrame* current_frame,
2150 const constantPoolHandle& cp, int bci, TRAPS) {
2151 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2152 constantTag tag = cp->tag_at(index);
2153 unsigned int types = 0;
2154 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2155 if (!tag.is_unresolved_klass()) {
2156 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2157 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2158 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2159 | (1 << JVM_CONSTANT_Dynamic);
2160 // Note: The class file parser already verified the legality of
2161 // MethodHandle and MethodType constants.
2162 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2163 }
2164 } else {
2165 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2166 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2167 | (1 << JVM_CONSTANT_Dynamic);
2168 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2169 }
2170 if (tag.is_string()) {
2171 current_frame->push_stack(
2172 VerificationType::reference_type(
2173 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2174 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2175 current_frame->push_stack(
2176 VerificationType::reference_type(
2177 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2312 const constantPoolHandle& cp,
2313 bool allow_arrays,
2314 TRAPS) {
2315 u2 index = bcs->get_index_u2();
2316 verify_cp_type(bcs->bci(), index, cp,
2317 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2318
2319 // Get field name and signature
2320 Symbol* field_name = cp->uncached_name_ref_at(index);
2321 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2322 bool is_getfield = false;
2323
2324 // Field signature was checked in ClassFileParser.
2325 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2326 "Invalid field signature");
2327
2328 // Get referenced class type
2329 VerificationType ref_class_type = cp_ref_index_to_type(
2330 index, cp, CHECK_VERIFY(this));
2331 if (!ref_class_type.is_object() &&
2332 (!allow_arrays || !ref_class_type.is_array())) {
2333 verify_error(ErrorContext::bad_type(bcs->bci(),
2334 TypeOrigin::cp(index, ref_class_type)),
2335 "Expecting reference to class in class %s at constant pool index %d",
2336 _klass->external_name(), index);
2337 return;
2338 }
2339 VerificationType target_class_type = ref_class_type;
2340
2341 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2342 "buffer type must match VerificationType size");
2343 uintptr_t field_type_buffer[2];
2344 VerificationType* field_type = (VerificationType*)field_type_buffer;
2345 // If we make a VerificationType[2] array directly, the compiler calls
2346 // to the c-runtime library to do the allocation instead of just
2347 // stack allocating it. Plus it would run constructors. This shows up
2348 // in performance profiles.
2349
2350 SignatureStream sig_stream(field_sig, false);
2351 VerificationType stack_object_type;
2352 int n = change_sig_to_verificationType(&sig_stream, field_type);
2353 int bci = bcs->bci();
2354 bool is_assignable;
2355 switch (bcs->raw_code()) {
2356 case Bytecodes::_getstatic: {
2357 for (int i = 0; i < n; i++) {
2358 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2771 bool ClassVerifier::is_same_or_direct_interface(
2772 InstanceKlass* klass,
2773 VerificationType klass_type,
2774 VerificationType ref_class_type) {
2775 if (ref_class_type.equals(klass_type)) return true;
2776 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2777 if (local_interfaces != nullptr) {
2778 for (int x = 0; x < local_interfaces->length(); x++) {
2779 InstanceKlass* k = local_interfaces->at(x);
2780 assert (k != nullptr && k->is_interface(), "invalid interface");
2781 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2782 return true;
2783 }
2784 }
2785 }
2786 return false;
2787 }
2788
2789 void ClassVerifier::verify_invoke_instructions(
2790 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2791 bool in_try_block, bool *this_uninit, VerificationType return_type,
2792 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2793 // Make sure the constant pool item is the right type
2794 u2 index = bcs->get_index_u2();
2795 Bytecodes::Code opcode = bcs->raw_code();
2796 unsigned int types = 0;
2797 switch (opcode) {
2798 case Bytecodes::_invokeinterface:
2799 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2800 break;
2801 case Bytecodes::_invokedynamic:
2802 types = 1 << JVM_CONSTANT_InvokeDynamic;
2803 break;
2804 case Bytecodes::_invokespecial:
2805 case Bytecodes::_invokestatic:
2806 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2807 (1 << JVM_CONSTANT_Methodref) :
2808 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2809 break;
2810 default:
2811 types = 1 << JVM_CONSTANT_Methodref;
2812 }
2813 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2814
2815 // Get method name and signature
2816 Symbol* method_name = cp->uncached_name_ref_at(index);
2817 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2818
2819 // Method signature was checked in ClassFileParser.
2820 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2821 "Invalid method signature");
2822
2823 // Get referenced class type
2824 VerificationType ref_class_type;
2825 if (opcode == Bytecodes::_invokedynamic) {
2826 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2827 class_format_error(
2828 "invokedynamic instructions not supported by this class file version (%d), class %s",
2829 _klass->major_version(), _klass->external_name());
2830 return;
2831 }
2832 } else {
2833 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2834 }
2835
2836 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2837 "buffer type must match VerificationType size");
2838
2839 // Get the UTF8 index for this signature.
2840 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2841
2842 // Get the signature's verification types.
