< prev index next >

src/hotspot/share/classfile/verifier.cpp

Print this page

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/jniHandles.inline.hpp"
  56 #include "runtime/os.hpp"
  57 #include "runtime/safepointVerifiers.hpp"
  58 #include "runtime/thread.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52

  66 #define MAX_ARRAY_DIMENSIONS 255
  67 
  68 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  69 
  70 extern "C" {
  71   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  72 }
  73 
  74 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  75 
  76 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  77 
  78   if (_verify_byte_codes_fn != NULL)
  79     return _verify_byte_codes_fn;
  80 
  81   MutexLocker locker(Verify_lock);
  82 
  83   if (_verify_byte_codes_fn != NULL)
  84     return _verify_byte_codes_fn;
  85 

 258       }
 259       kls = kls->super();
 260     }
 261     if (message_buffer != NULL) {
 262       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 263     }
 264     assert(exception_message != NULL, "");
 265     THROW_MSG_(exception_name, exception_message, false);
 266   }
 267 }
 268 
 269 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 270   Symbol* name = klass->name();
 271   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 272 
 273   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 274 
 275   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 276     // return if the class is a bootstrapping class
 277     // or defineClass specified not to verify by default (flags override passed arg)
 278     // We need to skip the following four for bootstraping
 279     name != vmSymbols::java_lang_Object() &&
 280     name != vmSymbols::java_lang_Class() &&
 281     name != vmSymbols::java_lang_String() &&
 282     name != vmSymbols::java_lang_Throwable() &&
 283 
 284     // Can not verify the bytecodes for shared classes because they have
 285     // already been rewritten to contain constant pool cache indices,
 286     // which the verifier can't understand.
 287     // Shared classes shouldn't have stackmaps either.
 288     // However, bytecodes for shared old classes can be verified because
 289     // they have not been rewritten.
 290     !(klass->is_shared() && klass->is_rewritten()) &&
 291 
 292     // As of the fix for 4486457 we disable verification for all of the
 293     // dynamically-generated bytecodes associated with the 1.4
 294     // reflection implementation, not just those associated with
 295     // jdk/internal/reflect/SerializationConstructorAccessor.
 296     // NOTE: this is called too early in the bootstrapping process to be
 297     // guarded by Universe::is_gte_jdk14x_version().
 298     // Also for lambda generated code, gte jdk8

 481       ss->print("Local index %d is invalid", _type.index());
 482       break;
 483     case LOCALS_SIZE_MISMATCH:
 484       ss->print("Current frame's local size doesn't match stackmap.");
 485       break;
 486     case STACK_SIZE_MISMATCH:
 487       ss->print("Current frame's stack size doesn't match stackmap.");
 488       break;
 489     case STACK_OVERFLOW:
 490       ss->print("Exceeded max stack size.");
 491       break;
 492     case STACK_UNDERFLOW:
 493       ss->print("Attempt to pop empty stack.");
 494       break;
 495     case MISSING_STACKMAP:
 496       ss->print("Expected stackmap frame at this location.");
 497       break;
 498     case BAD_STACKMAP:
 499       ss->print("Invalid stackmap specification.");
 500       break;







 501     case UNKNOWN:
 502     default:
 503       ShouldNotReachHere();
 504       ss->print_cr("Unknown");
 505   }
 506   ss->cr();
 507 }
 508 
 509 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 510   if (_bci != -1 && method != NULL) {
 511     streamIndentor si(ss);
 512     const char* bytecode_name = "<invalid>";
 513     if (method->validate_bci(_bci) != -1) {
 514       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 515       if (Bytecodes::is_defined(code)) {
 516           bytecode_name = Bytecodes::name(code);
 517       } else {
 518           bytecode_name = "<illegal>";
 519       }
 520     }

 575     stack_map_frame* sm_frame = sm_table->entries();
 576     streamIndentor si2(ss);
 577     int current_offset = -1;
 578     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 579     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 580       ss->indent();
 581       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 582         sm_frame->print_truncated(ss, current_offset);
 583         return;
 584       }
 585       sm_frame->print_on(ss, current_offset);
 586       ss->cr();
 587       current_offset += sm_frame->offset_delta();
 588       sm_frame = sm_frame->next();
 589     }
 590   }
 591 }
 592 
 593 // Methods in ClassVerifier
 594 








 595 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 596     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 597       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 598   _this_type = VerificationType::reference_type(klass->name());
 599 }
 600 
 601 ClassVerifier::~ClassVerifier() {
 602   // Decrement the reference count for any symbols created.
 603   if (_symbols != NULL) {
 604     for (int i = 0; i < _symbols->length(); i++) {
 605       Symbol* s = _symbols->at(i);
 606       s->decrement_refcount();
 607     }
 608   }
 609 }
 610 
 611 VerificationType ClassVerifier::object_type() const {
 612   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 613 }
 614 
 615 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 616   VerificationType vt = VerificationType::reference_type(
 617                          create_temporary_symbol(sig, (int)strlen(sig)));
 618   return TypeOrigin::implicit(vt);

1022         case Bytecodes::_daload :
1023           type = current_frame.pop_stack(
1024             VerificationType::integer_type(), CHECK_VERIFY(this));
1025           atype = current_frame.pop_stack(
1026             VerificationType::reference_check(), CHECK_VERIFY(this));
1027           if (!atype.is_double_array()) {
1028             verify_error(ErrorContext::bad_type(bci,
1029                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1030                 bad_type_msg, "daload");
1031             return;
1032           }
1033           current_frame.push_stack_2(
1034             VerificationType::double_type(),
1035             VerificationType::double2_type(), CHECK_VERIFY(this));
1036           no_control_flow = false; break;
1037         case Bytecodes::_aaload : {
1038           type = current_frame.pop_stack(
1039             VerificationType::integer_type(), CHECK_VERIFY(this));
1040           atype = current_frame.pop_stack(
1041             VerificationType::reference_check(), CHECK_VERIFY(this));
1042           if (!atype.is_reference_array()) {
1043             verify_error(ErrorContext::bad_type(bci,
1044                 current_frame.stack_top_ctx(),
1045                 TypeOrigin::implicit(VerificationType::reference_check())),
1046                 bad_type_msg, "aaload");
1047             return;
1048           }
1049           if (atype.is_null()) {
1050             current_frame.push_stack(
1051               VerificationType::null_type(), CHECK_VERIFY(this));
1052           } else {
1053             VerificationType component = atype.get_component(this);
1054             current_frame.push_stack(component, CHECK_VERIFY(this));
1055           }
1056           no_control_flow = false; break;
1057         }
1058         case Bytecodes::_istore :
1059           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1060           no_control_flow = false; break;
1061         case Bytecodes::_istore_0 :
1062         case Bytecodes::_istore_1 :

1195             VerificationType::double2_type(),
1196             VerificationType::double_type(), CHECK_VERIFY(this));
1197           current_frame.pop_stack(
1198             VerificationType::integer_type(), CHECK_VERIFY(this));
1199           atype = current_frame.pop_stack(
1200             VerificationType::reference_check(), CHECK_VERIFY(this));
1201           if (!atype.is_double_array()) {
1202             verify_error(ErrorContext::bad_type(bci,
1203                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1204                 bad_type_msg, "dastore");
1205             return;
1206           }
1207           no_control_flow = false; break;
1208         case Bytecodes::_aastore :
1209           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1210           type2 = current_frame.pop_stack(
1211             VerificationType::integer_type(), CHECK_VERIFY(this));
1212           atype = current_frame.pop_stack(
1213             VerificationType::reference_check(), CHECK_VERIFY(this));
1214           // more type-checking is done at runtime
1215           if (!atype.is_reference_array()) {
1216             verify_error(ErrorContext::bad_type(bci,
1217                 current_frame.stack_top_ctx(),
1218                 TypeOrigin::implicit(VerificationType::reference_check())),
1219                 bad_type_msg, "aastore");
1220             return;
1221           }
1222           // 4938384: relaxed constraint in JVMS 3nd edition.
1223           no_control_flow = false; break;
1224         case Bytecodes::_pop :
1225           current_frame.pop_stack(
1226             VerificationType::category1_check(), CHECK_VERIFY(this));
1227           no_control_flow = false; break;
1228         case Bytecodes::_pop2 :
1229           type = current_frame.pop_stack(CHECK_VERIFY(this));
1230           if (type.is_category1()) {
1231             current_frame.pop_stack(
1232               VerificationType::category1_check(), CHECK_VERIFY(this));
1233           } else if (type.is_category2_2nd()) {
1234             current_frame.pop_stack(
1235               VerificationType::category2_check(), CHECK_VERIFY(this));

1595         case Bytecodes::_if_icmpgt:
1596         case Bytecodes::_if_icmple:
1597           current_frame.pop_stack(
1598             VerificationType::integer_type(), CHECK_VERIFY(this));
1599           // fall through
1600         case Bytecodes::_ifeq:
1601         case Bytecodes::_ifne:
1602         case Bytecodes::_iflt:
1603         case Bytecodes::_ifge:
1604         case Bytecodes::_ifgt:
1605         case Bytecodes::_ifle:
1606           current_frame.pop_stack(
1607             VerificationType::integer_type(), CHECK_VERIFY(this));
1608           target = bcs.dest();
1609           stackmap_table.check_jump_target(
1610             &current_frame, target, CHECK_VERIFY(this));
1611           no_control_flow = false; break;
1612         case Bytecodes::_if_acmpeq :
1613         case Bytecodes::_if_acmpne :
1614           current_frame.pop_stack(
1615             VerificationType::reference_check(), CHECK_VERIFY(this));
1616           // fall through
1617         case Bytecodes::_ifnull :
1618         case Bytecodes::_ifnonnull :
1619           current_frame.pop_stack(
1620             VerificationType::reference_check(), CHECK_VERIFY(this));
1621           target = bcs.dest();
1622           stackmap_table.check_jump_target
1623             (&current_frame, target, CHECK_VERIFY(this));
1624           no_control_flow = false; break;
1625         case Bytecodes::_goto :
1626           target = bcs.dest();
1627           stackmap_table.check_jump_target(
1628             &current_frame, target, CHECK_VERIFY(this));
1629           no_control_flow = true; break;
1630         case Bytecodes::_goto_w :
1631           target = bcs.dest_w();
1632           stackmap_table.check_jump_target(
1633             &current_frame, target, CHECK_VERIFY(this));
1634           no_control_flow = true; break;
1635         case Bytecodes::_tableswitch :
1636         case Bytecodes::_lookupswitch :
1637           verify_switch(
1638             &bcs, code_length, code_data, &current_frame,
1639             &stackmap_table, CHECK_VERIFY(this));
1640           no_control_flow = true; break;