2843 sig_as_verification_types* mth_sig_verif_types;
2869 "Inconsistent args count operand in invokeinterface");
2870 return;
2871 }
2872 if (*(bcp+4) != 0) {
2873 verify_error(ErrorContext::bad_code(bci),
2874 "Fourth operand byte of invokeinterface must be zero");
2875 return;
2876 }
2877 }
2878
2879 if (opcode == Bytecodes::_invokedynamic) {
2880 address bcp = bcs->bcp();
2881 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2882 verify_error(ErrorContext::bad_code(bci),
2883 "Third and fourth operand bytes of invokedynamic must be zero");
2884 return;
2885 }
2886 }
2887
2888 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2889 // Make sure <init> can only be invoked by invokespecial
2890 if (opcode != Bytecodes::_invokespecial ||
2891 method_name != vmSymbols::object_initializer_name()) {
2892 verify_error(ErrorContext::bad_code(bci),
2893 "Illegal call to internal method");
2894 return;
2895 }
2896 } else if (opcode == Bytecodes::_invokespecial
2897 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2898 && !ref_class_type.equals(VerificationType::reference_type(
2899 current_class()->super()->name()))) {
2900 bool subtype = false;
2901 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2902 subtype = ref_class_type.is_assignable_from(
2903 current_type(), this, false, CHECK_VERIFY(this));
2904 if (!subtype) {
2905 verify_error(ErrorContext::bad_code(bci),
2906 "Bad invokespecial instruction: "
2907 "current class isn't assignable to reference class.");
2908 return;
2909 } else if (have_imr_indirect) {
2910 verify_error(ErrorContext::bad_code(bci),
2911 "Bad invokespecial instruction: "
2912 "interface method reference is in an indirect superinterface.");
2913 return;
2914 }
2915
2916 }
2917
2918 // Get the verification types for the method's arguments.
2919 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2964 verify_error(ErrorContext::bad_type(bci,
2965 current_frame->stack_top_ctx(),
2966 TypeOrigin::implicit(current_type())),
2967 "Bad access to protected data in invokevirtual");
2968 return;
2969 }
2970 }
2971 }
2972 }
2973 }
2974 } else {
2975 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2976 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2977 }
2978 }
2979 }
2980 // Push the result type.
2981 int sig_verif_types_len = sig_verif_types->length();
2982 if (sig_verif_types_len > nargs) { // There's a return type
2983 if (method_name == vmSymbols::object_initializer_name()) {
2984 // <init> method must have a void return type
2985 /* Unreachable? Class file parser verifies that methods with '<' have
2986 * void return */
2987 verify_error(ErrorContext::bad_code(bci),
2988 "Return type must be void in <init> method");
2989 return;
2990 }
2991
2992 assert(sig_verif_types_len <= nargs + 2,
2993 "Signature verification types array return type is bogus");
2994 for (int i = nargs; i < sig_verif_types_len; i++) {
2995 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2996 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2997 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2998 }
2999 }
3000 }
3001
3002 VerificationType ClassVerifier::get_newarray_type(
3003 u2 index, int bci, TRAPS) {
3004 const char* from_bt[] = {
3005 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3006 };
3072 }
3073
3074 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3075 current_frame->get_local(
3076 index, VerificationType::float_type(), CHECK_VERIFY(this));
3077 current_frame->push_stack(
3078 VerificationType::float_type(), CHECK_VERIFY(this));
3079 }
3080
3081 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3082 current_frame->get_local_2(
3083 index, VerificationType::double_type(),
3084 VerificationType::double2_type(), CHECK_VERIFY(this));
3085 current_frame->push_stack_2(
3086 VerificationType::double_type(),
3087 VerificationType::double2_type(), CHECK_VERIFY(this));
3088 }
3089
3090 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3091 VerificationType type = current_frame->get_local(
3092 index, VerificationType::reference_check(), CHECK_VERIFY(this));
3093 current_frame->push_stack(type, CHECK_VERIFY(this));
3094 }
3095
3096 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3097 current_frame->pop_stack(
3098 VerificationType::integer_type(), CHECK_VERIFY(this));
3099 current_frame->set_local(
3100 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3101 }
3102
3103 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3104 current_frame->pop_stack_2(
3105 VerificationType::long2_type(),
3106 VerificationType::long_type(), CHECK_VERIFY(this));
3107 current_frame->set_local_2(
3108 index, VerificationType::long_type(),
3109 VerificationType::long2_type(), CHECK_VERIFY(this));
3110 }
3111
3112 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3113 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3114 current_frame->set_local(
3115 index, VerificationType::float_type(), CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3119 current_frame->pop_stack_2(
3120 VerificationType::double2_type(),
3121 VerificationType::double_type(), CHECK_VERIFY(this));
3122 current_frame->set_local_2(
3123 index, VerificationType::double_type(),
3124 VerificationType::double2_type(), CHECK_VERIFY(this));
3125 }
3126
3127 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3128 VerificationType type = current_frame->pop_stack(
3129 VerificationType::reference_check(), CHECK_VERIFY(this));
3130 current_frame->set_local(index, type, CHECK_VERIFY(this));
3131 }
3132
3133 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3134 VerificationType type = current_frame->get_local(
3135 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3136 current_frame->set_local(index, type, CHECK_VERIFY(this));
3137 }
3138
3139 void ClassVerifier::verify_return_value(
3140 VerificationType return_type, VerificationType type, int bci,
3141 StackMapFrame* current_frame, TRAPS) {
3142 if (return_type == VerificationType::bogus_type()) {
3143 verify_error(ErrorContext::bad_type(bci,
3144 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3145 "Method does not expect a return value");
3146 return;
3147 }
3148 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3149 if (!match) {
|
47 #include "oops/instanceKlass.inline.hpp"
48 #include "oops/klass.inline.hpp"
49 #include "oops/oop.inline.hpp"
50 #include "oops/typeArrayOop.hpp"
51 #include "runtime/arguments.hpp"
52 #include "runtime/fieldDescriptor.hpp"
53 #include "runtime/handles.inline.hpp"
54 #include "runtime/interfaceSupport.inline.hpp"
55 #include "runtime/javaCalls.hpp"
56 #include "runtime/javaThread.hpp"
57 #include "runtime/jniHandles.inline.hpp"
58 #include "runtime/os.hpp"
59 #include "runtime/safepointVerifiers.hpp"
60 #include "services/threadService.hpp"
61 #include "utilities/align.hpp"
62 #include "utilities/bytes.hpp"
63
64 #define NOFAILOVER_MAJOR_VERSION 51
65 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION 51
66 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION 52
67 #define INLINE_TYPE_MAJOR_VERSION 56
68 #define MAX_ARRAY_DIMENSIONS 255
69
70 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
71
72 extern "C" {
73 typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
74 }
75
76 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = nullptr;
77
78 static verify_byte_codes_fn_t verify_byte_codes_fn() {
79
80 if (_verify_byte_codes_fn != nullptr)
81 return _verify_byte_codes_fn;
82
83 MutexLocker locker(Verify_lock);
84
85 if (_verify_byte_codes_fn != nullptr)
86 return _verify_byte_codes_fn;
87
261 kls = kls->super();
262 }
263 if (message_buffer != nullptr) {
264 message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
265 }
266 assert(exception_message != nullptr, "");
267 THROW_MSG_(exception_name, exception_message, false);
268 }
269 }
270
271 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
272 Symbol* name = klass->name();
273 Klass* refl_serialization_ctor_klass = vmClasses::reflect_SerializationConstructorAccessorImpl_klass();
274
275 bool is_reflect_accessor = refl_serialization_ctor_klass != nullptr &&
276 klass->is_subtype_of(refl_serialization_ctor_klass);
277
278 return (should_verify_for(klass->class_loader(), should_verify_class) &&
279 // return if the class is a bootstrapping class
280 // or defineClass specified not to verify by default (flags override passed arg)
281 // We need to skip the following four for bootstrapping
282 name != vmSymbols::java_lang_Object() &&
283 name != vmSymbols::java_lang_Class() &&
284 name != vmSymbols::java_lang_String() &&
285 name != vmSymbols::java_lang_Throwable() &&
286
287 // Can not verify the bytecodes for shared classes because they have
288 // already been rewritten to contain constant pool cache indices,
289 // which the verifier can't understand.
290 // Shared classes shouldn't have stackmaps either.
291 // However, bytecodes for shared old classes can be verified because
292 // they have not been rewritten.
293 !(klass->is_shared() && klass->is_rewritten()) &&
294
295 // As of the fix for 4486457 we disable verification for all of the
296 // dynamically-generated bytecodes associated with
297 // jdk/internal/reflect/SerializationConstructorAccessor.
298 (!is_reflect_accessor));
299 }
300
301 Symbol* Verifier::inference_verify(
480 ss->print("Local index %d is invalid", _type.index());
481 break;
482 case LOCALS_SIZE_MISMATCH:
483 ss->print("Current frame's local size doesn't match stackmap.");
484 break;
485 case STACK_SIZE_MISMATCH:
486 ss->print("Current frame's stack size doesn't match stackmap.");
487 break;
488 case STACK_OVERFLOW:
489 ss->print("Exceeded max stack size.");
490 break;
491 case STACK_UNDERFLOW:
492 ss->print("Attempt to pop empty stack.");
493 break;
494 case MISSING_STACKMAP:
495 ss->print("Expected stackmap frame at this location.");
496 break;
497 case BAD_STACKMAP:
498 ss->print("Invalid stackmap specification.");
499 break;
500 case WRONG_INLINE_TYPE:
501 ss->print("Type ");
502 _type.details(ss);
503 ss->print(" and type ");
504 _expected.details(ss);
505 ss->print(" must be identical inline types.");
506 break;
507 case UNKNOWN:
508 default:
509 ShouldNotReachHere();
510 ss->print_cr("Unknown");
511 }
512 ss->cr();
513 }
514
515 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
516 if (_bci != -1 && method != nullptr) {
517 streamIndentor si(ss);
518 const char* bytecode_name = "<invalid>";
519 if (method->validate_bci(_bci) != -1) {
520 Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
521 if (Bytecodes::is_defined(code)) {
522 bytecode_name = Bytecodes::name(code);
523 } else {
524 bytecode_name = "<illegal>";
525 }
526 }
581 stack_map_frame* sm_frame = sm_table->entries();
582 streamIndentor si2(ss);
583 int current_offset = -1;
584 address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
585 for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
586 ss->indent();
587 if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
588 sm_frame->print_truncated(ss, current_offset);
589 return;
590 }
591 sm_frame->print_on(ss, current_offset);
592 ss->cr();
593 current_offset += sm_frame->offset_delta();
594 sm_frame = sm_frame->next();
595 }
596 }
597 }
598
599 // Methods in ClassVerifier
600
601 VerificationType reference_or_inline_type(InstanceKlass* klass) {
602 // if (klass->is_inline_klass()) {
603 // return VerificationType::inline_type(klass->name());
604 // } else {
605 // return VerificationType::reference_type(klass->name());
606 // } // LW401 CR required: verifier update/cleanup
607 return VerificationType::reference_type(klass->name());
608 }
609
610 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
611 : _thread(current), _previous_symbol(nullptr), _symbols(nullptr), _exception_type(nullptr),
612 _message(nullptr), _klass(klass) {
613 _this_type = reference_or_inline_type(klass);
614 }
615
616 ClassVerifier::~ClassVerifier() {
617 // Decrement the reference count for any symbols created.