1651             VerificationType::long_type(), CHECK_VERIFY(this));
1652           verify_return_value(return_type, type, bci,
1653                               &current_frame, CHECK_VERIFY(this));
1654           no_control_flow = true; break;
1655         case Bytecodes::_freturn :
1656           type = current_frame.pop_stack(
1657             VerificationType::float_type(), CHECK_VERIFY(this));
1658           verify_return_value(return_type, type, bci,
1659                               &current_frame, CHECK_VERIFY(this));
1660           no_control_flow = true; break;
1661         case Bytecodes::_dreturn :
1662           type2 = current_frame.pop_stack(
1663             VerificationType::double2_type(),  CHECK_VERIFY(this));
1664           type = current_frame.pop_stack(
1665             VerificationType::double_type(), CHECK_VERIFY(this));
1666           verify_return_value(return_type, type, bci,
1667                               &current_frame, CHECK_VERIFY(this));
1668           no_control_flow = true; break;
1669         case Bytecodes::_areturn :
1670           type = current_frame.pop_stack(
1671             VerificationType::reference_check(), CHECK_VERIFY(this));
1672           verify_return_value(return_type, type, bci,
1673                               &current_frame, CHECK_VERIFY(this));
1674           no_control_flow = true; break;
1675         case Bytecodes::_return :
1676           if (return_type != VerificationType::bogus_type()) {
1677             verify_error(ErrorContext::bad_code(bci),
1678                          "Method expects a return value");
1679             return;
1680           }
1681           // Make sure "this" has been initialized if current method is an
1682           // <init>.
1683           if (_method->name() == vmSymbols::object_initializer_name() &&
1684               current_frame.flag_this_uninit()) {
1685             verify_error(ErrorContext::bad_code(bci),
1686                          "Constructor must call super() or this() "
1687                          "before return");
1688             return;
1689           }
1690           no_control_flow = true; break;
1691         case Bytecodes::_getstatic :
1692         case Bytecodes::_putstatic :
1693           // pass TRUE, operand can be an array type for getstatic/putstatic.
1694           verify_field_instructions(
1695             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1696           no_control_flow = false; break;
1697         case Bytecodes::_getfield :
1698         case Bytecodes::_putfield :
1699           // pass FALSE, operand can't be an array type for getfield/putfield.
1700           verify_field_instructions(
1701             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1702           no_control_flow = false; break;











1703         case Bytecodes::_invokevirtual :
1704         case Bytecodes::_invokespecial :
1705         case Bytecodes::_invokestatic :
1706           verify_invoke_instructions(
1707             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1708             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1709           no_control_flow = false; break;
1710         case Bytecodes::_invokeinterface :
1711         case Bytecodes::_invokedynamic :
1712           verify_invoke_instructions(
1713             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1714             &this_uninit, return_type, cp, &stackmap_table, CHECK_VERIFY(this));
1715           no_control_flow = false; break;
1716         case Bytecodes::_new :
1717         {
1718           index = bcs.get_index_u2();
1719           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1720           VerificationType new_class_type =
1721             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1722           if (!new_class_type.is_object()) {
1723             verify_error(ErrorContext::bad_type(bci,
1724                 TypeOrigin::cp(index, new_class_type)),
1725                 "Illegal new instruction");
1726             return;
1727           }
1728           type = VerificationType::uninitialized_type(bci);
1729           current_frame.push_stack(type, CHECK_VERIFY(this));
1730           no_control_flow = false; break;
1731         }






















1732         case Bytecodes::_newarray :
1733           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1734           current_frame.pop_stack(
1735             VerificationType::integer_type(),  CHECK_VERIFY(this));
1736           current_frame.push_stack(type, CHECK_VERIFY(this));
1737           no_control_flow = false; break;
1738         case Bytecodes::_anewarray :
1739           verify_anewarray(
1740             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1741           no_control_flow = false; break;
1742         case Bytecodes::_arraylength :
1743           type = current_frame.pop_stack(
1744             VerificationType::reference_check(), CHECK_VERIFY(this));
1745           if (!(type.is_null() || type.is_array())) {
1746             verify_error(ErrorContext::bad_type(
1747                 bci, current_frame.stack_top_ctx()),
1748                 bad_type_msg, "arraylength");
1749           }
1750           current_frame.push_stack(
1751             VerificationType::integer_type(), CHECK_VERIFY(this));
1752           no_control_flow = false; break;
1753         case Bytecodes::_checkcast :
1754         {
1755           index = bcs.get_index_u2();
1756           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1757           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1758           VerificationType klass_type = cp_index_to_type(
1759             index, cp, CHECK_VERIFY(this));
1760           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1761           no_control_flow = false; break;
1762         }
1763         case Bytecodes::_instanceof : {
1764           index = bcs.get_index_u2();
1765           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1766           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1767           current_frame.push_stack(
1768             VerificationType::integer_type(), CHECK_VERIFY(this));
1769           no_control_flow = false; break;
1770         }
1771         case Bytecodes::_monitorenter :
1772         case Bytecodes::_monitorexit :
1773           current_frame.pop_stack(
1774             VerificationType::reference_check(), CHECK_VERIFY(this));
1775           no_control_flow = false; break;

1776         case Bytecodes::_multianewarray :
1777         {
1778           index = bcs.get_index_u2();
1779           u2 dim = *(bcs.bcp()+3);
1780           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1781           VerificationType new_array_type =
1782             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1783           if (!new_array_type.is_array()) {
1784             verify_error(ErrorContext::bad_type(bci,
1785                 TypeOrigin::cp(index, new_array_type)),
1786                 "Illegal constant pool index in multianewarray instruction");
1787             return;
1788           }
1789           if (dim < 1 || new_array_type.dimensions() < dim) {
1790             verify_error(ErrorContext::bad_code(bci),
1791                 "Illegal dimension in multianewarray instruction: %d", dim);
1792             return;
1793           }
1794           for (int i = 0; i < dim; i++) {
1795             current_frame.pop_stack(

2020   int nconstants = cp->length();
2021   if ((index <= 0) || (index >= nconstants)) {
2022     verify_error(ErrorContext::bad_cp_index(bci, index),
2023         "Illegal constant pool index %d in class %s",
2024         index, cp->pool_holder()->external_name());
2025     return;
2026   }
2027 }
2028 
2029 void ClassVerifier::verify_cp_type(
2030     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2031 
2032   // In some situations, bytecode rewriting may occur while we're verifying.
2033   // In this case, a constant pool cache exists and some indices refer to that
2034   // instead.  Be sure we don't pick up such indices by accident.
2035   // We must check was_recursively_verified() before we get here.
2036   guarantee(cp->cache() == NULL, "not rewritten yet");
2037 
2038   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2039   unsigned int tag = cp->tag_at(index).value();

2040   if ((types & (1 << tag)) == 0) {
2041     verify_error(ErrorContext::bad_cp_index(bci, index),
2042       "Illegal type at constant pool entry %d in class %s",
2043       index, cp->pool_holder()->external_name());
2044     return;
2045   }
2046 }
2047 
2048 void ClassVerifier::verify_cp_class_type(
2049     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2050   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2051   constantTag tag = cp->tag_at(index);
2052   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2053     verify_error(ErrorContext::bad_cp_index(bci, index),
2054         "Illegal type at constant pool entry %d in class %s",
2055         index, cp->pool_holder()->external_name());
2056     return;
2057   }
2058 }
2059 

2134   } else {
2135     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2136     if (member_klass != NULL && fd.is_protected()) {
2137       if (!this_class->is_same_class_package(member_klass)) {
2138         return true;
2139       }
2140     }
2141   }
2142   return false;
2143 }
2144 
2145 void ClassVerifier::verify_ldc(
2146     int opcode, u2 index, StackMapFrame* current_frame,
2147     const constantPoolHandle& cp, u2 bci, TRAPS) {
2148   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2149   constantTag tag = cp->tag_at(index);
2150   unsigned int types = 0;
2151   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2152     if (!tag.is_unresolved_klass()) {
2153       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2154             | (1 << JVM_CONSTANT_String)  | (1 << JVM_CONSTANT_Class)
2155             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2156             | (1 << JVM_CONSTANT_Dynamic);
2157       // Note:  The class file parser already verified the legality of
2158       // MethodHandle and MethodType constants.
2159       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2160     }
2161   } else {
2162     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2163     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2164           | (1 << JVM_CONSTANT_Dynamic);
2165     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2166   }
2167   if (tag.is_string()) {
2168     current_frame->push_stack(
2169       VerificationType::reference_type(
2170         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2171   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2172     current_frame->push_stack(
2173       VerificationType::reference_type(
2174         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2308                                               StackMapFrame* current_frame,
2309                                               const constantPoolHandle& cp,
2310                                               bool allow_arrays,
2311                                               TRAPS) {
2312   u2 index = bcs->get_index_u2();
2313   verify_cp_type(bcs->bci(), index, cp,
2314       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2315 
2316   // Get field name and signature
2317   Symbol* field_name = cp->name_ref_at(index);
2318   Symbol* field_sig = cp->signature_ref_at(index);
2319 
2320   // Field signature was checked in ClassFileParser.
2321   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2322          "Invalid field signature");
2323 
2324   // Get referenced class type
2325   VerificationType ref_class_type = cp_ref_index_to_type(
2326     index, cp, CHECK_VERIFY(this));
2327   if (!ref_class_type.is_object() &&
2328     (!allow_arrays || !ref_class_type.is_array())) {
2329     verify_error(ErrorContext::bad_type(bcs->bci(),
2330         TypeOrigin::cp(index, ref_class_type)),
2331         "Expecting reference to class in class %s at constant pool index %d",
2332         _klass->external_name(), index);
2333     return;
2334   }