618 if (_symbols != nullptr) {
619 for (int i = 0; i < _symbols->length(); i++) {
620 Symbol* s = _symbols->at(i);
621 s->decrement_refcount();
622 }
623 }
624 }
625
626 VerificationType ClassVerifier::object_type() const {
627 return VerificationType::reference_type(vmSymbols::java_lang_Object());
628 }
629
630 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
631 VerificationType vt = VerificationType::reference_type(
632 create_temporary_symbol(sig, (int)strlen(sig)));
633 return TypeOrigin::implicit(vt);
1037 case Bytecodes::_daload :
1038 type = current_frame.pop_stack(
1039 VerificationType::integer_type(), CHECK_VERIFY(this));
1040 atype = current_frame.pop_stack(
1041 VerificationType::reference_check(), CHECK_VERIFY(this));
1042 if (!atype.is_double_array()) {
1043 verify_error(ErrorContext::bad_type(bci,
1044 current_frame.stack_top_ctx(), ref_ctx("[D")),
1045 bad_type_msg, "daload");
1046 return;
1047 }
1048 current_frame.push_stack_2(
1049 VerificationType::double_type(),
1050 VerificationType::double2_type(), CHECK_VERIFY(this));
1051 no_control_flow = false; break;
1052 case Bytecodes::_aaload : {
1053 type = current_frame.pop_stack(
1054 VerificationType::integer_type(), CHECK_VERIFY(this));
1055 atype = current_frame.pop_stack(
1056 VerificationType::reference_check(), CHECK_VERIFY(this));
1057 if (!atype.is_nonscalar_array()) {
1058 verify_error(ErrorContext::bad_type(bci,
1059 current_frame.stack_top_ctx(),
1060 TypeOrigin::implicit(VerificationType::reference_check())),
1061 bad_type_msg, "aaload");
1062 return;
1063 }
1064 if (atype.is_null()) {
1065 current_frame.push_stack(
1066 VerificationType::null_type(), CHECK_VERIFY(this));
1067 } else {
1068 VerificationType component = atype.get_component(this);
1069 current_frame.push_stack(component, CHECK_VERIFY(this));
1070 }
1071 no_control_flow = false; break;
1072 }
1073 case Bytecodes::_istore :
1074 verify_istore(bcs.get_index(), ¤t_frame, CHECK_VERIFY(this));
1075 no_control_flow = false; break;
1076 case Bytecodes::_istore_0 :
1077 case Bytecodes::_istore_1 :
1215 VerificationType::double2_type(),
1216 VerificationType::double_type(), CHECK_VERIFY(this));
1217 current_frame.pop_stack(
1218 VerificationType::integer_type(), CHECK_VERIFY(this));
1219 atype = current_frame.pop_stack(
1220 VerificationType::reference_check(), CHECK_VERIFY(this));
1221 if (!atype.is_double_array()) {
1222 verify_error(ErrorContext::bad_type(bci,
1223 current_frame.stack_top_ctx(), ref_ctx("[D")),
1224 bad_type_msg, "dastore");
1225 return;
1226 }
1227 no_control_flow = false; break;
1228 case Bytecodes::_aastore :
1229 type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1230 type2 = current_frame.pop_stack(
1231 VerificationType::integer_type(), CHECK_VERIFY(this));
1232 atype = current_frame.pop_stack(
1233 VerificationType::reference_check(), CHECK_VERIFY(this));
1234 // more type-checking is done at runtime
1235 if (!atype.is_nonscalar_array()) {
1236 verify_error(ErrorContext::bad_type(bci,
1237 current_frame.stack_top_ctx(),
1238 TypeOrigin::implicit(VerificationType::reference_check())),
1239 bad_type_msg, "aastore");
1240 return;
1241 }
1242 // 4938384: relaxed constraint in JVMS 3rd edition.