2335   VerificationType target_class_type = ref_class_type;
2336 
2337   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2338         "buffer type must match VerificationType size");
2339   uintptr_t field_type_buffer[2];
2340   VerificationType* field_type = (VerificationType*)field_type_buffer;
2341   // If we make a VerificationType[2] array directly, the compiler calls
2342   // to the c-runtime library to do the allocation instead of just
2343   // stack allocating it.  Plus it would run constructors.  This shows up
2344   // in performance profiles.
2345 
2346   SignatureStream sig_stream(field_sig, false);
2347   VerificationType stack_object_type;
2348   int n = change_sig_to_verificationType(&sig_stream, field_type);
2349   u2 bci = bcs->bci();
2350   bool is_assignable;
2351   switch (bcs->raw_code()) {
2352     case Bytecodes::_getstatic: {
2353       for (int i = 0; i < n; i++) {
2354         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2355       }
2356       break;
2357     }
2358     case Bytecodes::_putstatic: {
2359       for (int i = n - 1; i >= 0; i--) {
2360         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2361       }
2362       break;
2363     }











2364     case Bytecodes::_getfield: {
2365       stack_object_type = current_frame->pop_stack(
2366         target_class_type, CHECK_VERIFY(this));
2367       for (int i = 0; i < n; i++) {
2368         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2369       }
2370       goto check_protected;
2371     }
2372     case Bytecodes::_putfield: {
2373       for (int i = n - 1; i >= 0; i--) {
2374         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2375       }
2376       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2377 
2378       // The JVMS 2nd edition allows field initialization before the superclass
2379       // initializer, if the field is defined within the current class.
2380       fieldDescriptor fd;
2381       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2382           target_class_type.equals(current_type()) &&
2383           _klass->find_local_field(field_name, field_sig, &fd)) {

2752 bool ClassVerifier::is_same_or_direct_interface(
2753     InstanceKlass* klass,
2754     VerificationType klass_type,
2755     VerificationType ref_class_type) {
2756   if (ref_class_type.equals(klass_type)) return true;
2757   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2758   if (local_interfaces != NULL) {
2759     for (int x = 0; x < local_interfaces->length(); x++) {
2760       InstanceKlass* k = local_interfaces->at(x);
2761       assert (k != NULL && k->is_interface(), "invalid interface");
2762       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2763         return true;
2764       }
2765     }
2766   }
2767   return false;
2768 }
2769 
2770 void ClassVerifier::verify_invoke_instructions(
2771     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2772     bool in_try_block, bool *this_uninit, VerificationType return_type,
2773     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2774   // Make sure the constant pool item is the right type
2775   u2 index = bcs->get_index_u2();
2776   Bytecodes::Code opcode = bcs->raw_code();
2777   unsigned int types = 0;
2778   switch (opcode) {
2779     case Bytecodes::_invokeinterface:
2780       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2781       break;
2782     case Bytecodes::_invokedynamic:
2783       types = 1 << JVM_CONSTANT_InvokeDynamic;
2784       break;
2785     case Bytecodes::_invokespecial:
2786     case Bytecodes::_invokestatic:
2787       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2788         (1 << JVM_CONSTANT_Methodref) :
2789         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2790       break;
2791     default:
2792       types = 1 << JVM_CONSTANT_Methodref;
2793   }
2794   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2795 
2796   // Get method name and signature
2797   Symbol* method_name = cp->name_ref_at(index);
2798   Symbol* method_sig = cp->signature_ref_at(index);
2799 
2800   // Method signature was checked in ClassFileParser.
2801   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2802          "Invalid method signature");
2803 
2804   // Get referenced class type
2805   VerificationType ref_class_type;
2806   if (opcode == Bytecodes::_invokedynamic) {
2807     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2808       class_format_error(
2809         "invokedynamic instructions not supported by this class file version (%d), class %s",
2810         _klass->major_version(), _klass->external_name());
2811       return;
2812     }
2813   } else {
2814     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2815   }
2816 
2817   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2818         "buffer type must match VerificationType size");
2819 
2820   // Get the UTF8 index for this signature.
2821   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2822 
2823   // Get the signature's verification types.
2824   sig_as_verification_types* mth_sig_verif_types;

2850           "Inconsistent args count operand in invokeinterface");
2851       return;
2852     }
2853     if (*(bcp+4) != 0) {
2854       verify_error(ErrorContext::bad_code(bci),
2855           "Fourth operand byte of invokeinterface must be zero");
2856       return;
2857     }
2858   }
2859 
2860   if (opcode == Bytecodes::_invokedynamic) {
2861     address bcp = bcs->bcp();
2862     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2863       verify_error(ErrorContext::bad_code(bci),
2864           "Third and fourth operand bytes of invokedynamic must be zero");
2865       return;
2866     }
2867   }
2868 
2869   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2870     // Make sure <init> can only be invoked by invokespecial
2871     if (opcode != Bytecodes::_invokespecial ||


2872         method_name != vmSymbols::object_initializer_name()) {
2873       verify_error(ErrorContext::bad_code(bci),
2874           "Illegal call to internal method");
2875       return;
2876     }
2877   } else if (opcode == Bytecodes::_invokespecial
2878              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2879              && !ref_class_type.equals(VerificationType::reference_type(
2880                   current_class()->super()->name()))) {
2881     bool subtype = false;
2882     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2883     subtype = ref_class_type.is_assignable_from(
2884                current_type(), this, false, CHECK_VERIFY(this));
2885     if (!subtype) {
2886       verify_error(ErrorContext::bad_code(bci),
2887           "Bad invokespecial instruction: "
2888           "current class isn't assignable to reference class.");
2889        return;
2890     } else if (have_imr_indirect) {
2891       verify_error(ErrorContext::bad_code(bci),
2892           "Bad invokespecial instruction: "
2893           "interface method reference is in an indirect superinterface.");
2894       return;
2895     }
2896 
2897   }
2898 
2899   // Get the verification types for the method's arguments.
2900   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2901   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2902   // Match method descriptor with operand stack
2903   // The arguments are on the stack in descending order.
2904   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2905     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2906   }
2907 
2908   // Check objectref on operand stack
2909   if (opcode != Bytecodes::_invokestatic &&
2910       opcode != Bytecodes::_invokedynamic) {
2911     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method

2912       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2913         code_length, in_try_block, this_uninit, cp, stackmap_table,
2914         CHECK_VERIFY(this));
2915       if (was_recursively_verified()) return;
2916     } else {   // other methods
2917       // Ensures that target class is assignable to method class.
2918       if (opcode == Bytecodes::_invokespecial) {
2919         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2920       } else if (opcode == Bytecodes::_invokevirtual) {
2921         VerificationType stack_object_type =
2922           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2923         if (current_type() != stack_object_type) {
2924           if (was_recursively_verified()) return;
2925           assert(cp->cache() == NULL, "not rewritten yet");
2926           Symbol* ref_class_name =
2927             cp->klass_name_at(cp->klass_ref_index_at(index));
2928           // See the comments in verify_field_instructions() for
2929           // the rationale behind this.
2930           if (name_in_supers(ref_class_name, current_class())) {
2931             Klass* ref_class = load_class(ref_class_name, CHECK);

2944                 } else {
2945                   verify_error(ErrorContext::bad_type(bci,
2946                       current_frame->stack_top_ctx(),
2947                       TypeOrigin::implicit(current_type())),
2948                       "Bad access to protected data in invokevirtual");
2949                   return;
2950                 }
2951               }
2952             }
2953           }
2954         }
2955       } else {
2956         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
2957         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2958       }
2959     }
2960   }
2961   // Push the result type.
2962   int sig_verif_types_len = sig_verif_types->length();
2963   if (sig_verif_types_len > nargs) {  // There's a return type
2964     if (method_name == vmSymbols::object_initializer_name()) {
2965       // <init> method must have a void return type
2966       /* Unreachable?  Class file parser verifies that methods with '<' have
2967        * void return */
2968       verify_error(ErrorContext::bad_code(bci),
2969           "Return type must be void in <init> method");
2970       return;
2971     }
2972 
2973     assert(sig_verif_types_len <= nargs + 2,
2974            "Signature verification types array return type is bogus");
2975     for (int i = nargs; i < sig_verif_types_len; i++) {
2976       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
2977              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
2978       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2979     }








2980   }
2981 }
2982 
2983 VerificationType ClassVerifier::get_newarray_type(
2984     u2 index, u2 bci, TRAPS) {
2985   const char* from_bt[] = {
2986     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
2987   };
2988   if (index < T_BOOLEAN || index > T_LONG) {
2989     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
2990     return VerificationType::bogus_type();
2991   }
2992 
2993   // from_bt[index] contains the array signature which has a length of 2
2994   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
2995   return VerificationType::reference_type(sig);
2996 }
2997 
2998 void ClassVerifier::verify_anewarray(
2999     u2 bci, u2 index, const constantPoolHandle& cp,

3007     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3008   int length;
3009   char* arr_sig_str;
3010   if (component_type.is_array()) {     // it's an array
3011     const char* component_name = component_type.name()->as_utf8();
3012     // Check for more than MAX_ARRAY_DIMENSIONS
3013     length = (int)strlen(component_name);
3014     if (length > MAX_ARRAY_DIMENSIONS &&
3015         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3016       verify_error(ErrorContext::bad_code(bci),
3017         "Illegal anewarray instruction, array has more than 255 dimensions");
3018     }
3019     // add one dimension to component
3020     length++;
3021     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3022     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3023                          JVM_SIGNATURE_ARRAY, component_name);
3024     assert(n == length, "Unexpected number of characters in string");
3025   } else {         // it's an object or interface
3026     const char* component_name = component_type.name()->as_utf8();
3027     // add one dimension to component with 'L' prepended and ';' postpended.

3028     length = (int)strlen(component_name) + 3;
3029     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3030     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3031                          JVM_SIGNATURE_ARRAY, JVM_SIGNATURE_CLASS, component_name);
3032     assert(n == length, "Unexpected number of characters in string");
3033   }
3034   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3035   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3036   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3037 }
3038 
3039 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3040   current_frame->get_local(
3041     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3042   current_frame->push_stack(
3043     VerificationType::integer_type(), CHECK_VERIFY(this));
3044 }
3045 
3046 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3047   current_frame->get_local_2(
3048     index, VerificationType::long_type(),
3049     VerificationType::long2_type(), CHECK_VERIFY(this));
3050   current_frame->push_stack_2(
3051     VerificationType::long_type(),

3053 }
3054 
3055 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3056   current_frame->get_local(
3057     index, VerificationType::float_type(), CHECK_VERIFY(this));
3058   current_frame->push_stack(
3059     VerificationType::float_type(), CHECK_VERIFY(this));
3060 }
3061 
3062 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3063   current_frame->get_local_2(
3064     index, VerificationType::double_type(),
3065     VerificationType::double2_type(), CHECK_VERIFY(this));
3066   current_frame->push_stack_2(
3067     VerificationType::double_type(),
3068     VerificationType::double2_type(), CHECK_VERIFY(this));
3069 }
3070 
3071 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3072   VerificationType type = current_frame->get_local(
3073     index, VerificationType::reference_check(), CHECK_VERIFY(this));
3074   current_frame->push_stack(type, CHECK_VERIFY(this));
3075 }
3076 
3077 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3078   current_frame->pop_stack(
3079     VerificationType::integer_type(), CHECK_VERIFY(this));
3080   current_frame->set_local(
3081     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3082 }
3083 
3084 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3085   current_frame->pop_stack_2(
3086     VerificationType::long2_type(),
3087     VerificationType::long_type(), CHECK_VERIFY(this));
3088   current_frame->set_local_2(
3089     index, VerificationType::long_type(),
3090     VerificationType::long2_type(), CHECK_VERIFY(this));
3091 }
3092 
3093 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3094   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3095   current_frame->set_local(
3096     index, VerificationType::float_type(), CHECK_VERIFY(this));
3097 }
3098 
3099 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3100   current_frame->pop_stack_2(
3101     VerificationType::double2_type(),
3102     VerificationType::double_type(), CHECK_VERIFY(this));
3103   current_frame->set_local_2(
3104     index, VerificationType::double_type(),
3105     VerificationType::double2_type(), CHECK_VERIFY(this));
3106 }
3107 
3108 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3109   VerificationType type = current_frame->pop_stack(
3110     VerificationType::reference_check(), CHECK_VERIFY(this));
3111   current_frame->set_local(index, type, CHECK_VERIFY(this));
3112 }
3113 
3114 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3115   VerificationType type = current_frame->get_local(
3116     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3117   current_frame->set_local(index, type, CHECK_VERIFY(this));
3118 }
3119 
3120 void ClassVerifier::verify_return_value(
3121     VerificationType return_type, VerificationType type, u2 bci,
3122     StackMapFrame* current_frame, TRAPS) {
3123   if (return_type == VerificationType::bogus_type()) {
3124     verify_error(ErrorContext::bad_type(bci,
3125         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3126         "Method does not expect a return value");
3127     return;
3128   }
3129   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3130   if (!match) {

  46 #include "oops/instanceKlass.inline.hpp"
  47 #include "oops/klass.inline.hpp"
  48 #include "oops/oop.inline.hpp"
  49 #include "oops/typeArrayOop.hpp"
  50 #include "runtime/arguments.hpp"
  51 #include "runtime/fieldDescriptor.hpp"
  52 #include "runtime/handles.inline.hpp"
  53 #include "runtime/interfaceSupport.inline.hpp"
  54 #include "runtime/javaCalls.hpp"
  55 #include "runtime/jniHandles.inline.hpp"
  56 #include "runtime/os.hpp"
  57 #include "runtime/safepointVerifiers.hpp"
  58 #include "runtime/thread.hpp"
  59 #include "services/threadService.hpp"
  60 #include "utilities/align.hpp"
  61 #include "utilities/bytes.hpp"
  62 
  63 #define NOFAILOVER_MAJOR_VERSION                       51
  64 #define NONZERO_PADDING_BYTES_IN_SWITCH_MAJOR_VERSION  51
  65 #define STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION       52
  66 #define INLINE_TYPE_MAJOR_VERSION                       56
  67 #define MAX_ARRAY_DIMENSIONS 255
  68 
  69 // Access to external entry for VerifyClassForMajorVersion - old byte code verifier
  70 
  71 extern "C" {
  72   typedef jboolean (*verify_byte_codes_fn_t)(JNIEnv *, jclass, char *, jint, jint);
  73 }
  74 
  75 static verify_byte_codes_fn_t volatile _verify_byte_codes_fn = NULL;
  76 
  77 static verify_byte_codes_fn_t verify_byte_codes_fn() {
  78 
  79   if (_verify_byte_codes_fn != NULL)
  80     return _verify_byte_codes_fn;
  81 
  82   MutexLocker locker(Verify_lock);
  83 
  84   if (_verify_byte_codes_fn != NULL)
  85     return _verify_byte_codes_fn;
  86 

 259       }
 260       kls = kls->super();
 261     }
 262     if (message_buffer != NULL) {
 263       message_buffer[message_buffer_len - 1] = '\0'; // just to be sure
 264     }
 265     assert(exception_message != NULL, "");
 266     THROW_MSG_(exception_name, exception_message, false);
 267   }
 268 }
 269 
 270 bool Verifier::is_eligible_for_verification(InstanceKlass* klass, bool should_verify_class) {
 271   Symbol* name = klass->name();
 272   Klass* refl_magic_klass = vmClasses::reflect_MagicAccessorImpl_klass();
 273 
 274   bool is_reflect = refl_magic_klass != NULL && klass->is_subtype_of(refl_magic_klass);
 275 
 276   return (should_verify_for(klass->class_loader(), should_verify_class) &&
 277     // return if the class is a bootstrapping class
 278     // or defineClass specified not to verify by default (flags override passed arg)
 279     // We need to skip the following four for bootstrapping
 280     name != vmSymbols::java_lang_Object() &&
 281     name != vmSymbols::java_lang_Class() &&
 282     name != vmSymbols::java_lang_String() &&
 283     name != vmSymbols::java_lang_Throwable() &&
 284 
 285     // Can not verify the bytecodes for shared classes because they have
 286     // already been rewritten to contain constant pool cache indices,
 287     // which the verifier can't understand.
 288     // Shared classes shouldn't have stackmaps either.
 289     // However, bytecodes for shared old classes can be verified because
 290     // they have not been rewritten.
 291     !(klass->is_shared() && klass->is_rewritten()) &&
 292 
 293     // As of the fix for 4486457 we disable verification for all of the
 294     // dynamically-generated bytecodes associated with the 1.4
 295     // reflection implementation, not just those associated with
 296     // jdk/internal/reflect/SerializationConstructorAccessor.
 297     // NOTE: this is called too early in the bootstrapping process to be
 298     // guarded by Universe::is_gte_jdk14x_version().
 299     // Also for lambda generated code, gte jdk8

 482       ss->print("Local index %d is invalid", _type.index());
 483       break;
 484     case LOCALS_SIZE_MISMATCH:
 485       ss->print("Current frame's local size doesn't match stackmap.");
 486       break;
 487     case STACK_SIZE_MISMATCH:
 488       ss->print("Current frame's stack size doesn't match stackmap.");
 489       break;
 490     case STACK_OVERFLOW:
 491       ss->print("Exceeded max stack size.");
 492       break;
 493     case STACK_UNDERFLOW:
 494       ss->print("Attempt to pop empty stack.");
 495       break;
 496     case MISSING_STACKMAP:
 497       ss->print("Expected stackmap frame at this location.");
 498       break;
 499     case BAD_STACKMAP:
 500       ss->print("Invalid stackmap specification.");
 501       break;
 502     case WRONG_INLINE_TYPE:
 503       ss->print("Type ");
 504       _type.details(ss);
 505       ss->print(" and type ");
 506       _expected.details(ss);
 507       ss->print(" must be identical inline types.");
 508       break;
 509     case UNKNOWN:
 510     default:
 511       ShouldNotReachHere();
 512       ss->print_cr("Unknown");
 513   }
 514   ss->cr();
 515 }
 516 
 517 void ErrorContext::location_details(outputStream* ss, const Method* method) const {
 518   if (_bci != -1 && method != NULL) {
 519     streamIndentor si(ss);
 520     const char* bytecode_name = "<invalid>";
 521     if (method->validate_bci(_bci) != -1) {
 522       Bytecodes::Code code = Bytecodes::code_or_bp_at(method->bcp_from(_bci));
 523       if (Bytecodes::is_defined(code)) {
 524           bytecode_name = Bytecodes::name(code);
 525       } else {
 526           bytecode_name = "<illegal>";
 527       }
 528     }