1243 no_control_flow = false; break;
1244 case Bytecodes::_pop :
1245 current_frame.pop_stack(
1246 VerificationType::category1_check(), CHECK_VERIFY(this));
1247 no_control_flow = false; break;
1248 case Bytecodes::_pop2 :
1249 type = current_frame.pop_stack(CHECK_VERIFY(this));
1250 if (type.is_category1()) {
1251 current_frame.pop_stack(
1252 VerificationType::category1_check(), CHECK_VERIFY(this));
1253 } else if (type.is_category2_2nd()) {
1254 current_frame.pop_stack(
1255 VerificationType::category2_check(), CHECK_VERIFY(this));
1615 case Bytecodes::_if_icmpgt:
1616 case Bytecodes::_if_icmple:
1617 current_frame.pop_stack(
1618 VerificationType::integer_type(), CHECK_VERIFY(this));
1619 // fall through
1620 case Bytecodes::_ifeq:
1621 case Bytecodes::_ifne:
1622 case Bytecodes::_iflt:
1623 case Bytecodes::_ifge:
1624 case Bytecodes::_ifgt:
1625 case Bytecodes::_ifle:
1626 current_frame.pop_stack(
1627 VerificationType::integer_type(), CHECK_VERIFY(this));
1628 target = bcs.dest();
1629 stackmap_table.check_jump_target(
1630 ¤t_frame, target, CHECK_VERIFY(this));
1631 no_control_flow = false; break;
1632 case Bytecodes::_if_acmpeq :
1633 case Bytecodes::_if_acmpne :
1634 current_frame.pop_stack(
1635 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1636 // fall through
1637 case Bytecodes::_ifnull :
1638 case Bytecodes::_ifnonnull :
1639 current_frame.pop_stack(
1640 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1641 target = bcs.dest();
1642 stackmap_table.check_jump_target
1643 (¤t_frame, target, CHECK_VERIFY(this));
1644 no_control_flow = false; break;
1645 case Bytecodes::_goto :
1646 target = bcs.dest();
1647 stackmap_table.check_jump_target(
1648 ¤t_frame, target, CHECK_VERIFY(this));
1649 no_control_flow = true; break;
1650 case Bytecodes::_goto_w :
1651 target = bcs.dest_w();
1652 stackmap_table.check_jump_target(
1653 ¤t_frame, target, CHECK_VERIFY(this));
1654 no_control_flow = true; break;
1655 case Bytecodes::_tableswitch :
1656 case Bytecodes::_lookupswitch :
1657 verify_switch(
1658 &bcs, code_length, code_data, ¤t_frame,
1659 &stackmap_table, CHECK_VERIFY(this));
1660 no_control_flow = true; break;
1671 VerificationType::long_type(), CHECK_VERIFY(this));
1672 verify_return_value(return_type, type, bci,
1673 ¤t_frame, CHECK_VERIFY(this));
1674 no_control_flow = true; break;
1675 case Bytecodes::_freturn :
1676 type = current_frame.pop_stack(
1677 VerificationType::float_type(), CHECK_VERIFY(this));
1678 verify_return_value(return_type, type, bci,
1679 ¤t_frame, CHECK_VERIFY(this));
1680 no_control_flow = true; break;
1681 case Bytecodes::_dreturn :
1682 type2 = current_frame.pop_stack(
1683 VerificationType::double2_type(), CHECK_VERIFY(this));
1684 type = current_frame.pop_stack(
1685 VerificationType::double_type(), CHECK_VERIFY(this));
1686 verify_return_value(return_type, type, bci,
1687 ¤t_frame, CHECK_VERIFY(this));
1688 no_control_flow = true; break;
1689 case Bytecodes::_areturn :
1690 type = current_frame.pop_stack(
1691 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1692 verify_return_value(return_type, type, bci,
1693 ¤t_frame, CHECK_VERIFY(this));
1694 no_control_flow = true; break;
1695 case Bytecodes::_return :
1696 if (return_type != VerificationType::bogus_type()) {
1697 verify_error(ErrorContext::bad_code(bci),
1698 "Method expects a return value");
1699 return;
1700 }
1701 // Make sure "this" has been initialized if current method is an
1702 // <init>.
1703 if (_method->is_object_constructor() &&
1704 current_frame.flag_this_uninit()) {
1705 verify_error(ErrorContext::bad_code(bci),
1706 "Constructor must call super() or this() "
1707 "before return");
1708 return;
1709 }
1710 no_control_flow = true; break;
1711 case Bytecodes::_getstatic :
1712 case Bytecodes::_putstatic :
1713 // pass TRUE, operand can be an array type for getstatic/putstatic.
1714 verify_field_instructions(
1715 &bcs, ¤t_frame, cp, true, CHECK_VERIFY(this));
1716 no_control_flow = false; break;
1717 case Bytecodes::_getfield :
1718 case Bytecodes::_putfield :
1719 // pass FALSE, operand can't be an array type for getfield/putfield.
1720 verify_field_instructions(
1721 &bcs, ¤t_frame, cp, false, CHECK_VERIFY(this));
1722 no_control_flow = false; break;
1723 case Bytecodes::_invokevirtual :
1724 case Bytecodes::_invokespecial :
1725 case Bytecodes::_invokestatic :
1726 case Bytecodes::_invokeinterface :
1727 case Bytecodes::_invokedynamic :
1728 verify_invoke_instructions(
1729 &bcs, code_length, ¤t_frame, (bci >= ex_min && bci < ex_max),
1730 &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1731 no_control_flow = false; break;
1732 case Bytecodes::_new :
1733 {
1734 u2 index = bcs.get_index_u2();
1735 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1736 VerificationType new_class_type =
1737 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1738 if (!new_class_type.is_object()) {
1739 verify_error(ErrorContext::bad_type(bci,
1740 TypeOrigin::cp(index, new_class_type)),
1741 "Illegal new instruction");
1742 return;
1743 }
1744 type = VerificationType::uninitialized_type(checked_cast<u2>(bci));
1745 current_frame.push_stack(type, CHECK_VERIFY(this));
1746 no_control_flow = false; break;
1747 }
1748 case Bytecodes::_newarray :
1749 type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1750 current_frame.pop_stack(
1768 no_control_flow = false; break;
1769 case Bytecodes::_checkcast :
1770 {
1771 u2 index = bcs.get_index_u2();
1772 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1773 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1774 VerificationType klass_type = cp_index_to_type(
1775 index, cp, CHECK_VERIFY(this));
1776 current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1777 no_control_flow = false; break;
1778 }
1779 case Bytecodes::_instanceof : {
1780 u2 index = bcs.get_index_u2();
1781 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1782 current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1783 current_frame.push_stack(
1784 VerificationType::integer_type(), CHECK_VERIFY(this));
1785 no_control_flow = false; break;
1786 }
1787 case Bytecodes::_monitorenter :
1788 case Bytecodes::_monitorexit : {
1789 VerificationType ref = current_frame.pop_stack(
1790 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1791 no_control_flow = false; break;
1792 }
1793 case Bytecodes::_multianewarray :
1794 {
1795 u2 index = bcs.get_index_u2();
1796 u2 dim = *(bcs.bcp()+3);
1797 verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1798 VerificationType new_array_type =
1799 cp_index_to_type(index, cp, CHECK_VERIFY(this));
1800 if (!new_array_type.is_array()) {
1801 verify_error(ErrorContext::bad_type(bci,
1802 TypeOrigin::cp(index, new_array_type)),
1803 "Illegal constant pool index in multianewarray instruction");
1804 return;
1805 }
1806 if (dim < 1 || new_array_type.dimensions() < dim) {
1807 verify_error(ErrorContext::bad_code(bci),
1808 "Illegal dimension in multianewarray instruction: %d", dim);
1809 return;
1810 }
1811 for (int i = 0; i < dim; i++) {
1812 current_frame.pop_stack(
2037 int nconstants = cp->length();
2038 if ((index <= 0) || (index >= nconstants)) {
2039 verify_error(ErrorContext::bad_cp_index(bci, index),
2040 "Illegal constant pool index %d in class %s",
2041 index, cp->pool_holder()->external_name());
2042 return;
2043 }
2044 }
2045
2046 void ClassVerifier::verify_cp_type(
2047 int bci, u2 index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2048
2049 // In some situations, bytecode rewriting may occur while we're verifying.
2050 // In this case, a constant pool cache exists and some indices refer to that
2051 // instead. Be sure we don't pick up such indices by accident.
2052 // We must check was_recursively_verified() before we get here.
2053 guarantee(cp->cache() == nullptr, "not rewritten yet");
2054
2055 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2056 unsigned int tag = cp->tag_at(index).value();
2057
2058 if ((types & (1 << tag)) == 0) {
2059 verify_error(ErrorContext::bad_cp_index(bci, index),
2060 "Illegal type at constant pool entry %d in class %s",
2061 index, cp->pool_holder()->external_name());
2062 return;
2063 }
2064 }
2065
2066 void ClassVerifier::verify_cp_class_type(
2067 int bci, u2 index, const constantPoolHandle& cp, TRAPS) {
2068 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2069 constantTag tag = cp->tag_at(index);
2070 if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2071 verify_error(ErrorContext::bad_cp_index(bci, index),
2072 "Illegal type at constant pool entry %d in class %s",
2073 index, cp->pool_holder()->external_name());
2074 return;
2075 }
2076 }
2077
2152 } else {
2153 Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2154 if (member_klass != nullptr && fd.is_protected()) {
2155 if (!this_class->is_same_class_package(member_klass)) {
2156 return true;
2157 }
2158 }
2159 }
2160 return false;
2161 }
2162
2163 void ClassVerifier::verify_ldc(
2164 int opcode, u2 index, StackMapFrame* current_frame,
2165 const constantPoolHandle& cp, int bci, TRAPS) {
2166 verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2167 constantTag tag = cp->tag_at(index);
2168 unsigned int types = 0;
2169 if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2170 if (!tag.is_unresolved_klass()) {
2171 types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2172 | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2173 | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2174 | (1 << JVM_CONSTANT_Dynamic);
2175 // Note: The class file parser already verified the legality of
2176 // MethodHandle and MethodType constants.
2177 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2178 }
2179 } else {
2180 assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2181 types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2182 | (1 << JVM_CONSTANT_Dynamic);
2183 verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2184 }
2185 if (tag.is_string()) {
2186 current_frame->push_stack(
2187 VerificationType::reference_type(
2188 vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2189 } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2190 current_frame->push_stack(
2191 VerificationType::reference_type(
2192 vmSymbols::java_lang_Class()), CHECK_VERIFY(this));
2327 const constantPoolHandle& cp,
2328 bool allow_arrays,
2329 TRAPS) {
2330 u2 index = bcs->get_index_u2();
2331 verify_cp_type(bcs->bci(), index, cp,
2332 1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2333
2334 // Get field name and signature
2335 Symbol* field_name = cp->uncached_name_ref_at(index);
2336 Symbol* field_sig = cp->uncached_signature_ref_at(index);
2337 bool is_getfield = false;
2338
2339 // Field signature was checked in ClassFileParser.