 583     stack_map_frame* sm_frame = sm_table->entries();
 584     streamIndentor si2(ss);
 585     int current_offset = -1;
 586     address end_of_sm_table = (address)sm_table + method->stackmap_data()->length();
 587     for (u2 i = 0; i < sm_table->number_of_entries(); ++i) {
 588       ss->indent();
 589       if (!sm_frame->verify((address)sm_frame, end_of_sm_table)) {
 590         sm_frame->print_truncated(ss, current_offset);
 591         return;
 592       }
 593       sm_frame->print_on(ss, current_offset);
 594       ss->cr();
 595       current_offset += sm_frame->offset_delta();
 596       sm_frame = sm_frame->next();
 597     }
 598   }
 599 }
 600 
 601 // Methods in ClassVerifier
 602 
 603 VerificationType reference_or_inline_type(InstanceKlass* klass) {
 604   if (klass->is_inline_klass()) {
 605     return VerificationType::inline_type(klass->name());
 606   } else {
 607     return VerificationType::reference_type(klass->name());
 608   }
 609 }
 610 
 611 ClassVerifier::ClassVerifier(JavaThread* current, InstanceKlass* klass)
 612     : _thread(current), _previous_symbol(NULL), _symbols(NULL), _exception_type(NULL),
 613       _message(NULL), _method_signatures_table(NULL), _klass(klass) {
 614   _this_type = reference_or_inline_type(klass);
 615 }
 616 
 617 ClassVerifier::~ClassVerifier() {
 618   // Decrement the reference count for any symbols created.
 619   if (_symbols != NULL) {
 620     for (int i = 0; i < _symbols->length(); i++) {
 621       Symbol* s = _symbols->at(i);
 622       s->decrement_refcount();
 623     }
 624   }
 625 }
 626 
 627 VerificationType ClassVerifier::object_type() const {
 628   return VerificationType::reference_type(vmSymbols::java_lang_Object());
 629 }
 630 
 631 TypeOrigin ClassVerifier::ref_ctx(const char* sig) {
 632   VerificationType vt = VerificationType::reference_type(
 633                          create_temporary_symbol(sig, (int)strlen(sig)));
 634   return TypeOrigin::implicit(vt);

1038         case Bytecodes::_daload :
1039           type = current_frame.pop_stack(
1040             VerificationType::integer_type(), CHECK_VERIFY(this));
1041           atype = current_frame.pop_stack(
1042             VerificationType::reference_check(), CHECK_VERIFY(this));
1043           if (!atype.is_double_array()) {
1044             verify_error(ErrorContext::bad_type(bci,
1045                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1046                 bad_type_msg, "daload");
1047             return;
1048           }
1049           current_frame.push_stack_2(
1050             VerificationType::double_type(),
1051             VerificationType::double2_type(), CHECK_VERIFY(this));
1052           no_control_flow = false; break;
1053         case Bytecodes::_aaload : {
1054           type = current_frame.pop_stack(
1055             VerificationType::integer_type(), CHECK_VERIFY(this));
1056           atype = current_frame.pop_stack(
1057             VerificationType::reference_check(), CHECK_VERIFY(this));
1058           if (!atype.is_nonscalar_array()) {
1059             verify_error(ErrorContext::bad_type(bci,
1060                 current_frame.stack_top_ctx(),
1061                 TypeOrigin::implicit(VerificationType::reference_check())),
1062                 bad_type_msg, "aaload");
1063             return;
1064           }
1065           if (atype.is_null()) {
1066             current_frame.push_stack(
1067               VerificationType::null_type(), CHECK_VERIFY(this));
1068           } else {
1069             VerificationType component = atype.get_component(this);
1070             current_frame.push_stack(component, CHECK_VERIFY(this));
1071           }
1072           no_control_flow = false; break;
1073         }
1074         case Bytecodes::_istore :
1075           verify_istore(bcs.get_index(), &current_frame, CHECK_VERIFY(this));
1076           no_control_flow = false; break;
1077         case Bytecodes::_istore_0 :
1078         case Bytecodes::_istore_1 :

1211             VerificationType::double2_type(),
1212             VerificationType::double_type(), CHECK_VERIFY(this));
1213           current_frame.pop_stack(
1214             VerificationType::integer_type(), CHECK_VERIFY(this));
1215           atype = current_frame.pop_stack(
1216             VerificationType::reference_check(), CHECK_VERIFY(this));
1217           if (!atype.is_double_array()) {
1218             verify_error(ErrorContext::bad_type(bci,
1219                 current_frame.stack_top_ctx(), ref_ctx("[D")),
1220                 bad_type_msg, "dastore");
1221             return;
1222           }
1223           no_control_flow = false; break;
1224         case Bytecodes::_aastore :
1225           type = current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1226           type2 = current_frame.pop_stack(
1227             VerificationType::integer_type(), CHECK_VERIFY(this));
1228           atype = current_frame.pop_stack(
1229             VerificationType::reference_check(), CHECK_VERIFY(this));
1230           // more type-checking is done at runtime
1231           if (!atype.is_nonscalar_array()) {
1232             verify_error(ErrorContext::bad_type(bci,
1233                 current_frame.stack_top_ctx(),
1234                 TypeOrigin::implicit(VerificationType::reference_check())),
1235                 bad_type_msg, "aastore");
1236             return;
1237           }
1238           // 4938384: relaxed constraint in JVMS 3nd edition.
1239           no_control_flow = false; break;
1240         case Bytecodes::_pop :
1241           current_frame.pop_stack(
1242             VerificationType::category1_check(), CHECK_VERIFY(this));
1243           no_control_flow = false; break;
1244         case Bytecodes::_pop2 :
1245           type = current_frame.pop_stack(CHECK_VERIFY(this));
1246           if (type.is_category1()) {
1247             current_frame.pop_stack(
1248               VerificationType::category1_check(), CHECK_VERIFY(this));
1249           } else if (type.is_category2_2nd()) {
1250             current_frame.pop_stack(
1251               VerificationType::category2_check(), CHECK_VERIFY(this));

1611         case Bytecodes::_if_icmpgt:
1612         case Bytecodes::_if_icmple:
1613           current_frame.pop_stack(
1614             VerificationType::integer_type(), CHECK_VERIFY(this));
1615           // fall through
1616         case Bytecodes::_ifeq:
1617         case Bytecodes::_ifne:
1618         case Bytecodes::_iflt:
1619         case Bytecodes::_ifge:
1620         case Bytecodes::_ifgt:
1621         case Bytecodes::_ifle:
1622           current_frame.pop_stack(
1623             VerificationType::integer_type(), CHECK_VERIFY(this));
1624           target = bcs.dest();
1625           stackmap_table.check_jump_target(
1626             &current_frame, target, CHECK_VERIFY(this));
1627           no_control_flow = false; break;
1628         case Bytecodes::_if_acmpeq :
1629         case Bytecodes::_if_acmpne :
1630           current_frame.pop_stack(
1631             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1632           // fall through
1633         case Bytecodes::_ifnull :
1634         case Bytecodes::_ifnonnull :
1635           current_frame.pop_stack(
1636             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1637           target = bcs.dest();
1638           stackmap_table.check_jump_target
1639             (&current_frame, target, CHECK_VERIFY(this));
1640           no_control_flow = false; break;
1641         case Bytecodes::_goto :
1642           target = bcs.dest();
1643           stackmap_table.check_jump_target(
1644             &current_frame, target, CHECK_VERIFY(this));
1645           no_control_flow = true; break;
1646         case Bytecodes::_goto_w :
1647           target = bcs.dest_w();
1648           stackmap_table.check_jump_target(
1649             &current_frame, target, CHECK_VERIFY(this));
1650           no_control_flow = true; break;
1651         case Bytecodes::_tableswitch :
1652         case Bytecodes::_lookupswitch :
1653           verify_switch(
1654             &bcs, code_length, code_data, &current_frame,
1655             &stackmap_table, CHECK_VERIFY(this));
1656           no_control_flow = true; break;

1667             VerificationType::long_type(), CHECK_VERIFY(this));
1668           verify_return_value(return_type, type, bci,
1669                               &current_frame, CHECK_VERIFY(this));
1670           no_control_flow = true; break;
1671         case Bytecodes::_freturn :
1672           type = current_frame.pop_stack(
1673             VerificationType::float_type(), CHECK_VERIFY(this));
1674           verify_return_value(return_type, type, bci,
1675                               &current_frame, CHECK_VERIFY(this));
1676           no_control_flow = true; break;
1677         case Bytecodes::_dreturn :
1678           type2 = current_frame.pop_stack(
1679             VerificationType::double2_type(),  CHECK_VERIFY(this));
1680           type = current_frame.pop_stack(
1681             VerificationType::double_type(), CHECK_VERIFY(this));
1682           verify_return_value(return_type, type, bci,
1683                               &current_frame, CHECK_VERIFY(this));
1684           no_control_flow = true; break;
1685         case Bytecodes::_areturn :
1686           type = current_frame.pop_stack(
1687             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1688           verify_return_value(return_type, type, bci,
1689                               &current_frame, CHECK_VERIFY(this));
1690           no_control_flow = true; break;
1691         case Bytecodes::_return :
1692           if (return_type != VerificationType::bogus_type()) {
1693             verify_error(ErrorContext::bad_code(bci),
1694                          "Method expects a return value");
1695             return;
1696           }
1697           // Make sure "this" has been initialized if current method is an
1698           // <init>.
1699           if (_method->is_object_constructor() &&
1700               current_frame.flag_this_uninit()) {
1701             verify_error(ErrorContext::bad_code(bci),
1702                          "Constructor must call super() or this() "
1703                          "before return");
1704             return;
1705           }
1706           no_control_flow = true; break;
1707         case Bytecodes::_getstatic :
1708         case Bytecodes::_putstatic :
1709           // pass TRUE, operand can be an array type for getstatic/putstatic.
1710           verify_field_instructions(
1711             &bcs, &current_frame, cp, true, CHECK_VERIFY(this));
1712           no_control_flow = false; break;
1713         case Bytecodes::_getfield :
1714         case Bytecodes::_putfield :
1715           // pass FALSE, operand can't be an array type for getfield/putfield.
1716           verify_field_instructions(
1717             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1718           no_control_flow = false; break;
1719         case Bytecodes::_withfield :
1720           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1721             class_format_error(
1722               "withfield not supported by this class file version (%d.%d), class %s",
1723               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1724             return;
1725           }
1726           // pass FALSE, operand can't be an array type for withfield.
1727           verify_field_instructions(
1728             &bcs, &current_frame, cp, false, CHECK_VERIFY(this));
1729           no_control_flow = false; break;
1730         case Bytecodes::_invokevirtual :
1731         case Bytecodes::_invokespecial :
1732         case Bytecodes::_invokestatic :