2340 assert(SignatureVerifier::is_valid_type_signature(field_sig),
2341 "Invalid field signature");
2342
2343 // Get referenced class type
2344 VerificationType ref_class_type = cp_ref_index_to_type(
2345 index, cp, CHECK_VERIFY(this));
2346 if (!ref_class_type.is_object() &&
2347 (!allow_arrays || !ref_class_type.is_array())) {
2348 verify_error(ErrorContext::bad_type(bcs->bci(),
2349 TypeOrigin::cp(index, ref_class_type)),
2350 "Expecting reference to class in class %s at constant pool index %d",
2351 _klass->external_name(), index);
2352 return;
2353 }
2354
2355 VerificationType target_class_type = ref_class_type;
2356
2357 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2358 "buffer type must match VerificationType size");
2359 uintptr_t field_type_buffer[2];
2360 VerificationType* field_type = (VerificationType*)field_type_buffer;
2361 // If we make a VerificationType[2] array directly, the compiler calls
2362 // to the c-runtime library to do the allocation instead of just
2363 // stack allocating it. Plus it would run constructors. This shows up
2364 // in performance profiles.
2365
2366 SignatureStream sig_stream(field_sig, false);
2367 VerificationType stack_object_type;
2368 int n = change_sig_to_verificationType(&sig_stream, field_type);
2369 int bci = bcs->bci();
2370 bool is_assignable;
2371 switch (bcs->raw_code()) {
2372 case Bytecodes::_getstatic: {
2373 for (int i = 0; i < n; i++) {
2374 current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2787 bool ClassVerifier::is_same_or_direct_interface(
2788 InstanceKlass* klass,
2789 VerificationType klass_type,
2790 VerificationType ref_class_type) {
2791 if (ref_class_type.equals(klass_type)) return true;
2792 Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2793 if (local_interfaces != nullptr) {
2794 for (int x = 0; x < local_interfaces->length(); x++) {
2795 InstanceKlass* k = local_interfaces->at(x);
2796 assert (k != nullptr && k->is_interface(), "invalid interface");
2797 if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2798 return true;
2799 }
2800 }
2801 }
2802 return false;
2803 }
2804
2805 void ClassVerifier::verify_invoke_instructions(
2806 RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2807 bool in_try_block, bool *this_uninit,
2808 const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2809 // Make sure the constant pool item is the right type
2810 u2 index = bcs->get_index_u2();
2811 Bytecodes::Code opcode = bcs->raw_code();
2812 unsigned int types = 0;
2813 switch (opcode) {
2814 case Bytecodes::_invokeinterface:
2815 types = 1 << JVM_CONSTANT_InterfaceMethodref;
2816 break;
2817 case Bytecodes::_invokedynamic:
2818 types = 1 << JVM_CONSTANT_InvokeDynamic;
2819 break;
2820 case Bytecodes::_invokespecial:
2821 case Bytecodes::_invokestatic:
2822 types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2823 (1 << JVM_CONSTANT_Methodref) :
2824 ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2825 break;
2826 default:
2827 types = 1 << JVM_CONSTANT_Methodref;
2828 }
2829 verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2830
2831 // Get method name and signature
2832 Symbol* method_name = cp->uncached_name_ref_at(index);
2833 Symbol* method_sig = cp->uncached_signature_ref_at(index);
2834
2835 // Method signature was checked in ClassFileParser.
2836 assert(SignatureVerifier::is_valid_method_signature(method_sig),
2837 "Invalid method signature");
2838
2839 // Get referenced class
2840 VerificationType ref_class_type;
2841 if (opcode == Bytecodes::_invokedynamic) {
2842 if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2843 class_format_error(
2844 "invokedynamic instructions not supported by this class file version (%d), class %s",
2845 _klass->major_version(), _klass->external_name());
2846 return;
2847 }
2848 } else {
2849 ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2850 }
2851
2852 assert(sizeof(VerificationType) == sizeof(uintptr_t),
2853 "buffer type must match VerificationType size");
2854
2855 // Get the UTF8 index for this signature.
2856 int sig_index = cp->signature_ref_index_at(cp->uncached_name_and_type_ref_index_at(index));
2857
2858 // Get the signature's verification types.
2859 sig_as_verification_types* mth_sig_verif_types;
2885 "Inconsistent args count operand in invokeinterface");
2886 return;
2887 }
2888 if (*(bcp+4) != 0) {
2889 verify_error(ErrorContext::bad_code(bci),
2890 "Fourth operand byte of invokeinterface must be zero");
2891 return;
2892 }
2893 }
2894
2895 if (opcode == Bytecodes::_invokedynamic) {
2896 address bcp = bcs->bcp();
2897 if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2898 verify_error(ErrorContext::bad_code(bci),
2899 "Third and fourth operand bytes of invokedynamic must be zero");
2900 return;
2901 }
2902 }
2903
2904 if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2905 // Make sure:
2906 // <init> can only be invoked by invokespecial.
2907 if (opcode != Bytecodes::_invokespecial ||
2908 method_name != vmSymbols::object_initializer_name()) {
2909 verify_error(ErrorContext::bad_code(bci),
2910 "Illegal call to internal method");
2911 return;
2912 }
2913 } else if (opcode == Bytecodes::_invokespecial
2914 && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2915 && !ref_class_type.equals(VerificationType::reference_type(
2916 current_class()->super()->name()))) { // super() can never be an inline_type.
2917 bool subtype = false;
2918 bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2919 subtype = ref_class_type.is_assignable_from(
2920 current_type(), this, false, CHECK_VERIFY(this));
2921 if (!subtype) {
2922 verify_error(ErrorContext::bad_code(bci),
2923 "Bad invokespecial instruction: "
2924 "current class isn't assignable to reference class.");
2925 return;
2926 } else if (have_imr_indirect) {
2927 verify_error(ErrorContext::bad_code(bci),
2928 "Bad invokespecial instruction: "
2929 "interface method reference is in an indirect superinterface.");
2930 return;
2931 }
2932
2933 }
2934
2935 // Get the verification types for the method's arguments.
2936 GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2981 verify_error(ErrorContext::bad_type(bci,
2982 current_frame->stack_top_ctx(),
2983 TypeOrigin::implicit(current_type())),
2984 "Bad access to protected data in invokevirtual");
2985 return;
2986 }
2987 }
2988 }
2989 }
2990 }
2991 } else {
2992 assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2993 current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2994 }
2995 }
2996 }
2997 // Push the result type.
2998 int sig_verif_types_len = sig_verif_types->length();
2999 if (sig_verif_types_len > nargs) { // There's a return type
3000 if (method_name == vmSymbols::object_initializer_name()) {
3001 // an <init> method must have a void return type
3002 verify_error(ErrorContext::bad_code(bci),
3003 "Return type must be void in <init> method");
3004 return;
3005 }
3006
3007 assert(sig_verif_types_len <= nargs + 2,
3008 "Signature verification types array return type is bogus");
3009 for (int i = nargs; i < sig_verif_types_len; i++) {
3010 assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3011 sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3012 current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3013 }
3014 }
3015 }
3016
3017 VerificationType ClassVerifier::get_newarray_type(
3018 u2 index, int bci, TRAPS) {
3019 const char* from_bt[] = {
3020 nullptr, nullptr, nullptr, nullptr, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3021 };
3087 }
3088
3089 void ClassVerifier::verify_fload(int index, StackMapFrame* current_frame, TRAPS) {
3090 current_frame->get_local(
3091 index, VerificationType::float_type(), CHECK_VERIFY(this));
3092 current_frame->push_stack(
3093 VerificationType::float_type(), CHECK_VERIFY(this));
3094 }
3095
3096 void ClassVerifier::verify_dload(int index, StackMapFrame* current_frame, TRAPS) {
3097 current_frame->get_local_2(
3098 index, VerificationType::double_type(),
3099 VerificationType::double2_type(), CHECK_VERIFY(this));
3100 current_frame->push_stack_2(
3101 VerificationType::double_type(),
3102 VerificationType::double2_type(), CHECK_VERIFY(this));
3103 }
3104
3105 void ClassVerifier::verify_aload(int index, StackMapFrame* current_frame, TRAPS) {
3106 VerificationType type = current_frame->get_local(
3107 index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3108 current_frame->push_stack(type, CHECK_VERIFY(this));
3109 }
3110
3111 void ClassVerifier::verify_istore(int index, StackMapFrame* current_frame, TRAPS) {
3112 current_frame->pop_stack(
3113 VerificationType::integer_type(), CHECK_VERIFY(this));
3114 current_frame->set_local(
3115 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3116 }
3117
3118 void ClassVerifier::verify_lstore(int index, StackMapFrame* current_frame, TRAPS) {
3119 current_frame->pop_stack_2(
3120 VerificationType::long2_type(),
3121 VerificationType::long_type(), CHECK_VERIFY(this));
3122 current_frame->set_local_2(
3123 index, VerificationType::long_type(),
3124 VerificationType::long2_type(), CHECK_VERIFY(this));
3125 }
3126
3127 void ClassVerifier::verify_fstore(int index, StackMapFrame* current_frame, TRAPS) {
3128 current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3129 current_frame->set_local(
3130 index, VerificationType::float_type(), CHECK_VERIFY(this));
3131 }
3132
3133 void ClassVerifier::verify_dstore(int index, StackMapFrame* current_frame, TRAPS) {
3134 current_frame->pop_stack_2(
3135 VerificationType::double2_type(),
3136 VerificationType::double_type(), CHECK_VERIFY(this));
3137 current_frame->set_local_2(
3138 index, VerificationType::double_type(),
3139 VerificationType::double2_type(), CHECK_VERIFY(this));
3140 }
3141
3142 void ClassVerifier::verify_astore(int index, StackMapFrame* current_frame, TRAPS) {
3143 VerificationType type = current_frame->pop_stack(
3144 VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3145 current_frame->set_local(index, type, CHECK_VERIFY(this));
3146 }
3147
3148 void ClassVerifier::verify_iinc(int index, StackMapFrame* current_frame, TRAPS) {
3149 VerificationType type = current_frame->get_local(
3150 index, VerificationType::integer_type(), CHECK_VERIFY(this));
3151 current_frame->set_local(index, type, CHECK_VERIFY(this));
3152 }
3153
3154 void ClassVerifier::verify_return_value(
3155 VerificationType return_type, VerificationType type, int bci,
3156 StackMapFrame* current_frame, TRAPS) {
3157 if (return_type == VerificationType::bogus_type()) {
3158 verify_error(ErrorContext::bad_type(bci,
3159 current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3160 "Method does not expect a return value");
3161 return;
3162 }
3163 bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3164 if (!match) {
|