1733         case Bytecodes::_invokeinterface :
1734         case Bytecodes::_invokedynamic :
1735           verify_invoke_instructions(
1736             &bcs, code_length, &current_frame, (bci >= ex_min && bci < ex_max),
1737             &this_uninit, cp, &stackmap_table, CHECK_VERIFY(this));
1738           no_control_flow = false; break;
1739         case Bytecodes::_new :
1740         {
1741           index = bcs.get_index_u2();
1742           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1743           VerificationType new_class_type =
1744             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1745           if (!new_class_type.is_object()) {
1746             verify_error(ErrorContext::bad_type(bci,
1747                 TypeOrigin::cp(index, new_class_type)),
1748                 "Illegal new instruction");
1749             return;
1750           }
1751           type = VerificationType::uninitialized_type(bci);
1752           current_frame.push_stack(type, CHECK_VERIFY(this));
1753           no_control_flow = false; break;
1754         }
1755         case Bytecodes::_defaultvalue :
1756         {
1757           if (_klass->major_version() < INLINE_TYPE_MAJOR_VERSION) {
1758             class_format_error(
1759               "defaultvalue not supported by this class file version (%d.%d), class %s",
1760               _klass->major_version(), _klass->minor_version(), _klass->external_name());
1761             return;
1762           }
1763           index = bcs.get_index_u2();
1764           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1765           VerificationType ref_type = cp_index_to_type(index, cp, CHECK_VERIFY(this));
1766           if (!ref_type.is_object()) {
1767             verify_error(ErrorContext::bad_type(bci,
1768                 TypeOrigin::cp(index, ref_type)),
1769                 "Illegal defaultvalue instruction");
1770             return;
1771           }
1772           VerificationType inline_type =
1773             VerificationType::change_ref_to_inline_type(ref_type);
1774           current_frame.push_stack(inline_type, CHECK_VERIFY(this));
1775           no_control_flow = false; break;
1776         }
1777         case Bytecodes::_newarray :
1778           type = get_newarray_type(bcs.get_index(), bci, CHECK_VERIFY(this));
1779           current_frame.pop_stack(
1780             VerificationType::integer_type(),  CHECK_VERIFY(this));
1781           current_frame.push_stack(type, CHECK_VERIFY(this));
1782           no_control_flow = false; break;
1783         case Bytecodes::_anewarray :
1784           verify_anewarray(
1785             bci, bcs.get_index_u2(), cp, &current_frame, CHECK_VERIFY(this));
1786           no_control_flow = false; break;
1787         case Bytecodes::_arraylength :
1788           type = current_frame.pop_stack(
1789             VerificationType::reference_check(), CHECK_VERIFY(this));
1790           if (!(type.is_null() || type.is_array())) {
1791             verify_error(ErrorContext::bad_type(
1792                 bci, current_frame.stack_top_ctx()),
1793                 bad_type_msg, "arraylength");
1794           }
1795           current_frame.push_stack(
1796             VerificationType::integer_type(), CHECK_VERIFY(this));
1797           no_control_flow = false; break;
1798         case Bytecodes::_checkcast :
1799         {
1800           index = bcs.get_index_u2();
1801           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1802           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1803           VerificationType klass_type = cp_index_to_type(
1804             index, cp, CHECK_VERIFY(this));
1805           current_frame.push_stack(klass_type, CHECK_VERIFY(this));
1806           no_control_flow = false; break;
1807         }
1808         case Bytecodes::_instanceof : {
1809           index = bcs.get_index_u2();
1810           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1811           current_frame.pop_stack(object_type(), CHECK_VERIFY(this));
1812           current_frame.push_stack(
1813             VerificationType::integer_type(), CHECK_VERIFY(this));
1814           no_control_flow = false; break;
1815         }
1816         case Bytecodes::_monitorenter :
1817         case Bytecodes::_monitorexit : {
1818           VerificationType ref = current_frame.pop_stack(
1819             VerificationType::nonscalar_check(), CHECK_VERIFY(this));
1820           no_control_flow = false; break;
1821         }
1822         case Bytecodes::_multianewarray :
1823         {
1824           index = bcs.get_index_u2();
1825           u2 dim = *(bcs.bcp()+3);
1826           verify_cp_class_type(bci, index, cp, CHECK_VERIFY(this));
1827           VerificationType new_array_type =
1828             cp_index_to_type(index, cp, CHECK_VERIFY(this));
1829           if (!new_array_type.is_array()) {
1830             verify_error(ErrorContext::bad_type(bci,
1831                 TypeOrigin::cp(index, new_array_type)),
1832                 "Illegal constant pool index in multianewarray instruction");
1833             return;
1834           }
1835           if (dim < 1 || new_array_type.dimensions() < dim) {
1836             verify_error(ErrorContext::bad_code(bci),
1837                 "Illegal dimension in multianewarray instruction: %d", dim);
1838             return;
1839           }
1840           for (int i = 0; i < dim; i++) {
1841             current_frame.pop_stack(

2066   int nconstants = cp->length();
2067   if ((index <= 0) || (index >= nconstants)) {
2068     verify_error(ErrorContext::bad_cp_index(bci, index),
2069         "Illegal constant pool index %d in class %s",
2070         index, cp->pool_holder()->external_name());
2071     return;
2072   }
2073 }
2074 
2075 void ClassVerifier::verify_cp_type(
2076     u2 bci, int index, const constantPoolHandle& cp, unsigned int types, TRAPS) {
2077 
2078   // In some situations, bytecode rewriting may occur while we're verifying.
2079   // In this case, a constant pool cache exists and some indices refer to that
2080   // instead.  Be sure we don't pick up such indices by accident.
2081   // We must check was_recursively_verified() before we get here.
2082   guarantee(cp->cache() == NULL, "not rewritten yet");
2083 
2084   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2085   unsigned int tag = cp->tag_at(index).value();
2086 
2087   if ((types & (1 << tag)) == 0) {
2088     verify_error(ErrorContext::bad_cp_index(bci, index),
2089       "Illegal type at constant pool entry %d in class %s",
2090       index, cp->pool_holder()->external_name());
2091     return;
2092   }
2093 }
2094 
2095 void ClassVerifier::verify_cp_class_type(
2096     u2 bci, int index, const constantPoolHandle& cp, TRAPS) {
2097   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2098   constantTag tag = cp->tag_at(index);
2099   if (!tag.is_klass() && !tag.is_unresolved_klass()) {
2100     verify_error(ErrorContext::bad_cp_index(bci, index),
2101         "Illegal type at constant pool entry %d in class %s",
2102         index, cp->pool_holder()->external_name());
2103     return;
2104   }
2105 }
2106 

2181   } else {
2182     Klass* member_klass = target_instance->find_field(field_name, field_sig, &fd);
2183     if (member_klass != NULL && fd.is_protected()) {
2184       if (!this_class->is_same_class_package(member_klass)) {
2185         return true;
2186       }
2187     }
2188   }
2189   return false;
2190 }
2191 
2192 void ClassVerifier::verify_ldc(
2193     int opcode, u2 index, StackMapFrame* current_frame,
2194     const constantPoolHandle& cp, u2 bci, TRAPS) {
2195   verify_cp_index(bci, cp, index, CHECK_VERIFY(this));
2196   constantTag tag = cp->tag_at(index);
2197   unsigned int types = 0;
2198   if (opcode == Bytecodes::_ldc || opcode == Bytecodes::_ldc_w) {
2199     if (!tag.is_unresolved_klass()) {
2200       types = (1 << JVM_CONSTANT_Integer) | (1 << JVM_CONSTANT_Float)
2201             | (1 << JVM_CONSTANT_String) | (1 << JVM_CONSTANT_Class)
2202             | (1 << JVM_CONSTANT_MethodHandle) | (1 << JVM_CONSTANT_MethodType)
2203             | (1 << JVM_CONSTANT_Dynamic);
2204       // Note:  The class file parser already verified the legality of
2205       // MethodHandle and MethodType constants.
2206       verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2207     }
2208   } else {
2209     assert(opcode == Bytecodes::_ldc2_w, "must be ldc2_w");
2210     types = (1 << JVM_CONSTANT_Double) | (1 << JVM_CONSTANT_Long)
2211           | (1 << JVM_CONSTANT_Dynamic);
2212     verify_cp_type(bci, index, cp, types, CHECK_VERIFY(this));
2213   }
2214   if (tag.is_string()) {
2215     current_frame->push_stack(
2216       VerificationType::reference_type(
2217         vmSymbols::java_lang_String()), CHECK_VERIFY(this));
2218   } else if (tag.is_klass() || tag.is_unresolved_klass()) {
2219     current_frame->push_stack(
2220       VerificationType::reference_type(
2221         vmSymbols::java_lang_Class()), CHECK_VERIFY(this));

2355                                               StackMapFrame* current_frame,
2356                                               const constantPoolHandle& cp,
2357                                               bool allow_arrays,
2358                                               TRAPS) {
2359   u2 index = bcs->get_index_u2();
2360   verify_cp_type(bcs->bci(), index, cp,
2361       1 << JVM_CONSTANT_Fieldref, CHECK_VERIFY(this));
2362 
2363   // Get field name and signature
2364   Symbol* field_name = cp->name_ref_at(index);
2365   Symbol* field_sig = cp->signature_ref_at(index);
2366 
2367   // Field signature was checked in ClassFileParser.
2368   assert(SignatureVerifier::is_valid_type_signature(field_sig),
2369          "Invalid field signature");
2370 
2371   // Get referenced class type
2372   VerificationType ref_class_type = cp_ref_index_to_type(
2373     index, cp, CHECK_VERIFY(this));
2374   if (!ref_class_type.is_object() &&
2375       (!allow_arrays || !ref_class_type.is_array())) {
2376     verify_error(ErrorContext::bad_type(bcs->bci(),
2377         TypeOrigin::cp(index, ref_class_type)),
2378         "Expecting reference to class in class %s at constant pool index %d",
2379         _klass->external_name(), index);
2380     return;
2381   }
2382 
2383   VerificationType target_class_type = ref_class_type;
2384 
2385   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2386         "buffer type must match VerificationType size");
2387   uintptr_t field_type_buffer[2];
2388   VerificationType* field_type = (VerificationType*)field_type_buffer;
2389   // If we make a VerificationType[2] array directly, the compiler calls
2390   // to the c-runtime library to do the allocation instead of just
2391   // stack allocating it.  Plus it would run constructors.  This shows up
2392   // in performance profiles.
2393 
2394   SignatureStream sig_stream(field_sig, false);
2395   VerificationType stack_object_type;
2396   int n = change_sig_to_verificationType(&sig_stream, field_type);
2397   u2 bci = bcs->bci();
2398   bool is_assignable;
2399   switch (bcs->raw_code()) {
2400     case Bytecodes::_getstatic: {
2401       for (int i = 0; i < n; i++) {
2402         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2403       }
2404       break;
2405     }
2406     case Bytecodes::_putstatic: {
2407       for (int i = n - 1; i >= 0; i--) {
2408         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2409       }
2410       break;
2411     }
2412     case Bytecodes::_withfield: {
2413       for (int i = n - 1; i >= 0; i--) {
2414         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2415       }
2416       // Check that the receiver is a subtype of the referenced class.
2417       current_frame->pop_stack(target_class_type, CHECK_VERIFY(this));
2418       VerificationType target_inline_type =
2419         VerificationType::change_ref_to_inline_type(target_class_type);
2420       current_frame->push_stack(target_inline_type, CHECK_VERIFY(this));
2421       break;
2422     }
2423     case Bytecodes::_getfield: {
2424       stack_object_type = current_frame->pop_stack(
2425         target_class_type, CHECK_VERIFY(this));
2426       for (int i = 0; i < n; i++) {
2427         current_frame->push_stack(field_type[i], CHECK_VERIFY(this));
2428       }
2429       goto check_protected;
2430     }
2431     case Bytecodes::_putfield: {
2432       for (int i = n - 1; i >= 0; i--) {
2433         current_frame->pop_stack(field_type[i], CHECK_VERIFY(this));
2434       }
2435       stack_object_type = current_frame->pop_stack(CHECK_VERIFY(this));
2436 
2437       // The JVMS 2nd edition allows field initialization before the superclass
2438       // initializer, if the field is defined within the current class.
2439       fieldDescriptor fd;
2440       if (stack_object_type == VerificationType::uninitialized_this_type() &&
2441           target_class_type.equals(current_type()) &&
2442           _klass->find_local_field(field_name, field_sig, &fd)) {

2811 bool ClassVerifier::is_same_or_direct_interface(
2812     InstanceKlass* klass,
2813     VerificationType klass_type,
2814     VerificationType ref_class_type) {
2815   if (ref_class_type.equals(klass_type)) return true;
2816   Array<InstanceKlass*>* local_interfaces = klass->local_interfaces();
2817   if (local_interfaces != NULL) {
2818     for (int x = 0; x < local_interfaces->length(); x++) {
2819       InstanceKlass* k = local_interfaces->at(x);
2820       assert (k != NULL && k->is_interface(), "invalid interface");
2821       if (ref_class_type.equals(VerificationType::reference_type(k->name()))) {
2822         return true;
2823       }
2824     }
2825   }
2826   return false;
2827 }
2828 
2829 void ClassVerifier::verify_invoke_instructions(
2830     RawBytecodeStream* bcs, u4 code_length, StackMapFrame* current_frame,
2831     bool in_try_block, bool *this_uninit,
2832     const constantPoolHandle& cp, StackMapTable* stackmap_table, TRAPS) {
2833   // Make sure the constant pool item is the right type
2834   u2 index = bcs->get_index_u2();
2835   Bytecodes::Code opcode = bcs->raw_code();
2836   unsigned int types = 0;
2837   switch (opcode) {
2838     case Bytecodes::_invokeinterface:
2839       types = 1 << JVM_CONSTANT_InterfaceMethodref;
2840       break;
2841     case Bytecodes::_invokedynamic:
2842       types = 1 << JVM_CONSTANT_InvokeDynamic;
2843       break;
2844     case Bytecodes::_invokespecial:
2845     case Bytecodes::_invokestatic:
2846       types = (_klass->major_version() < STATIC_METHOD_IN_INTERFACE_MAJOR_VERSION) ?
2847         (1 << JVM_CONSTANT_Methodref) :
2848         ((1 << JVM_CONSTANT_InterfaceMethodref) | (1 << JVM_CONSTANT_Methodref));
2849       break;
2850     default:
2851       types = 1 << JVM_CONSTANT_Methodref;
2852   }
2853   verify_cp_type(bcs->bci(), index, cp, types, CHECK_VERIFY(this));
2854 
2855   // Get method name and signature
2856   Symbol* method_name = cp->name_ref_at(index);
2857   Symbol* method_sig = cp->signature_ref_at(index);
2858 
2859   // Method signature was checked in ClassFileParser.
2860   assert(SignatureVerifier::is_valid_method_signature(method_sig),
2861          "Invalid method signature");
2862 
2863   // Get referenced class
2864   VerificationType ref_class_type;
2865   if (opcode == Bytecodes::_invokedynamic) {
2866     if (_klass->major_version() < Verifier::INVOKEDYNAMIC_MAJOR_VERSION) {
2867       class_format_error(
2868         "invokedynamic instructions not supported by this class file version (%d), class %s",
2869         _klass->major_version(), _klass->external_name());
2870       return;
2871     }
2872   } else {
2873     ref_class_type = cp_ref_index_to_type(index, cp, CHECK_VERIFY(this));
2874   }
2875 
2876   assert(sizeof(VerificationType) == sizeof(uintptr_t),
2877         "buffer type must match VerificationType size");
2878 
2879   // Get the UTF8 index for this signature.
2880   int sig_index = cp->signature_ref_index_at(cp->name_and_type_ref_index_at(index));
2881 
2882   // Get the signature's verification types.
2883   sig_as_verification_types* mth_sig_verif_types;

2909           "Inconsistent args count operand in invokeinterface");
2910       return;
2911     }
2912     if (*(bcp+4) != 0) {
2913       verify_error(ErrorContext::bad_code(bci),
2914           "Fourth operand byte of invokeinterface must be zero");
2915       return;
2916     }
2917   }
2918 
2919   if (opcode == Bytecodes::_invokedynamic) {
2920     address bcp = bcs->bcp();
2921     if (*(bcp+3) != 0 || *(bcp+4) != 0) {
2922       verify_error(ErrorContext::bad_code(bci),
2923           "Third and fourth operand bytes of invokedynamic must be zero");
2924       return;
2925     }
2926   }
2927 
2928   if (method_name->char_at(0) == JVM_SIGNATURE_SPECIAL) {
2929     // Make sure <init> can only be invoked by invokespecial or invokestatic.
2930     // The allowed invocation mode of <init> depends on its signature.
2931     if ((opcode != Bytecodes::_invokespecial &&
2932          opcode != Bytecodes::_invokestatic) ||
2933         method_name != vmSymbols::object_initializer_name()) {
2934       verify_error(ErrorContext::bad_code(bci),
2935           "Illegal call to internal method");
2936       return;
2937     }
2938   } else if (opcode == Bytecodes::_invokespecial
2939              && !is_same_or_direct_interface(current_class(), current_type(), ref_class_type)
2940              && !ref_class_type.equals(VerificationType::reference_type(
2941                   current_class()->super()->name()))) { // super() can never be an inline_type.
2942     bool subtype = false;
2943     bool have_imr_indirect = cp->tag_at(index).value() == JVM_CONSTANT_InterfaceMethodref;
2944     subtype = ref_class_type.is_assignable_from(
2945                current_type(), this, false, CHECK_VERIFY(this));
2946     if (!subtype) {
2947       verify_error(ErrorContext::bad_code(bci),
2948           "Bad invokespecial instruction: "
2949           "current class isn't assignable to reference class.");
2950        return;
2951     } else if (have_imr_indirect) {
2952       verify_error(ErrorContext::bad_code(bci),
2953           "Bad invokespecial instruction: "
2954           "interface method reference is in an indirect superinterface.");
2955       return;
2956     }
2957 
2958   }
2959 
2960   // Get the verification types for the method's arguments.
2961   GrowableArray<VerificationType>* sig_verif_types = mth_sig_verif_types->sig_verif_types();
2962   assert(sig_verif_types != NULL, "Missing signature's array of verification types");
2963   // Match method descriptor with operand stack
2964   // The arguments are on the stack in descending order.
2965   for (int i = nargs - 1; i >= 0; i--) { // Run backwards
2966     current_frame->pop_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
2967   }
2968 
2969   // Check objectref on operand stack
2970   if (opcode != Bytecodes::_invokestatic &&
2971       opcode != Bytecodes::_invokedynamic) {
2972     if (method_name == vmSymbols::object_initializer_name()) {  // <init> method
2973       // (use of <init> as a static factory is handled under invokestatic)
2974       verify_invoke_init(bcs, index, ref_class_type, current_frame,
2975         code_length, in_try_block, this_uninit, cp, stackmap_table,
2976         CHECK_VERIFY(this));
2977       if (was_recursively_verified()) return;
2978     } else {   // other methods
2979       // Ensures that target class is assignable to method class.
2980       if (opcode == Bytecodes::_invokespecial) {
2981         current_frame->pop_stack(current_type(), CHECK_VERIFY(this));
2982       } else if (opcode == Bytecodes::_invokevirtual) {
2983         VerificationType stack_object_type =
2984           current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
2985         if (current_type() != stack_object_type) {
2986           if (was_recursively_verified()) return;
2987           assert(cp->cache() == NULL, "not rewritten yet");
2988           Symbol* ref_class_name =
2989             cp->klass_name_at(cp->klass_ref_index_at(index));
2990           // See the comments in verify_field_instructions() for
2991           // the rationale behind this.
2992           if (name_in_supers(ref_class_name, current_class())) {
2993             Klass* ref_class = load_class(ref_class_name, CHECK);

3006                 } else {
3007                   verify_error(ErrorContext::bad_type(bci,
3008                       current_frame->stack_top_ctx(),
3009                       TypeOrigin::implicit(current_type())),
3010                       "Bad access to protected data in invokevirtual");
3011                   return;
3012                 }
3013               }
3014             }
3015           }
3016         }
3017       } else {
3018         assert(opcode == Bytecodes::_invokeinterface, "Unexpected opcode encountered");
3019         current_frame->pop_stack(ref_class_type, CHECK_VERIFY(this));
3020       }
3021     }
3022   }
3023   // Push the result type.
3024   int sig_verif_types_len = sig_verif_types->length();
3025   if (sig_verif_types_len > nargs) {  // There's a return type
3026     if (method_name == vmSymbols::object_initializer_name() &&
3027         opcode != Bytecodes::_invokestatic) {
3028       // an <init> method must have a void return type, unless it's a static factory

3029       verify_error(ErrorContext::bad_code(bci),
3030           "Return type must be void in <init> method");
3031       return;
3032     }
3033 
3034     assert(sig_verif_types_len <= nargs + 2,
3035            "Signature verification types array return type is bogus");
3036     for (int i = nargs; i < sig_verif_types_len; i++) {
3037       assert(i == nargs || sig_verif_types->at(i).is_long2() ||
3038              sig_verif_types->at(i).is_double2(), "Unexpected return verificationType");
3039       current_frame->push_stack(sig_verif_types->at(i), CHECK_VERIFY(this));
3040     }
3041   } else {
3042     // an <init> method may not have a void return type, if it's a static factory
3043     if (method_name == vmSymbols::object_initializer_name() &&
3044         opcode != Bytecodes::_invokespecial) {
3045       verify_error(ErrorContext::bad_code(bci),
3046           "Return type must be non-void in <init> static factory method");
3047       return;
3048     }
3049   }
3050 }
3051 
3052 VerificationType ClassVerifier::get_newarray_type(
3053     u2 index, u2 bci, TRAPS) {
3054   const char* from_bt[] = {
3055     NULL, NULL, NULL, NULL, "[Z", "[C", "[F", "[D", "[B", "[S", "[I", "[J",
3056   };
3057   if (index < T_BOOLEAN || index > T_LONG) {
3058     verify_error(ErrorContext::bad_code(bci), "Illegal newarray instruction");
3059     return VerificationType::bogus_type();
3060   }
3061 
3062   // from_bt[index] contains the array signature which has a length of 2
3063   Symbol* sig = create_temporary_symbol(from_bt[index], 2);
3064   return VerificationType::reference_type(sig);
3065 }
3066 
3067 void ClassVerifier::verify_anewarray(
3068     u2 bci, u2 index, const constantPoolHandle& cp,

3076     cp_index_to_type(index, cp, CHECK_VERIFY(this));
3077   int length;
3078   char* arr_sig_str;
3079   if (component_type.is_array()) {     // it's an array
3080     const char* component_name = component_type.name()->as_utf8();
3081     // Check for more than MAX_ARRAY_DIMENSIONS
3082     length = (int)strlen(component_name);
3083     if (length > MAX_ARRAY_DIMENSIONS &&
3084         component_name[MAX_ARRAY_DIMENSIONS - 1] == JVM_SIGNATURE_ARRAY) {
3085       verify_error(ErrorContext::bad_code(bci),
3086         "Illegal anewarray instruction, array has more than 255 dimensions");
3087     }
3088     // add one dimension to component
3089     length++;
3090     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3091     int n = os::snprintf(arr_sig_str, length + 1, "%c%s",
3092                          JVM_SIGNATURE_ARRAY, component_name);
3093     assert(n == length, "Unexpected number of characters in string");
3094   } else {         // it's an object or interface
3095     const char* component_name = component_type.name()->as_utf8();
3096     char Q_or_L = component_type.is_inline_type() ? JVM_SIGNATURE_INLINE_TYPE : JVM_SIGNATURE_CLASS;
3097     // add one dimension to component with 'L' or 'Q' prepended and ';' appended.
3098     length = (int)strlen(component_name) + 3;
3099     arr_sig_str = NEW_RESOURCE_ARRAY_IN_THREAD(THREAD, char, length + 1);
3100     int n = os::snprintf(arr_sig_str, length + 1, "%c%c%s;",
3101                          JVM_SIGNATURE_ARRAY, Q_or_L, component_name);
3102     assert(n == length, "Unexpected number of characters in string");
3103   }
3104   Symbol* arr_sig = create_temporary_symbol(arr_sig_str, length);
3105   VerificationType new_array_type = VerificationType::reference_type(arr_sig);
3106   current_frame->push_stack(new_array_type, CHECK_VERIFY(this));
3107 }
3108 
3109 void ClassVerifier::verify_iload(u2 index, StackMapFrame* current_frame, TRAPS) {
3110   current_frame->get_local(
3111     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3112   current_frame->push_stack(
3113     VerificationType::integer_type(), CHECK_VERIFY(this));
3114 }
3115 
3116 void ClassVerifier::verify_lload(u2 index, StackMapFrame* current_frame, TRAPS) {
3117   current_frame->get_local_2(
3118     index, VerificationType::long_type(),
3119     VerificationType::long2_type(), CHECK_VERIFY(this));
3120   current_frame->push_stack_2(
3121     VerificationType::long_type(),

3123 }
3124 
3125 void ClassVerifier::verify_fload(u2 index, StackMapFrame* current_frame, TRAPS) {
3126   current_frame->get_local(
3127     index, VerificationType::float_type(), CHECK_VERIFY(this));
3128   current_frame->push_stack(
3129     VerificationType::float_type(), CHECK_VERIFY(this));
3130 }
3131 
3132 void ClassVerifier::verify_dload(u2 index, StackMapFrame* current_frame, TRAPS) {
3133   current_frame->get_local_2(
3134     index, VerificationType::double_type(),
3135     VerificationType::double2_type(), CHECK_VERIFY(this));
3136   current_frame->push_stack_2(
3137     VerificationType::double_type(),
3138     VerificationType::double2_type(), CHECK_VERIFY(this));
3139 }
3140 
3141 void ClassVerifier::verify_aload(u2 index, StackMapFrame* current_frame, TRAPS) {
3142   VerificationType type = current_frame->get_local(
3143     index, VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3144   current_frame->push_stack(type, CHECK_VERIFY(this));
3145 }
3146 
3147 void ClassVerifier::verify_istore(u2 index, StackMapFrame* current_frame, TRAPS) {
3148   current_frame->pop_stack(
3149     VerificationType::integer_type(), CHECK_VERIFY(this));
3150   current_frame->set_local(
3151     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3152 }
3153 
3154 void ClassVerifier::verify_lstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3155   current_frame->pop_stack_2(
3156     VerificationType::long2_type(),
3157     VerificationType::long_type(), CHECK_VERIFY(this));
3158   current_frame->set_local_2(
3159     index, VerificationType::long_type(),
3160     VerificationType::long2_type(), CHECK_VERIFY(this));
3161 }
3162 
3163 void ClassVerifier::verify_fstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3164   current_frame->pop_stack(VerificationType::float_type(), CHECK_VERIFY(this));
3165   current_frame->set_local(
3166     index, VerificationType::float_type(), CHECK_VERIFY(this));
3167 }
3168 
3169 void ClassVerifier::verify_dstore(u2 index, StackMapFrame* current_frame, TRAPS) {
3170   current_frame->pop_stack_2(
3171     VerificationType::double2_type(),
3172     VerificationType::double_type(), CHECK_VERIFY(this));
3173   current_frame->set_local_2(
3174     index, VerificationType::double_type(),
3175     VerificationType::double2_type(), CHECK_VERIFY(this));
3176 }
3177 
3178 void ClassVerifier::verify_astore(u2 index, StackMapFrame* current_frame, TRAPS) {
3179   VerificationType type = current_frame->pop_stack(
3180     VerificationType::nonscalar_check(), CHECK_VERIFY(this));
3181   current_frame->set_local(index, type, CHECK_VERIFY(this));
3182 }
3183 
3184 void ClassVerifier::verify_iinc(u2 index, StackMapFrame* current_frame, TRAPS) {
3185   VerificationType type = current_frame->get_local(
3186     index, VerificationType::integer_type(), CHECK_VERIFY(this));
3187   current_frame->set_local(index, type, CHECK_VERIFY(this));
3188 }
3189 
3190 void ClassVerifier::verify_return_value(
3191     VerificationType return_type, VerificationType type, u2 bci,
3192     StackMapFrame* current_frame, TRAPS) {
3193   if (return_type == VerificationType::bogus_type()) {
3194     verify_error(ErrorContext::bad_type(bci,
3195         current_frame->stack_top_ctx(), TypeOrigin::signature(return_type)),
3196         "Method does not expect a return value");
3197     return;
3198   }
3199   bool match = return_type.is_assignable_from(type, this, false, CHECK_VERIFY(this));
3200   if (!match) {
< prev index next >